WO2020132978A1 - Encrypted communication method, apparatus and system, and computer storage medium - Google Patents

Encrypted communication method, apparatus and system, and computer storage medium Download PDF

Info

Publication number
WO2020132978A1
WO2020132978A1 PCT/CN2018/124015 CN2018124015W WO2020132978A1 WO 2020132978 A1 WO2020132978 A1 WO 2020132978A1 CN 2018124015 W CN2018124015 W CN 2018124015W WO 2020132978 A1 WO2020132978 A1 WO 2020132978A1
Authority
WO
WIPO (PCT)
Prior art keywords
encrypted
rtk
rtk device
security server
authentication certificate
Prior art date
Application number
PCT/CN2018/124015
Other languages
French (fr)
Chinese (zh)
Inventor
高阳
张海
Original Assignee
深圳市大疆创新科技有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 深圳市大疆创新科技有限公司 filed Critical 深圳市大疆创新科技有限公司
Priority to PCT/CN2018/124015 priority Critical patent/WO2020132978A1/en
Priority to CN201880071010.0A priority patent/CN111406390A/en
Publication of WO2020132978A1 publication Critical patent/WO2020132978A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/168Implementing security features at a particular protocol layer above the transport layer

Definitions

  • the present application belongs to the field of communication, and in particular relates to an encrypted communication method, device, system, and computer-readable storage medium.
  • a real-time dynamic positioning (RealKinemati, RTK) device and a continuously running reference station (Continuously Operating Reference Stations, CORS) establish an encrypted communication chain based on the Secure Socket Layer (SSL) Then, the CORS station can deliver encrypted RTCM (RadioTechnical Commission for Maritime) data to the RTK device, so that the RTK device can use the RTCM data for positioning. So as to ensure the transmission security of the RTCM data.
  • RTCM RadioTechnical Commission for Maritime
  • RTK equipment can be forged to establish a communication connection with a CORS station to steal information such as RTCM data.
  • the purpose of this application is to provide an encrypted communication method to ensure that only real RTK equipment can establish a communication security certification.
  • the present application provides an encrypted communication method, which is applied to a drone's RTK equipment; the encrypted communication method includes:
  • the identifier of the RTK device Acquiring the identifier of the RTK device from the RTK device, the identifier including the serial number SN of the RTK device and/or the ephemeris data of the RTK device;
  • the encrypted information including an authentication certificate encrypted based on the identifier
  • the present application provides an encrypted communication method, which is applied to a drone's RTK equipment; the encrypted communication method includes:
  • the RTK device receives encrypted information generated by a security server, and the encrypted information includes an authentication certificate encrypted based on the identifier of the RTK device, and the identifier includes the serial number SN of the RTK device and/or the RTK device’s Ephemeris data
  • the RTK device uses the ID of the RTK device to generate a key for decrypting the encrypted information
  • the RTK device uses the generated key to decrypt the authentication certificate from the encrypted information
  • the RTK device uses the authentication certificate to establish communication with the security server.
  • the present application provides an encrypted communication method, which is applied to a drone's RTK equipment; the encrypted communication method includes:
  • the security server receives the request carrying the identifier of the RTK device, the identifier including the serial number SN of the RTK device and/or the ephemeris data of the RTK device;
  • the security server generates an authentication certificate
  • the security server encrypts the authentication certificate based on the identification
  • the security server feeds back encrypted information carrying the encrypted authentication certificate.
  • the present application provides an encrypted communication device, which is applied to a drone's RTK equipment.
  • the encrypted communication device includes:
  • An obtaining unit configured to obtain an identifier of the RTK device from the RTK device, the identifier including a serial number SN of the RTK device and/or ephemeris data of the RTK device;
  • a receiving unit configured to receive encrypted information fed back by the security server, where the encrypted information includes an authentication certificate encrypted based on the identifier;
  • the sending unit sends the encrypted information to the RTK device.
  • the present application provides an encrypted communication device, which is applied to a drone's RTK equipment; the encrypted communication device includes:
  • a receiving unit configured to receive encrypted information generated by a security server, the encrypted information including an authentication certificate encrypted based on an identifier of the RTK device, the identifier including the serial number SN of the RTK device and/or the RTK device Ephemeris data;
  • a using unit for generating a key for decrypting the encrypted information using the identifier of the RTK device, decrypting the authentication certificate from the encrypted information using the generated key, and establishing and using the authentication certificate The communication of the security server.
  • the present application provides an encrypted communication device, which is applied to a drone's RTK equipment; the encrypted communication device includes:
  • a receiving unit configured to receive a request carrying an identifier of the RTK device, the identifier including the serial number SN of the RTK device and/or ephemeris data of the RTK device;
  • Generating unit used to generate authentication certificate
  • the feedback unit is used for feeding back encrypted information carrying the encrypted authentication certificate.
  • the present application provides an encrypted communication system.
  • the encrypted communication system includes: an RTK device, a security server, and a parameter adjustment device;
  • the parameter adjustment device is used to obtain the identification of the RTK device from the RTK device, use the identification to request an authentication certificate from a security server, receive the encrypted information fed back by the security server, and send the RTK device the said Encrypted information, the encrypted information including an authentication certificate encrypted based on the identifier, the identifier including the serial number SN of the RTK device and/or ephemeris data of the RTK device;
  • the security server is configured to receive a request carrying an ID of the RTK device from the assistant device, generate an authentication certificate, encrypt the authentication certificate based on the identifier, and feed back the encrypted device with the encrypted Encrypted information of authentication certificate;
  • the RTK device is configured to receive encrypted information generated by the security server from the assistant device, and the encrypted information includes an authentication certificate encrypted based on the identifier of the RTK device;
  • the RTK device is also used to generate a key for decrypting the encrypted information using the ID of the RTK device, use the generated key to decrypt the authentication certificate from the encrypted information, and use the authentication
  • the certificate establishes communication with the security server.
  • the present application provides a parameter adjustment device, including a processor and a memory; the memory stores computer instructions; and the processor executes the computer instructions in the memory, so that the encryption communication method provided in the first aspect of the parameter adjustment device.
  • the present application provides an RTK device, including a processor and a memory; the memory stores computer instructions; the processor executes the computer instructions in the memory, so that the RTK device performs the encrypted communication method provided in the second aspect.
  • the present application provides a security server, including a processor and a memory; the memory stores computer instructions; the processor executes the computer instructions in the memory, so that the security server executes the encrypted communication method provided in the third aspect.
  • the present application provides a computer-readable storage medium that stores computer instructions that instruct the assistant device to perform the encrypted communication method provided in the first aspect.
  • the present application provides a computer-readable storage medium that stores computer instructions that instruct an RTK device to perform the encrypted communication method provided in the second aspect.
  • the present application provides a computer-readable storage medium that stores computer instructions that instruct a security server to perform the encrypted communication method provided in the third aspect.
  • the security server encrypts the authentication certificate using the identifier of the RTK device, and the identifier includes the serial number SN of the RTK device and/or the ephemeris data of the RTK device.
  • the identifier includes the serial number SN of the RTK device and/or the ephemeris data of the RTK device.
  • only a real RTK device with this identification can use the local identification to generate the correct key, which can be used to decrypt the authentication certificate. Therefore, the real RTK device can use the authentication certificate to pass the security authentication of the security server and establish communication with the security server.
  • FIG. 1 is an example diagram of an application scenario of a drone provided by an embodiment of the present application
  • FIG. 2 is a flowchart of a system interaction of an encrypted communication system provided by an embodiment of the present application
  • FIG. 3 is a flowchart of an encryption communication method provided for a parameter adjustment device 102 according to an embodiment of the present application
  • FIG. 4 is a flowchart of an encrypted communication method for the security server 103 provided by an embodiment of the present application.
  • FIG. 5 is a flowchart of an encrypted communication method provided for an RTK device 101 provided by an embodiment of the present application
  • FIG. 6 is a schematic structural diagram of an encrypted communication device 60 provided by an embodiment of the present application.
