CN114697105A - Dynamic encryption method and device for data interaction response of CAN bus of crane - Google Patents
Dynamic encryption method and device for data interaction response of CAN bus of crane Download PDFInfo
- Publication number
- CN114697105A CN114697105A CN202210312258.XA CN202210312258A CN114697105A CN 114697105 A CN114697105 A CN 114697105A CN 202210312258 A CN202210312258 A CN 202210312258A CN 114697105 A CN114697105 A CN 114697105A
- Authority
- CN
- China
- Prior art keywords
- result
- binding
- encryption
- interactive
- interaction
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 230000003993 interaction Effects 0.000 title claims abstract description 126
- 230000004044 response Effects 0.000 title claims abstract description 45
- 238000000034 method Methods 0.000 title claims abstract description 40
- 230000002452 interceptive effect Effects 0.000 claims abstract description 155
- 238000012795 verification Methods 0.000 claims abstract description 81
- 238000004590 computer program Methods 0.000 claims description 3
- 230000003068 static effect Effects 0.000 abstract description 5
- 230000008569 process Effects 0.000 description 9
- 238000004891 communication Methods 0.000 description 6
- 238000012544 monitoring process Methods 0.000 description 6
- 230000005540 biological transmission Effects 0.000 description 4
- 238000013524 data verification Methods 0.000 description 4
- 230000007246 mechanism Effects 0.000 description 4
- 238000010276 construction Methods 0.000 description 3
- 238000010586 diagram Methods 0.000 description 3
- 230000009471 action Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000000737 periodic effect Effects 0.000 description 2
- 238000005336 cracking Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000012938 design process Methods 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 230000036541 health Effects 0.000 description 1
- 238000009440 infrastructure construction Methods 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
- H04L63/0838—Network architectures or network communication protocols for network security for authentication of entities using passwords using one-time-passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/40—Bus networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0891—Revocation or update of secret information, e.g. encryption key update or rekeying
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/40—Bus networks
- H04L2012/40208—Bus networks characterized by the use of a particular bus standard
- H04L2012/40215—Controller Area Network CAN
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/40—Bus networks
- H04L2012/40267—Bus for use in transportation systems
- H04L2012/40273—Bus for use in transportation systems the transportation system being a vehicle
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02P—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
- Y02P90/00—Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
- Y02P90/02—Total factory control, e.g. smart factories, flexible manufacturing systems [FMS] or integrated manufacturing systems [IMS]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a dynamic encryption method and a dynamic encryption device for a CAN bus data interaction response of a crane. After the system after the interactive main body is successfully bound is initialized in a power-on mode, interactive channel verification is firstly carried out, after the verification is successful, the successful identification of the two interactive main bodies is shown, the system works normally, the other data can be transmitted in a normal interactive mode, and if the verification fails, the failure of the identification of the two interactive main bodies is shown; the invention is used for solving the problem of a single static encryption mode among different interactive bodies of the system on the basis of not increasing the cost and the load rate of the CAN bus, and preventing any one of the interactive bodies from being replaced so as to improve the safety of the product.
Description
Technical Field
The invention relates to a dynamic encryption method and device for data interaction response of a CAN (controller area network) bus of a crane, belonging to the technical field of data processing.
Background
The crawler crane is an important classification in mechanical equipment, and plays an important role in infrastructure construction, wind power construction, nuclear power construction, petrochemical construction and the like.
The control system is one of important components of the crawler crane, and on one hand, the control system plays a role in controlling the action of the whole crawler crane, and on the other hand, the safety of products, components and data is also considered. The complete control system includes system hardware and application software, the system hardware includes PLC, display, vehicle terminal GPS and remote monitoring platform, and the application software is electronic system for digital operation via program loading. The controller PLC is used for realizing action control, the display is used for realizing man-machine interaction, and the vehicle-mounted terminal GPS is used for acquiring the position information and the monitoring data of the equipment and sending the position information and the monitoring data to the remote monitoring platform. The electrical elements of the control system adopt a CAN communication protocol for data interaction and response, and the control system is shown in figure 1. Through the CAN bus interactive data between vehicle-mounted terminal GPS and controller PLC and the display HMI, not only CAN look over the operating condition of each system and part of vehicle in real time, realize carrying out effective monitoring to the operation health of vehicle, more CAN realize the operating condition of vehicle through the remote control function to improve the safety control efficiency of vehicle, reduce the operation risk.
Crawler cranes are often of great value and risk-intensive specificity, and it is undesirable to have any of the control systems removed and replaced without permission from the host plant in order to effectively monitor the entire machine and also to protect the entire machine system. Because the hardware system and the application software in the whole set of control system are universal parts, the hardware system and the application software can be interchanged or disassembled in different vehicles without influencing the use of the hardware system and the application software, hardware identification and uniqueness between hardware and the vehicles cannot be achieved, and data leakage and software and hardware replacement are easy to cause. Therefore, higher requirements are required to be provided for hardware identification and a CAN bus interactive response mode of the hardware identification, and meanwhile, the cost problem is comprehensively considered so as to effectively guarantee vehicle safety and CAN bus interactive response data safety.
