CN107734028A - A kind of things-internet gateway system and its implementation of data safety storage - Google Patents

Abstract

The invention discloses the things-internet gateway system and its implementation of a kind of data safety storage, including gateway device, the gateway device includes communication protocol bound cell, main control unit, and the gateway server being connected with main control unit；Wherein described communication protocol bound cell and internet of things equipment physical connection, for externally providing the protocol processes plug-in unit of various internet of things equipment, third party system communication interface；The gateway server includes data acquisition service module, data calculate service module, data storage service module, data encryption services module and data upload service module.The equipment that the present invention solves gateway system accesses technical problem that is quick, supporting multi-client use and raising security of system, data storage is based on cloud computing mode, so as to be applied to sensing layer and Internet isomery, heterogeneous situation, improve the versatility of data-storage system so that data storage is more convenient.

Description

A kind of things-internet gateway system and its implementation of data safety storage

Technical field

The present invention relates to internet of things field, the things-internet gateway system of specifically a kind of data safety storage and in fact Existing method.

Background technology

Things-internet gateway main function is that solve sensing layer and the communication issue of Internet.A variety of access sides are integrated first Formula, the key equipment of objective network is uniformly accessed into, realizes local and wide area interconnection.Next play sensing network and communication network it Between data transfer pivotal role, realize the agreement between sensing network and communication network and between different type sensing network Conversion.Possesses equipment Management Function again, user is configured and managed to gateway device by the network platform.End user can To obtain the real time status information of each node of sensing layer, and realize remote control.

With the development of sensor technology, network technology, mobile interchange technology and cloud computing technology, Internet of Things is in intelligence Building, wisdom cell, building energy conservation, public safety, smart city Deng Ge fields are obtained for and are widely applied.In the market Things-internet gateway equipment have the disadvantage that：(1) protocol extension is poor：Be mainly manifested in equipment and application field correlation, Specificity is too strong, and support deficiency is quickly accessed to industry main flow communications protocol and new agreement；(2) availability of data is poor：To access The initial data of internet of things equipment or subsystem lacks further calculating analysis and storage processing, it is impossible to obtains what is be actually needed Data after arrangement.(3) it is poor for applicability：Data acquisition single goal of the equipment mostly only as host computer uses, it is impossible to is adapted to Small-sized Intranet application, the multipurpose combination purpose of large-scale distributed application use；(4) security of system is poor：Generally data are led to News lack the empowerment management of encryption and remote control, leaking data and illegal control hidden danger be present, reduce whole system Security.For a set of Internet of Things storage system, because equipment used in sensing layer is from different production firms, Different manufacturers often uses different data communication protocols, and can not be connected each other between different data communication protocols, Bottom isomerism and heterogeneity with distinctness.If user needs to gather all data on the whole, more sets are needed not Same Internet of Things collection and storage system, add cost, simultaneously as the opening of Internet of Things, the collection of data, storage peace Full blast is nearly bigger.Therefore, the data based on Internet of Things communication protocol are extracted automatically and the method for secure storing based on high in the clouds, will Data acquisition efficiency and security can significantly be increased.

The content of the invention

It is an object of the invention to provide the things-internet gateway system and its implementation of a kind of data safety storage, with solution The problem of being proposed in certainly above-mentioned background technology.

A kind of things-internet gateway system of data safety storage, including gateway device, the gateway device include communication protocol Bound cell, main control unit, and the gateway server being connected with main control unit；Wherein described communication protocol bound cell and thing Networked devices physical connection, for externally providing the protocol processes plug-in unit of various internet of things equipment, third party system communication interface； The gateway server includes data acquisition service module, data calculate service module, data storage service module, data encryption Service module and data upload service module；The main control unit control data collection service module is set according to the Internet of Things of connection Standby configuration file, communication interaction and data parsing collection are carried out by communication protocol；The main control unit control data calculates clothes The data that business module, data storage service module obtain to data acquisition service module are calculated and storage processing；The control Place is encrypted to the data after being computed and storing in unit control data cryptographic service module and data upload service module processed Externally it is transmitted after reason.

