CN118300832B

CN118300832B - Multi-device access platform processing method and system

Info

Publication number: CN118300832B
Application number: CN202410367860.2A
Authority: CN
Inventors: 张爱平; 钟剑峰; 刘洪�; 邝泽权; 潘志杰
Original assignee: Guangzhou Pinkejie Information Technology Co ltd
Current assignee: Guangzhou Pinkejie Information Technology Co ltd
Priority date: 2024-03-28
Filing date: 2024-03-28
Publication date: 2024-10-11
Anticipated expiration: 2044-03-28
Also published as: CN118300832A

Abstract

The invention provides a multi-device access platform processing method and a system, wherein the method comprises the following steps: receiving access request information sent by terminal equipment to a target platform, and sending response information to the equipment based on the request information; acquiring first authentication information fed back by the terminal equipment, carrying out identity verification on the equipment based on the first authentication information, and sending access indication information when the equipment passes the identity verification; decrypting the encrypted access parameters to obtain initial access parameters of the equipment; distributing the initial access parameters to the message queue according to a preset distribution standard so as to enable the message queue to carry out service logic processing; acquiring a service logic processing result of each initial access parameter and feeding back the service logic processing result to corresponding terminal equipment; and monitoring the load speed of each message queue in real time, and carrying out load balancing on the message queues based on the load speed of each message queue. The invention can improve the data transmission safety and reliability when the multiple devices are accessed to the same platform.

Description

Multi-device access platform processing method and system

Technical Field

The present invention relates to the field of network optimization and network security technologies, and in particular, to a method and a system for processing a multi-device access platform.

Background

The internet of things platform is a software system for connecting, managing and monitoring internet of things equipment. These platforms allow for communication between devices, collecting and processing sensor data, performing remote control, and providing data analysis and visualization functions. The core goal of the internet of things platform is to realize interconnection and interworking of equipment and provide more intelligent and efficient service and application for users. When multiple devices are simultaneously accessed into the platform of the internet of things, the concurrent problem of the information queue may be faced, that is, the multiple devices simultaneously send data to the platform, and the platform needs to process the data and respond correspondingly.

In order to cope with congestion and failure of data transmission caused by data transmission when a plurality of terminal devices send data to a platform at the same time, in the prior art, a technical means of message queues and concurrent processing is generally adopted, namely, an internet of things platform stores messages sent by the devices in the queues, and the platform processes the messages sent by the devices one by one according to the sequence of the queues so as to smooth the information sent by the devices and ensure that confusion is not caused by concurrent access. And the concurrent processing technology can be used for processing information sent by a plurality of devices simultaneously, so that the processing efficiency of the platform is improved, and the concurrent pressure is relieved. However, the data transmitted in the message queue is not encrypted, so that sensitive information is easily intercepted and stolen by an attacker, thereby threatening the security of transmission. Lack of a data encryption mechanism may cause security problems such as data disclosure and privacy disclosure, and affect success rate of message transmission. When the concurrent processing of the message queue is performed, resource competition and performance bottleneck exist, for example, too many processing threads cause too high system load, which can cause increase of message processing delay and even system breakdown, thereby affecting success rate of message transmission, and due to introduction of mechanisms such as the message queue, a certain processing delay can be caused under the condition of large message quantity.

Disclosure of Invention

The invention aims to provide a processing method and a processing system for a multi-device access platform, which are used for solving the technical problems and improving the safety and reliability of data transmission when the multi-device access platform is accessed to the same platform.

In order to solve the technical problems, the invention provides a multi-device access platform processing method, which comprises the following steps:

Receiving access request information sent by terminal equipment to a target platform, and sending response information to the terminal equipment based on the access request information; wherein, the response information indicates the terminal equipment to send authentication information;

Acquiring first authentication information fed back by the terminal equipment, carrying out identity verification on the terminal equipment based on the first authentication information, and sending access indication information to the terminal equipment when the terminal equipment passes the identity verification; the access indication information indicates the terminal equipment to encrypt the initial access parameter based on a preset encryption algorithm so as to generate an encrypted access parameter;

decrypting the encrypted access parameters to obtain initial access parameters of the terminal equipment; distributing the initial access parameters to corresponding message queues according to a preset distribution standard, so that the message queues carry out service logic processing on the received initial access parameters;

acquiring a service logic processing result of each message queue to the initial access parameter and feeding back the service logic processing result to the corresponding terminal equipment;

And monitoring the load speed of each message queue in real time, and carrying out load balancing on the message queues based on the load speed of each message queue.

In the scheme, when the terminal equipment sends the access request information to the target platform, the authentication information fed back by the terminal equipment is used for carrying out identity verification on the terminal equipment, so that the unauthorized equipment can be prevented from accessing the platform, the security of the system is protected, the invasion and attack of hackers or malicious users are prevented, the trust degree of the users to the platform is improved, and the user experience is enhanced. And when the terminal equipment passes the identity verification, the access parameters sent by the terminal equipment are encrypted so as to prevent the sensitive information of the terminal equipment from being tampered or stolen in the transmission process and ensure the confidentiality of data. And then, the access parameters are allocated according to preset allocation standards, and corresponding resources can be configured according to the characteristics and requirements of different request types, so that the utilization of the resources is optimized, and the processing performance and the processing efficiency of the multi-equipment access platform are improved. Further, the load speed of each message queue is monitored in real time, resources are dynamically allocated according to actual load conditions, resource waste caused by overload of certain queues or servers can be avoided, a target platform can better cope with high load conditions, and overall performance and resource utilization rate are improved.

In one implementation manner, the response information indicates the terminal device to send authentication information, and specifically includes:

Controlling the terminal equipment to send a registration request to the target platform, and acquiring a unique digital certificate distributed by the Internet of things platform based on the registration request;

transmitting the unique digital certificate to the target platform based on a transport layer encryption protocol; wherein the authentication information is a unique digital certificate of the terminal device.

In one implementation manner, the acquiring the first authentication information fed back by the terminal device and verifying the identity of the terminal device based on the first authentication information specifically includes:

Acquiring a unique digital certificate in the first authentication information, extracting a certificate revocation list and a validity period, and rejecting the identity verification of the terminal equipment when the unique digital certificate is included in the certificate revocation list or the unique digital certificate exceeds the validity period;

Iteratively verifying a certificate chain of the unique digital certificate based on issuer information until a root certificate of the unique digital certificate, and determining that the terminal device passes the identity verification when the root certificate is issued by a trusted root certificate authority.

In one implementation, the access indication information indicates the terminal device to encrypt the initial access parameter based on a preset encryption algorithm to generate an encrypted access parameter; decrypting the encrypted access parameter to obtain an initial access parameter of the terminal equipment, wherein the initial access parameter comprises the following specific steps:

generating a first public key and a first private key based on the preset encryption algorithm;

Encrypting the initial access parameter by using the first public key to obtain an encrypted access parameter; the initial access parameters comprise any one or more of equipment identity identification information, connection parameters, protocol version information and equipment states;

sending the encrypted access parameters to the target platform through a preset encrypted transmission protocol;

and controlling the target platform to decrypt the received encrypted access parameters based on the first private key to obtain the initial access parameters.

In one implementation manner, the allocating the initial access parameter to a corresponding message queue according to a preset allocation standard, so that the message queue performs service logic processing on the received initial access parameter, and specifically includes:

Acquiring access request information corresponding to the initial access parameters;

Distributing the initial access parameters to the message queues of the same type according to the request type of the access request information; the request type comprises a data acquisition request, an instruction issuing request and a service call request;

carrying out service logic processing on the basis of consumers in the message queues corresponding to the initial access parameters; wherein the business logic processing includes data analysis, device control, and service invocation.

In one implementation manner, the monitoring the load speed of each message queue in real time, and performing load balancing on the message queues based on the load speed of each message queue respectively specifically includes:

dividing each message queue into a plurality of partitions and distributing a preset number of consumers in each partition;

when the number of the messages to be processed in the first partition exceeds a preset threshold, distributing the messages to be processed in the first partition to a second partition in a message queue corresponding to the first partition; the message processing speed in the second partition is higher than a preset reference processing speed;

and when the number of the messages accessed in the message queue exceeds the maximum receiving threshold, increasing the consumers in a preset number of subareas in the message queue.

In one implementation, the multi-device access platform processing method further includes:

Acquiring historical access request information of the target platform in a preset time period, and training an ARIMA model based on the historical request information so that the ARIMA model outputs a future access request information prediction result of the target platform;

and carrying out load balancing on the message queue based on the future access request information prediction result.

In a second aspect, the present application further provides a multi-device access platform processing system, including: the system comprises an information processing module, an identity verification module, a parameter distribution module, a result feedback module and a load balancing module;

the information processing module is used for receiving access request information sent by the terminal equipment to the target platform and sending response information to the terminal equipment based on the access request information; wherein, the response information indicates the terminal equipment to send authentication information;

The identity verification module is used for acquiring first authentication information fed back by the terminal equipment and carrying out identity verification on the terminal equipment based on the first authentication information, and when the terminal equipment passes the identity verification, the identity verification module sends access indication information to the terminal equipment; the access indication information indicates the terminal equipment to encrypt the initial access parameter based on a preset encryption algorithm so as to generate an encrypted access parameter;

The parameter distribution module is used for decrypting the encrypted access parameter to obtain the initial access parameter of the terminal equipment; distributing the initial access parameters to corresponding message queues according to a preset distribution standard, so that the message queues carry out service logic processing on the received initial access parameters;

the result feedback module is used for acquiring a service logic processing result of each message queue to the initial access parameter and feeding back the service logic processing result to the corresponding terminal equipment;

the load balancing module is used for monitoring the load speed of each message queue in real time and respectively carrying out load balancing on the message queues based on the load speed of each message queue.

In one implementation manner, the response information indicates the terminal device to send authentication information, which specifically includes:

In one implementation, the multi-device access platform processing system further comprises:

In a third aspect, the present application also provides a terminal device comprising a processor, a memory and a computer program stored in the memory and configured to be executed by the processor, the processor implementing a multi-device access platform processing method as described above when executing the computer program.

In a fourth aspect, the present application also provides a computer readable storage medium, where the computer readable storage medium includes a stored computer program, where the computer program when executed controls a device in which the computer readable storage medium is located to execute the multi-device access platform processing method as described above.

Drawings

Fig. 1 is a flow chart of a multi-device access platform processing method according to an embodiment of the present invention;

fig. 2 is a schematic block diagram of a multi-device access platform processing system according to an embodiment of the present invention.

Detailed Description

The following describes in further detail the embodiments of the present invention with reference to the drawings and examples. The following examples are illustrative of the invention and are not intended to limit the scope of the invention.

The terms first and second and the like in the description and in the claims and drawings are used for distinguishing between different objects and not for describing a particular sequential order. Furthermore, the terms "comprise" and "have," as well as any variations thereof, are intended to cover a non-exclusive inclusion. For example, a process, method, system, article, or apparatus that comprises a list of steps or elements is not limited to only those listed steps or elements but may include other steps or elements not listed or inherent to such process, method, article, or apparatus.

Reference herein to "an embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment may be included in at least one embodiment of the application. The appearances of such phrases in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments. Those of skill in the art will explicitly and implicitly appreciate that the embodiments described herein may be combined with other embodiments.

First, some terms in the present application will be explained in order to be understood by those skilled in the art.

(1) Terminal equipment: the terminal device is various physical devices connected to the network in the internet of things system, such as a sensor, an actuator, an intelligent device and the like. The devices can be various articles, and are connected with a network through the embedded sensor and the communication module to realize information acquisition, transmission and exchange.

(2) Internet of things platform: the internet of things platform is a middleware system for connecting, managing and controlling internet of things equipment, and provides functions of data storage, analysis, control, application development and the like. The internet of things platform generally provides a data access interface, supports connection with various types of terminal equipment, and provides functions of equipment management, security authentication, data processing, a rule engine and the like so as to monitor, manage and develop applications of the terminal equipment.

(3) The consumer: a consumer in a message queue refers to a component or program that retrieves and processes messages from the message queue. Consumers are typically applications or services designed to handle messages of a particular type. They are responsible for pulling messages from the message queue, processing the messages, and then performing the corresponding operations based on the content of the messages.

Example 1

Referring to fig. 1, fig. 1 is a flow chart of a processing method of a multi-device access platform according to an embodiment of the present invention. The embodiment of the invention provides a multi-device access platform processing method, which comprises steps 101 to 105, wherein the steps are as follows:

Step 101: receiving access request information sent by terminal equipment to a target platform, and sending response information to the terminal equipment based on the access request information; wherein the response information indicates the terminal device to send authentication information.

When the terminal equipment accesses the target platform, the terminal equipment needs to send access request information to the target platform, so as to inform the identity of the platform equipment and the operation to be executed of the terminal equipment, so that the platform can authenticate and authorize the equipment according to the equipment identity and the access request, and the platform can ensure that the equipment can safely access the platform and provide corresponding services and resources for the equipment through the correct access request information. The corresponding response information is fed back by the target platform based on the access request information sent by the terminal equipment, and the formats of access parameters sent by different terminal equipment are standardized based on the response information, so that the platform can quickly know the current state and the requirements of the equipment, and resource allocation and scheduling can be better performed. In the embodiment of the present invention, the target platform is one of the platforms of the internet of things, which is not limited herein.

In an embodiment, the response information indicates the terminal device to send authentication information, which specifically includes: controlling the terminal equipment to send a registration request to the target platform, and acquiring a unique digital certificate distributed by the Internet of things platform based on the registration request; transmitting the unique digital certificate to the internet of things platform based on a transport layer encryption protocol; wherein the authentication information is a unique digital certificate of the terminal device.

In the embodiment of the invention, the response information is used for indicating how the terminal equipment feeds the authentication information back to the target platform. The terminal equipment sends a registration request to the target platform based on the received response information, and the target platform generates a unique digital certificate as an identity certificate of the terminal equipment after receiving the registration request sent by the terminal equipment. Preferably, the terminal device, upon receipt of the unique digital certificate, is also stored in local hardware to prevent unauthorized access and tampering. And then, the terminal equipment sends the generated unique digital certificate to the target platform based on the secure transport layer encryption protocol by the instant TLS protocol so as to verify the identity of the terminal equipment and carry out secure communication.

Step 102: acquiring first authentication information fed back by the terminal equipment, carrying out identity verification on the terminal equipment based on the first authentication information, and sending access indication information to the terminal equipment when the terminal equipment passes the identity verification; the access indication information indicates the terminal equipment to encrypt the initial access parameter based on a preset encryption algorithm so as to generate an encrypted access parameter.

In an embodiment, the obtaining the first authentication information fed back by the terminal device and verifying the identity of the terminal device based on the first authentication information specifically includes: acquiring a unique digital certificate in the first authentication information, extracting a certificate revocation list and a validity period, and rejecting the identity verification of the terminal equipment when the unique digital certificate is included in the certificate revocation list or the unique digital certificate exceeds the validity period; iteratively verifying a certificate chain of the unique digital certificate based on issuer information until a root certificate of the unique digital certificate, and determining that the terminal device passes the identity verification when the root certificate is issued by a trusted root certificate authority.

In the embodiment of the invention, after receiving the first authentication information fed back by the terminal equipment, namely after the unique digital certificate, the target platform extracts a certificate revocation list and a certificate validity period in the unique digital certificate, and performs certificate validity period verification and certificate revocation list inspection on the unique digital certificate. When the unique digital certificate of the terminal device is included in the certificate revocation list or the digital certificate is not in the validity period, the target platform refuses the authentication request of the terminal device. When the unique digital certificate is not included in the certificate revocation list and the validity period of the unique digital certificate is valid within the current time range, iteratively verifying the certificate chain of the unique digital certificate based on the issuer information. That is, the issuer in the unique digital certificate is checked, and then the whole certificate chain is verified iteratively until the root certificate in the unique digital integer is confirmed to be issued by a trusted root Certificate Authority (CA), at this time, the terminal device is judged to pass the identity verification, and the control target platform sends the access indication information to the terminal device.

In an embodiment, the access indication information indicates the terminal device to encrypt the initial access parameter based on a preset encryption algorithm to generate an encrypted access parameter; decrypting the encrypted access parameters to obtain initial access parameters of the terminal equipment, wherein the initial access parameters comprise: generating a first public key and a first private key based on the preset encryption algorithm; encrypting the initial access parameter by using the first public key to obtain an encrypted access parameter; the initial access parameters comprise any one or more of equipment identity identification information, connection parameters, protocol version information and equipment states; sending the encrypted access parameters to the target platform through a preset encrypted transmission protocol; and controlling the target platform to decrypt the received encrypted access parameters based on the first private key to obtain the initial access parameters.

In an embodiment of the invention, a pair of random key pairs is generated using an asymmetric encryption algorithm, including a first public key and a first private key. The initial access parameters are encrypted at the terminal equipment based on the first public key so as to ensure the information transmission safety in the communication process. And then, the encryption intervention parameters are sent to the target platform through a preset encryption transmission protocol HTTPS protocol so as to prevent the intermediate man from attacking or eavesdropping in the transmission process. In the embodiment of the invention, the initial access parameters comprise equipment identity identification information, connection parameters, protocol version information and equipment state. The terminal equipment can provide the self identity identification information which comprises equipment ID, equipment model and firmware version information, so that the target platform can manage the terminal equipment conveniently. The connection parameters include information such as a network connection mode, a network address, a connection port and the like so that the target platform can be connected with the terminal equipment quickly according to the connection parameters. The terminal device provides protocol version information, which can be properly managed and optimized by the target platform. In addition, the initial access parameters include device states, such as "online", "offline", "failure", etc., so that the platform can conveniently know the current state of the terminal device.

Step 103: decrypting the encrypted access parameters to obtain initial access parameters of the terminal equipment; and distributing the initial access parameters to corresponding message queues according to a preset distribution standard, so that the message queues carry out service logic processing on the received initial access parameters.

After receiving the encrypted access parameters sent by the terminal equipment, the target platform decrypts the received encrypted access parameters through the first private key, and then the initial access parameters of the terminal equipment can be obtained.

In an embodiment, the allocating the initial access parameter to a corresponding message queue according to a preset allocation standard, so that the message queue performs service logic processing on the received initial access parameter, and specifically includes: acquiring access request information corresponding to the initial access parameters; distributing the initial access parameters to the message queues of the same type according to the request type of the access request information; the request type comprises a data acquisition request, an instruction issuing request and a service call request; carrying out service logic processing on the basis of consumers in the message queues corresponding to the initial access parameters; wherein the business logic processing includes data analysis, device control, and service invocation.

In the embodiment of the invention, the access request information corresponding to the initial access parameter is acquired, and the initial access parameter is distributed to different consumption queues according to the type of the access request information, so that the classification and identification of the access request information of different types are realized, the processing mode of the access request information of each device is determined, and the unified management and control of the access request information are realized. The processing types of each message queue in the target platform are predefined, the types of access request information corresponding to the initial access parameters are classified each time the message queue receives new initial access parameters, and the distribution of the initial access parameters is realized based on a rule engine technology so as to realize the distribution of the initial access parameters to the corresponding message queues. And then, the responding consumers in different message queues process the access request information in the queues, and proper processing programs or services are distributed to each queue according to the types and the characteristics of the message queues. Preferably, the message queues can be classified according to the type of the access request information and the type of the initial access parameters. For example, a message queue is created for processing access request types as data acquisition requests, and device types as sensors. However, the above solution may cause the created message queue to be too large due to the difference between the request type and the initial access parameter type, so as to occupy too many resources of the platform, and may be adjusted according to the specific application requirements. In performing business logic processing operations for data analysis, a consumer may acquire sensor data from a message queue and process and analyze the data, such as calculating statistics, executing predictive models, detecting anomalies, etc.; when executing the business logic processing operation of the device control, for the device control instructions contained in the message queue, the consumer can be responsible for sending the instructions to the corresponding devices and monitoring the execution results; in performing business logic processing operations for service invocation, the consumer may invoke other services or functional modules, such as storing data and sending notifications, etc., based on the request information in the message.

Step 104: and acquiring a service logic processing result of each message queue to the initial access parameter and distributing the service logic processing result to the corresponding terminal equipment.

And acquiring service logic processing results, such as equipment access success and failure, of each initial access parameter in the message queue, and feeding back the corresponding service logic processing results to the corresponding terminal equipment, thereby completing the information access processing process of the terminal equipment based on the current access request information and the target platform.

Step 105: and monitoring the load speed of each message queue in real time, and carrying out load balancing on the message queues based on the load speed of each message queue.

In an embodiment, the monitoring the load speed of each message queue in real time, and performing load balancing on the message queues based on the load speed of each message queue respectively specifically includes: dividing each message queue into a plurality of partitions and distributing a preset number of consumers in each partition; when the number of the messages to be processed in the first partition exceeds a preset threshold, distributing the messages to be processed in the first partition to a second partition in a message queue corresponding to the first partition; the message processing speed in the second partition is higher than a preset reference value; and when the number of the messages accessed in the message queue exceeds the maximum receiving threshold, increasing the consumers in a preset number of subareas in the message queue.

The message queue is divided into a number of partitions, each of which is processed by one or more consumers. Thus, the partition load balance of the message can be realized, and the processing load of each consumer is ensured to be relatively balanced. When the number of the messages to be processed in the partition exceeds the processing capacity of the partition, namely exceeds a preset threshold, the messages to be processed in the first partition are distributed to other partitions in the message queue where the first partition is located. Preferably, a second partition having a processing speed higher than the reference processing speed is selected. The reference processing speed is preset to process the average duration of a message request by each partition in the message queue. Preferably, further, when the number of messages received by the message queue as a whole exceeds the maximum receiving threshold value which can be born by the message queue, the consumers can be additionally added in the message queue according to the number of the received messages so as to improve the message processing speed. Further, when the number of the messages to be processed in the message queue is small, the number of the consumers in the message queue can be reduced, and the number of the consumers is dynamically adjusted according to the load condition of the message queue.

In one embodiment. The multi-device access platform processing method further comprises the following steps: acquiring historical access request information of the target platform in a preset time period, and training an ARIMA model based on the historical request information so that the ARI MA model outputs a future access request information prediction result of the target platform; and carrying out load balancing on the message queue based on the future access request information prediction result.

The ARI MA model can capture trend information in time series data, thereby helping to know data trends when different devices are connected to the platform. Through trend analysis, the characteristics of periodicity, seasonality and the like of the data can be found, and more comprehensive data insight is provided for the platform. In the embodiment of the invention, the ARI MA model is trained based on the historical access request information received by the target platform in a past period of time. Preferably, data analysis and preprocessing, including data cleansing, outlier handling, missing value filling, etc., are required prior to training to ensure the quality and integrity of the data. Parameters of the ARI MA model are optimized by using proper algorithms and technologies so as to improve the adaptability and prediction accuracy of the model. The best model parameters may be determined using grid search, AI C/bi-ic criteria, etc. The AR I MA model obtained through training can output an access request information prediction result of the target platform in a period of time in the future, and can perform load balancing on a message queue in advance based on the prediction result, so that the message processing capability of the multi-device access is improved.

The embodiment of the invention also provides a multi-device access platform processing device, which comprises a processor, a memory and a computer program stored in the memory and configured to be executed by the processor, wherein the processor realizes the multi-device access platform processing method when executing the computer program.

In an embodiment of the present invention, a computer readable storage medium is further provided, where the computer readable storage medium includes a stored computer program, and when the computer program runs, a device where the computer readable storage medium is located is controlled to execute the multi-device access platform processing method described above.

For example, a computer program may be split into one or more modules, one or more modules stored in memory and executed by a processor to perform the present invention. One or more of the modules may be a series of computer program instruction segments capable of performing particular functions for describing the execution of a computer program in a multi-device access platform processing device.

The multi-device access platform processing device can be a computing device such as a desktop computer, a notebook computer, a palm computer, a cloud server and the like. The multi-device access platform processing device may include, but is not limited to, a processor, a memory, a display. Those skilled in the art will appreciate that the above components are merely examples of a multi-device access platform processing device and do not constitute a limitation of the multi-device access platform processing device, and may include more or fewer components than the components, or may combine certain components, or different components, e.g., the multi-device access platform processing device may further include input-output devices, network access devices, buses, etc.

The Processor may be a central processing unit (Central Processing Unit, CPU), other general purpose Processor, digital signal Processor (DIGITAL SIGNAL Processor, DSP), application SPECIFIC INTEGRATED Circuit (ASIC), off-the-shelf Programmable gate array (Field-Programmable GATE ARRAY, FPGA) or other Programmable logic device, discrete gate or transistor logic device, discrete hardware components, or the like. The general purpose processor may be a microprocessor or the processor may be any conventional processor, etc., and the processor is a control center of the multi-device access platform processing device, and connects various parts of the entire multi-device access platform processing device using various interfaces and lines.

The memory may be used to store computer programs and/or modules that, by running or executing the computer programs and/or modules stored in the memory, the processor may perform various functions for the multi-device access platform processing device by invoking data stored in the memory. The memory may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program (such as a sound playing function, a text conversion function, etc.) required for at least one function, and the like; the storage data area may store data (such as audio data, text message data, etc.) created according to the use of the cellular phone, etc. In addition, the memory may include high-speed random access memory, and may also include non-volatile memory, such as a hard disk, memory, plug-in hard disk, smart memory card (SMART MEDIA CARD, SMC), secure Digital (SD) card, flash memory card (FLASH CARD), at least one disk storage device, flash memory device, or other volatile solid-state storage device.

Wherein the modules based on processing the multi-device access platform may be stored in a computer readable storage medium if implemented in the form of software functional units and sold or used as a stand alone product. Based on such understanding, the present invention may implement all or part of the flow of the method of the above embodiment, or may be implemented by a computer program to instruct related hardware, and the computer program may be stored in a computer readable storage medium, where the computer program, when executed by a processor, may implement the steps of each of the method embodiments described above. Wherein the computer program comprises computer program code, which may be in the form of source code, object code, executable files or in some intermediate form, etc. The computer readable medium may include: any entity or device capable of carrying computer program code, a recording medium, a U disk, a removable hard disk, a magnetic disk, an optical disk, a computer Memory, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), an electrical carrier signal, a telecommunications signal, a software distribution medium, and so forth. Those of ordinary skill in the art will understand and implement the present invention without undue burden.

The embodiment of the invention provides a multi-device access platform processing method, which is used for carrying out identity verification on terminal equipment based on authentication information fed back by the terminal equipment when the terminal equipment sends access request information to a target platform, so that unauthorized equipment can be prevented from accessing the platform, the safety of a system is protected, invasion and attack of hackers or malicious users are prevented, the trust degree of the users on the platform is improved, and the user experience is enhanced. And when the terminal equipment passes the identity verification, the access parameters sent by the terminal equipment are encrypted so as to prevent the sensitive information of the terminal equipment from being tampered or stolen in the transmission process and ensure the confidentiality of data. And then, the access parameters are allocated according to preset allocation standards, and corresponding resources can be configured according to the characteristics and requirements of different request types, so that the utilization of the resources is optimized, and the processing performance and the processing efficiency of the multi-equipment access platform are improved. Further, the load speed of each message queue is monitored in real time, resources are dynamically allocated according to actual load conditions, resource waste caused by overload of certain queues or servers can be avoided, a target platform can better cope with high load conditions, and overall performance and resource utilization rate are improved.

Example 2

Referring to fig. 2, fig. 2 is a schematic block diagram of an apparatus for encrypting and decrypting a keyboard input according to an embodiment of the present invention. The embodiment of the invention provides a multi-device access platform processing system, which comprises: an information processing module 201, an identity verification module 202, a parameter distribution module 203, a result feedback module 204 and a load balancing module 205;

The information processing module 201 is configured to receive access request information sent by a terminal device to a target platform, and send response information to the terminal device based on the access request information; wherein, the response information indicates the terminal equipment to send authentication information;

The identity verification module 202 is configured to obtain first authentication information fed back by the terminal device, perform identity verification on the terminal device based on the first authentication information, and send access indication information to the terminal device when the terminal device passes the identity verification; the access indication information indicates the terminal equipment to encrypt the initial access parameter based on a preset encryption algorithm so as to generate an encrypted access parameter;

The parameter distribution module 203 is configured to decrypt the encrypted access parameter to obtain an initial access parameter of the terminal device; distributing the initial access parameters to corresponding message queues according to a preset distribution standard, so that the message queues carry out service logic processing on the received initial access parameters;

the result feedback module 204 is configured to obtain a service logic processing result of each message queue on the initial access parameter and feed back the service logic processing result to the corresponding terminal device;

The load balancing module 205 is configured to monitor a load speed of each message queue in real time, and perform load balancing on the message queues based on the load speed of each message queue.

In an embodiment, the response information indicates the terminal device to send authentication information, which specifically includes: controlling the terminal equipment to send a registration request to the target platform, and acquiring a unique digital certificate distributed by the Internet of things platform based on the registration request; transmitting the unique digital certificate to the target platform based on a transport layer encryption protocol; wherein the authentication information is a unique digital certificate of the terminal device.

In an embodiment, the access indication information indicates the terminal device to encrypt the initial access parameter based on a preset encryption algorithm to generate an encrypted access parameter; decrypting the encrypted access parameter to obtain an initial access parameter of the terminal equipment, wherein the initial access parameter comprises the following specific steps: generating a first public key and a first private key based on the preset encryption algorithm; encrypting the initial access parameter by using the first public key to obtain an encrypted access parameter; the initial access parameters comprise any one or more of equipment identity identification information, connection parameters, protocol version information and equipment states; sending the encrypted access parameters to the target platform through a preset encrypted transmission protocol; and controlling the target platform to decrypt the received encrypted access parameters based on the first private key to obtain the initial access parameters.

In an embodiment, the monitoring the load speed of each message queue in real time, and performing load balancing on the message queues based on the load speed of each message queue respectively specifically includes: dividing each message queue into a plurality of partitions and distributing a preset number of consumers in each partition; when the number of the messages to be processed in the first partition exceeds a preset threshold, distributing the messages to be processed in the first partition to a second partition in a message queue corresponding to the first partition; the message processing speed in the second partition is higher than a preset reference processing speed; and when the number of the messages accessed in the message queue exceeds the maximum receiving threshold, increasing the consumers in a preset number of subareas in the message queue.

In one embodiment, the multi-device access platform processing system further comprises: acquiring historical access request information of the target platform in a preset time period, and training an ARIMA model based on the historical request information so that the ARIMA model outputs a future access request information prediction result of the target platform; and carrying out load balancing on the message queue based on the future access request information prediction result.

It will be clear to those skilled in the art that, for convenience and brevity of description, reference may be made to the corresponding process in the foregoing method embodiment for the specific working process of the above-described apparatus, which is not described herein again.

The embodiment of the invention provides a multi-device access platform processing system, which is used for carrying out identity verification on terminal equipment based on authentication information fed back by the terminal equipment when the terminal equipment sends access request information to a target platform, so that unauthorized equipment can be prevented from accessing the platform, the safety of the system is protected, invasion and attack of hackers or malicious users are prevented, the trust degree of the users on the platform is improved, and the user experience is enhanced. And when the terminal equipment passes the identity verification, the access parameters sent by the terminal equipment are encrypted so as to prevent the sensitive information of the terminal equipment from being tampered or stolen in the transmission process and ensure the confidentiality of data. And then, the access parameters are allocated according to preset allocation standards, and corresponding resources can be configured according to the characteristics and requirements of different request types, so that the utilization of the resources is optimized, and the processing performance and the processing efficiency of the multi-equipment access platform are improved. Further, the load speed of each message queue is monitored in real time, resources are dynamically allocated according to actual load conditions, resource waste caused by overload of certain queues or servers can be avoided, a target platform can better cope with high load conditions, and overall performance and resource utilization rate are improved.

The foregoing is merely a preferred embodiment of the present invention, and it should be noted that modifications and substitutions can be made by those skilled in the art without departing from the technical principles of the present invention, and these modifications and substitutions should also be considered as being within the scope of the present invention.

Claims

1. A multi-device access platform processing method, comprising:

Monitoring the load speed of each message queue in real time, and carrying out load balancing on the message queues based on the load speed of each message queue;

The step of obtaining the first authentication information fed back by the terminal equipment and verifying the identity of the terminal equipment based on the first authentication information specifically comprises the following steps:

iteratively verifying a certificate chain of the unique digital certificate based on issuer information until a root certificate of the unique digital certificate, and determining that the terminal device passes the identity verification when the root certificate is issued by a trusted root certificate authority;

The access indication information indicates the terminal equipment to encrypt the initial access parameter based on a preset encryption algorithm so as to generate an encrypted access parameter; decrypting the encrypted access parameter to obtain an initial access parameter of the terminal equipment, wherein the initial access parameter comprises the following specific steps:

The target platform is controlled to decrypt the received encrypted access parameters based on the first private key to obtain the initial access parameters;

the real-time monitoring of the load speed of each message queue, and the load balancing of the message queues based on the load speed of each message queue, specifically comprises the following steps:

when the number of the messages accessed in the message queue exceeds a maximum receiving threshold, increasing the consumers in a preset number of subareas in the message queue;

The multi-device access platform processing method further comprises the following steps:

acquiring historical access request information of the target platform in a preset time period, and training an ARIMA model based on the historical access request information so that the ARIMA model outputs a future access request information prediction result of the target platform;

2. The method for processing a multi-device access platform according to claim 1, wherein the response information indicates the terminal device to send authentication information, specifically comprising:

Controlling the terminal equipment to send a registration request to the target platform, and acquiring a unique digital certificate distributed by the target platform based on the registration request;

3. The method for processing the multi-device access platform according to claim 1, wherein the allocating the initial access parameters to the corresponding message queues according to the preset allocation standard, so that the message queues perform service logic processing on the received initial access parameters, specifically includes:

4. A multi-device access platform processing system, comprising: the system comprises an information processing module, an identity verification module, a parameter distribution module, a result feedback module and a load balancing module;

The load balancing module is used for monitoring the load speed of each message queue in real time and carrying out load balancing on the message queues based on the load speed of each message queue;

5. A terminal device comprising a processor, a memory and a computer program stored in the memory and configured to be executed by the processor, the processor implementing the multi-device access platform processing method according to any one of claims 1 to 3 when executing the computer program.

6. A computer readable storage medium, characterized in that the computer readable storage medium comprises a stored computer program, wherein the computer program when run controls a device in which the computer readable storage medium is located to perform the multi-device access platform processing method according to any one of claims 1 to 3.