CN117240495A - Method and device for remotely controlling remote RPC (remote control of Internet of things) safety - Google Patents
Method and device for remotely controlling remote RPC (remote control of Internet of things) safety Download PDFInfo
- Publication number
- CN117240495A CN117240495A CN202310836588.3A CN202310836588A CN117240495A CN 117240495 A CN117240495 A CN 117240495A CN 202310836588 A CN202310836588 A CN 202310836588A CN 117240495 A CN117240495 A CN 117240495A
- Authority
- CN
- China
- Prior art keywords
- terminal equipment
- data
- network model
- security
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 73
- 238000004891 communication Methods 0.000 claims abstract description 37
- 230000005540 biological transmission Effects 0.000 claims abstract description 19
- 230000010485 coping Effects 0.000 claims abstract description 8
- 238000007726 management method Methods 0.000 claims description 35
- 230000008569 process Effects 0.000 claims description 16
- 238000012550 audit Methods 0.000 claims description 13
- 238000013500 data storage Methods 0.000 claims description 8
- 238000012544 monitoring process Methods 0.000 claims description 8
- 230000008520 organization Effects 0.000 claims description 8
- 238000012545 processing Methods 0.000 claims description 8
- 238000013475 authorization Methods 0.000 claims description 7
- 230000008859 change Effects 0.000 claims description 7
- 238000012217 deletion Methods 0.000 claims description 7
- 230000037430 deletion Effects 0.000 claims description 7
- 238000012360 testing method Methods 0.000 claims description 7
- 238000012549 training Methods 0.000 claims description 7
- 238000012800 visualization Methods 0.000 claims description 6
- 230000000694 effects Effects 0.000 claims description 4
- 230000006870 function Effects 0.000 claims description 4
- 238000004458 analytical method Methods 0.000 claims description 3
- 230000006399 behavior Effects 0.000 claims description 3
- 238000005516 engineering process Methods 0.000 description 6
- 230000003993 interaction Effects 0.000 description 4
- 238000004364 calculation method Methods 0.000 description 3
- 206010063385 Intellectualisation Diseases 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000007613 environmental effect Effects 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000004806 packaging method and process Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Abstract
The invention discloses a method and a device for remotely controlling the security of an remote RPC (remote control platform) of an internet traffic (IoT), and relates to the technical field of data security control; comprising the following steps: step 1: managing terminal equipment based on an IoT management platform, step 2: establishing a zero trust network model, simplifying an access control flow by using the control zero trust network model, and step 3: establishing a secure communication channel, ensuring confidentiality and integrity of communication data by using the secure communication channel and adopting an encryption method and a secure transmission protocol, and preventing man-in-the-middle attack and data tampering, and step 4: recording and auditing remote RPC operations by a recording and auditing module, including: and recording request sources, operation contents and result information, tracking and tracing RPC operation, and timely discovering and coping with the security event.
Description
Technical Field
The invention discloses a method and a device, relates to the technical field of data security control, and particularly relates to a method and a device for remote RPC security control of an IoT.
Background
The internet of things platform is a device management system which is formed by mutually connecting various intelligent devices, sensors, network devices and the like, and can realize actions of mutual collaboration, data interaction, control interaction and the like. In the equipment management process of the internet of things platform, remote control call (RPC) is a key technology for realizing communication between equipment and a cloud, so that a user can control the equipment anytime and anywhere, and the intellectualization, convenience and manageability of the equipment are improved. However, at present, the remote control call needs to be subjected to complex verification and data structure packaging, and confidentiality and integrity of data transmission are still to be improved, so that the existing remote RPC safety control flow is complex, the efficiency of the platform of the Internet of things is not improved, and the manageability and safety of the system are guaranteed.
Disclosure of Invention
Aiming at the problems in the prior art, the invention provides a method and a device for remotely controlling remote RPC of an IoT, and a remote RPC control method with high safety and reliability. The flow is simplified, and the security and the credibility of the whole network of the system are improved by effectively preventing unauthorized access and network attack. The remote control system is suitable for various Internet of things systems, can be widely applied to the request of remote control of the RPC, and provides safer and more reliable remote operation experience for users.
The specific scheme provided by the invention is as follows:
the invention provides a method for remotely controlling security of an internet traffic (IoT) RPC, which comprises the following steps:
step 1: managing terminal devices based on an IoT management platform, comprising:
managing the equipment access of the terminal equipment, collecting the data content of the terminal equipment, counting the heartbeat data of the continuous operation of the terminal equipment,
the security authentication of the management terminal equipment isolates the user data with different authorities by distributing the user authorities and the identity authentication, divides the data access authorities of the service scene,
the state monitoring of the management terminal equipment processes and displays the summarized terminal equipment application data according to different equipment groups, user rights and different scenes, provides the terminal equipment operation conditions for user visualization,
managing data storage of the terminal device, processing temporary data requests and permanent storage requirements by using the cache and the relational database respectively,
managing resource arrangement of terminal equipment, dividing different computing power resources according to computing power demand and resource usage scale in service scene by using an arrangement tool at service side,
the rule engine for managing the terminal equipment flexibly configures and customizes the rule engine for the user demands according to specific application scenes through the programmable component form,
managing the side end decision of the terminal equipment, and performing model training, testing and deployment on the terminal equipment in a specific scene based on an artificial intelligent algorithm of meta learning;
step 2: establishing a zero trust network model, simplifying an access control flow by using the control zero trust network model, and comprising the following steps:
the access agent is controlled using a control zero trust network model,
controlling single sign-on by using a control zero trust network model, verifying the identity of a user, generating a short-term Token as a credential for accessing a resource,
managing the access control engine using the control zero trust network model, providing authorization for each service request based on user, device and environment data, also performing access control on the geographic location,
the control zero trust network model is utilized to instruct a certificate issuing organization to issue certificates for each terminal device, thereby realizing the unique identification of the terminal device,
performing trust inference by using a control zero trust network model, judging dynamic access levels of various data according to the change of the access levels of users or terminal equipment,
establishing a device list database and a user group database by using a control zero trust network model, wherein the device list database stores enterprise purchasing and actively managed devices, and the user database manages the new addition and deletion of users in the service and performs role allocation;
step 3: a secure communication channel is established, the confidentiality and the integrity of communication data are ensured by utilizing the secure communication channel and adopting an encryption method and a secure transmission protocol, man-in-the-middle attacks and data tampering are prevented,
step 4: recording and auditing remote RPC operations by a recording and auditing module, including: and recording request sources, operation contents and result information, tracking and tracing RPC operation, and timely discovering and coping with the security event.
Further, in the IoT remote RPC security control method, the data content of the terminal device is collected in step 1, which includes collecting operation information of the terminal device, where the operation information includes CPU and memory occupancy rate of the controller, usage time and operation log of the application software, and transceiving status of remote control information.
In the method for remotely controlling the security of the remote RPC of the IoT, in step 2, a control zero trust network model is used for controlling single sign-on, and a multi-factor authentication mode is supported, wherein the authentication mode comprises account password authentication, short message authentication, KEY password authentication, fingerprint authentication and face authentication.
In the method for IoT remote RPC security control, in step 2, a control zero trust network model is used to instruct a certificate authority to store the certificate of the terminal device on hardware or a TPM, and in the device authentication process, the validity of the device is verified, the device with the security certificate is identified as a managed device, and the certificate of the terminal device is updated periodically.
In addition, in the method for controlling IoT remote RPC security, in step 3, encryption methods including symmetric encryption, asymmetric encryption, hash function, digital signature, VPN encryption are used, and security transmission protocols used include SSL/TLS, HTTPS, and SFTP.
Further, in the method for remotely controlling the security of the RPC of the IoT, the RPC operation is tracked and traced in the step 4, various events of the terminal equipment system are monitored and traced, user operation, network activity and system events are recorded,
analyzing the recorded log information, pursuing and auditing the operation behaviors of the user or the terminal equipment system, evaluating the security conditions of the current terminal equipment system and the application program, finding out possible loopholes and security threat conditions, and verifying whether the security regulations and compliance requirements are met according to the analysis of the log information.