Further, a kind of things-internet gateway system of described data safety storage also includes a service bus, Yi Jitong Cross the management tool unit that described service bus is connected with the gateway server；The service bus is using a variety of cross-platform Service interface, for externally provide things-internet gateway system function services；Described management work tool unit includes configuration Management tool module, web administration tool model and development management tool model；Wherein described configuration management tool module, is used for User carries out parameter configuration by Local or Remote mode to things-internet gateway system, the management that project is downloaded；The web administration Tool model, overall operation is carried out to things-internet gateway system by HTTPS agreements for user and monitored；The development management Tool model, the template type exploitation, assembling management and agreement of communication protocol plug-in unit are carried out to things-internet gateway system for user Library management.

Further, the communication protocol bound cell includes providing RS232/RS485 strings with internet of things equipment physical connection All kinds of internet of things equipment of line interface are attached, and all kinds of internet of things equipment with providing RJ45 Ethernet interfaces are connected Connect.

Further, described gateway server also includes a project configuration service module, for providing things-internet gateway system The parameters configuration of system；Including：Protocol library configuration, data acquisition configuration, data calculate configuration, data storage configuration, data Encryption configuration, data upload configuration and database configuration.

Further, described gateway server also includes a monitoring of tools module, is set for providing things-internet gateway system Standby service data parameter monitoring and control, including CPU, internal memory, network and hard disk use parameter.

Further, the main control unit includes Master control chip, the embedded system being embedded in Master control chip, and Run on safe wireless short range communication module, application communication module and the secure accessing client modules of embedded system；Its Middle Master control chip, for data safe processing and storage；Embedded system, for realizing system administration to things-internet gateway； Safe wireless short range communication module, for realizing the information exchange of gateway and wireless short-range communication terminal；And application communication mould Block, for realizing the information exchange of things-internet gateway and bus type terminal；Secure accessing client modules, for realizing Internet of Things The Ethernet trusted communications function of gateway and access application network.Application network coupling part includes ethernet module, WiFi Module and mobile Internet communication module.

Further, the encryption method that the data encryption services module uses is sets the shifting function in KLEIN algorithms It is calculated as movable random position r, 16≤r≤63.

Further, in the encryption method, first encryption and decryption random number produces in key agreement phase, later encryption and decryption Random number be that the 8th byte of ciphertext caused by last time encryption is mapped as number between one 16 to 63.

Another aspect, present invention also offers a kind of implementation method of the things-internet gateway system of data safety storage, adopt With described things-internet gateway system, comprise the following steps：Step S1, things-internet gateway equipment are connected to by Ethernet interface The network switch；Step S2, communication protocol bound cell and internet of things equipment physical connection；Step S3, gather service module root According to the configuration file of the internet of things equipment of connection, communication interaction and data parsing collection are carried out by communication protocol；Step S4, data Calculate service module, the data that data storage service module obtains to data acquisition service module are calculated and storage processing； After the data after being computed and storing are encrypted for step S5, data encryption services module and data upload service module Externally it is transmitted.

Wherein, data storage is based on cloud computing, and its storage method is：

A1：Data source uploads data, system activation parsing module to system；

A2：Parsing module parses to data slot, if successfully resolved, is transferred to step A3；If parsing failure, is transferred to Step B1；

B1：Data slot is uploaded to Cloud Server by cloud identification module；

B2：Cloud Server to data used by communication protocol parse, corresponding analytical algorithm is downloaded and is added to this Ground parsing module, it is transferred to step A2；

A3：The randomizer of encrypting module automatically generates one group of random number p, and encrypts and be sent to Cloud Server；

A4：Cloud Server generates key kp according to the algorithm seed sp set in p and server, and kp encryptions are sent to and added Close module；

A5：Data are encrypted using key kp for encrypting module；

A6：Encrypting module generates RSA public keys, and uses the data after being encrypted in RSA public key encryption keys kp and step A5；

A7：Data after encryption are classified and are stored in cloud database by memory module；

A8：System manager carries out necessary operation by data management module to data.

