[go: up one dir, main page]

CN120017322A - Device communication method, system, electronic device and storage medium - Google Patents

Device communication method, system, electronic device and storage medium Download PDF

Info

Publication number
CN120017322A
CN120017322A CN202510042254.8A CN202510042254A CN120017322A CN 120017322 A CN120017322 A CN 120017322A CN 202510042254 A CN202510042254 A CN 202510042254A CN 120017322 A CN120017322 A CN 120017322A
Authority
CN
China
Prior art keywords
edge computing
computing device
determining
key
serial number
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202510042254.8A
Other languages
Chinese (zh)
Inventor
郭迪清
王奇锋
仵浩
林朝福
谢盛
陈鹏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Jiangxi Guanying Intelligent Technology Co ltd
Original Assignee
Jiangxi Guanying Intelligent Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Jiangxi Guanying Intelligent Technology Co ltd filed Critical Jiangxi Guanying Intelligent Technology Co ltd
Priority to CN202510042254.8A priority Critical patent/CN120017322A/en
Publication of CN120017322A publication Critical patent/CN120017322A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/54Presence management, e.g. monitoring or registration for receipt of user log-on information, or the connection status of the users
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Power Engineering (AREA)
  • Computer And Data Communications (AREA)

Abstract

本申请提供一种设备通信方法、系统、电子设备及存储介质,应用于通信技术领域,其中方法包括:基于默认加密算法与默认密钥对所述边缘计算设备的设备序列号进行加密,得到加密序列号,并向管理平台发送注册请求,所述注册请求包括所述设备序列号以及加密序列号;响应于接收到管理平台发送的注册请求通过信息,将所述边缘计算设备的设备信息发送至管理平台。本申请不仅确保了边缘计算设备的唯一性和身份的真实性,还简化了边缘计算设备的注册流程,提高了边缘计算设备接入的效率。

The present application provides a device communication method, system, electronic device and storage medium, which are applied to the field of communication technology, wherein the method includes: encrypting the device serial number of the edge computing device based on the default encryption algorithm and the default key to obtain the encrypted serial number, and sending a registration request to the management platform, wherein the registration request includes the device serial number and the encrypted serial number; in response to receiving the registration request information sent by the management platform, the device information of the edge computing device is sent to the management platform. The present application not only ensures the uniqueness and authenticity of the edge computing device, but also simplifies the registration process of the edge computing device and improves the efficiency of edge computing device access.

Description

Device communication method, system, electronic device and storage medium
Technical Field
The present application relates to the field of communications technologies, and in particular, to a device communication method, a system, an electronic device, and a storage medium.
Background
In the current industrial internet of things environment, the access and management of equipment is a complex and key link. Conventional internet of things management platforms typically require that information of a device be pre-added and related key information be written into the device before the device is accessed. Although the safety of the equipment can be ensured to a certain extent, a plurality of inconveniences exist in actual operation, especially when a large number of equipment are needed to be accessed, the efficiency is low and the error is easy to occur. And requires a lot of manpower and time.
Disclosure of Invention
In view of the above, the present application is directed to a device communication method, a system, an electronic device and a storage medium, so as to improve the efficiency of device access.
Based on the above object, the present application provides a device communication method, including:
Encrypting the equipment serial number of the edge computing equipment based on a default encryption algorithm and a default secret key to obtain an encrypted serial number, and sending a registration request to a management platform, wherein the registration request comprises the equipment serial number and the encrypted serial number;
And in response to receiving the registration request passing information sent by the management platform, sending the device information of the edge computing device to the management platform.
Based on the same inventive concept, the application also provides a device communication system, which comprises edge computing devices and a management platform;
The edge computing device is configured to encrypt a device serial number of the edge computing device based on a default encryption algorithm and a default key to obtain an encrypted serial number, and send a registration request to a management platform, wherein the registration request comprises the device serial number and the encrypted serial number;
The management platform is configured to decrypt the encrypted serial number according to a default encryption algorithm and a default key to obtain a decrypted serial number in response to receiving a registration request sent by the edge computing device, and send registration request passing information to the edge computing device in response to determining that the decrypted serial number is identical to the device serial number.
Based on the same inventive concept, the application also provides an electronic device comprising a memory, a processor and a computer program stored on the memory and executable by the processor, the processor implementing the method as described above when executing the computer program.
Based on the same inventive concept, the present application also provides a non-transitory computer-readable storage medium storing computer instructions for causing a computer to perform the method as described above.
From the above, the device communication method, system, electronic device and storage medium provided by the application, wherein the method comprises the steps of encrypting the device serial number of the edge computing device based on a default encryption algorithm and a default key to obtain an encrypted serial number, sending a registration request to a management platform, wherein the registration request comprises the device serial number and the encrypted serial number, and sending the device information of the edge computing device to the management platform in response to receiving registration request passing information sent by the management platform. The method not only ensures the uniqueness and the identity authenticity of the edge computing equipment, but also simplifies the registration flow of the edge computing equipment and improves the access efficiency of the edge computing equipment.
Drawings
In order to more clearly illustrate the technical solutions of the present application or related art, the drawings that are required to be used in the description of the embodiments or related art will be briefly described below, and it is apparent that the drawings in the following description are only embodiments of the present application, and other drawings may be obtained according to the drawings without inventive effort to those of ordinary skill in the art.
FIG. 1 is a flow chart of a method of device communication according to an embodiment of the present application;
FIG. 2 is a flow chart of a method of device communication according to another embodiment of the present application;
FIG. 3 is a schematic diagram of a communication device of an embodiment of the present application;
fig. 4 is a schematic diagram of a hardware structure of an electronic device according to an embodiment of the present application.
Detailed Description
The present application will be further described in detail below with reference to specific embodiments and with reference to the accompanying drawings, in order to make the objects, technical solutions and advantages of the present application more apparent.
It should be noted that unless otherwise defined, technical or scientific terms used in the embodiments of the present application should be given the ordinary meaning as understood by one of ordinary skill in the art to which the present application belongs. The terms "first," "second," and the like, as used in embodiments of the present application, do not denote any order, quantity, or importance, but rather are used to distinguish one element from another. The word "comprising" or "comprises", and the like, means that elements or items preceding the word are included in the element or item listed after the word and equivalents thereof, but does not exclude other elements or items. The terms "connected" or "connected," and the like, are not limited to physical or mechanical connections, but may include electrical connections, whether direct or indirect. "upper", "lower", "left", "right", etc. are used merely to indicate relative positional relationships, which may also be changed when the absolute position of the object to be described is changed.
In the related art, in the current industrial internet of things environment, the access and management of equipment are a complex and key link. Conventional internet of things management platforms typically require that information of a device be pre-added and related key information be written into the device before the device is accessed. Although the safety of the equipment can be ensured to a certain extent, a plurality of inconveniences exist in actual operation, especially when a large number of equipment are needed to be accessed, the efficiency is low and the error is easy to occur. The process of pre-adding device information and key writing requires a significant amount of manpower and time. This not only increases the operating cost, but also may lead to an extension of the on-line period of the equipment, affecting the production efficiency. In addition, the method also depends on manual operation, and human errors such as information input errors or key configuration errors are easy to occur, so that the equipment cannot be registered normally or communication security is reduced. Second, conventional industrial control systems typically rely on fixed communication keys for data transmission, which, while simple, are prone to attack breach when faced with complex network attacks. Once the fixed key is broken, the security of the whole system is subject to serious threat.
Based on the above problems, the applicant finds that the device serial number of the edge computing device is encrypted based on a default encryption algorithm and a default key to obtain an encrypted serial number, and sends a registration request to the management platform, wherein the registration request comprises the device serial number and the encrypted serial number, and the device information of the edge computing device is sent to the management platform in response to receiving registration request passing information sent by the management platform. The method not only ensures the uniqueness and the identity authenticity of the edge computing equipment, but also simplifies the registration flow of the edge computing equipment and improves the equipment access efficiency.
Embodiments of the present application are described in detail below with reference to the accompanying drawings.
In some embodiments, as shown in fig. 1, a device communication method is applied to an edge computing device, the method comprising:
S101, encrypting the equipment serial number of the edge computing equipment based on a default encryption algorithm and a default secret key to obtain an encrypted serial number, and sending a registration request to a management platform, wherein the registration request comprises the equipment serial number and the encrypted serial number;
in practice, when the edge computing device leaves the factory, a default encryption algorithm and a default key are generally configured. The default encryption algorithm may be a symmetric encryption algorithm. Each edge computing device will have a globally unique device serial number that identifies the uniqueness of the edge computing device. The device serial number needs to be encrypted by a default encryption algorithm and a default key prior to registration of the edge computing device. The purpose of encryption is to protect the identity information of the edge computing device from interception or tampering during transmission. The sequence number processed by the encryption algorithm is called an encrypted sequence number. After the encryption of the serial number is completed, the edge computing device sends a registration request to the management platform. The registration request contains the plaintext of the device serial number and the encrypted serial number. The device serial number is used for preliminary identification, and the encrypted serial number is used for verifying the validity and authenticity of the device. The access of unauthorized equipment is effectively prevented, so that the safety and reliability of the whole system are improved. The method not only ensures the uniqueness and the identity authenticity of the edge computing equipment, but also simplifies the registration flow of the edge computing equipment and improves the equipment access efficiency.
S102, in response to receiving the registration request passing information sent by the management platform, the device information of the edge computing device is sent to the management platform.
In the implementation, after receiving the registration request, the management platform decrypts the encrypted serial number by using the same default encryption algorithm and the default key to obtain a decrypted serial number. The management platform then compares the decrypted serial number with the device serial number, and if the decrypted serial number and the device serial number are consistent, the management platform indicates that the registration request of the edge computing device is legal, the edge computing device can be allowed to access the management platform, and registration request passing information is sent to the edge computing device. After receiving the confirmation information of the management platform, the edge computing device sends device information of the edge computing device to the management platform, wherein the device information may include a model number, a hardware specification, a software version, a sensor configuration and the like of the device. The system is not only beneficial to the monitoring and maintenance of the equipment state of the management platform, but also can provide a basis for data analysis and optimization for the management platform. For example, the management platform may optimize data processing flows based on information about the device or provide a faster response in the event of a device failure. Through this process, the edge computing device not only completes the preliminary registration, but also establishes a deeper level of connection with the management platform. The security and reliability of the equipment access are ensured, and meanwhile, support is provided for equipment management and data processing of the management platform.
In this embodiment, the device serial number is encrypted by using a default encryption algorithm and a key, so that the registration process of the device is simplified. The device can automatically generate the encryption serial number and send the registration request without manual intervention, so that the device access efficiency is greatly improved, and particularly when a large number of devices are accessed, the labor and time cost can be remarkably reduced. The use of the encrypted serial number ensures the safety of the equipment identity information in the transmission process and prevents interception or tampering. The management platform can effectively prevent unauthorized equipment from accessing by decrypting and verifying the encrypted serial number, and improves the overall safety and reliability of the system. The automated registration procedure reduces the need for manual operations, thereby reducing the risk of information entry errors or key configuration errors. Not only improves the accuracy, but also reduces the extension of the on-line period of the equipment.
In some embodiments, as shown in fig. 2, a device communication method is applied to a management platform, and the method includes:
S201, in response to receiving a registration request sent by the edge computing device, decrypting the encrypted serial number according to a default encryption algorithm and a default key to obtain a decrypted serial number;
In particular, when an edge computing device first accesses the management platform, a registration request is sent. The registration request contains a device serial number and an encrypted serial number of the device. The device serial number is used to identify the identity of the device, and the encrypted serial number is used to verify the legitimacy of the device. In the initial communication between the edge computing device and the management platform, a default encryption algorithm and default keys are typically used to ensure the security of the initial communication. After receiving the registration request, the management platform decrypts the encrypted serial number sent by the device by using a default encryption algorithm and a default key. The purpose of decryption is to restore the original serial number of the device (i.e., the decrypted serial number) for subsequent verification. Through the decryption process, the management platform obtains a decrypted serial number.
S202, in response to determining that the decryption serial number is identical to the equipment serial number, sending registration request passing information to the edge computing equipment.
When the management platform obtains the decryption serial number through decrypting the encryption serial number, the decryption serial number is compared with the equipment serial number. Verifying the identity authenticity of the device. The same decryption sequence number as the device sequence number indicates that the encrypted information sent by the device is authentic and that the identity of the edge computing device has been confirmed. The management platform may send a registration request pass information to the edge computing device. Indicating that the edge computing device may formally access and begin communicating with the management platform. The management platform not only confirms the legitimacy of the edge computing device, but also provides necessary support for the normal operation and data exchange of the device. The security and the reliability of the system are ensured, and meanwhile, the access flow of the edge computing equipment is simplified.
In this embodiment, the management platform can confirm the uniqueness and authenticity of the device by verifying the consistency of the decryption serial number and the device serial number. The risk of counterfeiting and impersonation of the device is prevented, ensuring that only authenticated devices can access the system. Meanwhile, the method supports large-scale equipment access, and meets the requirement of rapid increase of the number of the equipment in the industrial Internet of things environment.
In some embodiments, the method further comprises:
Responsive to determining that an edge computing device logs in to a management platform, determining whether the edge computing device is logged in for the first time according to a device serial number of the edge computing device;
In particular, when an edge computing device logs into the management platform, the management platform checks its login status according to the serial number of the device. In particular, the management platform may consult its device database or record to see if the device serial number is already in the registered device list, i.e., determine if the edge computing device is the first login based on the device serial number of the edge computing device.
And generating a communication key in response to determining that the edge computing device is logged in for the first time, and sending the communication key to the edge computing device, so that the edge computing device encrypts acquired data based on the communication key and sends the encrypted acquired data to the management platform.
In practice, if the device serial number does not exist in the record of the management platform, the device is indicated to be logged in for the first time. The management platform generates a new communication key and sends the new communication key to the edge computing device for encrypted communication between the edge computing device and the management platform, so that confidentiality and integrity of data are ensured. When the edge computing device receives the communication key, it configures it into its own cryptographic module. The communication key is used for encrypting and decrypting all communication data between the edge computing device and the management platform, ensuring confidentiality and integrity of the data in the transmission process, preventing unauthorized access and data leakage, and ensuring the security of the data.
In this embodiment, by generating a unique communication key for the first-logged-in device, it is ensured that all communication data between the edge computing device and the management platform is encrypted. The method effectively prevents the data from being intercepted, tampered or unauthorized access in the transmission process, and protects the confidentiality and the integrity of the data. By enhancing data security, simplifying equipment management flow and improving system flexibility, an efficient and reliable solution is provided for the access and management of edge computing equipment in an industrial Internet of things environment.
In some embodiments, after sending the communication key to the edge computing device, further comprising:
in response to receiving the acquired data encrypted based on the communication key sent by the edge computing device, determining whether the acquired data received in a preset history time meets a key security condition;
In specific implementation, the management platform continuously receives collected data from the edge computing device, wherein the collected data is information encrypted by using a communication key. Each time the collected data is received, the management platform decrypts and processes the information. To evaluate the security of the communication key, a preset history period is set (the preset history period is set to 1 hour, for example). The key security condition is a criterion for evaluating whether a key is still secure. For example, checking whether the received data is complete and has not been tampered with, monitoring whether the amount of data and the frequency of transmission received within a preset history period are abnormal, and detecting whether an abnormal access pattern or potential attack exists. The management platform analyzes whether the received data accords with the key security condition or not within the preset history duration. If the data shows abnormal conditions such as sudden increase of data volume, abnormal transmission frequency or data tampering signs, the communication key may be indicated to have security risk, and the data transmission security between the device and the management platform is protected in response to the potential security threat.
And in response to determining that the acquired data received in the preset historical time does not meet the key security condition, determining an updating time period of the communication key and updating the communication key in the updating time period.
In the specific implementation, the management platform analyzes the received collected data in a preset history time period to judge whether the collected data meets the key safety condition. If the data shows abnormal conditions, such as abnormal data quantity, unstable transmission frequency or data tampering signs, the collected data received in the preset history time is determined not to meet the key security condition, so that the security risk of the current communication key is possibly presented. The management platform needs to determine an appropriate update period to update the communication key. The update time period may be selected by considering various factors, namely, selecting a time period with a lower system load for key update, so as to reduce the influence on normal service as much as possible. The updating is performed in a period of low frequency of data transmission to reduce the risk of data loss or transmission interruption. The emergency degree of the updating time period is determined according to the urgency of the security threat. After determining the update period, the management platform may inform the edge computing device that it is ready for key updates. The management platform and the edge computing device will cooperatively perform a key update during the update period. Typically, the management platform will generate a new communication key and send it to the edge computing device via a secure channel. After receiving the new communication key, the edge computing device configures the new communication key into an own encryption module. After the key update is completed, the management platform and the edge computing device need to perform a communication test to confirm the validity and correctness of the new key. After the test is successful, the edge computing device can continue normal data transmission, ensuring that the new communication key has been validated. Through a dynamic key management mechanism, the management platform can respond to potential security threats in time, and the communication between the edge computing equipment and the management platform is ensured to be always in a secure state. Not only improves the safety of the system, but also enhances the adaptability to abnormal conditions.
In this embodiment, the management platform can identify potential security threats in time by continuously monitoring the collected data. If abnormal conditions are found, the communication key can be updated rapidly, the risk of being attacked is reduced, and the safety and the integrity of data transmission are ensured. By updating the communication key periodically and dynamically, an attacker can only attack with the communication key for a limited time even if the communication key is compromised or broken, thereby reducing the risk of data disclosure.
In some embodiments, the determining whether the collected data received in the preset history period satisfies the key security condition includes:
Determining the quantity of the acquired data received in a preset history time;
In particular implementations, the management platform may continuously monitor the amount of collected data received from the edge computing device. The change in the amount of data collected may reflect whether the communication of the edge computing device is normal and whether the security of the current communication key may be compromised. The preset historical duration is a fixed time window for counting and analyzing the quantity of the received collected data, identifying potential security threats in time, and taking corresponding measures (such as updating a communication key) to protect the security of communication. The management platform is not only helped to maintain the integrity of data transmission, but also can improve the response capability to abnormal behaviors.
And in response to determining that the number is greater than or equal to the preset number, determining that the acquired data received in the preset history period does not meet the key security condition.
In practice, a preset number is usually set in the management platform, and is used for evaluating whether the number of data received in the preset history period is normal or not. The preset number is set based on the normal communication behavior of the edge computing device and the expected amount of data transmission. If the number of received data is greater than or equal to the preset number (for example, the preset number may be set to 100) within the preset history period, it indicates that an attacker may be transmitting a large amount of counterfeit data using the current communication key during communication in an attempt to break the security line of the management platform, or the device may cause abnormal increase of data transmission due to configuration errors or software faults. At this time, the management platform will determine that the current communication key no longer satisfies the security condition. The management platform needs to take immediate measures to secure the communication. Common measures include generating and distributing new communication keys to edge computing devices to interrupt the use of old keys by an attacker, enhancing monitoring of the edge computing device communication, analyzing the origin and nature of the abnormal behavior, and preventing reoccurrence. The management platform can dynamically evaluate and respond to the security risk in communication, and ensures that data transmission between the edge computing device and the management platform is always in a secure state. Not only improves the security of the system, but also enhances the sensitivity and response speed to potential threats.
In this embodiment, the management platform may identify abnormal data transmission behaviors in time by monitoring the amount of received data in real time. Once the abnormal data transmission quantity is detected, the management platform can rapidly take measures, such as updating a communication key, so that the activities of attackers can be interrupted in time, and the communication process is protected from further security threat.
In some embodiments, the determining the update period of the communication key includes:
determining all receiving time for receiving the acquired data in a preset historical time, performing time sequence arrangement on all receiving time, and determining the time difference between adjacent receiving time;
In specific implementation, the management platform records the receiving time of each acquired data in a preset history time. The receive time provides detailed time information for communication between the edge computing device and the management platform. All reception times are arranged in time order. The method is helpful for analyzing the receiving frequency and interval of the collected data and revealing the time mode of the communication of the device. In the time-series arrangement of the reception times, a time difference between every two adjacent reception times is calculated. The magnitude and variation of the time difference may reveal regularity and anomalies in the device's communication. For example, if the time differences are approximately the same, it is indicated that the device is transmitting data at a stable frequency. If the time difference changes greatly, the communication instability of the equipment or the external interference exists, through the time analysis method, the management platform can better understand the communication behavior of the edge computing equipment, and take measures to adjust the communication strategy or update the security setting when required.
A standard deviation of all time differences is determined and an update period of the communication key is determined based on the standard deviation.
In practice, after obtaining the time differences between all adjacent reception times, the standard deviation of these time differences is calculated. The standard deviation reflects the degree of fluctuation of the time difference, i.e., the stability of the data reception interval. If the standard deviation is small, the time difference is not changed greatly, the data receiving frequency is stable, and the communication between the edge computing device and the management platform is normal and consistent. If the standard deviation is large, the time difference is large in change, and the data receiving frequency is unstable. This may indicate an abnormal condition in the communication process, such as network fluctuations, broken communication, or a potential security threat. If the standard deviation is small, frequent updating of the communication key may not be required because the communication environment is relatively secure and stable. A longer update period may be selected. If the standard deviation is large, indicating unstable communication or potential risk, it may be desirable to shorten the update period of the communication key to improve security and address potential threats. The management platform may dynamically adjust the update period of the communication key. The key management strategy can be adaptively changed under different communication environments, and the safety and reliability of the system are improved. Ensuring that communications between the edge computing device and the management platform remain secure and efficient at all times.
In this embodiment, the management platform can identify abnormal behavior or potential threats in the communication by analyzing the stability of the reception time. Under the condition of large standard deviation, shortening the updating time period of the secret key can reduce the possibility of an attacker to attack by using unstable communication, thereby improving the security of the system. In the case of stable communication (i.e., smaller standard deviation), a longer key update period can be selected, reducing unnecessary key update operations. The method is beneficial to reducing the calculation burden and the resource consumption of the system and improving the overall efficiency.
In some embodiments, the determining the update period of the communication key based on the standard deviation includes:
In response to determining that the standard deviation is less than or equal to a preset standard deviation, determining a time period within a preset duration from the current time as an update time period;
in particular, if the standard deviation is smaller than or equal to a preset standard deviation (the preset standard deviation is used for evaluating the stability of data reception), it indicates that the time interval of data reception is relatively stable, and no significant fluctuation occurs in the communication frequency. The update period of the key is set to be within a preset period of time from the current time (the preset period of time may be set to 1 minute, for example), indicating that the update of the communication key will be performed within a next preset period of time, to ensure that the key will not be used too long to increase security risk even under steady conditions. Specifically, the communication key is updated during the update period, a specific time point can be selected by a random algorithm for key update during the update period, a pseudorandom number generator (pseudorandom number generator, PRNG) can be used to implement the process, a random number between 0 and 1 is generated by using the pseudorandom number generator, the random number is multiplied by a preset duration to determine the specific time point of update, for example, if the preset duration is 60 seconds, and the generated random number is 0.5, the update will be performed during the 30 th second in the update period. The flexibility of the key updating strategy is ensured, when the communication key is to be updated cannot be predicted, and the safety of communication is ensured.
And in response to determining that the standard deviation is greater than a preset standard deviation, determining an adjustment coefficient according to the difference between the standard deviation and the preset standard deviation, determining the product of the adjustment coefficient and the preset duration as a target duration, and determining a time period within the target duration from the current moment as an updating time period.
In the implementation, if the standard deviation is larger than the preset standard deviation, the fluctuation of the data receiving interval is larger, and the communication is not stable enough. At this time, an adjustment coefficient is determined according to a difference value (difference value=standard deviation-preset standard deviation) between the standard deviation and a preset standard deviation, and the adjustment coefficient is in inverse relation with the difference value (the value range of the adjustment coefficient is between 0 and 1), the adjustment coefficient is multiplied by a preset duration to obtain a target duration, and a time period within the target duration from the current moment is determined as an update time period, so that the target duration is smaller than the preset duration, and the communication key is updated more quickly. By shortening the update time period, the potential security threat can be responded to more quickly, reducing the risk of misuse of the communication key. In particular, the method comprises the steps of,Where F denotes an adjustment coefficient, Δx denotes a difference between a standard deviation and a preset standard deviation, α denotes a preset coefficient (the preset coefficient may be set to 0.8, for example), and e denotes a natural constant. After determining a time period within a target duration from the current time as an update time period, updating the communication key in the update time period, wherein a specific time point can be selected by a random algorithm for key update in the update time period, a random number between 0 and 1 can be generated by using a pseudo-random number generator, and the random number is multiplied by the target duration to determine the specific time point of update, for example, if the target duration is 50 seconds and the generated random number is 0.5 seconds, the update will be performed in the 25 th second in the update time period. The flexibility of the key updating strategy is ensured, when the communication key is to be updated cannot be predicted, and the safety of communication is ensured.
In this embodiment, dynamically adjusting the key update period can effectively address instability and potential security threats in the communication. By shortening the key updating time period under the unstable condition, the key can be updated more quickly, and the window period of the key utilized by an attacker is reduced, so that the overall security is improved. By selecting a specific key update time point using a random algorithm within the update time period, unpredictability of key updates is increased. Making it difficult for an attacker to anticipate and exploit the timing of key updates, further enhancing security.
It should be noted that, the method of the embodiment of the present application may be performed by a single device, for example, a computer or a server. The method of the embodiment can also be applied to a distributed scene, and is completed by mutually matching a plurality of devices. In the case of such a distributed scenario, one of the devices may perform only one or more steps of the method of an embodiment of the present application, the devices interacting with each other to accomplish the method.
It should be noted that the foregoing describes some embodiments of the present application. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims may be performed in a different order than in the embodiments described above and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing are also possible or may be advantageous.
Based on the same inventive concept, the application also provides a device communication system corresponding to the method of any embodiment. The device communication system comprises edge computing devices and a management platform;
The edge computing device is configured to encrypt a device serial number of the edge computing device based on a default encryption algorithm and a default key to obtain an encrypted serial number, and send a registration request to a management platform, wherein the registration request comprises the device serial number and the encrypted serial number;
The management platform is configured to decrypt an encrypted serial number according to a default encryption algorithm and a default key to obtain a decrypted serial number in response to receiving a registration request sent by an edge computing device, and send registration to the edge computing device in response to determining that the decrypted serial number is the same as the device serial number
Request pass information.
Based on the same inventive concept, the application also provides a device communication apparatus corresponding to the method of any embodiment.
Referring to fig. 3, the device communication apparatus is disposed in an edge computing device, and includes:
An encryption module 601 configured to encrypt a device serial number of the edge computing device based on a default encryption algorithm and a default key, obtain an encrypted serial number, and send a registration request to a management platform, where the registration request includes the device serial number and the encrypted serial number;
a first sending module 602 configured to send device information of the edge computing device to the management platform in response to receiving the registration request pass through information sent by the management platform.
Referring to fig. 3, the device communication apparatus is disposed in a management platform, and includes:
a decryption module 701 configured to decrypt the encrypted sequence number according to a default encryption algorithm and a default key to obtain a decrypted sequence number in response to receiving a registration request sent by the edge computing device;
a second transmitting module 702 configured to transmit registration request pass information to the edge computing device in response to determining that the decryption sequence number is the same as the device sequence number.
And the key management module 703 is configured to determine whether the edge computing device is logged in for the first time according to the device serial number of the edge computing device in response to determining that the edge computing device logs in to the management platform, generate a communication key in response to determining that the edge computing device is logged in for the first time, and send the communication key to the edge computing device so that the edge computing device encrypts acquired data based on the communication key and sends the encrypted acquired data to the management platform.
Further, the key management module 703 is specifically configured to:
in response to receiving the acquired data encrypted based on the communication key sent by the edge computing device, determining whether the acquired data received in a preset history time meets a key security condition;
And in response to determining that the acquired data received in the preset historical time does not meet the key security condition, determining an updating time period of the communication key and updating the communication key in the updating time period.
Further, the key management module 703 is specifically configured to:
Determining the quantity of the acquired data received in a preset history time;
And in response to determining that the number is greater than or equal to the preset number, determining that the acquired data received in the preset history period does not meet the key security condition.
Further, the key management module 703 is specifically configured to:
determining all receiving time for receiving the acquired data in a preset historical time, performing time sequence arrangement on all receiving time, and determining the time difference between adjacent receiving time;
a standard deviation of all time differences is determined and an update period of the communication key is determined based on the standard deviation.
Further, the key management module 703 is specifically configured to:
In response to determining that the standard deviation is less than or equal to a preset standard deviation, determining a time period within a preset duration from the current time as an update time period;
And in response to determining that the standard deviation is greater than a preset standard deviation, determining an adjustment coefficient according to the difference between the standard deviation and the preset standard deviation, determining the product of the adjustment coefficient and the preset duration as a target duration, and determining a time period within the target duration from the current moment as an updating time period.
For convenience of description, the above devices are described as being functionally divided into various modules, respectively. Of course, the functions of each module may be implemented in the same piece or pieces of software and/or hardware when implementing the present application.
The apparatus of the foregoing embodiment is configured to implement the corresponding device communication method in any of the foregoing embodiments, and has the beneficial effects of the corresponding method embodiment, which is not described herein.
Based on the same inventive concept, the application also provides an electronic device corresponding to the method of any embodiment, which comprises a memory, a processor and a computer program stored on the memory and capable of running on the processor, wherein the processor executes the program to realize the device communication method of any embodiment.
Fig. 4 shows a more specific hardware architecture of an electronic device provided by the present embodiment, which may include a processor 1010, a memory 1020, an input/output interface 1030, a communication interface 1040, and a bus 1050. Wherein processor 1010, memory 1020, input/output interface 1030, and communication interface 1040 implement communication connections therebetween within the device via a bus 1050.
The processor 1010 may be implemented by a general-purpose CPU (Central Processing Unit ), a microprocessor, an Application SPECIFIC INTEGRATED Circuit (ASIC), or one or more integrated circuits, etc. for executing related programs to implement the technical solutions provided in the embodiments of the present disclosure.
The Memory 1020 may be implemented in the form of ROM (Read Only Memory), RAM (Random Access Memory ), static storage, dynamic storage, etc. Memory 1020 may store an operating system and other application programs, and when the embodiments of the present specification are implemented in software or firmware, the associated program code is stored in memory 1020 and executed by processor 1010.
The input/output interface 1030 is used to connect with an input/output module for inputting and outputting information. The input/output module may be configured as a component in a device (not shown) or may be external to the device to provide corresponding functionality. Wherein the input devices may include a keyboard, mouse, touch screen, microphone, various types of sensors, etc., and the output devices may include a display, speaker, vibrator, indicator lights, etc.
Communication interface 1040 is used to connect communication modules (not shown) to enable communication interactions of the present device with other devices. The communication module may implement communication through a wired manner (such as USB, network cable, etc.), or may implement communication through a wireless manner (such as mobile network, WIFI, bluetooth, etc.).
Bus 1050 includes a path for transferring information between components of the device (e.g., processor 1010, memory 1020, input/output interface 1030, and communication interface 1040).
It should be noted that although the above-described device only shows processor 1010, memory 1020, input/output interface 1030, communication interface 1040, and bus 1050, in an implementation, the device may include other components necessary to achieve proper operation. Furthermore, it will be understood by those skilled in the art that the above-described apparatus may include only the components necessary to implement the embodiments of the present description, and not all the components shown in the drawings.
The electronic device of the foregoing embodiment is configured to implement the corresponding device communication method in any of the foregoing embodiments, and has the beneficial effects of the corresponding method embodiment, which is not described herein.
Based on the same inventive concept, the present application also provides a non-transitory computer readable storage medium storing computer instructions for causing the computer to perform the device communication method according to any of the above embodiments, corresponding to the method of any of the above embodiments.
The computer readable media of the present embodiments, including both permanent and non-permanent, removable and non-removable media, may be used to implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of storage media for a computer include, but are not limited to, phase change memory (PRAM), static Random Access Memory (SRAM), dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), read Only Memory (ROM), electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape disk storage or other magnetic storage devices, or any other non-transmission medium, which can be used to store information that can be accessed by a computing device.
The storage medium of the foregoing embodiments stores computer instructions for causing the computer to perform the device communication method of any of the foregoing embodiments, and has the advantages of the corresponding method embodiments, which are not described herein.
Based on the same conception, the application also provides a computer program product corresponding to the method of any embodiment, comprising computer program instructions, which when run on a computer, cause the computer to execute the method of any embodiment, and the method has the beneficial effects of the corresponding method embodiment, which are not repeated herein.
It will be appreciated that before using the technical solutions of the various embodiments in the disclosure, the user may be informed of the type of personal information involved, the range of use, the use scenario, etc. in an appropriate manner, and obtain the authorization of the user.
For example, in response to receiving an active request from a user, a prompt is sent to the user to explicitly prompt the user that the operation it is requesting to perform will require personal information to be obtained and used with the user. Therefore, the user can select whether to provide personal information to the software or hardware such as the electronic equipment, the application program, the server or the storage medium for executing the operation of the technical scheme according to the prompt information.
As an alternative but non-limiting implementation, in response to receiving an active request from a user, the manner in which the prompt information is sent to the user may be, for example, a popup, in which the prompt information may be presented in a text manner. In addition, a selection control for the user to select to provide personal information to the electronic device in a 'consent' or 'disagreement' manner can be carried in the popup window.
It will be appreciated that the above-described notification and user authorization process is merely illustrative, and not limiting of the implementations of the present disclosure, and that other ways of satisfying relevant legal regulations may be applied to the implementations of the present disclosure.
It will be appreciated by persons skilled in the art that the above discussion of any embodiment is merely exemplary and is not intended to imply that the scope of the application is limited to these examples, that combinations of technical features in the above embodiments or in different embodiments may also be implemented in any order, and that many other variations of the different aspects of the embodiments of the application as described above exist within the spirit of the application, which are not provided in detail for the sake of brevity.
Additionally, well-known power/ground connections to Integrated Circuit (IC) chips and other components may or may not be shown within the provided figures, in order to simplify the illustration and discussion, and so as not to obscure the embodiments of the present application. Furthermore, the devices may be shown in block diagram form in order to avoid obscuring the embodiments of the present application, and also in view of the fact that specifics with respect to implementation of such block diagram devices are highly dependent upon the management platform in which the embodiments of the present application are to be implemented (i.e., such specifics should be well within purview of one skilled in the art). Where specific details (e.g., circuits) are set forth in order to describe example embodiments of the application, it should be apparent to one skilled in the art that embodiments of the application can be practiced without, or with variation of, these specific details. Accordingly, the description is to be regarded as illustrative in nature and not as restrictive.
While the application has been described in conjunction with specific embodiments thereof, many alternatives, modifications, and variations of those embodiments will be apparent to those skilled in the art in light of the foregoing description. For example, other memory architectures (e.g., dynamic RAM (DRAM)) may use the embodiments discussed.
The present embodiments are intended to embrace all such alternatives, modifications and variances which fall within the broad scope of the claimed application. Therefore, any omissions, modifications, equivalent substitutions, improvements, and the like, which are within the spirit and principles of the embodiments of the application, are intended to be included within the scope of the application.

Claims (10)

1. A device communication method, characterized in that it is applied to an edge computing device, said method comprising:
Encrypting the equipment serial number of the edge computing equipment based on a default encryption algorithm and a default secret key to obtain an encrypted serial number, and sending a registration request to a management platform, wherein the registration request comprises the equipment serial number and the encrypted serial number;
And in response to receiving the registration request passing information sent by the management platform, sending the device information of the edge computing device to the management platform.
2. The device communication method is characterized by being applied to a management platform, and comprises the following steps:
in response to receiving a registration request sent by the edge computing device, decrypting the encrypted sequence number according to a default encryption algorithm and a default key to obtain a decrypted sequence number;
in response to determining that the decryption sequence number is the same as the device sequence number, registration request pass information is sent to an edge computing device.
3. The device communication method of claim 2, wherein the method further comprises:
Responsive to determining that an edge computing device logs in to a management platform, determining whether the edge computing device is logged in for the first time according to a device serial number of the edge computing device;
And generating a communication key in response to determining that the edge computing device is logged in for the first time, and sending the communication key to the edge computing device, so that the edge computing device encrypts acquired data based on the communication key and sends the encrypted acquired data to the management platform.
4. The device communication method of claim 3, further comprising, after transmitting the communication key to an edge computing device:
in response to receiving the acquired data encrypted based on the communication key sent by the edge computing device, determining whether the acquired data received in a preset history time meets a key security condition;
And in response to determining that the acquired data received in the preset historical time does not meet the key security condition, determining an updating time period of the communication key and updating the communication key in the updating time period.
5. The device communication method according to claim 4, wherein determining whether the collected data received within the preset history period satisfies a key security condition comprises:
Determining the quantity of the acquired data received in a preset history time;
And in response to determining that the number is greater than or equal to the preset number, determining that the acquired data received in the preset history period does not meet the key security condition.
6. The device communication method of claim 4, wherein the determining the update period of the communication key comprises:
determining all receiving time for receiving the acquired data in a preset historical time, performing time sequence arrangement on all receiving time, and determining the time difference between adjacent receiving time;
a standard deviation of all time differences is determined and an update period of the communication key is determined based on the standard deviation.
7. The device communication method according to claim 6, wherein the determining the update period of the communication key based on the standard deviation includes:
In response to determining that the standard deviation is less than or equal to a preset standard deviation, determining a time period within a preset duration from the current time as an update time period;
And in response to determining that the standard deviation is greater than a preset standard deviation, determining an adjustment coefficient according to the difference between the standard deviation and the preset standard deviation, determining the product of the adjustment coefficient and the preset duration as a target duration, and determining a time period within the target duration from the current moment as an updating time period.
8. A device communication system is characterized by comprising an edge computing device and a management platform;
The edge computing device is configured to encrypt a device serial number of the edge computing device based on a default encryption algorithm and a default key to obtain an encrypted serial number, and send a registration request to a management platform, wherein the registration request comprises the device serial number and the encrypted serial number;
The management platform is configured to decrypt the encrypted serial number according to a default encryption algorithm and a default key to obtain a decrypted serial number in response to receiving a registration request sent by the edge computing device, and send registration request passing information to the edge computing device in response to determining that the decrypted serial number is identical to the device serial number.
9. An electronic device comprising a memory, a processor and a computer program stored on the memory and running on the processor, characterized in that the processor implements the method of claim 1 or any of claims 2 to 7 when executing the program.
10. A non-transitory computer readable storage medium storing computer instructions for causing a computer to perform the method of claim 1 or any of claims 2 to 7.
CN202510042254.8A 2025-01-10 2025-01-10 Device communication method, system, electronic device and storage medium Pending CN120017322A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202510042254.8A CN120017322A (en) 2025-01-10 2025-01-10 Device communication method, system, electronic device and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202510042254.8A CN120017322A (en) 2025-01-10 2025-01-10 Device communication method, system, electronic device and storage medium

Publications (1)

Publication Number Publication Date
CN120017322A true CN120017322A (en) 2025-05-16

Family

ID=95670758

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202510042254.8A Pending CN120017322A (en) 2025-01-10 2025-01-10 Device communication method, system, electronic device and storage medium

Country Status (1)

Country Link
CN (1) CN120017322A (en)

Similar Documents

Publication Publication Date Title
US20230245092A1 (en) Terminal for conducting electronic transactions
US10021113B2 (en) System and method for an integrity focused authentication service
US11258792B2 (en) Method, device, system for authenticating an accessing terminal by server, server and computer readable storage medium
EP3275159B1 (en) Technologies for secure server access using a trusted license agent
CN110519309B (en) Data transmission method, device, terminal, server and storage medium
CN108347361B (en) Application program testing method and device, computer equipment and storage medium
CN111708991A (en) Service authorization method, service authorization device, computer equipment and storage medium
US8683581B2 (en) Method for authenticating a terminal
CN103051451A (en) Encryption authentication of security service execution environment
US10073980B1 (en) System for assuring security of sensitive data on a host
CN108494793B (en) Network access method, device and system
KR101746102B1 (en) User authentication method for integrity and security enhancement
US20150047001A1 (en) Application program execution device
CN108900595B (en) Method, apparatus, device and computing medium for accessing cloud storage server data
US20240121250A1 (en) Stateless system to enable data breach notification
CN115189876B (en) Certificate expiration method, device and server
CN120017322A (en) Device communication method, system, electronic device and storage medium
CN118199884A (en) Task execution method and device based on block chain
US11677552B2 (en) Method for preventing misuse of a cryptographic key
JP6063317B2 (en) Terminal device and determination method
CN115242440B (en) Block chain-based internet of things equipment trusted calling method, device and equipment
KR102049889B1 (en) Apparatus and method for preventing forgery of data using hardware security module
US20220294636A1 (en) Detecting Manipulated Clients in a Control System
CN119789084A (en) Module communication management method, device, equipment and storage medium
CN114238919A (en) An information authentication method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination