Keywords

1 Introduction

With the continuous deepening of mobile business applications in the power marketing business, higher requirements have been placed on the support capabilities of mobile operation terminals. Not only need to meet daily business processing needs, but also need to continuously expand support capabilities [4, 5] to achieve user location information and trajectory Information, on-site equipment location, on-site check-in information and other location data are collected and uploaded to the township power supply monitoring platform to provide work order processing and information upload and update assistants for on-site services to achieve intelligent management, visual monitoring and information scheduling [6]. Due to the extremely high requirements for information security in the power industry, mobile applications involve a series of issues such as secure access to internal and external networks, data security, and application development models [7]. The current positioning functions of mobile operating terminals mainly rely on GPS. Affected by weather and location, the positioning speed response is slow, and the search time is long, which cannot support the development of related businesses.

In order to improve the location service function of mobile operating terminals, through in-depth research and analysis, this paper proposes a safe and efficient network-aided system design method based on location services (LBS) to meet the positioning needs of mobile operating terminals under harsh operating conditions, based on Provide support for the on-site operation of location data information, equipment information collection, area management and other business development.

A complete LBS system consists of four parts, including positioning system, mobile service center, communication network and mobile intelligent terminal, as shown in Fig. 1:

Fig. 1.
figure 1

LBS system diagram Auxiliary positioning system design

Full size image

Among them, the positioning system includes a GP positioning system and a base station positioning system. Positioning technology is the core technology of the entire LBS system, which is responsible for information interaction with mobile terminals and network interconnection of various sub-centers (location servers, content providers, etc.) to complete the classification, recording and forwarding of various information and the flow of business information between sub-centers, and monitors the entire networks

2 Auxiliary Positioning System Design

2.1 System Overall Architecture Design

As shown in Fig. 2, the system is mainly divided into 4 layers, namely the data layer, business layer, transmission layer, and display layer. The data layer is divided into a server data layer and a terminal data layer. The server data layer is mainly responsible for the storage of spatial data, attribute data, and SVG map data, and the terminal data layer is responsible for the storage of system pictures and so on. The business layer is divided into EJB business and Web business, among them EJB business is responsible for data reading, transformation, analysis and answering Web request, Web business is responsible for client data request and response. The transport layer is responsible for data transmission, mainly through the power VPN dedicated network. The display layer is responsible for data (attribute data and spatial data) display, as well as data manipulation.

Fig. 2.
figure 2

LBS overall architecture diagram

Full size image

2.2 System Function Module Design

2.2.1 Server-Side Functional Design

The server is for the client, used to handle user business requests. The main functions include receiving client business requests, performing spatial calculation and analysis, searching response data from the server database, packaging response data, and sending response data. The functional framework of the server-side system is shown in Fig. 3.

Fig. 3.
figure 3

Functional architecture of LBS server system

Full size image

The server-side Servlet component is responsible for accepting the business request sent by the customer and sending the response result; the data encapsulation is completed by JavaBeans; the business request data is managed by the business management module and handed over to the attribute query, spatial analysis and sending module for business processing or data reading Fetch, analyze, transform, encapsulate XML, and answer the client.

2.2.2 Client Function Design

As shown in Fig. 4, the user issues a service request and obtains response data from the server according to the service type. The business types are divided into positioning business and non-positioning business.

Fig. 4.
figure 4

Application architecture diagram

Full size image

Coordinate positioning and name positioning belong to the type of positioning business, and distance measurement, location information and mail services belong to the type of non-positioning business; in the transportation service, the query of the traffic station is the positioning business, and the query of the transportation route is the non-positioning business. The positioning service response data includes spatial positioning data and attribute data. The non-location service response data is divided into status response data and non-location request result data.

When the user operates the terminal map, the graphic operation module is called. Graphic operations include full image display, zoom in, zoom out, roaming, layer control, etc.

3 Research on Secure Access of Network Assisted Positioning System

3.1 Security Architecture Design

As shown in Fig. 5, in order to meet the requirements of State Grid’s security management and control, this paper proposes the following security arrangements (Fig. 6):

Fig. 5.
figure 5

Data Application framework

Full size image
Fig. 6.
figure 6

Secure connection process

Full size image

The LBS positioning system server is arranged outside the power information network, and the positioning-related applications are arranged on the power information external network. At the same time, safety isolation devices are added at the power information internal and external network boundaries and the external network private network boundary to achieve safe penetration.

In the specific application process, the mobile service application network-assisted positioning system accesses the power intranet through a secure access platform; when the mobile terminal initiates a positioning-related business application request, the request is transmitted to the power through the power private network APN through the power external network The secure access platform of the network is connected to the marketing mobile application platform by the secure access platform. When a positioning request is initiated, the mobile operating platform accesses the location service of the power external network server through the strong isolation device and calls the external network location service.

3.2 Research on Security Guarantee Strategy

In order to further improve the security performance of the system, security design research was conducted in terms of communication data encryption, access control, and strengthening of Internet border management and control, as follows:

3.2.1 Communication Data Encryption

In order to provide a secure communication environment for the LBS-based network-assisted positioning system and provide reliable privacy protection, it is necessary to provide encryption services for all information transmission in the system. The encryption module not only provides the authentication between the user and the server, but also realizes the function of all data encryption, ensuring the security of the network-assisted positioning system. There are many technologies in the application layer to achieve secure communication, such as Https, SSL/TLS protocols, etc., but these protocols have some problems when applied in this system, such as Https need to deploy digital certificates, but they need to apply for trusted digital certificates on a regular basis and cost more, and are less scalable in heterogeneous computing environments, which is not conducive to multi-terminal access to the system. Therefore, the LBS-based network-assisted positioning system designs and implements an encryption module.

The first step for users to use LBS-based power inspection is to establish a secure connection with the server. After establishing a secure connection, all data in the communication channel needs to be encrypted to ensure the safety of the power inspection system. In this process, two types of encryption algorithms are involved. After weighing, the asymmetric encryption algorithm is used to establish a secure connection, and the symmetric encryption algorithm is used to encrypt the data in the communication channel.

3.2.2 Access Control

Access control refers to designing user application operation permissions and key resource access permissions on the server side. Application permissions are hierarchically refined according to function modules, application interfaces, and operation buttons; access to key resources is controlled according to database tables and key records.

Currently, there are three main user roles in the LBS-based network-assisted positioning system: platform administrator, application administrator, and business user. The platform administrator has access to all functional modules of the network-assisted positioning system. The main job is to carry out role management, user management, menu management and role permission configuration, according to the nature of the work, to manage the user information using the system; the main job of the application administrator is to manage related applications of the system.

4 Strengthen Internet Border Control Measures

In order to strengthen the control of the Internet boundary, the network-assisted positioning system is accessed through a secure access platform, and the following management and control strategies are adopted at the same time:

  1. 1)

    Adopt the existing firewall at the provincial company’s Internet border and configure access control strategies to achieve the network isolation and access control of the provincial company’s information extranet and the Internet.

  2. 2)

    The existing IDS equipment of the provincial company’s Internet boundary is used to realize the prevention of border network intrusion, record all kinds of information such as user access record, system operation log, system operation state, and so on, after being standardized, filtered, integrated and alarm analysis, etc., centralized storage and management in the form of logs in a unified format.

  3. 3)

    Application firewall (WAF) is used to protect application layer attacks, and the protection rule base is updated in time.

  4. 4)

    Deploy intrusion prevention equipment to monitor and prevent intrusion attacks such as port scanning at the boundary and Trojan backdoor attacks.

5 Conclusion

Aiming at the problem that the GPS positioning function of current mobile operation terminals is weak, this paper designs and develops an LBS-based network-assisted positioning system based on specific business requirements through in-depth research and analysis. At the same time, in order to meet the requirements of State Grid’s information security control, specific management and control strategies are proposed in terms of deployment methods, access methods, and security management and control strategies. Among them, in terms of deployment, the server is deployed externally, data is accessed by deploying a security isolation device, and the security access platform is used to uniformly access the intranet. Data encryption, access control, and Internet border management are used to achieve specific Security guarantee to meet the positioning requirements under the harsh operating conditions of mobile operation terminals, and provide support for the development of business such as on-site operation check-in, equipment information collection, and area management based on location data information.