EPCglobal網(wǎng)絡(luò)中安全高效的發(fā)現(xiàn)服務(wù)的設(shè)計(jì)與實(shí)現(xiàn)
發(fā)布時(shí)間:2018-10-31 07:41
【摘要】:EPCglobal網(wǎng)絡(luò)是個(gè)基于無(wú)線射頻識(shí)別技術(shù)(RFID)的物聯(lián)網(wǎng)的 個(gè)實(shí)現(xiàn)體系。為了能夠跨企業(yè)獲取并利用物品的所有相關(guān)數(shù)據(jù),EPCglobal網(wǎng)絡(luò)提出需要個(gè)發(fā)現(xiàn)服務(wù),能夠通過物品唯標(biāo)識(shí)碼獲取相關(guān)未知數(shù)據(jù)源的地址。然而由于企業(yè)信息的機(jī)密性,發(fā)現(xiàn)服務(wù)中地址信息的讀寫操作必須具備完善的訪問控制機(jī)制,企業(yè)才會(huì)愿意向發(fā)現(xiàn)服務(wù)發(fā)布自己的數(shù)據(jù)源地址。又由于企業(yè)在生產(chǎn)和物流等過程中需要即時(shí)性地為每個(gè)物品向發(fā)現(xiàn)服務(wù)發(fā)布地址記錄,因此發(fā)現(xiàn)服務(wù)的服務(wù)性能要足夠高效。目前對(duì)發(fā)現(xiàn)服務(wù)的研究缺乏有效可用的訪問控制機(jī)制,同時(shí)缺乏有效的機(jī)制保證高效的服務(wù)。 本文主要做了以下三方面的貢獻(xiàn)。第,針對(duì)發(fā)現(xiàn)服務(wù)的應(yīng)用場(chǎng)景,,設(shè)計(jì)了套基于P-Token的單品級(jí)動(dòng)態(tài)訪問控制機(jī)制。其中每個(gè)物品的P-Token隨著物品的生產(chǎn)而被初始化,存儲(chǔ)在RFID的User Bank中,并順著供應(yīng)鏈流通。只有擁有該物品的有效P-Token才能向發(fā)現(xiàn)服務(wù)發(fā)布地址記錄或更新P-Token,只有提供發(fā)布地址記錄時(shí)的P-Token或提供物品的當(dāng)前有效P-Token才能看見該地址記錄。同時(shí)采用非對(duì)稱加密算法保證P-Token在供應(yīng)鏈傳輸過程中以及和發(fā)現(xiàn)服務(wù)的通信過程中的真實(shí)性、完整性和機(jī)密性。第二,針對(duì)發(fā)現(xiàn)服務(wù)的海量數(shù)據(jù)需求和高性能服務(wù)需求,提出了個(gè)分布式內(nèi)存數(shù)據(jù)存儲(chǔ)體系。在分布式哈希表(DHT)的基礎(chǔ)上,通過虛擬分區(qū)劃分?jǐn)?shù)據(jù)歸屬權(quán),每個(gè)結(jié)點(diǎn)會(huì)將屬于自己的數(shù)據(jù)直接存儲(chǔ)在內(nèi)存中,保證數(shù)據(jù)高效的讀寫操作。通過備份調(diào)度機(jī)制,在數(shù)據(jù)備份緩沖區(qū)滿了或者計(jì)時(shí)器到時(shí)的時(shí)候異步地將數(shù)據(jù)備份到其他結(jié)點(diǎn)上保證數(shù)據(jù)的安全性。通過持久化調(diào)度機(jī)制,在內(nèi)存空間到達(dá)閾值或者未被訪問時(shí)間過長(zhǎng)時(shí)異步地將內(nèi)存中的數(shù)據(jù)寫入到持久層去,維持內(nèi)存空間的可用性,同時(shí)通過可擴(kuò)展的數(shù)據(jù)持久化通道實(shí)現(xiàn)了與傳統(tǒng)存儲(chǔ)技術(shù)的對(duì)接。第三,為了進(jìn)步滿足發(fā)現(xiàn)服務(wù)的高性能服務(wù)需求,實(shí)現(xiàn)了個(gè)基于二進(jìn)制編碼的高效數(shù)據(jù)通信體系。通過應(yīng)用GoogleProtocol Buffers技術(shù),有效地將需要傳輸?shù)臄?shù)據(jù)進(jìn)行二進(jìn)制編碼壓縮,減少了數(shù)據(jù)的傳輸量,提高了消息數(shù)據(jù)的傳輸效率,同時(shí)保持了對(duì)所傳輸?shù)南⒆x寫的語(yǔ)言無(wú)關(guān)性和平臺(tái)中立性。 本文首先對(duì)研究背景和研究現(xiàn)狀進(jìn)行了介紹與總結(jié),識(shí)別了目前對(duì)發(fā)現(xiàn)服務(wù)的研究的不足之處,并提出了本文的研究?jī)?nèi)容與技術(shù)路線;然后分別從基于P-Token的安全機(jī)制、基于內(nèi)存存儲(chǔ)的分布式存儲(chǔ)機(jī)制以及基于二進(jìn)制編碼的高效數(shù)據(jù)通信機(jī)制等三個(gè)方面對(duì)系統(tǒng)進(jìn)行研究與設(shè)計(jì);并將整個(gè)系統(tǒng)分為系統(tǒng)通信層、系統(tǒng)服務(wù)層、數(shù)據(jù)存儲(chǔ)層以及數(shù)據(jù)持久層等四層架構(gòu),詳細(xì)描述了系統(tǒng)的實(shí)現(xiàn);最后對(duì)全文進(jìn)行了總結(jié),同時(shí)對(duì)未來(lái)的進(jìn)步工作進(jìn)行了展望。
[Abstract]:EPCglobal network is a realization system of Internet of things based on RFID technology (RFID). In order to obtain and utilize all the relevant data of goods across enterprises, EPCglobal network proposes the need for a discovery service, which can obtain the address of the relevant unknown data source through the object-only identification code. However, due to the confidentiality of the enterprise information, the read-write operation of address information in the discovery service must have a perfect access control mechanism so that the enterprise will be willing to publish its own data source address to the discovery service. Because enterprises need to publish the address record to the discovery service instantly in the process of production and logistics, the service performance of the discovery service should be efficient enough. At present, the research on discovery services lacks effective access control mechanisms and efficient services. This paper mainly makes the following three contributions. Firstly, a single level dynamic access control mechanism based on P-Token is designed for the application scenario of discovery service. The P-Token of each item is initialized as the item is produced, stored in the User Bank of the RFID and circulated along the supply chain. Only the valid P-Token that owns the item can publish the address record or update P-Tokento the discovery service, and only the P-Token at the time of the publication address record or the current valid P-Token of the item can see the address record. At the same time, asymmetric encryption algorithm is used to ensure the authenticity, integrity and confidentiality of P-Token in the process of supply chain transmission and communication with discovery services. Secondly, a distributed memory data storage system is proposed to meet the demand of massive data and high performance service. Based on the distributed hash table (DHT), each node stores its own data directly in memory through virtual partitioning, which ensures the efficient reading and writing operation of the data. By means of backup scheduling mechanism, the data can be backed up asynchronously to other nodes when the data backup buffer is full or when the timer arrives. Through the persistence scheduling mechanism, the data in memory is written asynchronously to the persistence layer when the memory reaches threshold or is not accessed too long, so as to maintain the availability of memory space. At the same time, the docking with the traditional storage technology is realized through the extensible data persistence channel. Thirdly, in order to meet the requirement of high performance service of discovery service, an efficient data communication system based on binary coding is implemented. By using GoogleProtocol Buffers technology, the data that needs to be transmitted is effectively compressed by binary coding, which reduces the amount of data transmission and improves the transmission efficiency of message data. At the same time, the language independence and platform neutrality of the transmitted messages are maintained. Firstly, this paper introduces and summarizes the research background and status quo, identifies the shortcomings of the current research on discovery services, and puts forward the research content and technical route of this paper. Then the system is researched and designed from three aspects: the security mechanism based on P-Token, the distributed storage mechanism based on memory storage and the efficient data communication mechanism based on binary coding. The whole system is divided into four layers: system communication layer, system service layer, data storage layer and data persistence layer. The implementation of the system is described in detail.
【學(xué)位授予單位】:上海交通大學(xué)
【學(xué)位級(jí)別】:碩士
【學(xué)位授予年份】:2014
【分類號(hào)】:TP391.44;TN915.08
本文編號(hào):2301413
[Abstract]:EPCglobal network is a realization system of Internet of things based on RFID technology (RFID). In order to obtain and utilize all the relevant data of goods across enterprises, EPCglobal network proposes the need for a discovery service, which can obtain the address of the relevant unknown data source through the object-only identification code. However, due to the confidentiality of the enterprise information, the read-write operation of address information in the discovery service must have a perfect access control mechanism so that the enterprise will be willing to publish its own data source address to the discovery service. Because enterprises need to publish the address record to the discovery service instantly in the process of production and logistics, the service performance of the discovery service should be efficient enough. At present, the research on discovery services lacks effective access control mechanisms and efficient services. This paper mainly makes the following three contributions. Firstly, a single level dynamic access control mechanism based on P-Token is designed for the application scenario of discovery service. The P-Token of each item is initialized as the item is produced, stored in the User Bank of the RFID and circulated along the supply chain. Only the valid P-Token that owns the item can publish the address record or update P-Tokento the discovery service, and only the P-Token at the time of the publication address record or the current valid P-Token of the item can see the address record. At the same time, asymmetric encryption algorithm is used to ensure the authenticity, integrity and confidentiality of P-Token in the process of supply chain transmission and communication with discovery services. Secondly, a distributed memory data storage system is proposed to meet the demand of massive data and high performance service. Based on the distributed hash table (DHT), each node stores its own data directly in memory through virtual partitioning, which ensures the efficient reading and writing operation of the data. By means of backup scheduling mechanism, the data can be backed up asynchronously to other nodes when the data backup buffer is full or when the timer arrives. Through the persistence scheduling mechanism, the data in memory is written asynchronously to the persistence layer when the memory reaches threshold or is not accessed too long, so as to maintain the availability of memory space. At the same time, the docking with the traditional storage technology is realized through the extensible data persistence channel. Thirdly, in order to meet the requirement of high performance service of discovery service, an efficient data communication system based on binary coding is implemented. By using GoogleProtocol Buffers technology, the data that needs to be transmitted is effectively compressed by binary coding, which reduces the amount of data transmission and improves the transmission efficiency of message data. At the same time, the language independence and platform neutrality of the transmitted messages are maintained. Firstly, this paper introduces and summarizes the research background and status quo, identifies the shortcomings of the current research on discovery services, and puts forward the research content and technical route of this paper. Then the system is researched and designed from three aspects: the security mechanism based on P-Token, the distributed storage mechanism based on memory storage and the efficient data communication mechanism based on binary coding. The whole system is divided into four layers: system communication layer, system service layer, data storage layer and data persistence layer. The implementation of the system is described in detail.
【學(xué)位授予單位】:上海交通大學(xué)
【學(xué)位級(jí)別】:碩士
【學(xué)位授予年份】:2014
【分類號(hào)】:TP391.44;TN915.08
【參考文獻(xiàn)】
相關(guān)期刊論文 前1條
1 趙文;李信鵬;劉殿興;張世琨;王立福;;供應(yīng)鏈環(huán)境下一種分布式RFID發(fā)現(xiàn)服務(wù)[J];電子學(xué)報(bào);2010年S1期
本文編號(hào):2301413
本文鏈接:http://www.sikaile.net/guanlilunwen/gongyinglianguanli/2301413.html
最近更新
教材專著
