CN113839961B - Method and apparatus for controlling gateway device, and computer-readable storage medium - Google Patents
Method and apparatus for controlling gateway device, and computer-readable storage medium Download PDFInfo
- Publication number
- CN113839961B CN113839961B CN202111409224.4A CN202111409224A CN113839961B CN 113839961 B CN113839961 B CN 113839961B CN 202111409224 A CN202111409224 A CN 202111409224A CN 113839961 B CN113839961 B CN 113839961B
- Authority
- CN
- China
- Prior art keywords
- data
- data packet
- gateway
- equipment
- cloud server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
- H04L67/143—Termination or inactivation of sessions, e.g. event-controlled end of session
Abstract
The invention discloses a method and a device for controlling gateway equipment and a computer readable storage medium. Wherein, the method comprises the following steps: and acquiring a data packet intercepted by the gateway equipment, wherein the data packet is sent to the terminal equipment by the cloud server, and the data packet is subjected to security detection to obtain a target detection result, so that the network connection between the gateway equipment and the cloud server is controlled according to the target detection result. The invention solves the technical problem of poor safety when the existing gateway equipment transmits data.
Description
Technical Field
The present invention relates to the field of data security, and in particular, to a method and an apparatus for controlling a gateway device, and a computer-readable storage medium.
Background
With the advent of the big data age, data security becomes especially important. The gateway device connected with the cloud server for storing data is an important device for ensuring the safe transmission of the data. Meanwhile, under the background of rapid development of domestic processor chips and gateway devices, the industrial field is also gradually upgraded in a digital transformation manner, so that a new service scene for fusing data from OT (Operation Technology, a professional operator of an automation control system in a factory provides support for the automation control system to ensure normal production) to IT (Information Technology) layers is generated.
However, in a new service scenario, because an original DTU (Data Transfer unit) gateway device is a device that specially converts serial Data into IP (Internet Protocol) Data or converts IP Data into serial Data, Data conversion between the serial Data and the IP Data and Data interaction between the serial Data and a network server are mainly implemented, when a DTU is used for networking, the DTU is mainly responsible for getting through a link layer and performing Data transparent transmission, and does not perform any meaning conversion on the Data. Moreover, the DTU and the cloud data are transmitted using a TCP (Transmission Control Protocol, byte stream based transport layer communication Protocol), and the data are not subjected to security detection, so that there is a risk of being intercepted, and the data lack security guarantee. In addition, the DTU device itself is exposed to the internet, and there is a risk of being attacked by malicious programs.
As can be seen from the above, the existing DTU-type gateway device cannot meet the special requirement of data secure transmission in a new service scenario, and needs to be solved by an effective solution.
Disclosure of Invention
The embodiment of the invention provides a method and a device for controlling gateway equipment and a computer readable storage medium, which are used for at least solving the technical problem of poor safety of the existing gateway equipment during data transmission.
According to an aspect of an embodiment of the present invention, there is provided a method of controlling a gateway device, including: and acquiring a data packet intercepted by the gateway equipment, wherein the data packet is sent to the terminal equipment by the cloud server, and the data packet is subjected to security detection to obtain a target detection result, so that the network connection between the gateway equipment and the cloud server is controlled according to the target detection result.
Further, the method of controlling the gateway device further includes: the data source of the data packet is detected, and when the data source is detected to be the cloud server, the data of the data packet is detected to obtain a first detection result, so that when the data of the data packet represented by the first detection result is abnormal data, the data packet is determined to be an abnormal data packet, and when the data of the data packet represented by the first detection result is normal data, the data packet is determined to be a normal data packet.
Further, the method of controlling the gateway device further includes: when the data source is detected to be other equipment, the data packet is determined to be an abnormal data packet, wherein the other equipment is equipment except the cloud server.
Further, the method of controlling the gateway device further includes: and when the data packet is an abnormal data packet, disconnecting the network connection between the gateway equipment and the cloud server, and when the data packet is a normal data packet, connecting the gateway equipment and the server.
Further, the method of controlling the gateway device further includes: and when the gateway equipment and the cloud server are in a network disconnection state, storing the target data read from the terminal equipment by the gateway equipment.
Further, the method of controlling the gateway device further includes: when the gateway equipment and the cloud server are in a network connection state, determining a target processing algorithm, and switching a preset processing algorithm into the target processing algorithm, wherein the preset processing algorithm is an algorithm for processing data of a data packet stored in the gateway equipment, so that the data of the data packet is processed based on the target processing algorithm.
Further, the method of controlling the gateway device further includes: when detecting that the gateway equipment is in a power-off state, controlling the electric energy storage unit to supply power to the gateway equipment so as to enable the gateway equipment to operate for a preset time, wherein the electric energy storage unit at least comprises a capacitor and a sensor.
Further, the method of controlling the gateway device further includes: and within the preset duration, controlling the gateway equipment to send power state information to a preset platform through mobile network data, wherein the power state information at least comprises a power supply state of a power supply for supplying power to the gateway equipment.
According to another aspect of the embodiments of the present invention, there is also provided an apparatus for controlling a gateway device, including: the acquisition module is used for acquiring a data packet intercepted by the gateway equipment, wherein the data packet is sent to the terminal equipment by the cloud server; the detection module is used for carrying out safety detection on the data packet to obtain a target detection result; and the control module is used for controlling the network connection between the gateway equipment and the cloud server according to the target detection result.
According to another aspect of the embodiments of the present invention, there is also provided a computer-readable storage medium, in which a computer program is stored, wherein the computer program is configured to execute the above method for controlling a gateway device when running.
In the embodiment of the invention, the data packet intercepted by the gateway equipment is obtained by adopting a mode of intercepting and safety detecting the data packet sent by the cloud server to the terminal equipment, wherein the data packet is sent to the terminal equipment by the cloud server, the safety detection is carried out on the data packet, and a target detection result is obtained, so that the network connection between the gateway equipment and the cloud server is controlled according to the target detection result.
As can be seen from the above, in the embodiment of the present invention, the data packet sent to the terminal device by the cloud server is intercepted, and the security detection is further performed on the data packet, so that the data is actively detected in the data transmission process, the hidden risk effect of the data transmission is timely discovered, and the problem that the data is easily attacked or intercepted by a malicious program because the data is not monitored in the data transmission process is avoided. In addition, the network connection between the gateway equipment and the cloud server is controlled according to the target detection result obtained by the safety detection, so that the effects of timely and actively disconnecting the network connection and interrupting the further transmission of abnormal data when an abnormal data packet is found are achieved, the risk of data leakage is avoided, and the data safety in the data transmission process is greatly improved.
Therefore, the scheme provided by the embodiment of the invention achieves the purpose of ensuring the safe and stable transmission of the data, thereby realizing the technical effects of reducing the risk of data leakage and improving the data security, and further solving the technical problem of poor security of the existing gateway equipment during data transmission.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the invention and together with the description serve to explain the invention without limiting the invention. In the drawings:
fig. 1 is a flow chart of an alternative method of controlling a gateway device according to an embodiment of the present invention;
fig. 2 is a flow chart of an alternative method of controlling a gateway device according to an embodiment of the present invention;
fig. 3 is a schematic diagram of an alternative gateway device according to an embodiment of the present invention;
fig. 4 is a schematic block diagram of an alternative apparatus for controlling a gateway device according to an embodiment of the present invention.
Detailed Description
In order to make the technical solutions of the present invention better understood, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
It should be noted that the terms "first," "second," and the like in the description and claims of the present invention and in the drawings described above are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the invention described herein are capable of operation in sequences other than those illustrated or described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
In addition, in the technical scheme of the invention, the acquisition, storage, application and the like of the personal information of the related user all accord with the regulations of related laws and regulations without violating the good customs of the public order.
Example 1
In accordance with an embodiment of the present invention, there is provided an embodiment of a method for controlling a gateway device, it being noted that the steps illustrated in the flowchart of the figure may be performed in a computer system, such as a set of computer-executable instructions, and that while a logical order is illustrated in the flowchart, in some cases the steps illustrated or described may be performed in an order different than here.
In addition, it should be further noted that a processor for controlling the gateway device may be an execution subject of the method for controlling the gateway device in the embodiment of the present invention, where the processor may be a domestic processor, so as to ensure the security of data to the greatest extent.
Fig. 1 is a flowchart of an alternative method for controlling a gateway device according to an embodiment of the present invention, and as shown in fig. 1, the method includes the following steps:
and step S102, acquiring the data packet intercepted by the gateway equipment.
Wherein, the data package is sent to terminal equipment by the cloud ware, and gateway equipment includes at least: the system comprises a processor chip, an operating system, state detection firewall software and intelligent edge data processing software.
Preferably, the processor chip is used as a hardware core device of the gateway device, and a localized processor chip, for example, a home-made rayleigh micro RK3568 chip, may be selected. The processor Chip may be a Universal SOC (System on Chip) Chip, which integrates an a55 (a collocated chipset) processor and a graphics processor with a 4-core arm (Advanced RISC Machine) architecture, supports 4K (physical resolution reaches 3840 × 2160 pixels) decoding and 1080P (physical resolution reaches 1920 × 1080 pixels) encoding, and may also support various types of peripheral interfaces such as SATA (Serial interface), PCIE (PCI-Express, high speed Serial interface), USB (Universal Serial Bus), and the like, and has a built-in independent NPU (network-word-processing unit), which may be used for light-weight artificial intelligence applications. In addition, the processor chip may support an android system and a Linux (GNU/Linux, an operating system) system.
Alternatively, the operating system may be a highly tailored customized operating system, such as Ubuntu base (a derivative version of the Linux operating system, which is a desktop application-based operating system), wherein the customized operating system may be used to create a minimal file system for custom images for specific needs and to create an appropriate minimal environment for applications in board-level support packages, restricted or integrated environments as a basis for applications or Linux container demonstration images for application in embedded gateway devices.
Optionally, the state detection firewall software may be an autonomously developed firewall software, where the state detection firewall has an inspection engine in a network layer, and is configured to intercept a data packet sent by the cloud server to the terminal device, extract information related to the state of the application layer from the data packet, and determine whether to accept or reject a network connection request according to the information, so as to ensure security of data transmission, and have better adaptability and extensibility. In addition, the stateful inspection firewall may also include some proxy-level services to provide support for data content for a particular application.
Optionally, the southbound interface of the intelligent edge data processing software is used as a data access side, and has a plurality of standard data access protocol functions, such as Modbus (a serial communication protocol), DLT645 (a multifunctional power meter communication protocol), OPC (OLE for process control, a communication protocol), and the like; the northbound interface is provided with a plurality of data forwarding modes, for example, data forwarding modes such as MQTT (a transmission protocol based on client-server message publishing or subscription), Web service (a programmable application program) and custom forwarding. Meanwhile, functions such as data management, script operation and virtual network topology are supported between north and south interfaces, and intelligent edge data processing software can have a function of local data breakpoint cache according to the condition of network interruption, so that when the network is interrupted, the integrity of data can be guaranteed, and the problem that data loss in a network interruption time interval is caused because the DTU gateway equipment cannot collect data on a serial port side when the network connection between the existing DTU gateway equipment and a cloud server is interrupted is solved.
In addition, the southbound interface refers to an interface for managing network management or equipment of other manufacturers in software, namely, an interface provided downwards; the northbound interface refers to an interface provided for other manufacturers or operators to access and manage in software, namely, an interface provided upwards.
In addition, the intelligent edge data processing software can provide policy support for business applications to extend data processing flow by using scripts, for example, at each stage of a data processing process, for any data point, configured Lua (a lightweight and compact scripting language) scripts can be used to replace default processing policies in the device as required, so that flexibility of data processing services is realized, and improvement of data processing efficiency is facilitated.
Step S104, carrying out safety detection on the data packet to obtain a target detection result
Optionally, the state detection firewall software in the gateway device has an inspection engine in the network layer, where the inspection engine may perform security detection on the intercepted data packet, for example, extract information related to the state of the application layer from the data packet for detection, and the detection process at least includes: and detecting the data source of the data packet, the size of the data packet, the generation time of the data packet, whether the data in the data packet contains sensitive information or suspected virus information and the like, and obtaining a target detection result according to the result of the safety detection. Wherein, the target detection result at least comprises: the data of the data packet is the result of abnormal data and/or the data of the data packet is the result of normal data.
In step S104, the state detection firewall software inside the gateway device may intercept the data packet sent by the cloud server to the terminal device, and further perform security detection on the data packet, thereby achieving an effect of timely discovering hidden risks of data transmission during data transmission, avoiding a problem that data is easily attacked or intercepted by a malicious program due to lack of monitoring on the data during data transmission, and further improving security of data transmission.
And S106, controlling the network connection between the gateway equipment and the cloud server according to the target detection result.
Optionally, the state detection firewall software in the gateway device may determine, according to the target detection result, whether to accept or reject the network connection request at this time, so as to implement network connection between the gateway device and the cloud service. For example, when the state detection firewall software detects that the data packet originates from a device other than the cloud server, the state detection firewall software can judge that the data packet is an abnormal data packet, so as to reject the current network connection request and disconnect the network connection, thereby avoiding the problem of data leakage caused by the continuous transmission of the abnormal data. Or, when the state detection firewall detects that the data packet in the data packet contains unencrypted sensitive information or suspected virus information, it may also determine that the data packet is an abnormal data packet, and disconnect the network connection.
Through the step S106, the network connection between the gateway device and the cloud server is controlled according to the target detection result obtained by the security monitoring, so that when an abnormal data packet is found, the network connection can be actively disconnected in time, and further transmission of abnormal data is interrupted, thereby avoiding the risk of data leakage and achieving the effect of improving data security in the data transmission process.
Based on the contents of steps S102 to S106, it can be seen that in the embodiment of the present invention, a manner of intercepting and security monitoring a data packet sent by a cloud server to a terminal device is adopted, and by obtaining the data packet intercepted by a gateway device, the data packet is sent by the cloud server to the terminal device, and security detection is performed on the data packet, so as to obtain a target detection result, thereby controlling network connection between the gateway device and the cloud server according to the target detection result.
It is easy to notice that, in the embodiment of the present invention, the gateway device intercepts the data packet sent by the cloud server to the terminal device, and further performs security monitoring on the data packet, so that the data is actively and securely monitored in the data transmission process, the hidden risk effect of the data transmission is timely discovered, and the problem that the data is easily attacked or intercepted by a malicious program because of lack of monitoring on the data in the data transmission process is avoided. In addition, the network connection between the gateway equipment and the cloud server is controlled according to the target detection result obtained by the safety monitoring, so that the effects of timely and actively disconnecting the network connection and interrupting the further transmission of abnormal data when an abnormal data packet is found are achieved, the risk of data leakage is avoided, and the data safety in the data transmission process is greatly improved.
Therefore, the scheme provided by the embodiment of the invention achieves the purpose of ensuring the safe and stable transmission of the data, thereby realizing the technical effects of reducing the risk of data leakage and improving the data security, and further solving the technical problem of poor security of the existing gateway equipment during data transmission.
In an optional embodiment, the state detection firewall software may detect a data source of the data packet, detect data of the data packet when the data source is detected to be the cloud server, obtain a first detection result, determine that the data packet is an abnormal data packet when the first detection result indicates that the data of the data packet is abnormal data, and determine that the data packet is a normal data packet when the first detection result indicates that the data of the data packet is normal data. When the data source is detected to be other equipment, the data packet is determined to be an abnormal data packet, wherein the other equipment is equipment except the cloud server.
Optionally, the state detection firewall software in the gateway device may perform security detection on the intercepted data packet, and first detect a source of the data packet, where the detection data packet is from the cloud server or from another device. When detecting that the data packet originates from other devices such as a smart phone, a smart tablet, a computer and the like which are not cloud servers, determining the data packet as an abnormal data packet. When the data packet is detected to come from the cloud server, the data in the data packet is further detected. For example, a technician may preset a sensitive information identifier and a virus information identifier, and when the state detection firewall software detects that data contains unencrypted sensitive information, obtain a first detection result that data representing a data packet is abnormal data, and determine that the data packet is an abnormal data packet. The sensitive information can be information such as company product technical parameters, company business quotations, employee personal information and the like.
In addition, when the state detection firewall software detects that the data contains a preset virus information identifier, a first detection result that the data representing the data packet is abnormal data can be obtained, and the data packet is determined to be an abnormal data packet. The virus information identifier may be a section of virus program code preset by a technician in advance. When the state detection firewall software detects that the data contains the same or similar virus program codes, the data can be regarded as abnormal data, and therefore the data is intercepted.
Further, the state detection firewall software may also detect the size, the generation time, and the like of data in the data packet, and if the data is too small or the generation time is too short, and the data packet may be damaged, the state detection firewall software may regard the data in the data packet as abnormal data and determine that the data packet is an abnormal data packet.
In addition, when the data of the first detection result representation data packet is normal data, the state detection firewall software can determine that the data packet is a normal data packet and normally transmit the data.
In the process, the data packet and the information in the data packet are subjected to security detection, so that abnormal data packets and abnormal data can be actively discovered, the risks of attack by malicious programs and leakage of important information are avoided, and the effect of improving the data transmission security is further realized.
In an optional embodiment, the state detection firewall software disconnects the network connection between the gateway device and the cloud server when the data packet is an abnormal data packet, and connects the gateway device and the server when the data packet is a normal data packet.
Optionally, the state detection firewall software determines whether to accept or reject the network connection request corresponding to the data packet according to whether the data packet is a normal data packet, for example, when data in the data packet sent to the gateway device by the cloud server includes virus information, the state detection firewall software in the gateway device determines that the data packet is an abnormal data packet, and rejects the network connection request of the cloud server, thereby blocking the data packet from further transmission. Meanwhile, the state detection firewall software can also generate alarm information to prompt the gateway equipment and the cloud server, and the alarm information is stored, so that the follow-up historical query is facilitated.
Further, after determining that the data packet sent by the cloud server to the gateway device is a normal data packet after detection, the state detection firewall software receives a network connection request of the cloud server, and at this time, the cloud server can successfully establish network connection with the gateway device. And after the gateway equipment normally receives the data packet, transmitting the data packet to corresponding terminal equipment. The terminal equipment can be a smart phone, a smart tablet, a notebook computer, a desktop computer, an intelligent portable wearing device and the like.
In the process, when the data packet is an abnormal data packet, the state detection firewall software disconnects the network connection between the gateway equipment and the cloud server, so that abnormal data is intercepted in time, and the risk of data leakage is reduced.
In an optional embodiment, when the gateway device and the cloud server are in a network disconnection state, the intelligent edge data processing software in the gateway device may store the target data read from the terminal device by the gateway device.
Optionally, when the gateway device and the cloud server are in a network disconnection state, to avoid data loss, the intelligent edge data processing software has a local data breakpoint cache function, and through the function, after receiving data, the intelligent edge data processing software does not need to transmit all unprocessed data to the cloud server in real time, but only needs to store target data processed by the terminal device in the gateway device first, and after network connection between the gateway device and the cloud server is restored, transmits the stored target data to the cloud server according to requirements.
In the process, the gateway equipment can store the target data on the terminal equipment, so that the terminal equipment continues to normally process the data without being influenced by the disconnection of the network connection between the cloud server and the gateway equipment, and the real-time performance and the continuity of the data processing of the terminal equipment are ensured. Moreover, through the local data breakpoint cache function, the gateway device does not need to keep a network connection state with the cloud server all the time, so that the waste of cloud service computing resources and bandwidth resources can be reduced, and the technical effect of improving the resource utilization rate is achieved.
In an optional embodiment, when the gateway device and the cloud server are in a network connection state, a target processing algorithm is determined, and a preset processing algorithm is switched to the target processing algorithm, where the preset processing algorithm is an algorithm for processing data of a data packet stored in the gateway device, so that the data of the data packet is processed based on the target processing algorithm.
Optionally, the intelligent edge data processing software in the gateway device may provide policy support for expanding data processing in the data processing process, and at each stage of the data processing process, the intelligent edge data processing software may configure a script as required for any data point to generate a replacement data processing policy, so as to replace a default data processing policy in the gateway device. The data processing algorithm corresponding to the replacement data processing strategy is the target processing algorithm, and the data processing algorithm corresponding to the default data processing strategy is the preset processing algorithm.
For example, as shown in fig. 2, the data is collected by the collection real-time library corresponding to the terminal device and sent to the gateway device, and the gateway device reads the target data from the data and stores the target data. In the gateway device, each data point stores a data processing policy pipeline (i.e., a preset processing algorithm) with a default program, where the data point at least includes: pre-processing (preprocessing), engineering computation processing, and business application processing. At each data point, the intelligent edge data processing software can configure a script according to the needs of the user to generate a replacement data processing strategy at the data point, for example, a technician can use the lua script to generate a lua processing strategy pipeline (namely, a target processing algorithm) according to the needs of the user and deploy the lua processing strategy pipeline in a pre-processing (preprocessing) stage, when the data processing process flow is transferred to the data point, the data can be processed according to the target processing algorithm, and the other data points are processed in the same way, so that after the data processing is completed, the gateway device transmits the data to an application real-time base of the cloud server, and the response and the interaction with the cloud server are completed.
In addition, the southbound interface of the intelligent edge data processing software is used as a data access side and has a plurality of standard data access protocol functions, and the northbound interface has a plurality of data forwarding modes, so that the intelligent edge data processing software realizes the functions of data access, data cleaning processing and service logic linkage between devices in edge measurement. By switching the preset processing algorithm to the target processing algorithm, the effects of reducing the difficulty of data access and improving the flexibility of data processing are achieved.
In an optional embodiment, when detecting that the gateway device is in the power-off state, the processor in the gateway device controls the electric energy storage unit to supply power to the gateway device, so that the gateway device operates for a preset time period, where the electric energy storage unit at least includes a capacitor and a sensor.
Optionally, the sensor of the electric energy storage unit may sense a power supply state of the power supply of the gateway device, and report power supply state information to the preset platform through the mobile network data, where the power supply state information of the power supply at least includes power supply normality, power supply failure, and the like. The preset platform may be a service platform of the gateway unit, and is configured to monitor a working state of the gateway unit. In addition, the capacitor of the electric energy storage unit may be a super capacitor with a large capacity, so as to store electric energy, and when the gateway device is in a power-off state, the capacitor starts a power supply mode to supply power to the gateway device, so as to enable the gateway device to operate for a preset time, for example, the super capacitor is used to supply power to the gateway device, and the time is maintained for 100 ms.
It should be noted that, because the scenario of the gateway device of the terminal of the internet of things is complex, the gateway device may not have an uninterruptible power supply, or the uninterruptible power supply of the gateway device has poor reliability, so that the gateway device may be in a power-off state under extreme conditions. The existing gateway device cannot sense a fault state and report the fault state to a preset platform after external power supply and power failure, and usually only needs to add a new monitoring device to report the fault state to the preset platform in time.
In the application, the capacitor can continuously supply power for the gateway equipment in the power-off state, and the working state of the gateway equipment can be sensed through the sensor, so that the situation that after the gateway equipment is powered off, abnormal power supply information can be reported to the preset platform in time is ensured, and the efficiency of fault resolution is improved.
In an optional embodiment, within a preset duration, the processor in the gateway device controls the gateway device to send power status information to the preset platform through the mobile network data, where the power status information at least includes a power supply status of a power supply that supplies power to the gateway device.
Optionally, when the capacitor of the electric energy storage unit is started to supply power to the network device, the processor in the gateway device senses the power state information through the sensor, and controls the gateway device to send the power state information to the preset platform through the mobile network data. For example, when the sensor senses that the network device enters a power-off state, the processor in the gateway device may activate the capacitor to power the network device. Meanwhile, within the preset duration of the capacitor power supply, the processor transmits the power supply state information of the power supply fault to the preset platform so as to inform technicians that the network equipment is in fault. When the sensor senses that the network equipment recovers to a normal power supply state within the preset time, the processor can transmit the power supply state information of power supply fault restoration to the preset platform again.
In the process, the capacitor can supply power for the gateway equipment within preset time, so that the processor in the gateway equipment can send the abnormal power supply information to the preset platform within the preset time in time, and the problems that the existing gateway equipment is difficult to report the final abnormal power supply information to the preset platform and the gateway equipment lacks real-time working state sensing management are solved.
As can be seen from the above, in the embodiment of the present invention, the gateway device intercepts the data packet sent by the cloud server to the terminal device, and further performs security monitoring on the data packet, thereby realizing the effect of actively monitoring the data safely and finding the hidden risk of the data transmission in time in the data transmission process, avoiding the situation that in the data transmission process, due to the lack of monitoring on the data, the resulting data is exposed in the internet, is easy to be attacked or intercepted by malicious programs, in addition, the network connection between the gateway equipment and the cloud server can be controlled according to the target detection result obtained by the safety monitoring, thereby realizing the effects of timely and actively disconnecting the network connection and interrupting the further transmission of the abnormal data when the abnormal data packet is found, and then the risk of data leakage is avoided, and the data security in the data transmission process is greatly improved.
Fig. 3 is a schematic diagram of an alternative gateway device according to an embodiment of the present invention, which is specifically described as follows:
optionally, as shown in fig. 3, the gateway device selects a localized processor chip as a hardware core device, for example, a localized rayleigh micro RK3568 processor chip, and since the existing gateway device usually uses a foreign processor chip, which is not beneficial to autonomous security of the gateway device, in the embodiment of the present invention, the localized processor chip is used to replace a conventional foreign processor chip, so that an autonomous controllable technical effect can be achieved from the perspective of the security design of the whole device.
Optionally, as shown in fig. 3, the gateway device further has an embedded memory for storing an operating system and an application program; a serial interface device operable to operate the chip; the clock chip is used for chip timing; an identification code for serving as a unique identifier of the gateway device; the sensor is used for sensing the power state of the gateway equipment; the storage expansion reserves a double-layer card slot for subsequent storage expansion; the restarting button is used for restarting a mainboard of the gateway equipment; the gateway equipment comprises at least four indicator lamps, a power supply, a gateway equipment mobile network and a wireless communication module, wherein the at least four indicator lamps are used for marking a power supply starting state, a gateway equipment running state, a gateway equipment mobile network connection state and a wireless communication state; the USB interface is used for connecting peripheral equipment; the 4-path serial port is used for expanding the serial port of the gateway equipment; and the debugging interface is used for connecting debugging equipment. In addition, the gateway device is also provided with a management network port, a communication network port, a wireless communication module, a bus interface, a memory bank and other components, and can work under the voltage input of 8-36 v.
Furthermore, the gateway device with the domestic processor chip can achieve the test indexes through high-temperature test, static test, fast transient test and surge test, and has excellent stability.
According to the content, the gateway equipment is independently controllable by using the domestic processor chip, the safety and stability of the data transmission process are improved, and the risk of data leakage is greatly reduced.
Example 2
According to an embodiment of the present invention, an apparatus embodiment for controlling a gateway device is further provided, where fig. 4 is a schematic diagram of an apparatus for controlling a gateway device according to an embodiment of the present invention, and as shown in fig. 4, the apparatus includes: an acquisition module 401, a detection module 403, and a control module 405.
The acquiring module 401 is configured to acquire a data packet intercepted by the gateway device, where the data packet is sent to the terminal device by the cloud server; the detection module 403 is configured to perform security detection on the data packet to obtain a target detection result; and a control module 405, configured to control network connection between the gateway device and the cloud server according to the target detection result.
It should be noted that the acquiring module 401, the detecting module 403, and the controlling module 405 correspond to steps S102 to S106 in the above embodiment, and the three modules are the same as the corresponding steps in the implementation example and application scenario, but are not limited to the disclosure in embodiment 1.
In an optional embodiment, the detection module further includes: the device comprises a first detection module, a second detection module, a first determination module and a second determination module. The first detection module is used for detecting a data source of the data packet; the second detection module is used for detecting the data of the data packet when the data source is detected to be the cloud server, and obtaining a first detection result; the first determining module is used for determining the data packet as an abnormal data packet when the data of the first detection result representation data packet is abnormal data; and the second determining module is used for determining the data packet as a normal data packet when the data of the first detection result representation data packet is normal data.
In an alternative embodiment, the means for controlling the gateway device further comprises: and the third detection module is used for determining that the data packet is an abnormal data packet when detecting that the data source is other equipment, wherein the other equipment is equipment except the cloud server.
In an optional embodiment, the control module further includes: a disconnection module and a connection module. The disconnection module is used for disconnecting the network connection between the gateway equipment and the cloud server when the data packet is an abnormal data packet; and the connection module is used for connecting the gateway equipment and the server when the data packet is a normal data packet.
In an alternative embodiment, the means for controlling the gateway device further comprises: and the storage module is used for storing the target data read from the terminal equipment by the gateway equipment when the gateway equipment and the cloud server are in a network disconnection state.
In an alternative embodiment, the means for controlling the gateway device further comprises: the device comprises a third determining module, a switching module and a processing module. The third determining module is used for determining a target processing algorithm when the gateway equipment and the cloud server are in a network connection state; the switching module is used for switching a preset processing algorithm into a target processing algorithm, wherein the preset processing algorithm is an algorithm for processing data of the data packet stored in the gateway equipment; and the processing module is used for processing the data of the data packet based on the target processing algorithm.
In an alternative embodiment, the means for controlling the gateway device further comprises: the first control module is used for controlling the electric energy storage unit to supply power to the gateway equipment when the gateway equipment is detected to be in a power-off state, so that the gateway equipment runs for a preset time length, wherein the electric energy storage unit at least comprises a capacitor and a sensor.
In an alternative embodiment, the means for controlling the gateway device further comprises: and the second control module is used for controlling the gateway equipment to send the power state information to the preset platform through the mobile network data within the preset time, wherein the power state information at least comprises the power supply state of a power supply for supplying power to the gateway equipment.
Example 3
According to another aspect of the embodiments of the present invention, there is also provided a computer-readable storage medium in which a computer program is stored, wherein the computer program is configured to execute the method of controlling a gateway device in the above-mentioned embodiment 1 when running.
The above-mentioned serial numbers of the embodiments of the present invention are merely for description and do not represent the merits of the embodiments.
In the above embodiments of the present invention, the descriptions of the respective embodiments have respective emphasis, and for parts that are not described in detail in a certain embodiment, reference may be made to related descriptions of other embodiments.
In the embodiments provided in the present application, it should be understood that the disclosed technology can be implemented in other ways. The above-described embodiments of the apparatus are merely illustrative, and for example, the division of the units may be a logical division, and in actual implementation, there may be another division, for example, multiple units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, units or modules, and may be in an electrical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a removable hard disk, a magnetic or optical disk, and other various media capable of storing program codes.
The foregoing is only a preferred embodiment of the present invention, and it should be noted that, for those skilled in the art, various modifications and decorations can be made without departing from the principle of the present invention, and these modifications and decorations should also be regarded as the protection scope of the present invention.
Claims (8)
1. A method of controlling a gateway device, comprising:
acquiring a data packet intercepted by gateway equipment, wherein the data packet is sent to terminal equipment by a cloud server;
and carrying out security detection on the data packet to obtain a target detection result, wherein the detection process of the security detection at least comprises the following steps: detecting the source of the data packet and whether the data in the data packet contains sensitive information;
controlling network connection between the gateway equipment and the cloud server according to the target detection result;
when the gateway equipment and the cloud server are in a network disconnection state, storing target data read from the terminal equipment by the gateway equipment;
when the gateway equipment is detected to be in a power-off state, an electric energy storage unit is controlled to supply power to the gateway equipment, so that the gateway equipment runs for a preset time, wherein the electric energy storage unit at least comprises a capacitor and a sensor.
2. The method of claim 1, wherein performing security inspection on the data packet to obtain an object inspection result comprises:
detecting a data source of the data packet;
when the data source is detected to be the cloud server, detecting the data of the data packet to obtain a first detection result;
when the first detection result represents that the data of the data packet is abnormal data, determining that the data packet is an abnormal data packet;
and when the first detection result represents that the data of the data packet is normal data, determining that the data packet is a normal data packet.
3. The method of claim 2, further comprising:
when the data source is detected to be other equipment, determining that the data packet is the abnormal data packet, wherein the other equipment is equipment except the cloud server.
4. The method of claim 3, wherein controlling the network connection between the gateway device and the cloud server according to the target detection result comprises:
when the data packet is the abnormal data packet, disconnecting the network connection between the gateway equipment and the cloud server;
and when the data packet is the normal data packet, connecting the gateway equipment and the server.
5. The method of claim 1, further comprising:
determining a target processing algorithm when the gateway device and the cloud server are in a network connection state;
switching a preset processing algorithm to the target processing algorithm, wherein the preset processing algorithm is an algorithm for processing data of the data packet stored in the gateway device;
and processing the data of the data packet based on the target processing algorithm.
6. The method of claim 1, further comprising:
and within the preset time, controlling the gateway equipment to send power state information to a preset platform through mobile network data, wherein the power state information at least comprises a power supply state of a power supply for supplying power to the gateway equipment.
7. An apparatus for controlling a gateway device, comprising:
the acquisition module is used for acquiring a data packet intercepted by the gateway equipment, wherein the data packet is sent to the terminal equipment by the cloud server;
a detection module, configured to perform security detection on the data packet to obtain a target detection result, where a detection process of the security detection at least includes: detecting the source of the data packet and whether the data in the data packet contains sensitive information;
the control module is used for controlling the network connection between the gateway equipment and the cloud server according to the target detection result;
wherein the apparatus further comprises: the storage module is used for storing the target data read from the terminal equipment by the gateway equipment when the gateway equipment and the cloud server are in a network disconnection state;
the device is also used for controlling an electric energy storage unit to supply power to the gateway equipment when the gateway equipment is detected to be in a power-off state, so that the gateway equipment runs for a preset time, wherein the electric energy storage unit at least comprises a capacitor and a sensor.
8. A computer-readable storage medium, in which a computer program is stored, wherein the computer program is arranged to perform the method of controlling a gateway device of any one of claims 1 to 6 when executed.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111409224.4A CN113839961B (en) | 2021-11-25 | 2021-11-25 | Method and apparatus for controlling gateway device, and computer-readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111409224.4A CN113839961B (en) | 2021-11-25 | 2021-11-25 | Method and apparatus for controlling gateway device, and computer-readable storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113839961A CN113839961A (en) | 2021-12-24 |
| CN113839961B true CN113839961B (en) | 2022-04-19 |
Family
ID=78971654
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111409224.4A Active CN113839961B (en) | 2021-11-25 | 2021-11-25 | Method and apparatus for controlling gateway device, and computer-readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113839961B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116865998A (en) * | 2022-04-29 | 2023-10-10 | 国网浙江省电力有限公司宁波供电公司 | Safe transmission method for electric power target range data |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102044158A (en) * | 2009-10-21 | 2011-05-04 | 上海麦士格瑞交通智能技术有限公司 | Traffic signal control system based on general communication standard |
| CN109155745A (en) * | 2018-07-16 | 2019-01-04 | 威富通科技有限公司 | Payment gateway is connected to the network detection method and terminal device |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP2660667B1 (en) * | 2012-05-04 | 2021-11-10 | Rockwell Automation Technologies, Inc. | Cloud gateway for industrial automation information and control systems |
| CN107040459A (en) * | 2017-03-27 | 2017-08-11 | 高岩 | A kind of intelligent industrial secure cloud gateway device system and method |
| CN111049695A (en) * | 2020-01-09 | 2020-04-21 | 深圳壹账通智能科技有限公司 | Cloud gateway configuration method and system |
-
2021
- 2021-11-25 CN CN202111409224.4A patent/CN113839961B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102044158A (en) * | 2009-10-21 | 2011-05-04 | 上海麦士格瑞交通智能技术有限公司 | Traffic signal control system based on general communication standard |
| CN109155745A (en) * | 2018-07-16 | 2019-01-04 | 威富通科技有限公司 | Payment gateway is connected to the network detection method and terminal device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113839961A (en) | 2021-12-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9478973B2 (en) | Method for transfer of control between devices in a substation system and a device thereof | |
| CN108430116A (en) | Suspension reconnection method, medium, device and computing device | |
| CN113839961B (en) | Method and apparatus for controlling gateway device, and computer-readable storage medium | |
| CN104485748B (en) | A kind of transformer station ups power monitoring system and method | |
| CN111031018B (en) | Transformer substation network security monitoring client system and implementation method thereof | |
| CN104065921A (en) | Security and protection wide area network embedded type monitoring device and control method thereof | |
| US10721135B1 (en) | Edge computing system for monitoring and maintaining data center operations | |
| CN111341063A (en) | Intelligent control system, method and device for safety early warning and monitoring of electric equipment and terminal equipment | |
| CN113241848B (en) | Comprehensive monitoring system for power distribution network | |
| CN105210043A (en) | Information processing device | |
| CN111930565B (en) | Process fault self-healing method, device and equipment for components in distributed management system | |
| CN101764698B (en) | Automatic recovering method for power equipment | |
| CN203416290U (en) | Internet of Things system by redundancy design | |
| CN115599494A (en) | Virtual machine migration method and device, upgrading method and server | |
| CN116137603A (en) | Link fault detection method and device, storage medium and electronic device | |
| CN110456897A (en) | Power-off protection method, protective device and the server cluster of electronic equipment | |
| CN114745454A (en) | Boundary protection device, system, method, computer equipment and storage medium | |
| CN107423113B (en) | Method for managing virtual equipment, out-of-band management equipment and standby virtual equipment | |
| CN105488608A (en) | Configuration-free rack server information acquisition method and system | |
| CN110262930A (en) | A kind of intelligent safety protection terminal, system and method | |
| CN203414754U (en) | Internet of Things system | |
| CN105468493B (en) | It is automatically positioned rack server information acquisition system | |
| CN214544377U (en) | Network online monitoring and control device for grid-connected power plant | |
| CN211981888U (en) | Intelligent monitoring system for equipment cabinet | |
| CN116723235B (en) | Intelligent switch control unit, hardware architecture, function implementation method and intelligent switch |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |