EPCglobal網絡中安全高效的發(fā)現(xiàn)服務的設計與實現(xiàn)
發(fā)布時間:2018-10-31 07:41
【摘要】:EPCglobal網絡是個基于無線射頻識別技術(RFID)的物聯(lián)網的 個實現(xiàn)體系。為了能夠跨企業(yè)獲取并利用物品的所有相關數(shù)據(jù),EPCglobal網絡提出需要個發(fā)現(xiàn)服務,能夠通過物品唯標識碼獲取相關未知數(shù)據(jù)源的地址。然而由于企業(yè)信息的機密性,發(fā)現(xiàn)服務中地址信息的讀寫操作必須具備完善的訪問控制機制,企業(yè)才會愿意向發(fā)現(xiàn)服務發(fā)布自己的數(shù)據(jù)源地址。又由于企業(yè)在生產和物流等過程中需要即時性地為每個物品向發(fā)現(xiàn)服務發(fā)布地址記錄,因此發(fā)現(xiàn)服務的服務性能要足夠高效。目前對發(fā)現(xiàn)服務的研究缺乏有效可用的訪問控制機制,同時缺乏有效的機制保證高效的服務。 本文主要做了以下三方面的貢獻。第,針對發(fā)現(xiàn)服務的應用場景,設計了套基于P-Token的單品級動態(tài)訪問控制機制。其中每個物品的P-Token隨著物品的生產而被初始化,存儲在RFID的User Bank中,并順著供應鏈流通。只有擁有該物品的有效P-Token才能向發(fā)現(xiàn)服務發(fā)布地址記錄或更新P-Token,只有提供發(fā)布地址記錄時的P-Token或提供物品的當前有效P-Token才能看見該地址記錄。同時采用非對稱加密算法保證P-Token在供應鏈傳輸過程中以及和發(fā)現(xiàn)服務的通信過程中的真實性、完整性和機密性。第二,針對發(fā)現(xiàn)服務的海量數(shù)據(jù)需求和高性能服務需求,提出了個分布式內存數(shù)據(jù)存儲體系。在分布式哈希表(DHT)的基礎上,通過虛擬分區(qū)劃分數(shù)據(jù)歸屬權,每個結點會將屬于自己的數(shù)據(jù)直接存儲在內存中,保證數(shù)據(jù)高效的讀寫操作。通過備份調度機制,在數(shù)據(jù)備份緩沖區(qū)滿了或者計時器到時的時候異步地將數(shù)據(jù)備份到其他結點上保證數(shù)據(jù)的安全性。通過持久化調度機制,在內存空間到達閾值或者未被訪問時間過長時異步地將內存中的數(shù)據(jù)寫入到持久層去,維持內存空間的可用性,同時通過可擴展的數(shù)據(jù)持久化通道實現(xiàn)了與傳統(tǒng)存儲技術的對接。第三,為了進步滿足發(fā)現(xiàn)服務的高性能服務需求,實現(xiàn)了個基于二進制編碼的高效數(shù)據(jù)通信體系。通過應用GoogleProtocol Buffers技術,有效地將需要傳輸?shù)臄?shù)據(jù)進行二進制編碼壓縮,,減少了數(shù)據(jù)的傳輸量,提高了消息數(shù)據(jù)的傳輸效率,同時保持了對所傳輸?shù)南⒆x寫的語言無關性和平臺中立性。 本文首先對研究背景和研究現(xiàn)狀進行了介紹與總結,識別了目前對發(fā)現(xiàn)服務的研究的不足之處,并提出了本文的研究內容與技術路線;然后分別從基于P-Token的安全機制、基于內存存儲的分布式存儲機制以及基于二進制編碼的高效數(shù)據(jù)通信機制等三個方面對系統(tǒng)進行研究與設計;并將整個系統(tǒng)分為系統(tǒng)通信層、系統(tǒng)服務層、數(shù)據(jù)存儲層以及數(shù)據(jù)持久層等四層架構,詳細描述了系統(tǒng)的實現(xiàn);最后對全文進行了總結,同時對未來的進步工作進行了展望。
[Abstract]:EPCglobal network is a realization system of Internet of things based on RFID technology (RFID). In order to obtain and utilize all the relevant data of goods across enterprises, EPCglobal network proposes the need for a discovery service, which can obtain the address of the relevant unknown data source through the object-only identification code. However, due to the confidentiality of the enterprise information, the read-write operation of address information in the discovery service must have a perfect access control mechanism so that the enterprise will be willing to publish its own data source address to the discovery service. Because enterprises need to publish the address record to the discovery service instantly in the process of production and logistics, the service performance of the discovery service should be efficient enough. At present, the research on discovery services lacks effective access control mechanisms and efficient services. This paper mainly makes the following three contributions. Firstly, a single level dynamic access control mechanism based on P-Token is designed for the application scenario of discovery service. The P-Token of each item is initialized as the item is produced, stored in the User Bank of the RFID and circulated along the supply chain. Only the valid P-Token that owns the item can publish the address record or update P-Tokento the discovery service, and only the P-Token at the time of the publication address record or the current valid P-Token of the item can see the address record. At the same time, asymmetric encryption algorithm is used to ensure the authenticity, integrity and confidentiality of P-Token in the process of supply chain transmission and communication with discovery services. Secondly, a distributed memory data storage system is proposed to meet the demand of massive data and high performance service. Based on the distributed hash table (DHT), each node stores its own data directly in memory through virtual partitioning, which ensures the efficient reading and writing operation of the data. By means of backup scheduling mechanism, the data can be backed up asynchronously to other nodes when the data backup buffer is full or when the timer arrives. Through the persistence scheduling mechanism, the data in memory is written asynchronously to the persistence layer when the memory reaches threshold or is not accessed too long, so as to maintain the availability of memory space. At the same time, the docking with the traditional storage technology is realized through the extensible data persistence channel. Thirdly, in order to meet the requirement of high performance service of discovery service, an efficient data communication system based on binary coding is implemented. By using GoogleProtocol Buffers technology, the data that needs to be transmitted is effectively compressed by binary coding, which reduces the amount of data transmission and improves the transmission efficiency of message data. At the same time, the language independence and platform neutrality of the transmitted messages are maintained. Firstly, this paper introduces and summarizes the research background and status quo, identifies the shortcomings of the current research on discovery services, and puts forward the research content and technical route of this paper. Then the system is researched and designed from three aspects: the security mechanism based on P-Token, the distributed storage mechanism based on memory storage and the efficient data communication mechanism based on binary coding. The whole system is divided into four layers: system communication layer, system service layer, data storage layer and data persistence layer. The implementation of the system is described in detail.
【學位授予單位】:上海交通大學
【學位級別】:碩士
【學位授予年份】:2014
【分類號】:TP391.44;TN915.08
本文編號:2301414
[Abstract]:EPCglobal network is a realization system of Internet of things based on RFID technology (RFID). In order to obtain and utilize all the relevant data of goods across enterprises, EPCglobal network proposes the need for a discovery service, which can obtain the address of the relevant unknown data source through the object-only identification code. However, due to the confidentiality of the enterprise information, the read-write operation of address information in the discovery service must have a perfect access control mechanism so that the enterprise will be willing to publish its own data source address to the discovery service. Because enterprises need to publish the address record to the discovery service instantly in the process of production and logistics, the service performance of the discovery service should be efficient enough. At present, the research on discovery services lacks effective access control mechanisms and efficient services. This paper mainly makes the following three contributions. Firstly, a single level dynamic access control mechanism based on P-Token is designed for the application scenario of discovery service. The P-Token of each item is initialized as the item is produced, stored in the User Bank of the RFID and circulated along the supply chain. Only the valid P-Token that owns the item can publish the address record or update P-Tokento the discovery service, and only the P-Token at the time of the publication address record or the current valid P-Token of the item can see the address record. At the same time, asymmetric encryption algorithm is used to ensure the authenticity, integrity and confidentiality of P-Token in the process of supply chain transmission and communication with discovery services. Secondly, a distributed memory data storage system is proposed to meet the demand of massive data and high performance service. Based on the distributed hash table (DHT), each node stores its own data directly in memory through virtual partitioning, which ensures the efficient reading and writing operation of the data. By means of backup scheduling mechanism, the data can be backed up asynchronously to other nodes when the data backup buffer is full or when the timer arrives. Through the persistence scheduling mechanism, the data in memory is written asynchronously to the persistence layer when the memory reaches threshold or is not accessed too long, so as to maintain the availability of memory space. At the same time, the docking with the traditional storage technology is realized through the extensible data persistence channel. Thirdly, in order to meet the requirement of high performance service of discovery service, an efficient data communication system based on binary coding is implemented. By using GoogleProtocol Buffers technology, the data that needs to be transmitted is effectively compressed by binary coding, which reduces the amount of data transmission and improves the transmission efficiency of message data. At the same time, the language independence and platform neutrality of the transmitted messages are maintained. Firstly, this paper introduces and summarizes the research background and status quo, identifies the shortcomings of the current research on discovery services, and puts forward the research content and technical route of this paper. Then the system is researched and designed from three aspects: the security mechanism based on P-Token, the distributed storage mechanism based on memory storage and the efficient data communication mechanism based on binary coding. The whole system is divided into four layers: system communication layer, system service layer, data storage layer and data persistence layer. The implementation of the system is described in detail.
【學位授予單位】:上海交通大學
【學位級別】:碩士
【學位授予年份】:2014
【分類號】:TP391.44;TN915.08
【參考文獻】
相關期刊論文 前1條
1 趙文;李信鵬;劉殿興;張世琨;王立福;;供應鏈環(huán)境下一種分布式RFID發(fā)現(xiàn)服務[J];電子學報;2010年S1期
本文編號:2301414
本文鏈接:http://sikaile.net/guanlilunwen/gongyinglianguanli/2301414.html
最近更新
教材專著