In the technical scheme of the existing control system, hardware identification of the system is realized in a CAN bus data interactive response mode. The two parties of the interactive main body agree with a communication technical protocol, the interactive main body 1 sends data1 to the interactive main body 2 through CAN ID1, the interactive main body 2 receives a response and sends data2 to the interactive main body 1 through CAN ID2, when the values in the receiving and sending processes are consistent with the agreed communication protocol, the data interaction between the interactive main body 1 and the interactive main body 2 is considered to be successful, namely the interactive main body is matched, otherwise, the interactive main body identification fails. The communication mechanism is based on a periodic interactive response mode, and the content of CAN bus data interaction is also based on static passwords (data1, data2), as shown in FIG. 2.
In the process of periodic interactive response of different interactive main bodies in the existing scheme, CAN bus data are the same and are not changed along with time and vehicles, so that all products use one set of keys, and the keys are single and static and are kept unchanged all the time. Therefore, the communication mode of the single encryption transmission algorithm is low in cracking difficulty, the risk that the secret key is leaked or cracked by a client exists, the system is disassembled and replaced, and the safety of the existing scheme cannot be compensated by the only judgment and detection mechanism.
Disclosure of Invention
The invention aims to overcome the defects in the prior art and provide a dynamic encryption method and a device for data interaction response of a CAN bus of a crane, which are used for solving the problem of a single static encryption mode among different interaction main bodies of a system on the basis of not increasing the cost and the load rate of the CAN bus and preventing any one of the interaction main bodies from being replaced so as to improve the safety of products.
In order to achieve the purpose, the invention is realized by adopting the following technical scheme:
in a first aspect, the present invention provides a dynamic encryption method for data interaction response of a CAN bus of a crane, which is applied to an interaction subject 1, and includes:
an interaction subject binding step, comprising: receiving a binding instruction below a third party, and sending a binding identifier and a binding identification value to the interaction main body 2, wherein the binding identification value is a random number; after receiving the binding identifier and the binding identifier value, the interaction agent 2 obtains a first encryption result according to an encryption algorithm formula 1, and returns the first encryption result to the interaction agent 1;
receiving a first encryption result, and obtaining a first decryption result according to a decryption algorithm formula 1;
comparing the first decryption result with the received first encryption result, if the first decryption result is the same as the received first encryption result, the binding is considered to be successful, and meanwhile, the result of successful binding is informed to a third party, otherwise, the binding fails;
an interactive channel checking step, comprising: sending a check identifier and a check request value to the interaction main body 2, wherein the check request value is a random number, and after receiving the check identifier and the check random number, the interaction main body 2 acquires a second encryption result according to an encryption algorithm formula 2 and feeds the second encryption result back to the interaction main body 1;
receiving a second encryption result, and obtaining a second decryption result according to a decryption algorithm formula 2;
and comparing the second decryption result with the received second encryption result, if the second decryption result is the same as the received second encryption result, the verification is successful, and meanwhile, the result of the successful verification is sent to a third party, otherwise, the verification fails.
Further, the method also comprises the following steps: and after the verification fails, judging whether the two interactive main bodies are bound or not, and if not, re-binding.
In a second aspect, the present invention provides a dynamic encryption method for data interaction response of a CAN bus of a crane, which is applied to an interaction subject 2, and includes:
an interaction subject binding step, comprising: after receiving a binding identifier and a binding identification value sent by an interactive body 1, obtaining a first encryption result according to an encryption algorithm formula 1, wherein the interactive body 1 is used for receiving a binding instruction below a third party and sending the binding identifier and the binding identification value to an interactive body 2, and the binding identification value is a random number;
sending the first encryption result to the interaction subject 1; the interactive body 1 is used for receiving a first encryption result and obtaining a first decryption result according to a decryption algorithm formula 1; comparing the first decryption result with the received first encryption result, if the first decryption result is the same as the received first encryption result, the binding is considered to be successful, and meanwhile, the result of successful binding is informed to a third party, otherwise, the binding fails;
the interactive channel checking step comprises the following steps: after receiving a check identifier and a check random number sent by the interactive main body 1, obtaining a second encryption result according to an encryption algorithm formula 2, wherein the interactive main body 1 is used for sending the check identifier and a check request value to the interactive main body 2, and the check request value is the random number;
sending the second encryption result to the interaction subject 1; the interactive body 1 is used for receiving a second encryption result and obtaining a second decryption result according to a decryption algorithm formula 2; and comparing the second decryption result with the received second encryption result, if the second decryption result is the same as the received second encryption result, the verification is successful, and meanwhile, the result of the successful verification is sent to a third party, otherwise, the verification fails.
Further, the method also comprises the following steps: and after the verification fails, judging whether the two interactive main bodies are bound or not, and if not, re-binding.
In a third aspect, the present invention provides a dynamic encryption apparatus for data interaction response of a CAN bus of a crane, which is applied to an interaction subject 1, and includes:
a first interaction subject binding unit comprising:
the binding instruction receiving and binding identifier and binding identification value sending module is used for receiving a binding instruction below a third party and sending the binding identifier and the binding identification value to the interaction main body 2, wherein the binding identification value is a random number; after receiving the binding identifier and the binding identifier value, the interaction agent 2 obtains a first encryption result according to an encryption algorithm formula 1, and returns the first encryption result to the interaction agent 1;
the first encryption result receiving module is used for receiving the first encryption result and obtaining a first decryption result according to a decryption algorithm formula 1;
the first comparison module is used for comparing the first decryption result with the received first encryption result, if the first decryption result is the same as the received first encryption result, the binding is considered to be successful, and meanwhile, the result of successful binding is informed to a third party, otherwise, the binding fails;
a first cross channel check unit, comprising:
the verification identifier and verification request value sending module is used for sending the verification identifier and the verification request value to the interaction main body 2, wherein the verification request value is a random number, the interaction main body 2 obtains a second encryption result according to an encryption algorithm formula 2 after receiving the verification identifier and the verification random number, and feeds the second encryption result back to the interaction main body 1;
the second encryption result receiving module is used for receiving a second encryption result and obtaining a second decryption result according to a decryption algorithm formula 2;
and the second comparison module is used for comparing the second decryption result with the received second encryption result, if the second decryption result is the same as the received second encryption result, the verification is successful, and meanwhile, the result of the successful verification is sent to a third party, otherwise, the verification fails.
Further, the method also comprises the following steps: and the judging module is used for judging whether the two interactive main bodies are bound or not after the verification fails, and if not, re-binding is carried out.
In a fourth aspect, the present invention provides a dynamic encryption method for data interaction response of a CAN bus of a crane, which is applied to an interaction subject 2, and includes:
a second interaction subject binding unit comprising:
the first encryption result acquisition module is used for acquiring a first encryption result according to an encryption algorithm formula 1 after receiving a binding identifier and a binding identification value sent by the interaction main body 1, wherein the interaction main body 1 is used for receiving a binding instruction below a third party and sending the binding identifier and the binding identification value to the interaction main body 2, and the binding identification value is a random number;
a first encryption result sending module, configured to send the first encryption result to the interaction subject 1; the interactive body 1 is used for receiving a first encryption result and obtaining a first decryption result according to a decryption algorithm formula 1; comparing the first decryption result with the received first encryption result, if the first decryption result is the same as the received first encryption result, the binding is considered to be successful, and meanwhile, the result of successful binding is informed to a third party, otherwise, the binding fails;
a second mutual channel check unit, comprising:
the second encryption result obtaining module is used for obtaining a second encryption result according to an encryption algorithm formula 2 after receiving the check identifier and the check random number sent by the interactive body 1, wherein the interactive body 1 is used for sending the check identifier and a check request value to the interactive body 2, and the check request value is a random number;
the second encryption result sending module is used for sending the second encryption result to the interaction main body 1; the interactive body 1 is used for receiving a second encryption result and obtaining a second decryption result according to a decryption algorithm formula 2; and comparing the second decryption result with the received second encryption result, if the second decryption result is the same as the received second encryption result, the verification is successful, and meanwhile, the result of the successful verification is sent to a third party, otherwise, the verification fails.
Further, the method also comprises the following steps: and the judging module is used for judging whether the two interactive main bodies are bound or not after the verification fails, and if not, re-binding is carried out.
In a fifth aspect, the invention provides a dynamic encryption device for data interaction response of a CAN bus of a crane, which comprises a processor and a storage medium;
the storage medium is used for storing instructions;
the processor is configured to operate in accordance with the instructions to perform the steps of the method according to any one of the preceding claims.
In a sixth aspect, the invention provides a computer-readable storage medium having stored thereon a computer program which, when executed by a processor, performs the steps of the method of any one of the preceding claims.
Compared with the prior art, the invention has the following beneficial effects:
(1) dynamic encryption: establishing dynamic links among different interactive bodies through dynamic binding, and identifying the identities of the different interactive bodies based on dynamic data verification to prevent any one of the two interactive bodies from being detached and replaced;
(2) channel multiplexing: through the distinguishing of identifiers, channel multiplexing is realized under the condition that only one group of CAN IDs is added, data interaction response is effectively finished, and CAN bus load is not influenced;
(3) the cost is not increased: by adopting the pure software encryption upgrading method, the product reliability and the data safety are further improved on the basis of not increasing the cost.
Drawings
FIG. 1 is a schematic diagram of a control system architecture provided in the background of the invention;
FIG. 2 is a schematic diagram of a static-based data interaction response mechanism provided in the background of the invention;
FIG. 3 is a schematic flow chart of a control algorithm provided by an embodiment of the present invention;
FIG. 4 is a diagram illustrating an interactive response data structure according to an embodiment of the present invention;
fig. 5 is a flowchart of a dynamic-based data interaction response mechanism method provided by an embodiment of the present invention.
Detailed Description
The invention is further described below with reference to the accompanying drawings. The following examples are only for illustrating the technical solutions of the present invention more clearly, and the protection scope of the present invention is not limited thereby.
Example 1
The embodiment introduces a dynamic encryption method for data interaction response of a CAN bus of a crane, which is applied to an interaction main body 1 and comprises the following steps:
an interaction subject binding step, comprising: receiving a binding instruction below a third party, and sending a binding identifier and a binding identification value to the interaction main body 2, wherein the binding identification value is a random number; after receiving the binding identifier and the binding identifier value, the interaction agent 2 obtains a first encryption result according to an encryption algorithm formula 1, and returns the first encryption result to the interaction agent 1;
receiving a first encryption result, and obtaining a first decryption result according to a decryption algorithm formula 1;
comparing the first decryption result with the received first encryption result, if the first decryption result is the same as the received first encryption result, the binding is considered to be successful, and meanwhile, the result of successful binding is informed to a third party, otherwise, the binding fails;
an interactive channel checking step, comprising: sending a check identifier and a check request value to the interaction main body 2, wherein the check request value is a random number, and after receiving the check identifier and the check random number, the interaction main body 2 acquires a second encryption result according to an encryption algorithm formula 2 and feeds the second encryption result back to the interaction main body 1;
receiving a second encryption result, and obtaining a second decryption result according to a decryption algorithm formula 2;
and comparing the second decryption result with the received second encryption result, if the second decryption result is the same as the received second encryption result, the verification is successful, and meanwhile, the result of the successful verification is sent to a third party, otherwise, the verification fails.
And after the verification fails, judging whether the two interactive main bodies are bound or not, and if not, re-binding.
The contents designed in the above embodiments will be described below with reference to a preferred embodiment.
According to the embodiment, a dynamic password control algorithm is developed through a software development function, dynamic links are established among different interaction main bodies, data algorithm verification is completed, self-matching among the interaction main bodies is achieved, safety of products and data is improved, and the interaction main bodies can correspond to any hardware in a crane control system.
The control algorithm flow specifically includes interactive agent binding, interactive channel checking and data transmission, as shown in fig. 3. The interactive main body binding is to build an incidence relation between different interactive main bodies, only one operation is carried out when the interactive main body is started for the first time, the interactive channel verification is to carry out data verification between different interactive main bodies, and the judgment is carried out after the system is electrified every time. After the system is initialized after being powered on after the interaction main body is successfully bound, firstly, interaction channel verification is carried out, after the verification is successful, the two interactive main body parties are successfully identified, the system normally works, the rest data can be normally and interactively transmitted, if the verification is failed, the two interactive main body parties are unsuccessfully identified, the system cannot normally work, at the moment, whether the two interactive main body parties are bound or not needs to be judged, if the two interactive main body parties are not bound, the channel verification still cannot pass, and the interactive main body is replaced or detached.
Data interaction responses are required in both the interactive subject binding and interactive channel verification processes. The data of the interactive response is composed of the CAN ID and the data identifier and the data identification value, as shown in fig. 4. The CAN ID is a node number of CAN bus data, a data identifier in a message is used for judging the purpose of data interactive response, and a data identification value is used for storing specific interactive response data. The multiplexing of the nodes can be realized by increasing the data identifiers, newly added nodes are reduced, and the load rate of the bus is reduced. As shown in fig. 5, in the CAN bus data interactive response process, an algorithm is pre-embedded in the interactive main body 1 and the interactive main body 2, then the interactive main body 1 sends the algorithm to the interactive main body 2 through the node ID1 to obtain the random number data1, after the interactive main body 2 receives a response, the interactive main body sends the numerical value data2 encrypted by the data1 to the interactive main body 1 through the node ID2 according to the encryption algorithm, and the interactive main body 1 decrypts the data2 according to the decryption algorithm and then compares the decrypted data with the original data1, wherein if the data are the same, the interactive response is successful, otherwise, the interactive response is failed. It can be seen that both data1 and data2 are dynamically changed during each interactive response, and multiple functions, such as interactive subject binding or interactive channel check, can be implemented by using the same group of nodes through the data identifier in the data.
And (3) an interaction subject binding process: algorithm formula 1 is pre-embedded in the interactive body 1 and the interactive body 2 in advance. The two parties of the first interactive main body must firstly carry out the binding operation of the interactive main body, and the operation can not be repeated after the binding is successful unless the two parties of the interactive main body are replaced again. Generally, a third party such as a remote monitoring platform or a monitor sends a binding instruction to the interaction subject 1, and after the interaction subject 1 receives the binding instruction, a binding identifier and a binding identifier value are sent to the interaction subject 2, where the binding identifier value is a random number and different systems are different, and the binding identifier value is updated with the third party every time the third party updates the instruction. After receiving the binding identifier and the binding identifier value given by the interactive body 1, the interactive body 2 encrypts according to the encryption algorithm formula 1 and returns the encrypted binding identifier and the binding identifier value to the interactive body 1, the interactive body 1 compares the decryption result with the value sent by the interactive body 2 to the interactive body 1 after encryption, if the decryption result and the value are the same, the interactive body 1 considers that the binding is successful, the value is stored in the interactive body 1 and the interactive body 2 as a key, and meanwhile, the result of successful binding is informed to a third party, and otherwise, the binding is failed. It can be seen that the key is updated once per binding operation, and is dynamically stored each time.
And (3) interactive channel checking process: algorithm formula 2 is pre-embedded in the interactive main body 1 and the interactive main body 2 in advance. After the system is powered on every time, the interactive main body 1 and the interactive main body 2 carry out sequential dynamic data verification. The interactive agent 1 actively sends a check identifier and a check request value, the request value is a random number, and each power-on process is different. After receiving the check identifier and the check random number given by the interactive body 1, the interactive body 2 feeds back the encrypted result to the interactive body 1 according to the encryption algorithm formula 2, the interactive body 1 also obtains the decryption result according to the decryption algorithm formula 2 and sends the decryption result to the interactive body 1 according to the encryption algorithm formula 2, the decryption result is compared with the encryption value sent to the interactive body 1 by the interactive body 2, if the decryption result is the same as the encryption value, the check is successful, meanwhile, the successful check result is sent to a third party, and otherwise, the check fails. In the interactive channel checking process, the algorithm formula 2 combines the binding identifier value, i.e. the key, stored in the interactive subject binding process in the design process, and if the binding fails, the interactive channel checking also fails.
And (3) data transmission process: after the interactive main body binding and the interactive channel verification are successful, the system side can work normally, and the rest data can be sent and received normally.
Through the workflow of interaction main body binding, interaction channel verification and data transmission, the communication key of each system is effectively guaranteed to be different, the numerical value is dynamically changed all the time, when any one of the two parties of the interaction main body is detached and replaced, the keys are not matched, the identification of the two parties of the interaction main body fails, and therefore through the measures, the only binding between the interaction main bodies is achieved, the detachment and replacement of the interaction main body are effectively avoided, and effective management and control of products are achieved.
The beneficial effect that this embodiment reached:
(1) dynamic encryption: establishing dynamic links among different interactive bodies through dynamic binding, and identifying the identities of the different interactive bodies based on dynamic data verification to prevent any one of the two interactive bodies from being detached and replaced;
(2) channel multiplexing: through the distinguishing of identifiers, channel multiplexing is realized under the condition that only one group of CAN IDs is added, data interaction response is effectively finished, and CAN bus load is not influenced;
(3) the cost is not increased: by adopting the pure software encryption upgrading method, the product reliability and the data safety are further improved on the basis of not increasing the cost.
Example 2
The embodiment provides a dynamic encryption method for data interaction response of a CAN bus of a crane, which is applied to an interaction main body 2 and comprises the following steps:
an interaction subject binding step, comprising: after receiving a binding identifier and a binding identification value sent by an interactive body 1, obtaining a first encryption result according to an encryption algorithm formula 1, wherein the interactive body 1 is used for receiving a binding instruction below a third party and sending the binding identifier and the binding identification value to an interactive body 2, and the binding identification value is a random number;
sending the first encryption result to the interaction subject 1; the interactive body 1 is used for receiving a first encryption result and obtaining a first decryption result according to a decryption algorithm formula 1; comparing the first decryption result with the received first encryption result, if the first decryption result is the same as the received first encryption result, the binding is considered to be successful, and meanwhile, the result of successful binding is informed to a third party, otherwise, the binding fails;
an interactive channel checking step, comprising: after receiving a check identifier and a check random number sent by the interactive main body 1, obtaining a second encryption result according to an encryption algorithm formula 2, wherein the interactive main body 1 is used for sending the check identifier and a check request value to the interactive main body 2, and the check request value is the random number;
sending the second encryption result to the interactive body 1; the interactive body 1 is used for receiving a second encryption result and obtaining a second decryption result according to a decryption algorithm formula 2; and comparing the second decryption result with the received second encryption result, if the second decryption result is the same as the received second encryption result, the verification is successful, and meanwhile, the result of the successful verification is sent to a third party, otherwise, the verification fails.
And after the verification fails, judging whether the two interactive main bodies are bound or not, and if not, re-binding.
Example 3
The embodiment provides a dynamic encryption device of hoist CAN bus data interactive response, is applied to interactive main part 1, includes:
a first interaction subject binding unit comprising:
the binding instruction receiving and binding identifier and binding identification value sending module is used for receiving a binding instruction below a third party and sending the binding identifier and the binding identification value to the interaction main body 2, wherein the binding identification value is a random number; after receiving the binding identifier and the binding identifier value, the interaction agent 2 obtains a first encryption result according to an encryption algorithm formula 1, and returns the first encryption result to the interaction agent 1;
the first encryption result receiving module is used for receiving the first encryption result and obtaining a first decryption result according to a decryption algorithm formula 1;
the first comparison module is used for comparing the first decryption result with the received first encryption result, if the first decryption result is the same as the received first encryption result, the binding is considered to be successful, and meanwhile, the result of successful binding is informed to a third party, otherwise, the binding fails;
a first cross channel check unit, comprising:
the verification identifier and verification request value sending module is used for sending the verification identifier and the verification request value to the interaction main body 2, wherein the verification request value is a random number, the interaction main body 2 obtains a second encryption result according to an encryption algorithm formula 2 after receiving the verification identifier and the verification random number, and feeds the second encryption result back to the interaction main body 1;
the second encryption result receiving module is used for receiving a second encryption result and obtaining a second decryption result according to a decryption algorithm formula 2;
and the second comparison module is used for comparing the second decryption result with the received second encryption result, if the second decryption result is the same as the received second encryption result, the verification is successful, and meanwhile, the result of the successful verification is sent to a third party, otherwise, the verification fails.
And the judging module is used for judging whether the two interactive main bodies are bound or not after the verification fails, and if not, re-binding is carried out.
Example 4
The embodiment provides a dynamic encryption method for data interaction response of a CAN bus of a crane, which is applied to an interaction main body 2 and comprises the following steps:
a second interaction subject binding unit comprising:
the first encryption result acquisition module is used for acquiring a first encryption result according to an encryption algorithm formula 1 after receiving a binding identifier and a binding identification value sent by the interaction main body 1, wherein the interaction main body 1 is used for receiving a binding instruction below a third party and sending the binding identifier and the binding identification value to the interaction main body 2, and the binding identification value is a random number;
a first encryption result sending module, configured to send the first encryption result to the interaction subject 1; the interactive body 1 is used for receiving a first encryption result and obtaining a first decryption result according to a decryption algorithm formula 1; comparing the first decryption result with the received first encryption result, if the first decryption result is the same as the received first encryption result, the binding is considered to be successful, and meanwhile, the result of successful binding is informed to a third party, otherwise, the binding fails;
a second mutual channel check unit, comprising:
the second encryption result obtaining module is used for obtaining a second encryption result according to an encryption algorithm formula 2 after receiving the check identifier and the check random number sent by the interactive body 1, wherein the interactive body 1 is used for sending the check identifier and a check request value to the interactive body 2, and the check request value is a random number;
the second encryption result sending module is used for sending the second encryption result to the interaction main body 1; the interactive body 1 is used for receiving a second encryption result and obtaining a second decryption result according to a decryption algorithm formula 2; and comparing the second decryption result with the received second encryption result, if the second decryption result is the same as the received second encryption result, the verification is successful, and meanwhile, the result of the successful verification is sent to a third party, otherwise, the verification fails.
And the judging module is used for judging whether the two interactive main bodies are bound or not after the verification fails, and if not, re-binding is carried out.
Example 5
The embodiment provides a dynamic encryption device for data interaction response of a CAN bus of a crane, which comprises a processor and a storage medium;
the storage medium is used for storing instructions;
the processor is configured to operate in accordance with the instructions to perform the steps of the method according to any one of embodiment 1 or embodiment 2.
Example 6
The present embodiment provides a computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the steps of the method of any one of embodiment 1 or embodiment 2.
The above description is only a preferred embodiment of the present invention, and it should be noted that, for those skilled in the art, it is possible to make various improvements and modifications without departing from the technical principle of the present invention, and those improvements and modifications should be considered as the protection scope of the present invention.
Claims (10)
1. A dynamic encryption method for data interaction response of a CAN bus of a crane is characterized by being applied to an interaction main body 1 and comprising the following steps:
an interaction subject binding step, comprising: receiving a binding instruction below a third party, and sending a binding identifier and a binding identification value to the interaction main body 2, wherein the binding identification value is a random number; after receiving the binding identifier and the binding identifier value, the interaction agent 2 obtains a first encryption result according to an encryption algorithm formula 1, and returns the first encryption result to the interaction agent 1;
receiving a first encryption result, and obtaining a first decryption result according to a decryption algorithm formula 1;
comparing the first decryption result with the received first encryption result, if the first decryption result is the same as the received first encryption result, the binding is considered to be successful, and meanwhile, the result of successful binding is informed to a third party, otherwise, the binding fails;
an interactive channel checking step, comprising: sending a check identifier and a check request value to the interaction main body 2, wherein the check request value is a random number, and after receiving the check identifier and the check random number, the interaction main body 2 acquires a second encryption result according to an encryption algorithm formula 2 and feeds the second encryption result back to the interaction main body 1;
receiving a second encryption result, and obtaining a second decryption result according to a decryption algorithm formula 2;
and comparing the second decryption result with the received second encryption result, if the second decryption result is the same as the received second encryption result, the verification is successful, and meanwhile, the result of the successful verification is sent to a third party, otherwise, the verification fails.
2. The dynamic encryption method for data interaction response of the CAN bus of the crane as claimed in claim 1, further comprising: and after the verification fails, judging whether the two interactive main bodies are bound or not, and if not, re-binding.
3. A dynamic encryption method for data interaction response of a CAN bus of a crane is characterized by being applied to an interaction main body 2 and comprising the following steps:
an interaction subject binding step, comprising: after receiving a binding identifier and a binding identification value sent by an interactive body 1, obtaining a first encryption result according to an encryption algorithm formula 1, wherein the interactive body 1 is used for receiving a binding instruction below a third party and sending the binding identifier and the binding identification value to an interactive body 2, and the binding identification value is a random number;
sending the first encryption result to the interaction subject 1; the interactive body 1 is used for receiving a first encryption result and obtaining a first decryption result according to a decryption algorithm formula 1; comparing the first decryption result with the received first encryption result, if the first decryption result is the same as the received first encryption result, the binding is considered to be successful, and meanwhile, the result of successful binding is informed to a third party, otherwise, the binding fails;
the interactive channel checking step comprises the following steps: after receiving a check identifier and a check random number sent by the interactive main body 1, obtaining a second encryption result according to an encryption algorithm formula 2, wherein the interactive main body 1 is used for sending the check identifier and a check request value to the interactive main body 2, and the check request value is the random number;
sending the second encryption result to the interaction subject 1; the interactive body 1 is used for receiving a second encryption result and obtaining a second decryption result according to a decryption algorithm formula 2; and comparing the second decryption result with the received second encryption result, if the second decryption result is the same as the received second encryption result, the verification is successful, and meanwhile, the result of the successful verification is sent to a third party, otherwise, the verification fails.
4. The dynamic encryption method for data interaction response of the CAN bus of the crane as claimed in claim 3, further comprising: and after the verification fails, judging whether the two interactive main bodies are bound or not, and if not, re-binding.
5. The utility model provides a dynamic encryption device of hoist CAN bus data interaction response which characterized in that is applied to interactive main part 1, includes:
a first interaction subject binding unit comprising:
the binding instruction receiving and binding identifier and binding identification value sending module is used for receiving a binding instruction below a third party and sending the binding identifier and the binding identification value to the interaction main body 2, wherein the binding identification value is a random number; after receiving the binding identifier and the binding identifier value, the interaction agent 2 obtains a first encryption result according to an encryption algorithm formula 1, and returns the first encryption result to the interaction agent 1;
the first encryption result receiving module is used for receiving the first encryption result and obtaining a first decryption result according to a decryption algorithm formula 1;
the first comparison module is used for comparing the first decryption result with the received first encryption result, if the first decryption result is the same as the received first encryption result, the binding is considered to be successful, and meanwhile, the result of successful binding is informed to a third party, otherwise, the binding fails;
a first cross channel check unit, comprising:
the verification identifier and verification request value sending module is used for sending the verification identifier and the verification request value to the interaction main body 2, wherein the verification request value is a random number, the interaction main body 2 obtains a second encryption result according to an encryption algorithm formula 2 after receiving the verification identifier and the verification random number, and feeds the second encryption result back to the interaction main body 1;
the second encryption result receiving module is used for receiving a second encryption result and obtaining a second decryption result according to a decryption algorithm formula 2;
and the second comparison module is used for comparing the second decryption result with the received second encryption result, if the second decryption result is the same as the received second encryption result, the verification is successful, and meanwhile, the result of the successful verification is sent to a third party, otherwise, the verification fails.
6. The dynamic encryption method for data interaction response of the CAN bus of the crane as claimed in claim 1, further comprising: and the judging module is used for judging whether the two interactive main bodies are bound or not after the verification fails, and if not, re-binding is carried out.
7. A dynamic encryption method for data interaction response of a CAN bus of a crane is characterized by being applied to an interaction main body 2 and comprising the following steps:
a second interaction subject binding unit comprising:
the first encryption result acquisition module is used for acquiring a first encryption result according to an encryption algorithm formula 1 after receiving a binding identifier and a binding identification value sent by the interaction main body 1, wherein the interaction main body 1 is used for receiving a binding instruction below a third party and sending the binding identifier and the binding identification value to the interaction main body 2, and the binding identification value is a random number;
a first encryption result sending module, configured to send the first encryption result to the interaction subject 1; the interactive body 1 is used for receiving a first encryption result and obtaining a first decryption result according to a decryption algorithm formula 1; comparing the first decryption result with the received first encryption result, if the first decryption result is the same as the received first encryption result, the binding is considered to be successful, and meanwhile, the result of successful binding is informed to a third party, otherwise, the binding fails;
a second mutual channel check unit, comprising:
the second encryption result obtaining module is used for obtaining a second encryption result according to an encryption algorithm formula 2 after receiving the check identifier and the check random number sent by the interactive body 1, wherein the interactive body 1 is used for sending the check identifier and a check request value to the interactive body 2, and the check request value is a random number;
the second encryption result sending module is used for sending the second encryption result to the interaction main body 1; the interactive body 1 is used for receiving a second encryption result and obtaining a second decryption result according to a decryption algorithm formula 2; and comparing the second decryption result with the received second encryption result, if the second decryption result is the same as the received second encryption result, the verification is successful, and meanwhile, the result of the successful verification is sent to a third party, otherwise, the verification fails.
8. The dynamic encryption method for data interaction response of the CAN bus of the crane as claimed in claim 3, further comprising: and the judging module is used for judging whether the two interactive main parts are bound or not after the verification fails, and if not, re-binding is carried out.
9. A dynamic encryption device for data interactive response of a CAN bus of a crane is characterized in that: comprising a processor and a storage medium;
the storage medium is used for storing instructions;
the processor is configured to operate in accordance with the instructions to perform the steps of the method according to any one of claims 1 to 4.
10. A computer-readable storage medium having stored thereon a computer program, characterized in that: the program when executed by a processor implements the steps of the method of any one of claims 1 to 4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210312258.XA CN114697105B (en) | 2022-03-28 | 2022-03-28 | Dynamic encryption method and device for CAN bus data interaction response of crane |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210312258.XA CN114697105B (en) | 2022-03-28 | 2022-03-28 | Dynamic encryption method and device for CAN bus data interaction response of crane |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114697105A true CN114697105A (en) | 2022-07-01 |
| CN114697105B CN114697105B (en) | 2024-03-22 |
Family
ID=82140205
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210312258.XA Active CN114697105B (en) | 2022-03-28 | 2022-03-28 | Dynamic encryption method and device for CAN bus data interaction response of crane |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114697105B (en) |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102624525A (en) * | 2011-11-18 | 2012-08-01 | 广西柳工机械股份有限公司 | Electronic identity recognition method for engineering machinery and device |
| WO2015024426A1 (en) * | 2013-08-19 | 2015-02-26 | 深圳光启创新技术有限公司 | Identity authentication system, apparatus, and method, and identity authentication request apparatus |
| CN106899404A (en) * | 2017-02-15 | 2017-06-27 | 同济大学 | Vehicle-mounted CAN FD bus communication systems and method based on wildcard |
| CN107844092A (en) * | 2017-11-28 | 2018-03-27 | 东风商用车有限公司 | One kind pin borrows vehicle remote management control system and its control method |
| CN109035519A (en) * | 2018-07-26 | 2018-12-18 | 杭州晟元数据安全技术股份有限公司 | A kind of biometric devices and method |
| CN109815713A (en) * | 2018-12-27 | 2019-05-28 | 郑州新大方重工科技有限公司 | A kind of encryption method based on electric system of engineering machinery |
| CN110660210A (en) * | 2019-10-12 | 2020-01-07 | 扬州亚星客车股份有限公司 | Data acquisition system and method based on CAN bus and wireless communication |
| CN111147257A (en) * | 2019-12-26 | 2020-05-12 | 核芯互联科技(青岛)有限公司 | Identity authentication and information confidentiality method, monitoring center and remote terminal unit |
| CN112319420A (en) * | 2020-11-04 | 2021-02-05 | 浙江新柴股份有限公司 | Remote vehicle locking control method |
-
2022
- 2022-03-28 CN CN202210312258.XA patent/CN114697105B/en active Active
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102624525A (en) * | 2011-11-18 | 2012-08-01 | 广西柳工机械股份有限公司 | Electronic identity recognition method for engineering machinery and device |
| WO2015024426A1 (en) * | 2013-08-19 | 2015-02-26 | 深圳光启创新技术有限公司 | Identity authentication system, apparatus, and method, and identity authentication request apparatus |
| CN106899404A (en) * | 2017-02-15 | 2017-06-27 | 同济大学 | Vehicle-mounted CAN FD bus communication systems and method based on wildcard |
| CN107844092A (en) * | 2017-11-28 | 2018-03-27 | 东风商用车有限公司 | One kind pin borrows vehicle remote management control system and its control method |
| CN109035519A (en) * | 2018-07-26 | 2018-12-18 | 杭州晟元数据安全技术股份有限公司 | A kind of biometric devices and method |
| CN109815713A (en) * | 2018-12-27 | 2019-05-28 | 郑州新大方重工科技有限公司 | A kind of encryption method based on electric system of engineering machinery |
| CN110660210A (en) * | 2019-10-12 | 2020-01-07 | 扬州亚星客车股份有限公司 | Data acquisition system and method based on CAN bus and wireless communication |
| CN111147257A (en) * | 2019-12-26 | 2020-05-12 | 核芯互联科技(青岛)有限公司 | Identity authentication and information confidentiality method, monitoring center and remote terminal unit |
| CN112319420A (en) * | 2020-11-04 | 2021-02-05 | 浙江新柴股份有限公司 | Remote vehicle locking control method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114697105B (en) | 2024-03-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107682334B (en) | OBD interface data safety protection system and data safety protection method | |
| US20180270052A1 (en) | Cryptographic key distribution | |
| CN110535641B (en) | Key management method and apparatus, computer device, and storage medium | |
| CN112055344B (en) | Engineering machinery Bluetooth equipment identity authentication system and method | |
| CN113596009B (en) | Zero trust access method, system, zero trust security proxy, terminal and medium | |
| US11882213B2 (en) | Method for key generation upon request by a secure access device, using an electronic control unit of a vehicle | |
| CN108011867B (en) | Safe encryption method and system for railway signals | |
| CN113890730A (en) | Data transmission method and system | |
| CN107554481B (en) | A kind of long-range locking system of pure electric vehicle and its control method | |
| CN108769004B (en) | Remote operation safety verification method for industrial internet intelligent equipment | |
| CN103024599B (en) | Set top box communication method, device and system | |
| CN114139176A (en) | Industrial internet core data protection method and system based on state secret | |
| CN112865965A (en) | Train service data processing method and system based on quantum key | |
| CN114697105A (en) | Dynamic encryption method and device for data interaction response of CAN bus of crane | |
| CN114157489B (en) | Communication domain controller safety communication method based on periodic authentication handshake mechanism | |
| CN105491118B (en) | A kind of avionics Ethernet data loading system | |
| CN111523128B (en) | Information protection method, system, electronic equipment and medium | |
| CN115396084A (en) | Safety communication method based on integrated safety layer | |
| CN114785557A (en) | Vehicle symmetric key distribution system, method and storage medium | |
| CN211557285U (en) | Control terminal, signature server and task server | |
| CN113407931A (en) | Password management method and device and input terminal | |
| CN107493262B (en) | Method and device for transmitting data | |
| CN111083164A (en) | Safety protection method of industrial control system and related equipment | |
| CN111475799A (en) | Device for authenticating identity of robot and robot | |
| CN115001735B (en) | Power system data security processing method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |