CN110933118A - Edge computing gateway secure communication method, system, terminal equipment and server - Google Patents

Edge computing gateway secure communication method, system, terminal equipment and server Download PDF

Info

Publication number
CN110933118A
CN110933118A CN202010104312.2A CN202010104312A CN110933118A CN 110933118 A CN110933118 A CN 110933118A CN 202010104312 A CN202010104312 A CN 202010104312A CN 110933118 A CN110933118 A CN 110933118A
Authority
CN
China
Prior art keywords
data
edge computing
server
computing gateway
character string
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202010104312.2A
Other languages
Chinese (zh)
Other versions
CN110933118B (en
Inventor
张晓春
丘建栋
张新宇
王宇
修科鼎
周益辉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Urban Transport Planning Center Co Ltd
Original Assignee
Shenzhen Urban Transport Planning Center Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Urban Transport Planning Center Co Ltd filed Critical Shenzhen Urban Transport Planning Center Co Ltd
Priority to CN202010104312.2A priority Critical patent/CN110933118B/en
Publication of CN110933118A publication Critical patent/CN110933118A/en
Application granted granted Critical
Publication of CN110933118B publication Critical patent/CN110933118B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L51/00User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
    • H04L51/04Real-time or near real-time messaging, e.g. instant messaging [IM]
    • H04L51/046Interoperability with other network applications or services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0815Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L65/00Network arrangements, protocols or services for supporting real-time applications in data packet communication
    • H04L65/10Architectures or entities
    • H04L65/102Gateways
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/26Special purpose or proprietary protocols or architectures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Medical Informatics (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Power Engineering (AREA)
  • Physics & Mathematics (AREA)
  • Algebra (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Analysis (AREA)
  • Mathematical Optimization (AREA)
  • Mathematical Physics (AREA)
  • Pure & Applied Mathematics (AREA)
  • Multimedia (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The application belongs to the technical field of the Internet of things, and particularly relates to a secure communication method and system for an edge computing gateway, terminal equipment and a server. The method comprises the steps of carrying out structuring processing on data according to a preset structuring design, and generating and analyzing the structured data through various preset interfaces; constructing a secure network channel between the edge computing gateway and the server, and authenticating, encrypting and decrypting the data; optimizing the MQTT interface, and taking the optimized MQTT interface as a communication interface between the edge computing gateway and the server; carrying out instant communication between the edge computing gateway and the server based on a preset lightweight text communication protocol; utilizing a communication system to monitor and schedule resources, and processing original data of the sensor according to the computing capability of the edge computing gateway; the device program module switching and the device parameter and communication parameter configuration are carried out by automatically reading the external file, and safe, real-time and reliable service guarantee is provided for information interaction of the intelligent traffic scene.

Description

Edge computing gateway secure communication method, system, terminal equipment and server
Technical Field
The application belongs to the technical field of the Internet of things, and particularly relates to a secure communication method and system for an edge computing gateway, terminal equipment and a server.
Background
With the development of technology, the construction of smart roads gradually goes from concept to reality, and in the specific application of the smart roads, an edge computing technology is generally used, and local computing analysis is performed on one side close to a data source through an edge computing gateway, so that higher computing real-time performance is obtained. However, in the prior art, the traditional communication method is still used between the edge computing gateway and the server in the background, and the problems of low interaction efficiency and high potential safety hazard exist.
Disclosure of Invention
In view of this, embodiments of the present application provide a secure communication method, a system, a terminal device, and a server for an edge computing gateway, so as to solve the problems of low interaction efficiency and high potential safety hazard in the existing edge computing gateway communication method.
A first aspect of an embodiment of the present application provides a secure communication method for an edge computing gateway, which may include:
carrying out structuring processing on data according to a preset structuring design, and generating and analyzing the structured data through various preset interfaces;
constructing a secure network channel between the edge computing gateway and the server, and authenticating, encrypting and decrypting the data;
optimizing the MQTT interface, and taking the optimized MQTT interface as a communication interface between the edge computing gateway and the server;
carrying out instant communication between the edge computing gateway and the server based on a preset lightweight text communication protocol;
utilizing a communication system to monitor and schedule resources, and processing original data of the sensor according to the computing capability of the edge computing gateway;
and automatically reading the external file to perform device program module switching and device parameter and communication parameter configuration.
A second aspect of an embodiment of the present application provides an edge computing gateway secure communication system, which may include:
the data structuring module is used for carrying out structuring processing on the data according to a preset structuring design, and generating and analyzing the structured data through various preset interfaces;
the data security processing module is used for constructing a secure network channel between the edge computing gateway and the server and authenticating, encrypting and decrypting the data;
the interface optimization module is used for optimizing the MQTT interface and taking the optimized MQTT interface as a communication interface between the edge computing gateway and the server;
the protocol communication module is used for carrying out instant communication between the edge computing gateway and the server based on a preset lightweight text communication protocol;
the resource scheduling module is used for monitoring and scheduling resources by using a communication system and processing the original data of the sensor according to the computing capability of the edge computing gateway;
and the automatic configuration module is used for switching the device program modules by automatically reading the external files and configuring the device parameters and the communication parameters.
A third aspect of the embodiments of the present application provides a terminal device, including a memory, a processor, and a computer program stored in the memory and executable on the processor, where the processor implements the functions of any one of the edge computing gateways when executing the computer program.
A fourth aspect of the embodiments of the present application provides a server, including a memory, a processor, and a computer program stored in the memory and executable on the processor, where the processor implements the functions of any one of the servers when executing the computer program.
Compared with the prior art, the embodiment of the application has the advantages that: the method comprises the steps of carrying out structured processing on data according to a preset structured design, and generating and analyzing structured data through various preset interfaces; constructing a secure network channel between the edge computing gateway and the server, and authenticating, encrypting and decrypting the data; optimizing the MQTT interface, and taking the optimized MQTT interface as a communication interface between the edge computing gateway and the server; carrying out instant communication between the edge computing gateway and the server based on a preset lightweight text communication protocol; utilizing a communication system to monitor and schedule resources, and processing original data of the sensor according to the computing capability of the edge computing gateway; and automatically reading the external file to perform device program module switching and device parameter and communication parameter configuration. The method has the advantages of data structuring, communication safety, low communication overhead, automatic resource scheduling and quick service configuration. In the construction of the intelligent road, the communication mode can be used for rapidly and safely transmitting various data of the intelligent equipment, and safe, real-time and reliable service is provided for information interaction between the intelligent traffic equipment and the platform.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings needed for the embodiments or the prior art descriptions will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings without creative efforts.
Fig. 1 is a general architecture diagram of an edge computing gateway secure communication system according to an embodiment of the present application;
FIG. 2 is a schematic flow chart for generating structured data;
FIG. 3 is a schematic flow chart of parsing structured data;
FIG. 4 is a schematic flow chart of an encryption algorithm;
FIG. 5 is a schematic flow chart of a decryption algorithm;
FIG. 6 is a schematic diagram of MQTT protocol communication;
FIG. 7 is a schematic diagram of an optimally designed MQTT communication flow;
FIG. 8 is a schematic diagram of various types of API data interfaces;
fig. 9 is a block diagram of an embodiment of a secure communication system of an edge computing gateway in an embodiment of the present application;
fig. 10 is a schematic block diagram of a terminal device or a server in an embodiment of the present application.
Detailed Description
In order to make the objects, features and advantages of the present invention more apparent and understandable, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present application, and it is apparent that the embodiments described below are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
It will be understood that the terms "comprises" and/or "comprising," when used in this specification and the appended claims, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof.
It is also to be understood that the terminology used in the description of the present application is for the purpose of describing particular embodiments only and is not intended to be limiting of the application. As used in the specification of the present application and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise.
It should be further understood that the term "and/or" as used in this specification and the appended claims refers to and includes any and all possible combinations of one or more of the associated listed items.
As used in this specification and the appended claims, the term "if" may be interpreted contextually as "when", "upon" or "in response to a determination" or "in response to a detection". Similarly, the phrase "if it is determined" or "if a [ described condition or event ] is detected" may be interpreted "upon determining" or "in response to determining" or "upon detecting [ described condition or event ]" or "in response to detecting [ described condition or event ]" depending on the context.
In addition, in the description of the present application, the terms "first," "second," "third," and the like are used solely to distinguish one from another and are not to be construed as indicating or implying relative importance.
Fig. 1 is a general architecture diagram of an edge computing gateway secure communication system provided in an embodiment of the present application, and compared with the prior art, a secure communication method used in the system may include the following technical contents:
firstly, carrying out structuring processing on data according to a preset structuring design, and generating and analyzing the structured data through various preset interfaces.
In the embodiment of the present application, the data may adopt a text string format, JSON, and in order to achieve a good reading and analyzing effect, a user needs to negotiate the data represented by the string.
An example of data (heartbeats) transmitted at 0X00 in 16 is shown below:
wrapping heads: 0xAA (byte number is 1);
lamp post ID: 10000001 (byte number 13);
length: 0x02 (byte number 1);
type (2): 0x00 (byte number 1);
data: 0x 010 x02 (byte number is 2);
and (3) checking the value: 0x06 (byte number 1);
and (4) wrapping the tail: 0xBB (byte number 1).
If the structured processing is carried out and the transmission is carried out by using JSON format text "string", the data structure is as follows:
{"ID":"10000001", "type":"0", "data":{ "Keepalive":"keepalive"}}
compared with the two data structures, the data hierarchy processed by MQTT + JSON is more concise and clear, both sides can analyze and recognize the data easily, and whether the data is the data of the equipment can be judged through the data element ID, so that the information interaction efficiency is effectively improved.
FIG. 2 is a schematic flow chart illustrating the generation of structured data. As can be seen in the figure, generating structured data can include the steps of: inputting various original data elements; connecting the data elements by using a JSON function to form a character string; judging whether the character string is legal or not; if the character string is illegal, returning to execute the step of connecting the data elements by using the JSON function to form the character string until the character string is legal; and if the character string is legal, outputting the structured data (namely the character string).
FIG. 3 is a flow chart illustrating parsing of structured data. As can be seen in the figure, parsing the structured data may include the steps of: inputting received data; judging whether the received data is a legal JSON character string or not; if the received data is not a legal JSON character string, discarding the received data; if the received data is a legal JSON character string, extracting various data elements from the JSON character string; judging whether the received data belongs to the current equipment or not according to the head element; if the received data belongs to the current equipment, executing a receiving instruction; and if the received data does not belong to the current equipment, discarding the received data.
In such a way, an interactive innovative scheme for sending and receiving analysis judgment structured data is designed for the edge computing gateway, and can be provided for other equipment. Wherein, on the basic interface, a self-designed interface for judging the legality of the character string is added. By utilizing the scheme flow, the structured output of the gateway equipment data can be realized, and the legal analysis and judgment can be carried out on the received data.
And secondly, constructing a secure network channel between the edge computing gateway and the server, and authenticating, encrypting and decrypting the data.
Data authentication between the edge computing gateway and the server may include the steps of: the edge computing gateway requests the server to log in by using a user name and a password provided by the server; after the server passes the verification, generating a random character string label (namely FLAG), and sending the character string label to an edge computing gateway; the edge computing gateway and the server begin to exchange data, a sender, namely the edge computing gateway or the server sends data each time, ciphertext data are obtained by using SM2 algorithm encryption, and a label FLAG is added at the head of the ciphertext data; the receiving party, namely the edge computing gateway or the server, receives the data, firstly judges whether the head label is correct or not, receives the data if the head label is correct, starts the SM2 to decrypt the ciphertext data, and discards the ciphertext data if the head label is incorrect.
In the embodiment of the present application, it is preferable to perform encryption and decryption processing on data by using an asymmetric cryptographic algorithm. Asymmetric cryptographic algorithms require two keys: a public key and a private key. The public key and the private key are a pair, if the public key is used for encrypting data, only the corresponding private key is used for decrypting the data, the encryption strength is high, the data safety is guaranteed, and the method is suitable for encrypting and transmitting the data between the edge computing gateway and the server.
The original transmission data of the heartbeat is as follows:
{"ID":"10000001", "type":"0", "data":{ "Keepalive":"keepalive"}}
the basic parameters and the main functions used by the asymmetric cryptographic algorithm adopted in the embodiment of the present application may include:
the curve equation: y is2=x3+ax+b;
Private key (PrivateKey) length: 32 bytes;
public key (PubKey) length: 64 bytes;
encrypting the content: 96 bytes more than plaintext;
and (3) decrypting the content: 96 bytes less than ciphertext;
key Derivation Function (KDF): for generating a key pair, generating a pair of public and private keys;
hash function (hash function): the signature verification module is used for signing and verifying a signature to generate a hash value;
encryption function (encrypt function): for encrypting the output ciphertext;
decryption function (decryption function): for decrypting the output plaintext.
When encryption is required, encryption is performed by using a public key of a receiving party, wherein the public key consists of one curve coordinate point, and the public key in the X.509 certificate is represented as BigInteger of 2 bytes starting from the 04 mark, namely a curve point P (x, y). The public key encryption algorithm in the embodiment of the application is relatively more complex than RSA, the encryption result consists of 3 parts, and random numbers are used in the encryption process, so that the encryption results of the same plaintext data are different every time.
As shown in fig. 4, the encryption algorithm flow may include the following steps:
1. generating a random number k, the value of k being from 1 to n-1;
2. calculating an elliptic curve point C1= [ k ] G = (x1, y1), where G represents one base point of an elliptic curve whose order is a prime number, k is an integer, [ k ] G represents a k-fold point, and (x1, y1) represents the coordinate of the calculated elliptic curve point C1;
3. verifying the public key PBCalculating S = [ h ]]PB
Judging whether S is an infinite point (O), if S is the infinite point, reporting an error and exiting, and if S is not the infinite point, continuing to execute the subsequent steps;
4. calculate (x2, y2) = [ k =]PB
5. Calculating t = KDF (x2| | y2, klen), wherein KDF is a key derivation function, "| |" indicates that two numbers before and after are spliced, and klen is a plaintext length;
judging whether t is all 0, if t is all 0, returning to the step 1, and if t is not all 0, continuing to execute the subsequent steps;
6. calculating C2= M ^ t, wherein M is a plaintext message, and ^ is an exclusive or symbol;
7. compute C3= Hash (x 2M y2), where Hash represents a Hash function;
8. the output ciphertext C = C1| | C3| | C2, the lengths of C1 and C3 are fixed, C1 is 64 bytes, C3 is 32 bytes, and C1, C3 and C2 are conveniently extracted from C.
As shown in fig. 5, the decryption algorithm flow may include the following steps:
1. taking out C1 from the ciphertext bit string C = C1| | C3| | C2, and converting C1 into a point on an elliptic curve;
verifying whether the C1 satisfies a curve equation, if not, reporting an error and exiting, and if so, continuing to execute the subsequent steps;
2. calculating S = [ h ] C1;
judging whether S is an infinite point, if S is the infinite point, reporting an error and exiting, and if S is not the infinite point, continuing to execute the subsequent steps;
3. calculating (x2, y2) = [ dB ] C1;
4. calculate t = KDF (x2| | y2, klen);
judging whether t is all 0, if t is all 0, reporting an error and exiting, and if t is not all 0, continuing to execute the subsequent steps;
5. taking out C2 from C = C1| | C3| | C2, and calculating M' = C2^ t;
6. calculate u = Hash (x2| | | M' | | y 2);
judging whether u is equal to C3, if not, reporting an error and exiting, and if so, continuing to execute the subsequent steps;
7. the plaintext M' is output.
The authentication mode is combined with the encryption algorithm, so that the safety of data interaction can be greatly improved.
And thirdly, optimizing the MQTT interface, and using the optimized MQTT interface as a communication interface between the edge computing gateway and the server.
MQTT, a lightweight communication protocol based on Publish/Subscribe (Publish/Subscribe) mode. The MQTT has the greatest advantage of providing real-time reliable message service for remote devices in an unstable network environment with very little code and limited bandwidth. The method is applied to the communication of the Internet of things of the edge computing gateway, can realize low cost and low occupation of network resources, and ensures real-time and effective communication of the Internet of things.
As shown in fig. 6, the MQTT protocol needs to be completed by communication between the client and the server, and during the communication, there are three identities in the MQTT protocol: publisher (Publish), Broker (Broker) (server), subscriber (Subscribe). The message publisher and the message subscriber are clients, the message broker is a server, and the message publisher can be a subscriber at the same time. The transmitted messages of the MQTT are divided into: theme (Topic) and load (payload) two parts:
(1) topic, which can be understood as the type of message, after a subscriber subscribes (Subscribe), the subscriber will receive the message content (payload) of the Topic;
(2) payload, which may be understood as the content of a message, refers to content that a subscriber specifically wants to use.
There are three types of message publishing quality of service (QoS) in the MQTT protocol:
QoS = 0: "at most once," message distribution relies entirely on the underlying TCP/IP network, and thus message loss or duplication may occur. This level can be used for the following cases: environmental sensor data is not affected even if lost once, because it is sent for a second time after a while;
QoS = 1: "at least once" to ensure that messages arrive, but message repetition may occur;
QoS = 2: "once only", ensures that a message arrives once. This level can be used for the following cases: in a billing system, message duplication or loss can lead to incorrect results.
The general creation process of the MQTT is still relatively complicated, the number of basic interfaces is large, and various parameters need to be configured. Therefore, in order to facilitate the operation and adapt to the device, the existing MQTT interface is designed and improved for secondary development, and in the embodiment of the present application, an MQTT communication flow of an optimized design is provided as shown in fig. 7:
step 1: initializing a setting parameter, wherein a corresponding interface is int Setconfig ();
step 2: creating an MQTT communication instance, wherein a corresponding interface is struct mosquitto CreateMoosq ();
and 3, step 3: setting a user and a password, wherein a corresponding interface is int UserPasswordset ();
and 4, step 4: requesting connection, wherein a corresponding interface is int Connect ();
and 5, step 5: issuing information, wherein a corresponding interface is int Pub (); subscribing information, wherein a corresponding interface is int Sub ();
and 6, step 6: close the connection and the corresponding interface is void Close ().
For Setconfig: in the embodiment of the application, an interface, namely int Setconfig (), which has functions of automatically reading and configuring MQTT parameters and initializing is designed for obscure parameters and a complex configuration process, and a user can establish different instant communications with different servers only by modifying simple parameters in an external TXT file.
Regarding Pub and Sub: generally, MQTT sending and receiving are composed of a plurality of functions, and in the embodiment of the present application, a secondary packaging design is performed, and sending and receiving are directly designed as a single interface, that is, int Pub () and int Sub (), so that a system program is suitable for being inserted, and low coupling of the system program is realized.
With respect to Close: generally, when the connection is disconnected, it is necessary to clear various configuration parameters and release space resources, which is also a relatively complicated process.
By using the optimized interfaces, the communication flow is simplified, and the functions of facilitating later operation modification and quickly creating different temporary communications are achieved. Taking the client 1 as an example, through the communication process, communication can be established with the server, own information is published on the server through a topic (topic), and information of a plurality of clients such as other clients 2 and 3 is subscribed, so that convenient real-time communication with other clients is realized.
And fourthly, carrying out instant messaging between the edge computing gateway and the server based on a preset lightweight text communication protocol.
After the data structure design and the basic bedding of MQTT communication are carried out, the interaction parties negotiate and develop an interaction protocol, and the frame structure in the protocol is as follows:
themes Message content
Topic Lamp stand ID + data type (type) + data (data)
The message content mainly comprises the following components: light pole ID + data type + data content.
The data types and topics (publish/subscribe) can be summarized as:
type 0: heartbeat bag
Type 1: probe data packet
Type 2: video data packet
Type 3: environment data package
Type 4: illumination intensity data packet
Type 5: emergency call packet
Type 6: pedestrian identification, pedestrian flow detection and vehicle flow detection package
Type 7: road dangerous case identification bag
Type 8: LED light grade adjusting bag
Type 9: gateway receiving FW upgrade interface package
Type 10: gateway receiving software and hardware version package
Type 11: device state reporting interface packet
Type to 12: face feature extraction and recognition packet
Type 14: pedestrian attribute label bag
Type 15: system log package
Type 16: device control interface package
The message contents of the heartbeat packet and the probe data packet are described as follows:
(1) heartbeat bag
An example of a data packet sent by the gateway is:
{"ID":"10000001", "type":"0", "data":{ "Keepalive":"keepalive"}}
the lamp pole sends a heartbeat data packet, the receiving platform responds to the data, one heartbeat is completed, and one heartbeat packet is interacted for 10 seconds. The ID is an edge gateway ID number, the type is a message type, and the data is heartbeat data.
(2) Probe data packet
An example of a data packet sent by the gateway is:
{"ID":"10000001",
"type":"1",
"data":{"Signal":"0","RecvBroadcastsNumber":"0","BroadcastsTime":"0","FirstTime":"20180712101630", "Time":"20180712101630"}
}
wherein, the transmission data is Signal strength + recvvbroadcastnumber received broadcast times + broadcasttimemean broadcast Time + FirstTime first scanning Time + Time upload Time, Time is a character string representing year, month, day, hour, minute and second, totally 14 characters, such as: 20180709165030.
other types of message contents are similar to the above, and may be set according to specific situations, which is not described in detail in this embodiment of the present application.
As shown in fig. 8, the edge computing gateway is designed according to the developed protocol, and can implement API interfaces for outputting and receiving various types of data as follows, for MQTT transmission: the system comprises a heartbeat package, a probe data package, a video data package, an environment data package, an illumination intensity data package, an SOS emergency call package, pedestrian identification, pedestrian flow detection, traffic flow detection package, road dangerous case identification package, an LED light level adjustment package, a gateway receiving FW upgrading interface package, a gateway receiving software and hardware version package, an equipment state reporting interface package, a human face feature extraction and identification package, a pedestrian attribute label package, a system log package and an equipment control interface package.
And fifthly, utilizing the communication system to monitor and schedule resources, and processing the original data of the sensor according to the computing capability of the edge computing gateway.
In the embodiment of the application, a mechanism for monitoring and scheduling computing resources can be realized by utilizing the constructed communication system, and the effective operation of equipment is guaranteed.
First, a first capability level, which is the current computing capability level of the edge computing gateway (denoted as N), and a second capability level, which is the computing capability level required to process the raw sensor data (denoted as M), are determined.
If the first capability level is larger than or equal to the second capability level, processing the original data of the sensor by the edge computing gateway; and if the first capability level is smaller than the second capability level, the edge computing gateway sends the original sensor data to a server, the server processes the original sensor data, and a processing result is sent to the edge computing gateway.
In a specific implementation of the embodiment of the present application, the calculation capability levels may be sequentially divided into 9 levels from low to high, and the levels are sequentially denoted as level 1, level 2, …, and level 9. In evaluating the second capability level, the level M may be calculated according to the data type and the memory space required for calculating the data, for example, the storage space required for the image = resolution × occupied bits (i.e. 16 or 32 bits per 8 in common), or the storage space required for the image = resolution × number of bytes occupied by color information. The larger the storage space required by the image is, the larger the M value is, and conversely, the smaller the storage space required by the image is, the smaller the M value is. When the first capability level is evaluated, a level N may be calculated according to a current memory space of the edge calculation gateway, where the larger the memory space is, the larger the N value is, and the smaller the memory space is, the smaller the N value is.
And sixthly, switching the program modules of the equipment by automatically reading the external files, and configuring the parameters of the equipment and the communication parameters.
In the edge calculation, the change or increase of the dynamics of the user and the terminal equipment brings cumbersome work to the configuration of the system. In a typical edge computing system, once various parameters of the external device and the communication are changed, the internal part of the system needs to be readjusted and configured, and the internal part of the system needs to be adjusted, for example, the device is replaced and the IP address is changed. For such a complicated workload, in the embodiment of the present application, the device program module, the configuration device parameter, and the communication parameter can be switched by automatically reading the external file, so as to support the rapid configuration of the service.
The required conditions include: external files (typically TXT files), program interfaces for reading the file extraction parameters, program modules for different terminal devices and services. During specific operation, firstly, the external file is modified to fill in the core parameters, then the internal program module is switched according to the parameters, and finally, the read internal parameters are input into the program module.
When the program interface reads the file parameters, the title [ MQTT ] is read firstly, then the left character of the key row "=" is read, if the left character is consistent with the left character, the right character is returned, and the program module can be switched according to the read parameters by internal program switching.
To sum up, in the embodiment of the present application, data is structured according to a preset structured design, and structured data is generated and analyzed through various preset interfaces; constructing a secure network channel between the edge computing gateway and the server, and authenticating, encrypting and decrypting the data; optimizing the MQTT interface, and taking the optimized MQTT interface as a communication interface between the edge computing gateway and the server; carrying out instant communication between the edge computing gateway and the server based on a preset lightweight text communication protocol; utilizing a communication system to monitor and schedule resources, and processing original data of the sensor according to the computing capability of the edge computing gateway; and automatically reading the external file to perform device program module switching and device parameter and communication parameter configuration. The method has the advantages of data structuring, communication safety, low communication overhead, automatic resource scheduling and quick service configuration. In the construction of the intelligent road, the communication mode can be used for rapidly and safely transmitting various data of the intelligent equipment, and safe, real-time and reliable service is provided for information interaction between the intelligent traffic equipment and the platform.
It should be understood that, the sequence numbers of the steps in the foregoing embodiments do not imply an execution sequence, and the execution sequence of each process should be determined by its function and inherent logic, and should not constitute any limitation to the implementation process of the embodiments of the present application.
Fig. 9 shows a structure diagram of an embodiment of an edge computing gateway secure communication system provided in the embodiment of the present application, corresponding to the edge computing gateway secure communication method described in the foregoing embodiment.
In this embodiment, an edge computing gateway secure communication system may include:
the data structuring module 901 is configured to perform structuring processing on data according to a preset structuring design, and generate and analyze structured data through preset various interfaces;
the data security processing module 902 is configured to construct a secure network channel between the edge computing gateway and the server, and perform authentication, encryption, and decryption processing on data;
the interface optimization module 903 is used for optimizing the MQTT interface and using the optimized MQTT interface as a communication interface between the edge computing gateway and the server;
a protocol communication module 904, configured to perform instant messaging between the edge computing gateway and the server based on a preset lightweight text communication protocol;
a resource scheduling module 905, configured to perform resource monitoring scheduling by using the communication system, and process the original data of the sensor according to the computing capability of the edge computing gateway;
an automatic configuration module 906, configured to perform device program module switching by automatically reading the external file, and device parameter and communication parameter configuration.
Further, the data structuring module may comprise a structured data generating unit configured to: inputting various original data elements; connecting the data elements by using a JSON function to form a character string; judging whether the character string is legal or not; and if the character string is legal, outputting the structured data.
Further, the data structuring module may include a structured data parsing unit configured to: inputting received data; judging whether the received data is a legal JSON character string or not; if the received data is a legal JSON character string, extracting various data elements from the JSON character string; judging whether the received data belongs to the current equipment or not according to the head element; and if the received data belongs to the current equipment, executing a receiving instruction.
Further, the data security processing module may include:
a login request unit for requesting login to the server using a user name and a password provided by the server;
the device comprises a character string label generating unit, a character string label generating unit and an edge computing gateway, wherein the character string label generating unit is used for generating a random character string label and sending the character string label to the edge computing gateway;
the character string label adding unit is used for adding the character string label to the head of the data and sending the data to the server;
the data authentication unit is used for judging whether the character string label at the head of the ciphertext data is correct or not after the ciphertext data is received, receiving the ciphertext data if the character string label at the head of the ciphertext data is correct, and discarding the ciphertext data if the character string label at the head of the ciphertext data is incorrect;
and the data encryption unit is used for interacting two parties, namely the edge computing gateway and the server after the data authentication unit, and encrypting the data into ciphertext data by using the SM2 when sending the data. Upon reception, the SM2 is used to decrypt ciphertext data into plaintext data.
Further, the resource scheduling module may include:
the system comprises a capability level determining unit, a processing unit and a processing unit, wherein the capability level determining unit is used for determining a first capability level and a second capability level, the first capability level is the current computing capability level of an edge computing gateway, and the second capability level is the computing capability level required for processing the original data of the sensor;
the first processing unit is used for processing the original data of the sensor if the first capability level is greater than or equal to the second capability level;
and the second processing unit is used for sending the raw sensor data to a server if the first capability level is smaller than the second capability level.
It can be clearly understood by those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described apparatuses, modules and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
In the above embodiments, the descriptions of the respective embodiments have respective emphasis, and reference may be made to the related descriptions of other embodiments for parts that are not described or illustrated in a certain embodiment.
Fig. 10 shows a schematic block diagram of a terminal device provided in an embodiment of the present application, and as shown in fig. 10, the terminal device 10 of the embodiment includes: a processor 100, a memory 101 and a computer program 102 stored in said memory 101 and executable on said processor 100. The processor 100, when executing the computer program 102, implements the functionality of any of the edge computing gateways described above.
Similarly, fig. 10 is a schematic block diagram of a server provided in an embodiment of the present application, where the server 10 in this embodiment includes: a processor 100, a memory 101 and a computer program 102 stored in said memory 101 and executable on said processor 100. The processor 100, when executing the computer program 102, implements the functionality of any of the servers described above.
Illustratively, the computer program 102 may be partitioned into one or more modules/units that are stored in the memory 101 and executed by the processor 100 to accomplish the present application. The one or more modules/units may be a series of computer program instruction segments capable of performing specific functions, which are used to describe the execution process of the computer program 102 in the terminal device 10.
Those skilled in the art will appreciate that fig. 10 is merely an example of a terminal device 10 and does not constitute a limitation of terminal device 10 and may include more or fewer components than shown, or some components may be combined, or different components, e.g., terminal device 10 may also include input-output devices, network access devices, buses, etc.
The Processor 100 may be a Central Processing Unit (CPU), other general purpose Processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA) or other Programmable logic device, discrete Gate or transistor logic device, discrete hardware component, etc. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
The storage 101 may be an internal storage unit of the terminal device 10, such as a hard disk or a memory of the terminal device 10. The memory 101 may also be an external storage device of the terminal device 10, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), and the like, which are provided on the terminal device 10. Further, the memory 101 may also include both an internal storage unit and an external storage device of the terminal device 10. The memory 101 is used for storing the computer program and other programs and data required by the terminal device 10. The memory 101 may also be used to temporarily store data that has been output or is to be output.
It will be apparent to those skilled in the art that, for convenience and brevity of description, only the above-mentioned division of the functional units and modules is illustrated, and in practical applications, the above-mentioned function distribution may be performed by different functional units and modules as required, that is, the internal structure of the apparatus is divided into different functional units or modules to perform all or part of the above-mentioned functions. Each functional unit and module in the embodiments may be integrated in one processing unit, or each unit may exist alone physically, or two or more units are integrated in one unit, and the integrated unit may be implemented in a form of hardware, or in a form of software functional unit. In addition, specific names of the functional units and modules are only for convenience of distinguishing from each other, and are not used for limiting the protection scope of the present application. The specific working processes of the units and modules in the system may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
In the above embodiments, the descriptions of the respective embodiments have respective emphasis, and reference may be made to the related descriptions of other embodiments for parts that are not described or illustrated in a certain embodiment.
Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
In the embodiments provided in the present application, it should be understood that the disclosed server/terminal device and method may be implemented in other ways. For example, the above-described server/terminal device embodiments are merely illustrative, and for example, the division of the modules or units is only one logical division, and there may be other divisions when actually implemented, for example, multiple units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated modules/units, if implemented in the form of software functional units and sold or used as separate products, may be stored in a computer readable storage medium. Based on such understanding, all or part of the flow in the method of the embodiments described above can be realized by the present application, or can be realized by a computer program to instruct related hardware, where the computer program can be stored in a computer readable storage medium, and when the computer program is executed by a processor, all or part of the steps of the embodiments of the methods described above can be realized. Wherein the computer program comprises computer program code, which may be in the form of source code, object code, an executable file or some intermediate form, etc. The computer-readable medium may include: any entity or device capable of carrying the computer program code, recording medium, usb disk, removable hard disk, magnetic disk, optical disk, computer Memory, Read-Only Memory (ROM), Random Access Memory (RAM), electrical carrier wave signals, telecommunications signals, software distribution medium, and the like. It should be noted that the computer readable medium may contain content that is subject to appropriate increase or decrease as required by legislation and patent practice in jurisdictions, for example, in some jurisdictions, computer readable media does not include electrical carrier signals and telecommunications signals as is required by legislation and patent practice.
The above-mentioned embodiments are only used for illustrating the technical solutions of the present application, and not for limiting the same; although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; such modifications and substitutions do not substantially depart from the spirit and scope of the embodiments of the present application and are intended to be included within the scope of the present application.

Claims (10)

1. An edge computing gateway secure communication method, comprising:
carrying out structuring processing on data according to a preset structuring design, and generating and analyzing the structured data through various preset interfaces;
constructing a secure network channel between the edge computing gateway and the server, and authenticating, encrypting and decrypting the data;
optimizing the MQTT interface, and taking the optimized MQTT interface as a communication interface between the edge computing gateway and the server;
carrying out instant communication between the edge computing gateway and the server based on a preset lightweight text communication protocol;
utilizing a communication system to monitor and schedule resources, and processing original data of the sensor according to the computing capability of the edge computing gateway;
and automatically reading the external file to perform device program module switching and device parameter and communication parameter configuration.
2. The edge computing gateway secure communication method according to claim 1, wherein the data is structured according to a preset structured design, and the generating and parsing the structured data through the preset various interfaces includes:
inputting various original data elements;
connecting the data elements by using a JSON function to form a character string;
judging whether the character string is legal or not;
and if the character string is legal, outputting the structured data.
3. The edge computing gateway security communication method of claim 2, wherein the data is structured according to a preset structured design, and the generating and analyzing the structured data through the preset interfaces further comprises:
inputting received data;
judging whether the received data is a legal JSON character string or not;
if the received data is a legal JSON character string, extracting various data elements from the JSON character string;
judging whether the received data belongs to the current equipment or not according to the head element;
and if the received data belongs to the current equipment, executing a receiving instruction.
4. The method of claim 1, wherein the constructing of the secure network channel between the edge computing gateway and the server, and the authenticating, encrypting and decrypting the data comprises:
the edge computing gateway requests the server to log in by using a user name and a password provided by the server;
after the server passes the verification, generating a random character string label, and sending the character string label to an edge computing gateway;
starting to exchange data, a sender, an edge computing gateway or a server sends data each time, a ciphertext is encrypted by using an SM2 algorithm, and a label FLAG is added at the head of the ciphertext;
the receiving party, the edge computing gateway or the server, firstly judges whether the head label is correct, receives if the head label is correct, starts the SM2 to decrypt the ciphertext, and discards if the head label is incorrect.
5. The edge computing gateway security communication method of claim 1, wherein the performing resource monitoring scheduling by using the communication system, and the processing of the raw data of the sensor according to the computing capability of the edge computing gateway comprises:
determining a first capability level and a second capability level, wherein the first capability level is the current computing capability level of the edge computing gateway, and the second capability level is the computing capability level required for processing the raw data of the sensor;
if the first capability level is larger than or equal to the second capability level, processing the original data of the sensor by the edge computing gateway;
and if the first capability level is smaller than the second capability level, the edge computing gateway sends the original sensor data to a server, the server processes the original sensor data, and a processing result is sent to the edge computing gateway.
6. An edge computing gateway secure communication system, comprising:
the data structuring module is used for carrying out structuring processing on the data according to a preset structuring design, and generating and analyzing the structured data through various preset interfaces;
the data security processing module is used for constructing a secure network channel between the edge computing gateway and the server and authenticating, encrypting and decrypting the data;
the interface optimization module is used for optimizing the MQTT interface and taking the optimized MQTT interface as a communication interface between the edge computing gateway and the server;
the protocol communication module is used for carrying out instant communication between the edge computing gateway and the server based on a preset lightweight text communication protocol;
the resource scheduling module is used for monitoring and scheduling resources by using a communication system and processing the original data of the sensor according to the computing capability of the edge computing gateway;
and the automatic configuration module is used for switching the device program modules by automatically reading the external files and configuring the device parameters and the communication parameters.
7. The edge computing gateway secure communication system of claim 6, wherein the data security processing module comprises:
a login request unit for requesting login to the server using a user name and a password provided by the server;
the device comprises a character string label generating unit, a character string label generating unit and an edge computing gateway, wherein the character string label generating unit is used for generating a random character string label and sending the character string label to the edge computing gateway;
the character string label adding unit is used for adding the character string label to the head of the data and sending the data to the server;
the data authentication unit is used for judging whether the character string label at the head of the ciphertext data is correct or not after the ciphertext data is received, receiving the ciphertext data if the character string label at the head of the ciphertext data is correct, and discarding the ciphertext data if the character string label at the head of the ciphertext data is incorrect;
and the data encryption unit is used for interacting two parties, namely the edge computing gateway and the server, after the data authentication unit, encrypting the data into ciphertext data by using SM2 during sending, and decrypting the ciphertext data into plaintext data by using SM2 during receiving.
8. The edge computing gateway secure communication system of claim 6, wherein the resource scheduling module comprises:
a capability level determination unit for determining a first capability level and a second capability level;
the first processing unit is used for processing the original data of the sensor if the first capability level is greater than or equal to the second capability level;
and the second processing unit is used for sending the raw sensor data to a server if the first capability level is smaller than the second capability level.
9. A terminal device comprising a memory, a processor and a computer program stored in the memory and executable on the processor, wherein the processor implements the functionality of the edge computing gateway of any of claims 1 to 5 when executing the computer program.
10. A server comprising a memory, a processor and a computer program stored in the memory and executable on the processor, characterized in that the processor implements the functions of the server according to any of claims 1 to 5 when executing the computer program.
CN202010104312.2A 2020-02-20 2020-02-20 Edge computing gateway secure communication method, system, terminal equipment and server Active CN110933118B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010104312.2A CN110933118B (en) 2020-02-20 2020-02-20 Edge computing gateway secure communication method, system, terminal equipment and server

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010104312.2A CN110933118B (en) 2020-02-20 2020-02-20 Edge computing gateway secure communication method, system, terminal equipment and server

Publications (2)

Publication Number Publication Date
CN110933118A true CN110933118A (en) 2020-03-27
CN110933118B CN110933118B (en) 2020-09-11

Family

ID=69854858

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010104312.2A Active CN110933118B (en) 2020-02-20 2020-02-20 Edge computing gateway secure communication method, system, terminal equipment and server

Country Status (1)

Country Link
CN (1) CN110933118B (en)

Cited By (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111371813A (en) * 2020-05-28 2020-07-03 杭州灿八科技有限公司 Big data network data protection method and system based on edge calculation
CN111443935A (en) * 2020-04-15 2020-07-24 中国电子信息产业集团有限公司第六研究所 Method, device and storage medium for processing algorithm task of industrial edge gateway
CN111639073A (en) * 2020-04-30 2020-09-08 深圳精匠云创科技有限公司 Edge computing access method and edge computing node device
CN111722943A (en) * 2020-06-06 2020-09-29 宋倩云 Big data processing method based on edge computing and central cloud server
CN111740994A (en) * 2020-06-22 2020-10-02 天畅智汇(广州)科技有限公司 High-throughput gateway based on edge calculation and implementation method thereof
CN112003686A (en) * 2020-07-24 2020-11-27 新华三大数据技术有限公司 Message format negotiation method and device
CN112019496A (en) * 2020-07-06 2020-12-01 浙江华云信息科技有限公司 Theme secure subscription method and device based on MQTT bus
CN112261080A (en) * 2020-09-14 2021-01-22 国网江苏省电力有限公司信息通信分公司 Edge Internet of things agent method applied to power Internet of things
CN112702171A (en) * 2020-12-23 2021-04-23 北京航空航天大学 Distributed identity authentication method facing edge gateway
CN113194156A (en) * 2021-07-01 2021-07-30 广州得一物联科技有限公司 Data synchronization method and system for edge device
CN113259418A (en) * 2021-04-25 2021-08-13 深圳市城市交通规划设计研究中心股份有限公司 Method, apparatus and computer-readable storage medium for transmitting data
CN113311809A (en) * 2021-05-28 2021-08-27 苗叶 Industrial control system-based safe operation and maintenance instruction blocking device and method
CN113852595A (en) * 2021-07-29 2021-12-28 四川天翼网络服务有限公司 Cross-network-segment encrypted communication method for embedded equipment
CN114205375A (en) * 2021-11-01 2022-03-18 国网浙江省电力有限公司信息通信分公司 Electric power data acquisition system based on edge internet of things agent equipment
CN114466356A (en) * 2022-01-29 2022-05-10 重庆邮电大学 Task unloading edge server selection method based on digital twin
CN114828007A (en) * 2022-04-30 2022-07-29 佛山技研智联科技有限公司 Data processing method, device and system based on edge gateway and edge gateway
CN116578427A (en) * 2023-07-13 2023-08-11 北京中电普华信息技术有限公司 Resource device scheduling method, electronic device and computer readable medium
WO2023168759A1 (en) * 2022-03-08 2023-09-14 Hong Kong Applied Science and Technology Research Institute Company Limited A system and a method for increasing network efficiency in a 5g-v2x network
CN112261080B (en) * 2020-09-14 2024-05-17 国网江苏省电力有限公司信息通信分公司 Edge internet of things proxy method applied to electric power internet of things

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102497427A (en) * 2011-12-13 2012-06-13 山东省建筑科学研究院 Method and device for realizing data acquisition services of renewable energy source monitoring system
WO2015184586A1 (en) * 2014-06-03 2015-12-10 华为技术有限公司 Openflow communication method, system, controller, and service gateway
CN106357524A (en) * 2016-11-25 2017-01-25 山东浪潮云服务信息科技有限公司 XMPP protocol-based instant message service method
CN108156222A (en) * 2017-12-06 2018-06-12 广东温氏食品集团股份有限公司 A kind of gateway system and method based on cultivation Internet of Things
CN108882006A (en) * 2018-07-03 2018-11-23 武汉斗鱼网络科技有限公司 A kind of conversion method of message format, device, storage medium and android terminal
CN109065143A (en) * 2018-09-10 2018-12-21 深圳市前海澳威智控科技有限责任公司 Intelligent guarding system custodial care facility collecting method
CN110166353A (en) * 2019-05-31 2019-08-23 四川璧虹众杰科技有限公司 LoRaWan gateway system and LoRaWan gateway
CN110300126A (en) * 2019-07-30 2019-10-01 中电科华北网络信息安全有限公司 A kind of industrialized agriculture information security cloud service system and monitoring method

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102497427A (en) * 2011-12-13 2012-06-13 山东省建筑科学研究院 Method and device for realizing data acquisition services of renewable energy source monitoring system
WO2015184586A1 (en) * 2014-06-03 2015-12-10 华为技术有限公司 Openflow communication method, system, controller, and service gateway
CN106357524A (en) * 2016-11-25 2017-01-25 山东浪潮云服务信息科技有限公司 XMPP protocol-based instant message service method
CN108156222A (en) * 2017-12-06 2018-06-12 广东温氏食品集团股份有限公司 A kind of gateway system and method based on cultivation Internet of Things
CN108882006A (en) * 2018-07-03 2018-11-23 武汉斗鱼网络科技有限公司 A kind of conversion method of message format, device, storage medium and android terminal
CN109065143A (en) * 2018-09-10 2018-12-21 深圳市前海澳威智控科技有限责任公司 Intelligent guarding system custodial care facility collecting method
CN110166353A (en) * 2019-05-31 2019-08-23 四川璧虹众杰科技有限公司 LoRaWan gateway system and LoRaWan gateway
CN110300126A (en) * 2019-07-30 2019-10-01 中电科华北网络信息安全有限公司 A kind of industrialized agriculture information security cloud service system and monitoring method

Cited By (26)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111443935A (en) * 2020-04-15 2020-07-24 中国电子信息产业集团有限公司第六研究所 Method, device and storage medium for processing algorithm task of industrial edge gateway
CN111639073A (en) * 2020-04-30 2020-09-08 深圳精匠云创科技有限公司 Edge computing access method and edge computing node device
CN111371813A (en) * 2020-05-28 2020-07-03 杭州灿八科技有限公司 Big data network data protection method and system based on edge calculation
CN111722943B (en) * 2020-06-06 2020-12-18 厦门吉快科技有限公司 Big data processing method based on edge computing and central cloud server
CN111722943A (en) * 2020-06-06 2020-09-29 宋倩云 Big data processing method based on edge computing and central cloud server
CN111740994A (en) * 2020-06-22 2020-10-02 天畅智汇(广州)科技有限公司 High-throughput gateway based on edge calculation and implementation method thereof
CN112019496A (en) * 2020-07-06 2020-12-01 浙江华云信息科技有限公司 Theme secure subscription method and device based on MQTT bus
CN112019496B (en) * 2020-07-06 2023-09-19 浙江华云信息科技有限公司 Theme security subscription method and device based on MQTT bus
CN112003686B (en) * 2020-07-24 2022-03-29 新华三大数据技术有限公司 Message format negotiation method and device
CN112003686A (en) * 2020-07-24 2020-11-27 新华三大数据技术有限公司 Message format negotiation method and device
CN112261080A (en) * 2020-09-14 2021-01-22 国网江苏省电力有限公司信息通信分公司 Edge Internet of things agent method applied to power Internet of things
CN112261080B (en) * 2020-09-14 2024-05-17 国网江苏省电力有限公司信息通信分公司 Edge internet of things proxy method applied to electric power internet of things
CN112702171A (en) * 2020-12-23 2021-04-23 北京航空航天大学 Distributed identity authentication method facing edge gateway
CN112702171B (en) * 2020-12-23 2021-10-15 北京航空航天大学 Distributed identity authentication method facing edge gateway
CN113259418A (en) * 2021-04-25 2021-08-13 深圳市城市交通规划设计研究中心股份有限公司 Method, apparatus and computer-readable storage medium for transmitting data
CN113311809A (en) * 2021-05-28 2021-08-27 苗叶 Industrial control system-based safe operation and maintenance instruction blocking device and method
CN113194156A (en) * 2021-07-01 2021-07-30 广州得一物联科技有限公司 Data synchronization method and system for edge device
CN113852595A (en) * 2021-07-29 2021-12-28 四川天翼网络服务有限公司 Cross-network-segment encrypted communication method for embedded equipment
CN113852595B (en) * 2021-07-29 2024-02-02 四川天翼网络服务有限公司 Cross-network-segment encryption communication method for embedded equipment
CN114205375A (en) * 2021-11-01 2022-03-18 国网浙江省电力有限公司信息通信分公司 Electric power data acquisition system based on edge internet of things agent equipment
CN114466356A (en) * 2022-01-29 2022-05-10 重庆邮电大学 Task unloading edge server selection method based on digital twin
CN114466356B (en) * 2022-01-29 2022-10-14 重庆邮电大学 Task unloading edge server selection method based on digital twin
WO2023168759A1 (en) * 2022-03-08 2023-09-14 Hong Kong Applied Science and Technology Research Institute Company Limited A system and a method for increasing network efficiency in a 5g-v2x network
CN114828007A (en) * 2022-04-30 2022-07-29 佛山技研智联科技有限公司 Data processing method, device and system based on edge gateway and edge gateway
CN116578427A (en) * 2023-07-13 2023-08-11 北京中电普华信息技术有限公司 Resource device scheduling method, electronic device and computer readable medium
CN116578427B (en) * 2023-07-13 2023-09-19 北京中电普华信息技术有限公司 Resource device scheduling method, electronic device and computer readable medium

Also Published As

Publication number Publication date
CN110933118B (en) 2020-09-11

Similar Documents

Publication Publication Date Title
CN110933118B (en) Edge computing gateway secure communication method, system, terminal equipment and server
CN108965230B (en) Secure communication method, system and terminal equipment
CN107888656B (en) Calling method and calling device of server-side interface
CN107483383B (en) Data processing method, terminal, background server and storage medium
EP1906584A1 (en) Method, system and device for game data transmission
CN110493258A (en) Proof of identity method and relevant device based on TOKEN token
CN113132394B (en) Request processing system, method and device, storage medium and electronic equipment
CN107517194B (en) Return source authentication method and device of content distribution network
CN106972919B (en) Key negotiation method and device
CN108769743B (en) Video playing control method, system, node and computer storage medium
CN104579657A (en) Method and device for identity authentication
CN111934873A (en) Bidding file encryption and decryption method and device
CN112235237A (en) Access method, system, device and medium based on multiple security protocols
CN109302425B (en) Identity authentication method and terminal equipment
CN113726743B (en) Method, device, equipment and medium for detecting network replay attack
CN110858834B (en) User information transmission method, device, system and computer readable storage medium
CN103716280A (en) Data transmission method, server and system
CN110602133B (en) Intelligent contract processing method, block chain management device and storage medium
CN112073963A (en) Communication interaction data transmission method and device
CN111246407A (en) Data encryption and decryption method and device for short message transmission
CN116633582A (en) Secure communication method, apparatus, electronic device and storage medium
CN114650181B (en) E-mail encryption and decryption method, system, equipment and computer readable storage medium
CN115766902A (en) Method, device, equipment and medium for transmitting non-sensitive data through QUIC
CN111783158B (en) Method for guaranteeing security of electronic contract
CN110995730B (en) Data transmission method and device, proxy server and proxy server cluster

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
CB03 Change of inventor or designer information

Inventor after: Zhang Xiaochun

Inventor after: Qiu Jiandong

Inventor after: Zhou Ziyi

Inventor after: Zhang Xinyu

Inventor after: Wang Yu

Inventor after: Xiuke Ding

Inventor after: Zhou Yihui

Inventor before: Zhang Xiaochun

Inventor before: Qiu Jiandong

Inventor before: Zhang Xinyu

Inventor before: Wang Yu

Inventor before: Xiuke Ding

Inventor before: Zhou Yihui

CB03 Change of inventor or designer information
GR01 Patent grant
GR01 Patent grant