CN107948243B - Internet of things communication method, terminal and system - Google Patents
Internet of things communication method, terminal and system Download PDFInfo
- Publication number
- CN107948243B CN107948243B CN201711015353.9A CN201711015353A CN107948243B CN 107948243 B CN107948243 B CN 107948243B CN 201711015353 A CN201711015353 A CN 201711015353A CN 107948243 B CN107948243 B CN 107948243B
- Authority
- CN
- China
- Prior art keywords
- server cluster
- terminal
- directory
- servers
- service operation
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 230000006854 communication Effects 0.000 title claims abstract description 98
- 238000004891 communication Methods 0.000 title claims abstract description 97
- 238000000034 method Methods 0.000 title claims abstract description 31
- 230000001360 synchronised effect Effects 0.000 claims description 21
- 238000012795 verification Methods 0.000 claims description 15
- 230000000977 initiatory effect Effects 0.000 claims description 14
- 238000013507 mapping Methods 0.000 claims description 6
- 238000004590 computer program Methods 0.000 claims description 5
- 230000008878 coupling Effects 0.000 abstract description 4
- 238000010168 coupling process Methods 0.000 abstract description 4
- 238000005859 coupling reaction Methods 0.000 abstract description 4
- 238000013461 design Methods 0.000 description 3
- 238000010586 diagram Methods 0.000 description 3
- 230000006870 function Effects 0.000 description 3
- 230000008569 process Effects 0.000 description 3
- 238000012360 testing method Methods 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/66—Arrangements for connecting between networks having differing types of switching systems, e.g. gateways
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
- H04L67/141—Setup of application sessions
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Medical Informatics (AREA)
- Computer And Data Communications (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The embodiment of the invention discloses a communication method, a terminal and a system of the Internet of things, wherein the method comprises the following steps: setting a directory server cluster, wherein the directory server cluster comprises N directory servers, and N is an integer greater than or equal to 1; establishing communication connection with one of the directory servers in the directory server cluster according to a first preset rule to acquire a service operation server cluster corresponding to the terminal, wherein the service operation server cluster comprises M service operation servers, and M is an integer greater than or equal to 1; and establishing communication connection with one of the service operation servers in the service operation server cluster according to a second preset rule. The embodiment of the invention can simultaneously meet high availability and high elasticity and reach the low coupling degree of the gateway function as far as possible.
Description
Technical Field
The invention relates to the technical field of application of the Internet of things, in particular to a communication method, a terminal and a system of the Internet of things.
Background
In the current internet of things communication technology and protocol, the terminal device of the internet of things basically assumes a fixed connection with the gateway of the internet of things, especially when a timely command feedback or issuing is required, that is, a commonly mentioned long connection scenario. Under the technical architecture design, on one hand, the reliability of the gateway of the internet of things is required to be very high, and on the other hand, due to the limitation of the computing capability of the terminal equipment of the internet of things, the embedded software of the terminal equipment needs to be written in a prefabricated mode, so that the terminal is generally not easy to upgrade later.
It can be seen that the above design concept inevitably brings about the following practical problems:
1. the gateway of the Internet of things is easy to become a trigger point of single-point failure;
2. in the product debugging and testing process, the terminal equipment can change the gateway of the Internet of things for many times, so that the corresponding debugging and testing work becomes very complicated and errors are easy to generate;
3. attempts to decouple the various functions in the gateway have been limited by the security design of the gateway itself, which prevents the terminal device from communicating in a sufficiently secure environment.
Disclosure of Invention
The embodiment of the invention provides an Internet of things communication method, terminal and system, which can simultaneously meet the requirements of high availability and high elasticity and can reach the low coupling degree of a gateway function as far as possible.
In a first aspect, an embodiment of the present invention provides an internet of things communication method, where the method includes:
setting a directory server cluster, wherein the directory server cluster comprises N directory servers, and N is an integer greater than or equal to 1;
establishing communication connection with one of the directory servers in the directory server cluster according to a first preset rule to acquire a service operation server cluster corresponding to the terminal, wherein the service operation server cluster comprises M service operation servers, and M is an integer greater than or equal to 1;
and establishing communication connection with one of the service operation servers in the service operation server cluster according to a second preset rule.
Further, each directory server is configured to access a database, where the database includes a one-to-one mapping relationship between feature values of a plurality of preset terminals and unique codes of corresponding terminals, and further includes a service operation server cluster to which each preset terminal allows access, and the establishing a communication connection with one directory server in the directory server cluster according to a first preset rule to obtain the service operation server cluster corresponding to the terminal includes:
initiating a polling first heartbeat synchronization request to a directory server cluster;
if a first heartbeat synchronous signal returned by one of the directory servers is received within a first limit time, establishing communication connection with the one of the directory servers;
and sending an encrypted verification request comprising the characteristic value of the terminal to one of the directory servers so that the one of the directory servers decrypts the verification request, and determining the terminal unique code of the terminal and the service operation server cluster allowed to be accessed according to the decrypted characteristic value of the terminal and the database.
Further, each service operation server includes a terminal unique code sent by one of the directory servers, a communication key generated by the one of the directory servers, and a validity period of the communication key, and establishes a communication connection with one of the service operation servers in the service operation server cluster according to a second preset rule, and the method further includes:
receiving encrypted return information sent by one of the directory servers, wherein the return information comprises a terminal unique code of the terminal, a service operation server cluster allowing access and a communication key generated by the one of the directory servers;
decrypting the return information;
initiating a polling type second heartbeat synchronization request encrypted by a communication key to the service operation server cluster, wherein the second heartbeat synchronization request comprises a terminal unique code;
and if a second heartbeat synchronous signal returned after the terminal unique code in the second heartbeat synchronous request is verified to be matched with the terminal unique code included in one of the service operation servers, the second heartbeat synchronous signal is established with one of the service operation servers.
Further, the method further comprises:
and if the communication connection with the service operation server is interrupted, returning to the step of initiating a polling type second heartbeat synchronization request encrypted by a communication key to the service operation server cluster.
Further, the method further comprises:
and if the validity period of the communication key is invalid, returning to the first polling heartbeat synchronization request initiated to the directory server cluster.
Further, the authentication request carries out encryption and decryption of AES128/256 bits through a preset public key, the authentication request further comprises a private key randomly generated by the terminal, and the returned information carries out encryption and decryption of AES128/256 bits through the private key.
In a second aspect, an embodiment of the present invention provides a terminal, including a processor, an input device, an output device, and a memory, where the processor, the input device, the output device, and the memory are connected to each other, where the memory is used to store a computer program that supports the terminal to execute the above method, the computer program includes program instructions, and the processor is configured to execute the program instructions to perform the following steps:
setting a directory server cluster, wherein the directory server cluster comprises N directory servers, and N is an integer greater than or equal to 1;
establishing communication connection with one of the directory servers in the directory server cluster according to a first preset rule to acquire a service operation server cluster corresponding to the terminal, wherein the service operation server cluster comprises M service operation servers, and M is an integer greater than or equal to 1;
and establishing communication connection with one of the service operation servers in the service operation server cluster according to a second preset rule.
Further, each directory server is configured to access a database, where the database includes a one-to-one mapping relationship between feature values of a plurality of preset terminals and unique codes of corresponding terminals, and further includes a service operation server cluster to which each preset terminal allows access, and the method performs the communication connection with one directory server in the directory server cluster according to a first preset rule to obtain the service operation server cluster corresponding to the terminal, and includes:
initiating a polling first heartbeat synchronization request to a directory server cluster;
if a first heartbeat synchronous signal returned by one of the directory servers is received within a first limit time, establishing communication connection with the one of the directory servers;
and sending an encrypted verification request comprising the characteristic value of the terminal to one of the directory servers so that the one of the directory servers decrypts the verification request, and determining the terminal unique code of the terminal and the service operation server cluster allowed to be accessed according to the decrypted characteristic value of the terminal and the database.
Further, each service operation server includes a terminal unique code sent by one of the directory servers, a communication key generated by the one of the directory servers, and a validity period of the communication key, and executes the establishment of a communication connection with one of the service operation servers in the service operation server cluster according to a second preset rule, and the method further includes:
receiving encrypted return information sent by one of the directory servers, wherein the return information comprises a terminal unique code of the terminal, a service operation server cluster allowing access and a communication key generated by the one of the directory servers;
decrypting the return information;
initiating a polling type second heartbeat synchronization request encrypted by a communication key to the service operation server cluster, wherein the second heartbeat synchronization request comprises a terminal unique code;
and if a second heartbeat synchronous signal returned after the terminal unique code in the second heartbeat synchronous request is verified to be matched with the terminal unique code included in one of the service operation servers, the second heartbeat synchronous signal is established with one of the service operation servers. .
In a third aspect, an embodiment of the present invention provides a system, where the system includes multiple terminals, a directory server cluster, and a service operation server cluster as described in the second aspect, each terminal is in communication connection with the directory server cluster and the service operation server cluster, respectively, and each directory server is in communication connection with the service operation server cluster. .
The embodiment of the invention can simultaneously meet high availability and high elasticity, reaches the low coupling degree of the gateway function as far as possible, has better flexibility, and simultaneously can effectively ensure the safety performance of the communication process because the communication information in the embodiment can be encrypted in a strict encryption mode. In addition, the embodiment of the invention can flexibly adjust the deployment of the gateway according to the deployment condition of the terminal without sacrificing the requirements of real-time performance and stability; the setting of the terminal equipment does not need to be frequently adjusted, and great labor and time cost can be saved in subsequent maintenance and early-stage test; furthermore, the low component coupling enables future flexibility in adjusting system architecture and resources for high concurrent access volumes.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 is a schematic flow chart of a communication method of the internet of things according to an embodiment of the present invention;
FIG. 2 is a schematic flow chart diagram of the substeps of step S102 in an embodiment of the present invention;
FIG. 3 is a schematic flow chart of the substeps of step S103 in the embodiment of the present invention;
fig. 4 is a schematic block diagram of a terminal according to an embodiment of the present invention;
fig. 5 is a schematic block diagram of a system provided by an embodiment of the invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Referring to fig. 1, which is a schematic flow chart of an internet of things communication method provided in an embodiment of the present invention, the internet of things communication method as shown in the figure may include steps S101 to S103:
step S101, a directory server cluster is set, wherein the directory server cluster comprises N directory servers, and N is an integer greater than or equal to 1.
In some embodiments, the directory server cluster may be configured according to actual conditions. The directory server cluster is used as a list including N directory servers, where N is an integer greater than or equal to 1, and each directory server may be accurately distributed, for example, N may be 1, 5, or 10, and a value of N is merely illustrated in this embodiment and is not specifically limited.
Step S102, establishing communication connection with one of the directory servers in the directory server cluster according to a first preset rule to obtain a service operation server cluster corresponding to the terminal, wherein the service operation server cluster comprises M service operation servers, and M is an integer greater than or equal to 1.
The method includes the steps that communication connection can be established with one of the directory servers in the directory server cluster according to a preset first preset rule, and the business operation server cluster corresponding to a terminal is obtained through the one of the directory servers. The service operation server cluster may set the number of specific service operation servers according to an actual situation, that is, the value of M may be set according to the actual situation, for example, M may be 1, 5, or 10, and of course, the value of M is merely illustrated in this embodiment and is not limited specifically.
Specifically, as shown in fig. 2, each directory server is configured to access a database, where the database includes a one-to-one mapping relationship between feature values of a plurality of preset terminals and corresponding unique codes of the terminals, and further includes a cluster of service operation servers that each preset terminal allows access to. Each terminal has a unique terminal code, and each terminal has a characteristic value, which can be an unchangeable physical attribute of the terminal, such as a network MAC address, so that the characteristic value of each preset terminal in the database has a mapping relation with the corresponding unique terminal code. And meanwhile, determining the service operation server cluster which is allowed to be accessed by the terminal according to the characteristic value of the terminal or the unique code of the terminal.
Therefore, the step S102 specifically includes: steps S201 to S203.
Step S201 initiates a polling type first heartbeat synchronization request to the directory server cluster.
In some embodiments, the polled first heartbeat synchronization request may be initiated to the cluster of directory servers in an unencrypted manner. And under the condition that the 1 st to Nth directory servers in the corresponding directory server cluster are in a normal operation state, returning a first heartbeat synchronization signal to the terminal in a first-in first-out mode.
Step S202, if a first heartbeat synchronization signal returned by one of the directory servers is received within the first limit time, establishing a communication connection with the one of the directory servers.
In some embodiments, a first limit time is generally set, and if a first heartbeat synchronization signal returned by one of the directory servers is received within the first limit time, the first heartbeat synchronization signal returned by the one of the directory servers is the first heartbeat synchronization signal at this time, and is also the first normal signal, so that the terminal can establish a communication connection with the one of the directory servers. Meanwhile, the terminal also terminates the round-robin transmission of the subsequent first heartbeat synchronization request and proceeds to the next step.
Step S203, sending an encrypted verification request including the terminal feature value to one of the directory servers, so that the one of the directory servers decrypts the verification request, and determines the terminal unique code of the terminal and the service operation server cluster allowed to be accessed according to the decrypted terminal feature value and the database.
In some embodiments, after the terminal establishes the communication connection with one of the directory servers, an encrypted authentication request may be sent to the one of the directory servers, and the authentication request may include a characteristic value of the terminal. Alternatively, the authentication request may be encrypted with AES128/256 bits by a preset public key. After receiving the verification request, one of the directory servers may decrypt AES128/256 bits by using a preset public key, so as to obtain a feature value of the terminal included in the verification request. The one directory server can obtain a terminal unique code corresponding to the characteristic value of the terminal and a service operation server cluster which the terminal allows to access according to the characteristic value of the terminal and the matching analysis of the database. The service operation server cluster which the terminal allows to access is the service operation server cluster which can be obtained and corresponds to the terminal.
Step S103, establishing communication connection with one of the service operation servers in the service operation server cluster according to a second preset rule.
The communication connection with one of the service operation servers in the service operation server cluster can be established according to a preset second preset rule. Meanwhile, in some embodiments, the terminal and the corresponding one of the service operation servers may perform service communication in a full encryption manner.
In some embodiments, if the service operation server has a problem and is disconnected from the terminal, the terminal may automatically perform automatic connection and verification according to the previous service operation server cluster list at this time, and the operation of step S103 is continued without any manual intervention.
Specifically, as shown in fig. 3, each service operation server includes a terminal unique code transmitted by one of the directory servers, a communication key generated by the one of the directory servers, and a validity period of the communication key.
Therefore, the step S103 specifically includes: steps S301 to S304.
Step S301, receiving encrypted return information sent by one of the directory servers, where the return information includes a terminal unique code of the terminal, a service operation server cluster allowed to access, and a communication key generated by the one of the directory servers.
In some embodiments, encrypted return information sent by the one of the directory servers may be received. The encryption mode can be selected correspondingly according to actual conditions. Meanwhile, the return information also comprises a terminal unique code of the terminal, a service operation server cluster allowing access and a communication key generated by one directory server.
And step S302, decrypting the return information.
In some embodiments, the terminal may further correspondingly decrypt the returned information, so as to obtain a terminal unique code of the terminal, a service operation server cluster allowed to be accessed, and a communication key generated by the one directory server.
Step S303, initiating a polling type second heartbeat synchronization request encrypted by a communication key to the service operation server cluster, where the second heartbeat synchronization request includes a terminal unique code.
In some embodiments, the second heartbeat synchronization request may need to be encrypted while being encrypted by a correspondent key generated by the one of the directory servers. Preferably, the second heartbeat synchronization request may be encrypted with AES128/256 bit using the correspondent key.
Step S304, if a second heartbeat synchronization request decrypted by one of the service operation servers through the communication key is received within the second limit time, and a second heartbeat synchronization signal returned after verifying that the terminal unique code in the second heartbeat synchronization request matches the terminal unique code included in the one of the service operation servers, establishing a communication connection with the one of the service operation servers.
In some embodiments, if the one of the service operation servers decrypts the second heartbeat synchronization request by using the communication key within the second limit time, and further verifies that the terminal unique code in the second heartbeat synchronization request matches the terminal unique code included in the one of the service operation servers, the terminal can return a second heartbeat synchronization signal to the terminal, and then the terminal establishes a communication connection with the one of the service operation servers. Under a general condition, the service operation server in a normal state decrypts the second heartbeat synchronization request through the communication key, and can send a feedback signal of heartbeat synchronization to the terminal after verifying the corresponding validity, otherwise, no signal is returned. Generally, after the communication between the terminal and one of the service operation servers is established, the service communication may be performed in a full encryption manner.
In other embodiments, when the authentication request in step S203 further includes a private key randomly generated by the terminal, the returned information may be encrypted and decrypted in AES128/256 bit by the private key.
In other embodiments, the method further comprises: and if the communication connection with the service operation server is interrupted, returning to the step of initiating a polling type second heartbeat synchronization request encrypted by a communication key to the service operation server cluster.
In other embodiments, the method further comprises: and if the validity period of the communication key is invalid, returning to the first polling heartbeat synchronization request initiated to the directory server cluster.
As shown in fig. 4, which is a terminal according to an embodiment of the present invention, the terminal 100 includes a processor 101, an input device 102, an output device 103, and a memory 104, where the processor 101, the input device 102, the output device 103, and the memory 104 are connected to each other, where the memory 104 is used for storing a computer program, the computer program includes program instructions, and the processor 101 is configured to execute the program instructions to perform the following steps:
setting a directory server cluster, wherein the directory server cluster comprises N directory servers, and N is an integer greater than or equal to 1; establishing communication connection with one of the directory servers in the directory server cluster according to a first preset rule to acquire a service operation server cluster corresponding to the terminal, wherein the service operation server cluster comprises M service operation servers, and M is an integer greater than or equal to 1; and establishing communication connection with one of the service operation servers in the service operation server cluster according to a second preset rule.
The processor executes the communication connection established with one of the directory servers in the directory server cluster according to a first preset rule to acquire a service operation server cluster corresponding to the terminal, and further executes:
initiating a polling first heartbeat synchronization request to a directory server cluster; if a first heartbeat synchronous signal returned by one of the directory servers is received within a first limit time, establishing communication connection with the one of the directory servers; and sending an encrypted verification request comprising the characteristic value of the terminal to one of the directory servers so that the one of the directory servers decrypts the verification request, and determining the terminal unique code of the terminal and the service operation server cluster allowed to be accessed according to the decrypted characteristic value of the terminal and the database.
The processor executes the communication connection established with one of the service operation servers in the service operation server cluster according to a second preset rule, and further executes:
receiving encrypted return information sent by one of the directory servers, wherein the return information comprises a terminal unique code of the terminal, a service operation server cluster allowing access and a communication key generated by the one of the directory servers; decrypting the return information; initiating a polling type second heartbeat synchronization request encrypted by a communication key to the service operation server cluster, wherein the second heartbeat synchronization request comprises a terminal unique code; and if a second heartbeat synchronous signal returned after the terminal unique code in the second heartbeat synchronous request is verified to be matched with the terminal unique code included in one of the service operation servers, the second heartbeat synchronous signal is established with one of the service operation servers.
And the processor also executes the second heartbeat synchronization request which is initiated to the service operation server cluster in a polling mode and encrypted by a communication key if the communication connection with the service operation server is interrupted.
And the processor also executes the first heartbeat synchronous request which initiates polling to the directory server cluster if the validity period of the communication key is invalid.
In a specific implementation, the processor 101, the input device 102, and the output device 103 described in the embodiment of the present invention may execute the implementation manner described in the embodiment of the method for communicating an internet of things provided in the embodiment of the present invention, and details are not described herein again.
As shown in fig. 5, the system 200 according to an embodiment of the present invention includes a plurality of terminals 201, a directory server cluster 202, and a service operation server cluster 203 as described in the foregoing embodiments, where each terminal 201 is in communication connection with the directory server cluster 202 and the service operation server cluster 203, and each directory server is in communication connection with the service operation server cluster.
It can be clearly understood by those skilled in the art that, for convenience and brevity of description, the specific working processes of the system and the terminal described above may refer to corresponding processes in the foregoing method embodiments, and are not described herein again.
While the invention has been described with reference to specific embodiments, the invention is not limited thereto, and various equivalent modifications and substitutions can be easily made by those skilled in the art within the technical scope of the invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.
Claims (8)
1. An internet of things communication method is characterized by comprising the following steps:
setting a directory server cluster, wherein the directory server cluster comprises N directory servers, and N is an integer greater than or equal to 1;
establishing communication connection with one of the directory servers in the directory server cluster according to a first preset rule to acquire a service operation server cluster corresponding to the terminal, wherein the service operation server cluster comprises M service operation servers, and M is an integer greater than or equal to 1;
establishing communication connection with one of the business operation servers in the business operation server cluster according to a second preset rule, wherein each business operation server comprises a terminal unique code sent by one of the directory servers, a communication key generated by one of the directory servers and a validity period of the communication key, and establishing communication connection with one of the business operation servers in the business operation server cluster according to the second preset rule further comprises:
receiving encrypted return information sent by one of the directory servers, wherein the return information comprises a terminal unique code of the terminal, a service operation server cluster allowing access and a communication key generated by the one of the directory servers;
decrypting the return information;
initiating a polling type second heartbeat synchronization request encrypted by a communication key to the service operation server cluster, wherein the second heartbeat synchronization request comprises a terminal unique code;
and if a second heartbeat synchronous signal returned after the terminal unique code in the second heartbeat synchronous request is verified to be matched with the terminal unique code included in one of the service operation servers, the second heartbeat synchronous signal is established with one of the service operation servers.
2. The method according to claim 1, wherein each directory server is configured to access a database, the database includes a one-to-one mapping relationship between feature values of a plurality of preset terminals and corresponding unique codes of the terminals, and further includes a service operation server cluster that each preset terminal allows to access, and the establishing a communication connection with one directory server in the directory server cluster according to a first preset rule to obtain the service operation server cluster corresponding to the terminal includes:
initiating a polling first heartbeat synchronization request to a directory server cluster;
if a first heartbeat synchronous signal returned by one of the directory servers is received within a first limit time, establishing communication connection with the one of the directory servers;
and sending an encrypted verification request comprising the characteristic value of the terminal to one of the directory servers so that the one of the directory servers decrypts the verification request, and determining the terminal unique code of the terminal and the service operation server cluster allowed to be accessed according to the decrypted characteristic value of the terminal and the database.
3. The method of claim 1, further comprising:
and if the communication connection with the service operation server is interrupted, returning to the step of initiating a polling type second heartbeat synchronization request encrypted by a communication key to the service operation server cluster.
4. The method of claim 3, further comprising:
and if the validity period of the communication key is invalid, returning to the first polling heartbeat synchronization request initiated to the directory server cluster.
5. The method of claim 1, wherein the authentication request further includes a private key randomly generated by the terminal, and the returned information is encrypted and decrypted by the private key according to AES128/256 bits.
6. A terminal comprising a processor, an input device, an output device, and a memory, the processor, the input device, the output device, and the memory being interconnected, wherein the memory is configured to store a computer program comprising program instructions, the processor being configured to execute the program instructions to perform the steps of:
setting a directory server cluster, wherein the directory server cluster comprises N directory servers, and N is an integer greater than or equal to 1;
establishing communication connection with one of the directory servers in the directory server cluster according to a first preset rule to acquire a service operation server cluster corresponding to the terminal, wherein the service operation server cluster comprises M service operation servers, and M is an integer greater than or equal to 1;
establishing communication connection with one of the business operation servers in the business operation server cluster according to a second preset rule, wherein each business operation server comprises a terminal unique code sent by one of the directory servers, a communication key generated by one of the directory servers and the validity period of the communication key, and executes the establishment of communication connection with one of the business operation servers in the business operation server cluster according to the second preset rule, and the method further comprises the following steps:
receiving encrypted return information sent by one of the directory servers, wherein the return information comprises a terminal unique code of the terminal, a service operation server cluster allowing access and a communication key generated by the one of the directory servers;
decrypting the return information;
initiating a polling type second heartbeat synchronization request encrypted by a communication key to the service operation server cluster, wherein the second heartbeat synchronization request comprises a terminal unique code;
and if a second heartbeat synchronous signal returned after the terminal unique code in the second heartbeat synchronous request is verified to be matched with the terminal unique code included in one of the service operation servers, the second heartbeat synchronous signal is established with one of the service operation servers.
7. The terminal of claim 6, wherein each directory server is configured to access a database, the database includes a one-to-one mapping relationship between feature values of a plurality of preset terminals and corresponding unique codes of the terminals, and further includes a service operation server cluster that each preset terminal allows to access, and the establishing of the communication connection with one directory server in the directory server cluster according to the first preset rule is performed to obtain the service operation server cluster corresponding to the terminal, including:
initiating a polling first heartbeat synchronization request to a directory server cluster;
if a first heartbeat synchronous signal returned by one of the directory servers is received within a first limit time, establishing communication connection with the one of the directory servers;
and sending an encrypted verification request comprising the characteristic value of the terminal to one of the directory servers so that the one of the directory servers decrypts the verification request, and determining the terminal unique code of the terminal and the service operation server cluster allowed to be accessed according to the decrypted characteristic value of the terminal and the database.
8. An internet-of-things communication system, comprising a plurality of terminals according to any one of claims 6 to 7, a directory server cluster and a business operation server cluster, wherein each terminal is in communication connection with the directory server cluster and the business operation server cluster respectively, and each directory server is in communication connection with the business operation server cluster.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711015353.9A CN107948243B (en) | 2017-10-25 | 2017-10-25 | Internet of things communication method, terminal and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711015353.9A CN107948243B (en) | 2017-10-25 | 2017-10-25 | Internet of things communication method, terminal and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN107948243A CN107948243A (en) | 2018-04-20 |
| CN107948243B true CN107948243B (en) | 2020-10-16 |
Family
ID=61935658
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201711015353.9A Active CN107948243B (en) | 2017-10-25 | 2017-10-25 | Internet of things communication method, terminal and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107948243B (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103685398A (en) * | 2012-09-17 | 2014-03-26 | 腾讯科技(深圳)有限公司 | Communication connection establishment method and communication system |
| CN104363275A (en) * | 2011-12-29 | 2015-02-18 | 北京奇虎科技有限公司 | Method, device and system for processing data by using agencies |
| CN105471964A (en) * | 2015-11-16 | 2016-04-06 | 中国建设银行股份有限公司 | Data pushing method, server, client and data pushing system |
| CN106465096A (en) * | 2015-08-28 | 2017-02-22 | 华为技术有限公司 | Method and terminal for accessing network and acquiring client identification module information and core network |
-
2017
- 2017-10-25 CN CN201711015353.9A patent/CN107948243B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104363275A (en) * | 2011-12-29 | 2015-02-18 | 北京奇虎科技有限公司 | Method, device and system for processing data by using agencies |
| CN103685398A (en) * | 2012-09-17 | 2014-03-26 | 腾讯科技(深圳)有限公司 | Communication connection establishment method and communication system |
| CN106465096A (en) * | 2015-08-28 | 2017-02-22 | 华为技术有限公司 | Method and terminal for accessing network and acquiring client identification module information and core network |
| CN105471964A (en) * | 2015-11-16 | 2016-04-06 | 中国建设银行股份有限公司 | Data pushing method, server, client and data pushing system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN107948243A (en) | 2018-04-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101258505B (en) | Secure software updates | |
| EP3300331B1 (en) | Response method, apparatus and system in virtual network computing authentication, and proxy server | |
| KR20210038851A (en) | In-vehicle electronic control unit upgrading method, device and equipment and vehicle system | |
| CN111355684B (en) | Internet of things data transmission method, device and system, electronic equipment and medium | |
| US9455827B2 (en) | Communication apparatus, computer program product, and communication system | |
| CN111061685A (en) | Log query method and device, node equipment and storage medium | |
| US20160364562A1 (en) | Systems and methods for system self-configuration | |
| CN104580235A (en) | Authentication method and authentication system for equipment connection | |
| CN112514328A (en) | Communication system, provider node, communication node and method for providing virtual network functionality to a customer node | |
| CN113051539B (en) | Method and device for calling digital certificate | |
| US11902789B2 (en) | Cloud controlled secure Bluetooth pairing for network device management | |
| US12045600B2 (en) | Method for upgrading IoT terminal device and electronic device thereof | |
| CN110489322B (en) | MOCK testing method, device, computer equipment and storage medium | |
| CN113141582B (en) | Log export method and device, computer equipment and storage medium | |
| CN114095277A (en) | Power distribution network secure communication method, secure access device and readable storage medium | |
| CN114125812A (en) | Data synchronization method, device, server and storage medium | |
| CN113556333A (en) | Computer network data secure transmission method and device | |
| CN107948243B (en) | Internet of things communication method, terminal and system | |
| CN110602693A (en) | Networking method and equipment of wireless network | |
| US20140033318A1 (en) | Apparatus and method for managing usim data using mobile trusted module | |
| CN104753755A (en) | System access method, system access device, application client, and IM background system | |
| CN114116448A (en) | Pressure testing method and device of application program, storage medium and computer equipment | |
| CN110022310B (en) | Authorization method and device based on cloud computing open network operating system | |
| CN108769989B (en) | Wireless network connection method, wireless access device and equipment | |
| CN113132320A (en) | Encryption transmission method and device and electronic equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20240425 Address after: 510000, No. 106 Fengze East Road, Nansha District, Guangzhou City, Guangdong Province (self made Building 1) X1301-D686 Patentee after: Liu Nianqiang Country or region after: China Patentee after: Yang Xuhong Address before: 510000, No. 106 Fengze East Road, Nansha District, Guangzhou City, Guangdong Province (self made Building 1) X1301-D686 Patentee before: GUANGZHOU XUNLING TECHNOLOGY CO.,LTD. Country or region before: China |
|
| TR01 | Transfer of patent right |