CN114697105B - Dynamic encryption method and device for CAN bus data interaction response of crane - Google Patents
Dynamic encryption method and device for CAN bus data interaction response of crane Download PDFInfo
- Publication number
- CN114697105B CN114697105B CN202210312258.XA CN202210312258A CN114697105B CN 114697105 B CN114697105 B CN 114697105B CN 202210312258 A CN202210312258 A CN 202210312258A CN 114697105 B CN114697105 B CN 114697105B
- Authority
- CN
- China
- Prior art keywords
- interaction
- binding
- main body
- verification
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 230000003993 interaction Effects 0.000 title claims abstract description 432
- 230000004044 response Effects 0.000 title claims abstract description 103
- 238000000034 method Methods 0.000 title claims abstract description 65
- 238000012795 verification Methods 0.000 claims abstract description 183
- 238000013524 data verification Methods 0.000 claims abstract description 13
- 230000002452 interceptive effect Effects 0.000 claims description 104
- 230000008569 process Effects 0.000 claims description 38
- 238000012544 monitoring process Methods 0.000 claims description 14
- 238000012938 design process Methods 0.000 claims description 9
- 238000004590 computer program Methods 0.000 claims description 3
- 230000005540 biological transmission Effects 0.000 abstract description 5
- 230000003068 static effect Effects 0.000 abstract description 5
- 238000004891 communication Methods 0.000 description 6
- 230000007246 mechanism Effects 0.000 description 4
- 230000009471 action Effects 0.000 description 3
- 238000010276 construction Methods 0.000 description 3
- 238000010586 diagram Methods 0.000 description 3
- 238000007726 management method Methods 0.000 description 3
- 230000009286 beneficial effect Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000000737 periodic effect Effects 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 238000005336 cracking Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 230000036541 health Effects 0.000 description 1
- 238000009440 infrastructure construction Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
- H04L63/0838—Network architectures or network communication protocols for network security for authentication of entities using passwords using one-time-passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/40—Bus networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0891—Revocation or update of secret information, e.g. encryption key update or rekeying
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/40—Bus networks
- H04L2012/40208—Bus networks characterized by the use of a particular bus standard
- H04L2012/40215—Controller Area Network CAN
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/40—Bus networks
- H04L2012/40267—Bus for use in transportation systems
- H04L2012/40273—Bus for use in transportation systems the transportation system being a vehicle
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02P—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
- Y02P90/00—Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
- Y02P90/02—Total factory control, e.g. smart factories, flexible manufacturing systems [FMS] or integrated manufacturing systems [IMS]
Abstract
The invention discloses a dynamic encryption method and a device for CAN bus data interaction response of a crane, wherein the method comprises interaction body binding, interaction channel verification and data transmission, wherein the interaction body binding is to build association relations among different interaction bodies, the interaction channel verification is to carry out data verification among different interaction bodies, and judgment is carried out after the system is electrified each time. After the system with successfully bound interaction bodies is electrified and initialized, firstly checking an interaction channel, after the verification is successful, indicating that the identification of the two interaction bodies is successful, the system works normally, and other data can be transmitted in a normal interaction mode, and if the verification is failed, indicating that the identification of the two interaction bodies is failed; the invention is used for solving the single static encryption mode among different interaction bodies of the system on the basis of not increasing the cost and the CAN bus load rate, and preventing any one of the interaction bodies from being replaced so as to improve the safety of products.
Description
Technical Field
The invention relates to a dynamic encryption method and device for CAN bus data interaction response of a crane, and belongs to the technical field of data processing.
Background
The crawler crane is an important category in mechanical equipment and plays an important role in infrastructure construction, wind power construction, nuclear power construction, petrochemical construction and the like.
The control system is used as one of important components of the crawler crane, and is used for controlling the action of the whole crawler crane on one hand and considering the safety of products, components and data on the other hand. The complete control system comprises system hardware and application software, wherein the system hardware generally comprises a controller PLC, a display, a vehicle-mounted terminal GPS and a remote monitoring platform, and the application software is an electronic system for realizing digital operation through program loading processing. The controller PLC is used for realizing action control, the display is used for realizing man-machine interaction, the vehicle-mounted terminal GPS is used for realizing acquisition of position information and monitoring data of the equipment, and the position information and the monitoring data are sent to the remote monitoring platform. The CAN communication protocol is adopted between the electrical elements of the control system for data interaction and response, see figure 1. Through using the CAN bus interactive data between the vehicle-mounted terminal GPS and the controller PLC and the display HMI, not only CAN the working states of various systems and components of the vehicle be checked in real time, but also the running state of the vehicle CAN be realized through a remote control function besides realizing effective monitoring of the running health of the vehicle, thereby improving the safety management efficiency of the vehicle and reducing the management risk.
Crawler cranes are often of great value, high risk specificity, in order to be able to monitor the complete machine effectively, while at the same time protecting the complete machine system well, it is undesirable that anything in the control system is removed without the permission of the host machine factory. Because the hardware system and the application software in the whole set of control system are all universal parts, the hardware system and the application software can be mutually interchanged or detached in different vehicles, the use of the hardware system and the application software can not be influenced, the hardware identification and the uniqueness of the hardware and the vehicles can not be realized, and the data leakage and the software and hardware replacement are easy to cause. Therefore, higher requirements are required for hardware identification and CAN bus interaction response modes of the vehicle, and meanwhile, cost problems are comprehensively considered, so that vehicle safety and CAN bus interaction response data safety are effectively guaranteed.
In the technical scheme of the existing control system, hardware identification of the system is realized in a CAN bus data interaction response mode. The two parties of the interactive main body agree on a communication technical protocol, the interactive main body 1 sends data1 to the interactive main body 2 through the CAN ID1, the interactive main body 2 receives a response, the data2 is sent to the interactive main body 1 through the CAN ID2, when the value in the receiving and sending process is consistent with the agreed communication protocol, the data interaction of the interactive main body 1 and the interactive main body 2 is considered to be successful, namely the interactive main body is matched, and otherwise the interactive main body identification fails. The communication mechanism is based on a periodic interaction response mode, and the content of CAN bus data interaction is also based on static passwords (data 1, data 2), as shown in fig. 2.
In the prior art, the CAN bus data are the same in the periodic interaction process of different main bodies, and are not changed with the vehicle along with time, so that all products use one set of keys, and the keys are single static and always kept unchanged. Therefore, the communication mode of the single encryption transmission algorithm has low cracking difficulty, and the risk that the secret key is leaked or cracked by a client exists, so that the system is disassembled and replaced, and the safety of the existing scheme is not sufficiently compensated by the only judging and detecting mechanism.
Disclosure of Invention
The invention aims to overcome the defects in the prior art, and provides a dynamic encryption method and device for CAN bus data interaction response of a crane, which are used for solving a single static encryption mode among different interaction bodies of a system on the basis of not increasing cost and CAN bus load rate, and preventing any one of the interaction bodies from being replaced so as to improve the safety of products.
