Disclosure of Invention
In order to solve the problems of various equipment protocols of different manufacturers, difficulty in intercommunication and interconnection, formation of data islands, high development difficulty, poor expandability and the like in the prior art, the invention designs a multi-equipment interconnection method and a control system, and can effectively solve the technical problems.
In order to solve the technical problems, the technical scheme of the invention is as follows:
a multi-device interconnect control system comprising:
The configuration database is used for collecting information of all accessed terminal equipment, identifying the terminal equipment and determining required software version and configuration parameters thereof;
The controller format file is used for defining specific formats and specifications of different terminal equipment information and ensuring that a system can accurately analyze and process the information from different terminal equipment;
A configuration report generated by the system for informing the terminal device of the current software version, configuration parameters and whether there is an update available;
The software library is used for storing the software version and the configuration parameters, and sending the encrypted software version and the encrypted configuration parameters to the terminal equipment for updating or configuration;
The terminal equipment is used for reading the equipment information of the terminal equipment and sending the equipment information to the system, and the system judges whether available software update or configuration modification exists according to the configuration database and the configuration report, extracts the corresponding software version or configuration parameter from the software library, encrypts the corresponding software version or configuration parameter and sends the encrypted software version or configuration parameter to the terminal equipment for updating or configuration.
Preferably, the system is based on a B/S architecture and comprises a device management end and an application service end;
The equipment management end comprises an equipment access module, a safety access module, an equipment docking module, an equipment configuration module, an equipment resetting module, an equipment batch operation module, an equipment state monitoring module, an equipment system module and an alarm management module, and is used for collecting all terminal equipment information;
The application server side comprises a data management module, a rule engine module, an API (application program interface) integration module and an application plug-in module, wherein the rule engine module comprises a linkage engine, a permission engine and a log engine and is used for processing and applying the terminal equipment information acquired by the equipment management side.
Preferably, the terminal equipment information collected by the equipment management end at least comprises an access equipment type, a model, a unique identifier, a hardware version, a software version and a communication protocol.
Preferably, the processing mode of the application server side to the terminal equipment information comprises rule engine linkage control and alarm information generation, and the application comprises data visualization, remote control and report generation.
The multi-device interconnection method comprises the following steps:
Terminal equipment access and life cycle management, including security access, data modeling, state monitoring and remote operation;
The application server subscribes the data subject of the terminal equipment through an MQTT Broker and acquires the data reported by the terminal equipment in real time;
the application server generates a control instruction according to the user operation and the triggering of the rule engine;
the system is provided with an API gateway as an entrance, and the access request of the external system to the terminal equipment is routed.
Preferably, the terminal device access and lifecycle management, including secure access, data modeling, status monitoring, and remote operation, further includes:
establishing a TLS/SSL encryption channel, and carrying out authentication of the terminal equipment;
performing primary identity authentication by using a pre-shared key, and issuing an access token by using an OAuth 2.0 authorization framework to perform identity authentication of subsequent communication;
The system supports the automatic discovery and identification of different newly accessed terminal equipment of a plurality of PnP protocols, realizes plug-in processing, and provides manual configuration options for the terminal equipment which does not support the PnP protocols;
Creating a virtual digital copy for each terminal device by adopting a digital twin technology, and storing metadata of the terminal device;
monitoring the health condition of the terminal equipment by adopting a heartbeat mechanism, pushing real-time data, and triggering an alarm mechanism to asynchronously inform related personnel through Webhook or a message queue;
a RESTfulAPI interface is provided that allows remote configuration of the terminal device parameters and remote firmware upgrades.
Preferably, the application server subscribes to the data theme of the terminal device through an MQTT Broker, and collecting, in real time, data reported by the terminal device further includes:
compressing data by adopting a gzip algorithm or a Snappy algorithm, encrypting the data by adopting an AES algorithm or a TLS/SSL algorithm, and realizing data transmission by using a QoS mechanism;
preprocessing data by utilizing edge calculation, including data cleaning, conversion, standardization and feature extraction;
the time sequence database is selected to store data, and a CEP engine is adopted to process the data flow of the terminal equipment in real time;
rule definition is carried out by using a domain specific language or a graphical interface, and a rule engine supports a complex event processing function;
And the terminal equipment controls the newly accessed terminal equipment in a linkage way, and alarms are carried out through the alarm management module.
Preferably, the generating, by the application server, a control instruction according to the user operation and the trigger of the rule engine further includes:
the system converts the control instruction into a communication protocol format supported by target terminal equipment, and asynchronously transmits the instruction to the equipment management end by adopting a message queue, and the terminal equipment feeds back the execution result of the control instruction to the application server end;
and the system sets the execution timeout time of the control instruction by adopting a confirmation mechanism, and if the response of the terminal equipment is not received, the corresponding processing is carried out.
The system is provided with an API gateway as an entrance, and the access request of the external system to the terminal equipment is routed further comprises:
the API gateway verifies the legitimacy of the API request, and uses the access token standard protocol to carry out identity authentication and authorization;
the API gateway provides a variety of protection mechanisms including throttling, fusing, data checking, and Web application firewalls, and assumes the role of communication protocol conversion.
An electronic device comprising a processor, a memory and a computer program stored on the memory and executable on the processor, which when executed by the processor performs the steps of the multi-device interconnection method described above.
A computer readable storage medium having stored thereon a computer program which when executed by a processor performs the steps of the multi-device interconnection method described above.
Compared with the prior art, the multi-device interconnection method and the control system have the advantages that the key modules such as the configuration database, the device format file, the configuration report, the software library and the encryption software package are integrated, so that efficient unified management and control of diversified terminal devices are realized, the system can cross the boundaries of different manufacturers and protocols, a compatible access platform is provided for various devices, thereby remarkably simplifying the complex flow of device management, in the aspect of interoperability, devices with various communication protocols and data formats can be identified and integrated, the data island phenomenon is effectively eliminated, free circulation and sharing of information are promoted, the security is enhanced, the system ensures the security of device access and data transmission by establishing a TLS/SSL encryption channel and using a pre-shared secret key and an OAuth 2.0 authorization framework, the reliability is embodied in a continuous monitoring and heartbeat mechanism of the system on device information and real-time alarm response to abnormal states, the management module can be flexibly added or updated to adapt to new device types and communication protocols, in addition, the method can realize automatic software update and configuration parameters management, the development and the development of the intelligent device can be accelerated, the development and the development of the intelligent device can be improved, the development and the development system can be accelerated by the development and the development of the intelligent device has improved, the development and the development technology of the development device can be accelerated by the development and the development of the system has improved and the development of the remote interface.
Detailed Description
The drawings are for illustrative purposes only and are not to be construed as limiting the present patent;
for the purpose of better illustrating the embodiments, certain elements of the drawings may be omitted, enlarged or reduced and do not represent the actual product dimensions;
It will be appreciated by those skilled in the art that certain well-known structures in the drawings and descriptions thereof may be omitted.
The technical scheme of the invention is further described below with reference to the accompanying drawings and examples.
Examples
A multi-device interconnect control system comprising:
The configuration database is used for collecting information of all accessed terminal equipment, identifying the terminal equipment and determining required software version and configuration parameters thereof;
The controller format file is used for defining specific formats and specifications of different terminal equipment information and ensuring that a system can accurately analyze and process the information from different terminal equipment;
A configuration report generated by the system for informing the terminal device of the current software version, configuration parameters and whether there is an update available;
The software library is used for storing the software version and the configuration parameters, and sending the encrypted software version and the encrypted configuration parameters to the terminal equipment for updating or configuration;
The terminal equipment is used for reading the equipment information of the terminal equipment and sending the equipment information to the system, and the system judges whether available software update or configuration modification exists according to the configuration database and the configuration report, extracts the corresponding software version or configuration parameter from the software library, encrypts the corresponding software version or configuration parameter and sends the encrypted software version or configuration parameter to the terminal equipment for updating or configuration.
The system is based on a B/S architecture and comprises a device management end and an application server end;
the B/S architecture (Browser/ServerArchitecture ) is a common software system architecture mode, and is widely applied to modern network applications, under which a user interface is mainly implemented through a web Browser, and logic and data processing of an application are processed by a server side.
The equipment management end comprises an equipment access module, a safety access module, an equipment docking module, an equipment configuration module, an equipment resetting module, an equipment batch operation module, an equipment state monitoring module, an equipment system module and an alarm management module, and is used for collecting all terminal equipment information;
The application server side comprises a data management module, a rule engine module, an API (application program interface) integration module and an application plug-in module, wherein the rule engine module comprises a linkage engine, a permission engine and a log engine and is used for processing and applying the terminal equipment information acquired by the equipment management side.
The terminal equipment information collected by the equipment management end at least comprises an access equipment type, a model, a unique identifier, a hardware version, a software version and a communication protocol.
The processing mode of the application server side to the terminal equipment information comprises rule engine linkage control and alarm information generation, and the application comprises data visualization, remote control and report generation.
The multi-device interconnection method comprises the following steps:
Terminal equipment access and life cycle management, including security access, data modeling, state monitoring and remote operation;
The application server subscribes the data subject of the terminal equipment through an MQTT Broker and acquires the data reported by the terminal equipment in real time;
MQTT (Message Queuing Telemetry Transport, message queue telemetry transport) Broker is a key component in the MQTT system, which acts as a message proxy server responsible for receiving, processing and distributing messages, and is a lightweight, low bandwidth, occupied communication protocol widely used in internet of things (IoT) scenarios to enable communication and data transmission between devices.
The application server generates a control instruction according to the user operation and the triggering of the rule engine;
the system is provided with an API gateway as an entrance, and the access request of the external system to the terminal equipment is routed.
The terminal device access and lifecycle management, including secure access, data modeling, status monitoring, and remote operations, further includes:
establishing a TLS/SSL encryption channel, and carrying out authentication of the terminal equipment;
Performing primary identity authentication by using a pre-shared key (PSK), and performing identity authentication of subsequent communication by using an OAuth 2.0 authorization framework to issue an Access Token;
The system supports the automatic discovery and identification of different newly accessed terminal equipment of a plurality of PnP protocols, realizes plug-in processing, and provides manual configuration options for the terminal equipment which does not support the PnP protocols;
Creating a virtual digital copy for each terminal device by adopting a digital twin technology, and storing metadata of the terminal device;
monitoring the health condition of the terminal equipment by adopting a heartbeat mechanism, pushing real-time data, and triggering an alarm mechanism to asynchronously inform related personnel through Webhook or a message queue;
Webhook is a callback mechanism that allows one application to send HTTP POST requests to another application to pass information, which is commonly used for real-time updates and notifications, when an event or action occurs at the server, webhook can trigger and notify the client or another system immediately.
A RESTfulAPI interface is provided that allows remote configuration of the terminal device parameters and remote firmware upgrades (OTAs).
The application server subscribes to the data subject of the terminal equipment through an MQTT Broker, and the real-time acquisition of the data reported by the terminal equipment further comprises the following steps:
compressing data by adopting a gzip algorithm or a Snappy algorithm, encrypting the data by adopting an AES algorithm or a TLS/SSL algorithm, and realizing data transmission by using a QoS mechanism;
preprocessing data by utilizing edge calculation, including data cleaning, conversion, standardization and feature extraction;
the time sequence database is selected to store data, and a CEP engine is adopted to process the data flow of the terminal equipment in real time;
CEP is an abbreviation for complex event processing (Complex EventProcessing), which is a computational paradigm for analyzing and processing event streams in real-time in order to detect, correlate and respond to complex event patterns, and the core idea of CEP is to identify meaningful event patterns and trends from a large amount of event data, thereby enabling real-time decision making and automated response.
Rule definition is carried out by using a Domain Specific Language (DSL) or a graphical interface, and a rule engine supports a complex event processing function;
And the terminal equipment controls the newly accessed terminal equipment in a linkage way, and alarms are carried out through the alarm management module.
The application server generating a control instruction according to the user operation and the triggering of the rule engine further comprises:
the system converts the control instruction into a communication protocol format supported by target terminal equipment, and asynchronously transmits the instruction to the equipment management end by adopting a message queue, and the terminal equipment feeds back the execution result of the control instruction to the application server end;
and the system sets the execution timeout time of the control instruction by adopting a confirmation mechanism, and if the response of the terminal equipment is not received, the corresponding processing is carried out.
The system is provided with an API gateway as an entrance, and the access request of the external system to the terminal equipment is routed further comprises:
the API gateway verifies the legitimacy of the API request, and uses the access token standard protocol to carry out identity authentication and authorization;
the API gateway provides a variety of protection mechanisms including throttling, fusing, data checking, and Web application firewalls, and assumes the role of communication protocol conversion.
An electronic device comprising a processor, a memory and a computer program stored on the memory and executable on the processor, which when executed by the processor performs the steps of the multi-device interconnection method described above.
A computer readable storage medium having stored thereon a computer program which when executed by a processor performs the steps of the multi-device interconnection method described above.
In a specific implementation, referring to fig. 1 and 2, the invention discloses a multi-device interconnection control system, which is based on a B/S architecture and is in communication with various terminal devices, wherein the system comprises a device management end and an application service end, and the device management end comprises a device access module, a security access module, a device docking module, a device configuration module, a device reset module, a device batch operation module, a device state monitoring module, a device system module and an alarm management module.
The equipment access module is used for managing and controlling the process of accessing the terminal equipment into the system, and ensuring that the terminal equipment can be safely and effectively connected into the system.
The security access module ensures that all accessed terminal devices meet security standards and prevents unauthorized access and data leakage.
The device docking module is used for connection and communication between different terminal devices, and ensures that the terminal devices can work cooperatively.
The device configuration module is used for managing and distributing configuration parameters of the terminal device, including software version, network setting and the like.
The device reset module provides terminal device reset functions including normal reset (unbind) and factory reset (unbind and clear data) to restore the terminal device to an initial state.
The equipment batch operation module allows a user to perform batch operation on a plurality of terminal equipment, such as batch binding, configuration adjustment and the like, so that the management efficiency is improved.
The equipment state monitoring module monitors the running state of the terminal equipment in real time, and timely discovers and responds to the fault or performance problem of the terminal equipment.
The equipment system module manages system level information of the terminal equipment, such as an operating system version, a system log and the like, and ensures normal operation of the terminal equipment system.
The alarm management module provides management functions of checking, confirming, processing and the like of the alarm, including integrated management, alarm event management, notification policy management, alarm cooperative processing and alarm processing analysis.
The application server comprises a data management module, a rule engine module, an API integrated module and an application plug-in module, wherein the rule engine module comprises a linkage engine, a permission engine and a log engine, the equipment management end is used for maintaining information of all access terminal equipment, and the terminal equipment information at least comprises equipment types, models, unique identifiers, hardware versions, software versions and communication protocols, and can also be related parameters such as equipment states, performance indexes and energy consumption data.
The data management module is used for inputting, storing, inquiring, modifying, deleting and the like of the data, and helps enterprises manage and utilize the data.
The rule engine module comprises a linkage engine, a right engine and a log engine and is used for processing and applying the terminal equipment information acquired by the terminal equipment management end.
The API integrated module uniformly manages authentication configuration of the third-party API and request configuration of an API interface, and allows authorized applications to directly call the configured API to acquire data or push the data.
The application plug-in module provides additional functionality extensions that allow users to add or develop new application plug-ins as needed to enhance the functionality of the system.
The application server is used for processing and applying the data acquired by the equipment management end, wherein the processing mode comprises linkage control of a rule engine and generation of alarm information, and the application comprises data visualization, remote control, report generation and the like.
Referring to fig. 3, the embodiment provides a device interconnection method, which includes the following steps:
Light controller access and lifecycle management including security access, data modeling, status monitoring, and remote operation
Further, before the light controller accesses the system, firstly, a safe TLS/SSL encryption channel is established, confidentiality and integrity of all communication are ensured, man-in-the-middle attack is prevented, when the light controller needs to perform identity verification firstly, a pre-shared key (PSK) is used for performing identity authentication, the PSK is a secret key which is negotiated between the light controller and the system in advance, the secret key is stored in a safe storage area of the light controller, measures are taken to prevent leakage, after the identity is verified through the PSK, the system can use an OAuth 2.0 authorization framework to issue an Access Token (Access Token) for the controller, the follow-up communication uses the Access Token for identity verification, and no PSK is used any more, the security is improved, a browser verifies SSL/TLS certificate provided by the server, generates a random number as a pre-master key (PMS) according to a selected RSA key exchange algorithm, encrypts the PMS by using a public key in the server and sends the PMS to the server, the server uses the secret key for decryption to obtain the PMS, and both sides, and uses the PMS, the random number and the HMAC-A to obtain a secret key, and a secret key is used for the security key to be used for the security key data transmission from a network authentication server, and the security key is used for the security verification of the security key, and the security key is used from the server to be encrypted; the public key of which is contained in a server certificate signed by a Certificate Authority (CA), the subsequent communication through the TLS/SSL channel will be symmetrically encrypted and MAC verified using the generated key, ensuring data confidentiality and integrity, the system supporting various PnP protocols, such as UPnP, SSDP, etc., automatically discovering and identifying newly accessed devices, the system realizes plug-in processing, the core system provides a universal interface to allow various plug-ins to interact with the plug-in, each plug-in is responsible for processing specific types of equipment or services, for example, one plug-in processes Zigbee protocol equipment, the other plug-in processes MQTT protocol sensor data, the other plug-in processes cloud service connection, and for terminal equipment which does not support PnP, the system provides manual configuration options, and a user can manually input equipment information.
Further, after the light controller is accessed into the system, a virtual digital copy is created for each terminal device by means of a universal table, the digital twin model created by the system will contain static attributes of the light controller, such as device type, manufacturer, model, IP, communication protocol and dynamic attributes, such as running state, sensor data, which allows the system to simulate, analyze and predict the terminal device, optimize the terminal device management and control policy, store rich device metadata including terminal device type, manufacturer, model, firmware version, communication protocol, IP address, sensor list, supported command list, etc., which will be used for terminal device management, data processing, rule engine configuration and command issuing, store the metadata in a relational database, and provide API interfaces for other modules to access.
Further, after the light controller is connected to the system and the data is modeled, a heartbeat mechanism is adopted, the terminal equipment periodically sends a heartbeat packet to the system to indicate the on-line state of the heartbeat packet, the system judges the health condition of the equipment according to the frequency of the heartbeat packet, if the heartbeat packet is not received for a long time, the equipment is considered to be off-line, an alarm is triggered, the real-time data pushing is carried out after the equipment is ensured to be on-line, the equipment pushes the real-time data to the system, such as sensor data, operating parameters and the like, the system monitors the data in real time, and triggers the alarm according to a preset threshold value, after the real-time data is obtained, when the light controller is in an abnormal state, such as off-line, parameter overrun and the like, the system triggers the alarm mechanism to inform related personnel through Webhook or a message queue, and the message queue realizes asynchronous notification to avoid blocking the system.
Further, after ensuring safe and stable operation of the light controller, the system provides RESTfulAPI interfaces, allows a user to remotely configure parameters of the terminal device, such as modifying names of the light controller, setting sampling frequency of a sensor of the light controller, and the like, and supports remote firmware upgrade (OTA) of the light controller.
And data modeling, namely subscribing the data theme of the terminal equipment by the application server through an MQTT Broker, and collecting the data reported by the terminal equipment in real time.
Further, after the light controller is connected and the terminal equipment stably operates, the method further comprises data acquisition, an application server subscribes to a data subject of the terminal equipment through an MQTT Broker, data reported by the light controller are acquired in real time, a QoS mechanism ensures reliable transmission of the data, algorithms such as gzip or Snappy are adopted for data compression, data transmission quantity and bandwidth occupation are reduced, encryption algorithms such as AES or TLS/SSL are adopted for data encryption, data transmission safety is guaranteed, data can be preprocessed by edge computing capability, and data quantity transmitted to a cloud is reduced.
The data preprocessing flow includes steps of data cleaning, conversion, standardization, feature extraction and the like, the data cleaning is used for removing invalid data and noise data, the data conversion converts data in different formats into a unified format through the specific extraction of developers, the data standardization converts the data into a unified dimension and range, the feature extraction developer cloud can extract characteristics of terminal equipment from original data, such as terminal equipment types, manufacturers, models and the like, which are used for model training and rule matching, a time sequence database adopts tag indexes and column storage, optimizes writing and query performance of time sequence data, the database supports functions of data aggregation, downsampling, interpolation and the like, facilitates data analysis and visualization, uses a distributed database architecture TimescaleDB, supports data storage and processing, adopts a CEP engine, processes terminal equipment data flow in real time, simplifies rule definition and adopts complex event processing functions such as Domain Specific Language (DSL) or graphic interface, simplifies rule creation and management, rule engine supports event mode matching, time window, sliding window and the like, dynamic loading and thermal updating of rules, allows the dynamic updating of the rules, enables the rules to be controlled by a plurality of the same channel, enables the system to be controlled by a plurality of channels to be in a short message, enables the same time, enables the system to be controlled by a short message, enables the system to be controlled to be in a short message, enables the same to be in a message, enables the system to be controlled by a short message has a message, enables to be controlled by a message has a message controller, and has a message can be controlled in a message has a short message service, and has a message alarm function can be sent in a message can be sent in a and has a message is easily and has a, the alert history is used to track and analyze alert events.
And the command issuing and controlling step that the application server generates a control command according to the user operation and the triggering of the rule engine.
Further, after ensuring safe and stable operation of the light controller, the system can perform some column operations on the light controller, wherein the system can convert the control instruction into a communication protocol format supported by the target light controller, such as Modbus, OPC UA, MQTT and the like, the system can control different types of light controllers without concern about details of an underlying communication protocol, the information adopts a message queue to perform asynchronous transfer, the system reliability and expandability are improved, the message queue can buffer the instruction, system overload is avoided, and reliable delivery of the instruction is ensured, the light controller management end receives the control instruction and can support multiple command types, such as switch control, parameter setting, data query and the like, the system can convert the control instruction into a communication protocol format supported by the target light controller, such as Modbus, OPC UA, MQTT and the like, the system can adopt a message queue to perform asynchronous transfer, the system reliability and expandability are improved, the message queue can buffer the instruction, the system overload is avoided, the control instruction is immediately received according to the communication protocol address of the light controller, the instruction is sent to the target terminal equipment, the system support equipment can support the communication protocol, the system can execute the control instruction until the control instruction is carried out by the system, the control instruction is executed by the system, the system is executed when the control command is executed by the system fails, the system is executed, the control command is executed by the system is judged to perform a proper, and the control is executed, and the system is not executed by the control command is judged to execute a proper, and the control command is executed, and the system is judged to execute a proper, and the control command is executed by the control and a proper response, and a system is executed, and if the system is judged to be confirmed to be executed, and if the retry is unsuccessful for a plurality of times, carrying out alarm operation.
And API integration, namely, the system is provided with an API gateway as an entrance, and the access request of the external system to the terminal equipment is routed.
Furthermore, after the stability and accuracy of the interaction between the system and the terminal device, the stability of the external API request is required, the system is equipped with an API gateway, the API gateway is used as a unified entry of the system, all accesses to devices by the external system must pass through the API gateway, which acts as a reverse proxy and middleware, several core functions are provided, the API gateway routes the request to the application server cluster at the back end according to the request path and parameters, it can realize load balancing, distribute the traffic to different servers, improve the throughput and availability of the system, the API gateway is responsible for verifying the validity of the API request, ensuring that only authorized users or systems can access the protected resources, the system uses standard protocols such as JWT for identity authentication and authorization, the API gateway also provides various protection mechanisms for the system, current limiting, fusing, data checking, web application firewall, etc., and the API gateway also converts the accepted protocols into MQTT messages, for example, so as to realize communication between the system and the light controller.
The same or similar reference numerals correspond to the same or similar components;
The terms describing the positional relationship in the drawings are merely illustrative, and are not to be construed as limiting the present patent;
It is to be understood that the above-described embodiments of the present invention are provided by way of illustration only and not as limitations of the embodiments of the present invention, and that various other changes and modifications may be made by one skilled in the art based on the above description, without the necessity of or without intending to be exhaustive of all embodiments, and any modifications, equivalents, improvements and modifications etc. within the spirit and principles of the present invention are intended to be included within the scope of the appended claims.