CN118590517A - Data communication chip, system, method, device and electronic equipment - Google Patents

Abstract

The invention discloses a data communication chip, a system, a method, a device and electronic equipment. Wherein the method comprises the following steps: receiving a data transmission instruction from a transmitting end to a receiving end, wherein the transmitting end comprises at least one of the following: the DPU comprises a data communication chip, a receiving end comprises at least one of the following components: the Internet of things device is reserved, the DPU is different from the sending end and the receiving end; responding to a data transmission instruction, and acquiring transmission data sent by a sending end and a sending end identification; determining a receiving end identifier corresponding to the transmitting end identifier; and transmitting the transmission data to the receiving end corresponding to the receiving end identifier through a preset connection channel. The invention solves the technical problem of lower safety when data communication is carried out in the related technology.

Description

Data communication chip, system, method, device and electronic equipment

Technical Field

The present invention relates to the field of data communication, and in particular to a data communication chip, system, method, device and electronic equipment.

Background Art

The development of edge computing has provided solid support for the development of technologies such as the Internet of Things and artificial intelligence in the energy and power industry. However, with the explosion of end-side traffic and quantity, edge computing has gradually been unable to meet the business scenarios' requirements for data latency, bandwidth consumption, privacy and security, and new solutions are urgently needed. Specifically in the energy and power industry, in the face of business scenario requirements such as demand response, ancillary services, and spot trading, IoT devices deployed at the edge are becoming key equipment for supporting new power system business. Edge IoT devices have functions such as data collection, data management, protocol adaptation, security management, operation and maintenance management, and advanced business applications. They are used to support edge computing and analysis requirements for business scenarios such as resource aggregation and regulation, energy monitoring, and carbon emission management, and achieve regional energy autonomous control.

However, the demand for computing power for basic functions such as protocol adaptation and security management of edge IoT devices is constantly increasing. When using IoT devices to communicate data with DPU, there are still certain security issues.

To address the above-mentioned problems, no effective solution has been proposed yet.

Summary of the invention

The embodiments of the present invention provide a data communication chip, system, method, device and electronic device to at least solve the technical problem of low security in data communication in the related art.

According to one aspect of an embodiment of the present invention, a data communication chip is provided, comprising: a target middleware and a security protection component, the target middleware comprising a data processing unit DPU layer, an underlying communication driver layer, and a system adaptation layer, the DPU layer being connected to the underlying communication driver layer, the underlying communication driver layer being connected to the system adaptation layer, the DPU layer comprising a DPU; the underlying communication driver layer is a layer obtained by encapsulating a target communication protocol, the target communication protocol comprising a communication protocol corresponding to a first driver for internal communication of a data communication system, and a communication protocol corresponding to a second driver for external communication of the data communication system; the system adaptation layer comprising an information library module and a security protection module, the information library module being used to establish a connection channel between a predetermined IoT device and the DPU, the security protection module being used to encrypt and decrypt data transmitted between the predetermined IoT device and the DPU.

According to one aspect of an embodiment of the present invention, there is provided a data communication system, comprising: a predetermined Internet of Things device and a data communication chip, wherein the predetermined Internet of Things device is connected to the data communication chip.

According to one aspect of an embodiment of the present invention, a data communication method is provided, comprising: receiving a data transmission instruction for a transmitting end to send data to a receiving end, wherein the transmitting end includes at least one of the following: a predetermined IoT device, a DPU included in a data communication chip, and the receiving end includes at least one of the following: the predetermined IoT device, the DPU, and the transmitting end is different from the receiving end; in response to the data transmission instruction, obtaining transmission data and a transmitting end identifier sent by the transmitting end; determining a receiving end identifier corresponding to the transmitting end identifier; and sending the transmission data to the receiving end corresponding to the receiving end identifier through a predetermined connection channel.

Optionally, before sending the transmission data to the receiving end corresponding to the receiving end identifier through a predetermined connection channel, it also includes: obtaining first connection data sent by the predetermined IoT device and second connection data sent by the DPU, wherein the first connection data includes a first task subject name and an IoT device identifier, and the second connection data includes a second task subject name and a DPU port identifier; based on the first task subject name and the second task subject name, matching the predetermined IoT device with the DPU to obtain a matching result; if the match is successful, establishing a predetermined connection channel between the predetermined IoT device and the DPU based on the first connection data and the second connection data; and feeding back the matching result to the predetermined IoT device so that the predetermined IoT device can transmit data with the DPU through the connection channel.

Optionally, the transmission data is sent to the receiving end corresponding to the receiving end identifier through a predetermined connection channel, including: when the sending end is the predetermined IoT device and the receiving end is the DPU, the transmission data is acquired and stored in a data buffer; the first address and data length of the transmission data are stored in an address buffer; based on the first address recorded in the address buffer, the transmission data is retrieved from the data buffer, and the transmission data is sent to the receiving end corresponding to the receiving end identifier and to the DPU through a predetermined connection channel.

Optionally, after sending the transmission data to the receiving end corresponding to the receiving end identifier through a predetermined connection channel, it also includes: when the sending end is the DPU and the receiving end is the predetermined IoT device, determining the task subject name corresponding to the transmission data; and sending the transmission data to a storage area corresponding to the task subject name.

Optionally, sending the transmission data to the receiving end corresponding to the receiving end identifier through a predetermined connection channel includes: encrypting the transmission data to obtain encrypted transmission data; and sending the encrypted transmission data to the receiving end corresponding to the receiving end identifier through the predetermined connection channel.

According to one aspect of an embodiment of the present invention, a data communication device is provided, comprising: a receiving module, used to receive a data transmission instruction for a sending end to send data to a receiving end, wherein the sending end includes at least one of the following: a predetermined Internet of Things device, a DPU included in a data communication chip, and the receiving end includes at least one of the following: the predetermined Internet of Things device, the DPU, and the sending end is different from the receiving end; an acquisition module, used to obtain the transmission data and the sending end identifier sent by the sending end in response to the data transmission instruction; a determination module, used to determine the receiving end identifier corresponding to the sending end identifier; and a sending module, used to send the transmission data to the receiving end corresponding to the receiving end identifier through a predetermined connection channel.

According to one aspect of an embodiment of the present invention, there is provided an electronic device, comprising: a processor; and a memory for storing instructions executable by the processor; wherein the processor is configured to execute the instructions to implement any of the above-mentioned data communication methods.

According to one aspect of an embodiment of the present invention, a computer-readable storage medium is provided. When instructions in the computer-readable storage medium are executed by a processor of an electronic device, the electronic device can execute any of the above-mentioned data communication methods.

In an embodiment of the present invention, a data transmission instruction is received from a transmitting end to send data to a receiving end, wherein the transmitting end includes at least one of the following: a predetermined IoT device, DPU, and the receiving end includes at least one of the following: a predetermined IoT device, DPU, and the transmitting end is different from the receiving end; in response to the data transmission instruction, the transmission data and the transmitting end identifier sent by the transmitting end are obtained; the receiving end identifier corresponding to the transmitting end identifier is determined; and the transmission data is sent to the receiving end corresponding to the receiving end identifier through a predetermined connection channel. That is, data transmission can only be performed through a specific predetermined connection channel and a corresponding identifier, thereby ensuring security in data transmission. In addition, the DPU is located in the data communication chip, and the data communication chip includes: target middleware and security protection components, the target middleware includes a data processing unit DPU layer, a bottom communication driver layer, a system adaptation layer, the DPU layer is connected to the bottom communication driver layer, the bottom communication driver layer is connected to the system adaptation layer, and the DPU layer includes the DPU; the bottom communication driver layer is a layer obtained by encapsulating the target communication protocol, and the target communication protocol includes the communication protocol corresponding to the first driver for internal communication of the data communication system, and the communication protocol corresponding to the second driver for external communication of the data communication system; the system adaptation layer includes an information library module and a security protection module, the information library module is used to establish a connection channel between the predetermined IoT device and the DPU, and the security protection module is used to encrypt and decrypt the data transmitted between the predetermined IoT device and the DPU. It can be seen that it can play a certain role in security protection, thereby solving the technical problem of low security when conducting data communication in the related technology.

BRIEF DESCRIPTION OF THE DRAWINGS

The drawings described herein are used to provide a further understanding of the present invention and constitute a part of this application. The exemplary embodiments of the present invention and their descriptions are used to explain the present invention and do not constitute an improper limitation of the present invention. In the drawings:

FIG1 is a flow chart of a data communication method according to an embodiment of the present invention;

FIG2 is a diagram of a hierarchical design of middleware provided in an optional embodiment of the present invention;

3 is a schematic diagram of the connection between an IoT device and a data communication chip provided in an optional embodiment of the present invention;

FIG4 is a schematic diagram of data transmission between multiple groups of IoT devices-DPU combination devices provided in an optional embodiment of the present invention;

FIG. 5 is a structural block diagram of a data communication device according to an embodiment of the present invention.

DETAILED DESCRIPTION

In order to enable those skilled in the art to better understand the scheme of the present invention, the technical scheme in the embodiments of the present invention will be clearly and completely described below in conjunction with the drawings in the embodiments of the present invention. Obviously, the described embodiments are only part of the embodiments of the present invention, not all of the embodiments. Based on the embodiments of the present invention, all other embodiments obtained by ordinary technicians in this field without creative work should fall within the scope of protection of the present invention.

It should be noted that the terms "first", "second", etc. in the specification and claims of the present invention and the above-mentioned drawings are used to distinguish similar objects, and are not necessarily used to describe a specific order or sequence. It should be understood that the data used in this way can be interchanged where appropriate, so that the embodiments of the present invention described herein can be implemented in an order other than those illustrated or described herein. In addition, the terms "including" and "having" and any variations thereof are intended to cover non-exclusive inclusions, for example, a process, method, system, product or device that includes a series of steps or units is not necessarily limited to those steps or units that are clearly listed, but may include other steps or units that are not clearly listed or inherent to these processes, methods, products or devices.

First, some nouns or terms that appear in the description of the embodiments of the present application are subject to the following explanations:

Edge IoT device: a core device based on Internet of Things (IoT) technology, mainly used for data aggregation and security control at the IoT perception layer.

DPU: The full name is Data Processing Unit, which is a hardware accelerator specially designed to handle network, storage and computing tasks in data centers.

PCIe driver: PCIe driver is a software program used to manage and control PCIe (Peripheral Component Interconnect Express, a high-speed serial computer expansion bus standard) devices in a computer system.

Trusted innovation adaptation middleware architecture: refers to the middleware software architecture designed and optimized to adapt to the trusted innovation (information technology application innovation) environment and needs. It is mainly used in the trusted innovation ecosystem to achieve interconnection, data exchange and business collaboration between different software and hardware platforms.

Example

According to an embodiment of the present invention, there is provided a data communication chip, comprising:

Target middleware and security protection components,

The target middleware includes the data processing unit DPU layer, the underlying communication driver layer, and the system adaptation layer.

Among them, the DPU layer is connected to the underlying communication driver layer, and the underlying communication driver layer is connected to the system adaptation layer.

The DPU layer includes a DPU;

Optionally, DPU layer: This layer offloads the security protection business and network transmission business of the IoT device, and is implemented through hardware to improve security and processing efficiency.

The bottom communication driver layer is a layer obtained by encapsulating the target communication protocol, and the target communication protocol includes a communication protocol corresponding to a first driver for internal communication of the data communication system and a communication protocol corresponding to a second driver for external communication of the data communication system;

Optionally, the underlying communication driver layer: This layer mainly adapts and encapsulates the PCIe driver for internal communication between the IoT device and the DPU and the RDMA and other communication protocols for external communication of the IoT device. For the PCIe driver, it is developed based on the open source Linux device driver model for domestic operating systems; for communication protocols such as RDMA, the IoT device implements data transmission and reception through the RDMA protocol stack provided by the DPU and the shared memory related interfaces provided by the operating system.

The system adaptation layer includes an information library module and a security protection module. The information library module is used to establish a connection channel between the predetermined IoT device and the DPU. The security protection module is used to encrypt and decrypt data transmitted between the predetermined IoT device and the DPU.

Optionally, in the system adaptation layer: the general publishing and subscription registration module is used to implement the operating system application sending registration information to the information library; the information library module completes the handshake matching of all publishing and subscription information; the security protection module provides configurable and callable security protection services for upper-layer applications.

Optionally, the data communication chip may further include a middleware interface layer: this layer provides a general interface for sending and receiving information based on a publish-subscribe mechanism and a configuration interface for security capabilities.

Through the above settings, this application proposes a data communication chip, in which an IoT device-DPU credentialing adaptation middleware architecture is set up, which is used for the credentialing adaptation of IoT devices and DPUs, and provides a DPU callable API for the domestic operating system of IoT devices. The communication and security protection capabilities on the DPU are called through the message queue subscription and publishing mechanism to complete the communication, security uninstallation and collaborative adaptation of the IoT device. In addition, a lightweight embedded security protection adapter component is also set up. Lightweight embedded access control and secure transmission are implemented on the DPU, and efficient protection of the IoT device is achieved through the DPU's front-end security protection capabilities.

An embodiment of the present invention provides a data communication system, including: a predetermined Internet of Things device and a data communication chip, wherein the predetermined Internet of Things device is connected to the data communication chip.

In this embodiment, the predetermined IoT device included in the data communication system is connected to the data communication chip, and the communication transmission between the IoT device and the DPU is realized through the IoT device-DPU adaptation middleware based on the publish-subscribe mechanism, and the underlying transmission link is established between the domestic operating system application of the IoT device and the DPU to realize data transmission.

According to an embodiment of the present invention, an embodiment of a data communication method is provided. It should be noted that the steps shown in the flowchart of the accompanying drawings can be executed in a computer system such as a set of computer executable instructions, and although a logical order is shown in the flowchart, in some cases, the steps shown or described can be executed in an order different from that shown here.

FIG. 1 is a flow chart of a data communication method according to an embodiment of the present invention. As shown in FIG. 1 , the method includes the following steps:

Step S102, receiving a data transmission instruction from a transmitting end to send data to a receiving end, wherein the transmitting end includes at least one of the following: a predetermined IoT device, a DPU included in a data communication chip, and the receiving end includes at least one of the following: a predetermined IoT device, a DPU, and the transmitting end is different from the receiving end;

In step S102 provided in the present application, a transmitting end and a receiving end are involved. The transmitting end may be a predetermined IoT device, or a DPU, and the receiving end may be another end different from the transmitting end, and data is transmitted between the two ends.

Optionally, after the data communication chip is inserted into a predetermined IoT device, a connection channel is established between the two and data transmission is performed.

Among them, DPU is the DPU included in the data communication chip, the data communication chip includes target middleware and security protection components, the target middleware includes a data processing unit DPU layer, an underlying communication driver layer, and a system adaptation layer. The DPU layer is connected to the underlying communication driver layer, and the underlying communication driver layer is connected to the system adaptation layer. The DPU layer includes the DPU; the underlying communication driver layer is a layer obtained by encapsulating the target communication protocol, and the target communication protocol includes a communication protocol corresponding to a first driver for internal communication of the data communication system, and a communication protocol corresponding to a second driver for external communication of the data communication system; the system adaptation layer includes an information library module and a security protection module. The information library module is used to establish a connection channel between a predetermined Internet of Things device and the DPU, and the security protection module is used to encrypt and decrypt data transmitted between the predetermined Internet of Things device and the DPU to ensure the secure transmission of data between the Internet of Things device and the DPU.

Step S104, in response to the data transmission instruction, obtaining the transmission data and the sender identifier sent by the sender;

In step S104 provided in the present application, a data transmission instruction is involved. The data transmission instruction is a command or signal that starts or triggers the transmission of data from one location (sending end) to another location (receiving end). This instruction can be issued by a user, an application, an operating system, or a network protocol stack, etc. It can inform the system that data needs to be transmitted now, and may contain detailed information about how to transmit (for example, which protocol to use, data size, priority, etc.).

Before transmission, data may need some preprocessing, such as compression, encryption, adding header information, etc. These processes can ensure the efficiency and security of data during transmission. Data is usually packaged in a certain format or protocol so that it can be correctly identified and processed during transmission.

The sender identifier is also involved. The sender identifier is a unique or identifiable label or information used to identify the source or sender of the data. The sender identifier is very important to the receiver because it can help the receiver determine the source of the data, verify the authenticity of the data, and may be used for routing, billing or other purposes. The sender identifier may be an IP address, MAC address, device ID, user name or any other unique identifier.

Step S106, determining the receiving end identifier corresponding to the sending end identifier;

In step S106 provided in the present application, a receiving end identifier is involved, which is information used to identify a device, application or network node that receives a data packet. Corresponding to the sending end identifier, the receiving end identifier is also unique to ensure that the data packet can be accurately received by the target recipient.

In network communications, many protocols (such as TCP/IP, UDP, etc.) use addresses to identify the sender and receiver. When the sender sends a data packet, it includes the address of the target receiver in the data packet as the receiver identifier. For example, in the TCP/IP protocol, the sender uses the IP address and port number of the target host as the receiver identifier. When the receiver listens to a specific port, it receives data packets that match the port.

In more complex application scenarios, the correspondence between the sender and the receiver may not be fixed, but dynamically determined according to the application layer logic. For example, in a distributed system, the sender may need to select the receiver based on certain conditions (such as load balancing, routing strategy, etc.). In this case, the sender may need to query a centralized service (such as a service registry) to obtain the address or identifier of the receiver.

Step S108: sending the transmission data to the receiving end corresponding to the receiving end identifier through a predetermined connection channel.

In step S108 provided in the present application, the predetermined connection channel is a stable communication path established between the sending end and the receiving end before data transmission, which is usually achieved through a certain network protocol (such as TCP/IP) and corresponding configuration.

The sender initiates a connection request to the receiver, which usually includes the identification information of the sender and the receiver (such as IP address and port number). After receiving the connection request, the receiver will verify and confirm the connection. This usually involves one or more handshake processes (such as TCP's three-way handshake) to ensure that both parties are ready for data transmission. Once the connection is confirmed, a predetermined connection channel is established between the sender and the receiver. This channel can be used for subsequent data transmission.

Using a scheduled connection channel can ensure the reliability of data during sending and receiving. Especially for connection-oriented protocols (such as TCP), it provides a confirmation mechanism for data packets to ensure that data packets can reach the receiving end in order and without error.

Through the above steps S102-S108, a data transmission instruction is received from the transmitting end to send data to the receiving end, wherein the transmitting end includes at least one of the following: a predetermined IoT device, DPU, and the receiving end includes at least one of the following: a predetermined IoT device, DPU, and the transmitting end is different from the receiving end; in response to the data transmission instruction, the transmission data and the transmitting end identifier sent by the transmitting end are obtained; the receiving end identifier corresponding to the transmitting end identifier is determined; and the transmission data is sent to the receiving end corresponding to the receiving end identifier through a predetermined connection channel. That is, data transmission can only be carried out through a specific predetermined connection channel and a corresponding identifier to ensure the security of data transmission. In addition, the DPU is located in the data communication chip, and the data communication chip includes: target middleware and security protection components, the target middleware includes a data processing unit DPU layer, a bottom communication driver layer, a system adaptation layer, the DPU layer is connected to the bottom communication driver layer, the bottom communication driver layer is connected to the system adaptation layer, and the DPU layer includes the DPU; the bottom communication driver layer is a layer obtained by encapsulating the target communication protocol, and the target communication protocol includes the communication protocol corresponding to the first driver for internal communication of the data communication system, and the communication protocol corresponding to the second driver for external communication of the data communication system; the system adaptation layer includes an information library module and a security protection module, the information library module is used to establish a connection channel between the predetermined IoT device and the DPU, and the security protection module is used to encrypt and decrypt the data transmitted between the predetermined IoT device and the DPU. It can be seen that it can play a certain role in security protection, thereby solving the technical problem of low security when conducting data communication in the relevant technology.

As an optional embodiment, before sending the transmission data to the receiving end corresponding to the receiving end identifier through the predetermined connection channel, it also includes: obtaining the first connection data sent by the predetermined IoT device and the second connection data sent by the DPU, wherein the first connection data includes the first task subject name and the IoT device identifier, and the second connection data includes the second task subject name and the DPU port identifier; based on the first task subject name and the second task subject name, matching the predetermined IoT device and the DPU to obtain a matching result; if the match is successful, establishing a predetermined connection channel between the predetermined IoT device and the DPU based on the first connection data and the second connection data; and feeding back the matching result to the predetermined IoT device, so that the predetermined IoT device can transmit data with the DPU through the connection channel.

In this embodiment, the process of establishing a data connection before data transmission is described.

With the predetermined IoT device as the receiving end and the DPU as the sending end, establishing a data transmission link between the IoT device and the DPU mainly includes the following steps. The publisher P (the same as the application in the predetermined IoT device) obtains the communication identifier rioId_host1 (the same as the IoT device identifier), and sends the topic name topic Name (the same as the first task topic name) and the communication identifier rioId_host1 to the information library of the middleware (that is, the middleware in the communication data chip obtains the first connection data sent by the predetermined IoT device). The DPU sends the topic name topic Name (the same as the second task topic name) and the DPU transceiver port rioId_dpu (the same as the DPU port identifier) to the information library of the middleware (that is, the middleware in the communication data chip obtains the second connection data sent by the DPU). After the information library receives the publishing information of the publisher P and the subscription information of the DPU, it completes the matching through the topic topic Name, and then feeds back the subscription information to the publisher P; after the publisher P receives the subscription information, it opens the sending window, and the handshake successfully establishes the channel to prepare for the subsequent sending of information. The above is the publish-subscribe matching principle when the IoT device sends information and the DPU receives the information. When the DPU sends information and the IoT device receives the information, the matching principle is similar.

As an optional embodiment, transmission data is sent to a receiving end corresponding to a receiving end identifier through a predetermined connection channel, including: when the sending end is a predetermined IoT device and the receiving end is a DPU, transmission data is obtained and stored in a data buffer; the first address and data length of the transmission data are stored in an address buffer; based on the first address recorded in the address buffer, transmission data is retrieved from the data buffer, and the transmission data is sent to the receiving end corresponding to the receiving end identifier and to the DPU through a predetermined connection channel.

In this embodiment, the process of data transmission is described when the sending end is a predetermined IoT device and the receiving end is a DPU. That is, the predetermined IoT device is responsible for collecting data. The collected data is transmitted to the data buffer of the sending end, waiting for further processing. The sending end records the first address of the transmission data (that is, the starting position of the data in the data buffer) and the data length (that is, the number of bytes of the data) in the address buffer. This step is to be able to accurately retrieve the required data from the data buffer later. The sending end retrieves the transmission data from the data buffer based on the first address recorded in the address buffer. Through a predetermined connection channel (which may be a wired or wireless network connection), the retrieved data is sent to the receiving end (that is, the DPU) corresponding to the receiving end identifier.

It should be noted that before sending data, the sender can verify the data to ensure the integrity and accuracy of the data. The verification method may include CRC (cyclic redundancy check), MD5 or SHA. If the amount of data to be transmitted is large, in order to improve transmission efficiency and reduce bandwidth usage, the sender can compress the data. The compression algorithm can be selected according to the characteristics of the data and transmission requirements, such as gzip, zlib, etc.

It should also be noted that if there is a mismatch in the data transmission rate between the sender and the receiver, data loss or buffer overflow may occur. Therefore, it is necessary to implement flow control mechanisms such as sliding window protocols and stop-and-wait protocols to ensure stable data transmission.

For example, when the IoT device sends information to the DPU, the sender includes a unified data buffer DataBuf_send and address buffer AddrFifo. First, a space is requested in the sending buffer DataBuf_send through PCIePreWrite to store the data to be sent; after the data is put into DataBuf_send, the first address and length of the data segment are put into AddrFifo through PCIeWrite; the sending task reads the address list in the address buffer AddrFifo and sends it one by one. In addition to the data first address and length, the parameters sent also include the destination communication identifier of the data in the data packet header; after the sending is completed, an interrupt will be sent to the receiving end DPU to inform that the message has been sent.

As an optional embodiment, after sending the transmission data to the receiving end corresponding to the receiving end identifier through a predetermined connection channel, it also includes: when the sending end is a DPU and the receiving end is a predetermined IoT device, determining the task subject name corresponding to the transmission data; and sending the transmission data to a storage area corresponding to the task subject name.

In this embodiment, the process of data transmission is described when the sending end is a DPU and the receiving end is a predetermined IoT device. On the DPU side, it is first necessary to determine the task subject name corresponding to the transmission data. This task subject name is usually predefined and is used to identify a specific data type, purpose, or application scenario. The task subject name can be a simple string or a composite identifier containing more metadata. Once the task subject name is determined, the DPU will send the transmission data to the storage area or message queue corresponding to the subject name. This storage area or message queue is usually provided by a middleware (such as a message agent, message server, or IoT platform) for transmitting messages between the DPU and the IoT device.

For example, when the IoT device receives information from the DPU, the receiving end has a receiving buffer DataBuf_recv_i corresponding to the DPU sender, and an address buffer AddrFifo_j corresponding to each subscribed topic. After receiving the interrupt, the receiving end parses the data address; reads the received data packet header, obtains the topic information corresponding to the data, and stores the first address and length of the data segment into the address buffer corresponding to the corresponding topic on the receiving node; the application on the IoT device obtains the first address and length of the corresponding data in AddrFifo_j through PCIeRead; after the data is used, the data space is released through PCIePostRead.

As an optional embodiment, sending transmission data to a receiving end corresponding to a receiving end identifier through a predetermined connection channel includes: encrypting the transmission data to obtain encrypted transmission data; sending the encrypted transmission data to a receiving end corresponding to the receiving end identifier through a predetermined connection channel.

In this embodiment, it is explained that the transmission data can be processed in a predetermined manner. In order to ensure the security of data transmission, the sending end can encrypt the data. After receiving the data, the receiving end (DPU) needs to perform corresponding decryption operations to restore the original data. In the process of data transmission, encryption processing is a key step to ensure data security. Through encryption, data can be prevented from being illegally intercepted, tampered with or leaked during transmission, and the confidentiality, integrity and authenticity of the data can be protected.

Based on the above embodiments and optional embodiments, an optional implementation is provided, which is described in detail below.

An optional implementation of the present invention proposes a data communication chip, in which an IoT device-DPU credentialing adaptation middleware architecture is set up, which is used for credentialing adaptation of IoT devices and DPUs, provides a DPU callable API for the domestic operating system of IoT devices, and calls the communication and security protection capabilities on the DPU through the message queue subscription and publishing mechanism to complete the communication, security uninstallation and collaborative adaptation of the IoT device. In addition, a lightweight embedded security protection adapter component is set up. Lightweight embedded access control and secure transmission are implemented on the DPU, and efficient protection of the IoT device is achieved through the DPU's front-end security protection capabilities.

The IoT device-DPU information innovation adaptation middleware proposed in the optional implementation mode of the present invention designs a secure collaborative adaptation scheme for the IoT device and the DPU by combining software and hardware. The middleware provides a communication transmission link and a callable API for the domestic operating system of the upper-level IoT device, meeting the requirements of unified access to the communication link of the IoT device and reliable data reception and transmission, shielding the complex communication link of the DPU for the upper-level application, providing a unified and transparent data transmission interface, and adapting to various DPU security transmission protocol stacks at the same time, so that the domestic operating system adapts to the DPU information transmission and distribution capabilities, and provides support for the business information transmission and data security of the new power system.

The optional implementation mode of the present invention proposes a credible innovation adaptation middleware design for IoT devices and DPUs, which has several main features: (1) The data transmission between application software adopts a publish-subscribe mechanism, so that the application does not need to pay attention to the source and destination of the data, and supports the loose coupling integration of multiple applications in the system; (2) It provides a unified data sending and receiving interface to support efficient and stable interaction between IoT devices and DPUs, thereby improving the efficiency of application layer software development. (3) By setting a lightweight embedded security protection adapter component, a lightweight embedded security protection adapter component is deployed on the DPU card of the IoT device to receive security policies issued by the user. The traffic uniformly sent and received by the credible innovation adaptation middleware needs to be processed by the security protection component first, thereby effectively protecting the safe operation of the operating system and upper-layer applications, and can also effectively shield malicious attackers from sending viruses or attack traffic. Lightweight access control strategies and hardware-implemented encryption methods are embedded in the security protection component to achieve lightweight security protection for IoT devices. (4) The lightweight embedded security protection adapter component provides a configuration API, allowing the upper-layer application to customize the DPU access control filtering rules according to its own needs, and calls the security protection adapter component configuration API through the trusted innovation adapter middleware to send it to the DPU, thereby realizing flexible access control filtering rules and policies, and filtering messages with special characteristics. By defining access control rules, it helps to protect the communication-oriented workload and internal data transmission load on the network, protect the traffic between the operating system and the upper-layer application on the IoT device, and the traffic between applications on the virtual subnet inside the operating system. (5) The lightweight embedded security protection adapter component implements trusted innovation adaptation for data security transmission through hardware encryption, triggers the IPSEC IKE protocol and negotiates with the destination DPU card, completes identity authentication and encryption parameter negotiation, and establishes a tunnel. When the encrypted tunnel is established, the data is encrypted and passed to the network acceleration engine to be sent to the destination DPU. After the destination DPU receives the IPSEC data message, it completes the data decryption and sends it to the application in the operating system through the information middleware, thus completing the data encryption transmission process.

The IoT device-DPU xinchuang adaptation middleware adopts a hierarchical design, which mainly includes a DPU layer, an underlying communication driver layer, a system adaptation layer and a middleware interface layer. FIG2 is a hierarchical design diagram of the middleware provided by an optional embodiment of the present invention. FIG3 is a schematic diagram of the connection between the IoT device and the data communication chip provided by an optional embodiment of the present invention, as shown in FIG2, including the following layers:

DPU layer: This layer offloads the security protection business and network transmission business of the IoT device, and is implemented through hardware to improve security and processing efficiency.

Bottom layer communication driver layer: This layer mainly adapts and encapsulates the PCIe driver for internal communication between IoT devices and DPU and the RDMA and other communication protocols for external communication of IoT devices. For PCIe driver, it is developed based on the open source Linux device driver model for domestic operating systems; for RDMA and other communication protocols, IoT devices realize data transmission and reception through the RDMA protocol stack provided by DPU and the shared memory related interfaces provided by the operating system.

System adaptation layer: The general publishing and subscription registration module is used to implement the operating system application to send registration information to the information library; the information library module completes the handshake matching of all publishing and subscription information; the security protection module provides configurable and callable security protection services for upper-level applications.

Middleware interface layer: This layer provides a general interface for sending and receiving information based on the publish-subscribe mechanism and a configuration interface for security capabilities.

As shown in FIG3 , the IoT device and the data communication chip are connected through a physical connection to achieve data transmission.

Based on the above-mentioned IoT device-DPU information innovation adaptation middleware architecture, an IoT device-DPU message publishing and subscription mechanism is set up.

The IoT device-DPU Xinchuang adaptation middleware realizes the communication transmission between the IoT device and the DPU based on the publish-subscribe mechanism, and establishes the underlying transmission link for the IoT device's domestic operating system application and the DPU to realize data transmission. The establishment of the data transmission link between the IoT device and the DPU mainly includes the following steps. The publisher P obtains the communication identifier rioId_host1, and sends the topic name topicName and the communication identifier rioId_host1 to the information library of the middleware; the DPU sends the topic name topicName and the DPU transceiver port rioId_dpu to the information library of the middleware; after the information library receives the publisher P's publishing information and the DPU's subscription information, it completes the matching through the topic topicName, and then feeds back the subscription information to the publisher P; after the publisher P receives the subscription information, it opens the sending window and prepares to send information. The above is the publish-subscribe matching principle when the IoT device sends information and the DPU receives information. When the DPU sends information and the IoT device receives information, the matching principle is similar.

The information between the IoT device and the DPU is sent and received based on the data transmission link. The information transmission and reception between the two includes two parts: the IoT device sends information to the DPU, and the IoT device receives information from the DPU. When the IoT device sends information to the DPU, the sender includes a unified data buffer DataBuf_send and an address buffer AddrFifo. First, a space is requested in the sending buffer DataBuf_send through PCIePreWrite to store the data to be sent; after the data is put into DataBuf_send, the first address and length of the data segment are put into AddrFifo through PCIeWrite; the sending task is sent one by one by reading the address list in the address buffer AddrFifo. In addition to the data first address and length, the parameters sent also include the destination communication identifier of the data in the data packet header; after the sending is completed, an interrupt will be sent to the receiving end DPU.

When the IoT device receives information from the DPU, the receiving end has a receiving buffer DataBuf_recv_i corresponding to the DPU sender, and an address buffer AddrFifo_j corresponding to each subscribed topic. After receiving the interrupt, the receiving end parses the data address; reads the received data packet header, obtains the topic information corresponding to the data, and stores the first address and length of the data segment into the address buffer corresponding to the corresponding topic on the receiving node; the application on the IoT device obtains the first address and length of the corresponding data in AddrFifo_j through PCIeRead; after the data is used, the data space is released through PCIePostRead.

In the specific implementation process, the communication process is supported by the PCIE-DPU device driver. The driver mainly includes creating a dma character driver module instance, creating and initializing a pci_driver bus instance, registering a dma device driver interface function, and unregistering a dma character driver module. The creation of the dma character driver is mainly in the xdma_mod.c file, and the module_init (xdma_mod_init) function implements the creation, where xdma_mod_init (void) calls the xdma_cdev_init () function to complete the specific registration and initialization process. Because this device driver still communicates through the PCIE bus at the interface level, it is necessary to create and initialize the pci_driver bus instance. The kernel provides the pci_register_driver () function to implement bus creation and initialization. To register the dma character device driver interface, you must first call the alloc_chrdev_region () function to dynamically apply for a device node from the system. After the application is completed, the obtained device number will be placed in the first parameter dev. The member functions in the file_operation structure are the main content of the character device driver design. These functions will actually be called by the kernel when the application performs Linux open(), write(), read(), close() and other system calls, so the specific member functions of this structure must be instantiated. Then use the cdev_init() function to establish a connection between cdev and file_operation, and finally use the cdev_add() function to add a cdev to the system to complete the registration of the character device. The call to cdev_add() usually occurs in the character device driver module loading function. The deregistration of the dma character driver module is mainly implemented by the module_exit (xdma_mod_exit) function. Among them, the xdma_mod_exit() function completes the specific deregistration process.

It should be noted that Figure 4 is a schematic diagram of data transmission between multiple groups of IoT devices-DPU combination devices provided in an optional embodiment of the present invention. As shown in Figure 4, when connecting between different DPUs, data transmission can be achieved in an encrypted manner.

Through the above optional implementation, at least the following beneficial effects can be achieved:

(1) A IoT device-DPU credentialing adaptation middleware architecture is proposed for the credentialing adaptation of IoT devices and DPUs. It provides a DPU callable API for the domestic operating system of IoT devices, calls the communication and security protection capabilities on the DPU through the message queue subscription and publishing mechanism, and completes the communication, security offloading and collaborative adaptation of IoT devices.

(2) A lightweight embedded security protection adapter component was designed. Lightweight embedded access control and secure transmission were implemented on the DPU, and efficient protection of IoT devices was achieved through the DPU's front-end security protection capabilities;

(3) The present invention is applicable to the communication and security service unloading of the domestic operating system of the new power system edge IoT device, and is verified on the IoT device based on the operating system. This patent is adapted to the IoT device equipped with the Linux kernel OpenHarmony system, and the DPU trust creation adaptation middleware and driver development are carried out based on the driver framework (HDF) of the Hongmeng system. The trust creation adaptation middleware provides the IoT device with: a PCIE channel connecting the DPU to the server; carrying network and storage device functions that meet the virtio specification on the PCIE channel; and providing the server with an Ethernet interface connected to the external network. Provide data exchange and interconnection logic between virtio-net, virtio-blk devices and Ethernet interfaces. The security component service completes the security service unloading processing, and provides network service data communication, storage data communication encryption and decryption processing, and access control processing. By adopting a decoupled design approach, the traditional DPU logic is decomposed into two parts: the trusted innovation adapter middleware, which is responsible for the communication between DPUs and external communication functions of IoT devices, and the security adapter component, which completes the security business offloading and acceleration processing. In addition, in order to consider the upgradeability of security capabilities, it supports the configuration of security adapter components through the API provided by the trusted innovation adapter middleware, so as to realize online upgrade and adaptation of security capabilities.

It should be noted that, for the above-mentioned method embodiments, for the sake of simplicity, they are all described as a series of action combinations, but those skilled in the art should know that the present invention is not limited by the described order of actions, because according to the present invention, certain steps can be performed in other orders or simultaneously. Secondly, those skilled in the art should also know that the embodiments described in the specification are all preferred embodiments, and the actions and modules involved are not necessarily required by the present invention.

Through the description of the above implementation methods, those skilled in the art can clearly understand that the method according to the above embodiment can be implemented by means of software plus a necessary general hardware platform, and of course can also be implemented by hardware, but in many cases the former is a better implementation method. Based on such an understanding, the technical solution of the present invention, or the part that contributes to the prior art, can be embodied in the form of a software product, which is stored in a storage medium (such as ROM/RAM, a magnetic disk, or an optical disk), and includes a number of instructions for a terminal device (which can be a mobile phone, a computer, a server, or a network device, etc.) to execute the methods of various embodiments of the present invention.

Example 2

According to an embodiment of the present invention, a device for implementing the above-mentioned data communication method is also provided. Figure 5 is a structural block diagram of the data communication device according to an embodiment of the present invention. As shown in Figure 5, the device includes: a receiving module 502, an acquisition module 504, a determination module 506 and a sending module 508. The device is described in detail below.

A receiving module 502 is used to receive a data transmission instruction from a sending end to send data to a receiving end, wherein the sending end includes at least one of the following: a predetermined Internet of Things device, a DPU included in a data communication chip, and the receiving end includes at least one of the following: the predetermined Internet of Things device, the DPU, and the sending end is different from the receiving end; an acquisition module 504 is connected to the above-mentioned receiving module 502, and is used to respond to the data transmission instruction to obtain the transmission data and the sending end identifier sent by the sending end; a determination module 506 is connected to the above-mentioned acquisition module 504, and is used to determine the receiving end identifier corresponding to the sending end identifier; a sending module 508 is connected to the above-mentioned determination module 506, and is used to send the transmission data to the receiving end corresponding to the receiving end identifier through a predetermined connection channel.

It should be noted here that the above-mentioned receiving module 502, acquisition module 504, determination module 506 and sending module 508 correspond to steps S102 to S108 in implementing the data communication method, and the instances and application scenarios implemented by multiple modules and corresponding steps are the same, but are not limited to the contents disclosed in the above-mentioned embodiment 1.

According to another aspect of an embodiment of the present invention, there is provided an electronic device, comprising: a processor; and a memory for storing instructions executable by the processor, wherein the processor is configured to execute the instructions to implement any one of the above data communication methods.

According to another aspect of an embodiment of the present invention, a computer-readable storage medium is provided. When instructions in the computer-readable storage medium are executed by a processor of an electronic device, the electronic device can execute any of the above-mentioned data communication methods.

The serial numbers of the above embodiments of the present invention are only for description and do not represent the advantages or disadvantages of the embodiments.

In the above embodiments of the present invention, the description of each embodiment has its own emphasis. For parts that are not described in detail in a certain embodiment, reference can be made to the relevant descriptions of other embodiments.

In the several embodiments provided in this application, it should be understood that the disclosed technical content can be implemented in other ways. Among them, the device embodiments described above are only schematic. For example, the division of the units can be a logical function division. There may be other division methods in actual implementation. For example, multiple units or components can be combined or integrated into another system, or some features can be ignored or not executed. Another point is that the mutual coupling or direct coupling or communication connection shown or discussed can be through some interfaces, indirect coupling or communication connection of units or modules, which can be electrical or other forms.

The units described as separate components may or may not be physically separated, and the components shown as units may or may not be physical units, that is, they may be located in one place or distributed on multiple units. Some or all of the units may be selected according to actual needs to achieve the purpose of the present embodiment.

In addition, each functional unit in each embodiment of the present invention may be integrated into one processing unit, or each unit may exist physically separately, or two or more units may be integrated into one unit. The above-mentioned integrated unit may be implemented in the form of hardware or in the form of software functional units.

If the integrated unit is implemented in the form of a software functional unit and sold or used as an independent product, it can be stored in a computer-readable storage medium. Based on this understanding, the technical solution of the present invention, in essence, or the part that contributes to the prior art, or all or part of the technical solution can be embodied in the form of a software product, and the computer software product is stored in a storage medium, including a number of instructions for a computer device (which can be a personal computer, a server or a network device, etc.) to perform all or part of the steps of the method described in each embodiment of the present invention. The aforementioned storage medium includes: U disk, read-only memory (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), mobile hard disk, disk or optical disk and other media that can store program codes.

The above is only a preferred embodiment of the present invention. It should be pointed out that for ordinary technicians in this technical field, several improvements and modifications can be made without departing from the principle of the present invention. These improvements and modifications should also be regarded as the scope of protection of the present invention.

Claims (10)

1. A data communication chip, comprising: the target middleware comprises a Data Processing Unit (DPU) layer, a bottom communication driving layer and a system adaptation layer, wherein the DPU layer is connected with the bottom communication driving layer, the bottom communication driving layer is connected with the system adaptation layer, and the DPU layer comprises a Data Processing Unit (DPU);

The bottom communication driving layer is a layer obtained after packaging a target communication protocol, wherein the target communication protocol comprises a communication protocol corresponding to a first driver for internal communication of a data communication system and a communication protocol corresponding to a second driver for external communication of the data communication system;

The system adaptation layer comprises an information base module and a safety protection module, wherein the information base module is used for establishing a connection channel between a preset internet of things device and the DPU, and the safety protection module is used for encrypting and decrypting protection on data transmitted between the preset internet of things device and the DPU.

2. A data communication system, comprising: the data communication chip of claim 1, wherein said predetermined internet of things device is connected to said data communication chip.

3. A method of data communication, comprising:

Receiving a data transmission instruction from a transmitting end to a receiving end, wherein the transmitting end comprises at least one of the following components: the predetermined internet of things device, as set forth in claim 1, the DPU included in the data communication chip, the receiving end including at least one of: the DPU is arranged on the predetermined internet of things device, and the sending end is different from the receiving end;

Responding to the data transmission instruction, and acquiring transmission data sent by a sending end and a sending end identifier;

Determining a receiving end identifier corresponding to the transmitting end identifier;

And sending the transmission data to a receiving end corresponding to the receiving end identifier through a preset connection channel.

4. A method according to claim 3, wherein before sending the transmission data to the receiving end corresponding to the receiving end identifier through a predetermined connection channel, the method further comprises:

Acquiring first construction and connection data sent by the preset internet of things device and second construction and connection data sent by the DPU, wherein the first construction and connection data comprises a first task subject name and an internet of things device identifier, and the second construction and connection data comprises a second task subject name and a DPU port identifier;

based on the first task subject name and the second task subject name, matching the predetermined internet of things device with the DPU to obtain a matching result;

under the condition that the matching is successful, establishing a preset connection channel between the preset internet of things device and the DPU based on the first establishing connection data and the second establishing connection data;

And feeding back the matching result to the predetermined internet of things device so that the predetermined internet of things device performs data transmission with the DPU through the connecting channel.

5. A method according to claim 3, wherein sending the transmission data to the receiving end corresponding to the receiving end identifier through a predetermined connection channel comprises:

When the sending end is the preset internet of things device and the receiving end is the DPU, acquiring the transmission data and storing the transmission data into a data buffer area;

Storing the first address and the data length of the transmission data into an address buffer area;

And according to the head address recorded in the address buffer area, the transmission data is called from the data buffer area, and the transmission data is sent to a receiving end corresponding to the receiving end identifier and is sent to the DPU through a preset connection channel.

6. A method according to claim 3, wherein after transmitting the transmission data to the receiving end corresponding to the receiving end identifier through a predetermined connection channel, the method further comprises:

Determining a task subject name corresponding to the transmission data under the condition that a transmitting end is the DPU and a receiving end is the predetermined internet of things device;

And sending the transmission data to a storage area corresponding to the task topic name.

7. A method according to claim 3, wherein sending the transmission data to the receiving end corresponding to the receiving end identifier through a predetermined connection channel comprises:

encrypting the transmission data to obtain encrypted transmission data;

And sending the encrypted transmission data to a receiving end corresponding to the receiving end identifier through the preset connection channel.

8. A data communication apparatus, comprising:

the receiving module is used for receiving a data transmission instruction from a sending end to a receiving end, wherein the sending end comprises at least one of the following components: the predetermined internet of things device, as set forth in claim 1, the DPU included in the data communication chip, the receiving end including at least one of: the DPU is arranged on the predetermined internet of things device, and the sending end is different from the receiving end;

the acquisition module is used for responding to the data transmission instruction and acquiring transmission data sent by the sending end and the identification of the sending end;

the determining module is used for determining a receiving end identifier corresponding to the transmitting end identifier;

And the sending module is used for sending the transmission data to the receiving end corresponding to the receiving end identifier through a preset connection channel.

9. An electronic device, comprising:

A processor;

A memory for storing the processor-executable instructions;

wherein the processor is configured to execute the instructions to implement the data communication method of any one of claims 3 to 7.

10. A computer readable storage medium, characterized in that instructions in the computer readable storage medium, when executed by a processor of an electronic device, enable the electronic device to perform the data communication method of any one of claims 3 to 7.