In order to achieve the above purpose, the invention is realized by adopting the following technical scheme:
in a first aspect, the present invention provides a dynamic encryption method for a crane CAN bus data interaction response, applied to an interaction body 1, including:
an interactive body binding step comprising: receiving a binding instruction issued by a third party, and sending a binding identifier and a binding identifier value to the interaction body 2, wherein the binding identifier value is a random number; after receiving the binding identifier and the binding identifier value, the interaction body 2 obtains a first encryption result according to an encryption algorithm formula 1, and returns the first encryption result to the interaction body 1; the third party comprises a remote monitoring platform or a display, and the binding identification value can also follow the updating every time the third party updates an instruction;
Receiving a first encryption result, and obtaining a first decryption result according to a decryption algorithm formula 1;
comparing the first decryption result with a binding identification value sent to the interaction body 2, if the first decryption result is the same as the binding identification value, the binding identification value is considered to be successful, the binding identification value is stored as a secret key in the interaction body 1 and the interaction body 2, and meanwhile, the successful binding result is informed to a third party, otherwise, the binding is failed;
the two parties of the first interactive main body must first perform an interactive main body binding step, and after successful binding, the operation is not repeated until the two parties of the interactive main body are replaced again;
an interactive channel verification step, comprising: after the system is electrified each time, the interaction main body 1 and the interaction main body 2 perform dynamic data verification once, and a verification identifier and a verification request value are sent to the interaction main body 2, wherein the verification request value is a random number, and the interaction main body 2 acquires a second encryption result according to an encryption algorithm formula 2 after receiving the verification identifier and the verification request value and feeds back the second encryption result to the interaction main body 1;
receiving a second encryption result, and obtaining a second decryption result according to a decryption algorithm formula 2;
comparing the second decryption result with the verification request value sent to the interaction body 2, if the second decryption result is the same as the verification request value, considering that the verification is successful, and sending the result of the successful verification to a third party, otherwise, failing;
The encryption algorithm formula 2 and the decryption algorithm formula 2 combine binding identification values stored in the binding process of the interaction body in the design process, and if the binding fails, the interaction channel verification also fails;
in the process of binding the interaction main body and checking the interaction channel, carrying out data interaction response, wherein the data of the interaction response consists of a CAN ID (controller area network) and a data identifier and a data identification value, the CAN ID is a node number of CAN bus data, the data identifier in a message is used for judging the purpose of the data interaction response, and the data identification value is used for storing the data of the specific interaction response; in the CAN bus data interaction response process, firstly, embedding an algorithm in an interaction main body 1 and an interaction main body 2, then transmitting a random number data1 to the interaction main body 2 by the interaction main body 1 through a CAN ID1, after the interaction main body 2 receives a response, transmitting a numerical value data2 encrypted by the data1 to the interaction main body 1 through the CAN ID2 according to an encryption algorithm formula 1 or an encryption algorithm formula 2, and comparing the data2 with original data1 after the interaction main body 1 decrypts according to a decryption algorithm formula 1 or a decryption algorithm formula 2, wherein if the numerical value data is the same, the interaction main body 1 represents successful interaction response, otherwise, the interaction main body represents failure;
after the interactive body binding and the interactive channel verification are successful, the system side can work normally, and the rest data can be sent and received normally.
Further, the method further comprises the following steps: after the verification fails, judging whether the two interactive main bodies are bound or not, and if not, re-binding.
In a second aspect, the present invention provides a dynamic encryption method for a crane CAN bus data interaction response, applied to an interaction body 2, including:
an interactive body binding step comprising: after receiving the binding identifier and the binding identification value sent by the interaction body 1, acquiring a first encryption result according to an encryption algorithm formula 1, wherein the interaction body 1 is used for receiving a binding instruction issued by a third party and sending the binding identifier and the binding identification value to the interaction body 2, and the binding identification value is a random number;
transmitting the first encryption result to the interaction body 1; the interaction body 1 is used for receiving a first encryption result and obtaining a first decryption result according to a decryption algorithm formula 1; comparing the first decryption result with a binding identification value sent to the interaction body 2, if the first decryption result is the same as the binding identification value, storing the binding identification value as a secret key in the interaction body 1 and the interaction body 2, and informing a third party of the successful binding result, otherwise, failing; the third party comprises a remote monitoring platform or a display, and the binding identification value can also follow the updating every time the third party updates an instruction; the two parties of the first interactive main body must first perform an interactive main body binding step, and after successful binding, the operation is not repeated until the two parties of the interactive main body are replaced again;
An interactive channel verification step, comprising: after receiving the verification identifier and the verification request value sent by the interaction body 1, obtaining a second encryption result according to an encryption algorithm formula 2, wherein the interaction body 1 is used for sending the verification identifier and the verification request value to the interaction body 2, and the verification request value is a random number; after the system is electrified each time, the interaction main body 1 and the interaction main body 2 perform dynamic data verification once;
sending the second encryption result to the interaction body 1; the interaction body 1 is used for receiving a second encryption result and obtaining a second decryption result according to a decryption algorithm formula 2; comparing the second decryption result with the verification request value sent to the interaction body 2, if the second decryption result is the same as the verification request value, considering that the verification is successful, and sending the result of the successful verification to a third party, otherwise, failing; the encryption algorithm formula 2 and the decryption algorithm formula 2 combine binding identification values stored in the binding process of the interaction body in the design process, and if the binding fails, the interaction channel verification also fails;
in the process of binding the interaction main body and checking the interaction channel, carrying out data interaction response, wherein the data of the interaction response consists of a CAN ID (controller area network) and a data identifier and a data identification value, the CAN ID is a node number of CAN bus data, the data identifier in a message is used for judging the purpose of the data interaction response, and the data identification value is used for storing the data of the specific interaction response; in the CAN bus data interaction response process, firstly, embedding an algorithm in an interaction main body 1 and an interaction main body 2, then transmitting a random number data1 to the interaction main body 2 by the interaction main body 1 through a CAN ID1, after the interaction main body 2 receives a response, transmitting a numerical value data2 encrypted by the data1 to the interaction main body 1 through the CAN ID2 according to an encryption algorithm formula 1 or an encryption algorithm formula 2, and comparing the data2 with original data1 after the interaction main body 1 decrypts according to a decryption algorithm formula 1 or a decryption algorithm formula 2, wherein if the numerical value data is the same, the interaction main body 1 represents successful interaction response, otherwise, the interaction main body represents failure;
After the interactive body binding and the interactive channel verification are successful, the system side can work normally, and the rest data can be sent and received normally.
Further, the method further comprises the following steps: after the verification fails, judging whether the two interactive main bodies are bound or not, and if not, re-binding.
In a third aspect, the present invention provides a dynamic encryption device for a crane CAN bus data interaction response, applied to an interaction body 1, including:
a first interaction body binding unit comprising:
the binding instruction receiving and binding identifier value sending module is used for receiving a binding instruction issued by a third party and sending the binding identifier and the binding identifier value to the interaction body 2, wherein the binding identifier value is a random number; after receiving the binding identifier and the binding identifier value, the interaction body 2 obtains a first encryption result according to an encryption algorithm formula 1, and returns the first encryption result to the interaction body 1; the third party comprises a remote monitoring platform or a display, and the binding identification value can also follow the updating every time the third party updates an instruction;
the first encryption result receiving module is used for receiving a first encryption result and obtaining a first decryption result according to a decryption algorithm formula 1;
The first comparison module is used for comparing the first decryption result with the binding identification value sent to the interaction body 2, if the binding identification value is the same, the binding identification value is considered to be successful, the binding identification value is used as a secret key to be stored in the interaction body 1 and the interaction body 2, and meanwhile, the result of successful binding is informed to a third party, otherwise, the binding is failed;
the two parties of the first interactive main body must first perform an interactive main body binding step, and after successful binding, the operation is not repeated until the two parties of the interactive main body are replaced again;
a first interactive channel verification unit comprising:
the system comprises a verification identifier and verification request value sending module, a verification request value sending module and a verification request module, wherein the verification identifier and the verification request value sending module is used for sending the verification identifier and the verification request value to the interaction main body 2, the verification request value is a random number, and after the system is powered on each time, the interaction main body 1 and the interaction main body 2 can perform dynamic data verification once; after receiving the verification identifier and the verification request value, the interaction body 2 obtains a second encryption result according to the encryption algorithm formula 2, and feeds back the second encryption result to the interaction body 1;
the second encryption result receiving module is used for receiving a second encryption result and obtaining a second decryption result according to a decryption algorithm formula 2;
The second comparing module is used for comparing the second decryption result with the verification request value sent to the interaction body 2, if the second decryption result is the same as the verification request value, the verification is considered to be successful, and meanwhile, the result of the successful verification is sent to a third party, otherwise, the verification is failed;
the encryption algorithm formula 2 and the decryption algorithm formula 2 combine binding identification values stored in the binding process of the interaction body in the design process, and if the binding fails, the interaction channel verification also fails;
the data interaction response unit is used for carrying out data interaction response in the binding process of the interaction main body and the checking process of the interaction channel, the data of the interaction response consists of a CAN ID and a data identifier and a data identification value, the CAN ID is a node number of CAN bus data, the data identifier in the message is used for judging the purpose of the data interaction response, and the data identification value is used for storing the data of the specific interaction response; in the CAN bus data interaction response process, firstly, embedding an algorithm in an interaction main body 1 and an interaction main body 2, then transmitting a random number data1 to the interaction main body 2 by the interaction main body 1 through a CAN ID1, after the interaction main body 2 receives a response, transmitting a numerical value data2 encrypted by the data1 to the interaction main body 1 through the CAN ID2 according to an encryption algorithm formula 1 or an encryption algorithm formula 2, and comparing the data2 with original data1 after the interaction main body 1 decrypts according to a decryption algorithm formula 1 or a decryption algorithm formula 2, wherein if the numerical value data is the same, the interaction main body 1 represents successful interaction response, otherwise, the interaction main body represents failure;
After the interactive main body binding and the interactive channel verification are successful, the system side can work normally, and the rest data can be sent and received normally.
Further, the method further comprises the following steps: and the judging module is used for judging whether the two interactive main bodies are bound or not after the verification fails, and if not, re-binding is carried out.
In a fourth aspect, the present invention provides a dynamic encryption device for a crane CAN bus data interaction response, applied to an interaction body 2, including:
a second interactive body binding unit comprising:
the first encryption result acquisition module is used for acquiring a first encryption result according to an encryption algorithm formula 1 after receiving a binding identifier and a binding identification value sent by the interaction main body 1, wherein the interaction main body 1 is used for receiving a binding instruction issued by a third party and sending the binding identifier and the binding identification value to the interaction main body 2, and the binding identification value is a random number;
a first encryption result sending module, configured to send the first encryption result to the interaction body 1; the interaction body 1 is used for receiving a first encryption result and obtaining a first decryption result according to a decryption algorithm formula 1; comparing the first decryption result with the binding identification value sent to the interaction body 2, if the first decryption result is the same as the binding identification value, considering that the binding is successful, and informing a third party of the successful binding result, otherwise, failing; the third party comprises a remote monitoring platform or a display, and the binding identification value can also follow the updating every time the third party updates an instruction; the two parties of the first interactive main body must first perform an interactive main body binding step, and after successful binding, the operation is not repeated until the two parties of the interactive main body are replaced again;
A second interactive channel verification unit comprising:
the second encryption result obtaining module is used for obtaining a second encryption result according to an encryption algorithm formula 2 after receiving the verification identifier and the verification request value sent by the interaction body 1, wherein the interaction body 1 is used for sending the verification identifier and the verification request value to the interaction body 2, and the verification request value is a random number; after the system is electrified each time, the interaction main body 1 and the interaction main body 2 perform dynamic data verification once;
the second encryption result sending module is used for sending the second encryption result to the interaction body 1; the interaction body 1 is used for receiving a second encryption result and obtaining a second decryption result according to a decryption algorithm formula 2; comparing the second decryption result with the verification request value sent to the interaction body 2, if the second decryption result is the same as the verification request value, considering that the verification is successful, and sending the result of the successful verification to a third party, otherwise, failing; the encryption algorithm formula 2 and the decryption algorithm formula 2 combine binding identification values stored in the binding process of the interaction body in the design process, and if the binding fails, the interaction channel verification also fails;
the data interaction response unit is used for carrying out data interaction response in the binding process of the interaction main body and the checking process of the interaction channel, the data of the interaction response consists of a CAN ID and a data identifier and a data identification value, the CAN ID is a node number of CAN bus data, the data identifier in the message is used for judging the purpose of the data interaction response, and the data identification value is used for storing the data of the specific interaction response; in the CAN bus data interaction response process, firstly, embedding an algorithm in an interaction main body 1 and an interaction main body 2, then transmitting a random number data1 to the interaction main body 2 by the interaction main body 1 through a CAN ID1, after the interaction main body 2 receives a response, transmitting a numerical value data2 encrypted by the data1 to the interaction main body 1 through the CAN ID2 according to an encryption algorithm formula 1 or an encryption algorithm formula 2, and comparing the data2 with original data1 after the interaction main body 1 decrypts according to a decryption algorithm formula 1 or a decryption algorithm formula 2, wherein if the numerical value data is the same, the interaction main body 1 represents successful interaction response, otherwise, the interaction main body represents failure; after the interactive main body binding and the interactive channel verification are successful, the system side can work normally, and the rest data can be sent and received normally.
Further, the method further comprises the following steps: and the judging module is used for judging whether the two interactive main bodies are bound or not after the verification fails, and if not, re-binding is carried out.
In a fifth aspect, the invention provides a dynamic encryption device for CAN bus data interaction response of a crane, which comprises a processor and a storage medium;
the storage medium is used for storing instructions;
the processor is operative according to the instructions to perform the steps of the method according to any one of the preceding claims.
