CN117596586A - Private protocol communication method between system server and converged base station edge computing module - Google Patents
Private protocol communication method between system server and converged base station edge computing module Download PDFInfo
- Publication number
- CN117596586A CN117596586A CN202311117386.XA CN202311117386A CN117596586A CN 117596586 A CN117596586 A CN 117596586A CN 202311117386 A CN202311117386 A CN 202311117386A CN 117596586 A CN117596586 A CN 117596586A
- Authority
- CN
- China
- Prior art keywords
- base station
- server
- edge computing
- smarmt
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000004891 communication Methods 0.000 title claims abstract description 60
- 238000000034 method Methods 0.000 title claims abstract description 36
- 230000005540 biological transmission Effects 0.000 claims abstract description 14
- 238000005516 engineering process Methods 0.000 claims abstract description 11
- 230000004927 fusion Effects 0.000 claims description 65
- 238000004364 calculation method Methods 0.000 claims description 39
- 238000012795 verification Methods 0.000 claims description 23
- 230000002093 peripheral effect Effects 0.000 claims description 16
- 238000012544 monitoring process Methods 0.000 claims description 6
- 239000000284 extract Substances 0.000 claims description 5
- 238000012545 processing Methods 0.000 claims description 5
- OTZZZISTDGMMMX-UHFFFAOYSA-N 2-(3,5-dimethylpyrazol-1-yl)-n,n-bis[2-(3,5-dimethylpyrazol-1-yl)ethyl]ethanamine Chemical compound N1=C(C)C=C(C)N1CCN(CCN1C(=CC(C)=N1)C)CCN1C(C)=CC(C)=N1 OTZZZISTDGMMMX-UHFFFAOYSA-N 0.000 claims description 3
- 241001441724 Tetraodontidae Species 0.000 claims description 3
- 238000012856 packing Methods 0.000 claims description 2
- 238000001514 detection method Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 238000004458 analytical method Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000005242 forging Methods 0.000 description 1
- 238000012216 screening Methods 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/03—Protecting confidentiality, e.g. by encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
- H04L9/3213—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
- H04W12/084—Access security using delegated authorisation, e.g. open authorisation [OAuth] protocol
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/70—Reducing energy consumption in communication networks in wireless communication networks
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention belongs to the technical field of communication, and particularly relates to a private protocol communication method between a system server and a converged base station edge computing module. The SmaRMT server and the converged base station edge computing modules communicate by adopting a private protocol, communication data between the SmaRMT server and the converged base station edge computing modules are encrypted by adopting a cryptographic technology, an independent permanent identity token is distributed to the SmaRMT server and the edge computing modules of each converged base station, the token is bound in encrypted data of the private protocol for transmission, the SmaRMT server and the converged base station can discriminate identity tokens of the received data, and communication data which do not contain the identity tokens are discarded. According to the method, the data of the modules are read and controlled by adopting a private protocol according to the actual application scene of the nuclear power station, so that the privacy and the non-openness of a nuclear power internal service system are met.
Description
Technical Field
The invention belongs to the technical field of communication, and particularly relates to a private protocol communication method between a system server and a converged base station edge computing module.
Background
The newly built nuclear power stations in China all adopt wireless communication technology as main communication means in a factory building, and wireless base stations are main wireless communication equipment adopted in the nuclear power stations. The SmaRMT system is a remote monitoring system for a nuclear power plant, and through an advanced wireless transmission technology, a customized interface module and a unified data processing system, a user can access a large amount of unused information installed in internal equipment of a nuclear power plant. The nuclear power remote monitoring system provides a simple, reliable and safe remote data access and management control method, and simultaneously fully utilizes the existing data transmission network in the nuclear power factory building, thereby not only improving the utilization rate of the existing system, but also maximally reducing the implementation cost of the system.
The equipment in the factory building sends the monitoring data of the equipment to a SmaRMT system server through a wireless communication network by a wireless interface, and the SmaRMT system server performs data processing and visual display.
With the development of information technology and the construction of intelligent nuclear power plants, the environment and the field condition of a factory building in the nuclear power plants are perceived at any time and any place based on the service requirements and the management flow lifting requirements in the nuclear power plants. The conventional general wireless base station cannot meet the requirement, and the converged base station is integrated with various wireless network technologies, various detection modules and various functional modules and has edge computing capability, so that the converged base station can be deployed in a nuclear power plant to replace the conventional wireless base station network equipment. The main difference between the fusion base station and the general wireless base station is that an edge calculation module is added, the edge calculation module provides access interfaces of peripheral equipment including various sensors such as temperature, humidity, pressure, audio and video, millimeter wave and laser radar, and the like, and the wireless communication capability of the wireless base station is expanded, including RFID, zigbee, UWB and BLE. The edge computing module has stronger computing capacity and can preprocess the accessed sensor data, so that the processed data only need to be sent to the SmaRMT server, and precious wireless network bandwidth resources are saved. The SmaRMT server may further send an instruction to the edge computing module, where the edge computing module may parse the instruction after receiving the specific instruction, and send the instruction to a corresponding controlled device, so as to control the peripheral device and the extended wireless communication device.
Disclosure of Invention
The invention aims to provide a private protocol communication method between a system server and a fusion base station edge computing module, which adopts a private protocol for communication in order to ensure information safety due to the non-openness of a nuclear power internal information system. Meanwhile, due to the importance of the nuclear power information system, the method adopts an encryption algorithm to encrypt communication data, so that the data security is ensured. In order to avoid sending fake data between the SmaRMT server and the edge computing modules of the fusion base stations through a network, the method allocates independent identity token for the SmaRMT server and the edge computing modules of each fusion base station, binds the token in encrypted data of a private protocol for transmission, the fusion base stations and the edge computing modules can discriminate the identity tokens of the received data, communication data without the identity tokens are discarded, and the edge computing modules of the fusion base stations can send alarm information suspected to be attacked by the network to the SmaRMT server.
In order to achieve the above purpose, the technical scheme adopted by the invention is as follows:
a private protocol communication method between a system server and an edge computing module of a converged base station comprises the steps that the SmaRMT server and the edge computing module of the converged base station communicate by adopting a private protocol, communication data between the SmaRMT server and the edge computing module of the converged base station are encrypted by adopting a cryptographic technology, independent permanent identity tokens token are distributed to the SmaRMT server and the edge computing module of each converged base station and are bound in encrypted data of the private protocol for transmission, the SmaRMT server and the converged base station can discriminate identity tokens of the received data, communication data without identity tokens are discarded, when the edge computing module of the converged base station receives the communication data without the SmaRMT identity tokens, the edge computing module of the converged base station sends alarm information suspected to be attacked by a network to the SmaRMT server, when the SmaRMT server receives network equipment data without the identity tokens, the SmaRMT server generates alarm suspected to be attacked by the network, network equipment characteristic information including IP addresses and MAC addresses in the data is extracted and is displayed in the alarm information.
The fusion base station edge calculation module provides peripheral sensor equipment interfaces which the fusion base station belongs to, wherein the peripheral sensor equipment interfaces comprise temperature, humidity, pressure, audio and video, millimeter wave and laser radar sensors.
The converged base station edge calculation module provides an extended wireless communication device interface to which the converged base station belongs, including RFID, zigbee, UWB and BLE.
The converged base station edge computing module sends a registration message to the SmaRMT server through a private protocol, and sends data information of the peripheral sensor equipment and the extension communication equipment to the SmaRMT server according to a working plan; the SmaRMT server transmits parameter configuration information and a work plan, and control instructions for the peripheral sensor device and the extension communication device to the edge calculation module through a private protocol.
The fusion base station edge calculation module starts the flow: after the fusion base station edge calculation module is powered on and started, the parameters of the fusion base station edge calculation module are read, wherein the parameters comprise a network, a time zone, a server address, an access port and an encryption key; the fused base station edge calculation module performs program initialization according to the parameters and starts a self network; the fusion base station edge computing module initiates SmaRMT server connection and establishes an encrypted data transmission channel;
the converged base station edge computing module sends a registration request to the SmaRMT server through an encrypted data transmission channel, wherein the registration request carries an MAC address of the converged base station edge computing module as an initial validity verification condition; the converged base station edge computing module receives a registration response of the SmaRMT server and a parameter configuration instruction, wherein the registration response comprises a converged base station edge computing module identity token and a SmaRMT server identity token, and the parameter configuration instruction comprises, but is not limited to, a clock calibration parameter, a sensor list started by the edge computing module, an extended wireless device list started by the edge computing module, sensor parameters and extended communication device parameters; the fusion base station edge calculation module carries out equipment parameter configuration according to the received parameters; after parameter configuration is completed, the fusion base station edge computing module requests a working plan to the SmaRMT server through an encrypted data channel, wherein the working plan is formulated according to different sensors or expansion communication equipment, and comprises, but is not limited to, the starting/closing of the sensors, the sending content and format of data, the sending frequency of the data and the automatic sending starting/stopping time of the data; after receiving the SmaRMT server work plan, the fusion base station edge computing module executes instructions according to the work plan requirements, and waits to receive new instructions from the SmaRMT server through a monitoring port; and after receiving the new instruction, the fusion base station immediately executes the new working instruction.
