CN110545226B - Device communication method and communication system - Google Patents
Device communication method and communication system Download PDFInfo
- Publication number
- CN110545226B CN110545226B CN201810524521.5A CN201810524521A CN110545226B CN 110545226 B CN110545226 B CN 110545226B CN 201810524521 A CN201810524521 A CN 201810524521A CN 110545226 B CN110545226 B CN 110545226B
- Authority
- CN
- China
- Prior art keywords
- server
- client
- query message
- response message
- message
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/40—Bus networks
- H04L12/40006—Architecture of a communication node
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/40—Bus networks
- H04L2012/40208—Bus networks characterized by the use of a particular bus standard
- H04L2012/40228—Modbus
Abstract
The invention discloses a device communication method and a communication system, and relates to the technical field of communication. The method comprises the following steps: the main device sends a query message to the client, the client sends the received query message to the server, the server sends the received query message to the slave device, the slave device generates a response message according to the received query message and sends the response message to the server, the server sends the received response message to the client, the client sends the received response message to the main device, and the main device receives the response message sent by the client. The master device and the client access the same local area network, so that the security of message transmission between the master device and the client is higher, and the slave device and the server access the same local area network, so that the security of message transmission between the slave device and the server is higher. And because the client and the server transmit messages by adopting the http protocol with higher security, the communication security between the master device and the slave device can be effectively ensured.
Description
Technical Field
The present invention relates to the field of communications technologies, and in particular, to a device communication method and a communication system.
Background
The Modbus protocol is a bus protocol used in an industrial field, and the two devices can communicate with each other by adopting the Modbus protocol, specifically, the master device can send a query message to the slave device according to the Modbus protocol, and the slave device generates a response message when receiving the query message, and sends the response message to the master device according to the Modbus protocol, thereby realizing communication between the master device and the slave device.
However, the Modbus protocol is designed only in terms of function implementation, efficiency improvement, and the like, but does not consider the safety problem, so that the safety is low when the Modbus protocol is used for communication between devices. Therefore, a device communication method is needed to improve the security of device communication.
Disclosure of Invention
The embodiment of the invention provides a device communication method and a communication system, which can solve the problem of low safety of device communication in the related technology. The technical scheme is as follows:
according to a first aspect of embodiments of the present invention, there is provided a device communication method, the method including:
the method comprises the steps that a master device sends a query message to a client, a Modbus protocol is adopted between the master device and the client to transmit the message, and the master device and the client access the same local area network;
when the client receives the query message sent by the main device, the client sends the query message to a server, and the client and the server transmit the message by adopting an http (Hyper Text Transfer Protocol over Secure Socket Layer) Protocol;
when the server receives the query message sent by the client, the server sends the query message to slave equipment, a Modbus protocol is adopted between the server and the slave equipment to transmit the message, and the server and the slave equipment are accessed to the same local area network;
when the slave equipment receives the query message sent by the server, response messages are generated according to the query message, the response messages are sent to the server, and the slave equipment and the master equipment are communicated by adopting a Modbus protocol;
when the server receives the response message sent by the slave equipment, sending the response message to the client;
when the client receives the response message sent by the server, sending the response message to the main equipment;
and the main equipment receives the response message sent by the client.
Optionally, before the master device sends the query message to the client, the method further includes:
the main equipment sends a connection establishment indication message to the client;
when the client receives the connection establishment indication message sent by the main equipment, the client establishes an http connection with the server;
correspondingly, when the client receives the query message sent by the master device, sending the query message to a server, including:
and when the client receives the query message sent by the main equipment, sending the query message to the server through the http connection.
Optionally, when the client receives the query message sent by the master device, sending the query message to a server, including:
when the client receives the query message sent by the main equipment, the client establishes http connection with the server;
and the client sends the query message to the server through the http connection.
Optionally, the establishing, by the client, an http connection with the server according to the connection establishment indication message includes:
the client sends an http connection establishment request to the server;
when the server side receives the http connection establishment request sent by the client side, sending a digital certificate carrying a public key of the server side to the client side;
when the client receives the digital certificate sent by the server, verifying whether the digital certificate and the public key of the server are valid, if so, generating a shared key, encrypting the shared key by using the public key of the server, and sending the encrypted shared key to the server;
and when the server receives the encrypted shared secret key sent by the client, decrypting the encrypted shared secret key by using the private secret key of the server to obtain the shared secret key.
Optionally, when the client receives the query message sent by the master device, sending the query message to a server, including:
when the client receives the query message sent by the main equipment, encrypting the query message by using the shared key, and sending the encrypted query message to the server;
correspondingly, when the server receives the query message sent by the client, sending the query message to a slave device, including:
when the server receives the encrypted query message sent by the client, decrypting the encrypted query message by using the shared key to obtain the query message, and sending the query message to the slave device;
correspondingly, when the server receives the response message sent by the slave device, sending the response message to the client includes:
when the server receives the response message sent by the slave device, the server encrypts the response message by using the shared secret key and sends the encrypted response message to the client;
correspondingly, when the client receives the response message sent by the server, sending the response message to the master device includes:
and when the client receives the encrypted response message sent by the server, decrypting the encrypted response message by using the shared secret key to obtain the response message, and sending the response message to the main equipment.
Optionally, the method further comprises:
the master device sets a device address for Modbus communication with the master device as an address of the client;
the client sets the address of the device which carries out http communication with the client as the address of the server;
and the server sets the address of the equipment which carries out Modbus communication with the server as the address of the slave equipment.
According to a second aspect of embodiments of the present invention, there is provided a communication system, the system comprising:
the main equipment is used for sending a query message to a client, the main equipment and the client transmit the message by adopting a Modbus protocol, and the main equipment and the client access the same local area network;
the client is used for sending the query message to a server when receiving the query message sent by the main equipment, and the client and the server transmit messages by adopting an http protocol;
the server is used for sending the query message to the slave equipment when receiving the query message sent by the client, the server and the slave equipment transmit messages by adopting a Modbus protocol, and the server and the slave equipment are accessed to the same local area network;
the slave device is further configured to generate a response message according to the query message when receiving the query message sent by the server, and send the response message to the server, where the slave device and the master device communicate with each other by using a Modbus protocol;
the server is further configured to send the response message to the client when receiving the response message sent by the slave device;
the client is further used for sending the response message to the main equipment when receiving the response message sent by the server;
the main device is further configured to receive the response message sent by the client.
Optionally, the master device is further configured to send a connection establishment indication message to the client;
the client is further configured to establish an http connection with the server when receiving the connection establishment indication message sent by the master device;
accordingly, the client is specifically configured to send the query message to the server through the http connection when receiving the query message sent by the master device.
Optionally, the client is specifically configured to establish an http connection with the server when receiving the query message sent by the master device;
and the client sends the query message to the server through the http connection.
Optionally, the client is specifically configured to send an http connection establishment request to the server;
when the server side receives the http connection establishment request sent by the client side, sending a digital certificate carrying a public key of the server side to the client side;
when the client receives the digital certificate sent by the server, verifying whether the digital certificate and the public key of the server are valid, if so, generating a shared key, encrypting the shared key by using the public key of the server, and sending the encrypted shared key to the server;
and when the server receives the encrypted shared secret key sent by the client, decrypting the encrypted shared secret key by using the private secret key of the server to obtain the shared secret key.
Optionally, the client is specifically configured to encrypt the query message using the shared key when receiving the query message sent by the master device, and send the encrypted query message to the server;
correspondingly, the server is specifically configured to, when receiving the encrypted query message sent by the client, decrypt the encrypted query message using the shared key to obtain the query message, and send the query message to the slave device;
correspondingly, the server is specifically configured to encrypt the response message using the shared key when receiving the response message sent by the slave device, and send the encrypted response message to the client;
correspondingly, the client is specifically configured to, when receiving the encrypted response message sent by the server, decrypt the encrypted response message using the shared key to obtain the response message, and send the response message to the master device.
Optionally, the master device is further configured to set a device address for Modbus communication with the master device to the address of the client;
the client is also used for setting the address of the device which carries out http communication with the client as the address of the server;
the server is further used for setting the address of the device which performs Modbus communication with the server as the address of the slave device.
The technical scheme provided by the embodiment of the invention at least comprises the following beneficial effects:
in the embodiment of the invention, the master equipment sends a query message to the client, a Modbus protocol is adopted between the master equipment and the client to transmit the message, and the master equipment and the client access the same local area network; when the client receives the query message sent by the main equipment, the query message is sent to the server, and the message is transmitted between the client and the server by adopting an http protocol; when the server side receives the query message sent by the client side, the query message is sent to the slave equipment, the message is transmitted between the server side and the slave equipment by adopting a Modbus protocol, and the server side and the slave equipment are accessed to the same local area network; when the slave equipment receives a query message sent by the server, a response message is generated according to the query message and sent to the server, and the slave equipment and the master equipment communicate by adopting a Modbus protocol; when the server receives the response message sent by the slave equipment, the server sends the response message to the client; when the client receives a response message sent by the server, sending the response message to the main equipment; and the main equipment receives the response message sent by the client. The master device and the client access the same local area network, so that the security of message transmission between the master device and the client is higher, and the slave device and the server access the same local area network, so that the security of message transmission between the slave device and the server is higher. And because the client and the server transmit messages by adopting the http protocol with higher security, the communication security between the master device and the slave device can be effectively ensured.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the disclosure.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 is a flowchart of a device communication method according to an embodiment of the present invention;
fig. 2 is a flowchart of another method for communicating with a device according to an embodiment of the present invention;
fig. 3 is a flowchart of establishing http connections according to an embodiment of the present invention;
fig. 4 is a schematic structural diagram of a communication system according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, embodiments of the present invention will be described in detail with reference to the accompanying drawings.
Fig. 1 is a flowchart of a device communication method according to an embodiment of the present invention. Referring to fig. 1, the method comprises the steps of:
step 101: the master device sends a query message to the client, the message is transmitted between the master device and the client by adopting a Modbus protocol, and the master device and the client access the same local area network.
Step 102: when the client receives the query message sent by the main device, the query message is sent to the server, and the http protocol is adopted between the client and the server to transmit the message.
Step 103: when the server receives the query message sent by the client, the query message is sent to the slave equipment, the message is transmitted between the server and the slave equipment by adopting a Modbus protocol, and the server and the slave equipment are accessed to the same local area network.
Step 104: when the slave equipment receives the query message sent by the server, a response message is generated according to the query message and sent to the server, and the slave equipment and the master equipment communicate by adopting a Modbus protocol.
Step 105: and when the server receives the response message sent by the slave equipment, sending the response message to the client.
Step 106: and when the client receives the response message sent by the server, sending the response message to the main equipment.
Step 107: and the main equipment receives the response message sent by the client.
In the embodiment of the invention, the master equipment sends a query message to the client, a Modbus protocol is adopted between the master equipment and the client to transmit the message, and the master equipment and the client access the same local area network; when the client receives the query message sent by the main equipment, the query message is sent to the server, and the message is transmitted between the client and the server by adopting an http protocol; when the server side receives the query message sent by the client side, the query message is sent to the slave equipment, the message is transmitted between the server side and the slave equipment by adopting a Modbus protocol, and the server side and the slave equipment are accessed to the same local area network; when the slave equipment receives a query message sent by the server, a response message is generated according to the query message and sent to the server, and the slave equipment and the master equipment communicate by adopting a Modbus protocol; when the server receives the response message sent by the slave equipment, the server sends the response message to the client; when the client receives a response message sent by the server, sending the response message to the main equipment; and the main equipment receives the response message sent by the client. The master device and the client access the same local area network, so that the security of message transmission between the master device and the client is higher, and the slave device and the server access the same local area network, so that the security of message transmission between the slave device and the server is higher. And because the client and the server transmit messages by adopting the http protocol with higher security, the communication security between the master device and the slave device can be effectively ensured.
Optionally, before the master device sends the query message to the client, the method further includes:
the main equipment sends a connection establishment indication message to the client;
when the client receives a connection establishment indication message sent by the main equipment, the client establishes an http connection with the server;
correspondingly, when the client receives the query message sent by the main device, the sending of the query message to the server includes:
and when the client receives the query message sent by the main equipment, the query message is sent to the server through the http connection.
Optionally, when the client receives the query message sent by the host device, sending the query message to the server, including:
when the client receives the query message sent by the main equipment, the http connection with the server is established;
the client sends the query message to the server through the http connection.
Optionally, the client establishes an http connection with the server, including:
the client sends an http connection establishment request to the server;
when the server side receives an http connection establishment request sent by the client side, sending a digital certificate carrying a public key of the server side to the client side;
when the client receives the digital certificate sent by the server, verifying whether the digital certificate and the public key of the server are valid, if so, generating a shared key, encrypting the shared key by using the public key of the server, and sending the encrypted shared key to the server;
and when the server receives the encrypted shared key sent by the client, decrypting the encrypted shared key by using the private key of the server to obtain the shared key.
Optionally, when the client receives the query message sent by the host device, sending the query message to the server, including:
when the client receives the query message sent by the main equipment, the shared key is used for encrypting the query message, and the encrypted query message is sent to the server;
accordingly, when the server receives the query message sent by the client, the server sends the query message to the slave device, and the method comprises the following steps:
when the server receives the encrypted query message sent by the client, the encrypted query message is decrypted by using the shared key to obtain the query message, and the query message is sent to the slave equipment;
correspondingly, when the server receives the response message sent by the slave device, the server sends the response message to the client, and the method comprises the following steps:
when the server receives the response message sent by the slave equipment, the server encrypts the response message by using the shared secret key and sends the encrypted response message to the client;
correspondingly, when the client receives the response message sent by the server, the client sends the response message to the main device, and the method comprises the following steps:
and when the client receives the encrypted response message sent by the server, decrypting the encrypted response message by using the shared secret key to obtain the response message, and sending the response message to the main equipment.
Optionally, the method further comprises:
the method comprises the steps that the master device sets a device address for Modbus communication with the master device as an address of a client;
the client sets the address of the device which performs http communication with the client as the address of the server;
and the server sets the address of the device which carries out Modbus communication with the server as the address of the slave device.
All the above optional technical solutions can be combined arbitrarily to form an optional embodiment of the present invention, which is not described in detail herein.
For convenience of understanding, the device communication method provided by the embodiment of fig. 1 is described below with reference to fig. 2, in which a master device implements Modbus communication with slave devices through a client and a server.
Fig. 2 is a flowchart of a device communication method according to an embodiment of the present invention. Referring to fig. 2, the method comprises the steps of:
step 201: the master device sets the address of the device which carries out Modbus communication with the master device as the address of the client, the client sets the address of the device which carries out Https communication with the client as the address of the server, and the server sets the address of the device which carries out Modbus communication with the server as the address of the slave device.
It should be noted that the master device may transmit a message to the client corresponding to the address of the client using a Modbus protocol, the client may transmit a message to the server corresponding to the address of the server using an http protocol, and the server may transmit a message to the slave device corresponding to the address of the slave device using a Modbus protocol, that is, the master device and the client may transmit a message using a Modbus protocol, the client and the server may transmit a message using an http protocol, and the server and the slave device may transmit a message using a Modbus protocol.
In addition, the main device and the client can be accessed to the same local area network, and the slave device and the server can be accessed to the same local area network.
After the device addresses for communicating with the master device, the client and the server are set in step 201, http connection between the client and the server may be established, so that Modbus communication between the master device and the slave device may be implemented through http connection between the client and the server in the following. Specifically, the operation of establishing the http connection between the client and the server can be implemented by the following step 202.
Step 202: the main equipment sends a connection establishment indication message to the client, and when the client receives the connection establishment indication message, the client establishes an http connection with the server; or the main device sends a query message to the client, and when the client receives the query message, the http connection with the server is established.
It should be noted that the master devices communicate using a Modbus protocol, that is, the master devices may send messages to the devices communicating with the master devices using the Modbus protocol, and the master devices may be provided with a Modbus communication physical interface, which may be an ethernet port, where the Modbus protocol is a Modbus tcp protocol. The master device may be any one of a host, a controller, and a programmable meter, and the embodiment of the present invention is not limited thereto.
In addition, the connection establishment indication message is used for indicating the client to establish the http connection with the server.
Further, the query message is used to inform the device communicating with the master device what function to perform. The query message may be a polling instruction, or may also be any one or a combination of several of messages such as a control instruction, which is not limited in the embodiment of the present invention.
When the master device sends the connection establishment indication message or the query message to the client, the master device may send the connection establishment indication message or the query message to the client corresponding to the set address of the client.
Fig. 3 is a flowchart of establishing an http connection according to an embodiment of the present invention, and referring to fig. 3, an implementation process of establishing an http connection between a client and a server may be: the client sends an http connection establishment request to the server; when the server side receives an http connection establishment request sent by the client side, sending a digital certificate carrying a public key of the server side to the client side; when the client receives the digital certificate sent by the server, verifying whether the digital certificate and the public key of the server are valid, if so, generating a shared key, encrypting the shared key by using the public key of the server, and sending the encrypted shared key to the server; and when the server receives the encrypted shared key sent by the client, decrypting the encrypted shared key by using the private key of the server to obtain the shared key, thereby realizing the establishment of the http connection between the client and the server.
It should be noted that the shared secret key is a secret key authenticated by the client and the server in the process of establishing the http connection, and after the http connection is established between the client and the server, the shared secret key can be used to encrypt and transmit messages between the client and the server, thereby implementing secure communication between the client and the server.
When the client sends the http connection establishment request to the server, the client may send the http connection establishment request to the server corresponding to the set address of the server.
After the http connection between the client and the server is established in step 202, Modbus communication between the master device and the slave device can be implemented through the http connection. Specifically, the operation of implementing Modbus communication between the master device and the slave device through the http connection can be implemented through the following steps 203 to 209.
Step 203: the master device sends a query message to the client.
It should be noted that, the Modbus protocol is a general language applied to the electronic controller, and the master device and the client do not need to encrypt and decrypt when using the Modbus protocol to transmit messages, so as to improve the message transmission speed between the master device and the client. In addition, the master device adopts the Modbus protocol to carry out message transmission with the client, so that the Modbus protocol can be compatible with the existing master device.
In addition, when the master device sends a connection establishment indication message to the client to indicate that the client establishes an http connection with the server in step 202, the master device may further continue to perform step 203 after performing step 202, that is, the master device may further continue to send a query message to the client, and then perform step 204. When the master device sends the query message to the client in step 202 so that the client establishes an http connection with the server, the master device may directly perform step 204 without performing step 203 after performing the operation of step 202.
Step 204: and when the client receives the query message sent by the main equipment, sending the query message to the server.
It should be noted that, for an Http channel for security purposes, generation and exchange of a negotiation key need to be performed by an asymmetric encryption algorithm (such as an RSA algorithm) once, and then symmetric encrypted communication is performed by using the negotiation key during communication. Therefore, when the http protocol is used for transmitting messages between the client and the server, the security of message transmission between the client and the server is high.
It should be noted that, when the master device sends a connection establishment indication message to the client to indicate that the client establishes an http connection with the server in step 202, the client may directly send the query message to the server through the established http connection when receiving the query message sent by the master device in step 204. When the main device sends the query message to the client in step 202 so that the client establishes http connection with the server, and when the client receives the query message sent by the main device in step 204, the http connection with the server may be established first, and then the query message is sent to the server through the established http connection.
When the client sends the query message to the server, the client may encrypt the query message by using the shared key first and then send the encrypted query message to the server. And when the client sends the encrypted query message to the server, the client may send the encrypted query message to the server corresponding to the set address of the server.
It should be noted that, when the client receives the query message sent by the host device, the shared key may be used to encrypt the query message, and then the encrypted query message is sent to the server, so that even if a third-party device hijacks the encrypted query message, the third-party device cannot tamper the query message because the third-party device does not have the shared key, thereby improving the security of query message transmission.
Step 205: and when the server receives the query message sent by the client, sending the query message to the slave equipment.
It should be noted that, the slave devices communicate with the master device by using a Modbus protocol, the slave devices are configured to receive the query message sent by the master device and respond to the received query message, and the slave devices may be provided with a Modbus communication physical interface, which may be an ethernet port, where the Modbus protocol is a Modbus TCP protocol. The slave device may be a programmable controller, or may be other devices that can receive messages and perform operations, which is not limited in this embodiment of the present invention.
It is worth to be noted that, when the Modbus protocol is adopted to transmit the message between the server and the slave device, the encryption and decryption process is not needed, so that the message transmission speed between the server and the slave device can be increased, and the security of the message transmission between the server and the slave device can be ensured because the server and the slave device are accessed to the same local area network. In addition, the slave device adopts the Modbus protocol to carry out message transmission with the server side, so that the current slave device can be compatible.
Specifically, when the server receives the encrypted query message sent by the client, the server may decrypt the encrypted query message using the shared key to obtain the query message, and then send the query message to the slave device. When sending the query message to the slave device, the server may send the query message to the slave device corresponding to the set address of the slave device.
Step 206: when the slave equipment receives the query message sent by the server, the slave equipment generates a response message according to the query message and sends the response message to the server.
It should be noted that the response message is a response to the query message, and when the query message is a polling instruction, the response message may be a yes or no response message; when the query message is a control instruction, the response message may be a response statement that an operation is completed and the like, which is sent by the slave device after executing a certain operation according to the control instruction, and the response message is different according to a difference of the query message, which is not limited in the embodiment of the present invention.
In practical application, when receiving a query message sent by a server from a device, the slave device may record an address of the server, and send a response message to the server corresponding to the recorded address of the server.
Step 207: and when the server receives the response message sent by the slave equipment, sending the response message to the client.
Specifically, when the server receives the response message sent from the device, the server may encrypt the response message using the shared key first, and then send the encrypted response message to the client.
It should be noted that, when the server receives the response message sent from the device, the server may encrypt the response message by using the shared key, and then send the encrypted response message to the client, so that even if a third-party device hijacks the encrypted response message, the third-party device cannot tamper the response message because the third-party device does not have the shared key, thereby improving the security of the transmission of the response message.
In practical application, when the server receives the query message sent by the client, the server can record the address of the client and send the response message to the server corresponding to the recorded address of the client.
Step 208: and when the client receives the response message sent by the server, sending the response message to the main equipment.
Specifically, when the client receives the encrypted response message sent by the server, the client decrypts the encrypted response message by using the shared key to obtain the response message, and then sends the response message to the main device.
In practical application, when the client receives the query message sent by the main device, the address of the main device may be recorded, and the response message is sent to the main device corresponding to the recorded address of the main device.
Step 209: and the main equipment receives the response message sent by the client.
In the Modbus communication process of the master device and the slave device, the master device sends a query message to the slave device through the client and the server, the slave device returns a response message of the query message through the server and the client, and the client and the server transmit the message by adopting an http protocol with higher security, so that the transmission security of the query message and the response message can be ensured, and the communication security between the master device and the slave device is ensured.
In the embodiment of the invention, the master device sets the address of the device which carries out Modbus communication with the master device as the address of a client, the client sets the address of the device which carries out Https communication with the client as the address of a server, and the server sets the address of the device which carries out Modbus communication with the server as the address of a slave device; the main equipment sends a connection establishment indication message to the client, and when the client receives the connection establishment indication message, the client establishes an http connection with the server; or the main equipment sends a query message to the client, and when the client receives the query message, the client establishes http connection with the server; the main equipment sends a query message to the client; when the client receives a query message sent by the main equipment, the query message is sent to the server; when the server receives the query message sent by the client, the server sends the query message to the slave equipment; when receiving a query message sent by a server, the slave device generates a response message according to the query message and sends the response message to the server; when the server receives the response message sent by the slave equipment, the server sends the response message to the client; when the client receives a response message sent by the server, sending the response message to the main equipment; and the main equipment receives the response message sent by the client. The master device and the client access the same local area network, so that the security of message transmission between the master device and the client is higher, and the slave device and the server access the same local area network, so that the security of message transmission between the slave device and the server is higher. And because the client and the server transmit messages by adopting the http protocol with higher security, the communication security between the master device and the slave device can be effectively ensured.
Fig. 4 is a schematic structural diagram of a communication system according to an embodiment of the present invention. Referring to fig. 4, the communication system includes: a master device 401, a client 403, a server 404, and a slave device 402.
A master device 401 for sending a query message to a client 403.
The master device 401 and the client 403 transmit messages by using a Modbus protocol, and the master device 401 and the client 403 access to the same local area network.
The client 403 is configured to send the query message to the server 404 when the client 403 receives the query message sent by the host device 401.
Wherein, the http protocol is used between the client 403 and the server 404 to transmit messages;
and the server 404 is configured to send the query message to the slave device 402 when the server 404 receives the query message sent by the client 403.
The service end 404 and the slave device 402 adopt a Modbus protocol to transmit messages, and the service end 404 and the slave device 402 access the same local area network;
the slave device 402 is further configured to generate a response message according to the query message when the slave device 402 receives the query message sent by the server 404, send the response message to the server 404, and perform communication between the slave device 402 and the master device 401 by using a Modbus protocol;
the server 404 is further configured to send a response message to the client 403 when the server 404 receives the response message sent from the device 402;
the client 403 is further configured to send a response message to the master device 401 when the client 403 receives the response message sent by the server 404;
the master device 401 is further configured to receive a response message sent by the client 403.
Optionally, the master device 401 is further configured to send a connection establishment indication message to the client 403;
the client 403 is further configured to establish an http connection with the server 404 when receiving the connection establishment indication message sent by the host device 401;
accordingly, the client 403 is specifically configured to, when receiving the query message sent by the host device 401, send the query message to the server 404 through the http connection.
Optionally, the client 403 is specifically configured to establish an http connection with the server 404 when receiving the query message sent by the host device 401; after the http connection between the client 403 and the server 404 is successfully established, the query message is sent to the server 404 through the http connection.
Optionally, the client 403 is specifically configured to send an http connection establishment request to the server 404; when the server 404 receives an http connection establishment request sent by the client 403, sending a digital certificate carrying a public key of the server 404 to the client 403; when the client 403 receives the digital certificate sent by the server 404, verifying whether the digital certificate and the public key of the server 404 are valid, if so, generating a shared key, encrypting the shared key by using the public key of the server 404, and sending the encrypted shared key to the server 404; when the server 404 receives the encrypted shared key sent by the client, the encrypted shared key is decrypted by using the private key of the server 404, so as to obtain the shared key.
Optionally, the client 403 is specifically configured to, when the client 403 receives the query message sent by the host device 401, encrypt the query message by using the shared key, and send the encrypted query message to the server 404;
correspondingly, the server 404 is specifically configured to, when the server 404 receives the encrypted query message sent by the client 403, decrypt the encrypted query message using the shared key to obtain a query message, and send the query message to the slave device 402;
correspondingly, the server 404 is specifically configured to encrypt the response message by using the shared key when the server 404 receives the response message sent from the device 402, and send the encrypted response message to the client 403;
accordingly, the client 403 is specifically configured to, when the client 403 receives the encrypted response message sent by the server 404, decrypt the encrypted response message using the shared key to obtain a response message, and send the response message to the master device 401.
Optionally, the master device 401 is further configured to set a device address for Modbus communication with the master device 401 as an address of the client 403;
the client 403 is further configured to set an address of a device performing http communication with the client 403 as an address of the server 404;
the server 404 is further configured to set a device address for Modbus communication with the server 404 as an address of the slave device 402.
In the embodiment of the invention, the main equipment sends a query message to the client; when the client receives a query message sent by the main equipment, the query message is sent to the server; when the server receives the query message sent by the client, the server sends the query message to the slave equipment; when receiving a query message sent by a server, the slave device generates a response message according to the query message and sends the response message to the server; when the server receives the response message sent by the slave equipment, the server sends the response message to the client; when the client receives a response message sent by the server, sending the response message to the main equipment; and the main equipment receives the response message sent by the client. The master device and the client access the same local area network, so that the security of message transmission between the master device and the client is higher, and the slave device and the server access the same local area network, so that the security of message transmission between the slave device and the server is higher. And because the client and the server transmit messages by adopting the http protocol with higher security, the communication security between the master device and the slave device can be effectively ensured.
With regard to the system in the above-described embodiment, the specific manner in which each device performs operations has been described in detail in relation to the method embodiment, and will not be elaborated upon here.
Other embodiments of the invention will be apparent to those skilled in the art from consideration of the specification and practice of the invention disclosed herein. This application is intended to cover any variations, uses, or adaptations of the invention following, in general, the principles of the invention and including such departures from the present disclosure as come within known or customary practice within the art to which the invention pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the invention being indicated by the following claims.
It will be understood that the invention is not limited to the precise arrangements described above and shown in the drawings and that various modifications and changes may be made without departing from the scope thereof. The scope of the invention is limited only by the appended claims.
Claims (12)
1. A method of device communication, the method comprising:
the method comprises the steps that a master device sends a query message to a client, a Modbus protocol is adopted between the master device and the client to transmit the message, the master device and the client access the same local area network, and encryption and decryption are not carried out when the message is transmitted by the Modbus protocol between the master device and the client;
when the client receives the query message sent by the main equipment, encrypting the query message, and sending the encrypted query message to a server, wherein an http protocol is adopted between the client and the server to transmit the message;
when the server receives the encrypted query message sent by the client, decrypting the encrypted query message to obtain the query message, and sending the query message to the slave equipment, wherein a Modbus protocol is adopted between the server and the slave equipment to transmit the message, and the server and the slave equipment are accessed to the same local area network;
when the slave equipment receives the query message sent by the server, response messages are generated according to the query message, the response messages are sent to the server, and the slave equipment and the master equipment are communicated by adopting a Modbus protocol;
when the server receives the response message sent by the slave equipment, encrypting the response message and sending the encrypted response message to the client;
when the client receives the encrypted response message sent by the server, decrypting the encrypted response message to obtain the response message, and sending the response message to the main equipment;
and the main equipment receives the response message sent by the client.
2. The method of claim 1, wherein prior to the master device sending the query message to the client, further comprising:
the main equipment sends a connection establishment indication message to the client;
when the client receives the connection establishment indication message sent by the main equipment, the client establishes an http connection with the server;
correspondingly, when the client receives the query message sent by the master device, sending the query message to a server, including:
and when the client receives the query message sent by the main equipment, sending the query message to the server through the http connection.
3. The method of claim 1, wherein the sending the query message to a server when the client receives the query message sent by the master device comprises:
when the client receives the query message sent by the main equipment, the client establishes http connection with the server;
and the client sends the query message to the server through the http connection.
4. The method of claim 2 or 3, wherein the client establishing an http connection with the server comprises:
the client sends an http connection establishment request to the server;
when the server side receives the http connection establishment request sent by the client side, sending a digital certificate carrying a public key of the server side to the client side;
when the client receives the digital certificate sent by the server, verifying whether the digital certificate and the public key of the server are valid, if so, generating a shared key, encrypting the shared key by using the public key of the server, and sending the encrypted shared key to the server;
and when the server receives the encrypted shared secret key sent by the client, decrypting the encrypted shared secret key by using the private secret key of the server to obtain the shared secret key.
5. The method of claim 4, wherein the encrypting the query message when the client receives the query message sent by the master device, and sending the encrypted query message to the server comprises:
when the client receives the encrypted query message sent by the main equipment, encrypting the query message by using the shared key, and sending the encrypted query message to the server;
correspondingly, when the server receives the encrypted query message sent by the client, the server decrypts the encrypted query message to obtain the query message, and sends the query message to the slave device, including:
when the server receives the encrypted query message sent by the client, decrypting the encrypted query message by using the shared key to obtain the query message, and sending the query message to the slave device;
correspondingly, when the server receives the response message sent by the slave device, encrypting the response message, and sending the encrypted response message to the client, the method includes:
when the server receives the response message sent by the slave device, the server encrypts the response message by using the shared secret key and sends the encrypted response message to the client;
correspondingly, when the client receives the encrypted response message sent by the server, the client decrypts the encrypted response message to obtain the response message, and sends the response message to the main device, including:
and when the client receives the encrypted response message sent by the server, decrypting the encrypted response message by using the shared secret key to obtain the response message, and sending the response message to the main equipment.
6. The method of claim 1, wherein the method further comprises:
the master device sets a device address for Modbus communication with the master device as an address of the client;
the client sets the address of the device which carries out http communication with the client as the address of the server;
and the server sets the address of the equipment which carries out Modbus communication with the server as the address of the slave equipment.
7. A communication system, the system comprising:
the main equipment is used for sending a query message to a client, the main equipment and the client transmit messages by adopting a Modbus protocol, the main equipment and the client access the same local area network, and the main equipment and the client do not encrypt or decrypt messages by adopting the Modbus protocol;
the client is used for encrypting the query message when receiving the query message sent by the main equipment and sending the encrypted query message to the server, and the client and the server transmit messages by adopting an http protocol;
the server is used for decrypting the encrypted query message to obtain the query message and sending the query message to the slave equipment when receiving the encrypted query message sent by the client, wherein a Modbus protocol is adopted between the server and the slave equipment to transmit the message, and the server and the slave equipment are accessed to the same local area network;
the slave device is further configured to generate a response message according to the query message when receiving the query message sent by the server, and send the response message to the server, where the slave device and the master device communicate with each other by using a Modbus protocol;
the server is further configured to encrypt the response message when receiving the response message sent by the slave device, and send the encrypted response message to the client;
the client is further configured to decrypt the encrypted response message when receiving the encrypted response message sent by the server, obtain the response message, and send the response message to the main device;
the main device is further configured to receive the response message sent by the client.
8. The system of claim 7,
the main device is further configured to send a connection establishment indication message to the client;
the client is further configured to establish an http connection with the server when receiving the connection establishment indication message sent by the master device;
accordingly, the client is specifically configured to send the query message to the server through the http connection when receiving the query message sent by the master device.
9. The system of claim 7,
the client is specifically configured to establish http connection with the server when receiving the query message sent by the master device;
and the client sends the query message to the server through the http connection.
10. The system of claim 8 or 9,
the client is specifically used for sending an http connection establishment request to the server;
when the server side receives the http connection establishment request sent by the client side, sending a digital certificate carrying a public key of the server side to the client side;
when the client receives the digital certificate sent by the server, verifying whether the digital certificate and the public key of the server are valid, if so, generating a shared key, encrypting the shared key by using the public key of the server, and sending the encrypted shared key to the server;
and when the server receives the encrypted shared secret key sent by the client, decrypting the encrypted shared secret key by using the private secret key of the server to obtain the shared secret key.
11. The system of claim 10,
the client is specifically configured to encrypt the query message using the shared key when receiving the query message sent by the master device, and send the encrypted query message to the server;
correspondingly, the server is specifically configured to, when receiving the encrypted query message sent by the client, decrypt the encrypted query message using the shared key to obtain the query message, and send the query message to the slave device;
correspondingly, the server is specifically configured to encrypt the response message using the shared key when receiving the response message sent by the slave device, and send the encrypted response message to the client;
correspondingly, the client is specifically configured to, when receiving the encrypted response message sent by the server, decrypt the encrypted response message using the shared key to obtain the response message, and send the response message to the master device.
12. The system of claim 7,
the master equipment is also used for setting the equipment address for Modbus communication with the master equipment as the address of the client;
the client is also used for setting the address of the device which carries out http communication with the client as the address of the server;
the server is further used for setting the address of the device which performs Modbus communication with the server as the address of the slave device.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810524521.5A CN110545226B (en) | 2018-05-28 | 2018-05-28 | Device communication method and communication system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810524521.5A CN110545226B (en) | 2018-05-28 | 2018-05-28 | Device communication method and communication system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110545226A CN110545226A (en) | 2019-12-06 |
| CN110545226B true CN110545226B (en) | 2021-12-17 |
Family
ID=68700796
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810524521.5A Active CN110545226B (en) | 2018-05-28 | 2018-05-28 | Device communication method and communication system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110545226B (en) |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102055582A (en) * | 2009-11-06 | 2011-05-11 | Vega格里沙贝两合公司 | Data processing device for field device |
| CN104320332A (en) * | 2014-11-13 | 2015-01-28 | 济南华汉电气科技有限公司 | Multi-protocol industrial communication safety gateway and communication method with gateway applied |
| CN105491012A (en) * | 2015-11-20 | 2016-04-13 | 北京奇虎科技有限公司 | Message storage method and device |
| CN105721500A (en) * | 2016-04-10 | 2016-06-29 | 北京工业大学 | TPM-based Modbus/TCP security enhancement method |
| CN105847249A (en) * | 2016-03-22 | 2016-08-10 | 英赛克科技(北京)有限公司 | Safety protection system and method for Modbus network |
| CN107094170A (en) * | 2017-03-17 | 2017-08-25 | 深圳市新科聚合网络技术有限公司 | Intelligent energy-saving control system and method |
| CN107172028B (en) * | 2017-05-09 | 2020-05-15 | 泰豪科技股份有限公司 | Method and device for sharing field bus data |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7502323B2 (en) * | 2003-05-28 | 2009-03-10 | Schneider Electric Industries Sas | Access control system for automation equipment |
| TWI430060B (en) * | 2011-09-08 | 2014-03-11 | Chunghwa Telecom Co Ltd | Automated building monitoring system |
| JP7050409B2 (en) * | 2015-04-13 | 2022-04-08 | ベドロック・オートメーション・プラットフォームズ・インコーポレーテッド | Safe power supply for industrial control systems |
-
2018
- 2018-05-28 CN CN201810524521.5A patent/CN110545226B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102055582A (en) * | 2009-11-06 | 2011-05-11 | Vega格里沙贝两合公司 | Data processing device for field device |
| CN104320332A (en) * | 2014-11-13 | 2015-01-28 | 济南华汉电气科技有限公司 | Multi-protocol industrial communication safety gateway and communication method with gateway applied |
| CN105491012A (en) * | 2015-11-20 | 2016-04-13 | 北京奇虎科技有限公司 | Message storage method and device |
| CN105847249A (en) * | 2016-03-22 | 2016-08-10 | 英赛克科技(北京)有限公司 | Safety protection system and method for Modbus network |
| CN105721500A (en) * | 2016-04-10 | 2016-06-29 | 北京工业大学 | TPM-based Modbus/TCP security enhancement method |
| CN107094170A (en) * | 2017-03-17 | 2017-08-25 | 深圳市新科聚合网络技术有限公司 | Intelligent energy-saving control system and method |
| CN107172028B (en) * | 2017-05-09 | 2020-05-15 | 泰豪科技股份有限公司 | Method and device for sharing field bus data |
Non-Patent Citations (2)
| Title |
|---|
| "基于远程证明的可信Modbus_TCP协议研究";詹静等;《工程科学与技术》;20170131;第198页 * |
| 詹静等."基于远程证明的可信Modbus_TCP协议研究".《工程科学与技术》.2017, * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110545226A (en) | 2019-12-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| AU2017352361B2 (en) | Data transmission method, apparatus and system | |
| CN110808834B (en) | Quantum key distribution method and quantum key distribution system | |
| CN103036880A (en) | Network information transmission method, transmission equipment and transmission system | |
| CN114221765B (en) | Quantum key distribution method for fusion of QKD network and classical cryptographic algorithm | |
| CN104901803A (en) | Data interaction safety protection method based on CPK identity authentication technology | |
| CN111064738B (en) | TLS (transport layer Security) secure communication method and system | |
| CN114143050B (en) | Video data encryption system | |
| CN109995723B (en) | Method, device and system for DNS information interaction of domain name resolution system | |
| WO2016134631A1 (en) | Processing method for openflow message, and network element | |
| CN114173328A (en) | Key exchange method and device and electronic equipment | |
| CN111555879B (en) | Satellite communication network management channel message encryption and decryption method and system | |
| CN113141333B (en) | Communication method, device, server, system and storage medium of network access device | |
| CN107733929B (en) | Authentication method and authentication system | |
| CN114650181B (en) | E-mail encryption and decryption method, system, equipment and computer readable storage medium | |
| CN110545226B (en) | Device communication method and communication system | |
| CN112422530B (en) | Key security protection method and password device for server in TLS handshake process | |
| CN112787819B (en) | Industrial control safety communication system and communication method | |
| CN115021906A (en) | Method, terminal and device for realizing data transmission of digital envelope | |
| CN112019553B (en) | Data sharing method based on IBE/IBBE | |
| CN110365482B (en) | Data communication method and device | |
| JP2006262425A (en) | Mutual authentication on network by public key cryptosystem, and mutual exchange system of public key | |
| CN114553957A (en) | Service system and method compatible with national password and international HTTPS transmission | |
| CN105791301A (en) | Key distribution management method with information and key separated for multiple user groups | |
| CN111641539B (en) | Safety interaction method for household electrical appliance | |
| CN110855628A (en) | Data transmission method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20211201 Address after: 100007 No. 9 North Main Street, Dongcheng District, Beijing, Dongzhimen Applicant after: CHINA NATIONAL PETROLEUM Corp. Applicant after: China Petroleum Pipeline Engineering Co.,Ltd. Applicant after: CHINA PETROLEUM LONGHUI AUTOMATION ENGINEERING Co.,Ltd. Applicant after: CHINA PETROLEUM PIPELINE ENGINEERING Corp. Address before: 100007 No. 9 North Main Street, Dongcheng District, Beijing, Dongzhimen Applicant before: CHINA NATIONAL PETROLEUM Corp. Applicant before: China Petroleum Pipeline Engineering Co.,Ltd. Applicant before: CHINA PETROLEUM LONGHUI AUTOMATION ENGINEERING Co.,Ltd. |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant |