Disclosure of Invention
The embodiment of the invention provides an Internet of things communication method, terminal and system, which can simultaneously meet the requirements of high availability and high elasticity and can reach the low coupling degree of a gateway function as far as possible.
In a first aspect, an embodiment of the present invention provides an internet of things communication method, where the method includes:
setting a directory server cluster, wherein the directory server cluster comprises N directory servers, and N is an integer greater than or equal to 1;
establishing communication connection with one of the directory servers in the directory server cluster according to a first preset rule to acquire a service operation server cluster corresponding to the terminal, wherein the service operation server cluster comprises M service operation servers, and M is an integer greater than or equal to 1;
and establishing communication connection with one of the service operation servers in the service operation server cluster according to a second preset rule.
Further, each directory server is configured to access a database, where the database includes a one-to-one mapping relationship between feature values of a plurality of preset terminals and unique codes of corresponding terminals, and further includes a service operation server cluster to which each preset terminal allows access, and the establishing a communication connection with one directory server in the directory server cluster according to a first preset rule to obtain the service operation server cluster corresponding to the terminal includes:
initiating a polling first heartbeat synchronization request to a directory server cluster;
if a first heartbeat synchronous signal returned by one of the directory servers is received within a first limit time, establishing communication connection with the one of the directory servers;
and sending an encrypted verification request comprising the characteristic value of the terminal to one of the directory servers so that the one of the directory servers decrypts the verification request, and determining the terminal unique code of the terminal and the service operation server cluster allowed to be accessed according to the decrypted characteristic value of the terminal and the database.
Further, each service operation server includes a terminal unique code sent by one of the directory servers, a communication key generated by the one of the directory servers, and a validity period of the communication key, and establishes a communication connection with one of the service operation servers in the service operation server cluster according to a second preset rule, and the method further includes:
receiving encrypted return information sent by one of the directory servers, wherein the return information comprises a terminal unique code of the terminal, a service operation server cluster allowing access and a communication key generated by the one of the directory servers;
decrypting the return information;
initiating a polling type second heartbeat synchronization request encrypted by a communication key to the service operation server cluster, wherein the second heartbeat synchronization request comprises a terminal unique code;
and if a second heartbeat synchronous signal returned after the terminal unique code in the second heartbeat synchronous request is verified to be matched with the terminal unique code included in one of the service operation servers, the second heartbeat synchronous signal is established with one of the service operation servers.
Further, the method further comprises:
and if the communication connection with the service operation server is interrupted, returning to the step of initiating a polling type second heartbeat synchronization request encrypted by a communication key to the service operation server cluster.
Further, the method further comprises:
and if the validity period of the communication key is invalid, returning to the first polling heartbeat synchronization request initiated to the directory server cluster.
Further, the authentication request carries out encryption and decryption of AES128/256 bits through a preset public key, the authentication request further comprises a private key randomly generated by the terminal, and the returned information carries out encryption and decryption of AES128/256 bits through the private key.
In a second aspect, an embodiment of the present invention provides a terminal, including a processor, an input device, an output device, and a memory, where the processor, the input device, the output device, and the memory are connected to each other, where the memory is used to store a computer program that supports the terminal to execute the above method, the computer program includes program instructions, and the processor is configured to execute the program instructions to perform the following steps:
setting a directory server cluster, wherein the directory server cluster comprises N directory servers, and N is an integer greater than or equal to 1;
establishing communication connection with one of the directory servers in the directory server cluster according to a first preset rule to acquire a service operation server cluster corresponding to the terminal, wherein the service operation server cluster comprises M service operation servers, and M is an integer greater than or equal to 1;
and establishing communication connection with one of the service operation servers in the service operation server cluster according to a second preset rule.
Further, each directory server is configured to access a database, where the database includes a one-to-one mapping relationship between feature values of a plurality of preset terminals and unique codes of corresponding terminals, and further includes a service operation server cluster to which each preset terminal allows access, and the method performs the communication connection with one directory server in the directory server cluster according to a first preset rule to obtain the service operation server cluster corresponding to the terminal, and includes:
initiating a polling first heartbeat synchronization request to a directory server cluster;
if a first heartbeat synchronous signal returned by one of the directory servers is received within a first limit time, establishing communication connection with the one of the directory servers;
and sending an encrypted verification request comprising the characteristic value of the terminal to one of the directory servers so that the one of the directory servers decrypts the verification request, and determining the terminal unique code of the terminal and the service operation server cluster allowed to be accessed according to the decrypted characteristic value of the terminal and the database.
Further, each service operation server includes a terminal unique code sent by one of the directory servers, a communication key generated by the one of the directory servers, and a validity period of the communication key, and executes the establishment of a communication connection with one of the service operation servers in the service operation server cluster according to a second preset rule, and the method further includes:
receiving encrypted return information sent by one of the directory servers, wherein the return information comprises a terminal unique code of the terminal, a service operation server cluster allowing access and a communication key generated by the one of the directory servers;
decrypting the return information;
initiating a polling type second heartbeat synchronization request encrypted by a communication key to the service operation server cluster, wherein the second heartbeat synchronization request comprises a terminal unique code;
and if a second heartbeat synchronous signal returned after the terminal unique code in the second heartbeat synchronous request is verified to be matched with the terminal unique code included in one of the service operation servers, the second heartbeat synchronous signal is established with one of the service operation servers. .
In a third aspect, an embodiment of the present invention provides a system, where the system includes multiple terminals, a directory server cluster, and a service operation server cluster as described in the second aspect, each terminal is in communication connection with the directory server cluster and the service operation server cluster, respectively, and each directory server is in communication connection with the service operation server cluster. .
The embodiment of the invention can simultaneously meet high availability and high elasticity, reaches the low coupling degree of the gateway function as far as possible, has better flexibility, and simultaneously can effectively ensure the safety performance of the communication process because the communication information in the embodiment can be encrypted in a strict encryption mode. In addition, the embodiment of the invention can flexibly adjust the deployment of the gateway according to the deployment condition of the terminal without sacrificing the requirements of real-time performance and stability; the setting of the terminal equipment does not need to be frequently adjusted, and great labor and time cost can be saved in subsequent maintenance and early-stage test; furthermore, the low component coupling enables future flexibility in adjusting system architecture and resources for high concurrent access volumes.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Referring to fig. 1, which is a schematic flow chart of an internet of things communication method provided in an embodiment of the present invention, the internet of things communication method as shown in the figure may include steps S101 to S103:
step S101, a directory server cluster is set, wherein the directory server cluster comprises N directory servers, and N is an integer greater than or equal to 1.
In some embodiments, the directory server cluster may be configured according to actual conditions. The directory server cluster is used as a list including N directory servers, where N is an integer greater than or equal to 1, and each directory server may be accurately distributed, for example, N may be 1, 5, or 10, and a value of N is merely illustrated in this embodiment and is not specifically limited.
Step S102, establishing communication connection with one of the directory servers in the directory server cluster according to a first preset rule to obtain a service operation server cluster corresponding to the terminal, wherein the service operation server cluster comprises M service operation servers, and M is an integer greater than or equal to 1.
The method includes the steps that communication connection can be established with one of the directory servers in the directory server cluster according to a preset first preset rule, and the business operation server cluster corresponding to a terminal is obtained through the one of the directory servers. The service operation server cluster may set the number of specific service operation servers according to an actual situation, that is, the value of M may be set according to the actual situation, for example, M may be 1, 5, or 10, and of course, the value of M is merely illustrated in this embodiment and is not limited specifically.
Specifically, as shown in fig. 2, each directory server is configured to access a database, where the database includes a one-to-one mapping relationship between feature values of a plurality of preset terminals and corresponding unique codes of the terminals, and further includes a cluster of service operation servers that each preset terminal allows access to. Each terminal has a unique terminal code, and each terminal has a characteristic value, which can be an unchangeable physical attribute of the terminal, such as a network MAC address, so that the characteristic value of each preset terminal in the database has a mapping relation with the corresponding unique terminal code. And meanwhile, determining the service operation server cluster which is allowed to be accessed by the terminal according to the characteristic value of the terminal or the unique code of the terminal.
Therefore, the step S102 specifically includes: steps S201 to S203.
Step S201 initiates a polling type first heartbeat synchronization request to the directory server cluster.
In some embodiments, the polled first heartbeat synchronization request may be initiated to the cluster of directory servers in an unencrypted manner. And under the condition that the 1 st to Nth directory servers in the corresponding directory server cluster are in a normal operation state, returning a first heartbeat synchronization signal to the terminal in a first-in first-out mode.
Step S202, if a first heartbeat synchronization signal returned by one of the directory servers is received within the first limit time, establishing a communication connection with the one of the directory servers.
In some embodiments, a first limit time is generally set, and if a first heartbeat synchronization signal returned by one of the directory servers is received within the first limit time, the first heartbeat synchronization signal returned by the one of the directory servers is the first heartbeat synchronization signal at this time, and is also the first normal signal, so that the terminal can establish a communication connection with the one of the directory servers. Meanwhile, the terminal also terminates the round-robin transmission of the subsequent first heartbeat synchronization request and proceeds to the next step.
Step S203, sending an encrypted verification request including the terminal feature value to one of the directory servers, so that the one of the directory servers decrypts the verification request, and determines the terminal unique code of the terminal and the service operation server cluster allowed to be accessed according to the decrypted terminal feature value and the database.
In some embodiments, after the terminal establishes the communication connection with one of the directory servers, an encrypted authentication request may be sent to the one of the directory servers, and the authentication request may include a characteristic value of the terminal. Alternatively, the authentication request may be encrypted with AES128/256 bits by a preset public key. After receiving the verification request, one of the directory servers may decrypt AES128/256 bits by using a preset public key, so as to obtain a feature value of the terminal included in the verification request. The one directory server can obtain a terminal unique code corresponding to the characteristic value of the terminal and a service operation server cluster which the terminal allows to access according to the characteristic value of the terminal and the matching analysis of the database. The service operation server cluster which the terminal allows to access is the service operation server cluster which can be obtained and corresponds to the terminal.
Step S103, establishing communication connection with one of the service operation servers in the service operation server cluster according to a second preset rule.
The communication connection with one of the service operation servers in the service operation server cluster can be established according to a preset second preset rule. Meanwhile, in some embodiments, the terminal and the corresponding one of the service operation servers may perform service communication in a full encryption manner.
In some embodiments, if the service operation server has a problem and is disconnected from the terminal, the terminal may automatically perform automatic connection and verification according to the previous service operation server cluster list at this time, and the operation of step S103 is continued without any manual intervention.
Specifically, as shown in fig. 3, each service operation server includes a terminal unique code transmitted by one of the directory servers, a communication key generated by the one of the directory servers, and a validity period of the communication key.
Therefore, the step S103 specifically includes: steps S301 to S304.
Step S301, receiving encrypted return information sent by one of the directory servers, where the return information includes a terminal unique code of the terminal, a service operation server cluster allowed to access, and a communication key generated by the one of the directory servers.
In some embodiments, encrypted return information sent by the one of the directory servers may be received. The encryption mode can be selected correspondingly according to actual conditions. Meanwhile, the return information also comprises a terminal unique code of the terminal, a service operation server cluster allowing access and a communication key generated by one directory server.
And step S302, decrypting the return information.
In some embodiments, the terminal may further correspondingly decrypt the returned information, so as to obtain a terminal unique code of the terminal, a service operation server cluster allowed to be accessed, and a communication key generated by the one directory server.
Step S303, initiating a polling type second heartbeat synchronization request encrypted by a communication key to the service operation server cluster, where the second heartbeat synchronization request includes a terminal unique code.
In some embodiments, the second heartbeat synchronization request may need to be encrypted while being encrypted by a correspondent key generated by the one of the directory servers. Preferably, the second heartbeat synchronization request may be encrypted with AES128/256 bit using the correspondent key.
Step S304, if a second heartbeat synchronization request decrypted by one of the service operation servers through the communication key is received within the second limit time, and a second heartbeat synchronization signal returned after verifying that the terminal unique code in the second heartbeat synchronization request matches the terminal unique code included in the one of the service operation servers, establishing a communication connection with the one of the service operation servers.
In some embodiments, if the one of the service operation servers decrypts the second heartbeat synchronization request by using the communication key within the second limit time, and further verifies that the terminal unique code in the second heartbeat synchronization request matches the terminal unique code included in the one of the service operation servers, the terminal can return a second heartbeat synchronization signal to the terminal, and then the terminal establishes a communication connection with the one of the service operation servers. Under a general condition, the service operation server in a normal state decrypts the second heartbeat synchronization request through the communication key, and can send a feedback signal of heartbeat synchronization to the terminal after verifying the corresponding validity, otherwise, no signal is returned. Generally, after the communication between the terminal and one of the service operation servers is established, the service communication may be performed in a full encryption manner.
In other embodiments, when the authentication request in step S203 further includes a private key randomly generated by the terminal, the returned information may be encrypted and decrypted in AES128/256 bit by the private key.
In other embodiments, the method further comprises: and if the communication connection with the service operation server is interrupted, returning to the step of initiating a polling type second heartbeat synchronization request encrypted by a communication key to the service operation server cluster.
In other embodiments, the method further comprises: and if the validity period of the communication key is invalid, returning to the first polling heartbeat synchronization request initiated to the directory server cluster.
As shown in fig. 4, which is a terminal according to an embodiment of the present invention, the terminal 100 includes a processor 101, an input device 102, an output device 103, and a memory 104, where the processor 101, the input device 102, the output device 103, and the memory 104 are connected to each other, where the memory 104 is used for storing a computer program, the computer program includes program instructions, and the processor 101 is configured to execute the program instructions to perform the following steps:
setting a directory server cluster, wherein the directory server cluster comprises N directory servers, and N is an integer greater than or equal to 1; establishing communication connection with one of the directory servers in the directory server cluster according to a first preset rule to acquire a service operation server cluster corresponding to the terminal, wherein the service operation server cluster comprises M service operation servers, and M is an integer greater than or equal to 1; and establishing communication connection with one of the service operation servers in the service operation server cluster according to a second preset rule.
The processor executes the communication connection established with one of the directory servers in the directory server cluster according to a first preset rule to acquire a service operation server cluster corresponding to the terminal, and further executes:
initiating a polling first heartbeat synchronization request to a directory server cluster; if a first heartbeat synchronous signal returned by one of the directory servers is received within a first limit time, establishing communication connection with the one of the directory servers; and sending an encrypted verification request comprising the characteristic value of the terminal to one of the directory servers so that the one of the directory servers decrypts the verification request, and determining the terminal unique code of the terminal and the service operation server cluster allowed to be accessed according to the decrypted characteristic value of the terminal and the database.
The processor executes the communication connection established with one of the service operation servers in the service operation server cluster according to a second preset rule, and further executes:
receiving encrypted return information sent by one of the directory servers, wherein the return information comprises a terminal unique code of the terminal, a service operation server cluster allowing access and a communication key generated by the one of the directory servers; decrypting the return information; initiating a polling type second heartbeat synchronization request encrypted by a communication key to the service operation server cluster, wherein the second heartbeat synchronization request comprises a terminal unique code; and if a second heartbeat synchronous signal returned after the terminal unique code in the second heartbeat synchronous request is verified to be matched with the terminal unique code included in one of the service operation servers, the second heartbeat synchronous signal is established with one of the service operation servers.
And the processor also executes the second heartbeat synchronization request which is initiated to the service operation server cluster in a polling mode and encrypted by a communication key if the communication connection with the service operation server is interrupted.
And the processor also executes the first heartbeat synchronous request which initiates polling to the directory server cluster if the validity period of the communication key is invalid.
In a specific implementation, the processor 101, the input device 102, and the output device 103 described in the embodiment of the present invention may execute the implementation manner described in the embodiment of the method for communicating an internet of things provided in the embodiment of the present invention, and details are not described herein again.
As shown in fig. 5, the system 200 according to an embodiment of the present invention includes a plurality of terminals 201, a directory server cluster 202, and a service operation server cluster 203 as described in the foregoing embodiments, where each terminal 201 is in communication connection with the directory server cluster 202 and the service operation server cluster 203, and each directory server is in communication connection with the service operation server cluster.
It can be clearly understood by those skilled in the art that, for convenience and brevity of description, the specific working processes of the system and the terminal described above may refer to corresponding processes in the foregoing method embodiments, and are not described herein again.
While the invention has been described with reference to specific embodiments, the invention is not limited thereto, and various equivalent modifications and substitutions can be easily made by those skilled in the art within the technical scope of the invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.