A kind of things-internet gateway system of data safety storage and the beneficial effect of its implementation of the present invention is to pass through The communication protocol bound cell of setting, industry main flow built in realization communicate Protocol Plug, there is provided development management instrument and plug-in unit mould Block, which melts, gives out a contract for a project, and realizes to support quickly accessing for new equipment.Further through the service bus of the opening of setting, service bus uses A variety of cross-platform service interfaces, multi-client is supported to use.Again by the data encryption module of setting, data message is carried out Encryption, gateway system is improved in local and the safety and reliability of wide area Interconnection Environment, is entered based on cloud computing mode Row data storage, suitable for sensing layer and Internet isomery, heterogeneous situation, the versatility of data-storage system is improved, is made It is more convenient to obtain data storage.

Brief description of the drawings

Fig. 1 is the structural representation of the things-internet gateway system of the data safety storage of the present invention；

Fig. 2 is the wheel improved encryption schematic diagram in the AES of the data encryption services module of the present invention；

Fig. 3 is that the round key extension in the AES of the data encryption services module of the present invention improves schematic diagram.

Embodiment

Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete Site preparation describes, it is clear that described embodiment is only part of the embodiment of the present invention, rather than whole embodiments.It is based on Embodiment in the present invention, those of ordinary skill in the art are obtained every other under the premise of creative work is not made Embodiment, belong to the scope of protection of the invention.

Embodiment 1

As shown in figure 1, the invention provides a kind of things-internet gateway system of data safety storage, including gateway device, the net Closing equipment includes communication protocol bound cell, main control unit, and the gateway server being connected with main control unit；It is wherein described logical Protocol Plug unit and internet of things equipment physical connection are believed, for externally providing various internet of things equipment, third party system communication The protocol processes plug-in unit of interface；The gateway server includes data acquisition service module, data calculate service module, data are deposited Store up service module, data encryption services module and data upload service module；The main control unit control data collection service mould Root tuber carries out communication interaction and data parsing collection according to the configuration file of the internet of things equipment of connection by communication protocol；The master Control unit control data calculates service module, the data that data storage service module obtains to data acquisition service module are counted Calculate and storage is handled；Described control unit control data cryptographic service module and data upload service module are to being computed and storing Data afterwards are externally transmitted after being encrypted.

Described gateway server selection C++ modes design a kind of cross-platform plug-in architectures of C/C++, with dynamic base (example Such as win32DLL) form deployment.New communication protocol plug-in unit is, it is necessary to side according to gateway communication plug-in unit standard interface definition Formula, complete feature API customized development, including initialization (Init), opening (Open), closing (Close), setting moving type State (Set Active), detection active state (Is Alive), reading data (Read), reception issue data (Write), received Active reporting data (On Receive) etc..Wherein in plug-in initialization (Init) method, it is necessary to load it is corresponding " passage- Equipment-point " acquisition parameter configures.One passage represents a communication link, and for serial ports, a serial ports is exactly a passage, For TCP/UDP, a port is exactly a passage.Gateway server can have plurality of passages simultaneously.Passage sets such as following table It is shown：

The data volume set connected under one passage is an equipment.There can be multiple equipment under one passage, each Equipment has oneself independent data volume set.Shown in device configuration following table：

Equipment is data volume set, and each data item in set is exactly a point.Point is the data finally needed.Point configuration Shown in following table：

After the completion of configuration, first download configuration is into gateway data storehouse, then restarts the gateway server program of gateway system, first The loading first configured, after the completion of loading, gateway enters normal running status.

The data acquisition service module is carried out using configuration data to each internet of things equipment of access by communications protocol Card i/f calls, plug-in unit dispatch deal.Data acquisition configuration basic step be exactly：Newly-built passage->Newly-built equipment->It is newly-built Point, and said process is repeated according to the quantity of passage, equipment, point.Whether data acquisition configuration is supported currently to connect with implementation project The communications protocol of the internet of things equipment entered is relevant.Communications protocol such as internet of things equipment is not supported, then needs to develop new plug-in unit Agreement.

It is serial that the things-internet gateway equipment is provided with USB interface, USB interface, RJ45 Ethernet interfaces and RS232/RS485 Interface.Wherein USB interface and USB interface are used for user by local under things-internet gateway system progress parameter configuration, project The management of load；RJ45 Ethernet interfaces are used for communication protocol bound cell and set with providing all kinds of Internet of Things of RJ45 Ethernet interfaces It is standby to be attached；The RS485 serial line interfaces are used for communication protocol bound cell with providing all kinds of Internet of Things of RS485 serial line interfaces Net equipment is attached, and RS485 serial line interfaces are additionally operable to be connected with external test arrangements, with periodically to things-internet gateway system System is tested.For example, when things-internet gateway system need tested when, by gateway system by RS485 serial ports with Engineer station is connected, and special-purpose software is run on engineer station and is communicated with gateway.Tester can be selected by software The specified signal data in gateway system normal course of operation is monitored, mandatory modification signal instruction can also be sent to gateway system To change the signal data specified, check whether operation result meets whereby, so as to realize the function of test.

Specifically, described communication protocol bound cell is melted using card module and given out a contract for a project, including including OPC, BACNet, The communications protocol such as Modbus, SNMP, ODBC.Card module melts the module for industry main flow communication Protocol Plug built in realization of giving out a contract for a project Hair is melted, is easy to support quickly accessing for new equipment, supports the interface shapes such as serial ports, TCP/IP, WebAPI, ODBC quickly to open Hair, the protocol extension of gateway system is improved, enrich the range of choice of equipment, the association for solving traditional internet gateway View autgmentability is poor, and equipment is too strong with application field correlation, specificity, and industry main flow communications protocol and new agreement are quickly accessed Support the problem of insufficient.OPC:It is the automatic field software interface standard of open tissue OPC foundations issue.OPC technology carries The standard interface to communicate has been supplied between multiple systems, has realized in isomerous environment and controls the unification of network data to integrate.OPC access sides Formula has three kinds：Synchronization of access, asynchronous access and subscription access.BACnet:It is the communication protocol for intelligent building, is international mark Standardization tissue (ISO), ANSI (ANSI) and U.S. heating, Refrigeration ＆ Air-Conditioning SE (ASHRAE) are fixed The communication protocol of justice.BACnet can be used in HVAC system for the designed communication of the application of intelligent building and control system System (HVAC, including heating, ventilation, air adjustment) can also be used in Lighting control, gate control system, fire detection system and its phase The equipment of pass.Advantage is to reduce cost needed for maintenance system, there is provided has the conventional standard agreement of five kinds of industries, increase system expands Filling property and compatibility.Modbus:It is the open interface of open Tissue distribution formula automation interface tissue, is that first, the whole world is real Bus protocol for industry spot.Standard Modbus is transmitted using RS232/RS485 serial line interfaces, can also be used TCP/UDP is transmitted.ODBC:It is the general designation of database access interface, has multitype database to provide access interface in the market and deposit In difference, ODBC standard conventions access various databases with general-purpose interface and obtain data.

Specifically, described data, which calculate the data that service module obtains to data acquisition service module, carries out secondary meter Calculate, including conventional, cumulative, time type.Data storage service module, including real-time and data storage is carried out to system data, System data includes configuration data, real time data, historical data, statistical data analysis, daily record data, and storage mode includes internal memory Real-time storage and medium permanently store two classes.Service module is calculated by data, the initial data for accessing internet of things equipment is pressed It need to carry out arranging processing and storage accesses, improve the overall availability of data, reduce the use cost of user.

A kind of things-internet gateway system of described data safety storage also includes a service bus, and by described The management tool unit that service bus is connected with the gateway server；The service bus is connect using a variety of cross-platform services Mouthful, for externally providing the function services of things-internet gateway system, including：REST, Web Socket, XMPP and database clothes Business, support the use of desktop end, Web ends and mobile terminal, can flexibly apply to small-sized Intranet application, large-scale distributed application it is more Purposes combine scenes, the accommodation of gateway system is improved, reduce the use cost of user.Described management work tool unit bag Include configuration management tool module, web administration tool model and development management tool model；Wherein described configuration management tool mould Block, parameter configuration is carried out to things-internet gateway system by Local or Remote mode for user, the management that project is downloaded, wherein Parameter configuration includes：(1) project name connects string with database；(2) protocol library configures：The configuration item of Protocol Plug：ID, agreement Title, plugin name, plug-in unit description, version number, Engine Version number；(3) data acquisition configures：For configuring the original of acquisition project Beginning data, outside " passage-equipment-point " configuration information relevant with Data Collection；(4) data calculate configuration：Standard is adopted Collecting data item can not directly be collected, it is necessary to be calculated by multiple data item in the project.It is internal with Data calculate relevant " passage-equipment-point " configuration information；(5) data storage configures：The configuration strategy of data storage with " task -- point " mode tissue, stored record mode and time interval or changing sensitivity；(6) data encryption configures：Including being No encryption and encryption method selection；(7) data upload configuration：Including upload mode, data renewal time, whether enable and issue control System.The web administration tool model, overall operation is carried out to things-internet gateway system by HTTPS agreements for user and supervised Control；The development management tool model, the template type of things-internet gateway system progress communication protocol plug-in unit is developed for user, Assembling management and agreement library management.

The communication protocol bound cell includes providing RS232/RS485 serial line interfaces with internet of things equipment physical connection All kinds of internet of things equipment (such as energy consumption acquisition instrument in practical application, become distributing monitoring system etc.) are attached, Yi Jiyu All kinds of Internet of Things (such as HVAC control system in practical application, the control of water supply and drainage system of RJ45 Ethernet interfaces are provided System, Lighting Control Assembly etc.) equipment is attached.

Described gateway server also includes a project configuration service module, for providing the items of things-internet gateway system Parameter configuration；Including：Protocol library configuration, data acquisition configuration, data calculate configuration, data storage configuration, data encryption configuration, Data upload configuration and database configuration.

Described gateway server also includes a monitoring of tools module, for providing the operation of things-internet gateway system equipment Data parameters monitor and control, including CPU, internal memory, network and hard disk use parameter.

The main control unit includes Master control chip, the embedded system being embedded in Master control chip, and runs on Safe wireless short range communication module, application communication module and the secure accessing client modules of embedded system；Wherein master control Coremaking piece, for data safe processing and storage；Embedded system, for realizing system administration to things-internet gateway；Safe nothing Line short range communication module, for realizing the information exchange of gateway and wireless short-range communication terminal；And application communication module, it is used for Realize the information exchange of things-internet gateway and bus type terminal；Secure accessing client modules, for realize things-internet gateway with Access the Ethernet trusted communications function of application network.Application network coupling part include ethernet module, WiFi module with And mobile Internet communication module.Specifically, described Master control chip can use X86 or ARM Master control chips.Optionally, The application communication module is using such as, but not limited to RS-485/RS-232 application communications module.

Optionally, the encryption method that the data encryption services module uses is such as, but not limited to by KLEIN algorithms Shifting function be designed as movable random position r, 16≤r≤63.In the encryption method, first encryption and decryption random number is in key Negotiation phase produces, the random number of later encryption and decryption be the 8th byte of ciphertext caused by last time encryption be mapped as one 16 to Number between 63.

Specifically, the structure of KLEIN algorithms is typical replacement permutation network, block length is 64, supports 64/80/ 90 3 kinds of key lengths, respectively correspond to 12/16/20 wheel encryption, often take turns by InvAddRoundKey, Nibble replacement, Nibble displacement, Nibble obscures order and formed, and end wheel carries out whitening operation.Using block length as 64, the KLEIN-64 that iteration wheel number is 12 is Example, illustrates KLEIN round function design details：(1) InvAddRoundKey (Add Round Key)：64 input states are close with extending Key carries out XOR by turn；(2) Nibble replaces (Sub Nibbles)：The S boxes that AK outputs are performed to 16 lookup 4*4 operate, S Box has reciprocal characteristics；(3) Nibble shifts (Rotate Nibbles)：SN 64 outputs are moved to left into 2 bytes；(4) Nibble obscures (Mix Nibbles)：By the 4*2 Matrix Multiplications of 8 byte input compositions with AES row confusion matrix M [45], obtain To 64 outputs.Different with AES, KLEIN last wheel obscures operation without row are deleted.

KLEIN cipher key spreadings are made up of displacement, XOR, lookup S box parts.64 initial keys are divided into 32 bits by left and right Two parts, perform move to left 1 byte manipulation respectively；It is normal that shift left operation right half part exports the 3rd byte XOR cipher key spreading wheel Amount, it is left 32 to obtain round key output；Result the 2nd, 3 bytes of shift left operation or so two parts output phase XOR search 4 4*4 S boxes, obtain right 32 of round key output.

In the wheel encryption of KLEIN algorithms and cipher key spreading, shifting function is directed to, wherein wheel encryption cycle moves to left 2 Byte, round key Extended Cyclic move to left 1 byte, are a kind of shifting functions of character-oriented nodal pattern.Such shifting function, software are real It is now very efficient.For existing algebraically bypass attack and selection plaintext differential attack, the present invention proposes a kind of to KLEIN The safeguard measure of algorithm, referred to as R- KLEIN algorithms, strengthen the security of KLEIN algorithms, as shown in Figures 2 and 3.

No longer it is 2 fixed bytes to the shifting function in original KLEIN algorithms, but movable random position r (16≤r≤ 63).But the problem of such operation brings a communicating pair random number synchronization, there is following 3 kinds of solutions：(a) communication one It is square to produce random number sequence in advance, communication the opposing party is sent to by safe lane, one is once just left out per encryption and decryption at random Number, but this scheme is not real enough in actual applications；(b) first encryption and decryption random number produces in key agreement phase, often It is valid data that secondary encryption and decryption, which actually only has 7 bytes, and the 8th byte is that the encryption side of insertion previously generates one random Number, for encryption and decryption next time, but so causes effective speed there was only 87.5%；(c) first encryption and decryption random number Produced in key agreement phase, the random number of later encryption and decryption is exactly that the 8th byte of ciphertext caused by last time encryption is mapped as One 16 --- 63 number, its mapping method can be defined by user oneself.

The 3rd scheme is best in such scheme, is still replacement operator for shifting function is in place；But with regard to byte For, be the equal of replacement operator when shifting function is integer byte；When shifting function is not integer byte, equivalent to Replacement operation.In this operating process, both there may exist replacement operator, it is also possible to replacement operation be present, be it is a kind of not The state of determination.Similarly, in cipher key spreading operation, key shifting function is not a byte but encryption shifting function digit R half, i.e. r/2.

Shifting function is realized with software, is than relatively time-consuming.Original KLEIN algorithms, shifting function are integer bytes Reason, exactly in order to ensure the efficiency of running software.Currently for the attack of KLEIN-64 algorithms, at most occur encrypting 8 wheels Effectively, therefore, it is relatively low in security requirement, the higher occasion of requirement of real-time, it is possible to reduce encryption iteration number reaches real The requirement of when property.

Analysis to block cipher, mainly analyze the conversion of nonlinear operation S boxes, it is desirable to which linear operation part is clear and definite Specifically, the improvement to KLEIN algorithms, has used the method for random number in the shifting function of linear operation so that right at present The method that block cipher is analyzed loses effect.This method can not still be used KLEIN algorithms, in general point Group password is equally effective.

Embodiment 2

On the basis of embodiment 1, present invention also offers a kind of realization side of the things-internet gateway system of data safety storage Method, the things-internet gateway system stored using a kind of described data safety, is comprised the following steps：Step S1, things-internet gateway Equipment is connected to the network switch by Ethernet interface；Step S2, communication protocol bound cell connect with internet of things equipment physics Connect；Step S3, collection service module according to the configuration file of the internet of things equipment of connection, by communication protocol carry out communication interaction and Data parsing collection；Step S4, data calculate service module, data storage service module obtains to data acquisition service module Data are calculated and storage processing；Step S5, data encryption services module and data upload service module are to being computed and depositing Data after storage are externally transmitted after being encrypted.

Wherein, data storage is based on cloud computing, and its storage method is：

A1：Data source uploads data, system activation parsing module to system；

A2：Parsing module parses to data slot, if successfully resolved, is transferred to step A3；If parsing failure, is transferred to Step B1；

B1：Data slot is uploaded to Cloud Server by cloud identification module；

B2：Cloud Server to data used by communication protocol parse, corresponding analytical algorithm is downloaded and is added to this Ground parsing module, it is transferred to step A2；

A3：The randomizer of encrypting module automatically generates one group of random number p, and encrypts and be sent to Cloud Server；

A4：Cloud Server generates key kp according to the algorithm seed sp set in p and server, and kp encryptions are sent to and added Close module；

A5：Data are encrypted using key kp for encrypting module；

A6：Encrypting module generates RSA public keys, and uses the data after being encrypted in RSA public key encryption keys kp and step A5；

A7：Data after encryption are classified and are stored in cloud database by memory module；

A8：System manager carries out necessary operation by data management module to data.

The memory module, the data after encryption can be divided data according to data type, data acquisition time etc. Class, then it is stored in corresponding cloud database.

The things-internet gateway system and its implementation of a kind of data safety storage of the present invention, in specific Intranet application In, the communication server that the present invention can manage host computer as local monitor uses, by the number of all kinds of internet of things equipment in system According to automatic data collection to gateway, there is provided used to monitoring management host computer., can be by the requirement again of host computer when Network Abnormal System data is passed, improves the safety and stability of system data transmission.

In specific small-sized Intranet application, the present invention can use as the monitoring management main frame of local, will be each in system The automatic data collection of class internet of things equipment is calculated and stored to intra-gateway, and the control instruction for receiving monitoring system is sent Actually performed on to internet of things equipment.

In specific large-scale distributed application, the present invention can use as multisegment gateway router, i.e., as local Gateway, gateway use is uploaded, different settings are carried out to the network address of gateway, different sieves can be done to the gathered data of gateway Choosing, encryption and upload.

It is complete by above-mentioned description, relevant staff using the above-mentioned desirable embodiment according to the present invention as enlightenment Various changes and amendments can be carried out without departing from the scope of the technological thought of the present invention' entirely.The technology of this invention Property scope is not limited to the content on specification, it is necessary to determines its technical scope according to right.

Claims (10)

1. a kind of things-internet gateway system of data safety storage, it is characterised in that including gateway device, the gateway device includes Communication protocol bound cell, main control unit, and the gateway server being connected with main control unit；Wherein described communication protocol plug-in unit Unit and internet of things equipment physical connection, for externally providing the agreement of various internet of things equipment, third party system communication interface Handle plug-in unit；The gateway server includes data acquisition service module, data calculate service module, data storage service mould Block, data encryption services module and data upload service module；The main control unit control data collection service module is according to even The configuration file of the internet of things equipment connect, communication interaction and data parsing collection are carried out by communication protocol；The main control unit control The data that data processed calculate service module, data storage service module obtains to data acquisition service module are calculated and stored Processing；Described control unit control data cryptographic service module and data upload service module are to the data after being computed and storing Externally it is transmitted after being encrypted.

A kind of 2. things-internet gateway system of data safety storage according to claim 1, it is characterised in that described thing Networking gateway system also includes a service bus, and the management being connected by described service bus with the gateway server Tool unit；The service bus uses a variety of cross-platform service interfaces, for externally providing the work(of things-internet gateway system Can service；Described management work tool unit includes configuration management tool module, web administration tool model and development management instrument Module；Wherein described configuration management tool module, things-internet gateway system is carried out by Local or Remote mode for user The management that parameter configuration, project are downloaded；The web administration tool model, for user by HTTPS agreements to things-internet gateway System carries out overall operation monitoring；The development management tool model, things-internet gateway system is communicated for user Template type exploitation, assembling management and the agreement library management of Protocol Plug.

A kind of 3. things-internet gateway system of data safety storage according to claim 2, it is characterised in that the communication All kinds of internet of things equipment that Protocol Plug unit includes providing RS232/RS485 serial line interfaces with internet of things equipment physical connection enter Row connection, and all kinds of internet of things equipment with providing RJ45 Ethernet interfaces are attached.

A kind of 4. things-internet gateway system of data safety storage according to claim 3, it is characterised in that described net Closing server also includes a project configuration service module, and the parameters for providing things-internet gateway system configure；Including：Association Discuss storehouse configuration, data acquisition configuration, data calculating configuration, data storage configuration, data encryption configuration, data upload configuration sum Configured according to storehouse.

A kind of 5. things-internet gateway system of data safety storage according to claim 4, it is characterised in that described net Closing server also includes a monitoring of tools module, and the service data parameter for providing things-internet gateway system equipment monitors and control System, including CPU, internal memory, network and hard disk use parameter.

A kind of 6. things-internet gateway system of data safety storage according to claim 1, it is characterised in that the master control Unit includes Master control chip, the embedded system being embedded in Master control chip, and runs on the safety of embedded system Wireless short range communication module, application communication module and secure accessing client modules；Wherein Master control chip, pacify for data Full processing and storage；Embedded system, for realizing system administration to things-internet gateway；Safe wireless short range communication module, use In the information exchange for realizing gateway and wireless short-range communication terminal；And application communication module, for realize things-internet gateway with The information exchange of bus type terminal；Secure accessing client modules, for realize things-internet gateway with access application network with Too network trusted communication function.

A kind of 7. things-internet gateway system of data safety storage according to claim 1, it is characterised in that the data The encryption method that cryptographic service module uses for by the shifting function in KLEIN algorithms be designed as movable random position r, 16≤r≤ 63。

A kind of 8. things-internet gateway system of data safety storage according to claim 7, it is characterised in that the encryption In method, first encryption and decryption random number produces in key agreement phase, and the random number of later encryption and decryption is that last time encryption produces The 8th byte of ciphertext be mapped as number between one 16 to 63.

9. a kind of implementation method of the things-internet gateway system of data safety storage, it is characterised in that using such as claim 1-8 Any described things-internet gateway system, comprises the following steps：

Step S1, things-internet gateway equipment are connected to the network switch by Ethernet interface；

Step S2, communication protocol bound cell and internet of things equipment physical connection；

Step S3, collection service module carry out communication interaction according to the configuration file of the internet of things equipment of connection by communication protocol Parse and gather with data；

Step S4, the data that data calculate service module, data storage service module obtains to data acquisition service module are carried out Calculate and storage is handled；

Place is encrypted to the data after being computed and storing in step S5, data encryption services module and data upload service module Externally it is transmitted after reason.

10. a kind of implementation method of the things-internet gateway system of data safety storage according to claim 9, its feature exist In data storage is based on cloud computing, and its storage method is：

A1：Data source uploads data, system activation parsing module to system；

A2：Parsing module parses to data slot, if successfully resolved, is transferred to step A3；If parsing failure, is transferred to step Rapid B1；

B1：Data slot is uploaded to Cloud Server by cloud identification module；

B2：Cloud Server to data used by communication protocol parse, corresponding analytical algorithm is downloaded and is added to this Ground parsing module, it is transferred to step A2；

A3：The randomizer of encrypting module automatically generates one group of random number p, and encrypts and be sent to Cloud Server；

A4：Cloud Server generates key kp according to the algorithm seed sp set in p and server, and kp encryptions are sent into encryption Module；

A5：Data are encrypted using key kp for encrypting module；

A6：Encrypting module generates RSA public keys, and uses the data after being encrypted in RSA public key encryption keys kp and step A5；

A7：Data after encryption are classified and are stored in cloud database by memory module；

A8：System manager carries out necessary operation by data management module to data.