CN116436710B - Remote operation system for operation of port bridge type loading and unloading equipment - Google Patents
Remote operation system for operation of port bridge type loading and unloading equipment Download PDFInfo
- Publication number
- CN116436710B CN116436710B CN202310705527.3A CN202310705527A CN116436710B CN 116436710 B CN116436710 B CN 116436710B CN 202310705527 A CN202310705527 A CN 202310705527A CN 116436710 B CN116436710 B CN 116436710B
- Authority
- CN
- China
- Prior art keywords
- limit
- remote control
- control node
- tokens
- cloud end
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 230000006854 communication Effects 0.000 claims abstract description 85
- 238000004891 communication Methods 0.000 claims abstract description 55
- 238000004364 calculation method Methods 0.000 claims description 16
- 101150035983 str1 gene Proteins 0.000 claims description 9
- 238000012790 confirmation Methods 0.000 claims description 6
- 230000006870 function Effects 0.000 claims description 6
- 238000012937 correction Methods 0.000 claims description 5
- 238000000034 method Methods 0.000 abstract description 11
- 230000006872 improvement Effects 0.000 description 10
- 238000013459 approach Methods 0.000 description 4
- 230000008569 process Effects 0.000 description 4
- 230000005540 biological transmission Effects 0.000 description 3
- 238000011161 development Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000003068 static effect Effects 0.000 description 2
- 238000006243 chemical reaction Methods 0.000 description 1
- 238000007620 mathematical function Methods 0.000 description 1
- 230000008092 positive effect Effects 0.000 description 1
- 230000009467 reduction Effects 0.000 description 1
- 238000012163 sequencing technique Methods 0.000 description 1
- 235000015170 shellfish Nutrition 0.000 description 1
Classifications
-
- B—PERFORMING OPERATIONS; TRANSPORTING
- B66—HOISTING; LIFTING; HAULING
- B66C—CRANES; LOAD-ENGAGING ELEMENTS OR DEVICES FOR CRANES, CAPSTANS, WINCHES, OR TACKLES
- B66C13/00—Other constructional features or details
- B66C13/18—Control systems or devices
- B66C13/48—Automatic control of crane drives for producing a single or repeated working cycle; Programme control
-
- B—PERFORMING OPERATIONS; TRANSPORTING
- B66—HOISTING; LIFTING; HAULING
- B66C—CRANES; LOAD-ENGAGING ELEMENTS OR DEVICES FOR CRANES, CAPSTANS, WINCHES, OR TACKLES
- B66C13/00—Other constructional features or details
- B66C13/18—Control systems or devices
- B66C13/40—Applications of devices for transmitting control pulses; Applications of remote control devices
- B66C13/44—Electrical transmitters
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/045—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
- H04L67/125—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks involving control of end-device applications over a network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
- H04L9/3213—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02P—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
- Y02P90/00—Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
- Y02P90/02—Total factory control, e.g. smart factories, flexible manufacturing systems [FMS] or integrated manufacturing systems [IMS]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Mechanical Engineering (AREA)
- Automation & Control Theory (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Medical Informatics (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a remote operation system for port bridge type loading and unloading equipment operation, and belongs to the field of port bridge type loading and unloading equipment in the marine transportation industry. When the cloud end and the remote control node communicate, the cloud end and the remote control node enter an asymmetric encryption communication state firstly, after the remote control node sends the seal pattern to the cloud end, the cloud end generates a symmetrical temporary key according to the seal pattern, and the token number corresponding to the temporary key is initialized; and switching the remote control node and the cloud to a symmetric encryption communication state, carrying out symmetric encryption communication through the temporary key, and deducting the consumption token. And if the number of the tokens is not consumed, continuing symmetric encryption communication until the number of the tokens is consumed, and re-entering an asymmetric encryption communication state to generate and deploy a new temporary key. According to the method, the password is dynamically updated, so that the safety and reliability of the communication process between the local end of the port bridge type loading and unloading equipment operating system and the cloud end are ensured, and the timeliness of the communication is also ensured by a low-strength symmetric encryption and decryption mode.
Description
Technical Field
The invention relates to the field of hoisting equipment in marine transportation, in particular to a port bridge type loading and unloading operation operating system.
Background
The harbor bridge apparatus is a crane on a quay for lifting containers for loading and unloading operations. The capacity of the bridge crane determines the throughput capacity of the cargo of a quay. The bridge type equipment generally comprises a horizontally paved track and a portal frame which moves along the track, wherein a hoisting device is arranged on the portal frame and used for hoisting the container to finish loading and unloading operations.
The traditional bridge type equipment control mode is to control operation in a wharf local area network, send an instruction to a PLC and finish actions such as moving, hoisting and the like. With the continuous development of industrial internet technology, a traditional dock operating system deployed on a local area network is continuously migrated to the cloud. Meanwhile, the cost remote control operation and unmanned operation technologies are mature. Conventional remote control instructions are based on trusted subnet communications within a local area network without excessive consideration to the encryption portion. And the cloud TOS and the field mechanical communication must be transmitted through the internet. The system deployed at the cloud needs to communicate information with the operation machine (remote control node) installed on the site, so as to realize remote control and unmanned operation. In order to ensure the safety and the high efficiency of the operation site, the safety of the information transmission process must be ensured.
In order to realize the safe information transmission between the cloud and the site, the solutions in the prior art mainly have two kinds: firstly, renting an internet private line, but the private line has very high cost; and secondly, a high-strength asymmetric encryption mode is adopted, the efficiency of the mode is lower, encryption and decryption calculation are needed at two ends of each communication, the time cost is high, and the real-time performance of the communication cannot be ensured.
Disclosure of Invention
The invention provides a remote operation system for port bridge type loading and unloading equipment operation, which aims to: and high-efficiency and safe communication between the cloud and the remote control node is realized through the common Internet.
The technical scheme of the invention is as follows:
the utility model provides a harbour bridge type handling equipment operation remote operation system, includes the hoist of installing at the pier, the PLC that is connected with the electrical portion of hoist and with PLC be connected, as remote control node's local controller, still including deploying the server at the high in the clouds, the high in the clouds communicates with remote control node through encrypting communication mode, sends the instruction to the PLC, realizes the control to the hoist, encrypting communication's realization mode is:
step S1, configuring an asymmetric key pair for a cloud end and a remote control node, enabling the cloud end and the remote control node to realize communication connection, and then enabling the cloud end and the remote control node to enter an asymmetric encryption communication state;
s2, the cloud end inquires the remote control node for the seal marks, and the remote control node sends the seal marks to the cloud end, wherein the seal marks comprise real-time information of the remote control node;
s3, the cloud generates a symmetrical temporary key according to the micro-patterns, initializes the number of tokens corresponding to the temporary key, and then sends the temporary key to a remote control node;
step S4, the remote control node sends confirmation information to the cloud after receiving the temporary key, and switches to a symmetric encryption communication state; after the cloud receives the confirmation information, switching to a symmetric encryption communication state;
s5, the cloud end and the remote control node carry out symmetric encryption communication through the temporary key: the cloud end sends an instruction for controlling the crane to the remote control node, and the remote control node returns an execution result of the instruction to the cloud end; after each time of execution result is received, the cloud deducts the number of tokens; if the number of tokens is not consumed, continuing symmetric encryption communication until the number of tokens is consumed, and executing step S6;
and S6, the cloud end and the remote control node reenter an asymmetric encryption communication state, and then the step S2 is performed.
Further improvement of the remote operation system for the port bridge loading and unloading equipment operation is as follows: the seal comprises a crane number, a crane starting time TimeBoot, a current TimeStamp TimeStamp, a received instruction number TotalGot since the crane is started, a completed instruction number TotalFinish since the crane is started, a current seal challenge number ReqCount, an average CPU utilization CpuRate and an average memory utilization MemRate.
Further improvement of the remote operation system for the port bridge loading and unloading equipment operation is as follows: in step S3, the number of tokens is initialized by: the initial value of the number of tokens is sqrt (TimeStamp-TimeBoot)/(CpuRate. MemRate) +ReqCount 1000. TotalFinish/TotalGot.
Further improvement of the remote operation system for the port bridge loading and unloading equipment operation is as follows: in step S5, determining the deduction quantity of the number of tokens according to the communication condition in the symmetrical encryption communication process; if the instruction execution is successful, deducting the number of tokens is performed, and if the instruction execution is unsuccessful, deducting the number of tokens is not performed.
Further improvement of the remote operation system for the port bridge loading and unloading equipment operation is as follows: after the instruction is successfully executed, the deduction quantity of the cloud end to the token number is as follows:
TokenCuts=TotalTokenCuts*(BytesCurrent/TimeCurrent)/TotalAverageBytesByTime;
the totalcken current is the sum of the deducted number of the Token current after the near n times of instruction execution succeeds, the Bytescurrent is the number of bytes sent in the communication process, the Timecurrent is the number of milliseconds used in the communication process, and the totalcalageBytesByTime is the sum of the ratio of the number of bytes in each communication process to the number of milliseconds in the communication process of the near n times of instruction execution succeeds.
Further improvement of the remote operation system for the port bridge loading and unloading equipment operation is as follows: and n is 10 or 20 or 30.
Further improvement of the remote operation system for the port bridge loading and unloading equipment operation is as follows: after the instruction is successfully executed, the deduction mode of the cloud end to the token number is as follows:
TotalTokens=a*TotalTokens-TokenCuts;
wherein:
TotalTokes is the current number of tokens;
TokenCuts=TotalTokenCuts*(BytesCurrent/TimeCurrent)/TotalAverageBytesByTime;
the TotalTokenCuts is the sum of the deducted number TokenCuts after the execution of the near-n instruction succeeds, the BytesCurrent is the number of bytes sent in the communication process, the TimeCurrent is the number of milliseconds used in the communication process, and the TotalAverageBytesByTime is the sum of the ratio of the number of bytes to the number of milliseconds in each communication process in the communication process of the near-n instruction successful execution;
a is a token number correction factor, and the calculation mode of a is as follows:
a= isDivisible(Count(Limit),Limit)*cos((FailInLimit/Limit)*(π/2));
wherein Limit is a preset count Limit value; count (Limit) is the current Count value counted from 1 by taking Limit as the upper Limit value, and the Count value is added with 1 whenever symmetric encryption communication is completed or not successfully; isDivisible (Count (Limit), limit) is a whole division judging function, if the remainder of dividing the current Count value Count (Limit) by Limit is 0, the return value of the function is 1, otherwise, the return value is 0; failInLimit is the total number of times of execution failure in the near Limit instruction execution;
after each calculation of a, if Count (Limit) =limit, that is, the current round of counting is completed, then the Count (Limit) needs to be reset to 0, and the Limit is corrected according to the calculation result of a this time:
if 0.ltoreq.a <0.2, limit=limit-3, if Limit <10, limit is set to 10;
if 0.2 is less than or equal to a <0.4, limit=limit-1, and if Limit <10, limit is set to 10;
if 0.4.ltoreq.a <0.6, limit=limit;
if 0.6.ltoreq.a <0.8, limit=limit+1, if Limit >30, limit is set to 30;
if 0.8.ltoreq.a.ltoreq.1, limit=limit+3, limit being set to 30 if Limit > 30.
Further improvement of the remote operation system for the port bridge loading and unloading equipment operation is as follows: the n is 20 or 30, and the initial value of limit is 20.
Further improvement of the remote operation system for the port bridge loading and unloading equipment operation is as follows: in step S3, the temporary password is generated in the following manner:
splicing various data contained in the seal marks into a character string str1 by a preset specific character string, calculating the length len1 of str1, taking the logarithm of len1 with 2 as the bottom to obtain n, and then taking the 2 nd of str1 0 ,2 1 ,2 2 ,2 3 ...,2 n Bits respectively with the reciprocal number 2 0 ,2 1 ,2 2 ,2 3 ...,2 n The bit characters are interchanged to obtain a character string str2, and then str2 is folded by taking 32-bit bytes as units, and then carry-free summation is carried out to obtain a temporary key with 32 bytes.
Further improvement of the remote operation system for the port bridge loading and unloading equipment operation is as follows: the close-packed also comprises a crane Name, a list of places where the crane can work, an area No where the crane is currently located and a BayNo where the crane is located.
Compared with the prior art, the invention has the following positive effects:
(1) The invention organically combines asymmetric encryption and symmetric encryption, and only adopts an asymmetric encryption mode to communicate when generating and deploying the temporary secret key in the communication process, thereby ensuring the security of secret key exchange and not affecting the timeliness of normal communication. When the instruction is sent and the instruction execution result is returned, the symmetrical temporary keys are adopted for communication, so that the encryption and decryption efficiency in real-time control is greatly improved. Moreover, the random temporary key updated at random can ensure the security of communication.
(2) The secret marks used for generating the temporary secret key contain static information of the crane and dynamic data, so that the secret marks have strong correlation with the information and the state of the crane, and the strong correlation is difficult to analyze and forge in a packet grabbing mode, so that the temporary secret key is guaranteed to be undetectable and unreusable.
(3) The cloud terminal rapidly generates the temporary secret key through mathematical function operations such as sequencing, splicing, conversion, folding, summation and the like, the calculation process is simple, and the real-time communication requirement under a remote control scene can be met.
(4) The initial value of the number of tokens is calculated according to the working time of the crane, the condition of executing instructions and the calculation condition of the crane, the longer the starting time is, the longer the running time is, the more the number of initial tokens is, the longer the time interval for replacing the temporary key is, the more the CPU and the memory of the crane occupy, the higher the proportion of the instructions which are not normally completed is, the fewer the number of initial tokens is, and the shorter the time interval for replacing the temporary key is. The more times of replacing the temporary key are, the more time the crane end is in the non-working state, the effect of reducing the workload of the crane can be achieved, the more time and calculation force are given to the crane to process communication data, and the crane can quickly recover to a better working state.
(5) The invention adopts a dynamic token consumption mode, and after the number of tokens is determined, the purpose of adjusting the frequency of exchanging temporary keys at two ends can be achieved by controlling the deduction number of tokens, so that the working pressure of the crane can be adjusted according to the actual working condition.
(6) The invention specifically provides two token deduction modes: one is to calculate this deduction number based on the adjacent deduction number, on the one hand, the stability of the deduction number can be ensured, on the other hand, the deduction number can be reasonably given according to the number of the transmitted bytes and the time consumption, and the condition of unreasonable token consumption speed is avoided. Another is based on the former, further based on whether the instruction execution is successful or not, the total number of tokens is adjusted: the execution condition of the instruction is judged at fixed time through the small period count, the correction factor a is obtained, the higher the failure times are, the faster the a approaches to 0, the larger the token number is in proportion to the reduction amplitude, and the lower the failure times are, the a approaches to 1. Meanwhile, the counting Limit value Limit is dynamically adjusted, the more the failure times are, the smaller the value a is, the smaller the Limit is adjusted, the higher the judging and correcting frequency is, and finally the number of the reasonable consumed tokens is achieved.
Detailed Description
The following describes the technical scheme of the invention in detail:
the utility model provides a harbour bridge type handling equipment operation remote operation system, includes the hoist of installing at the pier, the PLC that is connected with the electrical portion of hoist and be connected with the PLC, as remote control node's local controller (such as industry PC or other industry controller equipment), still include the server of deployment in the high in the clouds, the high in the clouds communicates with remote control node through encrypting communication mode, sends the instruction to the PLC, realizes the control to the hoist, encrypting communication's realization mode is:
step S1, an asymmetric key pair is configured for a cloud end and a remote control node, the cloud end and the remote control node are in communication connection, and then the cloud end and the remote control node enter an asymmetric encryption communication state.
And S2, the cloud end inquires the remote control node for the seal marks, and the remote control node sends the seal marks to the cloud end, wherein the seal marks comprise real-time information of the remote control node.
In this embodiment, the seal includes a crane number, a crane start time TimeBoot, a current TimeStamp, a number of received instructions totalgo since the crane was started, a number of completed instructions TotalFinish since the crane was started, a current seal challenge number ReqCount, an average CPU usage CpuRate, and an average memory usage MemRate.
Further, the seal lines can also include a crane Name, a crane operable site list Areatist, the current location number Areats of the crane, the current location shellfish number BayNo of the crane, and other specific information.
And S3, the cloud generates a symmetrical temporary key according to the micro-patterns, initializes the number of tokens corresponding to the temporary key, and then sends the temporary key to the remote control node.
Since the seal used to generate the temporary key contains both static information and some dynamic data of the crane, the seal has a strong correlation with the information, status, of the crane. This strong correlation is difficult to analyze and forge by means of a scratch packet, which ensures that the temporary key is not detectable and reusable.
In this embodiment, the temporary password is generated in the following manner: splicing various data contained in the seal marks into a character string str1 by a preset specific character string "@ | @ (other character strings can be adopted) and then calculating the length len1 of str1, taking the logarithm of len1 with 2 as the bottom to obtain n, and then taking the 2 nd of str1 0 ,2 1 ,2 2 ,2 3 ...,2 n Bits respectively with the reciprocal number 2 0 ,2 1 ,2 2 ,2 3 ...,2 n The bit characters are interchanged to obtain a character string str2, and then str2 is folded by taking 32-bit bytes as units, and then carry-free summation is carried out to obtain a temporary key with 32 bytes.
The temporary secret key produced by the method is difficult to predict, the calculation process is simple, and the requirement of real-time communication in a remote control scene can be met.
In this embodiment, the initial value of the number of tokens is calculated by:
sqrt(TimeStamp-TimeBoot)/(CpuRate*MemRate)+ReqCount*1000*TotalFinish/TotalGot。
the initial value of the token number is calculated according to the working time of the crane, the condition of executing the instruction and the calculation force condition of the crane. The longer the start-up time, the longer the running time of the running stability, the more the initial number of tokens, and the longer the time interval of replacing the temporary key. The more the CPU and the memory of the crane occupy, the higher the proportion of the instruction which is not completed normally, the fewer the number of initial tokens, and the shorter the time interval for replacing the temporary key. The more times of replacing the temporary key are, the more time the crane end is in the non-working state, so that the effect of reducing the workload of the crane can be achieved, and the more time and calculation force are given to the crane to process other data, so that the crane can quickly recover to a better working state.
And S4, after receiving the temporary key, the remote control node sends confirmation information to the cloud, and switches to a symmetric encryption communication state. And after the cloud receives the confirmation information, switching to a symmetric encryption communication state.
S5, the cloud end and the remote control node carry out symmetric encryption communication through the temporary key: the cloud end sends an instruction for controlling the crane to the remote control node, and the remote control node returns an execution result of the instruction to the cloud end; after each time of execution result is received, the cloud deducts the number of tokens; and if the number of the tokens is not consumed, continuing the symmetric encryption communication until the number of the tokens is consumed, and executing the step S6.
In this embodiment, the deduction amount of the number of tokens is determined according to the communication condition in the symmetric encryption communication process; if the instruction execution is successful, deducting the number of tokens is performed, and if the instruction execution is unsuccessful, deducting the number of tokens is not performed.
Further, the present invention proposes two deduction (consumption) methods:
deduction mode one:
after the instruction is successfully executed, the deduction quantity of the cloud end to the token number is as follows:
TokenCuts=TotalTokenCuts*(BytesCurrent/TimeCurrent)/TotalAverageBytesByTime;
the totalcken current is the sum of the deducted number of the Token current after the near n times of instruction execution succeeds, the Bytescurrent is the number of bytes sent in the communication process, the Timecurrent is the number of milliseconds used in the communication process, and the totalcalageBytesByTime is the sum of the ratio of the number of bytes in each communication process to the number of milliseconds in the communication process of the near n times of instruction execution succeeds. And n is 10 or 20 or 30.
The method can ensure the stability of deduction quantity on one hand, and on the other hand, the deduction quantity can be reasonably given according to the quantity of the transmitted bytes and the time consumption, so that the condition of unreasonable token consumption speed is avoided.
Deduction mode II:
this embodiment is a further improvement of the first embodiment.
After the instruction is successfully executed, the deduction mode of the cloud end to the token number is as follows:
TotalTokens=a*TotalTokens-TokenCuts;
wherein:
TotalTokes is the current number of tokens;
TokenCuts=TotalTokenCuts*(BytesCurrent/TimeCurrent)/TotalAverageBytesByTime;
the TotalTokenCuts is the sum of the deducted number TokenCuts after the execution of the near-n instruction succeeds, the BytesCurrent is the number of bytes sent in the communication process, the TimeCurrent is the number of milliseconds used in the communication process, and the TotalAverageBytesByTime is the sum of the ratio of the number of bytes to the number of milliseconds in each communication process in the communication process of the near-n instruction successful execution;
a is a token number correction factor, and the calculation mode of a is as follows:
a= isDivisible(Count(Limit),Limit)*cos((FailInLimit/Limit)*(π/2));
wherein Limit is a preset count Limit value; count (Limit) is the current Count value counted from 1 by taking Limit as the upper Limit value, and the Count value is added with 1 whenever symmetric encryption communication is completed or not successfully; isDivisible (Count (Limit), limit) is a whole division judging function, if the remainder of dividing the current Count value Count (Limit) by Limit is 0, the return value of the function is 1, otherwise, the return value is 0; failInLimit is the total number of times of execution failure in the near Limit instruction execution;
after each calculation of a, if Count (Limit) =limit, that is, the current round of counting is completed, then the Count (Limit) needs to be reset to 0, and the Limit is corrected according to the calculation result of a this time:
if 0.ltoreq.a <0.2, limit=limit-3, if Limit <10, limit is set to 10;
if 0.2 is less than or equal to a <0.4, limit=limit-1, and if Limit <10, limit is set to 10;
if 0.4.ltoreq.a <0.6, limit=limit;
if 0.6.ltoreq.a <0.8, limit=limit+1, if Limit >30, limit is set to 30;
if 0.8.ltoreq.a.ltoreq.1, limit=limit+3, limit being set to 30 if Limit > 30.
The n is 20 or 30, and the initial value of limit is 20.
The method is to judge the execution condition of the instruction at regular time through small period counting to obtain a correction factor a, and correct the number of tokens once after each counting is completed. The more the number of failures, the faster a approaches 0, the larger the magnitude of the proportional decrease in token number; when the number of failures is small, a approaches to 1, and the number of tokens is basically unchanged. Meanwhile, the method also dynamically adjusts the Limit value Limit of counting, the more the failure times are, the smaller the value a is, the smaller the Limit is adjusted, the higher the judging and correcting frequency is, and finally the number of reasonably consumed tokens is reached.
And S6, the cloud end and the remote control node reenter an asymmetric encryption communication state, and then the step S2 is performed.
In this embodiment, the communication protocol is as follows:
(1) Message header (2 bytes): 0xAABB;
(2) Message length (4 bytes): generating by a cloud;
(3) Message type (1 byte):
0x01: the challenge is carried out on the micro-pattern,
0x02: the transmission of the security thread is carried out,
0x03: the password is updated and the password is updated,
0x04: the update is confirmed and the update is then performed,
0x05: encrypting communication;
(4) Request sequence number (4 bytes): setting a cloud;
(5) Message body (variable length);
(6) Message tail (2 bytes): 0xCCDD.
The message body convention is as follows:
1. when the message type is sending the seal mark, the message type is the seal mark after asymmetric encryption;
2. when the message type is the cipher updating, the message type is a symmetric key after asymmetric encryption;
3. when the message type is encrypted communication, the message type is symmetrically encrypted communication content which is carried out by using temporary keys confirmed by both parties;
4. and when the message type is other, the message is empty.
The method does not need to input new hardware and network facilities and also does not need to remodel the existing software, thereby saving the development cost. By dynamically updating the passwords, the safety and reliability of the communication process are ensured, and the timeliness of the communication is also ensured by a low-strength symmetric encryption and decryption mode.
Claims (10)
1. The utility model provides a harbour bridge type handling equipment operation remote operation system, includes the hoist of installing at the pier, the PLC who is connected with the electrical portion of hoist to and be connected with the PLC, as remote control node's local controller, still including deploying the server at the high in the clouds, the high in the clouds communicates with remote control node through encrypting the communication mode, sends the instruction to the PLC, realizes the control to the hoist, its characterized in that encrypting the realization mode of communication is:
step S1, configuring an asymmetric key pair for a cloud end and a remote control node, enabling the cloud end and the remote control node to realize communication connection, and then enabling the cloud end and the remote control node to enter an asymmetric encryption communication state;
s2, the cloud end inquires the remote control node for the seal marks, and the remote control node sends the seal marks to the cloud end, wherein the seal marks comprise real-time information of the remote control node;
s3, the cloud generates a symmetrical temporary key according to the micro-patterns, initializes the number of tokens corresponding to the temporary key, and then sends the temporary key to a remote control node;
step S4, the remote control node sends confirmation information to the cloud after receiving the temporary key, and switches to a symmetric encryption communication state; after the cloud receives the confirmation information, switching to a symmetric encryption communication state;
s5, the cloud end and the remote control node carry out symmetric encryption communication through the temporary key: the cloud end sends an instruction for controlling the crane to the remote control node, and the remote control node returns an execution result of the instruction to the cloud end; after each time of execution result is received, the cloud deducts the number of tokens; if the number of tokens is not consumed, continuing symmetric encryption communication until the number of tokens is consumed, and executing step S6;
and S6, the cloud end and the remote control node reenter an asymmetric encryption communication state, and then the step S2 is performed.
2. The port bridge handling equipment operation remote operation system of claim 1, wherein: the seal comprises a crane number, a crane starting time TimeBoot, a current TimeStamp TimeStamp, a received instruction number TotalGot since the crane is started, a completed instruction number TotalFinish since the crane is started, a current seal challenge number ReqCount, an average CPU utilization CpuRate and an average memory utilization MemRate.
3. The port bridge handling equipment operation teleoperation system according to claim 2, characterized in that in step S3 the token number is initialized by: the initial value of the number of tokens is sqrt (TimeStamp-TimeBoot)/(CpuRate. MemRate) +ReqCount 1000. TotalFinish/TotalGot.
4. The port bridge handling equipment operation remote operation system of claim 1, wherein: in step S5, determining the deduction quantity of the number of tokens according to the communication condition in the symmetrical encryption communication process; if the instruction execution is successful, deducting the number of tokens is performed, and if the instruction execution is unsuccessful, deducting the number of tokens is not performed.
5. The port bridge handling equipment operation remote operation system of claim 4 wherein: after the instruction is successfully executed, the deduction quantity of the cloud end to the token number is as follows:
TokenCuts=Total*(BytesCurrent/TimeCurrent)/TotalAverageBytesByTime;
wherein Total is the sum of the deducted quantity after the execution of the near n times of instructions succeeds, bytesCurrent is the number of bytes sent in the communication process, timeCurrent is the number of milliseconds used in the communication process, and Total AverageBytesByTime is the sum of the ratio of the number of bytes in each communication process to the number of milliseconds in the communication process of the near n times of instruction execution success.
6. The port bridge handling equipment operation remote operation system of claim 5, wherein: and n is 10 or 20 or 30.
7. The port bridge handling equipment operation remote operation system of claim 4 wherein: after the instruction is successfully executed, the deduction mode of the cloud end to the token number is as follows:
TotalTokens=a*TotalTokens-TokenCuts;
wherein:
TotalTokes is the current number of tokens; tokenCuts is the deduction quantity of the cloud to the number of tokens;
TokenCuts=Total*(BytesCurrent/TimeCurrent)/TotalAverageBytesByTime;
wherein Total is the sum of the deducted quantity after the execution of the near n times of instructions is successful, bytesCurrent is the number of bytes sent in the communication process, timeCurrent is the number of milliseconds used in the communication process, and Total average BytesByTime is the sum of the ratio of the number of bytes in each communication process to the number of milliseconds in the communication process of the near n times of instruction execution is successful;
a is a token number correction factor, and the calculation mode of a is as follows:
a= isDivisible(Count(Limit),Limit)*cos((FailInLimit/Limit)*(π/2));
wherein Limit is a preset count Limit value; count (Limit) is the current Count value counted from 1 by taking Limit as the upper Limit value, and the Count value is added with 1 whenever symmetric encryption communication is completed or not successfully; isDivisible (Count (Limit), limit) is a whole division judging function, if the remainder of dividing the current Count value Count (Limit) by Limit is 0, the return value of the function is 1, otherwise, the return value is 0; failInLimit is the total number of times of execution failure in the near Limit instruction execution;
after each calculation of a, if Count (Limit) =limit, that is, the current round of counting is completed, then the Count (Limit) needs to be reset to 0, and the Limit is corrected according to the calculation result of a this time:
if 0.ltoreq.a <0.2, limit=limit-3, if Limit <10, limit is set to 10;
if 0.2 is less than or equal to a <0.4, limit=limit-1, and if Limit <10, limit is set to 10;
if 0.4.ltoreq.a <0.6, limit=limit;
if 0.6.ltoreq.a <0.8, limit=limit+1, if Limit >30, limit is set to 30;
if 0.8.ltoreq.a.ltoreq.1, limit=limit+3, limit being set to 30 if Limit > 30.
8. The port bridge handling equipment operation remote operation system of claim 7 wherein: the n is 20 or 30, and the initial value of limit is 20.
9. The port bridge handling equipment operation remote operation system of claim 1, wherein: in step S3, the temporary password is generated in the following manner:
splicing various data contained in the seal marks into a character string str1 by a preset specific character string, calculating the length len1 of str1, taking the logarithm of len1 with 2 as the bottom to obtain n, and then taking the 2 nd of str1 0 ,2 1 ,2 2 ,2 3 ...,2 n Bits respectively with the reciprocal number 2 0 ,2 1 ,2 2 ,2 3 ...,2 n Bit characters are interchanged to obtain a character string str2, and str2 is folded and then advanced by taking 32-bit bytes as unitsThe row carry-out sums to get a temporary key of 32 bytes.
10. A port bridge handling equipment operation remote operation system according to any of claims 1 to 9, wherein: the close-packed also comprises a crane Name, a list of places where the crane can work, an area No where the crane is currently located and a BayNo where the crane is located.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310705527.3A CN116436710B (en) | 2023-06-15 | 2023-06-15 | Remote operation system for operation of port bridge type loading and unloading equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310705527.3A CN116436710B (en) | 2023-06-15 | 2023-06-15 | Remote operation system for operation of port bridge type loading and unloading equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN116436710A CN116436710A (en) | 2023-07-14 |
| CN116436710B true CN116436710B (en) | 2023-08-29 |
Family
ID=87087679
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310705527.3A Active CN116436710B (en) | 2023-06-15 | 2023-06-15 | Remote operation system for operation of port bridge type loading and unloading equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116436710B (en) |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103220280A (en) * | 2013-04-03 | 2013-07-24 | 天地融科技股份有限公司 | Dynamic password token and data transmission method and system for dynamic password token |
| CN106101147A (en) * | 2016-08-12 | 2016-11-09 | 北京同余科技有限公司 | A kind of method and system realizing smart machine and remote terminal dynamic encryption communication |
| CN106712932A (en) * | 2016-07-20 | 2017-05-24 | 腾讯科技(深圳)有限公司 | Secret key management method, device and system |
| CN109688098A (en) * | 2018-09-07 | 2019-04-26 | 平安科技(深圳)有限公司 | Safety communicating method, device, equipment and the computer readable storage medium of data |
| CN111131204A (en) * | 2019-12-12 | 2020-05-08 | 公安部第三研究所 | Information security transmission method and system |
| CN111669402A (en) * | 2020-06-22 | 2020-09-15 | 深圳前海微众银行股份有限公司 | Encrypted communication method, device, equipment and storage medium |
| CN112751821A (en) * | 2020-07-29 | 2021-05-04 | 上海安辰网络科技有限公司 | Data transmission method, electronic equipment and storage medium |
| CN112953942A (en) * | 2021-02-22 | 2021-06-11 | 北京斯年智驾科技有限公司 | Port data control method, device, system, electronic device and storage medium |
| CN113067828A (en) * | 2021-03-25 | 2021-07-02 | 中国建设银行股份有限公司 | Message processing method and device, server, computer equipment and storage medium |
-
2023
- 2023-06-15 CN CN202310705527.3A patent/CN116436710B/en active Active
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103220280A (en) * | 2013-04-03 | 2013-07-24 | 天地融科技股份有限公司 | Dynamic password token and data transmission method and system for dynamic password token |
| CN106712932A (en) * | 2016-07-20 | 2017-05-24 | 腾讯科技(深圳)有限公司 | Secret key management method, device and system |
| CN106101147A (en) * | 2016-08-12 | 2016-11-09 | 北京同余科技有限公司 | A kind of method and system realizing smart machine and remote terminal dynamic encryption communication |
| CN109688098A (en) * | 2018-09-07 | 2019-04-26 | 平安科技(深圳)有限公司 | Safety communicating method, device, equipment and the computer readable storage medium of data |
| CN111131204A (en) * | 2019-12-12 | 2020-05-08 | 公安部第三研究所 | Information security transmission method and system |
| CN111669402A (en) * | 2020-06-22 | 2020-09-15 | 深圳前海微众银行股份有限公司 | Encrypted communication method, device, equipment and storage medium |
| CN112751821A (en) * | 2020-07-29 | 2021-05-04 | 上海安辰网络科技有限公司 | Data transmission method, electronic equipment and storage medium |
| CN112953942A (en) * | 2021-02-22 | 2021-06-11 | 北京斯年智驾科技有限公司 | Port data control method, device, system, electronic device and storage medium |
| CN113067828A (en) * | 2021-03-25 | 2021-07-02 | 中国建设银行股份有限公司 | Message processing method and device, server, computer equipment and storage medium |
Non-Patent Citations (1)
| Title |
|---|
| Guofeng Wang ; Chuanyi Liu ; Yingfei Dong ; Peiyi Han ; Hezhong Pan ; Binxing Fang.IDCrypt: A Multi-User Searchable Symmetric Encryption Scheme for Cloud Applications.《IEEE Access ( Volume: 6)》.2017,全文. * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN116436710A (en) | 2023-07-14 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN116436710B (en) | Remote operation system for operation of port bridge type loading and unloading equipment | |
| CN109150518A (en) | A kind of double-channel information transferring method towards quantum key distribution | |
| CN106487746A (en) | A kind of method and device of BMP message authentication | |
| CN101778030B (en) | Ring network-based communication method and ring network | |
| Sun et al. | Research on distributed feeder automation communication based on XMPP and GOOSE | |
| CN1791098B (en) | Method for realizing safety coalition synchronization | |
| CN104378356B (en) | The demand response event method for managing security and system of based role | |
| CN107465633A (en) | Method for managing resource and device based on software defined network | |
| CN111476656B (en) | Transaction safety identification method based on block chain | |
| CN1558608A (en) | TCP/IP based method and system for realizing safety strategy for industrial control networks | |
| CN109152091A (en) | A kind of communication system can be used for unmanned plane clustered control | |
| CN112855362A (en) | Engine rotating speed self-adaptive control method and equipment based on load power consumption | |
| CN111786958A (en) | Industrial data safety protection system based on industrial internet technology | |
| CN109391650A (en) | A kind of method and device for establishing session | |
| CN102096772A (en) | Smart client system of power transmission and transformation project | |
| CN105048449B (en) | THE UPFC control setting method based on power flow transfer distribution factor | |
| CN115694815B (en) | Communication encryption method and device for power distribution terminal | |
| CN106452751A (en) | A mining high-voltage power grid fixed value transmission method based on quantum entanglement and channel self-check | |
| CN115865332A (en) | Request processing method and device and electronic equipment | |
| CN109195139A (en) | Data transmission method, device, platform and the medium of M2M management platform and eSIM card | |
| CN106412969B (en) | The method and apparatus of integrated service gateway disaster tolerance switching | |
| CN106850356A (en) | A kind of Intelligent Building Group control method and device | |
| CN105119281B (en) | The UPFC control methods of quick Terminal sliding moding structures | |
| CN103457865B (en) | A kind of method of communicator and multi-protocol multichannel hierarchical data transmission | |
| CN108304716A (en) | Multi-application smart card and its application management method, communication system and communication means |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |