Data interaction method based on Internet of things equipment acquisition
Technical Field
The invention relates to the field of service application of the Internet of things, in particular to a data interaction method based on equipment acquisition of the Internet of things.
Background
At present, with the rapid development of the application field of the Internet of things and the rapid iterative innovation of the technology of the Internet of things, the system presents the current situations that the communication network is heterogeneous and diverse, the number of communication devices is increased by power, the distribution range of the devices is wider, the acquired data expression forms are various, and the like, so that the system brings serious challenges to the information security of the Internet of things. The data interaction of the Internet of things not only ensures that the transmission link can safely send the message to the receiving end, but also prevents the receiving end from being hit by tracking and prevents the data of the sending end from being tampered and transmitted. Meanwhile, when the application field of the internet of things lacks a full-link and full-flow integrated data security interaction method from an originating terminal to a final terminal and application thereof.
Along with the rapid development of the internet of things and the rapid progress of technology, the gateway mode solves the problem of point-to-point single network communication of the traditional equipment, so that the multipoint sensing data are converged to the gateway for unified processing, thereby realizing the long-distance communication, but the gateway mode has the problems of complex transmission process, lower network transmission efficiency, easy tampering and monitoring of related data and the like.
Disclosure of Invention
Aiming at the problem that the application field of the Internet of things lacks a full-link and full-flow integrated data security interaction method from an originating terminal to a final terminal, the invention combines the interface capability of communication network modules of devices such as a gateway and an intelligent terminal, applies a software development component to the devices such as the gateway by virtue of the advantages of an embedded technology, provides an integrated and comprehensive solution by virtue of soft and hard matching, and realizes that the Internet of things device can select a proper mode according to the condition of the network environment where the Internet of things device is positioned to transmit Internet of things data to an Internet of things informatization system of the final terminal. The invention has good application prospect.
The invention defines that a software development component (SDK) loaded in the Internet of things equipment realizes data acquisition, data encapsulation, data reporting and the like; according to the method, the Internet of things data model is used for digitally describing the Internet of things equipment entity, so that the Internet of things equipment can be identified and subjected to processing such as function call by an Internet of things informatization system; the invention confirms the credibility of the Internet of things equipment accessed to the informatization system by using a self-defined equipment identity card mechanism; the invention realizes safe and efficient data transmission by using an improved encryption technology and matching with a self-defined protocol.
The invention discloses a data interaction method based on Internet of things equipment acquisition, which is realized by using a gateway, internet of things equipment and an Internet of things informatization system, wherein the Internet of things informatization system is connected with the gateway, the Internet of things equipment is connected with the gateway, and the gateway, the Internet of things equipment and the Internet of things informatization system jointly form an Internet of things network. The internet of things informatization system is used for receiving perception data acquired by various internet of things devices, providing a unified informatization platform for acquisition, aggregation, processing, fusion and mining analysis of the perception data, and providing sharing distribution service of the perception data. The internet of things equipment comprises various sensors, and the gateway comprises a WAPI module, an Ethernet module, a ZigBee module, a serial port module, a LORA module, an LTE module, a 4G/5G module, a Beidou module and the like, an NBIOT module and the like. The gateway is used for realizing data analysis on the heterogeneous network modules, enabling the data forwarding coordinators among the heterogeneous networks to exchange information with each other through the serial port modules of the gateway, reading and analyzing the data uploaded by the data forwarding coordinators among the heterogeneous networks by the gateway, providing the read data through the serial port modules of the gateway, storing the data uploaded by the data forwarding coordinators among the heterogeneous networks into the database of the gateway after analyzing the data uploaded by the data forwarding coordinators among the heterogeneous networks by the gateway, and simultaneously repackaging and converting the data into a standardized format.
The gateway also comprises an embedded software development component of the Internet of things, wherein the embedded software development component of the Internet of things is loaded in the gateway and is used for realizing the rapid input of data into the terminal of the Internet of things, and the embedded software development component of the Internet of things provides an edge computing function, so that the gateway is supported to realize the random access and the plug-and-play of heterogeneous network environments. The embedded software development component of the Internet of things comprises a data model SDK, an encryption and decryption SDK, an edge calculation SDK and the like, provides a standardized data transmission mode, and has the functions of data caching, data deduplication, data retransmission, data aggregation, data reporting, equipment control, standardized data format conversion and the like. The method comprises the following specific steps:
s1, defining a data model of the Internet of things;
the method comprises the steps that after abstract modeling is conducted on entity equipment, standard digital description is conducted on sensing data of various pieces of Internet of things equipment, corresponding JSON format file data models are built for the various pieces of Internet of things equipment, and the Internet of things data models are stored in a JSON format in an Internet of things informatization system; the data model of the Internet of things defines a set of corresponding standard data parameters for each type of Internet of things equipment, and the standard data parameters comprise all parameters used by the type of Internet of things equipment. Specifically, the internet of things informatization system utilizes the internet of things data model to abstract the functions of various internet of things devices into data parameters consisting of attributes, functions, events and extensions, wherein the data parameters are used for data interaction between the various internet of things devices and the internet of things informatization system; and the attribute in the data parameter is used for describing the running state of the Internet of things equipment. The internet of things informatization system actively transmits messages to obtain the attributes of all the internet of things devices, and all the internet of things devices report the attributes to the internet of things informatization system through events.
The functions in the data parameters record the capability or method of the Internet of things equipment which can be called by the outside, and the settable input parameters and output parameters of the Internet of things equipment, and are the basis of the Internet of things informatization system to execute a task control function instruction such as a certain linkage on the Internet of things equipment.
And the event in the data parameters records the event which occurs when the Internet of things equipment runs, and the event comprises notification information which needs to be perceived and processed externally and comprises a plurality of output parameters.
And the expansion of the data parameters records custom expansion fields such as equipment labels and the like, and is used for realizing information sharing.
The data model of the Internet of things adopts the same data model for the same type of Internet of things equipment, the same type of Internet of things equipment is defined by using the data model of the Internet of things, and the data of the same type of Internet of things equipment is standardized, so that the same type of Internet of things equipment can be automatically identified and analyzed and configured by an Internet of things informatization system after being connected to the Internet of things, and the manual configuration workload is reduced. The internet of things informatization system utilizes the internet of things data model to form a standardized service pool or resource pool, and utilizes the service pool or resource pool to acquire data resources or service resources of different types of internet of things equipment.
The data model of the Internet of things has abnormal data processing capability, and data which can cause misoperation of the equipment of the Internet of things are shielded, specifically, a controlled range and a boundary range are defined in the attribute of the data parameter of the data model of the Internet of things, when the trigger event information value of the equipment of the Internet of things is in the boundary range, the trigger event is marked with the generation time as a time stamp, and the trigger event information value of the equipment of the Internet of things is sent to an informatization system of the Internet of things; but when the value of the triggering event information value of the Internet of things equipment is out of the boundary range, the Internet of things data model directly takes the data as dirty data, adds a shielding label to the data, and feeds back shielding label information to an Internet of things informatization system.
S2, carrying out identity authentication on the equipment of the Internet of things;
and carrying out identity authentication on the Internet of things equipment, and ensuring that the Internet of things equipment accessed to the Internet of things terminal is credible, wherein the Internet of things equipment which does not pass the identity authentication cannot be accessed to the Internet of things terminal. For all the Internet of things equipment which needs to be accessed into the Internet of things information system for information interaction, the Internet of things information system needs to register the equipment, and after the Internet of things information system distributes equipment ID for each Internet of things equipment which needs to be accessed into the Internet of things information system and activates the equipment, the equipment can perform a session with the Internet of things information system.
Step S2, using the device ID as an identity tag of the Internet of things device, wherein each Internet of things device has an independent device ID; the internet of things equipment applies for activation to the internet of things informatization system, and sends equipment information comprising manufacturers, production batches, production passwords, unique codes of chips and the like to the internet of things informatization system. And the information system of the Internet of things judges and generates a unique equipment ID according to the equipment information through activation. The internet of things informatization system informs that the internet of things equipment is successfully activated, and issues equipment codes, equipment keys, digital certificates and the like to the internet of things equipment, and the internet of things equipment permanently stores the standby IDs thereof. If the internet of things device is activated for multiple times, the device key and the digital certificate thereof must be changed after each activation, and the device ID remains unchanged. After the internet of things equipment is activated, every time the internet of things equipment is connected with the internet of things informatization system, equipment ID (identity) is submitted, a piece of random number is encrypted by using an equipment key, and information to be sent to the internet of things informatization system is mixed with the encrypted random number and then sent, so that interception and theft of the information are prevented.
For devices that have interacted with the platform, an information mechanism needs to be employed for the device identity each time a reconnection occurs. The method comprises the steps of carrying out identity authentication on the Internet of things equipment by adopting a trust mechanism based on behaviors, dynamically judging the credibility of the Internet of things equipment through a behavior history record of the Internet of things equipment and the current behavior characteristics of the Internet of things equipment, using equipment ID, an Internet of things data model, digital signature information, a smart card or an encryption chip of the equipment or other identity authentication attribute information (secret information, an encrypted file of a user password or a random number is stored in the smart card) as a trust certificate, comparing the trust certificate with related information in a database containing identity authentication rule information of an Internet of things informatization system, and outputting trust evaluation through a trust management engine of the Internet of things informatization system.
The trust evaluation calculation method of the trust management engine on a certain piece of internet of things equipment comprises the following steps:
H X =α*T B -β*T M +γ*T Q +k*T t ,
wherein H is X Trust evaluation value T representing certain internet of things equipment B 、T M 、T Q 、T t Respectively representing the equipment ID of the equipment of the Internet of things, the data model of the Internet of things, the digital signature and the trust degree of the identity identification attribute information of the equipment, T B 、T M 、T Q 、T t The values of (a) are all 1 or not, and alpha, beta, gamma and k are respectively T B 、T M 、T Q 、T t And the sum is 1, and k=0 when the smart card or encryption chip or other identification attribute information of the internet of things device itself is not present.
T B 、T M 、T Q 、T t By evaluating or maximum likelihoodEnergy value method. For the judgment value method, T B Is 0 or 1, T M The judgment value of (1) is related to the number of times of deleting abnormal dirty data in unit time of the data model of the Internet of things, T Q 、T t And (3) defining the judgment value according to the judgment requirement.
For the maximum likelihood method, a maximum likelihood estimation method MLE is used, and in the case that the confidence probability distribution function is known and the parameters of the probability distribution are unknown, the MLE estimates the unknown probability distribution parameters according to the already obtained confidence results, and the estimated probability distribution parameters maximize the probability of occurrence of the already obtained confidence results. The credibility of the ith Internet of things equipment is t i The probability that the ith Internet of things equipment passes identity authentication is equal to the credibility of the ith Internet of things equipment, and the verification result of the ith Internet of things equipment on the kth Internet of things equipment is x i,k The adjacent equipment of the ith Internet of things equipment is marked as n (i), and the MLE method is used for solving the trust probability distribution function p (x) i,k ,t i ,l k ) Parameters at maximum, i.e. at maximum
Solving to obtain t when the above equation is maximized i Namely, the calculation result of the trust degree of the equipment ID, the data model, the digital signature or the identity identification attribute information of the equipment of the i-th Internet of things equipment is obtained, N is the number of the physical network equipment, and l is the number of the physical network equipment k The method comprises the steps that a certain trust initial estimated value of a kth internet of things device is taken as one of a device ID, an internet of things data model, a digital signature or trust initial estimated value of identity attribute information of the device, and according to l k The initial estimate, t, of the specific confidence level taken i The result of the corresponding trust degree calculation is the result of the corresponding trust degree calculation. For example, l k When the trust initial estimated value of the equipment ID of the kth Internet of things equipment is t i The calculation result of the trust degree of the device ID of the ith Internet of things device is obtained.
S3, encrypting and transmitting the data;
the method for encrypting the data sent by the Internet of things equipment or the Internet of things informatization system by adopting the hybrid encryption algorithm specifically comprises the steps that in the data transmission process, a receiver sends a public key of the receiver to a sender, the public key of the sender is used for encrypting a key of the symmetric encryption algorithm, the encrypted key of the symmetric encryption algorithm is sent to the receiver, the receiver decrypts the received key by using an own private key to obtain a key of the symmetric encryption method, the sender sends original information encrypted by using the own private key to the receiver, and the receiver decrypts the received information by using the key of the symmetric encryption algorithm.
In the information transmission process between the Internet of things equipment or the Internet of things informationized systems, digital signature is carried out on the transmitted information to prove the identity of the information, signature authentication is carried out on the transmitted information by utilizing an improved asymmetric encryption algorithm, the identity of a private key owner is verified through a public key, the information is signed and sent out by an information sender through the digital signature, the signature authentication process encrypts the summary information of the transmitted information by using the private key of the sender, then the encrypted ciphertext is transmitted to a receiver of the information together with an unencrypted original text, the receiver decrypts the encrypted summary information by using the public key of the sender, then the decrypted summary information is decrypted by using the same summary information encryption method as the sender, the obtained summary information is compared with the summary information of the original transmitted information, if the obtained summary information is the same, the received information is complete, and the received information is not tampered by a third party in the transmission process. The method comprises the steps that the internet of things equipment performs registration authentication in an internet of things concept informatization system, after the internet of things informatization system performs authorization authentication, a certificate management system in the internet of things informatization system generates 2 pairs of keys, one pair of keys is used for a private key and a public key of an asymmetric encryption method, the other pair of keys is used for a symmetric encryption method, and meanwhile, a digital certificate is generated and fed back to the internet of things equipment.
S4, defining an application layer protocol;
the internet of things equipment and the internet of things informatization system perform data interaction through an application layer protocol, the adopted application layer protocol comprises MQTT, COAP, HTTP, MIT-LINK protocol and the like, and parameters of the application layer protocol MIT-LINK are redefined according to data interaction requirements. The MIT-LINK protocol is a message transmission protocol of a request/distribution mode of a client/server architecture, the MIT-Link protocol adopts a request/response model, the Internet of things equipment sends a request message to an Internet of things informatization system, the request message comprises a request type, a protocol name and a version, an Internet of things equipment identifier and request data, and the Internet of things informatization system sends a response message to the Internet of things equipment after receiving the request message, wherein the response message comprises a response type, the protocol name and the version, a reason code and response data; the method specifically comprises the steps that the Internet of things equipment is connected to an Internet of things informatization system, and a connection request message is sent. The internet of things informatization system receives the connection request, sends a response message and establishes a TCP socket connection; the method comprises the steps that the Internet of things equipment sends an operation request message, an Internet of things informatization system receives the operation request message and returns a response message, the Internet of things equipment sends a connection closing request message, and the Internet of things informatization system receives the connection closing request message and releases TCP connection.
The message of MIT-Link protocol includes message header, message body, the message header includes: message type, protocol name, protocol version, connection flag, keep connection time, message body length, message body includes: device ID, message data.
S5, adopting a data access maintenance mechanism;
when a plurality of internet of things devices initiate a network access operation process at the same time, the initiated network access application generates message collision at a gateway, so that the plurality of internet of things devices cannot normally join the network, the internet of things devices adopt a monitoring mechanism and a rule engine mechanism, the internet of things devices firstly randomly retreat for a period of time and monitor the busy and idle states of the network in the network access operation process, if the current network channel is in the idle state, the internet of things devices initiate the network access operation, and if the current network channel is in the busy state, the internet of things devices wait for the next network access time slot to perform the network access operation. According to the operation, the networking process of all the Internet of things equipment is realized.
The beneficial effects of the invention are as follows:
according to the invention, the communication network module interface capability of the gateway, the intelligent terminal and other equipment is matched, the software development component is applied to the gateway and other equipment by virtue of the advantages of the embedded technology, and an integrated and comprehensive solution is provided by the soft and hard matching, so that the Internet of things equipment can select a proper mode according to the network environment condition and transmit the Internet of things data to the Internet of things informatization system of the final end. The invention has good application prospect.
Drawings
FIG. 1 is a flow chart of an implementation of the method of the present invention;
FIG. 2 is a data streaming architecture design diagram of the method of the present invention;
FIG. 3 is a flow chart of the authentication of device identity trust in the method of the present invention;
FIG. 4 is a flow chart of reporting attributes of an Internet of things data model according to the method of the present invention;
fig. 5 is a definition chart of attribute rules of an internet of things data model according to the method of the present invention.
Detailed Description
For a better understanding of the present disclosure, an embodiment is presented herein.
The invention defines that a software development component (SDK) loaded in the Internet of things equipment realizes data acquisition, data encapsulation, data reporting and the like; according to the method, the Internet of things data model is used for digitally describing the Internet of things equipment entity, so that the Internet of things equipment can be identified and subjected to processing such as function call by an Internet of things informatization system; the invention confirms the credibility of the Internet of things equipment accessed to the informatization system by using a self-defined equipment identity card mechanism; the invention realizes safe and efficient data transmission by using an improved encryption technology and matching with a self-defined protocol. The architecture relationship of the implementation of the present invention is shown in fig. 1. The data streaming architecture is shown in fig. 2. FIG. 3 is a flow chart of the device identity trust authentication of the method of the present invention. Fig. 4 is a flow chart of reporting attributes of an internet of things data model according to the method of the present invention. Fig. 5 is a definition chart of attribute rules of an internet of things data model according to the method of the present invention.
The invention discloses a data interaction method based on Internet of things equipment acquisition, which is realized by using a gateway, internet of things equipment and an Internet of things informatization system, wherein the Internet of things informatization system is connected with the gateway, the Internet of things equipment is connected with the gateway, and the gateway, the Internet of things equipment and the Internet of things informatization system jointly form an Internet of things network. The internet of things informatization system is used for receiving perception data acquired by various internet of things devices, providing a unified informatization platform for acquisition, aggregation, processing, fusion and mining analysis of the perception data, and providing sharing distribution service of the perception data. The internet of things equipment comprises various sensors, and the gateway comprises a WAPI module, an Ethernet module, a ZigBee module, a serial port module, a LORA module, an LTE module, a 4G/5G module, a Beidou module and the like, an NBIOT module and the like. The gateway is used for realizing data analysis on the heterogeneous network modules, enabling the data forwarding coordinators among the heterogeneous networks to exchange information with each other through the serial port modules of the gateway, reading and analyzing the data uploaded by the data forwarding coordinators among the heterogeneous networks by the gateway, providing the read data through the serial port modules of the gateway, storing the data uploaded by the data forwarding coordinators among the heterogeneous networks into the database of the gateway after analyzing the data uploaded by the data forwarding coordinators among the heterogeneous networks by the gateway, and simultaneously repackaging and converting the data into a standardized format.
The gateway also comprises an embedded software development component of the Internet of things, wherein the embedded software development component of the Internet of things is loaded in the gateway and is used for realizing the rapid input of data into the terminal of the Internet of things, and the embedded software development component of the Internet of things provides an edge computing function, so that the gateway is supported to realize the random access and the plug-and-play of heterogeneous network environments. The embedded software development component of the Internet of things comprises a data model SDK, an encryption and decryption SDK, an edge calculation SDK and the like, provides a standardized data transmission mode, and has the functions of data caching, data deduplication, data retransmission, data aggregation, data reporting, equipment control, standardized data format conversion and the like. The largest characteristic of the SDK can be cut and packaged according to the storage space of the Internet of things device, can be adjusted according to the size of the storage space and the transmission requirement process sequence, and can be suitable for a device scene with small codes and packaging requirements.
The method comprises the following specific steps:
s1, defining a data model of the Internet of things;
the method comprises the steps that after abstract modeling is conducted on entity equipment, standard digital description is conducted on sensing data of various pieces of Internet of things equipment, corresponding JSON format file data models are built for the various pieces of Internet of things equipment, and the Internet of things data models are stored in a JSON format in an Internet of things informatization system; based on the data model of the Internet of things, application development of the Internet of things can be directly performed. The data model of the Internet of things defines a set of corresponding standard data parameters for each type of Internet of things equipment, and the standard data parameters comprise all parameters used by the type of Internet of things equipment. Specifically, the internet of things informatization system utilizes the internet of things data model to abstract the functions of various internet of things devices into data parameters consisting of attributes, functions, events and extensions, wherein the data parameters are used for data interaction between the various internet of things devices and the internet of things informatization system; and the attribute of the data parameter is used for describing the running state of the Internet of things equipment. The internet of things informatization system actively transmits messages to obtain the attributes of all the internet of things devices, and all the internet of things devices report the attributes to the internet of things informatization system through events.
The function of the data parameter records the capability or method of the Internet of things equipment which can be called by the outside, and the settable input parameter and output parameter of the Internet of things equipment, and is the basis of the Internet of things informatization system to execute a task control function instruction such as a certain linkage on the Internet of things equipment.
The event of the data parameter records the event occurring when the Internet of things equipment runs, and the event contains notification information which needs to be perceived and processed externally and contains a plurality of output parameters.
And the expansion of the data parameters records custom expansion fields such as equipment labels and the like, and is used for realizing information sharing.
The data model of the Internet of things adopts the same data model for the same type of Internet of things equipment, the same type of Internet of things equipment is defined by using the data model of the Internet of things, and the data of the same type of Internet of things equipment is standardized, so that the same type of Internet of things equipment can be automatically identified and analyzed and configured by an Internet of things informatization system after being connected to the Internet of things, and the manual configuration workload is reduced. The internet of things informatization system utilizes the internet of things data model to form a standardized service pool or resource pool, and utilizes the service pool or resource pool to acquire data resources or service resources of different types of internet of things equipment.
The design element fields contained in the data model of the Internet of things can be customized by a user, support the customization of data types and units, and have the characteristics of convenience and flexibility. The data model of the Internet of things has abnormal data processing capability, and data which can cause misoperation of the equipment of the Internet of things are shielded, specifically, a controlled range and a boundary range are defined in the attribute of the data parameter of the data model of the Internet of things, when the trigger event information value of the equipment of the Internet of things is in the boundary range, the trigger event is marked with the generation time as a time stamp, and the trigger event information value of the equipment of the Internet of things is sent to an informatization system of the Internet of things; but when the value of the triggering event information value of the Internet of things equipment is out of the boundary range, the Internet of things data model directly takes the data as dirty data, adds a shielding label to the data, and feeds back shielding label information to an Internet of things informatization system.
S2, carrying out identity authentication on the equipment of the Internet of things;
the application service of the Internet of things is characterized by more access devices and wide distribution area, so that the Internet of things has the possibility of being falsely used and changed in series. And carrying out identity authentication on the Internet of things equipment, and ensuring that the Internet of things equipment accessed to the Internet of things terminal is credible, wherein the Internet of things equipment which does not pass the identity authentication cannot be accessed to the Internet of things terminal. For all the Internet of things equipment which needs to be accessed into the Internet of things information system for information interaction, the Internet of things information system needs to register the equipment, and after the Internet of things information system distributes equipment ID for each Internet of things equipment which needs to be accessed into the Internet of things information system and activates the equipment, the equipment can perform a session with the Internet of things information system.
Step S2, using the device ID as an identity tag of the Internet of things device, wherein each Internet of things device has an independent device ID; the internet of things equipment applies for activation to the internet of things informatization system, and sends equipment information comprising manufacturers, production batches, production passwords, unique codes of chips and the like to the internet of things informatization system. And the information system of the Internet of things judges and generates a unique equipment ID according to the equipment information through activation. The internet of things informatization system informs that the internet of things equipment is successfully activated, and issues equipment codes, equipment keys, digital certificates and the like to the internet of things equipment, and the internet of things equipment permanently stores the standby IDs thereof. If the internet of things device is activated for multiple times, the device key and the digital certificate thereof must be changed after each activation, and the device ID remains unchanged. After the internet of things equipment is activated, every time the internet of things equipment is connected with the internet of things informatization system, equipment ID (identity) is submitted, a piece of random number is encrypted by using an equipment key, and information to be sent to the internet of things informatization system is mixed with the encrypted random number and then sent, so that interception and theft of the information are prevented.
For devices that have interacted with the platform, an information mechanism needs to be employed for the device identity each time a reconnection occurs. The method comprises the steps of carrying out identity authentication on the Internet of things equipment by adopting a trust mechanism based on behaviors, dynamically judging the credibility of the Internet of things equipment through a behavior history record of the Internet of things equipment and the current behavior characteristics of the Internet of things equipment, taking equipment ID, an Internet of things data model, digital signature information, a smart card or an encryption chip of the equipment or other identity authentication attribute information (secret information, an encrypted file of a user password or a random number is stored in the smart card) as a trust certificate, comparing the trust certificate with related information in a database containing identity authentication rule information of an Internet of things informatization system, and outputting trust evaluation through a trust management engine of the Internet of things informatization system, as shown in figure 4.
The trust evaluation calculation method of the trust management engine on a certain piece of internet of things equipment comprises the following steps:
H X =α*T B -β*T M +γ*T Q +k*T t ,
wherein H is X Trust evaluation value T representing certain internet of things equipment B 、T M 、T Q 、T t Respectively representing the equipment ID of the equipment of the Internet of things, the data model of the Internet of things, the digital signature and the trust degree of the identity identification attribute information of the equipment, T B 、T M 、T Q 、T t The values of (a) are all 1 or not, and alpha, beta, gamma and k are respectively T B 、T M 、T Q 、T t And the sum is 1, and k=0 when the smart card or encryption chip or other identification attribute information of the internet of things device itself is not present. The alpha, beta, gamma and k parameter values can provide two sets of parameter value results according to the existence of the smart card or the encryption chip of the equipment or other identification attribute information (secret information is stored in the smart card).
T B 、T M 、T Q 、T t And (3) adopting a judgment value method or a maximum likelihood value method. For the judgment value method, T B Is 0 or 1, T M The judgment value of (1) is related to the number of times of deleting abnormal dirty data in unit time of the data model of the Internet of things, T Q 、T t And (3) defining the judgment value according to the judgment requirement.
For the maximum likelihood method, a maximum likelihood estimation Method (MLE) is utilized, the maximum likelihood estimation Method (MLE) is a probability-based trust reasoning method, and is applicable to a probability model and a belief model, and when a trust probability distribution function is known and parameters of probability distribution are unknown, the MLE estimates unknown probability distribution parameters according to the obtained trust result, and the estimated probability distribution parameters enable the possibility of the obtained trust result to be maximum. The credibility of the ith Internet of things equipment is t i The probability that the ith Internet of things equipment passes identity authentication is equal to the credibility of the ith Internet of things equipment, and the verification result of the ith Internet of things equipment on the kth Internet of things equipment is x i,k The adjacent equipment of the ith Internet of things equipment is marked as n (i), and the MLE method is used for solving the trust probability distribution function p (x) i,k ,t i ,l k ) Parameters at maximum, i.e. at maximum
Solving to obtain t when the above equation is maximized i Namely, the calculation result of the trust degree of the equipment ID, the data model, the digital signature or the identity identification attribute information of the equipment of the i-th Internet of things equipment is obtained, N is the number of the physical network equipment, and l is the number of the physical network equipment k The method comprises the steps that a certain trust initial estimated value of a kth internet of things device is taken as one of a device ID, an internet of things data model, a digital signature or trust initial estimated value of identity attribute information of the device, and according to l k The initial estimate, t, of the specific confidence level taken i The result of the corresponding trust degree calculation is the result of the corresponding trust degree calculation. For example, l k When the trust initial estimated value of the equipment ID of the kth Internet of things equipment is t i The calculation result of the trust degree of the device ID of the ith Internet of things device is obtained.
S3, encrypting and transmitting the data;
the data is encrypted and transmitted by an encryption algorithm of a digital certificate mechanism, and the data is sent to a destination by adopting an encryption transmission technology. The invention improves the prior art, ensures the safe transmission of data (information is not tampered, monitored, and the like) and simultaneously improves the encryption and decryption speed efficiency.
The data sent by the Internet of things equipment is guaranteed not to be eavesdropped by adopting a key encryption mode, and the key encryption mode comprises a symmetric encryption algorithm and an asymmetric encryption algorithm. The symmetric encryption algorithm has high possibility of password leakage, and the efficiency is very low by adopting the asymmetric encryption algorithm. The method specifically comprises the steps that in the data transmission process, a receiver sends a public key of the receiver to a sender, the public key of the sender is used for encrypting a secret key of the symmetric encryption algorithm, the encrypted secret key of the symmetric encryption algorithm is sent to the receiver, the receiver receives the secret key, the receiver decrypts the secret key by using an own private key to obtain a secret key of the symmetric encryption method, the sender sends original information encrypted by using the own private key to the receiver, and the receiver decrypts the received information by using the secret key of the symmetric encryption algorithm.
In the process of information transmission between the Internet of things equipment or the Internet of things informatization system, the transmitted information is digitally signed to prove the identity of the information, the transmitted information is subjected to signature authentication by utilizing an improved asymmetric encryption algorithm, the identity of a private key owner is checked by a public key, and the confirmed information is signed and sent by an information sender through the digital signature, because other people do not have the private key of the information sender, the signature of the information sender cannot be counterfeited at all. The signature authentication process comprehensively utilizes an asymmetric encryption method and a digital digest method, the signature authentication process encrypts digest information of transmitted information by using a private key of a sender, then the encrypted ciphertext is transmitted to a receiver of the information together with an unencrypted original text, the receiver decrypts the encrypted digest information by using a public key of the sender, then the decrypted digest information is decrypted by using the same digest information encryption method as the sender, the obtained digest information is compared with the digest information of the original transmitted information, if the obtained digest information is the same, the received information is indicated to be complete, and the received information is not tampered by a third party in the transmission process. The method comprises the steps of carrying out hash calculation on information to obtain a hash value, encrypting the hash value when the information is sent out, and sending the encrypted hash value together with the information as a signature. After receiving the information, the receiver recalculates the hash value of the information and compares the hash value with the hash value (after decryption) attached to the information, and if the hash value is consistent with the hash value, the receiver indicates that the content of the information is not modified. The digital signature is intercepted and imitated, and the unmanageable person can modify the information content and the hash value so that the information content and the hash value can be matched, so that a third-party authority is required to confirm the condition to ensure that the content is true and effective. The scheme of the invention is as follows: the internet of things equipment performs registration authentication in the internet of things concept informatization system, and after the internet of things informatization system performs authorization authentication, a certificate management system in the internet of things informatization system generates 2 pairs of keys, one pair of keys is used for a private key and a public key of an asymmetric encryption method, the other pair of keys is used for a symmetric encryption method, and a digital certificate (comprising a device signature and a public key) is generated and fed back to the internet of things equipment. The digital certificate defined in the present invention includes a certificate information field as described in table 1.
TABLE 1 certificate information Domain
S4, defining an application layer protocol;
the internet of things equipment and the internet of things informatization system perform data interaction through an application layer protocol, the adopted application layer protocol comprises MQTT, COAP, HTTP, MIT-LINK protocol and the like, parameters of the application layer protocol MIT-LINK are redefined according to data interaction requirements, and the application layer protocol can be well matched with an encryption technology to provide a safe and reliable channel. The MIT-LINK protocol is a request/distribution mode message transmission protocol of a client/server architecture, and has the characteristics of light weight, specification and the like aiming at an application protocol set by the Internet of things. The MIT-LINK supports long connection, real-time communication, off-line feedback mechanism and other functions. The MIT-LINK is suitable for low-power consumption, low-storage and narrow-bandwidth application scenes. The MIT-Link protocol defines how a client communicates with a server. The MIT-Link protocol adopts a request/response model, the Internet of things equipment sends a request message to an Internet of things informatization system, the request message comprises a request type, a protocol name and version, an Internet of things equipment identifier and request data, and after the Internet of things informatization system receives the request message, the Internet of things informatization system sends a response message to the Internet of things equipment, wherein the response message comprises a response type, a protocol name and version, a reason code and response data; the method specifically comprises the steps that the Internet of things equipment is connected to an Internet of things informatization system, and a connection request message is sent. The internet of things informatization system receives the connection request, sends a response message and establishes a TCP socket connection; the method comprises the steps that the Internet of things equipment sends an operation request message, an Internet of things informatization system receives the operation request message and returns a response message, the Internet of things equipment sends a connection closing request message, and the Internet of things informatization system receives the connection closing request message and releases TCP connection.
The message of MIT-Link protocol includes message header, message body, the message header includes: message type, protocol name, protocol version, connection flag, keep connection time, message body length, message body includes: device ID, message data.
S5, adopting a data access maintenance mechanism;
aiming at the performance requirements (including real-time data processing capability and transmission rate) of the heterogeneous network simultaneous access of the Internet of things equipment, the Internet of things informatization system adopts a load balancing strategy, a resource allocation mechanism and the like, so that the data link communication capability of the Internet of things equipment is improved, and the application requirements are met. And when the heterogeneous network is accessed simultaneously, the Internet of things equipment moves to an overlapping area covered by a plurality of networks simultaneously, and simultaneously accesses the plurality of networks according to the data link communication system equipped with the Internet of things equipment.
When a plurality of internet of things devices initiate a network access operation process at the same time, the initiated network access application generates message collision at a gateway, so that the plurality of internet of things devices cannot normally join the network, the internet of things devices adopt a monitoring mechanism and a rule engine mechanism, whether the internet of things devices adopt an active network access or passive network access mode, the internet of things devices firstly retract for a period of time randomly and monitor the busy state of the network in the network access operation process, if the current network channel is in the idle state, the internet of things devices initiate the network access operation, and if the current network channel is in the busy state, the internet of things devices wait for the next network access time slot to perform the network access operation. According to the operation, the networking process of all the Internet of things equipment is realized.
The foregoing is merely exemplary of the present application and is not intended to limit the present application. Various modifications and changes may be made to the present application by those skilled in the art. Any modifications, equivalent substitutions, improvements, etc. which are within the spirit and principles of the present application are intended to be included within the scope of the claims of the present application.