In a sixth aspect, the present invention provides a computer readable storage medium having stored thereon a computer program which when executed by a processor performs the steps of any of the methods described in the preceding claims.
Compared with the prior art, the invention has the beneficial effects that:
(1) Dynamic encryption: dynamic links are established between different interaction subjects through dynamic binding, and the identities of the different subjects are identified based on dynamic data verification, so that any one of the two interaction subjects is prevented from being detached and replaced;
(2) Channel multiplexing: by distinguishing the identifiers, channel multiplexing is realized under the condition that only one group of CAN IDs is added, so that data interaction response is effectively completed, and the CAN bus load is not influenced;
(3) The cost is not increased: the product reliability and the data security are further improved on the basis of not increasing the cost by a pure software encryption upgrading method.
Drawings
FIG. 1 is a schematic diagram of a control system provided in the background of the invention;
FIG. 2 is a schematic diagram of a static-based data interaction response mechanism provided in the background of the invention;
FIG. 3 is a schematic flow chart of a control algorithm according to an embodiment of the present invention;
FIG. 4 is a schematic diagram of an interactive response data structure according to an embodiment of the present invention;
fig. 5 is a flowchart of a method for providing a dynamic-based data interaction response mechanism according to an embodiment of the present invention.
Detailed Description
The invention is further described below with reference to the accompanying drawings. The following examples are only for more clearly illustrating the technical aspects of the present invention, and are not intended to limit the scope of the present invention.
Example 1
The embodiment introduces a dynamic encryption method for CAN bus data interaction response of a crane, which is applied to an interaction main body 1 and comprises the following steps:
an interactive body binding step comprising: receiving a binding instruction issued by a third party, and sending a binding identifier and a binding identifier value to the interaction body 2, wherein the binding identifier value is a random number; after receiving the binding identifier and the binding identifier value, the interaction body 2 obtains a first encryption result according to an encryption algorithm formula 1, and returns the first encryption result to the interaction body 1;
Receiving a first encryption result, and obtaining a first decryption result according to a decryption algorithm formula 1;
comparing the first decryption result with the binding identification value sent to the interaction body 2, if the first decryption result is the same as the binding identification value, considering that the binding is successful, and informing a third party of the successful binding result, otherwise, failing;
an interactive channel verification step, comprising: after the system is electrified each time, the interaction main body 1 and the interaction main body 2 perform dynamic data verification once, and a verification identifier and a verification request value are sent to the interaction main body 2, wherein the verification request value is a random number, and the interaction main body 2 acquires a second encryption result according to an encryption algorithm formula 2 after receiving the verification identifier and the verification request value and feeds back the second encryption result to the interaction main body 1;
receiving a second encryption result, and obtaining a second decryption result according to a decryption algorithm formula 2;
and comparing the second decryption result with the verification request value sent to the interaction body 2, if the second decryption result is the same as the verification request value, considering that the verification is successful, and sending the result of the successful verification to a third party, otherwise, failing.
After the verification fails, judging whether the two interactive main bodies are bound or not, and if not, re-binding.
The matters devised in the above embodiments are explained below in connection with a preferred embodiment.
According to the embodiment, a dynamic password control algorithm is developed through a software development function, dynamic links are established among different interaction subjects, data algorithm verification is completed, self-matching among the interaction subjects is achieved, the safety of products and data is improved, and the interaction subjects can correspond to any one piece of hardware in a crane control system.
The control algorithm flow specifically comprises interaction body binding, interaction channel verification and data transmission, as shown in fig. 3. The interactive main body binding is to build association relations among main bodies of different interactions, only the interactive main bodies are started for the first time, the interactive channel checking is to check data among the main bodies of different interactions, and the system is judged after being electrified every time. After the system after successful binding of the interaction main body is initialized after power-on, firstly checking an interaction channel, after the checking is successful, indicating that the identification of the two interaction main body sides is successful, enabling the system to work normally, enabling other data to be transmitted in a normal interaction mode, if the checking is failed, indicating that the identification of the two interaction main body sides is failed, enabling the system to work abnormally, judging whether the two interaction main body sides are bound or not, if the two interaction main body sides are not bound, re-binding is needed, and if the two interaction main body sides are bound, the information interaction channel cannot pass through the checking, indicating that the interaction main body is replaced or removed.
In both the interactive body binding and interactive channel verification processes, data interactive responses are required. The data of the interactive response is composed of the CAN ID and the data identifier and the data identification value, see fig. 4. The CAN ID is a node number of CAN bus data, a data identifier in the message is used for judging the use of the data interaction response, and the data identifier value is used for storing the data of the specific interaction response. The node multiplexing can be realized by adding the data identifier, so that newly added nodes are reduced, and the bus load rate is reduced. As shown in fig. 5, in the CAN bus data interaction response process, an algorithm is pre-embedded in the interaction main body 1 and the interaction main body 2, then the interaction main body 1 sends a random number data1 to the interaction main body 2 through the CAN ID1, after receiving a response, the interaction main body 2 sends a numerical value data2 encrypted by the data1 to the interaction main body 1 through the CAN ID2 according to an encryption algorithm formula 1 or an encryption algorithm formula 2, the interaction main body 1 decrypts the data2 according to a decryption algorithm formula 1 or a decryption algorithm formula 2 and then compares the data2 with the original data1, if the data is the same, the interaction response is successful, otherwise, the interaction main body represents failure. It can be seen that data1 and data2 are dynamically changed all the time in each interactive response process, and multiple functions, such as interactive body binding or interactive channel verification, can be realized by using the same group of nodes through the data identifiers in data.
Interactive body binding process: the encryption algorithm formula 1 and the decryption algorithm formula 1 are pre-embedded in the interaction body 1 and the interaction body 2 in advance. The two parties of the first interactive main body must first perform the binding operation of the interactive main body, and the binding operation is not repeated after successful, unless the two parties of the interactive main body are replaced again. Typically, a binding instruction is sent to the interaction entity 1 through a third party, such as a remote monitoring platform or a display, and after the interaction entity 1 receives the binding instruction, a binding identifier and a binding identification value are sent to the interaction entity 2, wherein the binding identification value is a random number, different systems are different, and each time the third party updates the instruction, the binding identification value also follows the update. After receiving the binding identifier and binding identification value given by the interaction entity 1, the interaction entity 2 encrypts the binding identifier and binding identification value according to the encryption algorithm formula 1 and returns the binding identifier and binding identification value to the interaction entity 1, the interaction entity 1 compares the decryption result with the binding identification value sent to the interaction entity 2 according to the decryption algorithm formula 1, if the decryption result and the binding identification value are the same, the binding identification value is considered to be successful, the value is stored as a secret key in the interaction entity 1 and the interaction entity 2, and meanwhile, the successful binding result is informed to a third party, otherwise, the binding is failed. It can be seen that the key is updated once every time a binding operation is performed and is dynamically stored each time.
Interactive channel checking process: the encryption algorithm formula 2 and the decryption algorithm formula 2 are pre-embedded in the interaction body 1 and the interaction body 2 in advance. After the system is powered on each time, the interaction body 1 and the interaction body 2 can perform dynamic data verification once. The interaction partner 1 actively transmits a check identifier and a check request value, which is a random number, and the power-up process is different every time. After receiving the verification identifier and the verification request value given by the interaction body 1, the interaction body 2 feeds back the encrypted result to the interaction body 1 according to the encryption algorithm formula 2, the interaction body 1 also obtains a decryption result according to the decryption algorithm formula 2 and compares the decryption result with the verification request value sent to the interaction body 2, if the decryption result and the verification request value are the same, the verification is considered to be successful, and meanwhile, the result of successful verification is sent to a third party, otherwise, the verification is failed. In the interactive channel verification process, the encryption algorithm formula 2 and the decryption algorithm formula 2 are combined with the binding identification value, namely the key, stored in the interactive body binding process in the design process, and if the binding fails, the interactive channel verification also fails.
The data transmission process comprises the following steps: after the interactive body binding and the interactive channel verification are successful, the system side can work normally, and the rest data can be sent and received normally.
Through the workflow of interaction body binding-interaction channel verification-data transmission, the communication secret key of each system is effectively guaranteed to be different, the numerical value is dynamically changed all the time, when any one of the two interaction body sides is disassembled and replaced, the secret key is not matched, so that the two interaction body sides fail to identify, the unique binding among the interaction body sides is realized through the actions, the disassembly and the replacement of the interaction body are effectively stopped, and the effective management and control of products are realized.
The beneficial effects achieved by the embodiment are that:
(1) Dynamic encryption: dynamic links are established between different interaction subjects through dynamic binding, and the identities of the different subjects are identified based on dynamic data verification, so that any one of the two interaction subjects is prevented from being detached and replaced;
(2) Channel multiplexing: by distinguishing the identifiers, channel multiplexing is realized under the condition that only one group of CAN IDs is added, so that data interaction response is effectively completed, and the CAN bus load is not influenced;
(3) The cost is not increased: the product reliability and the data security are further improved on the basis of not increasing the cost by a pure software encryption upgrading method.
Example 2
The embodiment provides a dynamic encryption method for CAN bus data interaction response of a crane, which is applied to an interaction main body 2 and comprises the following steps:
An interactive body binding step comprising: after receiving the binding identifier and the binding identification value sent by the interaction body 1, acquiring a first encryption result according to an encryption algorithm formula 1, wherein the interaction body 1 is used for receiving a binding instruction issued by a third party and sending the binding identifier and the binding identification value to the interaction body 2, and the binding identification value is a random number;
transmitting the first encryption result to the interaction body 1; the interaction body 1 is used for receiving a first encryption result and obtaining a first decryption result according to a decryption algorithm formula 1; comparing the first decryption result with the binding identification value sent to the interaction body 2, if the first decryption result is the same as the binding identification value, considering that the binding is successful, and informing a third party of the successful binding result, otherwise, failing;
an interactive channel verification step, comprising: after receiving the verification identifier and the verification request value sent by the interaction body 1, obtaining a second encryption result according to an encryption algorithm formula 2, wherein the interaction body 1 is used for sending the verification identifier and the verification request value to the interaction body 2, and the verification request value is a random number;
sending the second encryption result to the interaction body 1; the interaction body 1 is used for receiving a second encryption result and obtaining a second decryption result according to a decryption algorithm formula 2; and comparing the second decryption result with the verification request value sent to the interaction body 2, if the second decryption result is the same as the verification request value, considering that the verification is successful, and sending the result of successful verification to a third party, otherwise, failing.
After the verification fails, judging whether the two interactive main bodies are bound or not, and if not, re-binding.
Example 3
The embodiment provides a dynamic encryption device for crane CAN bus data interaction response, which is applied to an interaction main body 1 and comprises:
a first interaction body binding unit comprising:
the binding instruction receiving and binding identifier value sending module is used for receiving a binding instruction issued by a third party and sending the binding identifier and the binding identifier value to the interaction body 2, wherein the binding identifier value is a random number; after receiving the binding identifier and the binding identifier value, the interaction body 2 obtains a first encryption result according to an encryption algorithm formula 1, and returns the first encryption result to the interaction body 1;
the first encryption result receiving module is used for receiving a first encryption result and obtaining a first decryption result according to a decryption algorithm formula 1;
the first comparison module is used for comparing the first decryption result with the binding identification value sent to the interaction body 2, if the first decryption result is the same as the binding identification value, the binding is considered to be successful, and meanwhile, the result of successful binding is notified to a third party, otherwise, the binding fails;
a first interactive channel verification unit comprising:
The verification identifier and verification request value sending module is used for sending the verification identifier and the verification request value to the interaction body 2, wherein the verification request value is a random number, and the interaction body 2 obtains a second encryption result according to the encryption algorithm formula 2 and feeds the second encryption result back to the interaction body 1 after receiving the verification identifier and the verification request value;
the second encryption result receiving module is used for receiving a second encryption result and obtaining a second decryption result according to a decryption algorithm formula 2;
and the second comparison module is used for comparing the second decryption result with the verification request value sent to the interaction body 2, if the second decryption result is the same as the verification request value, the verification is considered to be successful, and meanwhile, the result of the successful verification is sent to a third party, otherwise, the verification is failed.
And the judging module is used for judging whether the two interactive main bodies are bound or not after the verification fails, and if not, re-binding is carried out.
Example 4
The embodiment provides a dynamic encryption device for crane CAN bus data interaction response, which is applied to an interaction main body 2 and comprises:
a second interactive body binding unit comprising:
the first encryption result acquisition module is used for acquiring a first encryption result according to an encryption algorithm formula 1 after receiving a binding identifier and a binding identification value sent by the interaction main body 1, wherein the interaction main body 1 is used for receiving a binding instruction issued by a third party and sending the binding identifier and the binding identification value to the interaction main body 2, and the binding identification value is a random number;
A first encryption result sending module, configured to send the first encryption result to the interaction body 1; the interaction body 1 is used for receiving a first encryption result and obtaining a first decryption result according to a decryption algorithm formula 1; comparing the first decryption result with the binding identification value sent to the interaction body 2, if the first decryption result is the same as the binding identification value, considering that the binding is successful, and informing a third party of the successful binding result, otherwise, failing;
a second interactive channel verification unit comprising:
the second encryption result obtaining module is used for obtaining a second encryption result according to an encryption algorithm formula 2 after receiving the verification identifier and the verification request value sent by the interaction body 1, wherein the interaction body 1 is used for sending the verification identifier and the verification request value to the interaction body 2, and the verification request value is a random number;
the second encryption result sending module is used for sending the second encryption result to the interaction body 1; the interaction body 1 is used for receiving a second encryption result and obtaining a second decryption result according to a decryption algorithm formula 2; and comparing the second decryption result with the verification request value sent to the interaction body 2, if the second decryption result is the same as the verification request value, considering that the verification is successful, and sending the result of successful verification to a third party, otherwise, failing.
And the judging module is used for judging whether the two interactive main bodies are bound or not after the verification fails, and if not, re-binding is carried out.
Example 5
The embodiment provides a dynamic encryption device for CAN bus data interaction response of a crane, which comprises a processor and a storage medium;
the storage medium is used for storing instructions;
the processor is operative according to the instructions to perform the steps of the method according to any one of embodiments 1 or 2.
Example 6
The present embodiment provides a computer-readable storage medium having stored thereon a computer program which, when executed by a processor, implements the steps of the method of any one of embodiment 1 or embodiment 2.
The foregoing is merely a preferred embodiment of the present invention, and it should be noted that modifications and variations could be made by those skilled in the art without departing from the technical principles of the present invention, and such modifications and variations should also be regarded as being within the scope of the invention.
Claims (10)
1. The dynamic encryption method for the CAN bus data interaction response of the crane is characterized by being applied to an interaction main body 1 and comprising the following steps of:
an interactive body binding step comprising: receiving a binding instruction issued by a third party, and sending a binding identifier and a binding identifier value to the interaction body 2, wherein the binding identifier value is a random number; after receiving the binding identifier and the binding identifier value, the interaction body 2 obtains a first encryption result according to an encryption algorithm formula 1, and returns the first encryption result to the interaction body 1; the third party comprises a remote monitoring platform or a display, and the binding identification value can also follow the updating every time the third party updates an instruction;
Receiving a first encryption result, and obtaining a first decryption result according to a decryption algorithm formula 1;
comparing the first decryption result with a binding identification value sent to the interaction body 2, if the first decryption result is the same as the binding identification value, the binding identification value is considered to be successful, the binding identification value is stored as a secret key in the interaction body 1 and the interaction body 2, and meanwhile, the successful binding result is informed to a third party, otherwise, the binding is failed;
the two parties of the first interactive main body must first perform an interactive main body binding step, and after successful binding, the operation is not repeated until the two parties of the interactive main body are replaced again;
an interactive channel verification step, comprising: after the system is electrified each time, the interaction main body 1 and the interaction main body 2 perform dynamic data verification once, and a verification identifier and a verification request value are sent to the interaction main body 2, wherein the verification request value is a random number, and the interaction main body 2 acquires a second encryption result according to an encryption algorithm formula 2 after receiving the verification identifier and the verification request value and feeds back the second encryption result to the interaction main body 1;
receiving a second encryption result, and obtaining a second decryption result according to a decryption algorithm formula 2;
comparing the second decryption result with the verification request value sent to the interaction body 2, if the second decryption result is the same as the verification request value, considering that the verification is successful, and sending the result of the successful verification to a third party, otherwise, failing;
The encryption algorithm formula 2 and the decryption algorithm formula 2 combine binding identification values stored in the binding process of the interaction body in the design process, and if the binding fails, the interaction channel verification also fails;
in the process of binding the interaction main body and checking the interaction channel, carrying out data interaction response, wherein the data of the interaction response consists of a CAN ID (controller area network) and a data identifier and a data identification value, the CAN ID is a node number of CAN bus data, the data identifier in a message is used for judging the purpose of the data interaction response, and the data identification value is used for storing the data of the specific interaction response; in the CAN bus data interaction response process, firstly, embedding an algorithm in an interaction main body 1 and an interaction main body 2, then transmitting a random number data1 to the interaction main body 2 by the interaction main body 1 through a CAN ID1, after the interaction main body 2 receives a response, transmitting a numerical value data2 encrypted by the data1 to the interaction main body 1 through the CAN ID2 according to an encryption algorithm formula 1 or an encryption algorithm formula 2, and comparing the data2 with original data1 after the interaction main body 1 decrypts according to a decryption algorithm formula 1 or a decryption algorithm formula 2, wherein if the numerical value data is the same, the interaction main body 1 represents successful interaction response, otherwise, the interaction main body represents failure;
after the interactive body binding and the interactive channel verification are successful, the system side can work normally, and the rest data can be sent and received normally.
2. The dynamic encryption method of crane CAN bus data interaction response of claim 1, further comprising: after the verification fails, judging whether the two interactive main bodies are bound or not, and if not, re-binding.
3. The dynamic encryption method for the CAN bus data interaction response of the crane is characterized by being applied to an interaction main body 2 and comprising the following steps of:
an interactive body binding step comprising: after receiving the binding identifier and the binding identification value sent by the interaction body 1, acquiring a first encryption result according to an encryption algorithm formula 1, wherein the interaction body 1 is used for receiving a binding instruction issued by a third party and sending the binding identifier and the binding identification value to the interaction body 2, and the binding identification value is a random number;
transmitting the first encryption result to the interaction body 1; the interaction body 1 is used for receiving a first encryption result and obtaining a first decryption result according to a decryption algorithm formula 1; comparing the first decryption result with a binding identification value sent to the interaction body 2, if the first decryption result is the same as the binding identification value, storing the binding identification value as a secret key in the interaction body 1 and the interaction body 2, and informing a third party of the successful binding result, otherwise, failing; the third party comprises a remote monitoring platform or a display, and the binding identification value can also follow the updating every time the third party updates an instruction; the two parties of the first interactive main body must first perform an interactive main body binding step, and after successful binding, the operation is not repeated until the two parties of the interactive main body are replaced again;
An interactive channel verification step, comprising: after receiving the verification identifier and the verification request value sent by the interaction body 1, obtaining a second encryption result according to an encryption algorithm formula 2, wherein the interaction body 1 is used for sending the verification identifier and the verification request value to the interaction body 2, and the verification request value is a random number; after the system is electrified each time, the interaction main body 1 and the interaction main body 2 perform dynamic data verification once;
sending the second encryption result to the interaction body 1; the interaction body 1 is used for receiving a second encryption result and obtaining a second decryption result according to a decryption algorithm formula 2; comparing the second decryption result with the verification request value sent to the interaction body 2, if the second decryption result is the same as the verification request value, considering that the verification is successful, and sending the result of the successful verification to a third party, otherwise, failing; the encryption algorithm formula 2 and the decryption algorithm formula 2 combine binding identification values stored in the binding process of the interaction body in the design process, and if the binding fails, the interaction channel verification also fails;
in the process of binding the interaction main body and checking the interaction channel, carrying out data interaction response, wherein the data of the interaction response consists of a CAN ID (controller area network) and a data identifier and a data identification value, the CAN ID is a node number of CAN bus data, the data identifier in a message is used for judging the purpose of the data interaction response, and the data identification value is used for storing the data of the specific interaction response; in the CAN bus data interaction response process, firstly, embedding an algorithm in an interaction main body 1 and an interaction main body 2, then transmitting a random number data1 to the interaction main body 2 by the interaction main body 1 through a CAN ID1, after the interaction main body 2 receives a response, transmitting a numerical value data2 encrypted by the data1 to the interaction main body 1 through the CAN ID2 according to an encryption algorithm formula 1 or an encryption algorithm formula 2, and comparing the data2 with original data1 after the interaction main body 1 decrypts according to a decryption algorithm formula 1 or a decryption algorithm formula 2, wherein if the numerical value data is the same, the interaction main body 1 represents successful interaction response, otherwise, the interaction main body represents failure;
After the interactive body binding and the interactive channel verification are successful, the system side can work normally, and the rest data can be sent and received normally.
4. The dynamic encryption method of crane CAN bus data interaction response of claim 3, further comprising: after the verification fails, judging whether the two interactive main bodies are bound or not, and if not, re-binding.
5. The dynamic encryption device for CAN bus data interaction response of the crane is characterized by being applied to an interaction main body 1 and comprising:
a first interaction body binding unit comprising:
the binding instruction receiving and binding identifier value sending module is used for receiving a binding instruction issued by a third party and sending the binding identifier and the binding identifier value to the interaction body 2, wherein the binding identifier value is a random number; after receiving the binding identifier and the binding identifier value, the interaction body 2 obtains a first encryption result according to an encryption algorithm formula 1, and returns the first encryption result to the interaction body 1; the third party comprises a remote monitoring platform or a display, and the binding identification value can also follow the updating every time the third party updates an instruction;
The first encryption result receiving module is used for receiving a first encryption result and obtaining a first decryption result according to a decryption algorithm formula 1;
the first comparison module is used for comparing the first decryption result with the binding identification value sent to the interaction body 2, if the binding identification value is the same, the binding identification value is considered to be successful, the binding identification value is used as a secret key to be stored in the interaction body 1 and the interaction body 2, and meanwhile, the result of successful binding is informed to a third party, otherwise, the binding is failed;
the two parties of the first interactive main body must first perform an interactive main body binding step, and after successful binding, the operation is not repeated until the two parties of the interactive main body are replaced again;
a first interactive channel verification unit comprising:
the system comprises a verification identifier and verification request value sending module, a verification request value sending module and a verification request module, wherein the verification identifier and the verification request value sending module is used for sending the verification identifier and the verification request value to the interaction main body 2, the verification request value is a random number, and after the system is powered on each time, the interaction main body 1 and the interaction main body 2 can perform dynamic data verification once; after receiving the verification identifier and the verification request value, the interaction body 2 obtains a second encryption result according to the encryption algorithm formula 2, and feeds back the second encryption result to the interaction body 1;
The second encryption result receiving module is used for receiving a second encryption result and obtaining a second decryption result according to a decryption algorithm formula 2;
the second comparing module is used for comparing the second decryption result with the verification request value sent to the interaction body 2, if the second decryption result is the same as the verification request value, the verification is considered to be successful, and meanwhile, the result of the successful verification is sent to a third party, otherwise, the verification is failed;
the encryption algorithm formula 2 and the decryption algorithm formula 2 combine binding identification values stored in the binding process of the interaction body in the design process, and if the binding fails, the interaction channel verification also fails;
the data interaction response unit is used for carrying out data interaction response in the binding process of the interaction main body and the checking process of the interaction channel, the data of the interaction response consists of a CAN ID and a data identifier and a data identification value, the CAN ID is a node number of CAN bus data, the data identifier in the message is used for judging the purpose of the data interaction response, and the data identification value is used for storing the data of the specific interaction response; in the CAN bus data interaction response process, firstly, embedding algorithms in an interaction main body 1 and an interaction main body 2, then, transmitting a random number data1 to the interaction main body 2 by the interaction main body 1 through a CANID1, after the interaction main body 2 receives a response, transmitting a numerical value data2 encrypted by the data1 to the interaction main body 1 through a CAN ID2 according to an encryption algorithm formula 1 or an encryption algorithm formula 2, and comparing the data2 with original data1 after the interaction main body 1 decrypts according to a decryption algorithm formula 1 or a decryption algorithm formula 2, wherein if the data is the same, the interaction response is successful, otherwise, the interaction main body 1 fails;
After the interactive main body binding and the interactive channel verification are successful, the system side can work normally, and the rest data can be sent and received normally.
6. The dynamic encryption device for crane CAN bus data interaction response of claim 5, further comprising: and the judging module is used for judging whether the two interactive main bodies are bound or not after the verification fails, and if not, re-binding is carried out.
7. The dynamic encryption device for CAN bus data interaction response of the crane is characterized by being applied to an interaction main body 2 and comprising:
a second interactive body binding unit comprising:
the first encryption result acquisition module is used for acquiring a first encryption result according to an encryption algorithm formula 1 after receiving a binding identifier and a binding identification value sent by the interaction main body 1, wherein the interaction main body 1 is used for receiving a binding instruction issued by a third party and sending the binding identifier and the binding identification value to the interaction main body 2, and the binding identification value is a random number;
a first encryption result sending module, configured to send the first encryption result to the interaction body 1; the interaction body 1 is used for receiving a first encryption result and obtaining a first decryption result according to a decryption algorithm formula 1; comparing the first decryption result with the binding identification value sent to the interaction body 2, if the first decryption result is the same as the binding identification value, considering that the binding is successful, and informing a third party of the successful binding result, otherwise, failing; the third party comprises a remote monitoring platform or a display, and the binding identification value can also follow the updating every time the third party updates an instruction; the two parties of the first interactive main body must first perform an interactive main body binding step, and after successful binding, the operation is not repeated until the two parties of the interactive main body are replaced again;
A second interactive channel verification unit comprising:
the second encryption result obtaining module is used for obtaining a second encryption result according to an encryption algorithm formula 2 after receiving the verification identifier and the verification request value sent by the interaction body 1, wherein the interaction body 1 is used for sending the verification identifier and the verification request value to the interaction body 2, and the verification request value is a random number; after the system is electrified each time, the interaction main body 1 and the interaction main body 2 perform dynamic data verification once;
the second encryption result sending module is used for sending the second encryption result to the interaction body 1; the interaction body 1 is used for receiving a second encryption result and obtaining a second decryption result according to a decryption algorithm formula 2; comparing the second decryption result with the verification request value sent to the interaction body 2, if the second decryption result is the same as the verification request value, considering that the verification is successful, and sending the result of the successful verification to a third party, otherwise, failing; the encryption algorithm formula 2 and the decryption algorithm formula 2 combine binding identification values stored in the binding process of the interaction body in the design process, and if the binding fails, the interaction channel verification also fails;
the data interaction response unit is used for carrying out data interaction response in the binding process of the interaction main body and the checking process of the interaction channel, the data of the interaction response consists of a CAN ID and a data identifier and a data identification value, the CAN ID is a node number of CAN bus data, the data identifier in the message is used for judging the purpose of the data interaction response, and the data identification value is used for storing the data of the specific interaction response; in the CAN bus data interaction response process, firstly, embedding an algorithm in an interaction main body 1 and an interaction main body 2, then transmitting a random number data1 to the interaction main body 2 by the interaction main body 1 through a CAN ID1, after the interaction main body 2 receives a response, transmitting a numerical value data2 encrypted by the data1 to the interaction main body 1 through the CAN ID2 according to an encryption algorithm formula 1 or an encryption algorithm formula 2, and comparing the data2 with original data1 after the interaction main body 1 decrypts according to a decryption algorithm formula 1 or a decryption algorithm formula 2, wherein if the numerical value data is the same, the interaction main body 1 represents successful interaction response, otherwise, the interaction main body represents failure; after the interactive main body binding and the interactive channel verification are successful, the system side can work normally, and the rest data can be sent and received normally.
8. The dynamic encryption device for crane CAN bus data interaction response of claim 7, further comprising: and the judging module is used for judging whether the two interactive main bodies are bound or not after the verification fails, and if not, re-binding is carried out.
9. A dynamic encryption device for CAN bus data interaction response of a crane is characterized in that: comprises a processor and a storage medium;
the storage medium is used for storing instructions;
the processor being operative according to the instructions to perform the steps of the method as claimed in any one of claims 1-2 or 3-4.
10. A computer-readable storage medium having stored thereon a computer program, characterized by: the program when executed by a processor performs the steps of the method of any one of claims 1-2 or 3-4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210312258.XA CN114697105B (en) | 2022-03-28 | 2022-03-28 | Dynamic encryption method and device for CAN bus data interaction response of crane |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210312258.XA CN114697105B (en) | 2022-03-28 | 2022-03-28 | Dynamic encryption method and device for CAN bus data interaction response of crane |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114697105A CN114697105A (en) | 2022-07-01 |
| CN114697105B true CN114697105B (en) | 2024-03-22 |
Family
ID=82140205
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210312258.XA Active CN114697105B (en) | 2022-03-28 | 2022-03-28 | Dynamic encryption method and device for CAN bus data interaction response of crane |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114697105B (en) |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102624525A (en) * | 2011-11-18 | 2012-08-01 | 广西柳工机械股份有限公司 | Electronic identity recognition method for engineering machinery and device |
| WO2015024426A1 (en) * | 2013-08-19 | 2015-02-26 | 深圳光启创新技术有限公司 | Identity authentication system, apparatus, and method, and identity authentication request apparatus |
| CN106899404A (en) * | 2017-02-15 | 2017-06-27 | 同济大学 | Vehicle-mounted CAN FD bus communication systems and method based on wildcard |
| CN107844092A (en) * | 2017-11-28 | 2018-03-27 | 东风商用车有限公司 | One kind pin borrows vehicle remote management control system and its control method |
| CN109035519A (en) * | 2018-07-26 | 2018-12-18 | 杭州晟元数据安全技术股份有限公司 | A kind of biometric devices and method |
| CN109815713A (en) * | 2018-12-27 | 2019-05-28 | 郑州新大方重工科技有限公司 | A kind of encryption method based on electric system of engineering machinery |
| CN110660210A (en) * | 2019-10-12 | 2020-01-07 | 扬州亚星客车股份有限公司 | Data acquisition system and method based on CAN bus and wireless communication |
| CN111147257A (en) * | 2019-12-26 | 2020-05-12 | 核芯互联科技(青岛)有限公司 | Identity authentication and information confidentiality method, monitoring center and remote terminal unit |
| CN112319420A (en) * | 2020-11-04 | 2021-02-05 | 浙江新柴股份有限公司 | Remote vehicle locking control method |
-
2022
- 2022-03-28 CN CN202210312258.XA patent/CN114697105B/en active Active
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102624525A (en) * | 2011-11-18 | 2012-08-01 | 广西柳工机械股份有限公司 | Electronic identity recognition method for engineering machinery and device |
| WO2015024426A1 (en) * | 2013-08-19 | 2015-02-26 | 深圳光启创新技术有限公司 | Identity authentication system, apparatus, and method, and identity authentication request apparatus |
| CN106899404A (en) * | 2017-02-15 | 2017-06-27 | 同济大学 | Vehicle-mounted CAN FD bus communication systems and method based on wildcard |
| CN107844092A (en) * | 2017-11-28 | 2018-03-27 | 东风商用车有限公司 | One kind pin borrows vehicle remote management control system and its control method |
| CN109035519A (en) * | 2018-07-26 | 2018-12-18 | 杭州晟元数据安全技术股份有限公司 | A kind of biometric devices and method |
| CN109815713A (en) * | 2018-12-27 | 2019-05-28 | 郑州新大方重工科技有限公司 | A kind of encryption method based on electric system of engineering machinery |
| CN110660210A (en) * | 2019-10-12 | 2020-01-07 | 扬州亚星客车股份有限公司 | Data acquisition system and method based on CAN bus and wireless communication |
| CN111147257A (en) * | 2019-12-26 | 2020-05-12 | 核芯互联科技(青岛)有限公司 | Identity authentication and information confidentiality method, monitoring center and remote terminal unit |
| CN112319420A (en) * | 2020-11-04 | 2021-02-05 | 浙江新柴股份有限公司 | Remote vehicle locking control method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114697105A (en) | 2022-07-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101901318B (en) | Trusted hardware equipment and using method thereof | |
| JP6585019B2 (en) | Network monitoring device, network system and program | |
| US20180227120A1 (en) | Management device, management system, key generation device, key generation system, key management system, vehicle, management method, key generation method, and computer program | |
| US10673621B2 (en) | Management device, vehicle, management method, and computer program | |
| KR101838511B1 (en) | Method of providing security for controller using encryption and appratus for implementing the same | |
| EP2605175A2 (en) | Method and apparatus for checking field replaceable unit, and communication device | |
| US20120117380A1 (en) | Method for Granting Authorization to Access a Computer-Based Object in an Automation System, Computer Program, and Automation System | |
| CN112055344B (en) | Engineering machinery Bluetooth equipment identity authentication system and method | |
| CN113676320A (en) | Method, device and equipment for determining vehicle ECU key and storage medium | |
| CN102624525B (en) | Electronic identity recognition method for engineering machinery and device | |
| CN109302501B (en) | Industrial control data storage method, device and system based on block chain technology | |
| CN106953725A (en) | For method and system derived from asymmetrical key | |
| CN111488331B (en) | Database connection method and device and computer equipment | |
| CN113570758A (en) | Remote monitoring terminal and vehicle Bluetooth key management method | |
| CN112347428A (en) | Distributed software product off-line authorization method | |
| CN109219950B (en) | Method for exchanging messages between security-relevant devices | |
| CN113497704A (en) | Vehicle-mounted key generation method, vehicle and computer-readable storage medium | |
| CN108769004B (en) | Remote operation safety verification method for industrial internet intelligent equipment | |
| KR101675223B1 (en) | Watchdog, security system and method for watchdog | |
| CN103024599B (en) | Set top box communication method, device and system | |
| CN114697105B (en) | Dynamic encryption method and device for CAN bus data interaction response of crane | |
| CN114157489B (en) | Communication domain controller safety communication method based on periodic authentication handshake mechanism | |
| CN111523128B (en) | Information protection method, system, electronic equipment and medium | |
| CN114785557A (en) | Vehicle symmetric key distribution system, method and storage medium | |
| CN105491118B (en) | A kind of avionics Ethernet data loading system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |