CN212343809U - Edge type cellular Internet of things private network system - Google Patents
Edge type cellular Internet of things private network system Download PDFInfo
- Publication number
- CN212343809U CN212343809U CN202021001170.9U CN202021001170U CN212343809U CN 212343809 U CN212343809 U CN 212343809U CN 202021001170 U CN202021001170 U CN 202021001170U CN 212343809 U CN212343809 U CN 212343809U
- Authority
- CN
- China
- Prior art keywords
- module
- network
- things
- internet
- security
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Abstract
An embodiment of the utility model provides an edge type honeycomb thing networking special net system, include: the access network module is connected with the terminal equipment of the Internet of things through a wireless air interface and a data transmission channel; the core network module is connected with the access network module, receives data sent by at least one access network module and processes the data; a network management module connected to the at least one access network module and to the core network module, respectively; the security module is respectively connected with the core network module and the network management module; and the network protocol conversion module is connected with the security module. The utility model discloses a scheme can satisfy diversified thing networking application scene demand.
Description
Technical Field
The utility model relates to a technical field of the thing networking especially indicates an edge type honeycomb thing networking special net system.
Background
The Internet of things (IoT), i.e., "Internet of things," is an extended and expanded network based on the Internet, and combines various information sensing devices with the Internet to form a huge network, thereby realizing the intercommunication of people, machines and things at any time and any place.
The wireless private network industry generally refers to professional networks that provide secure and reliable wireless services for specific departments or groups (e.g., government and public safety industries), and the underlying network is generally independent of public cellular mobile communication networks. The wireless private network and the public mobile communication are different in nature, cannot replace each other and complement each other.
Edge-type networks, latitudinally in technology, refer to network services provided near the edge location closest to the access subscriber. In latitude of value, an edge network is a business network between an existing core network and large users. The big user means: enterprises, institutions, government departments, commercial offices, hotels, or other telecommunications operators, etc., are the most active users of information and communication needs, and are the most valuable users of the operator's customer hierarchy.
The Narrow-Band Internet of Things (NB-IoT) is a low-power-consumption wide area network (LPWAN) technical standard, is a Narrow-Band Internet of Things technology based on LTE evolution, supports cellular data connection of low-power-consumption equipment in a wide area network, and has the advantages of low power consumption, wide coverage, low cost, high capacity and the like. The single frequency point occupies 200KHz bandwidth and supports low-flow data service.
LTE-M, LTE-Machine-to-Machine, is a narrowband internet of things technology based on LTE evolution, and aims to meet the requirements of internet of things devices based on existing LTE carriers. eMTC is deployed based on a cellular network, belongs to a rate application network in the Internet of things, and can support the peak rate of the maximum 1Mbps of uplink and downlink by supporting the radio frequency and the baseband bandwidth of 1.4MHz by user equipment.
Global System for Mobile Communications (GSM), abbreviated as GSM, is a second generation communication technology introduced in china, also called 2G. General Packet Radio Service (GPRS) is a Packet switched data Service based on GSM, and is a high-speed data processing technology. The GSM-GPRS completes the packet data function by adding a series of functional entities on the basis of the original GSM network, thereby forming the GSM-GPRS network. The GSM-GPRS communication technology is high in maturity, good in domestic coverage and low in communication module cost, so that the GSM-GPRS communication technology also becomes one of cellular wireless communication network systems widely applied in the scene of the Internet of things at present.
Cat.1 is a terminal (UE-Category 1) denoted as type 1 in the LTE system, and is one of the terminal types introduced by the 3GPP rel.8 protocol. The UE-Category mainly defines uplink and downlink rates which can be supported by the UE terminal, wherein Cat.1 faces to the market of the Internet of things, and the maximum data throughput rate of 10Mbps for downlink and 5Mbps for uplink can be realized by occupying a smaller bandwidth.
The security chip is a trusted platform module, is a device capable of independently generating a secret key, encrypting and decrypting, is internally provided with an independent processor and a storage unit, can store the secret key and characteristic data, and provides encryption and security authentication services for a computer. The encryption is carried out by a security chip, the key is stored in hardware, and stolen data cannot be decrypted, so that the business privacy and the data security are protected.
The existing technical scheme provides a single LTE network which can not meet the diversified application scene requirements of the Internet of things.
SUMMERY OF THE UTILITY MODEL
The to-be-solved technical problem of the utility model is to provide an edge type honeycomb thing networking private network system can satisfy diversified thing networking application scene demand.
In order to solve the technical problem, the technical scheme of the utility model as follows:
an edge-type cellular internet of things private network system, comprising:
the access network module is connected with the terminal equipment of the Internet of things through a wireless air interface and a data transmission channel;
the core network module is connected with the access network module, receives data sent by at least one access network module and processes the data;
a network management module connected to the at least one access network module and to the core network module, respectively;
the security module is respectively connected with the core network module and the network management module;
and the network protocol conversion module is connected with the security module.
Optionally, each access network module of the at least one access network module is located in an access machine, and the access machine is connected to the terminal device of the internet of things through a wireless air interface and a data transmission channel.
Optionally, the core network module, the network management module, the security module, and the network protocol conversion module are located in a private network host of the internet of things.
Optionally, the security module includes: the system comprises a security chip and a security algorithm unit running on the security chip;
the safety chip comprises a first memory for storing at least one of a network equipment identifier, an operation and maintenance support management system identifier and an Internet of things service platform identifier;
the security chip includes a second memory storing at least one of a network device private key, an operation and maintenance support management system session key, and a service session key.
Optionally, the network protocol conversion module includes:
the system comprises a configuration switching logic unit, a cellular wireless communication circuit and an IP communication circuit, wherein the cellular wireless communication circuit and the IP communication circuit are connected with the configuration switching logic unit and are respectively in communication connection with an external network.
Optionally, the IP communication circuit includes: the system comprises an Ethernet chip, a high-speed network port connected with the Ethernet chip and a Wi-Fi module;
the cellular wireless communications circuitry includes: the system comprises a cellular wireless communication module and a Universal Subscriber Identity Module (USIM) card connected with the cellular wireless communication module.
Optionally, the edge-type cellular internet of things private network system further includes: and the processor is respectively connected with the access network module, the core network module, the safety module and the network protocol conversion module.
Optionally, the security chip of the security module is connected to the processor through a serial peripheral interface SPI serial port; the Ethernet chip is connected with the processor through an Ethernet interface bus; the Ethernet chip is connected with the high-speed network port through a twisted pair; the Wi-Fi module is connected with the processor through a Universal Asynchronous Receiver Transmitter (UART) serial port; the cellular wireless communication module is connected with the processor through a universal asynchronous receiver-transmitter (UART) serial port; the cellular wireless communication module is connected with a Universal Subscriber Identity Module (USIM) card through a 7816 bus.
Optionally, the access network module includes a radio frequency analog circuit, and the radio frequency analog circuit is connected to the processor through an analog-to-digital converter ADC data acquisition serial port.
Optionally, the core network module includes a data memory, and the data memory is connected to the processor through a data bus and an address bus.
The above technical scheme of the utility model at least include following beneficial effect:
above-mentioned scheme of the utility model, marginal type honeycomb thing networking private network system includes: the access network module is connected with the terminal equipment of the Internet of things through a wireless air interface and a data transmission channel; the core network module is connected with the access network module, receives data sent by at least one access network module and processes the data; a network management module connected to the at least one access network module and to the core network module, respectively; the security module is respectively connected with the core network module and the network management module; and the network protocol conversion module is connected with the security module. The application scene requirements of diversified internet of things can be met.
Drawings
Fig. 1 is an architecture diagram of an edge-type cellular internet-of-things private network system in a small-scale networking scenario of the present invention;
fig. 2 is an architecture diagram of the edge-type cellular internet-of-things private network system in the medium-and large-scale networking scene of the present invention;
fig. 3 is a schematic diagram of access network module functions and interfaces under NB-IoT/eMTC/LTE system of the present invention;
FIG. 4 shows the access network module functions and interfaces of the GSM-GPRS system of the present invention;
fig. 5 is a core network module function and interface under NB-IoT/eMTC/LTE system of the present invention;
FIG. 6 shows the access network module functions and interfaces of the GSM-GPRS system of the present invention;
FIG. 7 is a diagram of the network management module functions and interfaces of the present invention;
FIG. 8 is a safety module function and interface of the present invention;
fig. 9 is a first flow chart of data interaction between the security module and the network management module according to the present invention;
fig. 10 is a second flow diagram of the data interaction between the security module and the network management module according to the present invention;
fig. 11 is a third flow chart of data interaction between the security module and the network management module according to the present invention;
fig. 12 is a fourth flowchart illustrating data interaction between the security module and the network management module according to the present invention;
fig. 13 is a schematic diagram of the network protocol conversion module function and interface of the present invention;
fig. 14 is the utility model discloses an integration edge type honeycomb thing networking private network system hardware realizes the framework schematic diagram.
Detailed Description
Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.
As shown in fig. 1 and fig. 2, an embodiment of the utility model provides an edge type honeycomb thing networking special net system, include:
the access network module is used for being connected with the terminal equipment of the Internet of things through a wireless air interface and a data transmission channel;
the core network module is connected with the access network module, receives data sent by at least one access network module, processes the data, and specifically can perform exchange of core data, signaling analysis, user authentication and charging, bearing control and management;
a network management module connected to the at least one access network module and the core network module, respectively, the network management module configuring at least one of working parameters, reading working states and running logs for the access network module and the core network module;
the security module is respectively connected with the core network module and the network management module, and is used for encrypting and decrypting, signing and verifying interactive data between the core network module and the external network and between the network management module and the external network;
and the protocol conversion module is connected with the security module and is used for converting protocols and transmitting data between the core network module and the network management module and an external network.
The utility model discloses an optional embodiment, each access network module in at least one access network module is located an access machine, the access machine be used for through with the thing networking between the terminal equipment wireless empty port with data transmission channel connect, receive with the data that at least one thing networking terminal equipment that the access network module is connected sent.
Optionally, the core network module, the network management module, the security module, and the network protocol conversion module are located in a private network host of the internet of things.
The utility model discloses an above-mentioned embodiment marginal honeycomb thing networking private network system to the demand scene of thing networking private network, can provide the honeycomb network of marginalization and cover.
The edge type cellular Internet of things private network system comprises an access network module, a core network module, a network management module, a safety module and a network protocol conversion module. The system specifically has two system architecture expression forms according to the quantity and the distribution characteristics of the terminals of the Internet of things:
as shown in fig. 1, when small-scale private networking is performed: the access network, the core network, the network management module, the security module and the network protocol conversion module are integrated in the same Internet of things private network all-in-one machine, the cellular Internet of things private network system in the form has low cost, short time delay and easy deployment, and the scheme architecture of the system in the form is adopted;
as shown in fig. 2, when performing medium and large-scale private networking: firstly, planning the required quantity and the address of an access network module according to the distribution characteristics of the terminals of the Internet of things. The core network, the network management module, the security module and the network protocol conversion module are integrated in the internet-of-things private network host, the access network module is packaged in the independent access machine, the internet-of-things networking all-in-one machine is connected with a plurality of access machine devices to form a star-shaped structure, the cellular internet-of-things private network system in the form is large in capacity, wide in coverage and good in expandability, and the scheme architecture of the system in the form is adopted.
The utility model discloses an in the above-mentioned embodiment, the access network module is used for establishing wireless empty interface with thing networking terminal equipment and is connected and data transmission passageway. The system can be compatible with one or more typical narrowband cellular network services according to the application requirements of the Internet of things, including NB-IoT, eMTC, GSM-GPRS and LTE (For CAT 1). When the network standard provided by the system is one of NB-IoT, eMTC, and LTE (For CAT1), the access network module is substantially consistent with the eNB network element function and interface of the EPS system, as shown in fig. 3. The logical connection between the access network module and the core network module follows S1 interface specification, the air interface between the access network module and the terminal equipment of the Internet of things follows Uu interface specification, the interfaces between the access network modules follow X2 interface specification, and the functions and interfaces of the access network modules are cut and optimized according to the access system of the Internet of things; when the network standard provided by the system is GSM-GPRS, the access network module is basically consistent with the network element functions and interfaces of BTS, BSC and PCU of the GPRS system, as shown in fig. 4, the logical connection between the access network module and the core network module follows A, Gb interface specification, and the air interface between the access network module and the terminal device of the internet of things follows Um interface specification.
The utility model discloses an above-mentioned embodiment core network module be used for realizing exchange, signaling analysis, user authentication and charging, bear control and management etc. of core data. The system can be compatible with one or more typical narrowband cellular network services according to the application requirements of the Internet of things, including NB-IoT, eMTC, GSM-GPRS and LTE (For CAT 1). When the network standard provided by the system is one of NB-IoT, eMTC and LTE (For CAT1), the functions and interfaces of the core network module are basically consistent with those of the MME, S-GW, PGW and HSS network elements of the EPS system, as shown in FIG. 5, the functions and interfaces of the core network module are cut and optimized according to the specific access standard of the Internet of things; when the network standard provided by the system is GSM-GPRS, the network element functions and interfaces of the access network module and the MSC, GMSC, SGSN, GGSN, HLR of the GPRS system are substantially the same, as shown in fig. 6. The access network module and the security module are logically connected and used for encrypting and decrypting, signing and verifying interactive data between the core network module and an external network.
In an optional embodiment of the present invention, the network management module may include:
the first network management unit is used for interacting with the operation and maintenance support management system, and comprises at least one of equipment management, log management, performance management, alarm management, version management, parameter configuration and system management;
the second network management unit is used for configuring working parameters of the network management module, the access network module and the core network module and reading working states and running logs of the network management module, the access network module and the core network module;
and the third network management unit is used for encrypting and decrypting the interactive data between the core network module and the external network, signing and verifying the signature.
In this embodiment, the network management module interacts with a remote operation and maintenance support management system, so that the system achieves the purpose of manageability and controllability, and realizes unified planning, management, and operation and maintenance among the systems, and the logical connection relationship is as shown in fig. 7. The logical interface between the network management module and the remote operation and maintenance support management system conforms to the TR069 protocol specification. The interactive content comprises equipment management, log management, performance management, alarm management, version management, parameter configuration, system management and the like. The network management module is logically connected with the access network module and the core network module and is used for configuring working parameters and reading working states and running logs; the network management module is logically connected with the security module and is used for encrypting and decrypting, signing and verifying interactive data between the core network module and an external network.
An optional embodiment of the present invention, the security module comprises: the system comprises a security chip and a security algorithm unit running on the security chip;
the safety chip comprises a first memory for storing at least one of a network equipment identifier, an operation and maintenance support management system identifier and an Internet of things service platform identifier;
the security chip includes a second memory storing at least one of a network device private key, an operation and maintenance support management system session key, and a service session key.
Optionally, the security algorithm unit includes:
the first unit is in communication connection with the network management module and the operation and maintenance support management system and is used for receiving a data plaintext sent to the operation and maintenance support management system from the network management module, calling a security chip, encrypting the data plaintext by using an operation and maintenance support management system session key to obtain encrypted data, signing the encrypted data by using a private key of a network device of the first unit to obtain ciphertext data, and transmitting the ciphertext data with the signature to the network protocol conversion module;
and the second unit is in communication connection with the network management module and the operation and maintenance support management system and is used for receiving the data ciphertext sent to the network management module from the operation and maintenance support management system, using the operation and maintenance support management system identifier as a public key to check the signature of the data ciphertext, decrypting the data ciphertext by using the session key of the operation and maintenance support management system after the signature passes through the verification to obtain data plaintext, and transmitting the data plaintext to the network management module.
Optionally, the security algorithm unit includes:
the third unit is in communication connection with the core network module and the service platform of the internet of things and is used for receiving a data plaintext sent to the service platform of the internet of things from the core network module, encrypting the data plaintext by using a service session key to obtain encrypted data, signing the encrypted data by using a private key of the network equipment, and transmitting ciphertext data with the signature to the network protocol conversion module;
and the fourth unit is in communication connection with the core network module and the IOT service platform and is used for receiving the data ciphertext sent to the core network module from the IOT service platform, using the IOT service platform identification as a public key to perform signature verification on the data ciphertext, decrypting the data ciphertext by using the service session key after the signature verification is passed to obtain a data plaintext, and transmitting the data plaintext to the core network module.
In this embodiment, the security module is used to ensure identity security, data transmission security, remote configuration, and upgrade security of the edge private network system. The safety module is composed of safety logic (safety algorithm unit) and hardware safety chip, and the system safety scheme adopts general national cipher algorithm or international safety algorithm. The safety chip is internally integrated with a corresponding safety algorithm unit; the security chip stores the relevant identification information required in the security procedure: network equipment identification, operation and maintenance system identification and service platform identification; the security chip stores the relevant key information required in the security procedure: the network device private key, the operation and maintenance session key and the service session key, wherein the service session key allows the client to issue for the second time through the secure channel, and the security module functions and interfaces are shown in fig. 8.
The safety module is logically connected with the network management module and used for realizing data transmission encryption and decryption and bidirectional identity authentication between the network management module and the remote operation and maintenance support management system, and the specific flow is as follows: when receiving a data plaintext sent from the network management module to the remote operation and maintenance support management system, the security logic calls a related interface of a security chip, firstly encrypts a data packet by using an operation and management session key, then signs the encrypted data by using a private key of the network equipment of the security logic, and finally transmits ciphertext data with the signature to the network protocol conversion module; when a data ciphertext transmitted to the network management module from the remote operation and maintenance support management system is received, the operation and maintenance system identifier is used as a public key to perform signature verification on the ciphertext signature, after the signature verification is passed, the operation and maintenance session key is used to decrypt the ciphertext, and finally the recovered plaintext is transmitted to the network management module to perform corresponding function operation, wherein a safety flow related to data interaction between the safety module and the network management module is shown in fig. 9 and 10. The signature verification process applies an asymmetric security standard (such as SM9 national encryption algorithm), and encryption and decryption use a symmetric security standard (such as SM4 national encryption algorithm).
The security module is logically connected with the core network module and is used for realizing data transmission encryption and decryption and bidirectional identity authentication between the core network module and the service platform of the Internet of things, the function is an optional function, and when the security functions of the system and the service platform are not activated, the security module directly transmits data messages between the core network module and the service platform; when the security functions of the system and the service platform are activated, the specific process of the security module is as follows: when receiving a data plaintext sent to a service platform from a core network module, the security logic calls a related interface of a security chip, firstly encrypts a data packet by using a service session key, then signs the encrypted data by using a private key of the network equipment, and finally transmits ciphertext data with the signature to a network protocol conversion module; when receiving a data ciphertext sent from the service platform to the core network module, using the service platform identifier as a public key to check the ciphertext signature, decrypting the ciphertext by using the service session key after the signature passes, and finally transmitting the recovered plaintext to the core network module to execute subsequent routing operation. The security flow related to the interaction of the security module with the core network module data when the security function of the service platform is enabled is shown in fig. 11 and 12. The signature verification process applies an asymmetric security standard (such as SM9 national encryption algorithm), and encryption and decryption use a symmetric security standard (such as SM4 national encryption algorithm).
In an optional embodiment of the present invention, the network protocol conversion module includes: the system comprises a configuration switching logic unit, a cellular wireless communication circuit and an IP communication circuit, wherein the cellular wireless communication circuit and the IP communication circuit are connected with the configuration switching logic unit and are respectively in communication connection with an external network.
In this embodiment, the network protocol conversion module performs protocol conversion and data transfer between the system internal data and the external network data. The network protocol conversion module consists of two parts, one part is a cellular wireless communication circuit and comprises a 3G/4G/5G communication module and a USIM card; the other part is an IP communication circuit which comprises an Ethernet chip, a high-speed network port and a Wi-Fi module, wherein the high-speed network port can be an RJ45 high-speed network port, and the functions and interfaces of the network protocol conversion module are shown in FIG. 13. Two communication links exist between the network protocol conversion module and an external network, and the two paths are selected and switched according to system configuration. The user can be configured to be in a cellular wireless communication mode or an IP communication mode to establish connection with an external network according to the system application environment requirement. The cellular wireless communication mode is that a 3G/4G/5G communication module and a USIM card are utilized to interact service data or state and configuration data of the system with an external network through a 3G/4G/5G cellular wireless network, and the private network system is convenient to deploy and good in mobility in the service form; the IP communication mode is that the local IP network is utilized to interact the service data or state and configuration data of the system with the outside through a high-speed network port or a Wi-Fi interface, and the service has high reliability and good service stability under the service form.
As shown in fig. 4, in an optional embodiment of the present invention, the edge-type cellular internet of things private network system further includes: the processor is respectively connected with the access network module, the core network module, the security module and the network protocol conversion module, and is provided with the applications of the access network module, the core network module, the security module and the network protocol conversion module;
the access network module comprises a radio frequency analog circuit, and the radio frequency analog circuit is connected with the processor through an ADC data acquisition serial port;
the core network module comprises a data memory, and the data memory is connected with the processor through a data bus and an address bus;
the safety chip of the safety module is connected with the processor through the SPI serial port;
the network protocol conversion module comprises: at least one of an Ethernet chip, an RJ45 high-speed network port, a Wi-Fi module, a cellular wireless communication module and a USIM card;
the Ethernet chip is connected with the processor through an Ethernet interface bus;
the Ethernet chip is connected with the RJ45 high-speed network port through a twisted pair;
the Wi-Fi module is connected with the processor through a UART (universal asynchronous receiver transmitter) serial port;
the cellular wireless communication module is connected with the processor through a UART serial port;
the cellular wireless communication module is connected with the USIM card through a 7816 bus.
The hardware architecture shown in fig. 14 is a typical integrated implementation manner of the system, and its main hardware composition structure includes power supply circuit, high-performance MCU processor, radio frequency analog circuit, security chip, data memory, ethernet chip, Wi-Fi module, RJ45 net mouth, cellular wireless communication module and USIM card.
The mapping relation between the access network module, the core network module, the network management module, the security module, the network protocol conversion module and the hardware implementation architecture of the system is as follows:
the access network module is realized and supported by access network module software in the high-performance processor and the radio frequency analog circuit together, and the high-performance processor is connected with the radio frequency analog circuit through an ADC data acquisition serial port;
the core network module is realized and carried by core network module software of the high-performance processor and the data memory, and the high-performance processor is connected with the data memory through a data bus and an address bus;
the network management module is realized and carried by network management software of the high-performance processor;
the safety module is realized and carried by safety logic module software in the high-performance processor and the safety chip together, and the high-performance processor is connected with the safety chip through the SPI serial port;
the network protocol conversion module is realized and carried by network protocol conversion module software in the high-performance processor, an Ethernet chip, an RJ45 high-speed network port, a Wi-Fi module, a cellular wireless communication module and a USIM (Universal subscriber identity Module) card together, wherein the high-performance processor is connected with the Ethernet chip through an Ethernet interface bus, the Ethernet chip is connected with the RJ45 network port through a twisted pair, the high-performance processor is connected with the Wi-Fi module through a UART (Universal asynchronous receiver transmitter) serial port, the high-performance processor is connected with the cellular wireless communication module through a UART serial port, and the cellular wireless communication module and the USIM card are connected through a 7816 bus.
The above-mentioned embodiment of the utility model, the demand scene of system towards thing networking private network For provide marginal cellular network and cover, it is compatible one or more typical narrowband cellular network service according to thing networking application demand, including NB-IoT (narrowband thing networking), eMTC, GSM-GPRS, LTE (For CAT 1). The network has the characteristics of low power consumption, narrow bandwidth, deep coverage, high capacity, low cost and diversification, and can meet the requirements of diversified application scenes of the Internet of things.
The system has two system architecture expression forms according to the quantity and the distribution characteristics of the terminals of the Internet of things: when small-scale private networking is performed: the access network, the core network, the network management module, the security module and the network protocol conversion module are integrated in the same Internet of things private network all-in-one machine, and the cellular Internet of things private network system in the form has the advantages of low cost, short time delay and easiness in deployment; when carrying out medium and large-scale private networking: firstly, planning the required quantity and the address of an access network module according to the distribution characteristics of the terminals of the Internet of things. The core network, the network management module, the security module and the network protocol conversion module are integrated in the internet of things private network host, the access network module is packaged in the independent access machine, the internet of things private network all-in-one machine is connected with a plurality of access machine devices to form a star-shaped structure, and the cellular internet of things private network system in the form is large in capacity, wide in coverage and good in expandability. The technical means enables the networking application of the system not to be limited by the network scale.
The security module of the system can be used for guaranteeing identity security, data transmission security, remote configuration and upgrading security of the edge private network system. The safety module is composed of safety logic and a hardware safety chip, and the system safety scheme adopts a universal national secret algorithm or an international safety algorithm. The safety chip is internally integrated with a corresponding safety algorithm unit; the security chip stores the relevant identification information required in the security procedure: network equipment identification, operation and maintenance system identification and service platform identification; the security chip stores the relevant key information required in the security procedure: the system comprises a network device private key, an operation and maintenance session key and a service session key, wherein the service session key allows a client to issue for the second time through a secure channel. In the security scheme, the signature verification flow applies an asymmetric security standard (such as SM9 national encryption algorithm), and encryption and decryption use a symmetric security standard (such as SM4 national encryption algorithm); the system can utilize the security module to realize the bidirectional authentication and data encryption transmission between the network equipment and the service platform, the technical means enhances the data security and authenticity, realizes the binding relationship between the network equipment and the service platform, and prevents the network equipment from being illegally stolen. In addition, the service session key allows the client to issue for the second time through a secure channel, and opens part of the security capability to the user, thereby increasing the flexibility and security of the service. The system realizes bidirectional authentication and data encryption transmission between the network equipment and the remote operation and maintenance support management system through the security module, the technical means enhances the data security and authenticity, and meanwhile, the private data and the core parameters of the system are prevented from being maliciously stolen and tampered. The system is provided with a unique network equipment identifier in a hardware security chip circuit and is used for signature and signature verification as a public key. The technical means ensures the legality, uniqueness and traceability of the network equipment.
The system is in butt joint with a remote operation and maintenance support management system through a network management module, so that the state monitoring and remote parameter configuration of a private network system are realized, the system achieves the purposes of manageability and controllability, and unified planning, management and operation and maintenance among the systems are realized. The utilization rate of frequency spectrum resources is obviously improved. In addition, the technical means and the realization of the cooperative management of the private network system and the public network system reduce the frequency conflict and interference risks among a plurality of private network systems and between the private network and the public network.
The network protocol conversion module performs protocol conversion and data transmission between system internal data and external network data. The network protocol conversion module consists of two parts, one part is a cellular wireless communication circuit and comprises a 3G/4G/5G communication module and a USIM card; the other part is an IP communication circuit which comprises an Ethernet chip, a high-speed network port and a Wi-Fi module. Two communication links exist between the network protocol conversion module and an external network, and the two paths are selected and switched according to system configuration. The user can be configured to be in a cellular wireless communication mode or an IP communication mode to establish connection with an external network according to the system application environment requirement. The cellular wireless communication mode is that a 3G/4G/5G communication module and a USIM card are utilized to interact service data or state and configuration data of the system with an external network through a 3G/4G/5G cellular wireless network, and the private network system is convenient to deploy and good in mobility in the service form; the IP communication mode is that the local IP network is utilized to interact the service data or state and configuration data of the system with the outside through a high-speed network port or a Wi-Fi interface, and the service has high reliability and good service stability under the service form. Two communication links exist between the system network protocol conversion module and an external network, and a user can configure a cellular wireless communication mode or an IP communication mode to establish connection with the external network according to the system application environment requirement. The technical means reduces deployment difficulty of the edge type cellular Internet of things private network system and widens application scene adaptability of the edge type cellular Internet of things private network system.
The foregoing is a preferred embodiment of the present invention, and it should be noted that, for those skilled in the art, a plurality of improvements and decorations can be made without departing from the principle of the present invention, and these improvements and decorations should also be regarded as the protection scope of the present invention.
Claims (10)
1. An edge type cellular internet of things private network system, comprising:
the access network module is connected with the terminal equipment of the Internet of things through a wireless air interface and a data transmission channel;
the core network module is connected with the access network module, receives data sent by at least one access network module and processes the data;
a network management module connected to the at least one access network module and to the core network module, respectively;
the security module is respectively connected with the core network module and the network management module;
and the network protocol conversion module is connected with the security module.
2. The edge-type cellular internet of things private network system according to claim 1, wherein each access network module of the at least one access network module is located in an access machine, and the access machine is connected with the internet of things terminal device through a wireless air interface and a data transmission channel.
3. The edge-type cellular internet of things private network system according to claim 1, wherein the core network module, the network management module, the security module and the network protocol conversion module are located in a private network host of the internet of things.
4. The edge-type cellular internet of things private network system according to any one of claims 1 to 3, wherein the security module comprises: the system comprises a security chip and a security algorithm unit running on the security chip;
the safety chip comprises a first memory for storing at least one of a network equipment identifier, an operation and maintenance support management system identifier and an Internet of things service platform identifier;
the security chip includes a second memory storing at least one of a network device private key, an operation and maintenance support management system session key, and a service session key.
5. The edge-type cellular internet of things private network system according to claim 4, wherein the network protocol conversion module comprises:
the system comprises a configuration switching logic unit, a cellular wireless communication circuit and an IP communication circuit, wherein the cellular wireless communication circuit and the IP communication circuit are connected with the configuration switching logic unit and are respectively in communication connection with an external network.
6. The edge-type cellular Internet of things private network system according to claim 5,
the IP communication circuit includes: the system comprises an Ethernet chip, a high-speed network port connected with the Ethernet chip and a Wi-Fi module;
the cellular wireless communications circuitry includes: the system comprises a cellular wireless communication module and a Universal Subscriber Identity Module (USIM) card connected with the cellular wireless communication module.
7. The edge-type cellular internet of things private network system of claim 6, further comprising: and the processor is respectively connected with the access network module, the core network module, the safety module and the network protocol conversion module.
8. The edge-type cellular Internet of things private network system according to claim 7,
the safety chip of the safety module is connected with the processor through a Serial Peripheral Interface (SPI) serial port;
the Ethernet chip is connected with the processor through an Ethernet interface bus;
the Ethernet chip is connected with the high-speed network port through a twisted pair;
the Wi-Fi module is connected with the processor through a Universal Asynchronous Receiver Transmitter (UART) serial port;
the cellular wireless communication module is connected with the processor through a universal asynchronous receiver-transmitter (UART) serial port;
the cellular wireless communication module is connected with a Universal Subscriber Identity Module (USIM) card through a 7816 bus.
9. The edge-type cellular Internet of things private network system according to claim 7,
the access network module comprises a radio frequency analog circuit, and the radio frequency analog circuit is connected with the processor through an analog-to-digital converter (ADC) data acquisition serial port.
10. The edge-type cellular Internet of things private network system according to claim 7,
the core network module comprises a data memory, and the data memory is connected with the processor through a data bus and an address bus.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202021001170.9U CN212343809U (en) | 2020-06-02 | 2020-06-02 | Edge type cellular Internet of things private network system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202021001170.9U CN212343809U (en) | 2020-06-02 | 2020-06-02 | Edge type cellular Internet of things private network system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN212343809U true CN212343809U (en) | 2021-01-12 |
Family
ID=74074587
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202021001170.9U Active CN212343809U (en) | 2020-06-02 | 2020-06-02 | Edge type cellular Internet of things private network system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN212343809U (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113349143A (en) * | 2021-05-31 | 2021-09-07 | 广州驿通智能科技有限公司 | Fish tank detector and control system and method thereof |
| CN113382521A (en) * | 2021-05-21 | 2021-09-10 | 深圳爱克莱特科技股份有限公司 | Street lamp remote control device and method, street lamp controller and control method |
-
2020
- 2020-06-02 CN CN202021001170.9U patent/CN212343809U/en active Active
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113382521A (en) * | 2021-05-21 | 2021-09-10 | 深圳爱克莱特科技股份有限公司 | Street lamp remote control device and method, street lamp controller and control method |
| CN113349143A (en) * | 2021-05-31 | 2021-09-07 | 广州驿通智能科技有限公司 | Fish tank detector and control system and method thereof |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104170422B (en) | The safety solution and device of integrating WIFI radio interface in LTE access nets | |
| CN111131258B (en) | Safe private network architecture system based on 5G network slice | |
| CN104205667B (en) | For triggering the technology of multiple wireless devices and configuration | |
| CN107646176B (en) | Non-orthogonal multiple between unicast signal and multicast signals | |
| US7813327B2 (en) | Method and system for peer to peer wide area network communication | |
| CN107113287A (en) | The method that device-to-device communication is performed between subscriber's installation | |
| CN107409299A (en) | It is used for the limited safe method and apparatus for constructing adjacency service code found for protecting | |
| CN109155772A (en) | Code domain non-orthogonal multiple scheme | |
| CN109076343A (en) | The network verification of wearable device | |
| CN107637106A (en) | Unicast in the direct device-to-device communications of ProSe is supported | |
| CN212343809U (en) | Edge type cellular Internet of things private network system | |
| CN104737569B (en) | For providing the method and apparatus of added security for the communication of sensitive information | |
| CN103906061A (en) | Wireless access point | |
| CN109391346A (en) | A kind of user equipment that be used to wirelessly communicate, the method and apparatus in base station | |
| CN110140404A (en) | The extension of data transmission from ULRB to ULCB | |
| WO2019158117A1 (en) | System and method for providing security in a wireless communications system with user plane separation | |
| TW202029710A (en) | Cyclic prefix orthogonal frequency division multiplexing sequence configuration of a downlink / uplink | |
| CN110266451A (en) | A kind of method and apparatus in the user equipment for being used for unlicensed spectrum, base station | |
| CN103905389B (en) | Relay equipment-based security association, data transmission method, device and system | |
| CN108966217A (en) | A kind of secret communication method, mobile terminal and secrecy gateway | |
| CN115802348B (en) | Low-power consumption NB-IoT terminal and secure communication mechanism | |
| CN107529205A (en) | A kind of Internet-surfing configuration method of the network equipment based on wifi hotspot | |
| WO2021056464A1 (en) | Data safety processing method and communication apparatus | |
| CN113765946B (en) | Special network system of edge type honeycomb internet of things | |
| CN109391532B (en) | Wireless transmission device, wireless transmission method and computer readable storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| GR01 | Patent grant | ||
| GR01 | Patent grant |