The invention also provides a device for remotely controlling the security of the RPC of the IoT, which comprises a management module, an access control module, a security communication module and a record auditing module,
the management module manages the terminal device based on the IoT management platform, comprising:
managing the equipment access of the terminal equipment, collecting the data content of the terminal equipment, counting the heartbeat data of the continuous operation of the terminal equipment,
the security authentication of the management terminal equipment isolates the user data with different authorities by distributing the user authorities and the identity authentication, divides the data access authorities of the service scene,
the state monitoring of the management terminal equipment processes and displays the summarized terminal equipment application data according to different equipment groups, user rights and different scenes, provides the terminal equipment operation conditions for user visualization,
managing data storage of the terminal device, processing temporary data requests and permanent storage requirements by using the cache and the relational database respectively,
managing resource arrangement of terminal equipment, dividing different computing power resources according to computing power demand and resource usage scale in service scene by using an arrangement tool at service side,
the rule engine for managing the terminal equipment flexibly configures and customizes the rule engine for the user demands according to specific application scenes through the programmable component form,
managing the side end decision of the terminal equipment, and performing model training, testing and deployment on the terminal equipment in a specific scene based on an artificial intelligent algorithm of meta learning;
the access control module establishes a zero trust network model, simplifies the access control flow by using the control zero trust network model, and comprises the following steps:
the access agent is controlled using a control zero trust network model,
controlling single sign-on by using a control zero trust network model, verifying the identity of a user, generating a short-term Token as a credential for accessing a resource,
managing the access control engine using the control zero trust network model, providing authorization for each service request based on user, device and environment data, also performing access control on the geographic location,
the control zero trust network model is utilized to instruct a certificate issuing organization to issue certificates for each terminal device, thereby realizing the unique identification of the terminal device,
performing trust inference by using a control zero trust network model, judging dynamic access levels of various data according to the change of the access levels of users or terminal equipment,
establishing a device list database and a user group database by using a control zero trust network model, wherein the device list database stores enterprise purchasing and actively managed devices, and the user database manages the new addition and deletion of users in the service and performs role allocation;
the safety communication module establishes a safety communication channel, ensures confidentiality and integrity of communication data by adopting an encryption method and a safety transmission protocol by utilizing the safety communication channel, prevents man-in-the-middle attack and data tampering,
the record audit module records and audits remote RPC operation through the record audit module, and the record audit module comprises: and recording request sources, operation contents and result information, tracking and tracing RPC operation, and timely discovering and coping with the security event.
The present invention also provides an IoT remote RPC security control device comprising at least one memory and at least one processor;
the at least one memory for storing a machine readable program;
the at least one processor is configured to invoke the machine-readable program to perform the method of IoT remote RPC security control based on a zero trust network.
The invention has the advantages that:
the invention provides a method for remotely controlling the security of an remote RPC (remote control platform) of an internet traffic control (IoT), which realizes fine-grained authority management and multiple identity authentication of user and equipment access by combining an IoT platform and a zero trust network model technology, forms more effective access protection on data, effectively solves the problems of network potential safety hazard and information integrity in the process of remote procedure call, and ensures the security and credibility of remote RPC operation; meanwhile, the programmable configuration of resources can be realized according to the calculation power requirement of the service scene; and the intelligent decision-making capability of the terminal equipment is realized through an artificial intelligent algorithm of meta learning.
Drawings
FIG. 1 is a schematic diagram of an application framework of the device of the present invention.
FIG. 2 is a schematic flow chart of the method of the invention.
Detailed Description
IoT: (Internet of Things) refers to an internet of things system, which can realize the communication between the edge side and the internet of things equipment, perform data storage and equipment state management, support remote control and configuration, maintain the all-weather stable operation of the equipment, integrate and adapt with third party objects and the like.
RPC: (Remote Procedure Call) remote procedure call protocol, a protocol that requests services from a remote computer over a network without requiring knowledge of underlying network technology. The RPC assumes the existence of certain protocols, such as TPC/UDP, to carry information data between the communication programs.
The present invention will be further described with reference to the accompanying drawings and specific examples, which are not intended to be limiting, so that those skilled in the art will better understand the invention and practice it.
The invention provides a method for remotely controlling security of an internet traffic (IoT) RPC, which comprises the following steps:
step 1: managing terminal devices based on an IoT management platform, comprising:
managing the equipment access of the terminal equipment, collecting the data content of the terminal equipment, counting the heartbeat data of the continuous operation of the terminal equipment,
the security authentication of the management terminal equipment isolates the user data with different authorities by distributing the user authorities and the identity authentication, divides the data access authorities of the service scene,
the state monitoring of the management terminal equipment processes and displays the summarized terminal equipment application data according to different equipment groups, user rights and different scenes, provides the terminal equipment operation conditions for user visualization,
managing data storage of the terminal device, processing temporary data requests and permanent storage requirements by using the cache and the relational database respectively,
managing resource arrangement of terminal equipment, dividing different computing power resources according to computing power demand and resource usage scale in service scene by using an arrangement tool at service side,
the rule engine for managing the terminal equipment flexibly configures and customizes the rule engine for the user demands according to specific application scenes through the programmable component form,
managing the side end decision of the terminal equipment, and performing model training, testing and deployment on the terminal equipment in a specific scene based on an artificial intelligent algorithm of meta learning;
step 2: establishing a zero trust network model, simplifying an access control flow by using the control zero trust network model, and comprising the following steps:
the access agent is controlled using a control zero trust network model,
controlling single sign-on by using a control zero trust network model, verifying the identity of a user, generating a short-term Token as a credential for accessing a resource,
managing the access control engine using the control zero trust network model, providing authorization for each service request based on user, device and environment data, also performing access control on the geographic location,
the control zero trust network model is utilized to instruct a certificate issuing organization to issue certificates for each terminal device, thereby realizing the unique identification of the terminal device,
performing trust inference by using a control zero trust network model, judging dynamic access levels of various data according to the change of the access levels of users or terminal equipment,
establishing a device list database and a user group database by using a control zero trust network model, wherein the device list database stores enterprise purchasing and actively managed devices, and the user database manages the new addition and deletion of users in the service and performs role allocation;
step 3: a secure communication channel is established, the confidentiality and the integrity of communication data are ensured by utilizing the secure communication channel and adopting an encryption method and a secure transmission protocol, man-in-the-middle attacks and data tampering are prevented,
step 4: recording and auditing remote RPC operations by a recording and auditing module, including: and recording request sources, operation contents and result information, tracking and tracing RPC operation, and timely discovering and coping with the security event.
The method of the invention realizes remote terminal equipment management and data transmission functions based on an internet of things (IoT) platform, provides reliability and security of remote RPC operation, utilizes a zero trust network model to realize a security access strategy, controls access rights according to user identity, equipment state and context information, prevents unauthorized access and malicious attack, establishes a secure communication channel, adopts encryption technology and security transmission protocol, ensures confidentiality and integrity of communication data, prevents man-in-the-middle attack and data tampering, simultaneously records and audits remote RPC operation, tracks and traces the RPC operation, and timely discovers and deals with security events.
In particular applications, in some embodiments of the inventive method, the IoT remote RPC security control may be referred to as follows:
step 1: managing terminal devices based on an IoT management platform, comprising:
and managing the equipment access of the terminal equipment, collecting the data content of the terminal equipment, counting the heartbeat data of the continuous operation of the terminal equipment, and ensuring the stable operation of the terminal equipment. Further, the data content of the terminal device is collected in step 1, which includes operation information of the terminal device, wherein the operation information includes CPU and memory occupancy rate of the controller, use time and operation log of the application software, and receiving and transmitting state of remote control information, etc. for evaluating stability performance of the device in operation.
And the security authentication of the management terminal equipment isolates the user data with different authorities by distributing the user authorities and the identity authentication, and divides the data access authorities of the service scene.
And managing the state monitoring of the terminal equipment, processing and displaying the summarized terminal equipment application data according to different equipment groups, user rights and different scenes, and providing the terminal equipment application data for the user to visualize the running condition of the terminal equipment.
And managing the data storage of the terminal equipment, and processing temporary data requests and permanent storage requirements by using the cache and the relational database respectively. The use condition and log data of the equipment are conveniently positioned, and the use requirement of equipment maintenance personnel is met.
And managing the resource arrangement of the terminal equipment, and dividing different computing power resources according to the computing power requirements and the resource use scale in a service scene by using an arrangement tool at the service side, so that the utilization rate of the whole physical resources is improved.
The rule engine for managing the terminal equipment flexibly configures and customizes the rule engine for the user demands according to specific application scenes through the programmable component form,
and managing the edge decision of the terminal equipment, and performing model training, testing and deployment on the terminal equipment in a specific scene based on an artificial intelligent algorithm of meta-learning to realize the autonomous state control of the edge equipment so as to achieve the expected execution effect of a user.
Step 2: establishing a zero trust network model, simplifying an access control flow by using the control zero trust network model, and comprising the following steps:
the access agent is controlled using a control zero trust network model.
And controlling single sign-on by using the control zero trust network model, verifying the identity of the user, and generating a short-term Token as a credential for accessing the resource. In step 2, a control zero trust network model is used for controlling single sign-on, and a multi-factor authentication mode is supported, wherein the authentication mode comprises account password authentication, short message authentication, KEY password authentication, fingerprint authentication and face authentication.
And indicating a certificate issuing organization to issue a certificate for each terminal device by using the control zero trust network model, so as to realize the unique identification of the terminal device. In step 2, the certificate issuing organization is instructed to store the certificate of the terminal device on hardware or a TPM by using the control zero trust network model, the validity of the device is verified in the device authentication process, the device with the security certificate is identified as the managed device, and the certificate of the terminal device is updated periodically.
Trust inference is performed by using a control zero trust network model, and the dynamic access level of various data is judged according to the change of the access level of a user or terminal equipment, and the information can be used as a part of the decision of an access control engine (Access Control Engine).
An access control engine is managed using a control zero trust network model, providing authorization for each service request based on user, device, and environmental data, and also access controlling the geographic location.
Establishing a device list database and a user group database by using a control zero trust network model, wherein the device list database stores enterprise purchasing and actively managed devices, and an accurate device database is the basis of the zero trust network model, so that terminal devices can be brought into a management range, and safety assurance and full coverage management are realized; and the user database manages the new addition and deletion of the users in the service and performs role allocation.
Step 3: and establishing a secure communication channel, and ensuring confidentiality and integrity of communication data by using an encryption method and a secure transmission protocol by using the secure communication channel to prevent man-in-the-middle attack and data tampering. Furthermore, in the step 3, the encryption method comprises a symmetric encryption method, an asymmetric encryption method, a hash function method, a digital signature method, a VPN encryption method and the like, so that the security and confidentiality of important information such as a computer, a network system and communication data can be effectively protected, and meanwhile, the integrity, the reliability and the authenticity of data transmission are guaranteed. The use of suitable encryption techniques can effectively prevent hacking and theft of confidential information. The adopted secure transmission protocols are SSL/TLS, HTTPS, SFTP and the like. Secure transmission protocols are communication protocols designed to protect the transmission of data in a computer network. The secure transmission protocol provides security services such as data transmission confidentiality, data integrity, authentication, and non-repudiation.
Step 4: recording and auditing remote RPC operations by a recording and auditing module, including: and recording request sources, operation contents and result information, tracking and tracing RPC operation, and timely discovering and coping with the security event. Further, in step 4, the RPC operation is tracked and traced, various events of the terminal equipment system are monitored and traced, user operation, network activity and system events are recorded,
analyzing the recorded log information, pursuing and auditing the operation behaviors of the user or the terminal equipment system, evaluating the security conditions of the current terminal equipment system and the application program, finding out possible loopholes and security threat conditions, and verifying whether the security regulations and compliance requirements are met according to the analysis of the log information.
The invention also provides a device for remotely controlling the security of the RPC of the IoT, which comprises a management module, an access control module, a security communication module and a record auditing module,
the management module manages the terminal device based on the IoT management platform, comprising:
managing the equipment access of the terminal equipment, collecting the data content of the terminal equipment, counting the heartbeat data of the continuous operation of the terminal equipment,
the security authentication of the management terminal equipment isolates the user data with different authorities by distributing the user authorities and the identity authentication, divides the data access authorities of the service scene,
the state monitoring of the management terminal equipment processes and displays the summarized terminal equipment application data according to different equipment groups, user rights and different scenes, provides the terminal equipment operation conditions for user visualization,
managing data storage of the terminal device, processing temporary data requests and permanent storage requirements by using the cache and the relational database respectively,
managing resource arrangement of terminal equipment, dividing different computing power resources according to computing power demand and resource usage scale in service scene by using an arrangement tool at service side,
the rule engine for managing the terminal equipment flexibly configures and customizes the rule engine for the user demands according to specific application scenes through the programmable component form,
managing the side end decision of the terminal equipment, and performing model training, testing and deployment on the terminal equipment in a specific scene based on an artificial intelligent algorithm of meta learning;
the access control module establishes a zero trust network model, simplifies the access control flow by using the control zero trust network model, and comprises the following steps:
the access agent is controlled using a control zero trust network model,
controlling single sign-on by using a control zero trust network model, verifying the identity of a user, generating a short-term Token as a credential for accessing a resource,
managing the access control engine using the control zero trust network model, providing authorization for each service request based on user, device and environment data, also performing access control on the geographic location,
the control zero trust network model is utilized to instruct a certificate issuing organization to issue certificates for each terminal device, thereby realizing the unique identification of the terminal device,
performing trust inference by using a control zero trust network model, judging dynamic access levels of various data according to the change of the access levels of users or terminal equipment,
establishing a device list database and a user group database by using a control zero trust network model, wherein the device list database stores enterprise purchasing and actively managed devices, and the user database manages the new addition and deletion of users in the service and performs role allocation;
the safety communication module establishes a safety communication channel, ensures confidentiality and integrity of communication data by adopting an encryption method and a safety transmission protocol by utilizing the safety communication channel, prevents man-in-the-middle attack and data tampering,
the record audit module records and audits remote RPC operation through the record audit module, and the record audit module comprises: and recording request sources, operation contents and result information, tracking and tracing RPC operation, and timely discovering and coping with the security event.
The content of information interaction and execution process between the modules in the device is based on the same conception as the embodiment of the method of the present invention, and specific content can be referred to the description in the embodiment of the method of the present invention, which is not repeated here.
Similarly, the device of the invention realizes fine grain authority management and multiple identity authentication of user and equipment access by combining an internet of things (IoT) platform and a zero trust network model technology, forms more effective access protection for data, effectively solves the problems of network potential safety hazard and information integrity in the remote procedure call process, and ensures the safety and reliability of remote RPC operation; meanwhile, the programmable configuration of resources can be realized according to the calculation power requirement of the service scene; and the intelligent decision-making capability of the terminal equipment is realized through an artificial intelligent algorithm of meta learning.
The present invention also provides an IoT remote RPC security control device comprising at least one memory and at least one processor;
the at least one memory for storing a machine readable program;
the at least one processor is configured to invoke the machine-readable program to perform the method of IoT remote RPC security control based on a zero trust network.
The content of the information interaction and the readable program process of the processor in the device is based on the same concept as the embodiment of the method of the present invention, and the specific content can be referred to the description in the embodiment of the method of the present invention, which is not repeated here.
Similarly, the device of the invention realizes fine grain authority management and multiple identity authentication of user and device access by combining an internet of things (IoT) platform and a zero trust network model technology, forms more effective access protection for data, effectively solves the problems of network potential safety hazard and information integrity in the remote procedure call process, and ensures the safety and reliability of remote RPC operation; meanwhile, the programmable configuration of resources can be realized according to the calculation power requirement of the service scene; and the intelligent decision-making capability of the terminal equipment is realized through an artificial intelligent algorithm of meta learning.
It should be noted that not all the steps and modules in the above processes and the devices are necessary, and some steps or modules may be omitted according to actual needs. The execution sequence of the steps is not fixed and can be adjusted as required. The system structure described in the above embodiments may be a physical structure or a logical structure, that is, some modules may be implemented by the same physical entity, or some modules may be implemented by multiple physical entities, or may be implemented jointly by some components in multiple independent devices.
The above-described embodiments are merely preferred embodiments for fully explaining the present invention, and the scope of the present invention is not limited thereto. Equivalent substitutions and modifications will occur to those skilled in the art based on the present invention, and are intended to be within the scope of the present invention. The protection scope of the invention is subject to the claims.
Claims (8)
1. A method of IoT remote RPC security control, comprising:
step 1: managing terminal devices based on an IoT management platform, comprising:
managing the equipment access of the terminal equipment, collecting the data content of the terminal equipment, counting the heartbeat data of the continuous operation of the terminal equipment,
the security authentication of the management terminal equipment isolates the user data with different authorities by distributing the user authorities and the identity authentication, divides the data access authorities of the service scene,
the state monitoring of the management terminal equipment processes and displays the summarized terminal equipment application data according to different equipment groups, user rights and different scenes, provides the terminal equipment operation conditions for user visualization,
managing data storage of the terminal device, processing temporary data requests and permanent storage requirements by using the cache and the relational database respectively,
managing resource arrangement of terminal equipment, dividing different computing power resources according to computing power demand and resource usage scale in service scene by using an arrangement tool at service side,
the rule engine for managing the terminal equipment flexibly configures and customizes the rule engine for the user demands according to specific application scenes through the programmable component form,
managing the side end decision of the terminal equipment, and performing model training, testing and deployment on the terminal equipment in a specific scene based on an artificial intelligent algorithm of meta learning;
step 2: establishing a zero trust network model, simplifying an access control flow by using the control zero trust network model, and comprising the following steps:
the access agent is controlled using a control zero trust network model,
controlling single sign-on by using a control zero trust network model, verifying the identity of a user, generating a short-term Token as a credential for accessing a resource,
managing the access control engine using the control zero trust network model, providing authorization for each service request based on user, device and environment data, also performing access control on the geographic location,
the control zero trust network model is utilized to instruct a certificate issuing organization to issue certificates for each terminal device, thereby realizing the unique identification of the terminal device,
performing trust inference by using a control zero trust network model, judging dynamic access levels of various data according to the change of the access levels of users or terminal equipment,
establishing a device list database and a user group database by using a control zero trust network model, wherein the device list database stores enterprise purchasing and actively managed devices, and the user database manages the new addition and deletion of users in the service and performs role allocation;
step 3: a secure communication channel is established, the confidentiality and the integrity of communication data are ensured by utilizing the secure communication channel and adopting an encryption method and a secure transmission protocol, man-in-the-middle attacks and data tampering are prevented,
step 4: recording and auditing remote RPC operations by a recording and auditing module, including: and recording request sources, operation contents and result information, tracking and tracing RPC operation, and timely discovering and coping with the security event.
2. The method for remotely controlling the security of the RPC of the IoT device according to claim 1, wherein the step 1 of collecting the data content of the terminal device includes collecting the operation information of the terminal device, wherein the operation information includes the CPU and the memory occupancy of the controller, the use time and the operation log of the application software, and the transceiving status of the remote control information.
3. The method for remotely controlling the security of the remote RPC of IoT according to claim 1, wherein in step 2, the single sign-on is controlled by using a control zero trust network model, and a multi-factor authentication mode is supported, wherein the authentication mode includes account password authentication, short message authentication, KEY password authentication, fingerprint authentication and face authentication.
4. The method of claim 1, wherein in step 2, the certificate authority is instructed by the control zero trust network model to store the certificate of the terminal device on hardware or the TPM, the validity of the device is verified in the device authentication process, the device with the security certificate is identified as the managed device, and the certificate of the terminal device is updated periodically.
5. The method for remotely controlling the security of the remote RPC of IoT according to claim 1, wherein the encryption method adopted in step 3 includes a symmetric encryption method, an asymmetric encryption method, a hash function method, a digital signature method, and a VPN encryption method, and the adopted secure transmission protocols are SSL/TLS, HTTPS, and SFTP.
6. The method for remote RPC security control of IoT of claim 1, wherein the steps of tracking and tracing the RPC operation, monitoring and tracking various events of the terminal device system, recording user operation, network activity and system events,
analyzing the recorded log information, pursuing and auditing the operation behaviors of the user or the terminal equipment system, evaluating the security conditions of the current terminal equipment system and the application program, finding out possible loopholes and security threat conditions, and verifying whether the security regulations and compliance requirements are met according to the analysis of the log information.
7. An IoT remote RPC security control device is characterized by comprising a management module, an access control module, a security communication module and a record auditing module,
the management module manages the terminal device based on the IoT management platform, comprising:
managing the equipment access of the terminal equipment, collecting the data content of the terminal equipment, counting the heartbeat data of the continuous operation of the terminal equipment,
the security authentication of the management terminal equipment isolates the user data with different authorities by distributing the user authorities and the identity authentication, divides the data access authorities of the service scene,
the state monitoring of the management terminal equipment processes and displays the summarized terminal equipment application data according to different equipment groups, user rights and different scenes, provides the terminal equipment operation conditions for user visualization,
managing data storage of the terminal device, processing temporary data requests and permanent storage requirements by using the cache and the relational database respectively,
managing resource arrangement of terminal equipment, dividing different computing power resources according to computing power demand and resource usage scale in service scene by using an arrangement tool at service side,
the rule engine for managing the terminal equipment flexibly configures and customizes the rule engine for the user demands according to specific application scenes through the programmable component form,
managing the side end decision of the terminal equipment, and performing model training, testing and deployment on the terminal equipment in a specific scene based on an artificial intelligent algorithm of meta learning;
the access control module establishes a zero trust network model, simplifies the access control flow by using the control zero trust network model, and comprises the following steps:
the access agent is controlled using a control zero trust network model,
controlling single sign-on by using a control zero trust network model, verifying the identity of a user, generating a short-term Token as a credential for accessing a resource,
managing the access control engine using the control zero trust network model, providing authorization for each service request based on user, device and environment data, also performing access control on the geographic location,
the control zero trust network model is utilized to instruct a certificate issuing organization to issue certificates for each terminal device, thereby realizing the unique identification of the terminal device,
performing trust inference by using a control zero trust network model, judging dynamic access levels of various data according to the change of the access levels of users or terminal equipment,
establishing a device list database and a user group database by using a control zero trust network model, wherein the device list database stores enterprise purchasing and actively managed devices, and the user database manages the new addition and deletion of users in the service and performs role allocation;
the safety communication module establishes a safety communication channel, ensures confidentiality and integrity of communication data by adopting an encryption method and a safety transmission protocol by utilizing the safety communication channel, prevents man-in-the-middle attack and data tampering,
the record audit module records and audits remote RPC operation through the record audit module, and the record audit module comprises: and recording request sources, operation contents and result information, tracking and tracing RPC operation, and timely discovering and coping with the security event.
8. An IoT remote RPC security controlled device comprising at least one memory and at least one processor;
the at least one memory for storing a machine readable program;
the at least one processor to invoke the machine readable program to perform the method of any of claims 1 to 6 based on IoT remote RPC security control over a zero-trust network.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202310836588.3A CN117240495A (en) | 2023-07-10 | 2023-07-10 | Method and device for remotely controlling remote RPC (remote control of Internet of things) safety |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202310836588.3A CN117240495A (en) | 2023-07-10 | 2023-07-10 | Method and device for remotely controlling remote RPC (remote control of Internet of things) safety |
Publications (1)
Publication Number | Publication Date |
---|---|
CN117240495A true CN117240495A (en) | 2023-12-15 |
Family
ID=89093651
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202310836588.3A Pending CN117240495A (en) | 2023-07-10 | 2023-07-10 | Method and device for remotely controlling remote RPC (remote control of Internet of things) safety |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN117240495A (en) |
-
2023
- 2023-07-10 CN CN202310836588.3A patent/CN117240495A/en active Pending
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN111082940B (en) | Internet of things equipment control method and device, computing equipment and storage medium | |
He et al. | A survey on zero trust architecture: Challenges and future trends | |
CN105430000A (en) | Cloud computing security management system | |
US20150281278A1 (en) | System For Securing Electric Power Grid Operations From Cyber-Attack | |
US10333930B2 (en) | System and method for transparent multi-factor authentication and security posture checking | |
US20080172713A1 (en) | Network Security Enforcement System | |
US11392615B2 (en) | Process for establishing trust between multiple autonomous systems for the purposes of command and control | |
CN117040896A (en) | Internet of things management method and Internet of things management platform | |
CN114866346B (en) | Password service platform based on decentralization | |
CN117131484A (en) | Dynamic encryption method, system, computer equipment and storage medium | |
CN117319030A (en) | Data safety transmission system | |
CN113992328A (en) | Zero trust transport layer flow authentication method, device and storage medium | |
CN111212077B (en) | Host access system and method | |
KR20130085473A (en) | Encryption system for intrusion detection system of cloud computing service | |
CN116684875A (en) | Communication security authentication method for electric power 5G network slice | |
Feng et al. | Autonomous Vehicles' Forensics in Smart Cities | |
Kumar et al. | A real time fog computing applications their privacy issues and solutions | |
CN116192481A (en) | Analysis method for secure communication mechanism between cloud computing server models | |
Jena et al. | A Pragmatic Analysis of Security Concerns in Cloud, Fog, and Edge Environment | |
CN114024767B (en) | Method for constructing password definition network security system, system architecture and data forwarding method | |
CN117240495A (en) | Method and device for remotely controlling remote RPC (remote control of Internet of things) safety | |
CN114979140A (en) | Unmanned aerial vehicle urban traffic management interaction method and platform based on edge calculation and computer readable medium | |
CN113608907A (en) | Database auditing method, device, equipment, system and storage medium | |
Guo et al. | Research on the Application Risk of Computer Network Security Technology | |
Al Shahrani et al. | Blockchain-enabled federated learning for prevention of power terminals threats in IoT environment using edge zero-trust model |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |