CN114697104A - Identification access method based on edge Internet of things agent data interaction terminal - Google Patents

Identification access method based on edge Internet of things agent data interaction terminal Download PDF

Info

Publication number
CN114697104A
CN114697104A CN202210309261.6A CN202210309261A CN114697104A CN 114697104 A CN114697104 A CN 114697104A CN 202210309261 A CN202210309261 A CN 202210309261A CN 114697104 A CN114697104 A CN 114697104A
Authority
CN
China
Prior art keywords
equipment
internet
things
platform
access
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210309261.6A
Other languages
Chinese (zh)
Inventor
严莉
董清泉
陈宇航
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Information and Telecommunication Branch of State Grid Shandong Electric Power Co Ltd
Original Assignee
Information and Telecommunication Branch of State Grid Shandong Electric Power Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Information and Telecommunication Branch of State Grid Shandong Electric Power Co Ltd filed Critical Information and Telecommunication Branch of State Grid Shandong Electric Power Co Ltd
Priority to CN202210309261.6A priority Critical patent/CN114697104A/en
Publication of CN114697104A publication Critical patent/CN114697104A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16YINFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
    • G16Y10/00Economic sectors
    • G16Y10/35Utilities, e.g. electricity, gas or water
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16YINFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
    • G16Y30/00IoT infrastructure
    • G16Y30/10Security thereof
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint

Abstract

The invention discloses an identification access method based on an edge Internet of things agent data interaction terminal, which comprises the following steps: s1: the edge gateway is registered in a network, a CMEI is generated by calculating an edge gateway characteristic analysis data table in various modes, and the CMEI is bound with CMSI information to identify legal access equipment, and the information is stored in an Internet of things platform; s2: when an interactive terminal initiates an access application to an Internet of things platform, the Internet of things platform inquires corresponding CMEI information and generates a device feature table registered by the terminal on the platform; s3: comparing and analyzing the equipment feature table analyzed by the platform with the equipment feature table acquired in real time from the equipment; s4: if the comparison is passed, the equipment is considered to be successfully identified, and subsequent work is carried out; s5: and access permission allows terminal equipment which simultaneously meets CMSI legitimacy and CMEI legitimacy to access the network. The method effectively avoids the attack range from spreading from the low security level area to the high security level area, and provides strong guarantee for the safe and stable operation of the power distribution Internet of things system.

Description

Identification access method based on edge Internet of things agent data interaction terminal
Technical Field
The invention relates to the technology of Internet of things, in particular to an identification access method based on an edge Internet of things agent data interaction terminal.
Background
The edge internet of things agent is important equipment for starting and stopping in the power distribution internet of things system, and is very easy to become a springboard for attacking the cloud platform of the power distribution internet of things, so that systematic events such as out-of-control and paralysis of the cloud platform can be caused, and even large-area power failure accidents can be caused.
The normal data interaction of the edge internet of things agent, the internet of things management platform and the internet of things terminal is the basis of stable operation of the power distribution internet of things system, and with the wide application of modern network technology and automation technology, the data transmission of the power distribution internet of things system also becomes the object of malicious attack of some lawless persons, and the attack means is diversified, complicated and concealed.
Therefore, the identification access method based on the edge Internet of things proxy data interaction terminal is provided, the possibility of being attacked in an Internet of things system is reduced, interaction data and a gateway are protected, and the overall Internet of things data transmission safety is improved.
Disclosure of Invention
The purpose of the invention is as follows: the invention aims to provide an identification access method based on an edge Internet of things agent data interaction terminal, so that the attack range is effectively prevented from spreading from a low-security-level area to a high-security-level area, and a strong guarantee is provided for the safe and stable operation of a power distribution Internet of things system.
The technical scheme is as follows: the invention relates to an identification access method based on an edge Internet of things agent data interaction terminal, which comprises the following steps:
s1: the edge gateway accesses to the network for registration, calculates the edge gateway characteristic analysis data table in a hashing, encrypting and compressing mode to generate CMEI, forms a queue with CMSI information to identify legal access equipment, and stores the information into the Internet of things platform;
s2: when an interactive terminal initiates an access application to an Internet of things platform, the Internet of things platform inquires corresponding CMEI information according to legal CMSI information, and the CMEI generates a device feature table registered by the terminal on the platform through reverse calculation;
s3: comparing the equipment feature table analyzed by the platform with the equipment feature table acquired in real time in the equipment, and analyzing the result;
s4: if the comparison is passed, the equipment is considered to be successfully identified, and then subsequent verification, authorization and service interaction work is carried out;
s5: and (4) access permission, wherein only the terminal equipment which meets CMSI legality and CMEI legality at the same time is allowed to access the network.
The edge gateway is connected with the sub-equipment in a downlink mode, authentication information of the sub-equipment is generated by the Internet of things platform and is issued to the edge gateway, and all login logout, data reporting and instruction receiving issuing of the sub-equipment are sent to the Internet of things platform through the edge gateway.
The equipment characteristics comprise hardware, a drive, an operating system, edge gateway interaction characteristics and operating environment requirement characteristics, the Internet of things platform obtains corresponding equipment characteristic tables through equipment characteristic derivation positions, the edge gateway inquires and generates data characteristic codes in the equipment characteristic tables, the data characteristic codes produce corresponding data analysis tables, and the data analysis tables are processed through algorithms to obtain equipment identification codes.
A computer storage medium, on which a computer program is stored, which, when executed by a processor, implements the above-mentioned method for recognizing and accessing based on data interaction terminal of edge internet of things agent.
A computer device comprises a storage, a processor and a computer program stored on the storage and capable of running on the processor, wherein the processor executes the computer program to realize the above-mentioned identification access method based on the data interaction terminal of the edge Internet of things agent.
Has the advantages that: compared with the prior art, the invention has the following advantages: the invention combines the risk analysis of the edge Internet of things agent, protects the safety of the edge gateway from the safety of the edge gateway body, the access control of the edge gateway, the data protection of the edge gateway and the safety monitoring of the edge gateway, forms a safety protection system integrating the credible starting of the system, the identity authentication technology based on a digital certificate, the data protection technology based on a domestic commercial cryptographic algorithm and the safety monitoring, effectively avoids the attack range from spreading from a low safety level area to a high safety level area, and provides strong guarantee for the safe and stable operation of a power distribution Internet of things system.
Drawings
Fig. 1 is an identification access schematic diagram of an identification access method based on an edge internet of things agent data interaction terminal according to the present invention.
Detailed Description
The technical scheme of the invention is further explained by combining the attached drawings.
Referring to fig. 1, an identification access method for a data interaction terminal based on an edge internet of things agent includes the following steps:
1. edge gateway and Internet of things platform
The identification access object in the invention is an edge gateway and comprises all embedded devices with independent operating systems. The edge gateway is a special device which is directly accessed into the Internet of things platform through a standard MQTT protocol, the sub-devices can be accessed below the edge gateway, the authentication information of the sub-devices is generated by the platform and is issued to the gateway, and all login logout, data report and instruction receiving issue of the sub-devices are sent to the platform through the edge gateway.
The communication protocol or mode between the sub-device and the edge gateway can be various, such as serial port, TCP, UDP, Bluetooth, etc., and for the data interaction between the gateway device and the platform, the platform defines a set of access protocol specifications.
The equipment characteristics were analyzed as follows:
1) the hardware comprises a core-spun sheet, a PCB, a peripheral interface and the like;
2) the drivers include various edge gateway drivers, sub-device drivers, etc.;
3) the operating system comprises Windows series, Linux series, Mac series and other real-time or time-sharing embedded operating systems;
4) the interaction characteristic of the edge gateway and the requirement characteristic of the running environment.
2. Device feature analysis
The method comprises the steps of using multi-dimensional composite information to mark terminal equipment, and performing feature analysis on an edge gateway, wherein the features of the edge gateway comprise a chip model, a PCB model version number, a peripheral interface type, a drive version, an operating system type, an operating system version, interaction features and the like of the edge gateway.
3. Device identification ID generation
After analyzing the device characteristics, the device characteristics need to be converted into a home-made identification Code (CEID) of the device, and for the mobile terminal, the device characteristics need to be converted into a home-made mobile equipment identity Code (CMEI), and the specific method is as follows: and generating a unique identification ID capable of representing the existing state of the equipment by calculation by using multi-dimensional information data obtained by characteristic analysis of the terminal equipment.
Before generating the equipment identification ID, an equipment characteristic analysis data table is generated, and the terminal inquires and generates a data characteristic code in the equipment characteristic analysis data table.
The generation mode of the equipment characteristic analysis data table is customized by each Internet of things platform, a reference table of the characteristic data of the virtual terminal part is provided, various characteristics (such as chip characteristic PCB characteristics, driving characteristics and the like) adopt a statistical registration mode, and App characteristics, user characteristics and terminal working characteristics need to be analyzed in a deep learning mode.
In actual production, more abundant information can be used as a data analysis table. The analyzed data is processed, such as hashing, encryption, compression, etc., to finally generate a device identification code (CEID or CMEI) that can strictly represent the terminal.
4. Terminal device identification
The nature of the device identification approach is to generate a more efficient CEID (or CMEI). When the platform identifies the terminal, the characteristics of the equipment are reversely analyzed according to the identification code of the equipment so as to ensure the correctness of the equipment. Before actions such as verification, authorization, service interaction and the like are carried out, real-time identification is carried out on terminal equipment, namely equipment registration data generated by analyzing CMEI (or CEID) is compared with equipment data acquired in real time, and other services can be carried out only after data matching.
Through the analysis of the characteristics and the ID output calculation, the equipment identification code which can uniquely represent the terminal equipment is finally generated, and the equipment identification code is combined with the user identification code provided by the operator to be used as the final network access equipment identification code of the terminal.
For the mobile terminal accessing the data flow, as the terminal can own the user identification code of the operator, the mode of combining the CMSI and the CMEI for identification can be directly used;
for a mobile terminal which does not access data traffic, the device accesses the application platform after accessing the gateway through other methods, not through the cellular mobile network, so a method of combining the CMEI of the terminal itself with the CSID of the gateway device is required, and when the device accesses, the gateway or NS must have the CSID provided by the operator.
For the edge gateway of the wired access, the mode of combining the CSID and the CEID for identification is used, the wired device has a relatively fixed characteristic, and the CSID can be provided by an operator of a residence to be connected to the network in combination with the CEID.
5. Access permissions
Only terminal equipment satisfying CMSI legality and CMEI legality at the same time is allowed to access the network.

Claims (5)

1. A data interaction terminal identification access method based on an edge Internet of things agent is characterized by comprising the following steps:
s1: the edge gateway accesses to the network for registration, calculates the edge gateway characteristic analysis data table in a hashing, encrypting and compressing mode to generate CMEI, forms a queue with CMSI information to identify legal access equipment, and stores the information into the Internet of things platform;
s2: when an interactive terminal initiates an access application to an Internet of things platform, the Internet of things platform inquires corresponding CMEI information according to legal CMSI information, and the CMEI generates a device feature table registered by the terminal on the platform through reverse calculation;
s3: comparing the equipment feature table analyzed by the platform with the equipment feature table acquired in real time in the equipment, and analyzing the result;
s4: if the comparison is passed, the equipment is considered to be successfully identified, and then subsequent verification, authorization and service interaction work is carried out;
s5: and (4) access permission, wherein only the terminal equipment which meets CMSI legality and CMEI legality at the same time is allowed to access the network.
2. The identification access method based on the edge internet of things proxy data interaction terminal is characterized in that the edge gateway is connected to the sub-equipment in a downlink mode, authentication information of the sub-equipment is generated by the internet of things platform and issued to the edge gateway, and all login logout, data reporting and instruction receiving issuing of the sub-equipment are sent to the internet of things platform through the edge gateway.
3. The access method based on the identification of the data interaction terminal of the edge internet of things agent is characterized in that the equipment characteristics comprise hardware, a drive, an operating system, the interaction characteristics of an edge gateway and the requirement characteristics of an operating environment, the platform of the internet of things queries and generates data characteristic codes in an equipment characteristic table through an equipment characteristic table corresponding to the derivation position of the equipment characteristics, the data characteristic codes produce a corresponding data analysis table, and the data analysis table is processed by an algorithm to obtain the equipment identification code.
4. A computer storage medium having a computer program stored thereon, wherein the computer program, when executed by a processor, implements the edge-based agent data interaction terminal identification access method according to any one of claims 1 to 3.
5. A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the method for access based on identification of an edge internet of things proxy data interaction terminal as claimed in any one of claims 1 to 3 when executing the computer program.
CN202210309261.6A 2022-03-28 2022-03-28 Identification access method based on edge Internet of things agent data interaction terminal Pending CN114697104A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210309261.6A CN114697104A (en) 2022-03-28 2022-03-28 Identification access method based on edge Internet of things agent data interaction terminal

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210309261.6A CN114697104A (en) 2022-03-28 2022-03-28 Identification access method based on edge Internet of things agent data interaction terminal

Publications (1)

Publication Number Publication Date
CN114697104A true CN114697104A (en) 2022-07-01

Family

ID=82138498

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210309261.6A Pending CN114697104A (en) 2022-03-28 2022-03-28 Identification access method based on edge Internet of things agent data interaction terminal

Country Status (1)

Country Link
CN (1) CN114697104A (en)

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108512870A (en) * 2017-02-27 2018-09-07 华为技术有限公司 Access method, platform of internet of things and the internet of things equipment of platform of internet of things
CN109922160A (en) * 2019-03-28 2019-06-21 全球能源互联网研究院有限公司 A kind of terminal security cut-in method, apparatus and system based on electric power Internet of Things
CN109981804A (en) * 2017-12-28 2019-07-05 中国移动通信集团安徽有限公司 Generation, recognition methods, system, equipment and the medium of terminal device identification id
US20190289002A1 (en) * 2018-03-13 2019-09-19 At&T Mobility Ii Llc Multifactor Authentication for Internet-of-Things Devices
CN112469044A (en) * 2020-12-17 2021-03-09 国网辽宁省电力有限公司信息通信分公司 Edge access control method and controller for heterogeneous terminal
CN113556267A (en) * 2021-07-20 2021-10-26 全球能源互联网研究院有限公司 Terminal equipment state monitoring method and system and edge Internet of things proxy gateway
CN113556307A (en) * 2020-04-03 2021-10-26 国网上海能源互联网研究院有限公司 Edge Internet of things agent, access gateway, Internet of things management platform and safety protection method
CN114024757A (en) * 2021-11-09 2022-02-08 国网山东省电力公司电力科学研究院 Electric power Internet of things edge terminal access method and system based on identification cryptographic algorithm

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108512870A (en) * 2017-02-27 2018-09-07 华为技术有限公司 Access method, platform of internet of things and the internet of things equipment of platform of internet of things
CN109981804A (en) * 2017-12-28 2019-07-05 中国移动通信集团安徽有限公司 Generation, recognition methods, system, equipment and the medium of terminal device identification id
US20190289002A1 (en) * 2018-03-13 2019-09-19 At&T Mobility Ii Llc Multifactor Authentication for Internet-of-Things Devices
CN109922160A (en) * 2019-03-28 2019-06-21 全球能源互联网研究院有限公司 A kind of terminal security cut-in method, apparatus and system based on electric power Internet of Things
CN113556307A (en) * 2020-04-03 2021-10-26 国网上海能源互联网研究院有限公司 Edge Internet of things agent, access gateway, Internet of things management platform and safety protection method
CN112469044A (en) * 2020-12-17 2021-03-09 国网辽宁省电力有限公司信息通信分公司 Edge access control method and controller for heterogeneous terminal
CN113556267A (en) * 2021-07-20 2021-10-26 全球能源互联网研究院有限公司 Terminal equipment state monitoring method and system and edge Internet of things proxy gateway
CN114024757A (en) * 2021-11-09 2022-02-08 国网山东省电力公司电力科学研究院 Electric power Internet of things edge terminal access method and system based on identification cryptographic algorithm

Similar Documents

Publication Publication Date Title
KR101634295B1 (en) System and method for providing authentication service for iot security
CN108351930B (en) Method for controlling security access to embedded device through networked computer
US10419431B2 (en) Preventing cross-site request forgery using environment fingerprints of a client device
CN105262717A (en) Network service security management method and device
CN113783871B (en) Micro-isolation protection system adopting zero trust architecture and protection method thereof
CN102801717B (en) Login validation method and system
WO2015188439A1 (en) Virtual desktop authentication method, terminal, and server
WO2014115031A1 (en) Two-factor authentication
WO2014105914A1 (en) Security enclave device to extend a virtual secure processing environment to a client device
CN112291222A (en) Electric power edge calculation safety protection system and method
CN107749863B (en) Method for network security isolation of information system
CN103607378A (en) Access control method
CN103324878A (en) Method and system for remotely controlling unlocking permission of hand-held equipment
CN114697104A (en) Identification access method based on edge Internet of things agent data interaction terminal
CN101175315B (en) Method and system for updating control mobile station
CN108537924B (en) Method for realizing network intelligent lock
Iskhakov et al. Internet of things: security of embedded devices
CN108243186B (en) System and method for remotely operating a programmable logic controller
CN202940842U (en) Access control system
CN110300105B (en) Remote key management method of network cipher machine
CN111970369A (en) Contactless equipment control method and device
CN116614536A (en) Equipment control method, system, electronic device and readable storage medium
Maksutov et al. General-purpose tool for modelling of custom network devices and protocols
CN117278334B (en) Intelligent operation and maintenance management method and system for Internet of things
KR101936937B1 (en) Firewall authentication method for MODBUS communication

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination