CN113098964B - Communication connection establishing method and device, storage medium and electronic equipment - Google Patents

Communication connection establishing method and device, storage medium and electronic equipment Download PDF

Info

Publication number
CN113098964B
CN113098964B CN202110356462.7A CN202110356462A CN113098964B CN 113098964 B CN113098964 B CN 113098964B CN 202110356462 A CN202110356462 A CN 202110356462A CN 113098964 B CN113098964 B CN 113098964B
Authority
CN
China
Prior art keywords
target client
identity information
communication connection
target
site
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110356462.7A
Other languages
Chinese (zh)
Other versions
CN113098964A (en
Inventor
曹小勐
崔秋菊
陈俊
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Rudong Zhongtian Energy Management Co ltd
Original Assignee
Rudong Zhongtian Energy Management Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Rudong Zhongtian Energy Management Co ltd filed Critical Rudong Zhongtian Energy Management Co ltd
Priority to CN202110356462.7A priority Critical patent/CN113098964B/en
Publication of CN113098964A publication Critical patent/CN113098964A/en
Application granted granted Critical
Publication of CN113098964B publication Critical patent/CN113098964B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • H04L67/141Setup of application sessions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W76/00Connection management
    • H04W76/10Connection setup

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a method and a device for establishing communication connection, a storage medium and electronic equipment. Wherein, the method comprises the following steps: under the condition that a first connection request triggered on a target client is obtained, verifying first identity information of the target client, wherein the first connection request is used for requesting to establish communication connection between the target client and site equipment; under the condition that a second connection request triggered on the site equipment is obtained, verifying second identity information of the site equipment, wherein the second connection request is used for requesting to establish communication connection between the site equipment and a target client; and under the condition that the first identity information and the second identity information are verified, establishing a communication connection between the site equipment and the target client. The invention solves the technical problem that the communication safety can not be ensured because enough comprehensive safety factors are not considered in the process of establishing the communication connection.

Description

Communication connection establishing method and device, storage medium and electronic equipment
Technical Field
The present invention relates to the field of communications, and in particular, to a method and an apparatus for establishing a communication connection, a storage medium, and an electronic device.
Background
In recent years, enterprises have increasingly strong demands for unmanned management in the whole process of equipment management, production management, safety management, technical supervision and the like. In order to meet the above management requirements, it is usually necessary to connect functional areas dispersed in different areas together, so as to share resources and perform cooperative work, thereby improving the work efficiency.
However, in the related art, the implementation of the above connection often requires a public network with low access cost to transmit private data, for example, a third-party-based network interaction platform is used to establish communication connections between two interaction parties, so as to implement data interaction in a virtual network, but in the above method, since all data interactions are based on the communication connections established by the third-party network platform, it is difficult to ensure the security of data interaction; meanwhile, in a safety protection section, a third-party network platform considers platform compatibility, and excessive safety limit cannot be performed on data interaction of a specific enterprise, so that the network safety problem is very prominent.
That is, in the related art, there is a technical problem that the communication security cannot be ensured because a sufficiently comprehensive security factor is not considered in the establishment process of the communication connection.
In view of the above problems, no effective solution has been proposed.
Disclosure of Invention
The embodiment of the invention provides a method and a device for establishing communication connection, a storage medium and electronic equipment, which are used for at least solving the technical problem that the communication safety cannot be ensured because enough comprehensive safety factors are not considered in the establishing process of the communication connection.
According to an aspect of the embodiments of the present invention, there is provided a method for establishing a communication connection, including: under the condition of acquiring a first connection request triggered on a target client, verifying first identity information of the target client, wherein the first connection request is used for requesting to establish communication connection between the target client and site equipment; under the condition that a second connection request triggered on the site equipment is acquired, verifying second identity information of the site equipment, wherein the second connection request is used for requesting to establish communication connection between the site equipment and the target client; and establishing a communication connection between the site equipment and the target client under the condition that the first identity information and the second identity information are verified.
As an optional solution, the verifying the first identity information of the target client includes: calling target identity information, wherein the target identity information is used for representing identity information of a client which forbids/allows to establish communication connection with the site equipment; and verifying the first identity information according to the target identity information.
As an optional scheme, the verifying the first identity information according to the target identity information includes: under the condition that the matching degree of the first identity information and the blacklist identity information in the target identity information reaches a first threshold value, generating a first verification result for indicating that the target client side fails to verify; and under the condition that the matching degree of the first identity information and the white list identity information in the target identity information reaches a second threshold value, generating a second verification result for indicating that the target client side passes the verification.
As an optional solution, after the establishing of the communication connection between the station device and the target client, the method includes: acquiring authority information of the target client, wherein the authority information is used for indicating interactive information allowed to be transmitted in a communication connection established between the target client and the site equipment; and verifying the operation request triggered on the target client according to the authority information of the target client.
As an optional scheme, the verifying the operation request triggered by the target client according to the authority information of the target client includes: under the condition that a control operation request triggered on the target client is obtained, determining the information matching degree between the interactive information corresponding to the control operation request and the authority information of the target client, wherein the control operation request is used for requesting to control target equipment associated with the site equipment to execute target operation; and when the information matching degree reaches a third threshold value, sending the control operation request to the site equipment through a communication connection between the site equipment and the target client, so that the site equipment responds to the control operation request to control the target equipment to execute the target operation.
As an optional solution, after the verifying the operation request triggered by the target client according to the authority information of the target client, the method includes: and under the condition that the operation request passes the verification, sending the operation request to a first submodule of the site equipment through the communication connection between the site equipment and the target client, wherein the first submodule is used for controlling equipment related to the site equipment.
As an optional solution, before the verifying the second identity information of the station device, the method includes: and acquiring the second connection request triggered by a second submodule of the site equipment, wherein the second submodule is used for establishing communication connection.
According to another aspect of the embodiments of the present invention, there is also provided an apparatus for establishing a communication connection, including: the system comprises a first verification unit, a second verification unit and a third verification unit, wherein the first verification unit is used for verifying first identity information of a target client under the condition of acquiring a first connection request triggered on the target client, and the first connection request is used for requesting to establish communication connection between the target client and site equipment; a second verification unit, configured to perform verification processing on second identity information of the site device when a second connection request triggered on the site device is acquired, where the second connection request is used to request establishment of a communication connection between the site device and the target client; a first establishing unit, configured to establish a communication connection between the station device and the target client if the first identity information and the second identity information are both verified.
As an optional solution, the first verification unit includes: a calling module, configured to call target identity information, where the target identity information is used to indicate identity information of a client that prohibits/allows a communication connection with the site device; and the verification module is used for verifying the first identity information according to the target identity information.
As an optional solution, the verification module includes: the first generation submodule is used for generating a first verification result for indicating that the target client side fails to verify under the condition that the matching degree of the first identity information and the blacklist identity information in the target identity information reaches a first threshold value; and the second generation submodule is used for generating a second verification result for indicating that the target client side passes the verification under the condition that the matching degree of the first identity information and the white list identity information in the target identity information reaches a second threshold value.
As an alternative, the method comprises the following steps: a first obtaining unit, configured to obtain permission information of the target client after the communication connection between the station device and the target client is established, where the permission information is used to indicate interaction information that is allowed to be transmitted in the communication connection established between the target client and the station device; a third verifying unit, configured to, after the communication connection between the site device and the target client is established, perform verification processing on an operation request triggered by the target client according to the authority information of the target client.
As an optional solution, the third verification unit includes: a determining module, configured to determine, when a control operation request triggered on the target client is obtained, an information matching degree between interaction information corresponding to the control operation request and permission information of the target client, where the control operation request is used to request a target device associated with the site device to perform a target operation; a first sending module, configured to send the control operation request to the site device through a communication connection between the site device and the target client when the information matching degree reaches a third threshold, so that the site device responds to the control operation request to control the target device to perform the target operation.
As an alternative, the method comprises the following steps: a second sending module, configured to, after the operation request triggered by the target client is verified according to the permission information of the target client, send the operation request to a first sub-module of the site device through a communication connection between the site device and the target client when the operation request passes verification, where the first sub-module is used to control a device associated with the site device.
As an alternative, the method comprises the following steps: a second obtaining unit, configured to obtain, before the second identity information of the station device is verified, the second connection request triggered by a second submodule of the station device, where the second submodule is used to establish a communication connection.
According to another aspect of the embodiments of the present invention, there is also provided a computer-readable storage medium, in which a computer program is stored, where the computer program is configured to execute the above-mentioned method for establishing a communication connection when running.
According to another aspect of the embodiments of the present invention, there is also provided an electronic device, including a memory, a processor, and a computer program stored in the memory and executable on the processor, wherein the processor executes the method for establishing a communication connection through the computer program.
In the embodiment of the invention, under the condition of acquiring a first connection request triggered on a target client, verifying the first identity information of the target client, wherein the first connection request is used for requesting to establish communication connection between the target client and site equipment; under the condition that a second connection request triggered on the site equipment is acquired, verifying second identity information of the site equipment, wherein the second connection request is used for requesting to establish communication connection between the site equipment and the target client; the method comprises the steps of establishing communication connection between the site equipment and the target client under the condition that the first identity information and the second identity information are verified, limiting the establishment conditions of the communication connection between the target client and the site equipment to be that the identity information of the target client and the identity information of the site equipment are verified, and utilizing a dual-identity detection mode to achieve the technical purpose of ensuring that two parties establishing the communication connection are in a safe state, so that the technical effect of improving the safety factor of the communication connection is achieved, and the technical problem that the communication safety cannot be ensured due to the fact that enough comprehensive safety factors are not considered in the establishment process of the communication connection is solved.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the invention and together with the description serve to explain the invention and do not constitute a limitation of the invention. In the drawings:
fig. 1 is a schematic diagram of an application environment of an alternative communication connection establishment method according to an embodiment of the present invention;
fig. 2 is a schematic diagram of a flow chart of an alternative communication connection establishment method according to an embodiment of the present invention;
fig. 3 is a schematic diagram of an alternative communication connection establishment method according to an embodiment of the present invention;
fig. 4 is a schematic diagram of an alternative communication connection establishment method according to an embodiment of the present invention;
fig. 5 is a schematic diagram of an alternative communication connection establishment method according to an embodiment of the present invention;
fig. 6 is a schematic diagram of an alternative communication connection establishment method according to an embodiment of the present invention;
fig. 7 is a schematic diagram of an alternative communication connection establishment method according to an embodiment of the present invention;
fig. 8 is a schematic diagram of an alternative communication connection establishment method according to an embodiment of the present invention;
fig. 9 is a schematic diagram of an alternative communication connection establishing apparatus according to an embodiment of the present invention;
fig. 10 is a schematic structural diagram of an alternative electronic device according to an embodiment of the invention.
Detailed Description
In order to make the technical solutions of the present invention better understood, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be obtained by a person skilled in the art without making any creative effort based on the embodiments in the present invention, shall fall within the protection scope of the present invention.
It should be noted that the terms "first," "second," and the like in the description and claims of the present invention and in the drawings described above are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the invention described herein are capable of operation in sequences other than those illustrated or described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
According to an aspect of the embodiments of the present invention, a method for establishing a communication connection is provided, and optionally, as an optional implementation manner, the method for establishing a communication connection may be applied, but not limited, to the environment shown in fig. 1. The system may include, but is not limited to, a user equipment 102, a network 110, and a server 112, wherein the user equipment 102 may include, but is not limited to, a display 108, a processor 106, and a memory 104.
The specific process comprises the following steps:
step S102-1, the user equipment 102-1 obtains a first connection request, where the user equipment 102-1 may be, but is not limited to, an equipment running with the target client 1022;
step S102-2, the user equipment 102-2 obtains a second connection request, where the user equipment 102-2 may be, but is not limited to, a site equipment 1026 associated with a target site 1024 (e.g., site a);
step S104-1, S104-2, S106-1, S106-2, the user equipment 102 sends the first connection request and the second connection request to the server 112 through the network 110;
step S108, the server 112 performs an authentication process on the first connection request and the second connection request through the processing engine 116, so as to generate an authentication result;
steps S110-1, S110-2, S112-1, S112-2, the server 112 sends the verification result to the user device 102-1 and the user device 102-2 through the network 110, respectively, the processor 106-1 in the user device 102-1 displays the verification result on the display 108-1 and stores the verification result in the memory 104-1, and similarly, the processor 106-2 in the user device 102-2 displays the verification result on the display 108-2 and stores the verification result in the memory 104-2.
Optionally, as an optional implementation manner, as shown in fig. 2, the method for establishing a communication connection includes:
s202, under the condition that a first connection request triggered on a target client is obtained, verifying first identity information of the target client, wherein the first connection request is used for requesting to establish communication connection between the target client and site equipment;
s204, under the condition that a second connection request triggered on the site equipment is obtained, verifying second identity information of the site equipment, wherein the second connection request is used for requesting to establish communication connection between the site equipment and a target client;
s206, under the condition that the first identity information and the second identity information are verified, establishing communication connection between the site equipment and the target client.
Optionally, in this embodiment, the method for establishing a communication connection may be, but not limited to, applied in an application scenario where a management and control center manages communication devices dispersed in power plant areas of different areas in real time through software and hardware of a private cloud server and internet resources thereof, and specifically, for example, when the private cloud server obtains a first connection request triggered on a client of the management and control center, the private cloud server verifies first identity information of the management and control center; under the condition that the private cloud server obtains a second connection request triggered on communication equipment in a power plant area of the target area, verifying second identity information of the communication equipment; and under the condition that the first identity information and the second identity information are verified, establishing communication connection between the management and control center client and communication equipment in the power plant area of the target area through the private cloud server.
It should be noted that, traditional energy power generation enterprises have a high degree of centralization in the production management process and relatively centralized power generation places, and a large amount of daily operation, maintenance and management work is completed by operation and maintenance personnel on the power generation site. New energy power generation is highly valued by society and industry due to the characteristics of clean and clean power generation process. Most new energy power generation enterprises have low production process centralization degree, high power generation place decentralization degree and long distance, and simultaneously, a large number of power generation places are operated without being managed by people. The short plates for production, operation and maintenance management are further exposed along with the explosive growth of the new energy power generation project.
Aiming at the pain points existing in production management of new energy power generation enterprises, latest information technologies such as internet of things, artificial intelligence, cloud computing and mobile application are introduced into a production management system of the new energy enterprises, and the application of the new technologies meets the requirement of the new energy power generation enterprises on unmanned management of the overall process of equipment management, production management, safety management, technical supervision and the like of each scattered power generation place. Based on the management requirements, new energy enterprises need to connect all power generation areas scattered in different areas together so as to share resources and work cooperatively, and the working efficiency is improved, so that the data interaction network of the enterprise centralized control center and each power generation station becomes the core support of the new energy enterprise production management system.
However, the traditional private line networking mode is expensive, and the burden of common small and medium-sized enterprises is difficult. At the moment, a low-cost virtual networking technology is established based on network resources and network security protection resources of the existing cloud end system platform of the enterprise. The virtual networking technology can transmit private data by using a public network accessed cheaply, and has cost advantage compared with a traditional private line networking mode, so that the virtual networking technology is adopted by many new energy enterprises, but in the concrete technology implementation process, the virtual networking technology is constructed by many enterprises on third-party network service providers, and huge network security and data security risks exist for new energy production enterprises. A technical scheme of a communication management terminal based on enterprise 'private cloud' safety control is provided in the application background, on one hand, the data interaction requirement in a new energy enterprise can be achieved based on a virtual networking technology, meanwhile, the whole network is built based on an enterprise's own' cloud platform ', and the communication safety and data safety problems of a virtual network built in the enterprise are solved by utilizing network resources and storage resources of the enterprise's own 'cloud' platform.
Optionally, in this embodiment, the site device may be, but is not limited to, all or part of the device within the power plant floor for regulating the target area.
Optionally, in this embodiment, the first identity information may be, but is not limited to, internet Protocol Address (IP) information, media Access Control Address (MAC) information, and the like of the target client.
Optionally, in this embodiment, the second identity information may be, but is not limited to, device identification information, device status information, device authentication information, and the like of the station device
Optionally, in this embodiment, the communication connection between the target client and the site device may be, but is not limited to, a network data interaction channel established by a private cloud server, where the private cloud server may be, but is not limited to, a cloud server that allows the target account to log in and use;
optionally, in this embodiment, from the perspective of network security, the private cloud server has a higher effective protection capability due to its unique non-public characteristic and service customization characteristic, and also has a better signal-to-noise ratio and less noisy malicious attacks on the network, which cannot be achieved by other "public cloud servers" or the network mapping platform in the third aspect.
It should be noted that, by limiting the establishment condition of the communication connection between the target client and the site device to that the identity information of both the target client and the site device needs to be verified, and using a dual-identity detection method, the establishment of the communication connection between the target client and the site device can be realized without increasing investment, and both parties establishing the communication connection can be ensured to be in a safe state.
For further example, optionally, for example, as shown in fig. 3, the cloud server 304 acquires a first connection request triggered on the target client 302, and verifies, by the cloud server 304, the first identity information of the target client 302 through the first connection request; the cloud server 304 acquires a second connection request triggered by the site equipment 308 corresponding to the target site 306, and verifies second identity information of the site equipment 308 through the second connection request by the cloud server 304; in the event that both the first identity information and the second identity information are verified, a communication connection 310 between the site device 308 and the target client 302 is established through the cloud server 304.
According to the embodiment provided by the application, under the condition that a first connection request triggered on a target client is obtained, first identity information of the target client is verified, wherein the first connection request is used for requesting to establish communication connection between the target client and site equipment; under the condition that a second connection request triggered on the site equipment is obtained, verifying second identity information of the site equipment, wherein the second connection request is used for requesting to establish communication connection between the site equipment and a target client; the method comprises the steps that under the condition that first identity information and second identity information are verified, communication connection between the site equipment and a target client is established, the condition for establishing the communication connection between the target client and the site equipment is limited to the condition that the identity information of the target client and the identity information of the site equipment need to be verified, and a double identity detection mode is utilized, so that the technical purpose of ensuring that two parties establishing the communication connection are in a safe state is achieved, and the technical effect of improving the safety factor of the communication connection is achieved.
As an optional solution, the verifying the first identity information of the target client includes:
s1, calling target identity information, wherein the target identity information is used for representing identity information of a client which forbids/allows communication connection with site equipment;
and S2, verifying the first identity information according to the target identity information.
It should be noted that, target identity information is called, where the target identity information is used to indicate identity information of a client that prohibits/allows establishing a communication connection with the site device; and verifying the first identity information according to the target identity information.
By the embodiment provided by the application, target identity information is called, wherein the target identity information is used for representing identity information of a client which forbids/allows a communication connection with the site equipment; and the first identity information is verified according to the target identity information, so that the effect of improving the safety factor of communication connection is realized.
As an optional scheme, performing verification processing on the first identity information according to the target identity information includes:
s1, under the condition that the matching degree of the first identity information and blacklist identity information in target identity information reaches a first threshold value, generating a first verification result for indicating that the target client fails to verify;
and S2, under the condition that the matching degree of the first identity information and the white list identity information in the target identity information reaches a second threshold value, generating a second verification result for indicating that the target client side passes the verification.
Optionally, in this embodiment, the blacklist identity information and the whitelist identity information may correspond to each other, and the matching operation of the blacklist identity information/whitelist identity information may be related to, but not limited to, enabling of the blacklist/whitelist, for example, in a case of starting the blacklist, the identity information listed in the blacklist will fail to be verified; conversely, in the case where white-listing is initiated, the identity information of the white-listing, for example, will be verified.
Optionally, in this embodiment, but not limited to, a first matching degree between the first identity information and blacklist identity information in the target identity information and a second matching degree between the first identity information and whitelist identity information in the target identity information may be respectively obtained, integration processing is performed on the first matching degree and the second matching degree, and a third verification result used for indicating that the target client passes verification is generated when a third matching degree obtained after the integration processing reaches a matching threshold.
It should be noted that, under the condition that the matching degree between the first identity information and the blacklist identity information in the target identity information reaches a first threshold, a first verification result for indicating that the target client fails to verify is generated; and under the condition that the matching degree of the first identity information and the white list identity information in the target identity information reaches a second threshold value, generating a second verification result for indicating that the target client side passes the verification.
For further example, optionally, as shown in fig. 4, for example, first identity information 402 is obtained, and a verification operation is performed on the first identity information 402, specifically, a first matching degree between the first identity information 402 and identity information in a blacklist 404 is obtained, and in a case that the first matching degree reaches a first threshold, a verification result 408 for indicating that the verification fails is generated; or, a second matching degree between the first identity information 402 and the identity information in the white list 406 is obtained, and in a case that the second matching degree reaches a second threshold, a verification result 408 indicating that the verification is passed is generated.
According to the embodiment provided by the application, under the condition that the matching degree of the first identity information and the blacklist identity information in the target identity information reaches a first threshold value, a first verification result for indicating that the target client side fails to verify is generated; and under the condition that the matching degree of the first identity information and the white list identity information in the target identity information reaches a second threshold value, generating a second verification result for indicating that the target client passes the verification, thereby realizing the effect of improving the safety factor of the communication connection.
As an optional scheme, after establishing the communication connection between the site device and the target client, the method includes:
s1, acquiring authority information of a target client, wherein the authority information is used for expressing interactive information allowed to be transmitted in a communication connection established between the target client and site equipment;
and S2, verifying the operation request triggered on the target client according to the authority information of the target client.
Optionally, in this embodiment, the operation request may include, but is not limited to, at least one of the following: control operation requests, access operation requests, modify operation requests, and the like.
It should be noted that, authority information of the target client is obtained, where the authority information is used to indicate interaction information that is allowed to be transmitted in the communication connection established between the target client and the site device; and verifying the operation request triggered on the target client according to the authority information of the target client.
According to the embodiment provided by the application, the authority information of the target client is obtained, wherein the authority information is used for expressing the interactive information allowed to be transmitted in the communication connection established between the target client and the site equipment; and verifying the operation request triggered on the target client according to the authority information of the target client, so that the aim of finishing more flexible data interaction is fulfilled, and the effect of improving the flexibility of the data interaction is realized.
As an optional scheme, performing verification processing on an operation request triggered on a target client according to authority information of the target client includes:
s1, under the condition that a control operation request triggered on a target client is obtained, determining the information matching degree between interactive information corresponding to the control operation request and authority information of the target client, wherein the control operation request is used for requesting target equipment associated with control site equipment to execute target operation;
and S2, under the condition that the information matching degree reaches a third threshold value, sending the control operation request to the site equipment through the communication connection between the site equipment and the target client, so that the site equipment responds to the control operation request to control the target equipment to execute the target operation.
Optionally, in this embodiment, it is assumed that the site device is used to regulate all devices within the power plant area of the target zone, and the target device may be, but is not limited to be, used to represent all devices within the power plant area of the target zone.
It should be noted that, in the case of acquiring a control operation request triggered on a target client, determining an information matching degree between interaction information corresponding to the control operation request and permission information of the target client, where the control operation request is used to request target equipment associated with a control station device to execute a target operation; and under the condition that the information matching degree reaches a third threshold value, sending the control operation request to the site equipment through communication connection between the site equipment and the target client, so that the site equipment responds to the control operation request to control the target equipment to execute the target operation.
For further example, optionally, for example, as shown in fig. 5, assuming that the site device is used for regulating and controlling a target device in a photovoltaic station of a target area, the method for establishing a communication connection may be, but is not limited to, receiving, by a private cloud server 504, a first connection request triggered by a remote client 502, and a second connection request (corresponding to photovoltaic station 1) and a third connection request (corresponding to photovoltaic station 2) triggered by site devices of photovoltaic station 1 and photovoltaic station 2, respectively;
furthermore, the first connection request, the second connection request and the third connection request are verified, and the second connection request and the third connection request are verified again according to the connection identifier carried in the first connection request under the condition that the identity information of the remote client 502 is verified, and if the connection identifier is used for indicating that the request establishes communication connection with the site equipment corresponding to the photovoltaic station 1, the second connection request is verified to be passed, and the third connection request is verified to be failed;
further, a communication connection between the site device corresponding to the photovoltaic station 1 and the remote client 502 is established by the private cloud server 504, and based on this, the remote client 502 can send related data, such as a control request, an access request, and the like, to the site device corresponding to the photovoltaic station 1 through the communication connection;
furthermore, under the condition that the remote client 502 sends an access request to the site device corresponding to the photovoltaic station 1 through the communication connection, the private cloud server 504 first verifies whether the access operation request conforms to the permission information of the remote client 502, and if so, forwards the access operation request to the site device corresponding to the photovoltaic station 1; the station device corresponding to the photovoltaic station 1 responds to the access operation request, and provides access information corresponding to the access operation request for the remote client 502;
similarly, when the remote client 502 sends the control operation request to the site device corresponding to the photovoltaic station 1 through the communication connection, the private cloud server 504 first verifies whether the control operation request conforms to the permission information of the remote client 502, and if so, forwards the control operation request to the site device corresponding to the photovoltaic station 1; the station device corresponding to the photovoltaic station 1 responds to the control operation request, and provides an operation execution result corresponding to the control operation request for the remote client 502.
According to the embodiment provided by the application, under the condition that a control operation request triggered on a target client is obtained, the information matching degree between the interactive information corresponding to the control operation request and the authority information of the target client is determined, wherein the control operation request is used for requesting target equipment associated with control site equipment to execute target operation; and under the condition that the information matching degree reaches a third threshold value, sending the control operation request to the site equipment through the communication connection between the site equipment and the target client so that the site equipment responds to the control operation request to control the target equipment to execute the target operation.
As an optional scheme, after performing verification processing on an operation request triggered on a target client according to authority information of the target client, the method includes:
and under the condition that the operation request passes the verification, sending the operation request to a first submodule of the site equipment through the communication connection between the site equipment and the target client, wherein the first submodule is used for controlling equipment related to the site equipment.
It should be noted that, when the operation request passes the verification, the operation request is sent to the first sub-module of the site device through the communication connection between the site device and the target client, where the first sub-module is used to control the device associated with the site device.
Further by way of example, optionally based on the scenario shown in fig. 5, continuing with the scenario shown in fig. 6, the site device may include, but is not limited to, at least one of the following: a remote connection module, a pair down mapping module (i.e., a first sub-module). The remote connection module is used for establishing communication connection, and the lower mapping module is used for issuing a control/access instruction so as to control the equipment (such as equipment A and equipment B) associated with the site equipment.
According to the embodiment provided by the application, under the condition that the operation request passes the verification, the operation request is sent to the first submodule of the site equipment through the communication connection between the site equipment and the target client, wherein the first submodule is used for controlling the equipment related to the site equipment, the purpose of refining the control granularity of the equipment is achieved, and the effect of improving the control accuracy of the equipment is achieved.
As an optional scheme, before the verifying process is performed on the second identity information of the station device, the method includes:
and acquiring a second connection request triggered on a second submodule of the site equipment, wherein the second submodule is used for establishing communication connection.
It should be noted that a second connection request triggered by a second submodule of the station device is obtained, where the second submodule is used to establish a communication connection.
For further illustration, optionally based on the scenario shown in fig. 5, and continuing as shown in fig. 6, the station device may include, but is not limited to, at least one of the following: a remote connection module (i.e., a second sub-module), a pair of down-mapping modules. The remote connection module is used for establishing communication connection, and the down-mapping module is used for issuing a control/access instruction to control the equipment (such as equipment A and equipment B) associated with the site equipment.
According to the embodiment provided by the application, the second connection request triggered on the second submodule of the site equipment is obtained, wherein the second submodule is used for establishing communication connection, the purpose of refining the control granularity of the equipment is achieved, and the effect of improving the control accuracy of the equipment is achieved.
As an optional scheme, for convenience of understanding, a technical scheme of a communication management terminal based on enterprise "private cloud" security control is taken as an example for illustration, specifically, the communication management terminal based on enterprise "private cloud" security control is based on an ARM cortex-A8 architecture, a CPU main frequency 600MHz, a memory module with 256M, and the terminal integrates 2 paths of ethernet, 1 GRPS communication module, and 1 WIFI communication module. The indicator lights are concentrated on the front panel, the external interfaces of all the communication interfaces are arranged on the back panel of the device, and the ethernet adopts a standard RJ45 connector, which can be specifically shown in fig. 7 and 8;
on one hand, the communication management terminal can realize access with an enterprise 'private cloud' platform through a gateway in a photovoltaic power station or a self-contained 4G network. On the other hand, the communication management terminal is accessed to a local area network to provide communication mapping and data service for the network equipment in the station;
a network data interaction channel is constructed through the 'private cloud' of the enterprise, and from the perspective of network security, the 'private cloud' of the enterprise self-constructed by the enterprise has higher effective protection capability due to the specific non-public characteristic and the service customization characteristic, and also has better signal-to-noise ratio and less noisy network malicious attack. The enterprise "private cloud" can rely entirely on whitelists to block connection requests to unknown network terminals. Meanwhile, the enterprise 'private cloud' can limit the corresponding network data access authority according to the authority of the connected user, which cannot be realized by other 'public clouds' or the third-aspect network mapping platform. The discovery makes full use of the existing 'private cloud' network and security protection resources of enterprises. The method has the technical advantages that the method is used for constructing the data interaction network between the enterprise operation and maintenance center and each distributed photovoltaic station, and not only can the networking of the power generation stations in different places be realized on the premise of not increasing the investment; and moreover, the utilization rate of the 'private cloud' of the enterprise is improved, and the new energy enterprise owner support is obtained more easily.
It should be noted that, by adopting the above technical scheme, on one hand, the data interaction requirement inside the new energy enterprise can be realized based on the virtual networking technology, and on the other hand, the whole network construction core is based on the own cloud platform of the enterprise, and the communication safety and data safety problems of the virtual network built inside the enterprise are solved by using the network resources and the storage resources of the own cloud platform of the enterprise.
For further example, the implementation of the technical solution can be specifically realized by two parts, namely a remote connection module and an in-station mapping module, and an application mode that data interaction can be performed with in-station devices or application services only by a dedicated line access or a third-party network mapping platform is changed to be realized only by connecting an enterprise 'private cloud' platform, and the number of stations and the number of in-station devices or application services to be mapped can be adjusted at any time according to business needs.
The remote connection module is mainly responsible for data connection between the in-station terminal and the enterprise private cloud master station, and on one hand, the intelligent terminal can realize network connection with the enterprise private cloud master station based on an original in-station internet channel or a self-contained 4G channel; and on the other hand, the intelligent terminal realizes the communication connection between the terminal and the cloud master station through the security authorization of the enterprise private cloud platform. The enterprise private cloud can grant network access permission and related data interaction permission rules to a plurality of photovoltaic power station intelligent terminals based on strict network security protection requirements in the authorization process. After completing data connection of the relevant cloud master station, the intelligent terminal constructs a private data interaction channel based on a TCP/IP protocol, and provides a private transmission channel for the lower mapping module.
The lower mapping mode is mainly responsible for port mapping of intelligent equipment or application service in the station. After the intelligent terminal is authorized and configured by a manager, the intelligent terminal can register a service port of a relevant intelligent device (RTU or other management device) or other application system in the station to the remote connection module. After the registration of the related service port is completed, the external client can acquire the data access authority of the related equipment of the specific photovoltaic station through an authorization mechanism of the enterprise private cloud platform, and the remote connection module is responsible for transferring the access request of the external client to the downward mapping module; after the lower mapping module is confirmed, specific network data transmission is carried out through the remote connection module and the built private TCP/IP channel of the enterprise private cloud platform. In the process, the network access security control is controlled by the enterprise cloud platform, and the requirement of security protection in an enterprise is met; network data interaction is transferred in an enterprise internal server, and protection requirements of enterprise internal data safety are met.
Through the embodiment provided by the application, the data interaction mode between the photovoltaic station internal equipment or application service and the remote client terminal constructed by adopting the technical scheme not only reduces the investment cost for constructing a special line, but also avoids the hidden risks of network safety and data safety caused by using a third-party network platform, greatly improves the flexibility and the safety of network data interaction between different power generation areas of a new energy enterprise,
it should be noted that, for simplicity of description, the above-mentioned method embodiments are described as a series of acts or combination of acts, but those skilled in the art will recognize that the present invention is not limited by the order of acts, as some steps may occur in other orders or concurrently in accordance with the invention. Further, those skilled in the art should also appreciate that the embodiments described in the specification are preferred embodiments and that the acts and modules referred to are not necessarily required by the invention.
According to another aspect of the embodiment of the present invention, there is also provided a communication connection establishing apparatus for implementing the communication connection establishing method. As shown in fig. 9, the apparatus includes:
a first verification unit 902, configured to perform verification processing on first identity information of a target client when a first connection request triggered on the target client is obtained, where the first connection request is used to request establishment of a communication connection between the target client and a site device;
a second verifying unit 904, configured to verify second identity information of the site device when a second connection request triggered on the site device is obtained, where the second connection request is used to request establishment of a communication connection between the site device and the target client;
a first establishing unit 906, configured to establish a communication connection between the station device and the target client if the first identity information and the second identity information are both verified.
Optionally, in this embodiment, the communication connection establishing apparatus may be, but not limited to, applied to an application scenario in which a management and control center manages communication devices dispersed in power plant areas of different areas in real time through software, hardware, and internet resources of a private cloud server, and specifically, for example, when the private cloud server acquires a first connection request triggered on a client of the management and control center, the first identity information of the management and control center is verified; under the condition that the private cloud server obtains a second connection request triggered on communication equipment in a power plant area of the target area, verifying second identity information of the communication equipment; and under the condition that the first identity information and the second identity information are verified, establishing communication connection between the management and control center client and communication equipment in the power plant area of the target area through the private cloud server.
It should be noted that, traditional energy power generation enterprises have a high degree of centralization in the production management process and relatively centralized power generation places, and a large amount of daily operation, maintenance and management work is completed by operation and maintenance personnel on the power generation site. New energy power generation is well valued by society and industry due to the characteristics of clean and clean power generation process. Most new energy power generation enterprises have low production process centralization degree, high power generation place dispersion degree and long distance, and meanwhile, a large number of power generation places are operated without human management. The short plates for production, operation and maintenance management are further exposed along with the explosive growth of the new energy power generation project.
Aiming at the pain points existing in production management of new energy power generation enterprises, latest information technologies such as internet of things, artificial intelligence, cloud computing and mobile application are introduced into a production management system of the new energy enterprises, and the application of the new technologies meets the requirement of the new energy power generation enterprises on unmanned management of the overall process of equipment management, production management, safety management, technical supervision and the like of each scattered power generation place. Based on the management requirements, new energy enterprises need to connect all power generation areas scattered in different areas together so as to share resources and work cooperatively, and the working efficiency is improved, so that the data interaction network of the enterprise centralized control center and each power generation station becomes the core support of the new energy enterprise production management system.
However, the traditional private line networking mode is expensive, and the burden of common small and medium-sized enterprises is difficult. At the moment, a low-cost virtual networking technology is established based on network resources and network security protection resources of the existing 'cloud' end system platform of the enterprise. The virtual networking technology can transmit private data by using a public network accessed cheaply, and has cost advantage compared with a traditional private line networking mode, so that the virtual networking technology is adopted by a plurality of new energy enterprises, but in the specific technology implementation process, the virtual networking technology is constructed by a third-party network service provider by a plurality of enterprises, and huge network security and data security risks exist for new energy production enterprises. The technical scheme of the communication management terminal based on enterprise ' private cloud ' safety control is provided in the application background, on one hand, the data interaction requirement in a new energy enterprise can be achieved based on a virtual networking technology, meanwhile, the whole network construction core is based on an enterprise's own ' cloud platform ', and the communication safety and data safety problems of the enterprise's own ' cloud ' platform are solved by using network resources and storage resources of the enterprise's own ' cloud ' platform.
Optionally, in this embodiment, the site device may be, but is not limited to, all or part of the devices within the power plant area for regulating the target area.
Optionally, in this embodiment, the first identity information may be, but is not limited to, internet Protocol Address (IP) information, media Access Control Address (MAC) information, and the like of the target client.
Optionally, in this embodiment, the second identity information may be, but is not limited to, device identification information, device status information, device authentication information, and the like of the station device
Optionally, in this embodiment, the communication connection between the target client and the site device may be, but is not limited to, a network data interaction channel established by a private cloud server, where the private cloud server may be, but is not limited to, a cloud server that allows the target account to log in and use;
optionally, in this embodiment, from the perspective of network security, the private cloud server has higher effective protection capability due to its unique non-public characteristic and service customization characteristic, and also has better signal-to-noise ratio and less noisy network malicious attack, which cannot be realized by other "public cloud servers" or the third aspect of the network mapping platform.
It should be noted that, by limiting the establishment condition of the communication connection between the target client and the site device to that the identity information of both the target client and the site device needs to be verified, and using a dual-identity detection manner, the establishment of the communication connection between the target client and the site device can be realized without increasing investment, and it can be ensured that both parties establishing the communication connection are in a safe state.
For a specific embodiment, reference may be made to an example shown in the above communication connection establishment method, which is not described herein again in this example.
According to the embodiment provided by the application, under the condition that a first connection request triggered on a target client is obtained, first identity information of the target client is verified, wherein the first connection request is used for requesting to establish communication connection between the target client and site equipment; under the condition that a second connection request triggered on the site equipment is obtained, verifying second identity information of the site equipment, wherein the second connection request is used for requesting to establish communication connection between the site equipment and a target client; the method comprises the steps of establishing communication connection between the site equipment and a target client under the condition that the first identity information and the second identity information are verified, limiting the establishment condition of the communication connection between the target client and the site equipment to be that the identity information of the target client and the identity information of the site equipment are verified, and achieving the technical purpose of ensuring that both sides establishing the communication connection are in a safe state by using a double identity detection mode, so that the technical effect of improving the safety factor of the communication connection is achieved.
As an optional solution, the first verification unit 902 includes:
the system comprises a calling module, a receiving module and a sending module, wherein the calling module is used for calling target identity information, and the target identity information is used for representing identity information of a client which forbids/allows a communication connection to be established with site equipment;
and the verification module is used for verifying the first identity information according to the target identity information.
For a specific embodiment, reference may be made to an example shown in the above communication connection establishment method, which is not described herein again in this example.
As an optional solution, the verification module includes:
the first generation submodule is used for generating a first verification result for indicating that the target client side fails to verify under the condition that the matching degree of the first identity information and the blacklist identity information in the target identity information reaches a first threshold value;
and the second generation submodule is used for generating a second verification result for indicating that the target client side passes the verification under the condition that the matching degree of the first identity information and the white list identity information in the target identity information reaches a second threshold value.
For a specific embodiment, reference may be made to an example shown in the above communication connection establishment method, which is not described herein again in this example.
As an alternative, the method comprises the following steps:
the system comprises a first acquisition unit, a second acquisition unit and a third acquisition unit, wherein the first acquisition unit is used for acquiring authority information of a target client after a communication connection between a site device and the target client is established, and the authority information is used for representing interactive information allowed to be transmitted in the communication connection established between the target client and the site device;
and the third verification unit is used for verifying the operation request triggered on the target client according to the authority information of the target client after the communication connection between the site equipment and the target client is established.
For a specific embodiment, reference may be made to an example shown in the above communication connection establishment method, and details in this example are not described herein again.
As an optional solution, the third verification unit includes:
the determining module is used for determining the information matching degree between the interactive information corresponding to the control operation request and the authority information of the target client under the condition that the control operation request triggered on the target client is obtained, wherein the control operation request is used for requesting target equipment associated with the control station equipment to execute target operation;
and the first sending module is used for sending the control operation request to the site equipment through the communication connection between the site equipment and the target client under the condition that the information matching degree reaches a third threshold value, so that the site equipment responds to the control operation request to control the target equipment to execute the target operation.
For a specific embodiment, reference may be made to an example shown in the above communication connection establishment method, which is not described herein again in this example.
As an alternative, the method comprises the following steps:
and the second sending module is used for sending the operation request to a first submodule of the site equipment through communication connection between the site equipment and the target client under the condition that the operation request passes the verification after the operation request triggered on the target client is verified according to the authority information of the target client, wherein the first submodule is used for controlling equipment related to the site equipment.
For a specific embodiment, reference may be made to an example shown in the above communication connection establishment method, and details in this example are not described herein again.
As an alternative, the method comprises the following steps:
a second obtaining unit, configured to obtain, before performing verification processing on second identity information of the site device, a second connection request triggered by a second submodule of the site device, where the second submodule is used to establish a communication connection.
For a specific embodiment, reference may be made to an example shown in the above communication connection establishment method, which is not described herein again in this example.
According to a further aspect of the embodiment of the present invention, there is also provided an electronic device for implementing the method for establishing a communication connection, as shown in fig. 10, the electronic device includes a memory 1002 and a processor 1004, the memory 1002 stores a computer program, and the processor 1004 is configured to execute the steps in any one of the method embodiments through the computer program.
Optionally, in this embodiment, the electronic device may be located in at least one network device of a plurality of network devices of a computer network.
Optionally, in this embodiment, the processor may be configured to execute the following steps by a computer program:
the method comprises the steps that S1, under the condition that a first connection request triggered on a target client is obtained, first identity information of the target client is verified, wherein the first connection request is used for requesting to establish communication connection between the target client and site equipment;
s2, under the condition that a second connection request triggered on the site equipment is obtained, verifying second identity information of the site equipment, wherein the second connection request is used for requesting to establish communication connection between the site equipment and a target client;
and S3, establishing communication connection between the site equipment and the target client under the condition that the first identity information and the second identity information are verified.
Alternatively, it can be understood by those skilled in the art that the structure shown in fig. 10 is only an illustration, and the electronic device may also be a terminal device such as a smart phone (e.g., an Android phone, an iOS phone, etc.), a tablet computer, a palmtop computer, and a Mobile Internet Device (MID), a PAD, and the like. Fig. 10 is a diagram illustrating a structure of the electronic apparatus. For example, the electronic device may also include more or fewer components (e.g., network interfaces, etc.) than shown in FIG. 10, or have a different configuration than shown in FIG. 10.
The memory 1002 may be used to store software programs and modules, such as program instructions/modules corresponding to the method and apparatus for establishing a communication connection in the embodiment of the present invention, and the processor 1004 executes various functional applications and data processing by running the software programs and modules stored in the memory 1002, that is, the method for establishing a communication connection is implemented. The memory 1002 may include high-speed random access memory, and may also include non-volatile memory, such as one or more magnetic storage devices, flash memory, or other non-volatile solid-state memory. In some examples, the memory 1002 may further include memory located remotely from the processor 1004, which may be connected to the terminal over a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof. The memory 1002 may be specifically, but not limited to, configured to store information such as the first connection request, the second connection request, and the communication connection. As an example, as shown in fig. 10, the memory 1002 may include, but is not limited to, a first authentication unit 902, a second authentication unit 904, and a first establishing unit 906 in the establishing apparatus of the communication connection. In addition, the present invention may further include, but is not limited to, other module units in the above-mentioned apparatus for establishing a communication connection, which is not described in detail in this example.
Optionally, the above-mentioned transmission device 1006 is used for receiving or sending data via a network. Examples of the network may include a wired network and a wireless network. In one example, the transmission device 1006 includes a Network adapter (NIC) that can be connected to a router via a Network cable and other Network devices so as to communicate with the internet or a local area Network. In one example, the transmission device 1006 is a Radio Frequency (RF) module, which is used to communicate with the internet in a wireless manner.
In addition, the electronic device further includes: a display 1008 for displaying information such as the first connection request, the second connection request, and the communication connection; and a connection bus 1010 for connecting the respective module parts in the above-described electronic apparatus.
Alternatively, in the present embodiment, the above-mentioned computer-readable storage medium may be configured to store a computer program for executing the steps of:
s1, under the condition that a first connection request triggered on a target client is obtained, verifying first identity information of the target client, wherein the first connection request is used for requesting to establish communication connection between the target client and site equipment;
s2, under the condition that a second connection request triggered on the site equipment is obtained, verifying second identity information of the site equipment, wherein the second connection request is used for requesting to establish communication connection between the site equipment and a target client;
and S3, establishing communication connection between the site equipment and the target client under the condition that the first identity information and the second identity information are verified.
Alternatively, in this embodiment, a person skilled in the art may understand that all or part of the steps in the various methods in the foregoing embodiments may be implemented by a program instructing hardware related to the terminal device, where the program may be stored in a computer-readable storage medium, and the storage medium may include: flash disks, read-Only memories (ROMs), random Access Memories (RAMs), magnetic or optical disks, and the like.
The above-mentioned serial numbers of the embodiments of the present invention are merely for description and do not represent the merits of the embodiments.
The integrated unit in the above embodiments, if implemented in the form of a software functional unit and sold or used as a separate product, may be stored in the above computer-readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes several instructions for causing one or more computer devices (which may be personal computers, servers, network devices, etc.) to execute all or part of the steps of the method according to the embodiments of the present invention.
In the above embodiments of the present invention, the description of each embodiment has its own emphasis, and reference may be made to the related description of other embodiments for parts that are not described in detail in a certain embodiment.
In the several embodiments provided in the present application, it should be understood that the disclosed client may be implemented in other ways. The above-described embodiments of the apparatus are merely illustrative, and for example, the division of the units is only one type of division of logical functions, and there may be other divisions when actually implemented, for example, a plurality of units or components may be combined or may be integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, units or modules, and may be in an electrical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one position, or may be distributed on multiple network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The foregoing is only a preferred embodiment of the present invention, and it should be noted that, for those skilled in the art, various modifications and decorations can be made without departing from the principle of the present invention, and these modifications and decorations should also be regarded as the protection scope of the present invention.

Claims (9)

1. A method for establishing a communication connection, comprising:
under the condition of acquiring a first connection request triggered on a target client, verifying first identity information of the target client, wherein the first connection request is used for requesting to establish communication connection between the target client and site equipment;
under the condition that a second connection request triggered on the site equipment is acquired, verifying second identity information of the site equipment, wherein the second connection request is used for requesting to establish communication connection between the site equipment and the target client;
establishing a communication connection between the site device and the target client under the condition that the first identity information and the second identity information are verified;
acquiring authority information of the target client, wherein the authority information is used for representing interactive information allowed to be transmitted in a communication connection established between the target client and the site equipment;
and verifying the operation request triggered on the target client according to the authority information of the target client.
2. The method of claim 1, wherein the verifying the first identity information of the target client comprises:
calling target identity information, wherein the target identity information is used for representing identity information of a client which forbids/allows a communication connection to be established with the site equipment;
and verifying the first identity information according to the target identity information.
3. The method of claim 2, wherein the verifying the first identity information according to the target identity information comprises:
under the condition that the matching degree of the first identity information and blacklist identity information in the target identity information reaches a first threshold value, generating a first verification result for indicating that the target client side fails to verify;
and under the condition that the matching degree of the first identity information and the white list identity information in the target identity information reaches a second threshold value, generating a second verification result for indicating that the target client side passes the verification.
4. The method according to claim 1, wherein the verifying the operation request triggered on the target client according to the authority information of the target client includes:
under the condition that a control operation request triggered on the target client is obtained, determining the information matching degree between the interactive information corresponding to the control operation request and the authority information of the target client, wherein the control operation request is used for requesting to control target equipment associated with the site equipment to execute target operation;
and under the condition that the information matching degree reaches a third threshold value, sending the control operation request to the site equipment through communication connection between the site equipment and the target client, so that the site equipment responds to the control operation request to control the target equipment to execute the target operation.
5. The method according to claim 1, wherein after the verifying the operation request triggered on the target client according to the authority information of the target client, the method comprises:
and under the condition that the operation request passes the verification, sending the operation request to a first submodule of the site equipment through the communication connection between the site equipment and the target client, wherein the first submodule is used for controlling equipment associated with the site equipment.
6. The method according to any one of claims 1 to 5, wherein before the verifying the second identity information of the station device, the method comprises:
and acquiring the second connection request triggered by a second submodule of the site equipment, wherein the second submodule is used for establishing communication connection.
7. An apparatus for establishing a communication connection, comprising:
the system comprises a first verification unit, a second verification unit and a site device, wherein the first verification unit is used for verifying first identity information of a target client under the condition of acquiring a first connection request triggered on the target client, and the first connection request is used for requesting to establish communication connection between the target client and the site device;
a second verification unit, configured to perform verification processing on second identity information of the site device when a second connection request triggered on the site device is obtained, where the second connection request is used to request establishment of a communication connection between the site device and the target client;
a first establishing unit, configured to establish a communication connection between the site device and the target client if the first identity information and the second identity information are both verified;
a first obtaining unit, configured to obtain permission information of the target client after a communication connection between the site device and the target client is established, where the permission information is used to indicate interaction information that is allowed to be transmitted in the communication connection established between the target client and the site device;
and a third verification unit, configured to perform verification processing on the operation request triggered by the target client according to the authority information of the target client after establishing the communication connection between the site device and the target client.
8. A computer-readable storage medium, comprising a stored program, wherein the program is operable to perform the method of any one of claims 1 to 6.
9. An electronic device comprising a memory and a processor, characterized in that the memory has stored therein a computer program, the processor being arranged to execute the method of any of claims 1 to 6 by means of the computer program.
CN202110356462.7A 2021-04-01 2021-04-01 Communication connection establishing method and device, storage medium and electronic equipment Active CN113098964B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110356462.7A CN113098964B (en) 2021-04-01 2021-04-01 Communication connection establishing method and device, storage medium and electronic equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110356462.7A CN113098964B (en) 2021-04-01 2021-04-01 Communication connection establishing method and device, storage medium and electronic equipment

Publications (2)

Publication Number Publication Date
CN113098964A CN113098964A (en) 2021-07-09
CN113098964B true CN113098964B (en) 2023-01-20

Family

ID=76672648

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110356462.7A Active CN113098964B (en) 2021-04-01 2021-04-01 Communication connection establishing method and device, storage medium and electronic equipment

Country Status (1)

Country Link
CN (1) CN113098964B (en)

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101997684B (en) * 2009-08-10 2013-01-23 北京多思科技发展有限公司 Authorization authentication method, device and system
CN105553931B (en) * 2015-11-27 2018-09-21 深圳市美贝壳科技有限公司 A kind of method that mobile phone is quickly activated, bound with domestic intelligent equipment
CN108023873B (en) * 2017-11-08 2020-12-11 深圳市文鼎创数据科技有限公司 Channel establishing method and terminal equipment
CN108920919A (en) * 2018-07-17 2018-11-30 广州视源电子科技股份有限公司 Control method, the device and system of interactive intelligence equipment
CN110287682B (en) * 2019-07-01 2020-12-04 北京芯盾时代科技有限公司 Login method, device and system
CN112165712B (en) * 2020-09-30 2024-01-23 青岛海尔科技有限公司 Method, device, system and storage medium for intelligent device to access wireless network

Also Published As

Publication number Publication date
CN113098964A (en) 2021-07-09

Similar Documents

Publication Publication Date Title
CN112511611B (en) Communication method, device and system of node cluster and electronic equipment
US11329982B2 (en) Managing internet of things devices using blockchain operations
CN103001999B (en) For privately owned Cloud Server, intelligent apparatus client and the method for public cloud network
CN102333065A (en) Cloud interaction protocol design
CN107888613B (en) Management system based on cloud platform
CN111885026B (en) Block chain-based interconnection and intercommunication method and device, storage medium and electronic device
US9912730B2 (en) Secured communication channel between client device and device management service
CN106488525B (en) A kind of wireless network construction method and corresponding network framework of IP dynamic binding
CN107995263A (en) A kind of multiple terminals Intelligent housing platform based on cloud computing and Raspberry Pi
CN104536411A (en) System and method for managing intelligent home through remote access service
CN114418574A (en) Consensus and resource transmission method, device and storage medium
CN101510793A (en) Method for implementing a plurality of Bluetooth device networking through Bluetooth server, software program and server
CN105119787A (en) Public Internet access system and public Internet access method based on software definition
CN103684793A (en) Method for enhancing communication security of power distribution network based on trusted computing
CN111901387A (en) Connection method and device of cloud special line
CN105516397B (en) Method for accessing multiple operating system terminals into network and multiple operating system terminals
CN107181795B (en) Convenient filling method and system for wireless security terminal firmware
CN103179080A (en) Cloud computer system for internet users and cloud computer connection method
CN102571811A (en) User access authority control system and method thereof
CN113098964B (en) Communication connection establishing method and device, storage medium and electronic equipment
CN105376074B (en) The startup of client computer, timing control method and system in a kind of LAN
CN201657327U (en) Key exchange and agreement system between mobile device and secure access gateway
CN103516683A (en) Remote server system with offline terminals
CN206531239U (en) Multi-gang air-conditioner control system
CN115580856A (en) System for realizing data interaction between networks based on Bluetooth equipment and realization method thereof

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right
TA01 Transfer of patent application right

Effective date of registration: 20211220

Address after: 226009 8-9 Xinjian West Road, Fengli Town, Rudong County, Nantong City, Jiangsu Province

Applicant after: Rudong Zhongtian Energy Management Co.,Ltd.

Address before: No.88, Qixin Road, Nantong Development Zone, Jiangsu Province, 226000

Applicant before: ZHONGTIAN PHOTOVOLTAIC TECHNOLOGY Co.,Ltd.

GR01 Patent grant
GR01 Patent grant