Internet of things application virtual gateway with data encryption convergence functionTechnical Field
The application belongs to the field of virtual gateways, and particularly relates to an application virtual gateway of an Internet of things with a data encryption convergence function.
Background
Currently, large-scale networking systems are a common platform used in a variety of settings for running service applications and maintaining data for business and operational functions. For example, a data center (e.g., physical cloud computing infrastructure) may provide multiple services (e.g., web applications, email services, search engine services, etc.) to multiple customers simultaneously. These large-scale networked systems typically include a large number of resources distributed throughout the data center, where each resource resembles a physical machine or Virtual Machine (VM) running on a physical host. When a data center hosts multiple tenants (e.g., customer programs), these resources are allocated from the data center to different tenants to meet their usage needs. The collection of resources allocated to tenants may be grouped into logical or virtual subnets for ease of management and security isolation. Customers of a data center often need service applications running in an enterprise private network (e.g., servers managed by customers geographically remote from the data center) or other third party networks to interact with software running on resources in the data center.
To enable this interaction while securely separating the resources allocated to the tenant from the resources allocated to other tenants, the hosted service provider may employ a single, centralized routing mechanism to act as a network gateway between all machines belonging to the tenant in the virtual subnet, or the resources managed by the host system hypervisor and the remote resources of the tenant. However, this architecture employing a centralized routing mechanism is inefficient because operation depends on the physical proximity of the mechanism to the machines/resources it serves. For example, if the machines/resources are located in different parts of the data center or in different locations (e.g., across the data center and enterprise private network), at least some of the machines/resources will face higher latency and lower bandwidth connections when the driver is being used by other machines/resources. Thus, the centralized routing mechanism becomes a common point of congestion for communications entering and exiting a particular virtual subnet. Furthermore, the machine/resource will be forced to send data packets on a suboptimal route when it is limited to passing all communications through the centralized routing mechanism.
With the development of computer technology, virtualization technology has been widely popularized and applied. Desktop virtualization is to install a virtual machine system on a physical server implementing a data center, and the virtual machine system simulates hardware resources required by the operation of an operating system. The operating systems run on the virtual hardware resources, so that a plurality of operating systems can share the hardware resources of the physical server, and the resource utilization rate is improved.
Therefore, there is a need for an internet of things application virtual gateway with data encryption convergence function.
Disclosure of Invention
The application provides an application virtual gateway of the Internet of things with a data encryption convergence function, which solves the problems that in the prior art, encrypted data of the virtual gateway are stored and shared in a concentrated manner, and the encrypted data are stored and shared in a concentrated manner, so that the problem that the data are leaked or tampered in the transmission between devices or systems can be avoided.
The technical scheme of the application is realized as follows: the method comprises the steps that an Internet of things application virtual gateway with a data encryption convergence function groups acquired data at a data starting node, and an index catalog is built for each group of data;
establishing an interaction database, and carrying out isolation distribution on the grouped data in the database;
constructing corresponding virtual network address nodes according to the number of the index catalogues, importing the IP information of the index catalogues in the interaction database into the virtual network address nodes, establishing dependent addresses of the virtual network address and the IP information through mapping, and feeding back the dependent addresses into the interaction database through the block chain nodes;
any user in a data channel between the block chain node and the interaction database is used as a communication node, and after the communication node is set, the communication node is used as a communication node for other users to enter the data channel;
and carrying out asymmetric encryption in the communication node through the public and private keys, carrying out data interaction between the user and the communication node through the unique exclusive address, and enabling the user to enter the communication node through the private key to acquire index directory information and IP information in the virtual network address.
The application file mainly comprises the following aspects: data grouping, index catalog and virtual network address node construction, address-dependent establishment, communication node setting and information acquisition mode by users. At the data start node, the acquired data are grouped, and an index directory is established for each group of data so as to carry out isolation distribution in the database. In terms of establishing index directories, the virtual gateway will construct virtual network address nodes according to the index directories corresponding to the number. These virtual network address nodes will store the IP information in the interaction database and build the dependent addresses of the virtual network address and the IP information by mapping. These dependent addresses will be fed back into the interaction database through the blockchain nodes. In the communication node, the user performs asymmetric encryption through the private key and performs data interaction with the virtual gateway. The user obtains index directory information and IP information in the virtual network address through the private key. This information will be stored within the blockchain node for later use. In short, the application virtual gateway of the Internet of things with the data encryption convergence function realizes the data encryption and convergence functions by constructing an index directory and virtual network address nodes and by establishing public key encryption and dependent addresses.
As a preferred embodiment, the interactive database adopts a distributed storage technology, data on a data server is stored in the interactive database in a distributed arrangement, and an original log file, an HTML code or an HTML label is backed up.
As a preferred embodiment, when grouping is performed after data is acquired, the grouped data is screened, cleaned and ordered according to preset parameters to form an independent table area.
As a preferred embodiment, index directories are established in the table area, and each index directory adopts independent numbers, so that required data can be rapidly located.
As a preferred embodiment, after the data packets are established, a transaction management mechanism is established between the packet data, and the same requests of different users through the communication nodes are combined through distributed transaction management and are uniformly processed in the interaction database.
As a preferred implementation, the mapping establishes the dependence address of the virtual network address and the IP information by mapping the IP address and the port information to the interaction database, and inputting the host name and the port number to determine the mapping relationship after selecting the virtual network address to be mapped in the interaction database.
As a preferred implementation mode, the communication node adopts a multi-chain multi-account interface, and is connected with different users through a plurality of interfaces at the same time, and simultaneously, data transmitted in opposite directions in an interaction channel are encrypted respectively.
After the technical scheme is adopted, the application has the beneficial effects that:
and data are gathered to the blockchain node, so that the data are safer and more reliable, and the data are prevented from being revealed and tampered. By grouping the users and encrypting the data at different nodes, the data transmitted by the users between the different nodes has better security and confidentiality. And establishing an interaction database, and isolating data transmitted between different nodes to avoid the data from being tampered and leaked. The virtual network address and the dependent address of the IP information are established through mapping, so that a user can better control the data transmitted between different nodes, and the data is prevented from being tampered or stolen. And taking any user in the data channel between the block chain node and the interaction database as a communication node, and taking the communication node as a communication node for other users to enter the data channel after the communication node is set. The content which is communicated with the user is encrypted through an asymmetric encryption technology, so that the personal privacy and identity information of the user can be better protected when the user performs data interaction.
Drawings
In order to more clearly illustrate the embodiments of the application or the technical solutions of the prior art, the drawings which are used in the description of the embodiments or the prior art will be briefly described, it being obvious that the drawings in the description below are only some embodiments of the application, and that other drawings can be obtained according to these drawings without inventive faculty for a person skilled in the art.
Fig. 1 is a schematic diagram of virtual gateway data interaction according to the present application.
Detailed Description
The following description of the embodiments of the present application will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present application, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application.
Examples
As shown in fig. 1, an internet of things application virtual gateway with a data encryption convergence function groups acquired data at a data start node and establishes an index directory for each group of data;
establishing an interaction database, and carrying out isolation distribution on the grouped data in the database;
constructing corresponding virtual network address nodes according to the number of the index catalogues, importing the IP information of the index catalogues in the interaction database into the virtual network address nodes, establishing dependent addresses of the virtual network address and the IP information through mapping, and feeding back the dependent addresses into the interaction database through the block chain nodes;
any user in a data channel between the block chain node and the interaction database is used as a communication node, and after the communication node is set, the communication node is used as a communication node for other users to enter the data channel;
and carrying out asymmetric encryption in the communication node through the public and private keys, carrying out data interaction between the user and the communication node through the unique exclusive address, and enabling the user to enter the communication node through the private key to acquire index directory information and IP information in the virtual network address.
The main flow can be briefly described as follows: and (3) data acquisition: and at the data starting node, acquiring data for grouping, and establishing an index catalog for each group of data.
Database establishment: and establishing an interaction database, and carrying out isolation distribution on the grouped data in the database. Virtual network address node construction: and constructing corresponding virtual network address nodes according to the number of the index catalogues, importing the IP information of the index catalogues in the interaction database into the virtual network address nodes, and establishing the dependent addresses of the virtual network address and the IP information through mapping.
And (3) data feedback: the dependent address is fed back into the interaction database through the blockchain node. And (3) setting communication nodes: and taking any user in the data channel between the block chain node and the interaction database as a communication node, and taking the communication node as a communication node for other users to enter the data channel after the communication node is set.
Asymmetric encryption: and carrying out asymmetric encryption in the communication node through the public and private keys, and carrying out data interaction between the user and the communication node through the unique exclusive address.
Acquiring information: and the user enters the communication node through the private key to acquire index directory information and IP information in the virtual network address.
In general, the working principle of the system is to build virtual network address nodes and index catalogues, perform isolated distribution on data, and realize data feedback and secure communication by using a block chain technology. The user can enter the communication node through the private key to acquire data, so that the function of data encryption and aggregation is realized.
The interactive database adopts a distributed storage technology, data on a data server is stored in the interactive database which is arranged in a distributed mode, and an original log file, an HTML code or an HTML label is backed up. First, the distributed storage technology stores data using a plurality of servers, and can improve efficiency and reliability of data storage. This technique is commonly used to process large amounts of data, such as log files and HTML code. Secondly, the interaction database backs up the original log file, HTML code or HTML tag for recovery when data loss or corruption occurs. This ensures data integrity and consistency while also avoiding the unavailability of data due to data loss or corruption. It should be noted that distributed storage techniques are not suitable for all application scenarios, such as network applications where throughput and latency requirements are high.
When data are acquired and grouped, the grouped data are screened, cleaned and ordered according to preset parameters to form an independent table area. In the grouping process, various methods may be employed, such as based on keywords, date, or other parameters, etc. Keyword-based methods are typically performed by searching for keywords corresponding to data and then combining the data corresponding to the keywords into a field. The data is then screened, cleaned and sorted according to this field, eventually forming a separate table area.
The method based on date or other parameters is to screen and sort the grouped data by setting some parameters, such as "time range" or "time interval", etc. Through the parameters, the data can be screened and cleaned according to a certain rule, so that the quality and the integrity of the data are ensured. In addition, the method can also carry out custom adjustment and optimization on the surface area according to actual needs.
And establishing index catalogues in the table area, wherein each index catalogue adopts independent numbers, so that required data can be rapidly positioned. In the process of creating the index directory, various methods may be employed. One such method is by searching for keywords corresponding to the data, then combining the data corresponding to the keywords into a field, and finally screening, cleaning and sorting the data according to the field to finally form an independent table region. In this table area, the index directory will be stored in a database for convenient user query and use. Another method is to number each index directory independently, which can ensure consistency and reliability of the index directory. Each index directory has its own number, meaning that they can be uniquely identified, thereby avoiding the problem of duplicate data. In addition, the method can also prevent the index directory from being maliciously modified or deleted, thereby ensuring the safety of the data.
After the data packet is established, a transaction management mechanism is established among the packet data, and different users are combined through the same request of the communication node through distributed transaction management and are uniformly processed in an interaction database. In particular, after the data packet is established, this goal may be achieved through a distributed transaction management mechanism. The mechanism would combine multiple requests in the packet data into one request and send it to one node in the interaction database. In the interaction database, the node processes the request and returns the result to one of the packet data. Thus, the same request of different users through the communication node can be combined and the same request in the interaction database can be processed. Distributed transaction management is a common technique that can be used to handle large-scale, highly concurrent data interaction scenarios. The method can improve the efficiency and reliability of data processing and reduce the risks of data errors and loss.
The mapping establishes the dependent address of the virtual network address and the IP information by mapping the IP address and the port information to an interactive database, selecting the virtual network address to be mapped in the interactive database, and inputting the host name and the port number to determine the mapping relation. Specifically, the virtual gateway first needs to store the IP address and port number in the interaction database in order to map the dependent address that establishes the virtual network address with the IP information. Then, the user can determine the mapping relationship by inputting the host name and the port number. In the mapping process, the user may need to input the host name and port number multiple times to determine the mapping relationship. This is because the virtual gateway needs to query and access each host and return different results on different hosts. The process of mapping the dependent address of establishing virtual network addresses and IP information is very important. It can conveniently store the IP address and port information in the interaction database and ensure their correctness and reliability.
The communication node adopts a multi-chain multi-account interface, is connected with different users through a plurality of interfaces, and simultaneously encrypts data transmitted in opposite directions in the interaction channel respectively. An advantage of the design is that it can support multiple types of network connections, including fiber optic, wireless networks, etc. By adopting the design, the communication node can be connected with different types of users, so that the user experience and the reliability of data transmission are improved. In addition, the system also adopts a plurality of interfaces so as to facilitate the user to access the communication node and interact with the interaction database through the interfaces. This design also ensures data security because only designated users can connect and transmit data through the communication node. Finally, the communication node also adopts a separate encryption design to protect the user data from hacking or disclosure. The design can prevent an attacker from tampering or encrypting the user data through the interaction channel, thereby improving the security of the user data. In general, this design employs a variety of techniques to achieve high performance, high availability and security communication node designs.
The foregoing description of the preferred embodiments of the application is not intended to be limiting, but rather is intended to cover all modifications, equivalents, alternatives, and improvements that fall within the spirit and scope of the application.