CN115834127A - Temporary authorization-based edge computing gateway data distribution method and system - Google Patents
Temporary authorization-based edge computing gateway data distribution method and system Download PDFInfo
- Publication number
- CN115834127A CN115834127A CN202211291598.5A CN202211291598A CN115834127A CN 115834127 A CN115834127 A CN 115834127A CN 202211291598 A CN202211291598 A CN 202211291598A CN 115834127 A CN115834127 A CN 115834127A
- Authority
- CN
- China
- Prior art keywords
- temporary
- party application
- edge computing
- computing gateway
- communication
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/70—Reducing energy consumption in communication networks in wireless communication networks
Abstract
The application provides a temporary authorization-based edge computing gateway data distribution method and system, wherein the method comprises the following steps: acquiring a connection request of a third-party application for connecting an edge computing gateway, verifying the access authority of the third-party application according to the connection request, and generating a temporary key and a temporary token after the verification is passed and outputting the temporary key and the temporary token to the third-party application; verifying the validity of the communication request of the third-party application according to the temporary secret key and the temporary token, and outputting a preset communication strategy corresponding to the communication request to the edge computing gateway after the verification is passed so that the edge computing gateway sends data to the third-party application according to the preset communication strategy, wherein the communication request is generated by the third-party application according to the temporary secret key and the temporary token. The method and the device can effectively ensure the safety of data distribution and the real-time performance of communication.
Description
Technical Field
The invention relates to the field of process industrial application, in particular to a temporary authorization-based data distribution method and system for an edge computing gateway.
Background
The existing communication between a third-party system and an intelligent instrument comprises two modes, the first mode is that a server with an open platform provides an interface to acquire data, but the mode has the risks of network delay and data information lag, and the higher real-time requirement of the third party is difficult to meet. The second is that an edge computing gateway opens an interface, allowing a third party to directly communicate with the edge computing gateway, and this way adopts long connection, which may affect the working efficiency of the gateway, and meanwhile, the open interface also has information safety hidden trouble.
Disclosure of Invention
In view of the problems in the prior art, the invention provides a temporary authorization-based data distribution method and system for an edge computing gateway, and mainly solves the problem that the real-time performance and the safety are difficult to guarantee in the existing third-party communication mode.
In order to achieve the above and other objects, the present invention adopts the following technical solutions.
The application provides a temporary authorization-based edge computing gateway data distribution method, which comprises the following steps:
acquiring a connection request of a third-party application for connecting an edge computing gateway, verifying the access authority of the third-party application according to the connection request, and generating a temporary key and a temporary token after the verification is passed and outputting the temporary key and the temporary token to the third-party application;
verifying the validity of the communication request of the third-party application according to the temporary secret key and the temporary token, and outputting a preset communication strategy corresponding to the communication request to the edge computing gateway after the verification is passed so that the edge computing gateway sends data to the third-party application according to the preset communication strategy, wherein the communication request is generated by the third-party application according to the temporary secret key and the temporary token.
In an embodiment of the present application, before acquiring a connection request for connecting an edge computing gateway by a third party application, the method further includes:
registering the third-party application to generate authentication information of the third-party application, wherein the authentication information comprises: the identification code, the communication key, the identification of the appointed authorized gateway, the grade of the acquirable data, the data range and the communication frequency of the third party application;
and generating a communication strategy of the third party application as the preset communication strategy according to the grade, the data range and the communication frequency of the acquirable data.
In an embodiment of the present application, after the edge computing gateway sends data to the third-party application according to the preset communication policy, the method further includes:
upon expiration of the temporary token, the edge computing gateway disconnects from the third-party application.
In an embodiment of the present application, the connection request includes an identifier of the third-party application, a communication key, and an identifier of an edge computing gateway that needs to be connected, and the performing, according to the connection request, the access right verification of the third-party application includes:
and comparing the identification code and the communication key of the third party application and the identification of the edge computing gateway needing to be connected with the authentication information, and if the identification code and the communication key of the third party application and the identification of the edge computing gateway needing to be connected are contained in the authentication information, the verification is passed.
In an embodiment of the present application, before comparing the identifier of the third-party application, the communication key, and the identifier of the edge computing gateway to be connected with the authentication information, the method further includes:
and acquiring the access frequency of the third-party application accessing the edge computing gateway to be connected, and if the access frequency exceeds a preset threshold value, failing to verify.
In an embodiment of the present application, before comparing the identifier of the third-party application, the communication key, and the identifier of the edge computing gateway to be connected with the authentication information, the method further includes:
acquiring a current access source address of the third-party application, and outputting an address change signal if the current access source address is inconsistent with an access source address of an edge computing gateway which needs to be connected in the last access;
and outputting the address change signal to a third party corresponding to the third party application to acquire change confirmation information, and if the change confirmation information is not acquired, failing to verify.
In an embodiment of the present application, verifying validity of the communication request of the third-party application according to the temporary key and the temporary token includes:
and judging whether the temporary key and the temporary token are expired or not according to the current time node, if so, the temporary token and the temporary key are invalid, otherwise, the temporary token and the temporary key are valid.
The application also provides an edge computing gateway data distribution system based on temporary authorization, which comprises:
the temporary authorization module is used for acquiring a connection request of a third-party application connecting edge computing gateway, verifying the access authority of the third-party application according to the connection request, generating a temporary key and a temporary token after the verification is passed, and outputting the temporary key and the temporary token to the third-party application;
and the communication verification module is used for verifying the validity of the communication request of the third-party application according to the temporary secret key and the temporary token, outputting a preset communication strategy corresponding to the communication request to the edge computing gateway after the verification is passed so that the edge computing gateway sends data to the third-party application according to the preset communication strategy, wherein the communication request is generated by the third-party application according to the temporary secret key and the temporary token.
As described above, the method and system for distributing data of an edge computing gateway based on temporary authorization according to the present invention have the following advantages.
According to the method and the device, the access authority of the third-party application is verified, the temporary key and the temporary token are issued, so that the edge computing gateway sends data to the third-party application according to the temporary key and the temporary token, the third party can obtain the temporary access authority within a priority time and a priority range, the token fails automatically after the token is expired, the safety of data access is guaranteed, and the real-time performance of data distribution can be guaranteed based on the direct connection between the third-party application and the edge computing gateway.
Drawings
Fig. 1 is a schematic flowchart of an edge computing gateway data distribution method based on temporary authorization in an embodiment of the present application.
Fig. 2 is a schematic flowchart illustrating authentication of a third party application according to an embodiment of the present application.
Fig. 3 is a block diagram of an edge computing gateway data distribution system based on temporary authorization according to an embodiment of the present application.
Detailed Description
The embodiments of the present invention are described below with reference to specific embodiments, and other advantages and effects of the present invention will be easily understood by those skilled in the art from the disclosure of the present specification. The invention is capable of other and different embodiments and of being practiced or of being carried out in various ways, and its several details are capable of modification in various respects, all without departing from the spirit and scope of the present invention. It is to be noted that the features in the following embodiments and examples may be combined with each other without conflict.
It should be noted that the drawings provided in the following embodiments are only for illustrating the basic idea of the present invention, and the components related to the present invention are only shown in the drawings rather than drawn according to the number, shape and size of the components in actual implementation, and the type, quantity and proportion of the components in actual implementation may be changed freely, and the layout of the components may be more complicated.
There are generally 2 ways for a third party system to communicate with an existing platform in the current market:
firstly, data is acquired through an api interface of a cloud server or an application server which is open on a platform, the method has the defects that the risk of network delay and data information lag exists, when a third party has a high real-time requirement, the method cannot be met, meanwhile, data which are generally transmitted to the server are screened and processed, and the third party cannot acquire original data;
and secondly, an interface is opened to a third party at the edge gateway, the third party is allowed to directly establish connection with the edge computing gateway for communication, the mode is long connection, the working efficiency of the gateway is possibly influenced, and the interface is opened to the third party, so that the risk of information safety is caused.
Based on the problems existing in the existing communication mode, the embodiment of the application establishes the connection between the third-party application and the edge computing gateway in a temporary authorization mode based on safety consideration, automatically fails after the access is finished, and the data safety of the gateway cannot be influenced even if an interface or an instruction is leaked. The technical solution of the present application is explained in detail with reference to specific embodiments below.
Referring to fig. 1, the present application provides a temporary authorization-based edge computing gateway data distribution method, which includes the following steps.
Step S100, a connection request of a third party application for connecting an edge computing gateway is obtained, access authority verification of the third party application is carried out according to the connection request, and a temporary secret key and a temporary token are generated after the verification is passed and output to the third party application.
In an embodiment, an authentication system may be configured to perform temporary authorization on the third-party application through the authentication system, so that the third-party application establishes a connection with the edge computing gateway according to the temporary key and the temporary token obtained by the temporary authorization, and obtains data issued by the edge computing gateway.
In an embodiment, before obtaining the connection request of the third party application to connect to the edge computing gateway, the method further includes:
step S101, registering the third party application, and generating authentication information of the third party application, wherein the authentication information comprises: the identification code of the third party application, the communication key, the identification of the designated authorized gateway, the level of the available data, the data range and the communication frequency.
In an embodiment, before performing the temporary authorization, third party application registration may be performed, and specifically, an application UUID (Universally Unique Identifier), a key, a gateway ID specifying authorization, an available information level, a data range, a communication frequency, and the like may be created for each third party application in the authentication system.
And step S102, generating a communication strategy of the third party application as the preset communication strategy according to the grade, the data range and the communication frequency of the acquirable data.
In an embodiment, a communication policy corresponding to the third-party application and the edge computing gateway may be generated according to the specified available information level, the data range, and the specified communication frequency, and when the third-party application obtains the temporary authorization, the edge computing gateway may invoke the corresponding communication policy in the authentication system to perform data transmission with the third-party application. For example, authorization may be performed within a specified data range, and the edge computing gateway may only distribute data within the specified data range to third party applications.
In one embodiment, the third party application may apply for temporary authorization to the authentication system through a connection request, which may include an identifier (UUID) of the third party application, a communication key, and an Identification (ID) of the edge computing gateway to which the connection is to be made. And then the access authority of the third-party application is verified according to the connection request.
In an embodiment, the verifying the access right of the third-party application according to the connection request includes: and comparing the identification code and the communication key of the third party application and the identification of the edge computing gateway needing to be connected with the authentication information, and if the identification code and the communication key of the third party application and the identification of the edge computing gateway needing to be connected are contained in the authentication information, the verification is passed. Illustratively, the UUID, the key and the request type of the third party application all conform to the pre-registered authentication information, and the verification is passed. Before the access authority is verified based on the authentication information, the access authority can be verified in advance based on the access frequency and the access source address of the third-party application.
In an embodiment, before comparing the identifier of the third-party application, the communication key, and the identifier of the edge computing gateway to be connected with the authentication information, the method further includes:
and acquiring the access frequency of the third-party application accessing the edge computing gateway to be connected, and if the access frequency exceeds a preset threshold value, failing to verify. And if the access frequency of the third-party application exceeds the access density of the security guard, the verification fails, and the data security is further ensured in turn.
In an embodiment, before comparing the identifier of the third-party application, the communication key, and the identifier of the edge computing gateway to be connected with the authentication information, the method further includes:
acquiring a current access source address of the third-party application, and outputting an address change signal if the current access source address is inconsistent with an access source address of an edge computing gateway which needs to be connected in the last access;
and outputting the address change signal to a third party corresponding to the third party application to acquire change confirmation information, and if the change confirmation information is not acquired, failing to verify. And verifying the access source address of the third-party application, and if the access source address is abnormally changed, requiring the third party to confirm that the access source address is normally changed, so that the third party can successfully verify the access source address.
After the access right verification of the third-party application is passed, the temporary key and the temporary token can be applied to the third-party application.
Step S110, verifying validity of a communication request of the third-party application according to the temporary key and the temporary token, and outputting a preset communication policy corresponding to the communication request to the edge computing gateway after the verification is passed, so that the edge computing gateway sends data to the third-party application according to the preset communication policy, where the communication request is generated by the third-party application according to the temporary key and the temporary token.
In one embodiment, a third party application initiates a communication request to the edge computing gateway using the temporary key and the temporary token. And after receiving the communication request, the edge computing gateway verifies whether the temporary secret key and the temporary token of the third-party application are valid or not to the authentication system.
In one embodiment, verifying the validity of the communication request of the third party application based on the temporary key and the temporary token comprises:
and judging whether the temporary key and the temporary token are expired or not according to the current time node, if so, the temporary token and the temporary key are invalid, otherwise, the temporary token and the temporary key are valid.
In one embodiment, if the temporary key and temporary token are valid, the edge computing gateway sends data to the third party application at the information level, data range, and communication frequency at which the third party application is authorized. After the token expires, the edge computing gateway automatically aborts the connection with the third party application.
Referring to fig. 2, fig. 2 is a schematic diagram illustrating a process of authentication applied by a third party according to an embodiment of the present application. The third party application applies for temporary authorization to an authentication system of the cloud server, requests communication to the edge computing gateway after the acquired temporary authorization, and verifies the effectiveness of the temporary authorization in the request after the edge computing gateway receives the request. And after the verification is passed, judging whether the temporary authorized temporary card is expired, if not, establishing connection with a third party application for communication, issuing specific data in an authorized data range, and if the token is expired, disconnecting the communication connection.
The present embodiment provides a temporary authorization-based edge computing gateway data distribution system, configured to execute the temporary authorization-based edge computing gateway data distribution method described in the foregoing method embodiment. Since the technical principle of the system embodiment is similar to that of the method embodiment, repeated description of the same technical details is omitted.
Referring to fig. 3, in an embodiment, an edge computing gateway data distribution system based on temporary authorization includes: the temporary authorization module 10 is configured to obtain a connection request for connecting a third-party application to an edge computing gateway, perform access right verification on the third-party application according to the connection request, generate a temporary key and a temporary token after the verification is passed, and output the temporary key and the temporary token to the third-party application; the communication verification module 11 is configured to verify validity of a communication request of the third-party application according to the temporary secret key and the temporary token, and output a preset communication policy corresponding to the communication request to the edge computing gateway after the verification is passed, so that the edge computing gateway sends data to the third-party application according to the preset communication policy, where the communication request is generated by the third-party application according to the temporary secret key and the temporary token.
The foregoing embodiments are merely illustrative of the principles and utilities of the present invention and are not intended to limit the invention. Any person skilled in the art can modify or change the above-mentioned embodiments without departing from the spirit and scope of the present invention. Accordingly, it is intended that all equivalent modifications or changes which may be made by those skilled in the art without departing from the spirit and scope of the present invention as defined in the appended claims.
Claims (8)
1. An edge computing gateway data distribution method based on temporary authorization is characterized by comprising the following steps:
acquiring a connection request of a third-party application for connecting an edge computing gateway, verifying the access authority of the third-party application according to the connection request, and generating a temporary key and a temporary token after the verification is passed and outputting the temporary key and the temporary token to the third-party application;
verifying the validity of the communication request of the third-party application according to the temporary secret key and the temporary token, and outputting a preset communication strategy corresponding to the communication request to the edge computing gateway after the verification is passed so that the edge computing gateway sends data to the third-party application according to the preset communication strategy, wherein the communication request is generated by the third-party application according to the temporary secret key and the temporary token.
2. The method for distributing data of an edge computing gateway based on temporary authorization according to claim 1, before acquiring a connection request of a third party application to connect the edge computing gateway, further comprising:
registering the third-party application to generate authentication information of the third-party application, wherein the authentication information comprises: the identification code, the communication key, the identification of the appointed authorized gateway, the grade of the acquirable data, the data range and the communication frequency of the third party application;
and generating a communication strategy of the third party application as the preset communication strategy according to the grade, the data range and the communication frequency of the acquirable data.
3. The temporary authorization-based data distribution method for the edge computing gateway according to claim 1, wherein after the edge computing gateway sends data to the third party application according to the preset communication policy, the method further comprises:
upon expiration of the temporary token, the edge computing gateway disconnects from the third-party application.
4. The temporary authorization-based edge computing gateway data distribution method according to claim 1 or 2, wherein the connection request includes an identifier of the third-party application, a communication key, and an identifier of an edge computing gateway that needs to be connected, and the verification of the access right of the third-party application according to the connection request includes:
and comparing the identification code and the communication key of the third party application and the identification of the edge computing gateway needing to be connected with the authentication information, and if the identification code and the communication key of the third party application and the identification of the edge computing gateway needing to be connected are contained in the authentication information, the verification is passed.
5. The method for distributing data of an edge computing gateway based on temporary authorization according to claim 4, wherein before comparing the identifier of the third-party application, the communication key and the identifier of the edge computing gateway to be connected with the authentication information, the method further comprises:
and acquiring the access frequency of the third-party application accessing the edge computing gateway to be connected, and if the access frequency exceeds a preset threshold, failing to verify.
6. The temporary authorization-based data distribution method for the edge computing gateway according to claim 4, wherein before comparing the identifier of the third party application, the communication key, and the identifier of the edge computing gateway to be connected with the authentication information, the method further comprises:
acquiring a current access source address of the third-party application, and outputting an address change signal if the current access source address is inconsistent with an access source address of an edge computing gateway which needs to be connected in the last access;
and outputting the address change signal to a third party corresponding to the third party application to acquire change confirmation information, and if the change confirmation information is not acquired, failing to verify.
7. The temporary authorization based edge computing gateway data distribution method of claim 1, wherein verifying validity of the communication request of the third party application based on the temporary key and the temporary token comprises:
and judging whether the temporary key and the temporary token are expired or not according to the current time node, if so, the temporary token and the temporary key are invalid, otherwise, the temporary token and the temporary key are valid.
8. An edge computing gateway data distribution system based on temporary authorization, comprising:
the temporary authorization module is used for acquiring a connection request of a third-party application for connecting the edge computing gateway, verifying the access authority of the third-party application according to the connection request, and generating a temporary key and a temporary token after the verification is passed and outputting the temporary key and the temporary token to the third-party application;
and the communication verification module is used for verifying the validity of the communication request of the third-party application according to the temporary secret key and the temporary token, outputting a preset communication strategy corresponding to the communication request to the edge computing gateway after the verification is passed so that the edge computing gateway sends data to the third-party application according to the preset communication strategy, wherein the communication request is generated by the third-party application according to the temporary secret key and the temporary token.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211291598.5A CN115834127A (en) | 2022-10-19 | 2022-10-19 | Temporary authorization-based edge computing gateway data distribution method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211291598.5A CN115834127A (en) | 2022-10-19 | 2022-10-19 | Temporary authorization-based edge computing gateway data distribution method and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115834127A true CN115834127A (en) | 2023-03-21 |
Family
ID=85525141
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211291598.5A Pending CN115834127A (en) | 2022-10-19 | 2022-10-19 | Temporary authorization-based edge computing gateway data distribution method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115834127A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116319096A (en) * | 2023-05-19 | 2023-06-23 | 浪潮通信信息系统有限公司 | Access system, method, device, equipment and medium of computing power network operation system |
-
2022
- 2022-10-19 CN CN202211291598.5A patent/CN115834127A/en active Pending
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116319096A (en) * | 2023-05-19 | 2023-06-23 | 浪潮通信信息系统有限公司 | Access system, method, device, equipment and medium of computing power network operation system |
| CN116319096B (en) * | 2023-05-19 | 2023-09-05 | 浪潮通信信息系统有限公司 | Access system, method, device, equipment and medium of computing power network operation system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111541656B (en) | Identity authentication method and system based on converged media cloud platform | |
| CN106487774B (en) | A kind of cloud host services authority control method, device and system | |
| CN101027676B (en) | A personal token and a method for controlled authentication | |
| WO2021135258A1 (en) | Method and apparatus for using vehicle based on smart key | |
| CN111416822B (en) | Method for access control, electronic device and storage medium | |
| CN110324335B (en) | Automobile software upgrading method and system based on electronic mobile certificate | |
| US20030126433A1 (en) | Method and system for performing on-line status checking of digital certificates | |
| CN106452782A (en) | Method and system for producing a secure communication channel for terminals | |
| WO2013056674A1 (en) | Centralized security management method and system for third party application and corresponding communication system | |
| JP6940584B2 (en) | Internet of Things (IoT) security and management systems and methods | |
| CN110266642A (en) | Identity identifying method and server, electronic equipment | |
| WO2019210579A1 (en) | Verification method and apparatus for invoking api interface, computer device and storage medium | |
| CN112231692A (en) | Security authentication method, device, equipment and storage medium | |
| CN109388937B (en) | Single sign-on method and sign-on system for multi-factor identity authentication | |
| CN111949967A (en) | Equipment authentication method and device, electronic equipment, server and storage medium | |
| WO2019056971A1 (en) | Authentication method and device | |
| CN113472790A (en) | Information transmission method based on HTTPS (hypertext transfer protocol secure protocol), client and server | |
| CN113343196A (en) | Internet of things security authentication method | |
| CN115834127A (en) | Temporary authorization-based edge computing gateway data distribution method and system | |
| CN113285932B (en) | Method for acquiring edge service, server and edge device | |
| CN112115442B (en) | Electric power terminal digital identity management method and system | |
| CN116436624A (en) | Storage system access method and device, computer readable medium and electronic equipment | |
| CN114024682A (en) | Cross-domain single sign-on method, service equipment and authentication equipment | |
| CN114579951A (en) | Service access method, electronic device and storage medium | |
| CN111064695A (en) | Authentication method and authentication system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |