+

CN115314275A - Data encryption processing method and device, storage medium and electronic equipment - Google Patents

Data encryption processing method and device, storage medium and electronic equipment Download PDF

Info

Publication number
CN115314275A
CN115314275A CN202210923996.8A CN202210923996A CN115314275A CN 115314275 A CN115314275 A CN 115314275A CN 202210923996 A CN202210923996 A CN 202210923996A CN 115314275 A CN115314275 A CN 115314275A
Authority
CN
China
Prior art keywords
data
edge
module
processed
layer
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210923996.8A
Other languages
Chinese (zh)
Inventor
孟庆铭
赵志刚
董奇论
方鑫达
胡英伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhejiang Fulida Fanzai Internet Of Things Technology Co ltd
Original Assignee
Zhejiang Fulida Fanzai Internet Of Things Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhejiang Fulida Fanzai Internet Of Things Technology Co ltd filed Critical Zhejiang Fulida Fanzai Internet Of Things Technology Co ltd
Priority to CN202210923996.8A priority Critical patent/CN115314275A/en
Publication of CN115314275A publication Critical patent/CN115314275A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0281Proxies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Algebra (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Analysis (AREA)
  • Mathematical Optimization (AREA)
  • Mathematical Physics (AREA)
  • Pure & Applied Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a data encryption processing method, a data encryption processing device, a storage medium and electronic equipment, wherein the method comprises the following steps: the method comprises the steps of constructing an edge proxy and an edge calculation model of data to be processed, preprocessing the data to be processed based on the edge proxy and the edge calculation model, and encrypting the preprocessed data to be processed in a preset encryption mode to obtain encrypted data, wherein the preset encryption mode comprises the following steps: data encryption is performed through the SM2 algorithm, and data security can be improved.

Description

一种数据加密的处理方法、装置、存储介质和电子设备Data encryption processing method, device, storage medium and electronic equipment

技术领域technical field

本发明属于数据加密领域,特别是一种数据加密的处理方法、装置、存储介质和电子设备。The invention belongs to the field of data encryption, in particular to a data encryption processing method, device, storage medium and electronic equipment.

背景技术Background technique

目前,规约数据发送未进行数据加密处理,数据被截取时很容易被破解,毫无安全性。At present, the protocol data is sent without data encryption processing, and the data is easily cracked when intercepted, without any security.

现有设备对数据的采集仅仅只是采集的直接物理量,无其他方式的判断处理。对于技术人员来说,可以进行数据反向转化,破解规约数据内容,从而盗取数据,造成信息安全隐患。同时,直接采集的数据不进行判断处理,采集后就发送,会造成大量的数据负担和资源损耗,这是一个亟待解决的问题。The collection of data by existing equipment is only the direct physical quantity collected, and there is no other way of judgment and processing. For technicians, data reverse conversion can be performed to crack the data content of the protocol, thereby stealing data and causing potential information security risks. At the same time, the directly collected data is sent without judgment and processing, which will cause a large amount of data burden and resource consumption, which is an urgent problem to be solved.

发明内容Contents of the invention

本发明的目的是提供一种数据加密的处理方法、装置、存储介质和电子设备,以解决现有技术中的不足,它能够提高数据安全性。The object of the present invention is to provide a data encryption processing method, device, storage medium and electronic equipment to solve the deficiencies in the prior art, and it can improve data security.

本申请的一个实施例提供了一种数据加密的处理方法,所述方法包括:An embodiment of the present application provides a data encryption processing method, the method comprising:

构建待处理数据的边缘代理及边缘计算模型,所述边缘代理及边缘计算模型包括:边缘计算框架模块和业务模块,其中,所述边缘计算框架模块包括:边缘服务层、基础功能层、操作系统层和硬件层,所述边缘服务层用于资源、数据、智能和应用管理的云边协同;所述基础功能层用于实现本地化管理、子设备接入、物模型管理和消息队列的功能;所述操作系统层用于实现系统监测、实时调度、安全认证、应用权限及权限隔离的功能;所述硬件层用于创建待处理数据的数据执行和计算环境;Build an edge proxy and an edge computing model for the data to be processed, the edge proxy and the edge computing model include: an edge computing framework module and a business module, wherein the edge computing framework module includes: an edge service layer, a basic function layer, an operating system Layer and hardware layer, the edge service layer is used for cloud-side collaboration of resources, data, intelligence and application management; the basic function layer is used to realize the functions of localized management, sub-device access, object model management and message queue The operating system layer is used to realize the functions of system monitoring, real-time scheduling, security authentication, application authority and authority isolation; the hardware layer is used to create a data execution and computing environment for data to be processed;

基于所述边缘代理及边缘计算模型对所述待处理数据进行预处理;Preprocessing the data to be processed based on the edge agent and the edge computing model;

通过预设加密方式对预处理后的待处理数据进行加密处理,以获得加密数据,其中,所述预设加密方式包括:通过SM2算法进行数据加密。The preprocessed data to be processed is encrypted by a preset encryption method to obtain encrypted data, wherein the preset encryption method includes: data encryption by SM2 algorithm.

可选的,所述方法还包括:Optionally, the method also includes:

通过通讯模组将所述加密数据转发至后台服务器,当所述加密数据转发完成后,后台服务器进入低功耗运行模式。The encrypted data is forwarded to the background server through the communication module, and the background server enters a low power consumption operation mode after the forwarding of the encrypted data is completed.

可选的,所述边缘计算框架模块,还包括:Optionally, the edge computing framework module also includes:

物联管理中心,其中,所述物联管理中心用于实现子设备全生命周期管理、数据分析、集中式训练、业务编排以及应用开发、调试、发布的功能。The IoT management center, wherein the IoT management center is used to realize the functions of sub-device life cycle management, data analysis, centralized training, business arrangement, and application development, debugging, and release.

可选的,所述边缘计算框架模块通过MQTT协议与所述业务模块进行交互,且所述边缘计算框架模块与所述业务模块运行在相同设备中,通过连接本地MQTT服务器进行通信。Optionally, the edge computing framework module interacts with the service module through the MQTT protocol, and the edge computing framework module and the service module run in the same device and communicate by connecting to a local MQTT server.

可选的,所述业务模块用于实现端设备的接入、删除、状态更新以及数据、事件上报,业务控制命令响应的功能。Optionally, the service module is used to realize functions of terminal device access, deletion, status update, data and event reporting, and service control command response.

可选的,所述基于所述边缘代理及边缘计算模型对所述待处理数据进行预处理,包括:Optionally, the preprocessing of the data to be processed based on the edge agent and the edge computing model includes:

接收待处理数据,通过所述边缘计算框架模块中预设判断处理方式对所述待处理数据的直接物理量进行预处理,并输出预处理后数据。The data to be processed is received, the direct physical quantity of the data to be processed is preprocessed through the preset judgment processing method in the edge computing framework module, and the preprocessed data is output.

本申请的又一实施例提供了一种数据加密的处理装置,所述装置包括:Another embodiment of the present application provides a data encryption processing device, the device comprising:

构建模块,用于构建待处理数据的边缘代理及边缘计算模型,所述边缘代理及边缘计算模型包括:边缘计算框架模块和业务模块,其中,所述边缘计算框架模块包括:边缘服务层、基础功能层、操作系统层和硬件层,所述边缘服务层用于资源、数据、智能和应用管理的云边协同;所述基础功能层用于实现本地化管理、子设备接入、物模型管理和消息队列的功能;所述操作系统层用于实现系统监测、实时调度、安全认证、应用权限及权限隔离的功能;所述硬件层用于创建待处理数据的数据执行和计算环境;The building module is used to build an edge proxy and an edge computing model of the data to be processed. The edge proxy and the edge computing model include: an edge computing framework module and a business module, wherein the edge computing framework module includes: an edge service layer, a basic Functional layer, operating system layer and hardware layer, the edge service layer is used for cloud-side collaboration of resources, data, intelligence and application management; the basic functional layer is used to realize localized management, sub-device access, and object model management and message queue functions; the operating system layer is used to realize the functions of system monitoring, real-time scheduling, security authentication, application authority and authority isolation; the hardware layer is used to create a data execution and computing environment for data to be processed;

处理模块,用于基于所述边缘代理及边缘计算模型对所述待处理数据进行预处理;A processing module, configured to preprocess the data to be processed based on the edge agent and the edge computing model;

加密模块,用于通过预设加密方式对预处理后的待处理数据进行加密处理,以获得加密数据,其中,所述预设加密方式包括:通过SM2算法进行数据加密。The encryption module is configured to encrypt the preprocessed data to be processed by a preset encryption method to obtain encrypted data, wherein the preset encryption method includes: encrypting data by SM2 algorithm.

可选的,所述装置还包括:Optionally, the device also includes:

转发模块,用于通过通讯模组将所述加密数据转发至后台服务器,当所述加密数据转发完成后,后台服务器进入低功耗运行模式。The forwarding module is used to forward the encrypted data to the background server through the communication module. After the forwarding of the encrypted data is completed, the background server enters a low power consumption operation mode.

本申请的又一实施例提供了一种存储介质,所述存储介质中存储有计算机程序,其中,所述计算机程序被设置为运行时执行上述任一项中所述的方法。Yet another embodiment of the present application provides a storage medium, in which a computer program is stored, wherein the computer program is configured to execute the method described in any one of the above when running.

本申请的又一实施例提供了一种电子设备,包括存储器和处理器,所述存储器中存储有计算机程序,所述处理器被设置为运行所述计算机程序以执行上述任一项中所述的方法。Another embodiment of the present application provides an electronic device, including a memory and a processor, the memory stores a computer program, and the processor is configured to run the computer program to perform any of the above-mentioned Methods.

与现有技术相比,本发明首先构建待处理数据的边缘代理及边缘计算模型,基于边缘代理及边缘计算模型对待处理数据进行预处理,通过预设加密方式对预处理后的待处理数据进行加密处理,以获得加密数据,其中,预设加密方式包括:通过SM2算法进行数据加密,它能够提高数据安全性。Compared with the prior art, the present invention first constructs an edge proxy and an edge computing model of the data to be processed, preprocesses the data to be processed based on the edge proxy and the edge computing model, and performs preprocessing on the preprocessed data to be processed by a preset encryption method. Encryption processing to obtain encrypted data, wherein the preset encryption method includes: data encryption through the SM2 algorithm, which can improve data security.

附图说明Description of drawings

图1为本发明实施例提供的一种数据加密的处理方法的计算机终端的硬件结构框图;Fig. 1 is a block diagram of the hardware structure of a computer terminal of a data encryption processing method provided by an embodiment of the present invention;

图2为本发明实施例提供的一种数据加密的处理方法的流程示意图;FIG. 2 is a schematic flowchart of a data encryption processing method provided by an embodiment of the present invention;

图3为本发明实施例提供的一种边缘计算框架模块功能框架示意图;FIG. 3 is a schematic diagram of a functional framework of an edge computing framework module provided by an embodiment of the present invention;

图4为本发明实施例提供的一种边缘计算框架模块基本框架示意图;FIG. 4 is a schematic diagram of a basic framework of an edge computing framework module provided by an embodiment of the present invention;

图5为本发明实施例提供的一种数据加密的处理装置的结构示意图。FIG. 5 is a schematic structural diagram of a data encryption processing device provided by an embodiment of the present invention.

具体实施方式Detailed ways

下面通过参考附图描述的实施例是示例性的,仅用于解释本发明,而不能解释为对本发明的限制。The embodiments described below by referring to the figures are exemplary only for explaining the present invention and should not be construed as limiting the present invention.

本发明实施例首先提供了一种数据加密的处理方法,该方法可以应用于电子设备,如计算机终端,具体如普通电脑、量子计算机等。Embodiments of the present invention firstly provide a data encryption processing method, which can be applied to electronic devices, such as computer terminals, specifically, ordinary computers, quantum computers, and the like.

下面以运行在计算机终端上为例对其进行详细说明。图1为本发明实施例提供的一种数据加密的处理方法的计算机终端的硬件结构框图。如图1所示,计算机终端可以包括一个或多个(图1中仅示出一个)处理器102(处理器102可以包括但不限于微处理器MCU或可编程逻辑器件FPGA等的处理装置)和用于存储数据的存储器104,可选地,上述计算机终端还可以包括用于通信功能的传输装置106以及输入输出设备108。本领域普通技术人员可以理解,图1所示的结构仅为示意,其并不对上述计算机终端的结构造成限定。例如,计算机终端还可包括比图1中所示更多或者更少的组件,或者具有与图1所示不同的配置。The following will describe it in detail by taking it running on a computer terminal as an example. FIG. 1 is a block diagram of a hardware structure of a computer terminal for a data encryption processing method provided by an embodiment of the present invention. As shown in Figure 1, the computer terminal may include one or more (only one is shown in Figure 1) processors 102 (processors 102 may include but not limited to processing devices such as microprocessor MCU or programmable logic device FPGA, etc.) and a memory 104 for storing data. Optionally, the above-mentioned computer terminal may further include a transmission device 106 and an input and output device 108 for communication functions. Those skilled in the art can understand that the structure shown in FIG. 1 is only for illustration, and it does not limit the structure of the above computer terminal. For example, the computer terminal may also include more or fewer components than shown in FIG. 1 , or have a different configuration than that shown in FIG. 1 .

存储器104可用于存储应用软件的软件程序以及模块,如本申请实施例中的数据加密的处理方法对应的程序指令/模块,处理器102通过运行存储在存储器104内的软件程序以及模块,从而执行各种功能应用以及数据处理,即实现上述的方法。存储器104可包括高速随机存储器,还可包括非易失性存储器,如一个或者多个磁性存储装置、闪存、或者其他非易失性固态存储器。在一些实例中,存储器104可进一步包括相对于处理器102远程设置的存储器,这些远程存储器可以通过网络连接至计算机终端。上述网络的实例包括但不限于互联网、企业内部网、局域网、移动通信网及其组合。The memory 104 can be used to store software programs and modules of application software, such as the program instructions/modules corresponding to the data encryption processing method in the embodiment of the present application, and the processor 102 executes the software programs and modules stored in the memory 104 by running Various functional applications and data processing are to realize the above-mentioned method. The memory 104 may include high-speed random access memory, and may also include non-volatile memory, such as one or more magnetic storage devices, flash memory, or other non-volatile solid-state memory. In some examples, the memory 104 may further include a memory that is remotely located relative to the processor 102, and these remote memories may be connected to a computer terminal through a network. Examples of the aforementioned networks include, but are not limited to, the Internet, intranets, local area networks, mobile communication networks, and combinations thereof.

传输装置106用于经由一个网络接收或者发送数据。上述的网络具体实例可包括计算机终端的通信供应商提供的无线网络。在一个实例中,传输装置106包括一个网络适配器(Network Interface Controller,NIC),其可通过基站与其他网络设备相连从而可与互联网进行通讯。在一个实例中,传输装置106可以为射频(Radio Frequency,RF)模块,其用于通过无线方式与互联网进行通讯。The transmission device 106 is used to receive or transmit data via a network. The specific example of the above-mentioned network may include a wireless network provided by the communication provider of the computer terminal. In one example, the transmission device 106 includes a network interface controller (NIC), which can be connected to other network devices through a base station so as to communicate with the Internet. In one example, the transmission device 106 may be a radio frequency (Radio Frequency, RF) module, which is used to communicate with the Internet in a wireless manner.

随着金融安全上升到国家安全高度,近年来国家有关机关和监管机构站在国家安全和长远战略的高度提出了推动国密算法应用实施、加强行业安全可控的要求。摆脱对国外技术和产品的过度依赖,建设行业网络安全环境,增强我国行业信息系统的“安全可控”能力显得尤为必要和迫切。As financial security has risen to the level of national security, in recent years, relevant state agencies and regulatory agencies have put forward requirements to promote the application and implementation of national secret algorithms and strengthen the security and controllability of the industry from the perspective of national security and long-term strategy. It is particularly necessary and urgent to get rid of excessive dependence on foreign technology and products, build an industry network security environment, and enhance the "safety and controllability" of my country's industry information systems.

密码算法是保障信息安全的核心技术,尤其是最关键的银行业核心领域长期以来都是沿用3DES、SHA-1、RSA等国际通用的密码算法体系及相关标准。国密即国家密码局认定的国产密码算法。主要有SM1,SM2,SM3,SM4。密钥长度和分组长度均为128位,其中SM2为非对称加密,基于ECC,且该算法已公开。由于该算法基于ECC,故其签名速度与秘钥生成速度都快于RSA。ECC 256位(SM2采用的就是ECC 256位的一种)安全强度比RSA 2048位高,但运算速度快于RSA。SM2椭圆曲线公钥密码算法是我国自主设计的公钥密码算法,包括SM2-1椭圆曲线数字签名算法,SM2-2椭圆曲线密钥交换协议,SM2-3椭圆曲线公钥加密算法,分别用于实现数字签名密钥协商和数据加密等功能。SM2算法与RSA算法不同的是,SM2算法是基于椭圆曲线上点群离散对数难题,相对于RSA算法,256位的SM2密码强度已经比2048位的RSA密码强度要高。Cryptographic algorithms are the core technology to ensure information security, especially in the most critical core areas of the banking industry, which have long been using internationally accepted cryptographic algorithm systems and related standards such as 3DES, SHA-1, and RSA. National secret refers to the domestic encryption algorithm recognized by the State Cryptography Administration. There are mainly SM1, SM2, SM3, SM4. Both the key length and block length are 128 bits, among which SM2 is asymmetric encryption, based on ECC, and the algorithm has been made public. Since the algorithm is based on ECC, its signature speed and secret key generation speed are faster than RSA. ECC 256-bit (SM2 adopts a kind of ECC 256-bit) security strength is higher than RSA 2048-bit, but the operation speed is faster than RSA. SM2 elliptic curve public key cryptography algorithm is a public key cryptography algorithm independently designed by my country, including SM2-1 elliptic curve digital signature algorithm, SM2-2 elliptic curve key exchange protocol, SM2-3 elliptic curve public key encryption algorithm, respectively used for Realize functions such as digital signature key negotiation and data encryption. The difference between the SM2 algorithm and the RSA algorithm is that the SM2 algorithm is based on the point group discrete logarithm problem on the elliptic curve. Compared with the RSA algorithm, the 256-bit SM2 cipher strength is already higher than the 2048-bit RSA cipher strength.

参见图2,图2为本发明实施例提供的一种数据加密的处理方法的流程示意图,可以包括如下步骤:Referring to FIG. 2, FIG. 2 is a schematic flowchart of a data encryption processing method provided by an embodiment of the present invention, which may include the following steps:

S201:构建待处理数据的边缘代理及边缘计算模型,所述边缘代理及边缘计算模型包括:边缘计算框架模块和业务模块,其中,所述边缘计算框架模块包括:边缘服务层、基础功能层、操作系统层和硬件层,所述边缘服务层用于资源、数据、智能和应用管理的云边协同;所述基础功能层用于实现本地化管理、子设备接入、物模型管理和消息队列的功能;所述操作系统层用于实现系统监测、实时调度、安全认证、应用权限及权限隔离的功能;所述硬件层用于创建待处理数据的数据执行和计算环境。S201: Construct an edge proxy and an edge computing model for the data to be processed. The edge proxy and the edge computing model include: an edge computing framework module and a business module, wherein the edge computing framework module includes: an edge service layer, a basic function layer, Operating system layer and hardware layer, the edge service layer is used for cloud-side collaboration of resources, data, intelligence and application management; the basic function layer is used to realize localized management, sub-device access, object model management and message queue functions; the operating system layer is used to realize the functions of system monitoring, real-time scheduling, security authentication, application authority and authority isolation; the hardware layer is used to create a data execution and computing environment for data to be processed.

具体的,所述业务模块用于实现端设备的接入、删除、状态更新以及数据、事件上报,业务控制命令响应的功能。Specifically, the service module is used to implement functions of terminal device access, deletion, status update, data and event reporting, and service control command response.

示例性的,所述边缘计算框架模块,还可以包括:Exemplarily, the edge computing framework module may further include:

物联管理中心,其中,所述物联管理中心用于实现子设备全生命周期管理、数据分析、集中式训练、业务编排以及应用开发、调试、发布的功能。The IoT management center, wherein the IoT management center is used to realize the functions of sub-device life cycle management, data analysis, centralized training, business arrangement, and application development, debugging, and release.

需要说明的是,所述边缘计算框架模块通过MQTT协议与所述业务模块进行交互,且所述边缘计算框架模块与所述业务模块运行在相同设备中,通过连接本地MQTT服务器进行通信。It should be noted that the edge computing framework module interacts with the service module through the MQTT protocol, and the edge computing framework module and the service module run in the same device and communicate by connecting to a local MQTT server.

其中,物联管理中心平台与边缘计算框架模块通过远程MQTT服务进行设备接入以及各类报文的接收与发送,边缘计算框架模块与业务A模块通过本地MQTT服务以发布-订阅的方式进行连接建立和数据通信。物联管理中心平台开启后,边缘计算框架模块进行设备接入动作,设备接入完成后,业务模块必须先通过本地MQTT服务进行端设备添加,收到端设备添加成功的响应信息后,再进行更新、删除、数据上报等其它动作。Among them, the IoT management center platform and the edge computing framework module perform device access and receive and send various messages through the remote MQTT service, and the edge computing framework module and the business A module connect through the local MQTT service in a publish-subscribe manner Establish and data communication. After the IoT management center platform is started, the edge computing framework module performs the device access action. After the device access is completed, the business module must first add the end device through the local MQTT service, and then proceed after receiving the response message that the end device is successfully added. Update, delete, data reporting and other actions.

S202:基于所述边缘代理及边缘计算模型对所述待处理数据进行预处理。S202: Preprocess the data to be processed based on the edge agent and the edge computing model.

具体的,所述基于所述边缘代理及边缘计算模型对所述待处理数据进行预处理,可以包括:Specifically, the preprocessing of the data to be processed based on the edge agent and the edge computing model may include:

接收待处理数据,通过所述边缘计算框架模块中预设判断处理方式对所述待处理数据的直接物理量进行预处理,并输出预处理后数据。The data to be processed is received, the direct physical quantity of the data to be processed is preprocessed through the preset judgment processing method in the edge computing framework module, and the preprocessed data is output.

示例性的,硬件层接收到待处理数据后启动数据甄别,并判断该待处理数据是否存在遗漏数据,如该待处理数据不存在遗漏数据,则结束该判断环节;如该原始数据存在遗漏数据,则询问用户是否选择忽略遗漏数据:如用户确认忽略,则结束该判断环节;如用户取消忽略,则继续提示用户选择填补数据的方式,所述填补数据的方式可以包括:人工填补、平均值填补以及可能值填补。Exemplarily, the hardware layer starts data screening after receiving the data to be processed, and judges whether there is missing data in the data to be processed, and ends the judging process if there is no missing data in the data to be processed; if there is missing data in the original data , then ask the user whether to choose to ignore the missing data: if the user confirms to ignore, the judgment process will end; if the user cancels the ignore, then continue to prompt the user to choose the way to fill in the data. Padding and possible value padding.

在一种可选的实施方式中,预处理方式也可以为:判断待处理数据是否存在异常或噪声数据,如该待处理数据不存在异常或噪声数据,则结束该判断环节;如该待处理数据存在异常或噪声数据,则询问用户是否选择忽略异常或噪声数据:如用户确认忽略,则结束该判断环节;如用户取消忽略,则继续对异常或噪声数据进行修正处理,修正完成后结束该判断环节。In an optional implementation, the preprocessing method can also be: judging whether there is abnormality or noise data in the data to be processed, if there is no abnormality or noise data in the data to be processed, then end the judgment process; if the data to be processed If there are abnormal or noisy data in the data, the user will be asked whether to ignore the abnormal or noisy data: if the user confirms to ignore, the judgment process will end; if the user cancels the ignore, continue to correct the abnormal or noisy data, and end the process after the correction Judgment link.

需要说明的是,采用边缘计算框架模块及边缘计算等核心算法对待处理数据进行加工,处理,其目的是为了更好的通过预设加密方式对预处理后的待处理数据进行加密处理,一切有利于对待处理数据进行预处理的方式都应该包含在本申请之中,在此不再赘述。It should be noted that the edge computing framework module and core algorithms such as edge computing are used to process and process the data to be processed. The purpose of processing is to better encrypt the preprocessed data to be processed through the preset encryption method. All methods that are conducive to preprocessing the data to be processed should be included in this application, and will not be repeated here.

S203:通过预设加密方式对预处理后的待处理数据进行加密处理,以获得加密数据,其中,所述预设加密方式包括:通过SM2算法进行数据加密。S203: Encrypt the preprocessed data to be processed by using a preset encryption method to obtain encrypted data, wherein the preset encryption method includes: encrypting data by using an SM2 algorithm.

示例性的,可以通过TF加密卡中的商用SM2算法进行数据的加密,实现依托于加密卡的数据加密模式。Exemplarily, the data can be encrypted by using the commercial SM2 algorithm in the TF encryption card to realize the data encryption mode relying on the encryption card.

需要说明的是,可以通过通讯模组将所述加密数据转发至后台服务器,当所述加密数据转发完成后,后台服务器进入低功耗运行模式。It should be noted that the encrypted data can be forwarded to the background server through the communication module, and the background server enters a low-power operation mode after the forwarding of the encrypted data is completed.

例如,在Linux系统中导入编写好的软件,可以设置为开机自动运行。软件中可以进行采集后待处理数据的基于边缘代理及边缘计算的加工预处理工作,之后对处理后的数据利用TF加密卡内SM2秘钥进行数据加密。软件控制加密后数据通过华为通讯模组进行数据转发至后台服务器,确认数据发送成功后,即可进入低功耗运行待机模式。For example, importing the written software into the Linux system can be set to run automatically at startup. The software can carry out processing and preprocessing based on edge agent and edge computing for the data to be processed after collection, and then encrypt the processed data with the SM2 key in the TF encryption card. After the software controls the encrypted data, it forwards the data to the background server through the Huawei communication module. After confirming that the data is sent successfully, it can enter the low-power standby mode.

在本申请中,边缘代理及边缘计算模型可以位于物联网的感知层,利用本地的通讯接口对各类的传感器、终端等设备接入,并经过边缘计算框架模块统一进行管理,通过协议解析将业务数据提取、沉余、汇聚及保存,按照一定的物模型要求进行标准化建模,利用边缘计算对模型数据进行数据加工,利用加工后的数据,即可获得真实有效数据,这些真实有效数据在边缘计算框架模块中利用SM2的算法对这些数据进行加密,将加密后的数据通过4G或GPRS发送至服务端的数据网关,经服务器端的数据网关进行数据解密,获得解密后的真实有效数据,供服务端使用。In this application, the edge agent and the edge computing model can be located in the perception layer of the Internet of Things, use the local communication interface to access various sensors, terminals and other devices, and manage them in a unified way through the edge computing framework module. Business data extraction, accumulation, aggregation and storage, standardized modeling according to certain physical model requirements, data processing of model data by using edge computing, and real and effective data can be obtained by using the processed data. These real and effective data are in The edge computing framework module uses the SM2 algorithm to encrypt these data, and sends the encrypted data to the data gateway of the server through 4G or GPRS, and decrypts the data through the data gateway of the server to obtain the decrypted real and effective data for service terminal use.

其中,边缘计算是在靠近物或者数据源头的网络边缘侧,融合网络、计算、存储、应用核心能力的分布式开放平台(架构),就近提供边缘智能服务。边缘计算框架模块作为支撑边缘计算的开放式平台软件,满足行业数字化在敏捷连接、实时业务、数据优化、应用智能、安全与隐私保护等方面的关键需求。Among them, edge computing is a distributed open platform (architecture) that integrates network, computing, storage, and application core capabilities on the edge of the network close to the source of objects or data, and provides edge intelligent services nearby. As an open platform software supporting edge computing, the edge computing framework module meets the key needs of industry digitalization in terms of agile connection, real-time business, data optimization, application intelligence, security and privacy protection.

其中,参见图3,图3为本发明实施例提供的一种边缘计算框架模块功能框架示意图,可以分为硬件层、操作系统层、基础功能层和边缘服务层。其中,硬件层包括设备唯一标识、可信计算模块等功能;操作系统层包括系统监测、安全接入、应用隔离、可信度量等功能;基础功能层包括子设备接入、物模型管理、消息队列等功能;边缘服务层包括流计算、规则引擎等功能,并支撑资源、数据、智能、应用管理等的云边协同。Wherein, referring to FIG. 3 , FIG. 3 is a schematic diagram of a functional framework of an edge computing framework module provided by an embodiment of the present invention, which can be divided into a hardware layer, an operating system layer, a basic function layer, and an edge service layer. Among them, the hardware layer includes functions such as unique device identification and trusted computing modules; the operating system layer includes functions such as system monitoring, secure access, application isolation, and trusted measurement; the basic function layer includes sub-device access, object model management, message Queue and other functions; the edge service layer includes functions such as flow computing and rule engine, and supports cloud-side collaboration of resources, data, intelligence, and application management.

参见图4,图4为本发明实施例提供的一种边缘计算框架模块基本框架示意图,边缘计算框架模块可作为向物联管理中心传送数据的代理网关,对于一场一边,区域自治而言,所有的子设备可被边缘计算框架模块统一管理。边缘计算框架模块提供了多个通信设备接口,如串口、485、网口、载波PLC、4G、LoRa等,可以通过内置的国网芯加密芯片。图示中的边缘计算能力开放框架主要分为核心服务层、设备管理层、应用容器层,同时提供了统一管理的Agent。应用容器层可为业务模块提供轻量化的虚拟化运行环境,设备管理层提供对设备的物模型定义、设备注册等,核心服务层提供基于规则引擎的数据处理,边缘计算、任务调度等,边缘计算框架模块的采集信息通过统一管理Agent上传到物联管理中心平台上。Referring to Fig. 4, Fig. 4 is a schematic diagram of a basic framework of an edge computing framework module provided by an embodiment of the present invention. The edge computing framework module can be used as a proxy gateway to transmit data to the IoT management center. For one side of the field and regional autonomy, All sub-devices can be managed uniformly by the edge computing framework module. The edge computing framework module provides multiple communication device interfaces, such as serial port, 485, network port, carrier PLC, 4G, LoRa, etc., which can be encrypted through the built-in state network core chip. The edge computing capability opening framework shown in the figure is mainly divided into the core service layer, device management layer, and application container layer, and also provides a unified management agent. The application container layer can provide a lightweight virtualized operating environment for business modules. The device management layer provides object model definition, device registration, etc. for the device. The core service layer provides rule engine-based data processing, edge computing, task scheduling, etc., and the edge The collected information of the computing framework module is uploaded to the IoT management center platform through the unified management agent.

可见,本发明首先构建待处理数据的边缘代理及边缘计算模型,基于边缘代理及边缘计算模型对待处理数据进行预处理,通过预设加密方式对预处理后的待处理数据进行加密处理,以获得加密数据,其中,预设加密方式包括:通过SM2算法进行数据加密,它能够提高数据安全性。It can be seen that the present invention first constructs an edge proxy and an edge computing model of the data to be processed, preprocesses the data to be processed based on the edge proxy and the edge computing model, and encrypts the preprocessed data to be processed by a preset encryption method to obtain Encrypted data, wherein, the preset encryption method includes: encrypting data through the SM2 algorithm, which can improve data security.

本申请的又一实施例提供了一种数据加密的处理装置,如图5所示的一种数据加密的处理装置的结构示意图,所述装置包括:Another embodiment of the present application provides a data encryption processing device, as shown in FIG. 5, a schematic structural diagram of a data encryption processing device, the device includes:

构建模块501,用于构建待处理数据的边缘代理及边缘计算模型,所述边缘代理及边缘计算模型包括:边缘计算框架模块和业务模块,其中,所述边缘计算框架模块包括:边缘服务层、基础功能层、操作系统层和硬件层,所述边缘服务层用于资源、数据、智能和应用管理的云边协同;所述基础功能层用于实现本地化管理、子设备接入、物模型管理和消息队列的功能;所述操作系统层用于实现系统监测、实时调度、安全认证、应用权限及权限隔离的功能;所述硬件层用于创建待处理数据的数据执行和计算环境;The construction module 501 is used to construct an edge proxy and an edge computing model of the data to be processed. The edge proxy and the edge computing model include: an edge computing framework module and a business module, wherein the edge computing framework module includes: an edge service layer, Basic function layer, operating system layer and hardware layer, the edge service layer is used for cloud-side collaboration of resources, data, intelligence and application management; the basic function layer is used to realize localized management, sub-device access, object model The function of management and message queue; the operating system layer is used to realize the functions of system monitoring, real-time scheduling, security authentication, application authority and authority isolation; the hardware layer is used to create a data execution and computing environment for data to be processed;

处理模块502,用于基于所述边缘代理及边缘计算模型对所述待处理数据进行预处理;A processing module 502, configured to preprocess the data to be processed based on the edge agent and the edge computing model;

加密模块503,用于通过预设加密方式对预处理后的待处理数据进行加密处理,以获得加密数据,其中,所述预设加密方式包括:通过SM2算法进行数据加密。The encryption module 503 is configured to encrypt the preprocessed data to be processed by a preset encryption method to obtain encrypted data, wherein the preset encryption method includes: encrypting data by SM2 algorithm.

具体的,所述装置还包括:Specifically, the device also includes:

转发模块,用于通过通讯模组将所述加密数据转发至后台服务器,当所述加密数据转发完成后,后台服务器进入低功耗运行模式。The forwarding module is used to forward the encrypted data to the background server through the communication module. After the forwarding of the encrypted data is completed, the background server enters a low power consumption operation mode.

与现有技术相比,本发明首先构建待处理数据的边缘代理及边缘计算模型,基于边缘代理及边缘计算模型对待处理数据进行预处理,通过预设加密方式对预处理后的待处理数据进行加密处理,以获得加密数据,其中,预设加密方式包括:通过SM2算法进行数据加密,它能够提高数据安全性。Compared with the prior art, the present invention first constructs an edge proxy and an edge computing model of the data to be processed, preprocesses the data to be processed based on the edge proxy and the edge computing model, and performs preprocessing on the preprocessed data to be processed by a preset encryption method. Encryption processing to obtain encrypted data, wherein the preset encryption method includes: data encryption through the SM2 algorithm, which can improve data security.

本发明实施例还提供了一种存储介质,所述存储介质中存储有计算机程序,其中,所述计算机程序被设置为运行时执行上述任一项方法实施例中的步骤。An embodiment of the present invention also provides a storage medium, wherein a computer program is stored in the storage medium, wherein the computer program is set to execute the steps in any one of the above method embodiments when running.

具体的,在本实施例中,上述存储介质可以被设置为存储用于执行以下步骤的计算机程序:Specifically, in this embodiment, the above-mentioned storage medium may be configured to store a computer program for performing the following steps:

S201:构建待处理数据的边缘代理及边缘计算模型,所述边缘代理及边缘计算模型包括:边缘计算框架模块和业务模块,其中,所述边缘计算框架模块包括:边缘服务层、基础功能层、操作系统层和硬件层,所述边缘服务层用于资源、数据、智能和应用管理的云边协同;所述基础功能层用于实现本地化管理、子设备接入、物模型管理和消息队列的功能;所述操作系统层用于实现系统监测、实时调度、安全认证、应用权限及权限隔离的功能;所述硬件层用于创建待处理数据的数据执行和计算环境;S201: Construct an edge proxy and an edge computing model for the data to be processed. The edge proxy and the edge computing model include: an edge computing framework module and a business module, wherein the edge computing framework module includes: an edge service layer, a basic function layer, Operating system layer and hardware layer, the edge service layer is used for cloud-side collaboration of resources, data, intelligence and application management; the basic function layer is used to realize localized management, sub-device access, object model management and message queue functions; the operating system layer is used to realize the functions of system monitoring, real-time scheduling, security authentication, application authority and authority isolation; the hardware layer is used to create a data execution and computing environment for data to be processed;

S202:基于所述边缘代理及边缘计算模型对所述待处理数据进行预处理;S202: Preprocess the data to be processed based on the edge agent and the edge computing model;

S203:通过预设加密方式对预处理后的待处理数据进行加密处理,以获得加密数据,其中,所述预设加密方式包括:通过SM2算法进行数据加密。S203: Encrypt the preprocessed data to be processed by using a preset encryption method to obtain encrypted data, wherein the preset encryption method includes: encrypting data by using an SM2 algorithm.

具体的,在本实施例中,上述存储介质可以包括但不限于:U盘、只读存储器(Read-Only Memory,简称为ROM)、随机存取存储器(Random Access Memory,简称为RAM)、移动硬盘、磁碟或者光盘等各种可以存储计算机程序的介质。Specifically, in this embodiment, the above-mentioned storage medium may include but not limited to: U disk, read-only memory (Read-Only Memory, ROM for short), random access memory (Random Access Memory, RAM for short), mobile Various media that can store computer programs, such as hard disks, magnetic disks, or optical disks.

与现有技术相比,本发明首先构建待处理数据的边缘代理及边缘计算模型,基于边缘代理及边缘计算模型对待处理数据进行预处理,通过预设加密方式对预处理后的待处理数据进行加密处理,以获得加密数据,其中,预设加密方式包括:通过SM2算法进行数据加密,它能够提高数据安全性。Compared with the prior art, the present invention first constructs an edge proxy and an edge computing model of the data to be processed, preprocesses the data to be processed based on the edge proxy and the edge computing model, and performs preprocessing on the preprocessed data to be processed by a preset encryption method. Encryption processing to obtain encrypted data, wherein the preset encryption method includes: data encryption through the SM2 algorithm, which can improve data security.

本发明实施例还提供了一种电子装置,包括存储器和处理器,所述存储器中存储有计算机程序,所述处理器被设置为运行所述计算机程序以执行上述任一项方法实施例中的步骤。An embodiment of the present invention also provides an electronic device, including a memory and a processor, where a computer program is stored in the memory, and the processor is configured to run the computer program to perform any of the above method embodiments. step.

具体的,上述电子装置还可以包括传输设备以及输入输出设备,其中,该传输设备和上述处理器连接,该输入输出设备和上述处理器连接。Specifically, the electronic device may further include a transmission device and an input and output device, wherein the transmission device is connected to the processor, and the input and output device is connected to the processor.

具体的,在本实施例中,上述处理器可以被设置为通过计算机程序执行以下步骤:Specifically, in this embodiment, the above-mentioned processor may be configured to execute the following steps through a computer program:

S201:构建待处理数据的边缘代理及边缘计算模型,所述边缘代理及边缘计算模型包括:边缘计算框架模块和业务模块,其中,所述边缘计算框架模块包括:边缘服务层、基础功能层、操作系统层和硬件层,所述边缘服务层用于资源、数据、智能和应用管理的云边协同;所述基础功能层用于实现本地化管理、子设备接入、物模型管理和消息队列的功能;所述操作系统层用于实现系统监测、实时调度、安全认证、应用权限及权限隔离的功能;所述硬件层用于创建待处理数据的数据执行和计算环境;S201: Construct an edge proxy and an edge computing model for the data to be processed. The edge proxy and the edge computing model include: an edge computing framework module and a business module, wherein the edge computing framework module includes: an edge service layer, a basic function layer, Operating system layer and hardware layer, the edge service layer is used for cloud-side collaboration of resources, data, intelligence and application management; the basic function layer is used to realize localized management, sub-device access, object model management and message queue functions; the operating system layer is used to realize the functions of system monitoring, real-time scheduling, security authentication, application authority and authority isolation; the hardware layer is used to create a data execution and computing environment for data to be processed;

S202:基于所述边缘代理及边缘计算模型对所述待处理数据进行预处理;S202: Preprocess the data to be processed based on the edge agent and the edge computing model;

S203:通过预设加密方式对预处理后的待处理数据进行加密处理,以获得加密数据,其中,所述预设加密方式包括:通过SM2算法进行数据加密。S203: Encrypt the preprocessed data to be processed by using a preset encryption method to obtain encrypted data, wherein the preset encryption method includes: encrypting data by using an SM2 algorithm.

与现有技术相比,本发明首先构建待处理数据的边缘代理及边缘计算模型,基于边缘代理及边缘计算模型对待处理数据进行预处理,通过预设加密方式对预处理后的待处理数据进行加密处理,以获得加密数据,其中,预设加密方式包括:通过SM2算法进行数据加密,它能够提高数据安全性。Compared with the prior art, the present invention first constructs an edge proxy and an edge computing model of the data to be processed, preprocesses the data to be processed based on the edge proxy and the edge computing model, and performs preprocessing on the preprocessed data to be processed by a preset encryption method. Encryption processing to obtain encrypted data, wherein the preset encryption method includes: data encryption through the SM2 algorithm, which can improve data security.

需要说明的是,对于前述的各方法实施例,为了简单描述,故将其都表述为一系列的动作组合,但是本领域技术人员应该知悉,本发明并不受所描述的动作顺序的限制,因为依据本发明,某些步骤可以采用其他顺序或者同时进行。其次,本领域技术人员也应该知悉,说明书中所描述的实施例均属于优选实施例,所涉及的动作和模块并不一定是本发明所必须的。It should be noted that for the foregoing method embodiments, for the sake of simple description, they are expressed as a series of action combinations, but those skilled in the art should know that the present invention is not limited by the described action sequence. Because of the present invention, certain steps may be performed in other orders or simultaneously. Secondly, those skilled in the art should also know that the embodiments described in the specification belong to preferred embodiments, and the actions and modules involved are not necessarily required by the present invention.

在上述实施例中,对各个实施例的描述都各有侧重,某个实施例中没有详述的部分,可以参见其他实施例的相关描述。In the foregoing embodiments, the descriptions of each embodiment have their own emphases, and for parts not described in detail in a certain embodiment, reference may be made to relevant descriptions of other embodiments.

在本发明所提供的几个实施例中,应该理解到,所揭露的装置,可通过其它的方式实现。例如,以上所描述的装置实施例仅仅是示意性的,例如上述单元的划分,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式,例如多个单元或组件可以结合或者可以集成到另一个系统,或一些特征可以忽略,或不执行。另一点,所显示或讨论的相互之间的耦合或直接耦合或通信连接可以是通过一些接口,装置或单元的间接耦合或通信连接,可以是电性或其它的形式。In the several embodiments provided by the present invention, it should be understood that the disclosed device can be implemented in other ways. For example, the device embodiments described above are only illustrative. For example, the division of the above units is only a logical function division. In actual implementation, there may be other division methods, for example, multiple units or components can be combined or integrated. to another system, or some features may be ignored, or not implemented. In another point, the mutual coupling or direct coupling or communication connection shown or discussed may be through some interfaces, and the indirect coupling or communication connection of devices or units may be in electrical or other forms.

上述作为分离部件说明的单元可以是或者也可以不是物理上分开的,作为单元显示的部件可以是或者也可以不是物理单元,即可以位于一个地方,或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部单元来实现本实施例方案的目的。The units described above as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, that is, they may be located in one place, or may be distributed to multiple network units. Part or all of the units can be selected according to actual needs to achieve the purpose of the solution of this embodiment.

另外,在本发明各个实施例中的各功能单元可以集成在一个处理单元中,也可以是各个单元单独物理存在,也可以两个或两个以上单元集成在一个单元中。上述集成的单元既可以采用硬件的形式实现,也可以采用软件功能单元的形式实现。In addition, each functional unit in each embodiment of the present invention may be integrated into one processing unit, each unit may exist separately physically, or two or more units may be integrated into one unit. The above-mentioned integrated units can be implemented in the form of hardware or in the form of software functional units.

上述集成的单元如果以软件功能单元的形式实现并作为独立的产品销售或使用时,可以存储在一个计算机可读取存储器中。基于这样的理解,本发明的技术方案本质上或者说对现有技术做出贡献的部分或者该技术方案的全部或部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储器中,包括若干指令用以使得一台计算机设备(可为个人计算机、服务器或者网络设备等)执行本发明各个实施例上述方法的全部或部分步骤。而前述的存储器包括:U盘、只读存储器(ROM,Read-Only Memory)、随机存取存储器(RAM,Random Access Memory)、移动硬盘、磁碟或者光盘等各种可以存储程序代码的介质。If the above-mentioned integrated units are realized in the form of software function units and sold or used as independent products, they can be stored in a computer-readable memory. Based on this understanding, the essence of the technical solution of the present invention or the part that contributes to the prior art or all or part of the technical solution can be embodied in the form of a software product, and the computer software product is stored in a memory. Several instructions are included to make a computer device (which may be a personal computer, server or network device, etc.) execute all or part of the steps of the above-mentioned methods in various embodiments of the present invention. The aforementioned memory includes: U disk, read-only memory (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), mobile hard disk, magnetic disk or optical disk and other media that can store program codes.

以上对本发明实施例进行了详细介绍,本文中应用了具体个例对本发明的原理及实施方式进行了阐述,以上实施例的说明只是用于帮助理解本发明的方法及其核心思想;同时,对于本领域的一般技术人员,依据本发明的思想,在具体实施方式及应用范围上均会有改变之处,综上所述,本说明书内容不应理解为对本发明的限制。The embodiments of the present invention have been described in detail above, and specific examples have been used in this paper to illustrate the principles and implementation methods of the present invention. The descriptions of the above embodiments are only used to help understand the method and core idea of the present invention; at the same time, for Those skilled in the art will have changes in the specific implementation and scope of application according to the idea of the present invention. In summary, the contents of this specification should not be construed as limiting the present invention.

Claims (10)

1. A method for processing data encryption, the method comprising:
constructing an edge agent and an edge calculation model of data to be processed, wherein the edge agent and the edge calculation model comprise: the system comprises an edge computing framework module and a business module, wherein the edge computing framework module comprises: the cloud edge coordination system comprises an edge service layer, a basic function layer, an operating system layer and a hardware layer, wherein the edge service layer is used for cloud edge coordination of resource, data, intelligence and application management; the basic function layer is used for realizing the functions of localized management, sub-equipment access, object model management and message queue; the operating system layer is used for realizing the functions of system monitoring, real-time scheduling, safety authentication, application authority and authority isolation; the hardware layer is used for creating a data execution and computing environment of data to be processed;
preprocessing the data to be processed based on the edge agent and an edge calculation model;
the method comprises the following steps of carrying out encryption processing on preprocessed data to be processed through a preset encryption mode to obtain encrypted data, wherein the preset encryption mode comprises the following steps: data encryption is performed by the SM2 algorithm.
2. The method of claim 1, further comprising:
and forwarding the encrypted data to a background server through a communication module, and entering a low-power-consumption operation mode by the background server after the encrypted data is forwarded.
3. The method of claim 1, wherein the edge computation framework module further comprises:
the system comprises an Internet of things management center, wherein the Internet of things management center is used for realizing the functions of full-life-cycle management, data analysis, centralized training, business arrangement, application development, debugging and release of the sub-equipment.
4. The method of claim 3, wherein the edge computing framework module interacts with the business module via MQTT protocol, and wherein the edge computing framework module and the business module run in the same device and communicate by connecting to a local MQTT server.
5. The method of claim 4, wherein the service module is configured to implement functions of accessing, deleting, status updating, reporting data and events, and responding to a service control command of the end device.
6. The method of claim 2, wherein preprocessing the data to be processed based on the edge proxy and an edge computation model comprises:
and receiving data to be processed, preprocessing the direct physical quantity of the data to be processed by a preset judgment processing mode in the edge calculation frame module, and outputting the preprocessed data.
7. A processing apparatus for data encryption, the apparatus comprising:
the device comprises a building module and an edge computing module, wherein the building module is used for building an edge agent and an edge computing model of data to be processed, and the edge agent and the edge computing model comprise: the system comprises an edge computing framework module and a business module, wherein the edge computing framework module comprises: the cloud edge coordination system comprises an edge service layer, a basic function layer, an operating system layer and a hardware layer, wherein the edge service layer is used for cloud edge coordination of resource, data, intelligence and application management; the basic function layer is used for realizing the functions of localized management, sub-equipment access, object model management and message queue; the operating system layer is used for realizing the functions of system monitoring, real-time scheduling, safety authentication and application authority and authority isolation; the hardware layer is used for creating a data execution and computing environment of data to be processed;
the processing module is used for preprocessing the data to be processed based on the edge agent and the edge calculation model;
the encryption module is used for encrypting the preprocessed data to be processed in a preset encryption mode to obtain encrypted data, wherein the preset encryption mode comprises the following steps: data encryption is performed by the SM2 algorithm.
8. The apparatus of claim 7, further comprising:
and the forwarding module is used for forwarding the encrypted data to the background server through the communication module, and when the encrypted data is forwarded, the background server enters a low-power-consumption operation mode.
9. A storage medium, in which a computer program is stored, wherein the computer program is arranged to perform the method of any of claims 1 to 6 when executed.
10. An electronic device comprising a memory and a processor, wherein the memory has stored therein a computer program, and wherein the processor is arranged to execute the computer program to perform the method of any of claims 1 to 6.
CN202210923996.8A 2022-08-02 2022-08-02 Data encryption processing method and device, storage medium and electronic equipment Pending CN115314275A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210923996.8A CN115314275A (en) 2022-08-02 2022-08-02 Data encryption processing method and device, storage medium and electronic equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210923996.8A CN115314275A (en) 2022-08-02 2022-08-02 Data encryption processing method and device, storage medium and electronic equipment

Publications (1)

Publication Number Publication Date
CN115314275A true CN115314275A (en) 2022-11-08

Family

ID=83857884

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210923996.8A Pending CN115314275A (en) 2022-08-02 2022-08-02 Data encryption processing method and device, storage medium and electronic equipment

Country Status (1)

Country Link
CN (1) CN115314275A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN119232499A (en) * 2024-12-02 2024-12-31 中国交通信息科技集团有限公司 A secure communication method and system based on the MQTT protocol of the national secret password module

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN119232499A (en) * 2024-12-02 2024-12-31 中国交通信息科技集团有限公司 A secure communication method and system based on the MQTT protocol of the national secret password module

Similar Documents

Publication Publication Date Title
WO2021203733A1 (en) Power edge gateway device and device-based sensor data uplink storage method
CN109510760A (en) A kind of block chain gateway that internet of things oriented is applied and the method with the gateway management Internet of Things
CN102724175B (en) The telecommunication safety management framework of ubiquitous green community net control and method
CN112600892A (en) Block chain equipment and system for Internet of things and working method
CN113014599B (en) Method, device and system for safe keeping alive
CN113765713A (en) Data interaction method based on Internet of things equipment acquisition
CN111628976B (en) Message processing method, device, equipment and medium
CN108684018A (en) 5G mMTC aggregation node module construction methods based on block chain
CN112583796B (en) A method, system, IoT management platform and storage medium for terminal equipment to access power Internet of Things
CN109314705A (en) System, apparatus and method for massively scalable dynamic multipoint virtual private network using group encryption keys
CN109587142B (en) Data security access module and equipment for service flow
CN106453405A (en) Security authentication method for fog node in cloud environment
CN118575449A (en) Secure transmission method, device, system and medium for data of Internet of things
CN116996209A (en) CoAP protocol quantum attack resistant encryption method and device
WO2020052140A1 (en) International energy network system and information processing method
CN115499171A (en) Artificial intelligence trusted computing unified framework, edge device secure computing trusted framework, and security control and decentralization method
CN116633576A (en) Safe and trusted NC-Link agent, control method, equipment and terminal
CN116743850A (en) Equipment self-discovery system based on Internet of things platform and implementation method thereof
CN116886309A (en) Slice security mapping method and system for intelligent identification network
CN115314275A (en) Data encryption processing method and device, storage medium and electronic equipment
CN114726865B (en) Data pledge method, system, electronic device and storage medium
CN112615838B (en) Extensible block chain cross-chain communication method
CN108289041A (en) A kind of processing method and relevant apparatus of server info
US20240187220A1 (en) Pqc-based mqtt communication method, device, system, and computer program
CN118283618A (en) Secondary authentication method and system for longitudinal encryption system and longitudinal encryption system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20221108

点击 这是indexloc提供的php浏览器服务,不要输入任何密码和下载