And (3) data encryption flow: and encrypting data between the SmaRMT server and the fusion base station edge computing module by using a symmetric data encryption algorithm, wherein the SmaRMT server and the fusion base station edge computing module encrypt and decrypt the data by using a preset private key.
The symmetric data encryption algorithm comprises a DES algorithm, a 3DES algorithm, a TDEA algorithm, a Blowfish algorithm, an RC5 algorithm and an IDEA algorithm.
The CBC mode data encryption flow of the DES algorithm is as follows: dividing the data to be encrypted into N groups, wherein each group is 16 bytes, and the groups less than 16 bytes are filled by adopting a PKCS5 packing mode; randomly finding an initialization vector IV, wherein the size of the initialization vector is 16 bytes of the size of each group, and the initialization vector is used for carrying out exclusive OR operation with the plaintext group 1; encrypting the result of the exclusive-or operation by adopting a selected secret key and an encryption mode; performing exclusive OR operation on the obtained ciphertext group 1 and the plaintext group 2; encrypting the result of the exclusive-or operation by adopting a selected secret key and an encryption mode; performing exclusive OR operation on the obtained ciphertext group 2 and the plaintext group 3; encrypting the result of the exclusive-or operation by adopting a selected secret key and an encryption mode; and the like, finally obtaining N groups of ciphertext obtained by encryption; if the index of the first packet is 1, the mathematical formula of the encryption flow is:
Ci=EK(Bi⊕Ci-1)
C0=IV
where EK represents a block encryption algorithm using key K, ci-1 is the ciphertext corresponding to Bi-1.
The data decryption flow is the reverse process of the data encryption flow, and specifically comprises the following steps: dividing the encrypted data into N packets, each packet being 16 bytes; decrypting the ciphertext group 1 by using the selected key and the decryption mode to obtain a first decrypted block; finding an initialization vector IV in encryption, and performing exclusive OR operation with the first decrypted block to obtain a plaintext packet 1; decrypting the ciphertext group 2 by using the selected key and the decryption mode to obtain a second decrypted block; performing exclusive OR operation on the ciphertext group 1 and the second decrypted block to obtain a plaintext group 2; decrypting the ciphertext group 3 by using the selected key and the decryption mode to obtain a third decrypted block; performing exclusive OR operation on the ciphertext group 2 and the third decrypted block to obtain a plaintext group 3; the decryption formula of the decryption flow is as follows:
Bi=DK(Ci)⊕(Ci-1)
C0=IV
where DK represents the block decryption algorithm using the key K.
The identity token verification process integrating the base station edge computing module is as follows: firstly, initializing a SmaRMT server, and importing the MAC address tables of all the pre-written fused base station edge calculation modules into a system; the SmaRMT server generates a token of the server and a token fused with a base station edge calculation module according to the MAC address table and a token generation algorithm; the SmaRMT server correlates the token and the MAC address of the fused base station edge computing module to generate a corresponding correlation table; the fused base station edge computing module is electrified for the first time, registration is needed to be carried out to the SmaRMT server, and registration information contains the MAC address of the fused base station edge computing module for carrying out first-time validity verification; after the MAC address passes verification, the SmaRMT server sends a registration response message to the fusion base station edge computing module, wherein the message comprises a server and a token of the current fusion base station edge computing module; if the MAC address verification is not passed, the edge computing module sending the registration message is determined to be illegally accessed, and the SmaRMT server generates alarm information containing the IP address and the MAC address of the module; after receiving the registration response, the fusion base station subsequently sends all data to the SmaRMT server as encrypted data and contains a token of the fusion base station; after receiving the encrypted data, the SmaRMT server operates a decryption algorithm to decrypt and extracts a converged base station edge calculation module token and an MAC address in the data; the SmaRMT server compares and verifies the extracted converged base station edge computing module token and the MAC address with an association table in a database; if the verification is passed, the received encrypted data is effective data, and subsequent data processing and storage are carried out; if the verification is not passed, the received encrypted data is invalid data, and the data is archived, and alarm information including the IP address and the MAC address of an edge computing module for transmitting the data is generated.
The beneficial effects obtained by the invention are as follows:
the method can effectively solve the functional requirements of reading and controlling the data of peripheral equipment required after the wireless base station is lifted to be a fusion base station, and the functional requirements comprise reading and controlling the data of various sensors such as temperature, humidity, pressure, audio and video, millimeter wave, laser radar and the like, and can realize the access and control of an expansion communication module comprising RFID, zigbee, UWB and BLE. According to the method, the data of the modules are read and controlled by adopting a private protocol according to the actual application scene of the nuclear power station, so that the privacy and the non-openness of a nuclear power internal service system are met. And the communication data between the SmaRMT server and the fusion base station edge computing module is encrypted by adopting data encryption data, so that the corresponding data security is effectively ensured. And identity token technology is adopted to discriminate the legality of the SmaRMT server and the fusion base station, so that illegal equipment is effectively prevented from accessing the system.
Drawings
Fig. 1 is a network structure diagram of a SmaRMT server and a converged base station edge computation module;
FIG. 2 is a diagram of a fused base station edge calculation module peripheral;
FIG. 3 is a flowchart of the fused base station edge calculation module;
FIG. 4 is a data encryption flow chart;
FIG. 5 is a data decryption flow chart;
fig. 6 is a flow chart of identity token verification of the converged base station edge computing module.
Detailed Description
The invention will now be described in detail with reference to the drawings and specific examples.
The SmaRMT server and the fusion base station edge computing module communicate by adopting a private protocol so as to ensure the privacy of communication contents. Communication data between the SmaRMT server and the fusion base station edge computing module is encrypted by adopting a cryptographic technology so as to ensure information security. The method distributes independent permanent identity token for SmaRMT server and edge computing module of each fusion base station to prevent identity forging. The token is bound in encrypted data of a private protocol for transmission, the SmaRMT server and the fusion base station can carry out identity token screening on the received data, and communication data without the identity token is discarded. When the converged base station edge computing module receives communication data which does not contain the SmaRMT identity token, the converged base station edge computing module sends alarm information suspected to be attacked by the network to the SmaRMT server. When the SmaRMT server receives network device data which does not contain an identity token, the SmaRMT server generates an alarm suspected of being attacked by the network, extracts and transmits network device characteristic information in the data, including an IP address and a MAC address, and displays the information in the alarm information.
The fusion base station edge calculation module in the method provides a peripheral sensor equipment interface of the fusion base station, wherein the peripheral sensor equipment interface comprises temperature, humidity, pressure, audio and video and a foreign matter detection sensor (millimeter wave and laser radar sensor). The fused base station edge calculation module in the method provides an extended wireless communication device interface to which the fused base station belongs, including RFID, zigbee, UWB and BLE. The converged base station edge calculation module sends a registration message to the SmaRMT server through a private protocol, and sends data information of the peripheral sensor device and the extension communication device to the SmaRMT server according to a working plan. The SmaRMT server transmits parameter configuration information and a work plan, and control instructions for the peripheral sensor device and the extension communication device to the edge calculation module through a private protocol.
The invention provides a communication method of a private protocol between a SmaRMT server of a nuclear power station and an edge computing module of a fusion base station, which adopts a custom protocol for communication and control so as to avoid illegal interception and analysis of data and ensure information security. The communication data is encrypted by adopting a cryptographic technology, so that plaintext transmission is avoided, and the data security is ensured. Meanwhile, the method distributes independent identity tokens token for the SmaRMT server and the edge computing module of each fusion base station, and the validity and the effectiveness of communication data are screened through the identity tokens so as to avoid illegal counterfeit data attack.
The implementation of the method comprises the following steps:
(1) The fusion base station edge calculation module starts the flow:
after the fusion base station edge calculation module is powered on and started, the parameters of the fusion base station edge calculation module are read, wherein the parameters comprise a network, a time zone, a server address, an access port and an encryption key.
And the fused base station edge calculation module performs program initialization according to the parameters and starts the network.
And the fusion base station edge computing module initiates SmaRMT server connection to establish an encrypted data transmission channel.
The fusion base station edge computing module sends a registration request to the SmaRMT server through an encrypted data transmission channel, wherein the registration request carries the MAC address of the fusion base station edge computing module as an initial validity verification condition.
The converged base station edge computing module receives a registration response of the SmaRMT server and a parameter configuration instruction, wherein the registration response comprises a converged base station edge computing module identity token and a SmaRMT server identity token, and the parameter configuration instruction comprises, but is not limited to, a clock calibration parameter, a sensor list started by the edge computing module, an extended wireless device list started by the edge computing module, sensor parameters and extended communication device parameters.
And the fusion base station edge calculation module carries out equipment parameter configuration according to the received parameters.
After the parameter configuration is completed, the fusion base station edge computing module requests a working plan to the SmaRMT server through an encrypted data channel, wherein the working plan is formulated according to different sensors or expansion communication equipment, and the working plan comprises but is not limited to the starting/closing of the sensors, the sending content and format of data, the sending frequency of the data and the automatic sending starting/stopping time of the data.
And after receiving the SmaRMT server work plan, the fusion base station edge calculation module executes the instruction according to the work plan requirement, and waits to receive a new instruction from the SmaRMT server through the monitoring port.
And after receiving the new instruction, the fusion base station immediately executes the new working instruction.
(2) And (3) data encryption flow:
the nuclear power station service has the characteristic of privacy naturally, and in order to reduce the resource requirement of data encryption on the SmaRMT server, the method adopts a symmetric data encryption technology to encrypt data between the SmaRMT server and the fusion base station edge computing module. The SmaRMT server and the fusion base station edge computing module use a preset private key to encrypt and decrypt data. The method is not limited to specific symmetric encryption algorithms including, but not limited to, DES algorithm, 3DES algorithm, TDEA algorithm, blowfish algorithm, RC5 algorithm, IDEA algorithm. Taking the CBC mode of DES algorithm as an example, the data encryption flow is:
the data to be encrypted is divided into N groups of 16 bytes each, and groups of less than 16 bytes are padded using PKCS5Padding mode.
An initialization vector IV is randomly found, the size of which is the size of each group (16 bytes) for exclusive-or operation with the plaintext block 1.
And encrypting the result of the exclusive-or operation by adopting the selected key and an encryption mode.
And performing exclusive OR operation on the obtained ciphertext group 1 and the plaintext group 2.
And encrypting the result of the exclusive-or operation by adopting the selected key and an encryption mode.
And performing exclusive OR operation on the obtained ciphertext group 2 and the plaintext group 3.
And encrypting the result of the exclusive-or operation by adopting the selected key and an encryption mode.
And the like, finally obtaining N groups of ciphertext obtained by encryption.
If the index of the first packet is 1, the mathematical formula of the encryption flow is:
Ci=EK(Bi⊕Ci-1)
C0=IV
where EK represents a block encryption algorithm using key K, ci-1 is the ciphertext corresponding to Bi-1.
(3) And (3) data decryption flow:
the data decryption flow is the reverse process of the data encryption flow, and specifically comprises the following steps:
the encrypted data is divided into N packets of 16 bytes each.
And decrypting the ciphertext group 1 by using the selected key and the decryption mode to obtain a first decrypted block.
The initialization vector IV in encryption is found and used for carrying out exclusive OR operation with the first decrypted block to obtain a plaintext block 1.
And decrypting the ciphertext group 2 by using the selected key and the decryption mode to obtain a second decrypted block.
And performing exclusive OR operation on the ciphertext group 1 and the second decrypted block to obtain a plaintext group 2.
And decrypting the ciphertext group 3 by using the selected key and the decryption mode to obtain a third decrypted block.
And performing exclusive OR operation on the ciphertext block 2 and the third decrypted block to obtain a plaintext block 3.
The decryption formula of the decryption flow is as follows:
Bi=DK(Ci)⊕(Ci-1)
C0=IV
where DK represents the block decryption algorithm using the key K.
(4) The identity token verification process integrating the base station edge computing module is as follows:
firstly, initializing a SmaRMT server, and importing the MAC address tables of all the pre-written fused base station edge calculation modules into a system;
the SmaRMT server generates a token of the server and a token fused with a base station edge calculation module according to the MAC address table and a token generation algorithm;
the SmaRMT server correlates the token and the MAC address of the fused base station edge computing module to generate a corresponding correlation table;
the fused base station edge computing module is electrified for the first time, registration is needed to be carried out to the SmaRMT server, and registration information contains the MAC address of the fused base station edge computing module for carrying out first-time validity verification;
after the MAC address passes verification, the SmaRMT server sends a registration response message to the fusion base station edge computing module, wherein the message comprises a server and a token of the current fusion base station edge computing module;
if the MAC address verification is not passed, the edge computing module sending the registration message is determined to be illegally accessed, and the SmaRMT server generates alarm information containing the IP address and the MAC address of the module;
after receiving the registration response, the fusion base station subsequently sends all data to the SmaRMT server as encrypted data and contains a token of the fusion base station;
after receiving the encrypted data, the SmaRMT server operates a decryption algorithm to decrypt and extracts a converged base station edge calculation module token and an MAC address in the data;
the SmaRMT server compares and verifies the extracted converged base station edge computing module token and the MAC address with an association table in a database; if the verification is passed, the received encrypted data is effective data, and subsequent data processing and storage are carried out; if the verification is not passed, the received encrypted data is invalid data, and the data is archived, and alarm information including the IP address and the MAC address of an edge computing module for transmitting the data is generated.
(5) The SmaRMT server identity token verification flow is similar to flow (4).
Claims (10)
1. A private protocol communication method between a system server and a converged base station edge computing module is characterized in that: the SmaRMT server and the converged base station edge computing modules communicate by adopting a private protocol, communication data between the SmaRMT server and the converged base station edge computing modules are encrypted by adopting a cryptographic technology, independent permanent identity tokens are distributed to the SmaRMT server and the edge computing modules of each converged base station, the tokens are bound in encrypted data of the private protocol for transmission, the SmaRMT server and the converged base station can discriminate identity tokens of the received data, communication data without the identity tokens are discarded, when the converged base station edge computing modules receive the communication data without the SmaRMT identity tokens, the converged base station edge computing modules send alarm information suspected of being attacked by a network to the SmaRMT server, and when the SmaRMT server receives network equipment data without the identity tokens, the SmaRMT server generates alarm suspected of being attacked by the network, extracts network equipment characteristic information in the data, including IP addresses and MAC addresses, and displays the network equipment characteristic information in the data.
2. The private protocol communication method between the system server and the converged base station edge computing module according to claim 1, wherein: the fusion base station edge calculation module provides peripheral sensor equipment interfaces which the fusion base station belongs to, wherein the peripheral sensor equipment interfaces comprise temperature, humidity, pressure, audio and video, millimeter wave and laser radar sensors.
3. The private protocol communication method between the system server and the converged base station edge computing module according to claim 2, wherein: the converged base station edge calculation module provides an extended wireless communication device interface to which the converged base station belongs, including RFID, zigbee, UWB and BLE.
4. The private protocol communication method between the system server and the converged base station edge computing module according to claim 3, wherein: the converged base station edge computing module sends a registration message to the SmaRMT server through a private protocol, and sends data information of the peripheral sensor equipment and the extension communication equipment to the SmaRMT server according to a working plan; the SmaRMT server transmits parameter configuration information and a work plan, and control instructions for the peripheral sensor device and the extension communication device to the edge calculation module through a private protocol.
5. The private protocol communication method between the system server and the converged base station edge computing module of claim 4, wherein: the fusion base station edge calculation module starts the flow: after the fusion base station edge calculation module is powered on and started, the parameters of the fusion base station edge calculation module are read, wherein the parameters comprise a network, a time zone, a server address, an access port and an encryption key; the fused base station edge calculation module performs program initialization according to the parameters and starts a self network; the fusion base station edge computing module initiates SmaRMT server connection and establishes an encrypted data transmission channel; the converged base station edge computing module sends a registration request to the SmaRMT server through an encrypted data transmission channel, wherein the registration request carries an MAC address of the converged base station edge computing module as an initial validity verification condition; the converged base station edge computing module receives a registration response of the SmaRMT server and a parameter configuration instruction, wherein the registration response comprises a converged base station edge computing module identity token and a SmaRMT server identity token, and the parameter configuration instruction comprises, but is not limited to, a clock calibration parameter, a sensor list started by the edge computing module, an extended wireless device list started by the edge computing module, sensor parameters and extended communication device parameters; the fusion base station edge calculation module carries out equipment parameter configuration according to the received parameters; after parameter configuration is completed, the fusion base station edge computing module requests a working plan to the SmaRMT server through an encrypted data channel, wherein the working plan is formulated according to different sensors or expansion communication equipment, and comprises, but is not limited to, the starting/closing of the sensors, the sending content and format of data, the sending frequency of the data and the automatic sending starting/stopping time of the data; after receiving the SmaRMT server work plan, the fusion base station edge computing module executes instructions according to the work plan requirements, and waits to receive new instructions from the SmaRMT server through a monitoring port; and after receiving the new instruction, the fusion base station immediately executes the new working instruction.
6. The private protocol communication method between the system server and the converged base station edge computing module of claim 5, wherein: and (3) data encryption flow: and encrypting data between the SmaRMT server and the fusion base station edge computing module by using a symmetric data encryption algorithm, wherein the SmaRMT server and the fusion base station edge computing module encrypt and decrypt the data by using a preset private key.
7. The private protocol communication method between the system server and the converged base station edge computing module of claim 6, wherein: the symmetric data encryption algorithm comprises a DES algorithm, a 3DES algorithm, a TDEA algorithm, a Blowfish algorithm, an RC5 algorithm and an IDEA algorithm.
8. The private protocol communication method between the system server and the converged base station edge computing module of claim 7, wherein: the CBC mode data encryption flow of the DES algorithm is as follows: dividing the data to be encrypted into N groups, wherein each group is 16 bytes, and the groups less than 16 bytes are filled by adopting a PKCS5 packing mode; randomly finding an initialization vector IV, wherein the size of the initialization vector is 16 bytes of the size of each group, and the initialization vector is used for carrying out exclusive OR operation with the plaintext group 1; encrypting the result of the exclusive-or operation by adopting a selected secret key and an encryption mode; performing exclusive OR operation on the obtained ciphertext group 1 and the plaintext group 2; encrypting the result of the exclusive-or operation by adopting a selected secret key and an encryption mode; performing exclusive OR operation on the obtained ciphertext group 2 and the plaintext group 3; encrypting the result of the exclusive-or operation by adopting a selected secret key and an encryption mode; and the like, finally obtaining N groups of ciphertext obtained by encryption; if the index of the first packet is 1, the mathematical formula of the encryption flow is:
Ci=EK(Bi⊕Ci-1)
C0=IV
where EK represents a block encryption algorithm using key K, ci-1 is the ciphertext corresponding to Bi-1.
9. The private protocol communication method between the system server and the converged base station edge computing module of claim 8, wherein: the data decryption flow is the reverse process of the data encryption flow, and specifically comprises the following steps: dividing the encrypted data into N packets, each packet being 16 bytes; decrypting the ciphertext group 1 by using the selected key and the decryption mode to obtain a first decrypted block; finding an initialization vector IV in encryption, and performing exclusive OR operation with the first decrypted block to obtain a plaintext packet 1; decrypting the ciphertext group 2 by using the selected key and the decryption mode to obtain a second decrypted block; performing exclusive OR operation on the ciphertext group 1 and the second decrypted block to obtain a plaintext group 2; decrypting the ciphertext group 3 by using the selected key and the decryption mode to obtain a third decrypted block; performing exclusive OR operation on the ciphertext group 2 and the third decrypted block to obtain a plaintext group 3; the decryption formula of the decryption flow is as follows:
Bi=DK(Ci)⊕(Ci-1)
C0=IV
where DK represents the block decryption algorithm using the key K.
10. The private protocol communication method between the system server and the converged base station edge computing module of claim 9, wherein: the identity token verification process integrating the base station edge computing module is as follows: firstly, initializing a SmaRMT server, and importing the MAC address tables of all the pre-written fused base station edge calculation modules into a system; the SmaRMT server generates a token of the server and a token fused with a base station edge calculation module according to the MAC address table and a token generation algorithm; the SmaRMT server correlates the token and the MAC address of the fused base station edge computing module to generate a corresponding correlation table; the fused base station edge computing module is electrified for the first time, registration is needed to be carried out to the SmaRMT server, and registration information contains the MAC address of the fused base station edge computing module for carrying out first-time validity verification; after the MAC address passes verification, the SmaRMT server sends a registration response message to the fusion base station edge computing module, wherein the message comprises a server and a token of the current fusion base station edge computing module; if the MAC address verification is not passed, the edge computing module sending the registration message is determined to be illegally accessed, and the SmaRMT server generates alarm information containing the IP address and the MAC address of the module; after receiving the registration response, the fusion base station subsequently sends all data to the SmaRMT server as encrypted data and contains a token of the fusion base station; after receiving the encrypted data, the SmaRMT server operates a decryption algorithm to decrypt and extracts a converged base station edge calculation module token and an MAC address in the data; the SmaRMT server compares and verifies the extracted converged base station edge computing module token and the MAC address with an association table in a database; if the verification is passed, the received encrypted data is effective data, and subsequent data processing and storage are carried out; if the verification is not passed, the received encrypted data is invalid data, and the data is archived, and alarm information including the IP address and the MAC address of an edge computing module for transmitting the data is generated.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311117386.XA CN117596586A (en) | 2023-09-01 | 2023-09-01 | Private protocol communication method between system server and converged base station edge computing module |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311117386.XA CN117596586A (en) | 2023-09-01 | 2023-09-01 | Private protocol communication method between system server and converged base station edge computing module |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117596586A true CN117596586A (en) | 2024-02-23 |
Family
ID=89912173
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311117386.XA Pending CN117596586A (en) | 2023-09-01 | 2023-09-01 | Private protocol communication method between system server and converged base station edge computing module |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117596586A (en) |
-
2023
- 2023-09-01 CN CN202311117386.XA patent/CN117596586A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110996318B (en) | Safety communication access system of intelligent inspection robot of transformer substation | |
| CN105577364B (en) | A kind of encryption method, decryption method and relevant apparatus | |
| CN103618610A (en) | Information safety algorithm based on energy information gateway in smart power grid | |
| CN107172056A (en) | A kind of channel safety determines method, device, system, client and server | |
| CN110677234B (en) | Privacy protection method and system based on homomorphic encryption blockchain | |
| CN103581900A (en) | Communication safety control method and device, first mobile terminal and mobile health device | |
| CN100566337C (en) | Strengthen the method for wireless LAN safety | |
| CN113127914A (en) | Electric power Internet of things data security protection method | |
| Puvvadi et al. | Cost-effective security support in real-time video surveillance | |
| Musa et al. | Secure security model implementation for security services and related attacks base on end-to-end, application layer and data link layer security | |
| CN110972136A (en) | Internet of things safety communication module, terminal, safety control system and authentication method | |
| CN107094138A (en) | A kind of smart home safe communication system and communication means | |
| CN108848107A (en) | A kind of method of secure transmission web information | |
| CN201336704Y (en) | Remote video monitoring system | |
| CN114866245A (en) | Block chain-based power data acquisition method and system | |
| CN115549932A (en) | Safety access system and access method for massive heterogeneous Internet of things terminals | |
| Wang et al. | Privacy-preserving authentication in wireless IoT: applications, approaches, and challenges | |
| CN115280725A (en) | Data frame secure transmission method and device, electronic equipment and storage medium | |
| CN113794702A (en) | Communication high-level encryption method in intelligent household system | |
| CN112003868B (en) | Intelligent home system safety communication method based on white box encryption | |
| CN103200563B (en) | A kind of subliminal channel anonymous communication method based on authentication code | |
| CN102752307B (en) | Based on transmission method and the system of the video monitoring data of mark | |
| CN103249035A (en) | Wireless sensor network data encryption transmission method | |
| CN117596586A (en) | Private protocol communication method between system server and converged base station edge computing module | |
| CN111294793A (en) | Data privacy protection method for identity authentication in wireless sensor network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |