TW202349917A - A remote node controlling management platform - Google Patents

A remote node controlling management platform Download PDF

Info

Publication number
TW202349917A
TW202349917A TW111120482A TW111120482A TW202349917A TW 202349917 A TW202349917 A TW 202349917A TW 111120482 A TW111120482 A TW 111120482A TW 111120482 A TW111120482 A TW 111120482A TW 202349917 A TW202349917 A TW 202349917A
Authority
TW
Taiwan
Prior art keywords
packet
node
control
data
registration
Prior art date
Application number
TW111120482A
Other languages
Chinese (zh)
Other versions
TWI810957B (en
Inventor
梁瑞文
Original Assignee
倍穎資訊股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 倍穎資訊股份有限公司 filed Critical 倍穎資訊股份有限公司
Priority to TW111120482A priority Critical patent/TWI810957B/en
Application granted granted Critical
Publication of TWI810957B publication Critical patent/TWI810957B/en
Publication of TW202349917A publication Critical patent/TW202349917A/en

Links

Landscapes

  • Vehicle Body Suspensions (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention is a remote node controlling management platform, This is registering to an intermediate host through newsletter link to send data by an equipment node device. The intermediate host is receiving a packet information of the equipment node device. and in accordance with the packet content, the intermediate host determines and generate corresponding a packet information to transmit to equipment node device by equipment signature agreement. The equipment signature agreement can ensure that the packet transmission is not tampered with. The equipment signature agreement can ensure effective the packet at a specific time. The node side data sending module of equipment node device and the intermediary side data sending module of intermediate host ensure data delivery, and the equipment node device of data receiving module and of the intermediary side data sending module of intermediate host guarantees to send and receive same packet only once for ensuring stable data transmission. Simultaneously, the equipment node device can send heartbeat request packets to the device mediator host by a heartbeat module. The intermediate host can discriminate the equipment node device whether the device intermediate host disconnects the device node device is disconnected or not by a timeout judgment module. And response heartbeat response packet to the equipment node device.

Description

一種遠端節點控制管理平台A remote node control and management platform

本發明涉及網路裝置封包處理方法,尤其涉及遠端節點控制管理平台。The present invention relates to a network device packet processing method, and in particular to a remote node control and management platform.

隨著物聯網的興起,大部份的設備開始提供網路連線功能。基於成本的考量,大部份的小型網路設備不具備硬體加密功能,因此只能在網路傳輸部份採用明碼方式傳送。但由於企業對於資安的要求越來越嚴格,因此採用明碼方式傳送的網路設備由於封包容易竄改因此紛紛要求採用更安全的傳送方式,目前主流的安全傳送方式是 TLS 加密傳輸,但是此種加密傳輸對於小型網路設備因受限硬體運算能力,將導致資料傳輸延遲;因此只能提升硬體運算能力,但是提升硬體運算能力後會造成成本加重,造成推廣不易。With the rise of the Internet of Things, most devices have begun to provide network connection capabilities. Due to cost considerations, most small network devices do not have hardware encryption functions, so they can only use clear code for network transmission. However, as enterprises have increasingly stringent requirements for information security, network devices that use plain code transmission are requiring more secure transmission methods because packets are easily tampered with. The current mainstream secure transmission method is TLS encrypted transmission, but this For small network devices, encrypted transmission will cause data transmission delays due to limited hardware computing capabilities. Therefore, the hardware computing capabilities can only be improved, but increasing the hardware computing capabilities will increase the cost and make promotion difficult.

因此,如何提供一種網路封包處理方法可以讓受限硬體運算能力的網路設備可以安全的傳送資料,防止封包被竄改或攔截重送。同時保証資料會送至設備節點裝置及設備中介主機,不會因網路不穩定而造成資料丟棄。另外在因網路異常造成資料重送時,也會確保相同的資料只會接收一次,確保資料傳輸的穩定,這些都是本案所要著重的問題與焦點。Therefore, how to provide a network packet processing method that allows network devices with limited hardware computing capabilities to safely transmit data and prevent packets from being tampered with or intercepted and retransmitted. At the same time, it is guaranteed that the data will be sent to the equipment node device and the equipment intermediary host, and the data will not be discarded due to network instability. In addition, when data is retransmitted due to network abnormalities, it will also be ensured that the same data will only be received once to ensure the stability of data transmission. These are the issues and focus of this case.

本發明之一目的在於提供一種遠端節點控制管理平台。此封包處理方法採用設備簽章協議傳送資料保証接收到的封包沒有被竄改,設備簽章協定有效期確保封包只在特定時間內有效。資料保証送達及相同封包保証接收一次的方式確保資料傳輸的安全及穩定。另外設備節點裝置會定時傳送心跳請求封包至設備中介主機,設備中介主機透過逾時判斷模組判斷設備節點裝置是否斷線及回應心跳回應封包給設備節點裝置。One object of the present invention is to provide a remote node control and management platform. This packet processing method uses the device signature protocol to transmit data to ensure that the received packet has not been tampered with, and the device signature protocol validity period ensures that the packet is only valid within a specific time. Guaranteed delivery of data and guaranteed receipt of the same packet once ensure the security and stability of data transmission. In addition, the equipment node device will regularly send heartbeat request packets to the equipment intermediary host. The equipment intermediary host determines whether the equipment node device is disconnected through the timeout determination module and responds to the heartbeat response packet to the equipment node device.

本發明之一種遠端節點控制管理平台,包含設備中介主機及至少一設備節點裝置。A remote node control and management platform of the present invention includes an equipment intermediary host and at least one equipment node device.

設備節點裝置包含節點端註冊模組、心跳模組、節點端資料發送模組及節點端資料接收模組。The equipment node device includes a node-side registration module, a heartbeat module, a node-side data sending module and a node-side data receiving module.

設備節點裝置節點端註冊模組用於將設備節點裝置註冊資料由設備簽章協議傳送至設備中介主機,註冊資料包含一動態產生的亂數令牌(token),此令牌(token)會跟原來的設備私鑰產生一組新的臨時設備私鑰,之後設備節點裝置跟設備中介主機皆以此新的臨時設備私鑰產生簽章,因此就算臨時設備私鑰被破解也無法得知原始的設備私鑰,因此大大提升安全性。當設備節點裝置接收到設備中介主機回傳的 DATAACK 封包時,則設備節點裝置會執行心跳模組、節點端資料發送模組及節點端資料接收模組。當設備節點裝置接收到設備中介主機回傳的 DATAERR 封包或是逾時沒有接收到 DATAACK 封包時,則會重新傳送註冊封包。The device node device node-side registration module is used to transmit the device node device registration data to the device intermediary host through the device signing protocol. The registration data includes a dynamically generated random token (token). This token (token) will be followed by The original device private key generates a new set of temporary device private keys, and then the device node device and the device intermediary host use the new temporary device private key to generate signatures. Therefore, even if the temporary device private key is cracked, the original device cannot be known. Device private key, thus greatly improving security. When the device node device receives the DATAACK packet returned by the device intermediary host, the device node device will execute the heartbeat module, the node-side data sending module and the node-side data receiving module. When the device node device receives the DATAERR packet returned by the device intermediary host or fails to receive the DATAACK packet after a timeout, the registration packet will be retransmitted.

設備節點裝置心跳模組用於當設備節點裝置成功註冊至設備中介主機時則會定時傳送心跳請求封包至設備中介主機。The device node device heartbeat module is used to regularly send heartbeat request packets to the device intermediary host when the device node device successfully registers with the device intermediary host.

設備節點裝置節點端資料發送模組主要是發送控制/更新封包至設備中介主機,所有要發送的控制/更新資料皆放在佇列(Queue)後最一筆,之後取出佇列(Queue)第一筆控制/更新資料透過設備簽章協議打包成控制/更新封包傳送給設備中介主機,當接收到設備中介主機回傳的 DATAACK 封包時,則會將佇列(Queue)的第一筆控制/更新資料刪除後重新取得佇列(Queue)第一筆控制/更新資料傳送,直到所有的佇列(Queue) 控制/更新資料全部傳送完畢。當收到設備中介主機回傳的 DATAERR 封包或是逾時沒有接收到 DATAACK 封包時,則會重新傳送佇列(Queue)的第一筆控制/更新資料。The device node device node-side data sending module mainly sends control/update packets to the equipment intermediary host. All control/update data to be sent is placed at the end of the queue (Queue), and then the first entry in the queue (Queue) is taken out. The control/update data is packaged into a control/update packet through the device signing protocol and sent to the device intermediary host. When the DATAACK packet returned by the device intermediary host is received, the first control/update in the queue will be After the data is deleted, the first control/update data of the queue (Queue) is re-obtained and transmitted until all queue (Queue) control/update data are transmitted. When the DATAERR packet returned by the device intermediary host is received or the DATAACK packet is not received after a timeout, the first control/update data of the queue (Queue) will be retransmitted.

設備節點裝置節點端資料接收模組主要是接收設備中介主機所傳送的控制/更新封包後判斷是否為合法的控制/更新封包,如果是合法的控制/更新封包則回傳 DATAACK 封包至設備中介主機,不是合法的控制/更新封包則回傳 DATAERR 封包至設備中介主機。若接收的資料為合法的控制/更新封包則會判斷跟前一次接收的控制/更新封包資料 ID 欄位值是否一致,如果一致則捨棄此次所接收的控制/更新封包;如果跟前一次接收的控制/更新封包資料 ID 欄位值不一致,則處理控制/更新封包之控制/更新資料。The node-side data receiving module of the equipment node device mainly receives the control/update packet sent by the equipment intermediary host and determines whether it is a legal control/update packet. If it is a legal control/update packet, it returns a DATAACK packet to the equipment intermediary host. , if it is not a legal control/update packet, a DATAERR packet will be returned to the device intermediary host. If the received data is a legal control/update packet, it will be judged whether the ID field value of the control/update packet received previously is consistent. If it is consistent, the control/update packet received this time will be discarded; if it is consistent with the control/update packet received last time, /Update packet data ID field value is inconsistent, then process the control/update packet control/update data.

設備中介主機包含中介端註冊模組、逾時判斷模組、中介端資料發送模組及中介端資料接收模組。The device intermediary host includes an intermediary registration module, a timeout judgment module, an intermediary data sending module and an intermediary data receiving module.

設備中介主機中介端註冊模組用於接收設備節點裝置註冊封包,當中介端註冊模組收到一個合法的註冊封包時則會回應 DATAACK 封包,否則回應 DATAERR 封包。The device intermediary host intermediary registration module is used to receive device node device registration packets. When the intermediary registration module receives a valid registration packet, it will respond with a DATAACK packet, otherwise it will respond with a DATAERR packet.

設備中介主機逾時判斷模組用於判斷是否定時接收到設備節點裝置傳送的心跳請求封包,收到心跳請求封包則會回應心跳回應封包至設備節點裝置,如果逾時沒收到心跳請求封包時,則切斷設備節點裝置網路連線。The device intermediary host timeout judgment module is used to determine whether the heartbeat request packet sent by the device node device is received in time. When the heartbeat request packet is received, it will respond with a heartbeat response packet to the device node device. If the heartbeat request packet is not received after the timeout, Then cut off the device node device network connection.

設備中介主機中介端資料發送模組主要是發送控制/更新封包至設備節點裝置,所有要發送的控制/更新資料皆放在佇列(Queue)後最一筆,之後取出佇列(Queue)第一筆控制/更新資料透過設備簽章協議打包成控制/更新封包傳送,當接收到設備節點裝置回傳的 DATAACK 封包時,則會將佇列(Queue)的第一筆控制/更新資料刪除後重新取得佇列(Queue)第一筆控制/更新資料傳送,直到所有的佇列(Queue)控制/更新資料全部傳送完畢。當收到設備節點裝置回傳的 DATAERR 封包或是逾時沒有接收到 DATAACK 封包時,則會重新傳送佇列(Queue)的第一筆控制/更新資料。The device intermediary host intermediary end data sending module mainly sends control/update packets to the equipment node device. All the control/update data to be sent is placed at the end of the queue (Queue), and then the first entry in the queue (Queue) is taken out. The control/update data is packaged into a control/update packet and transmitted through the device signature protocol. When the DATAACK packet returned by the device node device is received, the first control/update data in the queue (Queue) will be deleted and reset. Obtain the first control/update data of the queue (Queue) and transmit it until all the control/update data of the queue (Queue) have been transmitted. When the DATAERR packet returned by the device node device is received or the DATAACK packet is not received after a timeout, the first control/update data of the queue (Queue) will be retransmitted.

設備中介主機中介端資料接收模組主要是接收設備節點裝置所傳送的控制/更新封包後判斷是否為合法的控制/更新封包,如果是合法的控制/更新封包則回傳 DATAACK 封包至設備節點裝置,不是合法的控制/更新封包則回傳 DATAERR 封包至設備節點裝置。若接收的資料為合法的控制/更新封包則會判斷跟前一次接收的控制/更新封包資料 ID 欄位值是否一致,如果一致則捨棄此次所接收的控制/更新封包;如果跟前一次接收的控制/更新封包資料 ID 欄位值不一致,則處理控制/更新封包之控制/更新資料。The device intermediary host intermediary end data receiving module mainly receives the control/update packet sent by the device node device and determines whether it is a legal control/update packet. If it is a legal control/update packet, it returns a DATAACK packet to the device node device. , if it is not a legal control/update packet, a DATAERR packet will be returned to the device node device. If the received data is a legal control/update packet, it will be judged whether the ID field value of the control/update packet received previously is consistent. If it is consistent, the control/update packet received this time will be discarded; if it is consistent with the control/update packet received last time, /Update packet data ID field value is inconsistent, then process the control/update packet control/update data.

本發明為一種遠端節點控制管理平台,參考圖1為實施方式之實施環境及功能模組圖,設備節點裝置 10 透過網路連線至設備中介主機 20。在本發明實施環境中,包含設備中介主機 20 及至少一設備節點裝置 10 。The present invention is a remote node control and management platform. Refer to Figure 1 for an implementation environment and functional module diagram of the embodiment. The equipment node device 10 is connected to the equipment intermediary host 20 through the network. In the implementation environment of the present invention, it includes a device intermediary host 20 and at least one device node device 10.

參考圖1設備節點裝置 10 包含節點端註冊模組 100 、心跳模組 101、節點端資料發送模組 102 及節點端資料接收模組 103。節點端註冊模組 100 用於將設備節點裝置註冊資料由設備簽章協議傳送至設備中介主機。在本實施方式中,設備節點裝置 10 跟設備中介主機 20 擁有相同的設備私鑰。參考圖2為設備簽章協議實施方式之註冊封包格式,節點端註冊模組 100 會產生設備節點裝置註冊封包 P30A,一個完整設備節點裝置註冊封包 P30A 包含起始欄位 P300A,註冊種類欄位 P301A,註冊資料欄位 P302A 及結束欄位 P303A。註冊資料欄位 P302A 包含註冊 ID 欄位 P3020A 及註冊內容欄位 P3021A。註冊內容欄位 P3021A 包含標題欄位 P30210A,註冊載體欄位 P30211A及簽章欄位 P30212A。標題欄位 P30210A 包含設備簽章演算法、註冊載體欄位 P30211A 包含註冊資料及一動態產生的亂數令牌(token),此令牌(token)會跟原來的設備私鑰產生一組新的臨時設備私鑰,簽章欄位 P30212A 為標題欄位 P30210A 及註冊載體欄位 P30211A與臨時設備私鑰透過簽章演算法所產生。Referring to Figure 1, the device node device 10 includes a node-side registration module 100, a heartbeat module 101, a node-side data sending module 102 and a node-side data receiving module 103. The node-side registration module 100 is used to transmit the device node device registration data to the device intermediary host through the device signing protocol. In this implementation, the device node device 10 and the device intermediary host 20 have the same device private key. Referring to Figure 2, the registration packet format of the device signing protocol implementation is shown. The node-side registration module 100 will generate a device node device registration packet P30A. A complete device node device registration packet P30A includes a start field P300A and a registration type field P301A. , registration data field P302A and end field P303A. Registration data field P302A includes registration ID field P3020A and registration content field P3021A. The registration content field P3021A includes the title field P30210A, the registration carrier field P30211A and the signature field P30212A. The title field P30210A contains the device signature algorithm, and the registration carrier field P30211A contains the registration information and a dynamically generated random token. This token will generate a new set of tokens with the original device private key. The temporary device private key, signature field P30212A is the title field P30210A and the registration carrier field P30211A and the temporary device private key are generated through the signature algorithm.

參考圖5為設備節點裝置 10 之節點端註冊模組 100、心跳模組 101 實施方式之設備節點裝置註冊/心跳流程圖;參考圖6為設備中介主機 20 之中介端註冊模組 200、逾時判斷模組 201 實施方式之設備中介主機註冊/逾時判斷流程圖。 為了更好說明設備節點裝置 10 與設備中介主機 20 註冊流程與設備節點裝置 10 心跳流程及設備中介主機 20 逾時判斷流程關係,請一併參考圖5及圖6。在本實施方式中,步驟 S400 節點端註冊模組 100 會將產生的註冊封包 P30A 透過網路傳送至設備中介主機 20 。Refer to Figure 5 for a device node device registration/heartbeat flow chart of the node-side registration module 100 and heartbeat module 101 of the device node device 10; refer to Figure 6 for a diagram of the intermediary-side registration module 200 and timeout of the device intermediary host 20 Determination module 201 implementation of the device intermediary host registration/timeout determination flow chart. In order to better explain the relationship between the registration process of the device node device 10 and the device intermediary host 20 and the heartbeat process of the device node device 10 and the timeout judgment process of the device intermediary host 20, please refer to Figure 5 and Figure 6 together. In this implementation, in step S400, the node-side registration module 100 will transmit the generated registration packet P30A to the device intermediary host 20 through the network.

在步驟 S500 中介端註冊模組 200 會判斷收到的註冊封包是否為一合法的註冊封包,如是合法的註冊封包時則會執行步驟 S501 發送參考圖2 資料確認封包(DATAACK封包) P30A1至設備節點裝置,一個完整的 DATAACK 封包 P30A1 包含起始欄位 P300A1、DATAACK欄位 P301A1、註冊 ID 欄位 P302A1 及結束欄位 P303A1;否則執行步驟 S502 發送無效資料封包(DATAERR封包) P30A2,一個完整的 DATAERR 封包 P30A2 包含起始欄位 P300A2、DATAERR 欄位 P301A2、註冊 ID 欄位 P302A2 及結束欄位 P303A2 。In step S500, the intermediary registration module 200 will determine whether the received registration packet is a legal registration packet. If it is a legal registration packet, it will execute step S501 and send the data confirmation packet (DATAACK packet) P30A1 with reference to Figure 2 to the device node. Installation, a complete DATAACK packet P30A1 includes start field P300A1, DATAACK field P301A1, registration ID field P302A1 and end field P303A1; otherwise, execute step S502 to send invalid data packet (DATAERR packet) P30A2, a complete DATAERR packet P30A2 includes start field P300A2, DATAERR field P301A2, registration ID field P302A2 and end field P303A2.

在步驟 S503 中介端註冊模組 200 會發送包含逾時(timeout)資料的設備中介主機註冊封包至設備節點裝置 10,參考圖2一個完整的設備中介主機註冊資料封包 P30A 在前面已說明不再贅述。In step S503, the intermediary registration module 200 will send a device intermediary host registration packet including timeout information to the device node device 10. Refer to Figure 2 for a complete device intermediary host registration data packet P30A, which has been explained previously and will not be repeated. .

在步驟 S401 節點端註冊模組 100 會判斷設備中介主機 20 傳送的封包資料,如果收到 DATAERR 封包 P30A2 或是逾時沒有收到 DATAACK 封包 P30A1,則會執行步驟 S402 等待重新註冊, 等待重新註冊時間到時,則會重新執行步驟 S400 重送註冊封包至設備中介主機 20 。In step S401, the node-side registration module 100 will determine the packet data transmitted by the device intermediary host 20. If it receives the DATAERR packet P30A2 or fails to receive the DATAACK packet P30A1 after a timeout, it will execute step S402 to wait for re-registration and wait for the re-registration time. At that time, step S400 will be re-executed to resend the registration packet to the device intermediary host 20 .

節點端註冊模組 100 收到 DATAACK 封包 P30A1 時,步驟 S403 設備節點裝置 10 等待接收到設備中介主機 20 所傳送包含逾時資料(timeout)的設備中介主機註冊封包。步驟 S404 心跳模組 101 將用接收的逾時資料(timeout) 定時的傳送心跳請求封包至中介主機 20。參考圖3一個完整的心跳請求封包 P30B 包含起始欄位 P300B,心跳請求種類欄位 P301B 及結束欄位 P303B。When the node-side registration module 100 receives the DATAACK packet P30A1, in step S403, the device node device 10 waits to receive the device intermediary host registration packet containing timeout information sent by the device intermediary host 20. Step S404: The heartbeat module 101 will use the received timeout information (timeout) to regularly send heartbeat request packets to the intermediary host 20. Refer to Figure 3. A complete heartbeat request packet P30B includes a start field P300B, a heartbeat request type field P301B and an end field P303B.

在步驟 S504 逾時判斷模組 201 會判斷是否在逾時(timeout)時間內接收到心跳請求封包,如在逾時(timeout)時間接收到心跳請求封包,則在步驟 S505 回應心跳回應封包 P30B1 給設備節點裝置,參考圖3一個完整的心跳回應封包 P30B1 包含起始欄位 P300B1,心跳請求回應欄位 P301B1 及結束欄位 P303B1。 之後在步驟 S504 等待下一次的心跳封包;超過逾時(timeout)時間沒有收到心跳請求封包時,則會執行步驟 S506 關閉設備節點裝置連線。In step S504, the timeout judgment module 201 will determine whether the heartbeat request packet is received within the timeout time. If the heartbeat request packet is received within the timeout time, then in step S505, it will respond with the heartbeat response packet P30B1. Device node device, refer to Figure 3. A complete heartbeat response packet P30B1 includes a start field P300B1, a heartbeat request response field P301B1 and an end field P303B1. Then, in step S504, wait for the next heartbeat packet; when no heartbeat request packet is received after the timeout period, step S506 will be executed to close the device node device connection.

參考圖7為設備節點裝置 10 之節點端資料發送模組 102 及設備中介主機 20 之中介端資料發送模組 202 實施方式之資料保証送達發送流程圖。由於節點端資料發送模組102 與中介端資料發送模組 202 的資料保証送達發送流程圖一致,因此將以節點端資料發送模組102 為實施案例說明。Referring to FIG. 7 , a data guaranteed delivery and sending flow chart is shown for the implementation of the node-side data sending module 102 of the equipment node device 10 and the intermediary-side data sending module 202 of the equipment intermediary host 20 . Since the data delivery and sending flow charts of the node-side data sending module 102 and the intermediary-side data sending module 202 are consistent, the node-side data sending module 102 will be used as an implementation case description.

在步驟 S600 節點端資料發送模組 102 會將要發送的控制/更新資料推入至佇列(Queue)最後一筆,同時將資料 ID 值加 1。接下來執行步驟 S602 節點端資料發送模組 102 從佇列(Queue)取得第一筆控制/更新資料透過設備簽章協議打包成控制/更新封包發送至設備中介主機 20。參考圖4一個完整的控制/更新封包 P30C 包含起始欄位 P300C,資料種類欄位 P301C,控制/更新資料欄位 P302C 及結束欄位 P303C。控制/更新資料欄位 P302C 包含資料 ID 欄位 P3020C 及控制/更新內容欄位 P3021C。控制/更新內容欄位 P3021C 包含標題欄位 P30210C,控制/更新載體欄位 P30211C 及簽章欄位 P30212C。標題欄位 P30210C 包含設備簽章演算法及簽章型別,簽章型別主要決定控制/更新載體欄位 P30211C  內容是否為加密/未加密資料;控制/更新載體欄位 P30211C 包含控制/更新命令及有效期。簽章欄位 P30212C 為標題欄位 P30210C 及註冊載體欄位 P30211C 與臨時設備私鑰透過簽章演算法所產生。In step S600, the node-side data sending module 102 will push the control/update data to be sent to the last item of the queue (Queue), and at the same time increase the data ID value by 1. Next, step S602 is performed. The node-side data sending module 102 obtains the first control/update data from the queue (Queue), packages it into a control/update packet through the device signature protocol, and sends it to the device intermediary host 20. Refer to Figure 4. A complete control/update packet P30C includes a start field P300C, a data type field P301C, a control/update data field P302C and an end field P303C. Control/update data field P302C includes data ID field P3020C and control/update content field P3021C. Control/update content field P3021C includes title field P30210C, control/update carrier field P30211C and signature field P30212C. The title field P30210C contains the device signature algorithm and signature type. The signature type mainly determines whether the content of the control/update carrier field P30211C is encrypted/unencrypted data; the control/update carrier field P30211C contains the control/update command. and validity period. The signature field P30212C is the title field P30210C and the registration carrier field P30211C and the temporary device private key generated through the signature algorithm.

在步驟 S603 節點端資料發送模組 102 會判斷逾時時間內是否收到參考圖4 DATAACK 封包 P30C1(一個完整的 DATAACK 封包 P30C1 包含起始欄位 P300C1、DATAACK 欄位 P301C1、資料 ID 欄位 P302C1 及結束欄位 P303C1),或是 DATAERR 封包 P30C2(一個完整的 DATAERR 封包 P30C2 包含起始欄位 P300C2、DATAERR 欄位 P301C2、資料 ID 欄位 P302C2 及結束欄位 P303C2。如果沒有在逾時時間內收到 DATAACK 封包 P30C1 或是 DATAERR 封包 P30C2,則會執行步驟 S604 設備節點裝置重新註冊設備中介主機等待重新註冊,如果是節點端資料發送模組 102 則會跳至節點端註冊模組 100 重新註冊設備節點裝置 10;如果是中介端資料發送模組 202 則會跳至中介端註冊模組 200 等待設備節點裝置 10 重新註冊 。在步驟 S601 節點端註冊模組 100 等待註冊成功,當設備節點裝置 10 註冊成功時則會重新執行步驟 S602 節點端資料發送模組 102 重新發送佇列(Queue)第一筆控制/更新資料。In step S603, the node-side data sending module 102 will determine whether the DATAACK packet P30C1 in Figure 4 is received within the timeout period (a complete DATAACK packet P30C1 includes a starting field P300C1, a DATAACK field P301C1, a data ID field P302C1 and End field P303C1), or DATAERR packet P30C2 (a complete DATAERR packet P30C2 includes start field P300C2, DATAERR field P301C2, data ID field P302C2 and end field P303C2. If not received within the timeout period DATAACK packet P30C1 or DATAERR packet P30C2, step S604 will be executed to re-register the device node device and wait for re-registration. If it is the node-side data sending module 102, it will jump to the node-side registration module 100 to re-register the device node device. 10; If it is the intermediary-side data sending module 202, it will jump to the intermediary-side registration module 200 and wait for the equipment node device 10 to re-register. In step S601, the node-side registration module 100 waits for the registration to be successful. When the equipment node device 10 is successfully registered, Then step S602 will be re-executed. The node-side data sending module 102 will re-send the first control/update data of the queue (Queue).

在步驟 S605 節點端資料發送模組 102 判斷接收的封包為 DATAERR 封包 P30C2 時,則執行步驟 S602 節點端資料發送模組 102 重新發送佇列(Queue)第一筆控制/更新資料。當接收的封包為 DATAACK 封包 P30C1 時則執行步驟 S606 節點端資料發送模組 102 刪除佇列(Queue)第一筆控制/更新資料。In step S605, the node-side data sending module 102 determines that the received packet is the DATAERR packet P30C2, and then executes step S602. The node-side data sending module 102 resends the first control/update data of the queue (Queue). When the received packet is the DATAACK packet P30C1, step S606 is executed. The node-side data sending module 102 deletes the first control/update data of the queue (Queue).

在步驟 S607 節點端資料發送模組 102 判斷佇列(Queue)數量(Size)是否大於 0,如果數量(Size) 大於 0,節點端資料發送模組 102 會重新執行步驟 S602 取得佇列(Queue)第一筆控制/更新資料發送,直到所有佇列(Queue) 控制/更新資料發送完畢 。In step S607, the node-side data sending module 102 determines whether the queue (Queue) quantity (Size) is greater than 0. If the quantity (Size) is greater than 0, the node-side data sending module 102 will re-execute step S602 to obtain the queue (Queue). The first control/update data is sent until all queue control/update data are sent.

參考圖8為設備節點裝置 10 之節點端資料接收模組 103 及設備中介主機 20 之中介端資料接收模組 203 實施方式之資料保証送達一次接收流程圖。由於節點端資料接收模組 103 與中介端資料接收模組 203 的資料保証送達一次接收流程圖一致,因此將以節點端資料接收模組 103 為實施案例說明。Referring to Figure 8 , the data receiving module 103 of the device node device 10 and the intermediary data receiving module 203 of the device intermediary host 20 are implemented and the data is guaranteed to be delivered once. Since the data of the node-side data receiving module 103 and the intermediary-side data receiving module 203 are guaranteed to be delivered once, the data reception flow chart is consistent, so the node-side data receiving module 103 will be used as an implementation case description.

在步驟 S700 節點端資料接收模組 103 接收到控制/更新封包後會執行步驟 S701 判斷控制/更新資料封包格式是否符合參考圖4 P30C 封包格式,當接收到的資料不符合參考圖4 P30C 封包格式時,則會執行步驟 S704 節點端資料接收模組103 發送 DATAERR 封包 P30C2。In step S700, after receiving the control/update packet, the node-side data receiving module 103 will execute step S701 to determine whether the control/update data packet format conforms to the P30C packet format in Figure 4. When the received data does not conform to the P30C packet format in Figure 4, When, step S704 will be executed. The node-side data receiving module 103 sends the DATAERR packet P30C2.

在步驟 S702 節點端資料接收模組 103 驗証控制/更新資料內容(參考圖4 P3021C)簽章及有效期,當簽章無效或超過有效期時,則會執行步驟 S704 節點端資料接收模組 103 發送 DATAERR 封包 P30C2。In step S702, the node-side data receiving module 103 verifies the control/update data content (refer to Figure 4 P3021C) signature and validity period. When the signature is invalid or exceeds the validity period, step S704 is executed. The node-side data receiving module 103 sends DATAERR. Packet P30C2.

在步驟 S703 節點端資料接收模組 103 判斷資料 ID 欄位(參考圖4 P3020C),當接收到的資料 ID 欄位值與上一筆封包資料 ID 欄位值一致時,則執行步驟 S706 節點端資料接收模組 103 發送 DATAACK 封包 P30C1。In step S703, the node-side data receiving module 103 determines the data ID field (refer to Figure 4 P3020C). When the received data ID field value is consistent with the previous packet data ID field value, step S706 node-side data is executed. The receiving module 103 sends the DATAACK packet P30C1.

當節點端資料接收模組 103 接收到的資料 ID 欄位值與上一筆封包資料 ID 欄位值不一致時,則執行步驟 S705 節點端資料接收模組 103 發送 DATAACK 封包 P30C1。接下來執行步驟 S707 節點端資料接收模組 103 處理控制/更新封包之控制/更新資料。When the data ID field value received by the node-side data receiving module 103 is inconsistent with the data ID field value of the previous packet, step S705 is executed. The node-side data receiving module 103 sends the DATAACK packet P30C1. Next, step S707 is executed. The node-side data receiving module 103 processes the control/update data of the control/update packet.

因此,本案之一種遠端節點控制管理平台,是提供一種網路封包處理方法可以讓受限硬體運算能力的網路設備可以安全的傳送資料,防止封包被竄改或攔截重送。同時保証資料會送至設備節點裝置及設備中介主機,不會因網路不穩定而造成資料丟棄。另外在因網路異常造成資料重送時,也會確保相同的資料只會接收一次,並達成上述所有之目的。Therefore, this project is a remote node control and management platform that provides a network packet processing method that allows network devices with limited hardware computing capabilities to safely transmit data and prevent packets from being tampered with or intercepted and retransmitted. At the same time, it is guaranteed that the data will be sent to the equipment node device and the equipment intermediary host, and the data will not be discarded due to network instability. In addition, when data is re-sent due to network abnormalities, it will be ensured that the same data will only be received once, achieving all the above purposes.

雖然本發明已以較佳實施例揭露如上,然其並非用以限定本發明,任何熟習此技藝者,在不脫離本發明的精神和範圍內,當可作些許的更動與潤飾,因此本發明的保護範圍當視後附之申請專利範圍所界定者為準。Although the present invention has been disclosed above in terms of preferred embodiments, they are not intended to limit the present invention. Anyone skilled in the art may make some modifications and modifications without departing from the spirit and scope of the present invention. Therefore, the present invention The scope of protection shall be subject to the scope defined in the attached patent application.

10:設備節點裝置 100:節點端註冊模組 101:心跳模組 102:節點端資料發送模組 103:節點端資料接收模組 20:設備中介主機 200:中介端註冊模組 201:逾時判斷模組 202:中介端資料發送模組 203:中介端資料接收模組 10:Equipment node device 100:Node registration module 101:Heartbeat module 102:Node data sending module 103:Node data receiving module 20:Device intermediary host 200: Intermediary registration module 201: Timeout judgment module 202: Intermediary data sending module 203: Intermediary data receiving module

圖1為本發明一種遠端節點控制管理平台實施方式之實施環境及功能模組圖。 圖2為本發明一種遠端節點控制管理平台實施方式之註冊封包格式。 圖3為本發明一種遠端節點控制管理平台實施方式之心跳封包格式。 圖4為本發明一種遠端節點控制管理平台實施方式之控制/更新封包格式。 圖5為本發明一種遠端節點控制管理平台實施方式之設備節點裝置註冊/心跳流程圖。 圖6為本發明一種遠端節點控制管理平台實施方式之設備中介主機註冊/逾時判斷流程圖。 圖7為本發明一種遠端節點控制管理平台實施方式之資料保証送達發送流程圖。 圖8為本發明一種遠端節點控制管理平台實施方式之資料保証送達一次接收流程圖。 Figure 1 is a diagram of the implementation environment and functional modules of a remote node control and management platform implementation of the present invention. Figure 2 is a registration packet format of a remote node control and management platform implementation of the present invention. Figure 3 shows the heartbeat packet format of a remote node control and management platform implementation of the present invention. Figure 4 shows the control/update packet format of a remote node control and management platform implementation of the present invention. Figure 5 is a device node device registration/heartbeat flow chart of an implementation of a remote node control management platform of the present invention. Figure 6 is a flow chart of device intermediary host registration/timeout determination in an embodiment of a remote node control management platform of the present invention. Figure 7 is a data guaranteed delivery and sending flow chart of a remote node control and management platform implementation of the present invention. Figure 8 is a flow chart of data guaranteed to be delivered once and received in an embodiment of a remote node control and management platform of the present invention.

10:設備節點裝置 10:Equipment node device

100:節點端註冊模組 100:Node registration module

101:心跳模組 101:Heartbeat module

102:節點端資料發送模組 102:Node data sending module

103:節點端資料接收模組 103:Node data receiving module

20:設備中介主機 20:Device intermediary host

200:中介端註冊模組 200: Intermediary registration module

201:逾時判斷模組 201: Timeout judgment module

202:中介端資料發送模組 202: Intermediary data sending module

203:中介端資料接收模組 203: Intermediary data receiving module

Claims (24)

一種遠端節點控制管理平台,包含: 一設備中介主機;及至少一設備節點裝置,係與該設備中介主機網路連接,其中該些設備節點裝置分別包括: 一節點端註冊模組,用於將該設備節點裝置的一註冊封包傳送至該設備中介主機; 一心跳模組,用於當該設備節點裝置成功註冊至設備中介主機時則會定時傳送一心跳請求封包至設備中介主機; 一節點端資料發送模組,用於發送一控制/更新封包,並處理資料保証送達發送流程;及 一節點端資料接收模組,用於接收一控制/更新封包,並處理資料保証送達一次接收流程; 其中該設備中介主機包括: 一中介端註冊模組,用於接收該設備節點裝置的一註冊封包,當中介端註冊模組收到一合法的該設備節點裝置註冊封包時則會回應一資料確認封包(DATAACK封包)給該設備節點裝置,否則回應一無效資料封包(DATAERR封包)給該設備節點裝置; 一逾時判斷模組,用於判斷是否定時接收到該設備節點裝置傳送的心跳請求封包,如在逾時時間接收到該心跳請求封包,則會回應心跳回應封包至該設備節點裝置;如果逾時沒收到該心跳請求封包時,則切斷該設備節點裝置網路連線; 一中介端資料發送模組,用於發送一該控制/更新封包,並處理資料保証送達發送流程;及 一中介端資料接收模組,用於接收一該控制/更新封包,並處理資料保証送達一次接收流程。 A remote node control and management platform, including: An equipment intermediary host; and at least one equipment node device, which is connected to the equipment intermediary host network, wherein the equipment node devices respectively include: a node-side registration module, used to transmit a registration packet of the device node device to the device intermediary host; A heartbeat module for regularly sending a heartbeat request packet to the device intermediary host when the device node device successfully registers with the device intermediary host; A node-side data sending module for sending a control/update packet and processing the data delivery guaranteed sending process; and A node-side data receiving module is used to receive a control/update packet and process the data to ensure delivery to the receiving process; The device intermediary hosts include: An intermediary registration module is used to receive a registration packet of the device node device. When the intermediary registration module receives a valid registration packet of the device node device, it will respond with a data confirmation packet (DATAACK packet) to the device node device. The device node is installed, otherwise an invalid data packet (DATAERR packet) is responded to the device node device; A timeout judgment module is used to determine whether the heartbeat request packet transmitted by the equipment node device is received in time. If the heartbeat request packet is received within the timeout time, a heartbeat response packet will be sent to the equipment node device; if the heartbeat request packet is received within the timeout time; When the heartbeat request packet is not received, the device node device network connection is cut off; An intermediary data sending module for sending a control/update packet and processing the data delivery guaranteed sending process; and An intermediary data receiving module is used to receive a control/update packet and process the data to ensure delivery to the receiving process. 如請求項1所述之遠端節點控制管理平台,其中該設備簽章協議包括註冊封包、心跳請求封包、心跳回應封包、控制/更新封包、 DATAACK 封包及 DATAERR 封包。The remote node control and management platform as described in request item 1, wherein the device signature protocol includes a registration packet, a heartbeat request packet, a heartbeat response packet, a control/update packet, a DATAACK packet and a DATAERR packet. 如請求項2所述之遠端節點控制管理平台,其中該註冊封包包括一起始欄位、一註冊種類欄位、一註冊資料欄位及一結束欄位;其中該註冊資料欄位包括 一註冊 ID 欄位及一註冊內容欄位;其中該註冊內容欄位包括一標題欄位、一註冊載體欄位及一簽章欄位。其中該標題欄位包含一設備簽章演算法,註冊載體欄位包含註冊資料,簽章欄位為標題欄位及註冊載體欄位與臨時設備私鑰透過簽章演算法所產生。The remote node control and management platform as described in request item 2, wherein the registration packet includes a start field, a registration type field, a registration information field and an end field; wherein the registration information field includes a registration ID field and a registration content field; the registration content field includes a title field, a registration carrier field and a signature field. The title field includes a device signature algorithm, the registration carrier field includes registration data, and the signature field is generated by the title field, the registration carrier field and the temporary device private key through the signature algorithm. 如請求項2所述之遠端節點控制管理平台,其中該心跳請求封包包括一起始欄位、一心跳請求種類欄位及一結束欄位。The remote node control and management platform as described in claim 2, wherein the heartbeat request packet includes a start field, a heartbeat request type field and an end field. 如請求項2所述之遠端節點控制管理平台,其中該心跳回應封包包括一起始欄位、一心跳回應種類欄位及一結束欄位。The remote node control and management platform as described in claim 2, wherein the heartbeat response packet includes a start field, a heartbeat response type field and an end field. 如請求項2所述之遠端節點控制管理平台,其中該控制/更新封包包括一起始欄位、一資料種類欄位、一控制/更新資料欄位及一結束欄位;其中該控制/更新資料欄位包括一資料 ID 欄位及一控制/更新內容欄位;其中該控制/更新內容欄位包括一標題欄位、一控制/更新載體欄位及一簽章欄位。其中該標題欄位包含一設備簽章演算法及簽章型別,簽章型別主要決定控制/更新載體內容是否為加密/未加密資料;控制/更新載體欄位包含控制/更新命令及有效期,簽章欄位為標題欄位及註冊載體欄位與臨時設備私鑰透過簽章演算法所產生。The remote node control and management platform as described in request item 2, wherein the control/update packet includes a start field, a data type field, a control/update data field and an end field; wherein the control/update The data field includes a data ID field and a control/update content field; the control/update content field includes a title field, a control/update carrier field and a signature field. The title field includes a device signature algorithm and signature type. The signature type mainly determines whether the control/update carrier content is encrypted/unencrypted data; the control/update carrier field includes the control/update command and validity period. , the signature field is the title field, registration carrier field and temporary device private key generated through the signature algorithm. 如請求項2所述之遠端節點控制管理平台,其中該 DATAACK 封包包括一起始欄位、一 DATAACK 欄位、一 ID 欄位及一結束欄位。The remote node control and management platform as described in request item 2, wherein the DATAACK packet includes a start field, a DATAACK field, an ID field and an end field. 如請求項2所述之遠端節點控制管理平台,其中該 DATAERR 封包包括一起始欄位、一 DATAERR 欄位、一 ID 欄位及一結束欄位。The remote node control and management platform as described in request item 2, wherein the DATAERR packet includes a start field, a DATAERR field, an ID field and an end field. 如請求項3所述之遠端節點控制管理平台,其中該註冊載體包括一動態產生的亂數令牌(token),該令牌(token)係跟原來的一設備私鑰產生一組新的臨時設備私鑰,並由該設備節點裝置與該設備中介主機以新的該臨時設備私鑰透過簽章演算法產生簽章。The remote node control and management platform as described in request item 3, wherein the registration carrier includes a dynamically generated random number token, which is generated with an original device private key to generate a new set of The temporary device private key is used, and the device node device and the device intermediary host use the new temporary device private key to generate a signature through a signature algorithm. 如請求項1所述之遠端節點控制管理平台,其中該節點端註冊模組係將產生的該設備節點裝置註冊封包透過網路傳送至該設備中介主機 。The remote node control and management platform as described in claim 1, wherein the node-side registration module transmits the generated device node device registration packet to the device intermediary host through the network. 如請求項1所述之遠端節點控制管理平台,其中該中介端註冊模組係供判斷收到的該設備節點裝置註冊封包是否為一合法的該註冊封包,如果係合法的該註冊封包時則會發送該 DATAACK 封包給該設備節點裝置,一個完整的該 DATAACK 封包如請求項7所述; 否則發送該 DATAERR 封包給該設備節點裝置,一個完整的該 DATAERR 封包如請求項8所述。The remote node control and management platform as described in claim 1, wherein the intermediary registration module is used to determine whether the received device node device registration packet is a legal registration packet. If it is a legal registration packet, Then the DATAACK packet will be sent to the device node device, and a complete DATAACK packet is as described in request item 7; otherwise, the DATAERR packet is sent to the device node device, and a complete DATAERR packet is as described in request item 8. 如請求項11所述之遠端節點控制管理平台,其中該中介端註冊模組發送該 DATAACK 封包給該設備節點裝置後會接著發送包含逾時(timeout)資料的該設備中介主機註冊封包給該設備節點裝置,一個完整的該設備中介主機註冊封包如請求項3所述;其中該設備中介主機註冊載體包括一逾時(timeout)資料。The remote node control and management platform as described in claim 11, wherein the intermediary registration module sends the DATAACK packet to the device node device and then sends the device intermediary host registration packet including timeout information to the device node device. The device node is equipped with a complete device intermediary host registration packet as described in claim 3; wherein the device intermediary host registration carrier includes a timeout data. 如請求項10所述之遠端節點控制管理平台,其中該節點端註冊模組係供判斷該設備中介主機傳送的該封包資料,如果係收到該 DATAERR 封包或逾時沒有收到設備中介主機傳送的該 DATAACK 封包,則會等待重新註冊,等待重新註冊時間到時,則會重送該設備節點裝置註冊封包至該設備中介主機。The remote node control and management platform as described in request item 10, wherein the node registration module is used to determine the packet data sent by the device intermediary host. If the DATAERR packet is received or the device intermediary host is not received after a timeout, The DATAACK packet sent will wait for re-registration. When the re-registration time is up, the device node device registration packet will be re-sent to the device intermediary host. 如請求項13所述之遠端節點控制管理平台,其中該設備節點裝置的該節點端註冊模組收到該 DATAACK 封包時,該設備節點裝置等待接收該設備中介主機所傳送包含一逾時資料(timeout)的該設備中介主機註冊封包。The remote node control and management platform as described in request item 13, wherein when the node-side registration module of the equipment node device receives the DATAACK packet, the equipment node device waits to receive a timeout data sent by the equipment intermediary host. (timeout) The device mediates the host registration packet. 如請求項1所述之遠端節點控制管理平台,其中該設備節點裝置的該心跳模組依據該逾時資料(timeout)的一預定時間傳送該心跳請求封包至該設備中介主機,一個完整的該心跳請求封包如請求項4所述。The remote node control and management platform as described in claim 1, wherein the heartbeat module of the device node device sends the heartbeat request packet to the device intermediary host according to a predetermined time of the timeout data (timeout), a complete The heartbeat request packet is as described in request item 4. 如請求項1所述之遠端節點控制管理平台,其中該設備中介主機逾時判斷模組會判斷是否在該逾時資料(timeout)的該預定時間內接收到該心跳請求封包,如果在該預定時間內接收到該心跳請求封包,則會回應心跳回應封包至該設備節點裝置,一個完整的該心跳回應封包如請求項5所述。接著等待下一次的該心跳請求封包,如果超過該預定時間沒有收到該心跳請求封包時,則會關閉該設備節點裝置的連線。The remote node control and management platform as described in request item 1, wherein the device intermediary host timeout judgment module will judge whether the heartbeat request packet is received within the predetermined time of the timeout data (timeout), and if it is received within the predetermined time of the timeout data, When the heartbeat request packet is received within a predetermined time, a heartbeat response packet will be sent to the device node device. A complete heartbeat response packet is as described in request item 5. Then wait for the next heartbeat request packet. If the heartbeat request packet is not received within the predetermined time, the connection of the device node device will be closed. 如請求項1所述之遠端節點控制管理平台,其中該節點端資料發送模組或該中介端資料發送模組係將發送的該控制/更新資料推入至一佇列(Queue)的最後一筆,同時將一資料 ID 值加 1,該節點端資料發送模組或該中介端資料發送模組係從該佇列(Queue)取得第一筆該控制/更新資料透過設備簽章協議打包成該控制/更新封包發送至該設備中介主機或該設備節點裝置,一個完整的控制/更新封包如請求項6所述。The remote node control and management platform as described in request item 1, wherein the node-side data sending module or the intermediary-side data sending module pushes the sent control/update data to the end of a queue (Queue) At the same time, a data ID value is increased by 1. The node-side data sending module or the intermediary-side data sending module obtains the first control/update data from the queue (Queue) and packages it through the device signature protocol. The control/update packet is sent to the device intermediary host or the device node device, a complete control/update packet as described in request 6. 如請求項17所述之遠端節點控制管理平台,其中該節點端資料發送模組及該中介端資料發送模組會判斷逾時時間內是否收到 DATAACK 封包或是 DATAERR 封包 ,如果沒有在逾時時間內收到 DATAACK 封包或是 DATAERR 封包,則如果是該節點端資料發送模組則會跳至該節點端註冊模組重新註冊設備節點裝置;如果是該中介端發送模組則會跳至該中介端註冊模組等待設備節點裝置重新註冊 。在該節點端註冊模組及該中介端註冊模組等待註冊成功,當該設備節點裝置註冊成功時則該節點端資料發送模組及該中介端資料發送模組重新發送佇列(Queue)第一筆控制/更新資料。For the remote node control and management platform described in request item 17, the node data sending module and the intermediary data sending module will determine whether a DATAACK packet or a DATAERR packet is received within the timeout period. If no DATAACK packet or DATAERR packet is received within the timeout period, If a DATAACK packet or DATAERR packet is received within a certain period of time, if it is the node-side data sending module, it will jump to the node-side registration module to re-register the device node device; if it is the intermediary side sending module, it will jump to The intermediary registration module waits for the device node device to be re-registered. The node-side registration module and the intermediary-side registration module wait for successful registration. When the device node device is successfully registered, the node-side data sending module and the intermediary-side data sending module resend the queue (Queue). One control/update data. 如請求項18所述之遠端節點控制管理平台,其中該節點端資料發送模組及該中介端資料發送模組判斷接收該 DATAERR 封包時,該節點端資料發送模組及該中介端資料發送模組重新發送該佇列(Queue)的該第一筆控制/更新資料;當接收的係該 DATAACK 封包時則該節點端資料發送模組及該中介端資料發送模組刪除該佇列 (Queue)的該第一筆控制/更新資料。The remote node control and management platform as described in request item 18, wherein when the node-side data sending module and the intermediary-side data sending module determine that the DATAERR packet is received, the node-side data sending module and the intermediary-side data sending module The module resends the first control/update data of the queue (Queue); when the DATAACK packet is received, the node-side data sending module and the intermediary-side data sending module delete the queue (Queue). ) of the first control/update data. 如請求項19所述之遠端節點控制管理平台,其中該節點端資料發送模組及該中介端資料發送模組刪除該佇列 (Queue)的該第一筆控制/更新資料後判斷該佇列(Queue)的數量(Size)是否大於 0,如果數量(Size) 大於 0,該節點端資料發送模組及該中介端資料發送模組重新取得該佇列(Queue)的該第一筆控制/更新資料發送,再依請求項19 及請求項20 所述方法直到所有該佇列(Queue) 控制/更新資料發送完畢 。The remote node control and management platform as described in request item 19, wherein the node-side data sending module and the intermediary-side data sending module delete the first control/update data of the queue (Queue) and then determine the queue. Whether the number (Size) of the queue (Queue) is greater than 0, if the number (Size) is greater than 0, the node-side data sending module and the intermediary-side data sending module re-obtain the first control of the queue (Queue) /Update data is sent, and then follow the methods described in request item 19 and request item 20 until all the queue (Queue) control/update data is sent. 如請求項1所述之遠端節點控制管理平台,其中該節點端資料接收模組及該中介端資料接收模組接收到該控制/更新封包後,判斷該控制/更新封包格式是否符合一控制/更新封包格式,如果不符合該控制/更新封包格式時,該節點端資料接收模組及該中介端資料接收模組發送該 DATAERR 封包。The remote node control and management platform as described in claim 1, wherein the node-side data receiving module and the intermediary-side data receiving module determine whether the control/update packet format conforms to a control after receiving the control/update packet. /Update packet format, if it does not comply with the control/update packet format, the node-side data receiving module and the intermediary-side data receiving module send the DATAERR packet. 如請求項21所述之遠端節點控制管理平台,其中該節點端資料接收模組及該中介端資料接收模組驗証該控制/更新資料的一內容簽章及一有效期,當該內容簽章無效或該有效期超過時,該節點端資料接收模組及該中介端資料接收模組發送該 DATAERR 封包。The remote node control and management platform as described in request item 21, wherein the node-side data receiving module and the intermediary-side data receiving module verify a content signature and a validity period of the control/update data. When the content signature When invalid or the validity period expires, the node data receiving module and the intermediary data receiving module send the DATAERR packet. 如請求項22所述之遠端節點控制管理平台,其中該節點端資料接收模組及該中介端資料接收模組判斷該控制/更新資料的一封包資料 ID 值與上一筆該封包資料 ID 值一致時,則該節點端資料接收模組及該中介端資料接收模組發送該 DATAACK 封包。The remote node control and management platform as described in request item 22, wherein the node data receiving module and the intermediary data receiving module determine the packet data ID value of the control/update data and the previous packet data ID value. When they are consistent, the node-side data receiving module and the intermediary-side data receiving module send the DATAACK packet. 如請求項23所述之遠端節點控制管理平台,其中該節點端資料接收模組及該中介端資料接收模組判接收到的該封包資料 ID 值與上一筆該封包資料 ID 值不一致時,則該節點端資料接收模組及該中介端資料接收模組發送該 DATAACK 封包,並處理該控制/更新封包之該控制/更新資料。The remote node control and management platform as described in request item 23, wherein when the node-side data receiving module and the intermediary-side data receiving module determine that the received packet data ID value is inconsistent with the previous packet data ID value, Then the node-side data receiving module and the intermediary-side data receiving module send the DATAACK packet and process the control/update data of the control/update packet.
TW111120482A 2022-06-01 2022-06-01 A remote node controlling management platform TWI810957B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW111120482A TWI810957B (en) 2022-06-01 2022-06-01 A remote node controlling management platform

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW111120482A TWI810957B (en) 2022-06-01 2022-06-01 A remote node controlling management platform

Publications (2)

Publication Number Publication Date
TWI810957B TWI810957B (en) 2023-08-01
TW202349917A true TW202349917A (en) 2023-12-16

Family

ID=88585589

Family Applications (1)

Application Number Title Priority Date Filing Date
TW111120482A TWI810957B (en) 2022-06-01 2022-06-01 A remote node controlling management platform

Country Status (1)

Country Link
TW (1) TWI810957B (en)

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2002207426A (en) * 2001-01-10 2002-07-26 Sony Corp System and method for issuing public key certificate, electronic certification device, and program storage medium
US9253274B2 (en) * 2007-01-19 2016-02-02 Cisco Technology, Inc. Service insertion architecture
CN109995873A (en) * 2019-04-10 2019-07-09 阿里巴巴集团控股有限公司 A kind of management client, equipment monitoring system and method

Also Published As

Publication number Publication date
TWI810957B (en) 2023-08-01

Similar Documents

Publication Publication Date Title
US10243928B2 (en) Detection of stale encryption policy by group members
RU2385488C2 (en) Names resolution protocol for wire connection of equivalent devices and structure of message format date used in it
JP5414898B2 (en) Security access control method and system for wired LAN
CN101547210A (en) Method and device for processing TCP connection
US8976814B2 (en) Method of transporting data from sending node to destination node
US20060221946A1 (en) Connection establishment on a tcp offload engine
WO2009059496A1 (en) A method, system, server and terminal for processing an authentication
WO2011029357A1 (en) Method for authenticating communication traffic, communication system and protection apparatus
WO2008020644A1 (en) Proxy server, communication system, communication method, and program
TWI232046B (en) Data communication method and information processing device
US10015145B2 (en) Unified source user checking of TCP data packets for network data leakage prevention
CN113765976A (en) Communication method and system
US9300642B2 (en) Restarting network reachability protocol sessions based on transport layer authentication
JP2006352500A (en) Processor and method for automatic key replacement processing
WO2014194493A1 (en) Method, device and system for reducing confirmation packets at transmission control layer
CN111064813B (en) Method and device for synchronizing processing messages during block chain consensus processing
TW202349917A (en) A remote node controlling management platform
CN111586017A (en) Method and device for authenticating communication user
JP2003283489A (en) Packet authentication system, authentication method, group management server and group member device
EP3799351B1 (en) Communication relay program, relay device communication relay method, and communication system
US7703129B2 (en) Authentication system and method thereof for dial-up networking connection via terminal
JP4296201B2 (en) Method and apparatus for realizing bearer mobility
JP4076896B2 (en) Information communication method and information communication system
US20070211729A1 (en) Device authentication system
KR102052892B1 (en) Confidentiality and reliable message communication system in Internet of Things environment, and method thereof