  • FIG. 7 is a schematic structural diagram of an encrypted communication device 70 provided by an embodiment of the present application.
  • FIG. 8 is a schematic structural diagram of an encrypted communication device 80 provided by an embodiment of the present application.
  • FIG. 9 is a schematic structural diagram of a parameter adjustment device 102 provided by an embodiment of the present application.
  • FIG. 10 is a schematic structural diagram of a security server 103 provided by an embodiment of the present application.
  • FIG. 11 is a schematic structural diagram of an RTK device 101 provided by an embodiment of the present application.
  • FIG. 1 provides an example of an application scenario of a drone provided by this application.
  • the RTK device 101 and the assistant device 102 have established a communication connection.
  • the RTK device 101 and the assistant device 102 may be an encrypted communication connection, or may be a non-encrypted communication connection.
  • the security server 103 and the assistant device 102 have established a communication connection.
  • the security server 103 and the assistant device 102 may be an encrypted communication connection, or may be a non-encrypted communication connection.
  • the assistant device 102 may be integrated into the security server 103. Or, the assistant device 102 is independently deployed outside the security server 103.
  • the security server 103 may be a CORS station.
  • the security server 103 is used to perform security authentication on the RTK device 101 and establish an encrypted communication connection with the RTK device 101.
  • the assistant device 102 serves as an intermediary between the security server 103 and the RTK device 101, so that the RTK device 101 can obtain the authentication certificate and/or key generated by the security server 103 according to the identifier of the RTK device 101, the identifier including the RTK Serial number (SN) of the device and/or ephemeris data of the RTK device.
  • the authentication certificate and/or key is used by the RTK device 101 to request the security server 103 to establish an encrypted communication connection, for example, to establish an SSL-based communication connection.
  • RTK equipment 101 can be used to manage drones. Subsequent drone remote controllers can plan the flight path of the drone based on the hit data generated by the RTK device 101.
  • FIG. 2 Based on the system of FIG. 1, an embodiment of system interaction is provided, as shown in FIG. 2.
  • step S31 the assistant device 102 obtains the identifier of the RTK device 101.
  • the identifier of the RTK device 101 includes: a serial number (SN) of the RTK device 101 and/or ephemeris data of the RTK device 101.
  • the ephemeris data of the RTK device 101 refers to the ephemeris data received by the RTK device 101 from the Global Navigation Satellite System (Global Navigation Satellite System, GNSS).
  • GNSS Global Navigation Satellite System
  • the assistant device 102 directly accesses the RTK device 101, and acquires the RTK device 101 identifier from the RTK device 101.
  • the RTK device 101 directly sends the identifier of the RTK device 101 to the assistant device 102.
  • step S32 the assistant device 102 uses the ID of the RTK device 101 to request an authentication certificate from the security server 103.
  • the assistant device 102 sends a request to the security server 103, the request carries the identifier of the RTK device 101, and the request is specifically used to request the security server 103 for an authentication certificate.
  • step S33 the security server 103 generates an authentication certificate.
  • the security server 103 In response to the request sent by the assistant device 102, the security server 103 generates an authentication certificate for performing security authentication on the RTK device 101. With this authentication certificate, the RTK device 101 can request to establish a communication connection with the security server 103.
  • the security server 103 uses the ID of the RTK device 101 to generate a key.
  • the RTK device 101 may request to establish an encrypted communication connection with the security server 103, for example, establish an encrypted communication connection based on SSL.
  • each RTK device 101 has a unique identification. Therefore, the keys generated based on the identifications of different RTK devices 101 are also different and unique. In contrast, the fake RTK device does not have an identification, and therefore does not have a key corresponding to the identification, so that it is impossible to establish an encrypted communication connection with the security server 103.
  • each RTK device 101 has a unique SN. Therefore, the keys generated based on the SNs of different RTK devices 101 are also different and unique.
  • a fake RTK device does not have an SN, and therefore does not have a key corresponding to the SN, so that an encrypted communication connection with the security server 103 cannot be established.
  • step S34 the security server 103 encrypts the authentication certificate based on the identification.
  • the security server 103 has an encryption algorithm, and this application does not limit which encryption algorithm is specifically used for encryption.
  • the encryption algorithm is a symmetric encryption algorithm.
  • the symmetric encryption algorithm can be Data Encryption Standard (DES), Triple Data Encryption Algorithm (Triple Data Encryption Algorithm, TDEA), or Advanced Encryption Standard (Advanced Encryption Standard, AES).
  • DES Data Encryption Standard
  • TDEA Triple Data Encryption Algorithm
  • AES Advanced Encryption Standard
  • calculate the hash value of the SN of the RTK device convert the calculated hash value into the first binary number of M bits; calculate the hash value of the ephemeris data of the RTK device, and calculate the hash The value is converted to a second binary number of M bits, where M is a positive integer.
  • the process of encrypting the authentication certificate is as follows: first divide the authentication certificate into N data fragments according to M bits; then perform the exclusive OR operation on the N data fragments and the first binary number; and then the N pieces after the exclusive OR operation The data fragments are ORed with the second binary number to obtain the encrypted certificate.
  • N is a positive integer.
  • the encryption algorithm is an asymmetric encryption algorithm.
  • the asymmetric encryption algorithm may be the RSA algorithm, or may be the DSA (Digital Signature Algorithm) algorithm, or the elliptic curve cryptography (Elliptic curve cryptography, ECC) algorithm.
  • the security server 103 uses the encryption algorithm to encrypt the authentication certificate based on the identification of the RTK device 101.
  • the identifier of the RTK device 101 is used as a parameter of an asymmetric encryption algorithm, and the asymmetric encryption algorithm is used to generate a key pair, and the key pair includes a public key and a private key. It should be understood that the public key and the private key are a pair.
  • the RTK device 101 needs to generate the private key corresponding to the public key based on the identifier, because only the Only the private key corresponding to the public key can decrypt the authentication certificate; if the private key is used to encrypt the authentication certificate, the RTK device 101 needs to generate the public key corresponding to the private key based on the identifier, because only the Only the public key corresponding to the private key can decrypt the authentication certificate.
  • the security server 103 still uses the encryption algorithm to encrypt the key based on the identifier of the RTK device 101.
  • the security server 103 may simultaneously encrypt the key and the authentication certificate used to establish encrypted communication. Alternatively, the security server 103 may separately encrypt the key and the authentication certificate used to establish the encrypted communication.
  • the security server 103 generates encrypted information carrying an encrypted authentication certificate.
  • the security server 103 also carries the encrypted key used to establish encrypted communication in the encrypted information.
  • step S35 the security server 103 feeds back the encrypted information carrying the encrypted authentication certificate to the assistant device 102.
  • the security server 103 sends the encrypted information to the assistant device 102.
  • the encrypted information carries an encrypted authentication certificate.
  • the encrypted information carries both the encrypted key used to establish encrypted communication and the authentication certificate.
  • step S36 the assistant device 102 sends the encrypted information to the RTK device 101.
  • the encrypted information carries an encrypted authentication certificate.
  • the encrypted information carries both the encrypted key used to establish encrypted communication and the authentication certificate.
  • the RTK device 101 stores this encrypted information.
  • step S37 the RTK device 101 uses the ID of the RTK device 101 to generate a key for decrypting the encrypted information.
  • step S31 and the identifier described in step S37 are the same identifier. That is, the identifier used to generate the decryption key in step S37 is the same as the identifier acquired by the assistant device 102 in step S31.
  • the RTK device 101 acquires the ID of the RTK device, performs legality verification on the acquired ID, and uses the ID of the RTK device to generate a key for decrypting the encrypted information after the legality verification is passed.
  • the ID of the RTK device 101 is first obtained from a loader (such as a bootloader). Then, the legality verification is performed on the obtained identification. After the verification of the legality is passed, the identification can be used to generate a key for decrypting the encrypted information. If the legality verification fails, no processing is required.
  • the ID of the RTK device 101 passes the legality verification, the ID is used to generate a key for decrypting the encrypted information, and the generated key is stored in the storage module SPRAM to facilitate subsequent use of the key.
  • step S38 the RTK device 101 decrypts the authentication certificate from the encrypted information using the generated key.
  • calculate the hash value of the SN of the RTK device convert the calculated hash value into the first binary number of M bits; calculate the hash value of the ephemeris data of the RTK device, and calculate the hash
  • the value is converted to a second binary number of M bits, where M is a positive integer.
  • the first binary number and the second binary number are the keys used to decrypt the encrypted information.
  • the process of decrypting the authentication certificate is as follows: first divide the encrypted information into Q data fragments according to M bits; and then perform an OR operation on the Q data fragments and the second binary number; and then perform the XOR operation on the Q Each piece of data is XORed with the first binary number to obtain the decrypted information.
  • the decrypted information includes the authentication certificate in plain text, and the decrypted information may also include a key used to establish encrypted communication.
  • Q is a positive integer.
  • step S39 the RTK device 101 uses the authentication certificate to establish communication with the security server 103.
  • the RTK device 101 may generate a decryption key according to the identifier of the RTK device 101, and use the key to decrypt the authentication certificate from the encrypted information. In this way, the RTK device 101 can use the authentication certificate to establish a legal communication connection with the security server 103.
  • the RTK device 101 uses the key for decryption generated according to the identifier of the RTK device 101 to decrypt the key and the authentication certificate for establishing encrypted communication from the encrypted information.
  • the RTK device 101 can use the authentication certificate to establish an encrypted communication connection with the security server 103, for example, to establish an encrypted communication connection based on SSL.
  • the security server 103 is a continuously running reference station (Continuously Operating Reference Stations, CORS).
  • CORS can send the encrypted RTCM data to the RTK device 101.
  • the RTCM data carries global navigation satellite system (Global Navigation Satellite System, GNSS) differential data, and the GNSS differential data can also be replaced with differential global positioning system (Differential Global Positioning System, DGPS) differential data; that is, the RTCM data carries GNSS differential Data or DGPS differential data.
  • GNSS Global Navigation Satellite System
  • DGPS differential global positioning system
  • the following uses the data format of the RTCM SC-104 protocol as an example.
  • the basic frame format of RTCM data consists of a variable number of 30-bit words, with 25 to 30 bits of each word being parity bits.
  • the first two words of each frame are called headers.
  • the contents of the header are as follows:
  • the guide word can be composed of a fixed sequence of 01100110, which is used for user search synchronization.
  • Frame identification used to identify the type of message.
  • the base station identification (base station ID) records the serial number of the base station.
  • the serial number is increased by each frame and is used to verify frame synchronization.
  • the frame length indicates the number of words in this frame except for the header, which also identifies the end position of this frame.
  • the health status of the base station indicates whether the base station is working properly and whether the transmission of the base station is monitored.
  • the payload is used to record GNSS differential data or DGPS differential data.
  • DGPS differential data record "scale factor”, “UDRE”, “satellite identification”, “pseudorange and its rate of change correction value” and "data period number”.
  • GNSS differential data is similar to DGPS differential data records.
  • the decryption algorithm is exemplified by the data format of the RTCM SC-104 protocol.
  • the first step in decryption is byte scanning. Specifically, in RTCM data, usually only the lower 6 bits are valid bits, the 7 and 8 bits are padding bits, the 7 position is "1", and the 8 position is "0". Therefore, the received byte value is only valid between 64 and 127, otherwise it will be deleted.
  • the second step of decryption byte rolling.
  • UART Universal Asynchronous Receiver/Transmitter
  • priority is given to sending or receiving low-level data.
  • the lower 6 bits of the received RTCM byte must be byte-rolled, but both 7 and 8 Bit does not participate in scrolling.
  • the bytes are complemented. Specifically, after processing 5 consecutive RTCM bytes according to the above steps, the lower 6 bits of each byte are connected to obtain a complete RTCM word. Similar to the GPS navigation message, if the last bit of the previous word d30 is 1, the first 24 bits d1 to d24 of the current word need to be complemented; if d30 is 0, the current word remains unchanged.
  • the fourth step of decryption byte page jumping.
  • page jump processing is adopted.
  • the message is synchronized.
  • the start of each frame is the leading word 01100110, first find the sequence in the data string, and then perform parity check. If the parity check passes, the decoding starts. If it can be decoded correctly, the pilot word is considered correct and the message synchronization is completed; if it cannot be decoded correctly, the pilot word needs to be searched again.
  • the sixth step of decryption, parity is to calculate a new parity bit according to the received RTCM data, and compare it with the currently received parity bit. If the two are consistent, the verification is passed; if the two are not consistent, the verification is not passed, and the pilot word must be searched again for synchronization.
  • the GNSS differential data or DGPS differential data carried in the RTCM data can be decrypted from the RTCM data.
  • the GNSS differential data or DGPS differential data can be used to perform operations such as hand-held hitting on the UAV.
  • the present application provides an encrypted communication system, as shown in FIG. 1.
  • the encrypted communication system includes: an RTK device 101, a security server 103, and a parameter adjustment device 102.
  • the RTK device 101, the security server 103, and the assistant device 102 each have a function of executing the steps in the above-mentioned system interaction embodiment.
  • the following provides an example of functions of the RTK device 101, the security server 103, and the assistant device 102.
  • the assistant device 102 is used to obtain the identifier of the RTK device 101 from the RTK device 101, use the identifier to request an authentication certificate from the security server 103, receive the encrypted information fed back by the security server 103, and send the RTK device 101 Send the encrypted information, the encrypted information including an authentication certificate encrypted based on the identifier.
  • the security server 103 is configured to receive a request carrying the identifier of the RTK device 101 from the assistant device 102, generate an authentication certificate, encrypt the authentication certificate based on the identifier, and feed back to the assistant device 102 Encrypted information of encrypted authentication certificate.
  • the RTK device 101 is configured to receive the encrypted information generated by the security server 103 from the assistant device 102, and the encrypted information includes an authentication certificate encrypted based on the identifier of the RTK device 101.
  • the RTK device 101 is also used to generate a key for decrypting the encrypted information using the ID of the RTK device 101, use the generated key to decrypt the authentication certificate from the encrypted information, and use the authentication
  • the certificate establishes communication with the security server 103.
  • the RTK device 101 is configured to decrypt the key used to establish communication with the security server 103 from the encrypted information using the generated key, and the encrypted information further includes encryption based on the identifier Key.
  • the RTK device 101 is configured to use the authentication certificate and the decrypted key to establish an encrypted communication with the security server 103 based on a secure socket layer SSL.
  • the RTK device 101 is used to obtain the ID of the RTK device 101, verify the validity of the obtained ID, and use the ID of the RTK device 101 to generate the decryption after the validity verification is passed The key to encrypt information.
  • the security server 103 is configured to generate a key corresponding to the authentication certificate, encrypt the key corresponding to the authentication certificate based on the identifier, and carry the encrypted key in the encrypted information .
  • the security server 103 is configured to calculate the hash value of the SN of the RTK device 101, convert the calculated hash value into an M-bit first binary number, and M is a positive integer; calculate the The hash value of the ephemeris data of the RTK device 101 converts the calculated hash value into an M-bit second binary number; divides the authentication certificate into N data fragments according to M bits, and divides the N Each data segment performs an XOR operation with the first binary number, and performs an OR operation on the N data segments subjected to the XOR operation with the second binary number to obtain the encrypted authentication Certificate, N is a positive integer.
  • the security server 10 uses the first binary number and the second binary number to encrypt the key used to establish communication with the security server 103 in a similar manner.
  • the RTK device 101 is used to calculate the hash value of the SN of the RTK device 101, and convert the calculated hash value into an M-bit first binary number; calculate the ephemeris data of the RTK device 101 Hence, the calculated hash value is converted into an M-bit second binary number, and the first binary number and the second binary number are keys used to decrypt the encrypted information.
  • the RTK device 101 is used to decrypt the authentication certificate, including: dividing the encrypted information into Q data fragments according to M bits, and performing an OR operation on the Q data fragments and the second binary number, respectively, and performing an exclusive OR operation Q pieces of data are XORed with the first binary number to obtain the decrypted information, Q is a positive integer.
  • the decrypted information includes the authentication certificate in plain text, and the decrypted information may also include a key used to establish encrypted communication.
  • an encrypted communication method is provided for the assistant device 102, as shown in FIG. 3.
  • step S31 the assistant device 102 obtains the identifier of the RTK device 101.
  • the assistant device 102 obtains the identifier of the RTK device 101 from the RTK device 101.
  • the specific implementation manner of acquisition refer to the description of the foregoing system interaction embodiment.
  • the identifier of the RTK device 101 includes: a serial number (SN) of the RTK device 101 and/or ephemeris data of the RTK device 101.
  • the ephemeris data of the RTK device 101 refers to the ephemeris data received by the RTK device 101 from the Global Navigation Satellite System (Global Navigation Satellite System, GNSS).
  • GNSS Global Navigation Satellite System
  • the RTK device 101 is an RTK device applied to a drone.
  • step S32 the assistant device 102 uses the identifier to request an authentication certificate from the security server 103.
  • the assistant device 102 sends a request to the security server 103, the request carries the identifier of the RTK device 101, and the request is specifically used to request the security server 103 for an authentication certificate.
  • step S33 the assistant device 102 receives the encrypted information fed back by the security server 103.
  • the encrypted information includes an authentication certificate encrypted based on the identifier.
  • the security server 103 uses an encryption algorithm to encrypt the authentication certificate based on the identifier of the RTK device 101, and then carries the encrypted authentication certificate in the encrypted information.
  • the encrypted information further includes a key encrypted based on the identifier.
  • the security server 103 encrypts the key using an encryption algorithm based on the identification of the RTK device 101, and then carries the encrypted key in the encrypted information.
  • This key is a key used to establish encrypted communication between the RTK device 101 and the security server 103.
  • the authentication certificate and the key included in the encrypted information are used to establish SSL communication between the RTK device and the security server.
  • step S34 the assistant device 102 sends the encrypted information to the RTK device 101.
  • the RTK device 101 can use the identifier stored locally by the RTK device 101 to generate a key for decrypting the encrypted information. And use the key to obtain the authentication certificate and key for the RTK device 101 and the security server 103 to establish encrypted communication from the encrypted information. Subsequently, the RTK device 101 may use the decrypted authentication certificate and key to request an encrypted communication connection with the security server 103. Optionally, the decrypted authentication certificate and key are used to establish an encrypted communication connection based on SSL.
  • an encrypted communication method is provided for the security server 103, as shown in FIG. 4.
  • step S41 the security server 103 receives a request carrying the identifier of the RTK device 101.
  • the request is used to request an authentication certificate for establishing communication from the security server 103.
  • the request can also be used to request a key for establishing encrypted communication from the security server 103.
  • the request may be sent by the RTK device 101.
  • the request may be sent by the assistant device 102.
  • step S42 the security server 103 generates an authentication certificate.
  • the security server 103 In response to the request sent by the assistant device 102, the security server 103 generates an authentication certificate for performing security authentication on the RTK device 101. With this authentication certificate, the RTK device 101 can request to establish a communication connection with the security server 103.
  • the security server 103 uses the identifier of the RTK device 101 to generate the key corresponding to the authentication certificate. Combining the key and the authentication certificate, the RTK device 101 may request to establish an encrypted communication connection with the security server 103, for example, establish an encrypted communication connection based on SSL.
  • each RTK device 101 has a unique identification. Therefore, the keys generated based on the identifications of different RTK devices 101 are also different and unique. In contrast, the fake RTK device does not have an identification, and therefore does not have a key corresponding to the identification, so that it is impossible to establish an encrypted communication connection with the security server 103.
  • the authentication certificate and the key included in the encrypted information are used to establish a secure socket layer SSL-based encrypted communication between the RTK device 101 and the security server 103.
  • step S43 the security server 103 encrypts the authentication certificate based on the identification.
  • the security server 103 has an encryption algorithm, and this application does not limit which encryption algorithm is specifically used for encryption.
  • the encryption algorithm is a symmetric encryption algorithm.
  • the symmetric encryption algorithm can be Data Encryption Standard (DES), Triple Data Encryption Algorithm (Triple Data Encryption Algorithm, TDEA), or Advanced Encryption Standard (Advanced Encryption Standard, AES).
  • DES Data Encryption Standard
  • TDEA Triple Data Encryption Algorithm
  • AES Advanced Encryption Standard
  • calculate the hash value of the SN of the RTK device convert the calculated hash value into the first binary number of M bits; calculate the hash value of the ephemeris data of the RTK device, and calculate the hash The value is converted to a second binary number of M bits, where M is a positive integer.
  • the process of encrypting the authentication certificate is as follows: first divide the authentication certificate into N data fragments according to M bits; then perform the exclusive OR operation on the N data fragments and the first binary number; and then the N pieces after the exclusive OR operation The data fragments are ORed with the second binary number to obtain the encrypted certificate.
  • the encryption algorithm is an asymmetric encryption algorithm.
  • the asymmetric encryption algorithm may be the RSA algorithm, or may be the DSA (Digital Signature Algorithm) algorithm, or the elliptic curve cryptography (Elliptic curve cryptography, ECC) algorithm.
  • the security server 103 uses the encryption algorithm to encrypt the authentication certificate based on the identification of the RTK device 101.
  • the security server 103 encrypts the key corresponding to the authentication certificate based on the identification. Specifically, for the key for establishing encrypted communication (that is, the key corresponding to the authentication certificate) generated based on the ID of the RTK device 101, the security server 103 still uses the encryption algorithm to perform the key on the key based on the ID of the RTK device 101 encryption.
  • the security server 103 may simultaneously encrypt the key and the authentication certificate used to establish encrypted communication. Alternatively, the security server 103 may separately encrypt the key and the authentication certificate used to establish the encrypted communication.
  • step S44 the security server 103 feeds back the encrypted information carrying the encrypted authentication certificate.
  • the encrypted information carries an encrypted authentication certificate.
  • the encrypted information carries both the encrypted key used to establish encrypted communication and the authentication certificate.
  • step S41 if it is a request sent by the assistant device 102, the security server 103 sends the encrypted information to the assistant device 102.
  • step S41 if it is a request sent by the RTK device 101, the security server 103 sends the encrypted information to the RTK device 101.
  • an encrypted communication method is provided for the RTK device 101, as shown in FIG. 5.
  • step S51 the RTK device 101 receives the encrypted information generated by the security server 103.
  • the RTK device 101 receives the encrypted information sent by the security server 103.
  • the RTK device 101 is to receive encrypted information generated by the security server 103 forwarded by the assistant device 102.
  • each RTK device 101 has a unique identification. Therefore, the encrypted information (including the authentication certificate and key used to establish communication) generated based on the identification of different RTK devices 101 is also different and unique. In contrast, a fake RTK device does not have an identifier, nor does it receive encrypted information corresponding to the identifier, so that an encrypted communication connection with the security server 103 cannot be established.
  • step S52 the RTK device 101 uses the ID of the RTK device 101 to generate a key for decrypting the encrypted information.
  • the RTK device 101 obtains the identifier of the RTK device 101, and performs legality verification on the obtained identifier. After passing the legality verification, the RTK device 101 uses the ID of the RTK device 101 to generate a key for decrypting the encrypted information.
  • step S53 the RTK device 101 decrypts the authentication certificate from the encrypted information using the generated key.
  • the RTK device 101 may also use the generated key to decrypt the key used to establish communication with the security server 103 from the encrypted information.
  • calculate the hash value of the SN of the RTK device convert the calculated hash value into the first binary number of M bits; calculate the hash value of the ephemeris data of the RTK device, and calculate the hash
  • the value is converted to a second binary number of M bits, where M is a positive integer.
  • the first binary number and the second binary number are the keys used to decrypt the encrypted information.
  • the process of decrypting the authentication certificate is as follows: first divide the encrypted information into Q data fragments according to M bits; and then perform an OR operation on the Q data fragments and the second binary number; and then perform the XOR operation on the Q Each piece of data is XORed with the first binary number to obtain the decrypted information.
  • the decrypted information includes the authentication certificate in plain text, and the decrypted information may also include a key used to establish encrypted communication.
  • step S54 the RTK device 101 uses the authentication certificate to establish communication with the security server 103.
  • the RTK device 101 may generate a decryption key according to the identifier of the RTK device 101, and use the key to decrypt the authentication certificate from the encrypted information. In this way, the RTK device 101 can use the authentication certificate to establish a legal communication connection with the security server 103.
  • the RTK device 101 uses the key for decryption generated according to the identifier of the RTK device 101 to decrypt the key and the authentication certificate for establishing encrypted communication from the encrypted information.
  • the RTK device 101 uses the authentication certificate and the decrypted key to establish an encrypted communication with the security server 103 based on the secure socket layer SSL.
  • the present application further provides an encrypted communication device 60 for implementing the encrypted communication method.
  • the encrypted communication device 60 is deployed in the parameter adjustment device 102.
  • This application does not limit the division of functional modules in the encrypted communication device 60.
  • An example of division of the functional modules included in the encrypted communication device 60 is given below with reference to FIG. 6.
  • the encrypted communication device 60 includes:
  • An obtaining unit 61 configured to obtain the identifier of the RTK device 101 from the RTK device 101;
  • the requesting unit 62 is used to request an authentication certificate from the security server 103 using the identifier
  • the receiving unit 63 is configured to receive encrypted information fed back by the security server 103, where the encrypted information includes an authentication certificate encrypted based on the identifier;
  • the sending unit sends the encrypted information to the RTK device 101.
  • the encrypted information further includes a key encrypted based on the identifier.
  • the authentication certificate and the key included in the encrypted information are used to establish a secure socket layer SSL-based encrypted communication between the RTK device 101 and the security server 103.
  • the present application also provides an encrypted communication device 70 for implementing the encrypted communication method.
  • the encrypted communication device 70 is deployed on the RTK device 101.
  • This application does not limit the division of functional modules in the encryption communication device 70.
  • An example of division of the functional modules included in the encryption communication device 70 is given below with reference to FIG. 7.
  • the encrypted communication device 70 includes:
  • the encrypted communication device 70 includes:
  • the receiving unit 71 is configured to receive encrypted information generated by the security server 103, and the encrypted information includes an authentication certificate encrypted based on the identifier of the RTK device 101;
  • the using unit 72 is used to generate a key for decrypting the encrypted information using the identifier of the RTK device 101, use the generated key to decrypt the authentication certificate from the encrypted information, and use the authentication certificate Establish communication with the security server 103.
  • the using unit 72 is configured to use the generated key to decrypt the key used to establish communication with the security server 103 from the encrypted information, the encrypted information further includes encryption based on the identifier Key.
  • the use unit 72 is configured to use the authentication certificate and the decrypted key to establish an encrypted communication with the security server 103 based on a secure socket layer SSL.
  • the using unit 72 is configured to: obtain the ID of the RTK device 101, perform legality verification on the obtained ID, and use the ID of the RTK device 101 to generate a decryption device after the legality verification is passed The key to encrypt information.
  • the use unit 72 is configured to:
  • Calculate the hash value of the ephemeris data of the RTK device 101 convert the calculated hash value into an M-bit second binary number, the first binary number and the second binary number are used for decryption The key of the encrypted information.
  • the present application also provides an encrypted communication device 80 for implementing the encrypted communication method.
  • the encrypted communication device 80 is deployed on the security server 103.
  • This application does not limit the division of functional modules in the encrypted communication device 80.
  • An example of division of the functional modules included in the encrypted communication device 80 is given below with reference to FIG. 8.
  • the encrypted communication device 80 includes:
  • the receiving unit 81 is configured to receive a request carrying the identifier of the RTK device 101;
  • the generating unit 82 is used to generate an authentication certificate
  • An encryption unit 83 configured to encrypt the authentication certificate based on the identification
  • the feedback unit 84 is configured to feed back encrypted information carrying the encrypted authentication certificate.
  • the generating unit 82 is configured to generate a key corresponding to the authentication certificate
  • the encryption unit 83 is configured to encrypt the key corresponding to the authentication certificate based on the identification
  • the encrypted communication device 80 includes a carrying unit 85 for carrying the encrypted key in the encrypted information.
  • the authentication certificate and the key included in the encrypted information are used to establish a secure socket layer SSL-based encrypted communication between the RTK device 101 and the security server 103.
  • the encryption unit 83 is used to:
  • the present application also provides a parameter adjustment device 102.
  • the parameter adjustment device 102 includes a processor 1021 and a memory 1022.
  • the processor 1021 and the memory 1022 are connected through a bus 1023; the memory 1022 stores computer instructions;
  • the processor 1021 executes the computer instructions in the memory 1022, so that the assistant device 102 executes an encrypted communication method for the assistant device 102, for example, the method steps shown in FIG. 3.
  • the processor 1021 may be a central processing unit (Central Processing Unit, CPU), and the processor may also be other general-purpose processors, digital signal processors (Digital Signal Processor, DSP), and application-specific integrated circuits (Application Specific (Integrated Circuit, ASIC), ready-made programmable gate array (Field-Programmable Gate Array, FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc.
  • the general-purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
  • the memory 1022 may include read-only memory and/or random access memory, and provide instructions and data to the processor.
  • a portion of the memory may also include non-volatile random access memory.
  • the memory may also store device type information.
  • the security server 103 includes a processor 1031 and a memory 1032.
  • the processor 1031 and the memory 1032 are connected through a bus 1033.
  • the memory 1032 stores computer instructions.
  • the processor 1031 executes computer instructions in the memory, so that the security server 103 executes an encrypted communication method for the security server 103, for example, executes the method steps shown in FIG. 4.
  • the processor 1031 may be a central processing unit (Central Processing Unit, CPU), and the processor may also be other general-purpose processors, digital signal processors (Digital Signal Processor, DSP), and application-specific integrated circuits (Application Specific (Integrated Circuit, ASIC), ready-made programmable gate array (Field-Programmable Gate Array, FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc.
  • the general-purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
  • the memory 1032 may include read-only memory and/or random access memory, and provide instructions and data to the processor.
  • a portion of the memory may also include non-volatile random access memory.
  • the memory may also store device type information.
  • the RTK device 101 includes a processor 1011 and a memory 1012.
  • the processor 1011 and the memory 1012 are connected through a bus 1013.
  • the memory 1012 stores computer instructions.
  • the processor 1011 The execution of the computer instructions in the memory 1012 causes the RTK device 101 to perform an encrypted communication method provided for the RTK device 101, for example, the method steps shown in FIG. 5 are executed.
  • the processor 1011 may be a central processing unit (Central Processing Unit, CPU), and the processor may also be other general-purpose processors, digital signal processors (Digital Signal Processor, DSP), and application-specific integrated circuits (Application Specific (Integrated Circuit, ASIC), ready-made programmable gate array (Field-Programmable Gate Array, FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc.
  • the general-purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
  • the memory 1012 may include read-only memory and/or random access memory, and provide instructions and data to the processor.
  • a portion of the memory may also include non-volatile random access memory.
  • the memory may also store device type information.
  • the present application also provides a computer-readable storage medium that stores computer instructions.
  • the computer instruction instructs the assistant device 102 to provide an encrypted communication method for the assistant device 102, for example, to perform the method steps shown in FIG. 3.
  • the present application also provides a computer-readable storage medium that stores computer instructions.
  • the computer instruction instructs the security server 103 to perform an encrypted communication method provided for the security server 103, for example, the method steps shown in FIG. 4 are performed.
  • the present application also provides a computer-readable storage medium that stores computer instructions.
  • the computer instruction instructs the RTK device 101 to provide an encrypted communication method for the RTK device 101, for example, to perform the method steps shown in FIG. 5.

Abstract

An encrypted communication method, apparatus and system, and a computer readable storage medium. The encrypted communication method is applied in an RTK device of an unmanned aerial vehicle, and comprises: obtaining an identification of the RTK device from the RTK device (S31), the identification comprising a serial number of the RTK device and/or ephemeris data thereof; using the identification to request a certificate to a security server (S32); receiving the encryption information fed back by the security server, the encryption information comprising the certificate encrypted on the basis of the identification (S35); and sending the encryption information to the RTK device (S36). Subsequently, only the real RTK device having the identification can use the local identification to generate a correct key which can be used for decrypting the certificate so that the real RTK device can pass the security certification of the security server by using the certificate, and establishes a communication with the security server.

Description

加密通信方法、装置、系统及计算机存储介质Encrypted communication method, device, system and computer storage medium 技术领域Technical field
本申请属于通信领域,尤其涉及一种加密通信方法、装置、系统以及计算机可读存储介质。The present application belongs to the field of communication, and in particular relates to an encrypted communication method, device, system, and computer-readable storage medium.
背景技术Background technique
在通信领域,为防止多个网络通信设备之间交互的信息被窃取,会对通信链路采取加密措施。这样可以保证交互信息的安全性。例如,在无人机的应用场景,实时动态定位(RealTimeKinemati,RTK)设备与连续运行参考站(Continuously Operating Reference Stations,CORS)之间基于安全套接层(Secure Socket Layer,SSL)建立了加密通信链路,进而CORS站可以向RTK设备下发加密的RTCM(RadioTechnical Commission for Maritime)数据,以便RTK设备使用该RTCM数据进行定位。从而保证该RTCM数据的传输安全性。In the field of communication, in order to prevent the information exchanged between multiple network communication devices from being stolen, encryption measures will be taken on the communication link. This can ensure the security of the interactive information. For example, in the application scenarios of drones, a real-time dynamic positioning (RealKinemati, RTK) device and a continuously running reference station (Continuously Operating Reference Stations, CORS) establish an encrypted communication chain based on the Secure Socket Layer (SSL) Then, the CORS station can deliver encrypted RTCM (RadioTechnical Commission for Maritime) data to the RTK device, so that the RTK device can use the RTCM data for positioning. So as to ensure the transmission security of the RTCM data.
但现有技术中,可以伪造RTK设备来与CORS站建立通信连接,窃取RTCM数据等信息。However, in the prior art, RTK equipment can be forged to establish a communication connection with a CORS station to steal information such as RTCM data.
发明内容Summary of the invention
本申请的目的在于提供一种加密通信方法,保证只有真实的RTK设备才可以建立通信的安全认证。The purpose of this application is to provide an encrypted communication method to ensure that only real RTK equipment can establish a communication security certification.
第一方面,本申请提供一种加密通信方法,应用于无人机的RTK设备;所述加密通信方法包括:In the first aspect, the present application provides an encrypted communication method, which is applied to a drone's RTK equipment; the encrypted communication method includes:
从所述RTK设备获取所述RTK设备的标识,所述标识包括所述RTK设备的系列号SN和/或所述RTK设备的星历数据;Acquiring the identifier of the RTK device from the RTK device, the identifier including the serial number SN of the RTK device and/or the ephemeris data of the RTK device;
使用所述标识向安全服务器请求认证证书;Use the identifier to request an authentication certificate from the security server;
接收所述安全服务器反馈的加密信息,所述加密信息包括基于所述标识加密后的认证证书;Receiving encrypted information fed back by the security server, the encrypted information including an authentication certificate encrypted based on the identifier;
向所述RTK设备发送所述加密信息。Sending the encrypted information to the RTK device.
第二方面,本申请提供一种加密通信方法,应用于无人机的RTK设备;所述加密通信方法包括:In a second aspect, the present application provides an encrypted communication method, which is applied to a drone's RTK equipment; the encrypted communication method includes:
所述RTK设备接收安全服务器生成的加密信息,所述加密信息包括基于所述RTK 设备的标识加密后的认证证书,所述标识包括所述RTK设备的系列号SN和/或所述RTK设备的星历数据;The RTK device receives encrypted information generated by a security server, and the encrypted information includes an authentication certificate encrypted based on the identifier of the RTK device, and the identifier includes the serial number SN of the RTK device and/or the RTK device’s Ephemeris data
所述RTK设备使用所述RTK设备的标识生成用于解密所述加密信息的密钥;The RTK device uses the ID of the RTK device to generate a key for decrypting the encrypted information;
所述RTK设备使用生成的密钥从所述加密信息中解密出所述认证证书;The RTK device uses the generated key to decrypt the authentication certificate from the encrypted information;
所述RTK设备使用所述认证证书建立与所述安全服务器的通信。The RTK device uses the authentication certificate to establish communication with the security server.
第三方面,本申请提供一种加密通信方法,应用于无人机的RTK设备;所述加密通信方法包括:In a third aspect, the present application provides an encrypted communication method, which is applied to a drone's RTK equipment; the encrypted communication method includes:
安全服务器接收携带有RTK设备的标识的请求,所述标识包括所述RTK设备的系列号SN和/或所述RTK设备的星历数据;The security server receives the request carrying the identifier of the RTK device, the identifier including the serial number SN of the RTK device and/or the ephemeris data of the RTK device;
所述安全服务器生成认证证书;The security server generates an authentication certificate;
所述安全服务器基于所述标识对所述认证证书加密;The security server encrypts the authentication certificate based on the identification;
所述安全服务器反馈携带有已加密的认证证书的加密信息。The security server feeds back encrypted information carrying the encrypted authentication certificate.
第四方面,本申请提供一种加密通信装置,应用于无人机的RTK设备,所述加密通信装置包括:According to a fourth aspect, the present application provides an encrypted communication device, which is applied to a drone's RTK equipment. The encrypted communication device includes:
获取单元,用于从所述RTK设备获取所述RTK设备的标识,所述标识包括所述RTK设备的系列号SN和/或所述RTK设备的星历数据;An obtaining unit, configured to obtain an identifier of the RTK device from the RTK device, the identifier including a serial number SN of the RTK device and/or ephemeris data of the RTK device;
请求单元,用于使用所述标识向安全服务器请求认证证书;A requesting unit for requesting an authentication certificate from the security server using the identifier;
接收单元,用于接收所述安全服务器反馈的加密信息,所述加密信息包括基于所述标识加密后的认证证书;A receiving unit, configured to receive encrypted information fed back by the security server, where the encrypted information includes an authentication certificate encrypted based on the identifier;
发送单元,向所述RTK设备发送所述加密信息。The sending unit sends the encrypted information to the RTK device.
第五方面,本申请一种加密通信装置,应用于无人机的RTK设备;所述加密通信装置包括:In a fifth aspect, the present application provides an encrypted communication device, which is applied to a drone's RTK equipment; the encrypted communication device includes:
接收单元,用于接收安全服务器生成的加密信息,所述加密信息包括基于所述RTK设备的标识加密后的认证证书,所述标识包括所述RTK设备的系列号SN和/或所述RTK设备的星历数据;A receiving unit, configured to receive encrypted information generated by a security server, the encrypted information including an authentication certificate encrypted based on an identifier of the RTK device, the identifier including the serial number SN of the RTK device and/or the RTK device Ephemeris data;
使用单元,用于使用所述RTK设备的标识生成用于解密所述加密信息的密钥,使用生成的密钥从所述加密信息中解密出所述认证证书,以及使用所述认证证书建立与所述安全服务器的通信。A using unit, for generating a key for decrypting the encrypted information using the identifier of the RTK device, decrypting the authentication certificate from the encrypted information using the generated key, and establishing and using the authentication certificate The communication of the security server.
第六方面,本申请一种加密通信装置,应用于无人机的RTK设备;所述加密通信装置包括:In a sixth aspect, the present application provides an encrypted communication device, which is applied to a drone's RTK equipment; the encrypted communication device includes:
接收单元,用于接收携带有RTK设备的标识的请求,所述标识包括所述RTK设备 的系列号SN和/或所述RTK设备的星历数据;A receiving unit, configured to receive a request carrying an identifier of the RTK device, the identifier including the serial number SN of the RTK device and/or ephemeris data of the RTK device;
生成单元,用于生成认证证书;Generating unit, used to generate authentication certificate;
加密单元,用于基于所述标识对所述认证证书加密;An encryption unit for encrypting the authentication certificate based on the identification;
反馈单元,用于反馈携带有已加密的认证证书的加密信息。The feedback unit is used for feeding back encrypted information carrying the encrypted authentication certificate.
第七方面,本申请提供一种加密通信系统,所述加密通信系统包括:RTK设备、安全服务器以及调参设备;In a seventh aspect, the present application provides an encrypted communication system. The encrypted communication system includes: an RTK device, a security server, and a parameter adjustment device;
所述调参设备,用于从所述RTK设备获取所述RTK设备的标识,使用所述标识向安全服务器请求认证证书,接收所述安全服务器反馈的加密信息,向所述RTK设备发送所述加密信息,所述加密信息包括基于所述标识加密后的认证证书,所述标识包括所述RTK设备的系列号SN和/或所述RTK设备的星历数据;The parameter adjustment device is used to obtain the identification of the RTK device from the RTK device, use the identification to request an authentication certificate from a security server, receive the encrypted information fed back by the security server, and send the RTK device the said Encrypted information, the encrypted information including an authentication certificate encrypted based on the identifier, the identifier including the serial number SN of the RTK device and/or ephemeris data of the RTK device;
所述安全服务器,用于从所述调参设备接收携带有RTK设备的标识的请求,生成认证证书,基于所述标识对所述认证证书加密,向所述调参设备反馈携带有已加密的认证证书的加密信息;The security server is configured to receive a request carrying an ID of the RTK device from the assistant device, generate an authentication certificate, encrypt the authentication certificate based on the identifier, and feed back the encrypted device with the encrypted Encrypted information of authentication certificate;
所述RTK设备,用于从所述调参设备接收所述安全服务器生成的加密信息,所述加密信息包括基于所述RTK设备的标识加密后的认证证书;The RTK device is configured to receive encrypted information generated by the security server from the assistant device, and the encrypted information includes an authentication certificate encrypted based on the identifier of the RTK device;
所述RTK设备,还用于使用所述RTK设备的标识生成用于解密所述加密信息的密钥,使用生成的密钥从所述加密信息中解密出所述认证证书,以及使用所述认证证书建立与所述安全服务器的通信。The RTK device is also used to generate a key for decrypting the encrypted information using the ID of the RTK device, use the generated key to decrypt the authentication certificate from the encrypted information, and use the authentication The certificate establishes communication with the security server.
第八方面,本申请提供一种调参设备,包括处理器和存储器;所述存储器存储计算机指令;所述处理器执行存储器中的计算机指令,使得调参设备第一方面提供的加密通信方法。In an eighth aspect, the present application provides a parameter adjustment device, including a processor and a memory; the memory stores computer instructions; and the processor executes the computer instructions in the memory, so that the encryption communication method provided in the first aspect of the parameter adjustment device.
第九方面,本申请提供一种RTK设备,包括处理器和存储器;所述存储器存储计算机指令;所述处理器执行存储器中的计算机指令,使得RTK设备执行第二方面提供的加密通信方法。In a ninth aspect, the present application provides an RTK device, including a processor and a memory; the memory stores computer instructions; the processor executes the computer instructions in the memory, so that the RTK device performs the encrypted communication method provided in the second aspect.
第十方面,本申请提供一种安全服务器,包括处理器和存储器;所述存储器存储计算机指令;所述处理器执行存储器中的计算机指令,使得安全服务器执行第三方面提供的加密通信方法。In a tenth aspect, the present application provides a security server, including a processor and a memory; the memory stores computer instructions; the processor executes the computer instructions in the memory, so that the security server executes the encrypted communication method provided in the third aspect.
第十一方面,本申请提供一种计算机可读存储介质,所述计算机可读存储介质存储计算机指令,所述计算机指令指示调参设备执行第一方面提供的加密通信方法。According to an eleventh aspect, the present application provides a computer-readable storage medium that stores computer instructions that instruct the assistant device to perform the encrypted communication method provided in the first aspect.
第十二方面,本申请提供一种计算机可读存储介质,所述计算机可读存储介质存储计算机指令,所述计算机指令指示RTK设备执行第二方面提供的加密通信方法。In a twelfth aspect, the present application provides a computer-readable storage medium that stores computer instructions that instruct an RTK device to perform the encrypted communication method provided in the second aspect.
第十三方面,本申请提供一种计算机可读存储介质,所述计算机可读存储介质存储计算机指令,所述计算机指令指示安全服务器执行第三方面提供的加密通信方法。In a thirteenth aspect, the present application provides a computer-readable storage medium that stores computer instructions that instruct a security server to perform the encrypted communication method provided in the third aspect.
本申请的有益效果:安全服务器使用RTK设备的标识对认证证书加密,该标识包括该RTK设备的系列号SN和/或该RTK设备的星历数据。相应地,只有具有该标识的真实RTK设备才能够使用本地的标识生成正确的密钥,该密钥可以用于解密出该认证证书。从而,该真实RTK设备可以使用该认证证书通过安全服务器的安全认证,并与安全服务器建立通信。Beneficial effect of this application: The security server encrypts the authentication certificate using the identifier of the RTK device, and the identifier includes the serial number SN of the RTK device and/or the ephemeris data of the RTK device. Correspondingly, only a real RTK device with this identification can use the local identification to generate the correct key, which can be used to decrypt the authentication certificate. Therefore, the real RTK device can use the authentication certificate to pass the security authentication of the security server and establish communication with the security server.
附图说明BRIEF DESCRIPTION
为了更清楚地说明本申请实施例中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本申请的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动性的前提下,还可以根据这些附图获得其他的附图。In order to more clearly explain the technical solutions in the embodiments of the present application, the following will briefly introduce the drawings used in the embodiments or the description of the prior art. Obviously, the drawings in the following description are only for the application In some embodiments, for those of ordinary skill in the art, without paying creative labor, other drawings may be obtained based on these drawings.
图1是本申请实施例提供的一种无人机的应用场景举例图;FIG. 1 is an example diagram of an application scenario of a drone provided by an embodiment of the present application;
图2是本申请实施例提供的加密通信系统的一种系统交互流程图;2 is a flowchart of a system interaction of an encrypted communication system provided by an embodiment of the present application;
图3是本申请实施例提供针对调参设备102提供一种加密通信方法的流程图;FIG. 3 is a flowchart of an encryption communication method provided for a parameter adjustment device 102 according to an embodiment of the present application;
图4是本申请实施例提供的针对安全服务器103提供一种加密通信方法的一种流程图;4 is a flowchart of an encrypted communication method for the security server 103 provided by an embodiment of the present application;
图5是本申请实施例提供的针对RTK设备101提供一种加密通信方法的一种流程图;5 is a flowchart of an encrypted communication method provided for an RTK device 101 provided by an embodiment of the present application;
图6是本申请实施例提供的加密通信装置60的一种结构示意图;6 is a schematic structural diagram of an encrypted communication device 60 provided by an embodiment of the present application;
图7是本申请实施例提供的加密通信装置70的一种结构示意图;7 is a schematic structural diagram of an encrypted communication device 70 provided by an embodiment of the present application;
图8是本申请实施例提供的加密通信装置80的一种结构示意图;8 is a schematic structural diagram of an encrypted communication device 80 provided by an embodiment of the present application;
图9是本申请实施例提供的调参设备102的一种结构示意图;9 is a schematic structural diagram of a parameter adjustment device 102 provided by an embodiment of the present application;
图10是本本申请实施例提供的安全服务器103的一种结构示意图;10 is a schematic structural diagram of a security server 103 provided by an embodiment of the present application;
图11是本申请实施例提供的RTK设备101的一种结构示意图。FIG. 11 is a schematic structural diagram of an RTK device 101 provided by an embodiment of the present application.
具体实施方式detailed description
下面详细描述本申请的实施方式,所述实施方式的示例在附图中示出,其中自始至终相同或类似的标号表示相同或类似的元件或具有相同或类似功能的元件。下面通过参考附图描述的实施方式是示例性的,仅用于解释本申请,而不能理解为对本申请的限制。The embodiments of the present application are described in detail below. Examples of the embodiments are shown in the drawings, in which the same or similar reference numerals denote the same or similar elements or elements having the same or similar functions. The embodiments described below with reference to the drawings are exemplary, and are only used to explain the present application, and cannot be construed as limiting the present application.
图1提供了本申请提供的一种无人机的应用场景举例。FIG. 1 provides an example of an application scenario of a drone provided by this application.
参见图1,RTK设备101与调参设备102已建立通信连接。RTK设备101与调参设 备102之间,可以是加密的通信连接,或者可以是非加密的通信连接。Referring to FIG. 1, the RTK device 101 and the assistant device 102 have established a communication connection. The RTK device 101 and the assistant device 102 may be an encrypted communication connection, or may be a non-encrypted communication connection.
安全服务器103与调参设备102已建立通信连接。安全服务器103与调参设备102之间,可以是加密的通信连接,或者可以是非加密的通信连接。The security server 103 and the assistant device 102 have established a communication connection. The security server 103 and the assistant device 102 may be an encrypted communication connection, or may be a non-encrypted communication connection.
可选地,调参设备102可以集成到安全服务器103中。或者,调参设备102独立部署于安全服务器103之外。Optionally, the assistant device 102 may be integrated into the security server 103. Or, the assistant device 102 is independently deployed outside the security server 103.
可选地,安全服务器103可以是CORS站。Alternatively, the security server 103 may be a CORS station.
本申请中,安全服务器103用于对RTK设备101进行安全认证,并与RTK设备101建立加密的通信连接。In this application, the security server 103 is used to perform security authentication on the RTK device 101 and establish an encrypted communication connection with the RTK device 101.
调参设备102作为安全服务器103与RTK设备101之间的媒介,使得RTK设备101可以获取到安全服务器103根据RTK设备101的标识生成的认证证书和/或密钥,所述标识包括所述RTK设备的序列号(Serial Number,SN)和/或所述RTK设备的星历数据。该认证证书和/或密钥用于RTK设备101请求安全服务器103建立加密的通信连接,例如用于建立基于SSL的通信连接。The assistant device 102 serves as an intermediary between the security server 103 and the RTK device 101, so that the RTK device 101 can obtain the authentication certificate and/or key generated by the security server 103 according to the identifier of the RTK device 101, the identifier including the RTK Serial number (SN) of the device and/or ephemeris data of the RTK device. The authentication certificate and/or key is used by the RTK device 101 to request the security server 103 to establish an encrypted communication connection, for example, to establish an SSL-based communication connection.
RTK设备101,可以为无人机打点。后续无人机遥控器可以根据RTK设备101生成的打点数据规划无人机的飞行路径。 RTK equipment 101 can be used to manage drones. Subsequent drone remote controllers can plan the flight path of the drone based on the hit data generated by the RTK device 101.
基于图1的系统,提供一种系统交互实施例,如图2所示。Based on the system of FIG. 1, an embodiment of system interaction is provided, as shown in FIG. 2.
步骤S31,调参设备102获取RTK设备101的标识。In step S31, the assistant device 102 obtains the identifier of the RTK device 101.
RTK设备101的标识包括:所述RTK设备101的序列号(Serial Number,SN)和/或所述RTK设备101的星历数据。可选地,所述RTK设备101的星历数据是指RTK设备101从全球导航卫星系统(Global Navigation Satellite System,GNSS)接收的星历数据。The identifier of the RTK device 101 includes: a serial number (SN) of the RTK device 101 and/or ephemeris data of the RTK device 101. Optionally, the ephemeris data of the RTK device 101 refers to the ephemeris data received by the RTK device 101 from the Global Navigation Satellite System (Global Navigation Satellite System, GNSS).
一种可能的获取方式,调参设备102直接访问RTK设备101,并从RTK设备101获取RTK设备101的标识。In a possible acquisition method, the assistant device 102 directly accesses the RTK device 101, and acquires the RTK device 101 identifier from the RTK device 101.
一种可能的获取方式,RTK设备101直接向调参设备102发送该RTK设备101的标识。In a possible acquisition method, the RTK device 101 directly sends the identifier of the RTK device 101 to the assistant device 102.
步骤S32,调参设备102使用该RTK设备101的标识向安全服务器103请求认证证书。In step S32, the assistant device 102 uses the ID of the RTK device 101 to request an authentication certificate from the security server 103.
具体地,调参设备102向安全服务器103发送请求,该请求携带RTK设备101的标识,该请求具体用于向安全服务器103请求认证证书。Specifically, the assistant device 102 sends a request to the security server 103, the request carries the identifier of the RTK device 101, and the request is specifically used to request the security server 103 for an authentication certificate.
步骤S33,安全服务器103生成认证证书。In step S33, the security server 103 generates an authentication certificate.
安全服务器103响应调参设备102发送的请求,生成用于对RTK设备101进行安全认证的认证证书。通过该认证证书,RTK设备101可以请求与安全服务器103建立通 信连接。In response to the request sent by the assistant device 102, the security server 103 generates an authentication certificate for performing security authentication on the RTK device 101. With this authentication certificate, the RTK device 101 can request to establish a communication connection with the security server 103.
可选地,安全服务器103在响应调参设备102发送的请求时,使用RTK设备101的标识生成密钥。结合该密钥和该认证证书,RTK设备101可以请求与安全服务器103建立加密的通信连接,例如建立基于SSL的加密通信连接。Optionally, in response to the request sent by the assistant device 102, the security server 103 uses the ID of the RTK device 101 to generate a key. Combining the key and the authentication certificate, the RTK device 101 may request to establish an encrypted communication connection with the security server 103, for example, establish an encrypted communication connection based on SSL.
应知,不同RTK设备101具有不同的标识,即每个RTK设备101具有唯一的标识。因此,基于不同RTK设备101的标识生成的密钥,也是不同的,唯一的。相比之下,伪造的RTK设备不具有标识,因此也不会具有该标识对应的密钥,从而无法建立与安全服务器103建立加密的通信连接。It should be understood that different RTK devices 101 have different identifications, that is, each RTK device 101 has a unique identification. Therefore, the keys generated based on the identifications of different RTK devices 101 are also different and unique. In contrast, the fake RTK device does not have an identification, and therefore does not have a key corresponding to the identification, so that it is impossible to establish an encrypted communication connection with the security server 103.
举例说明,不同RTK设备101具有不同的SN,即每个RTK设备101具有唯一的SN。因此,基于不同RTK设备101的SN生成的密钥,也是不同的,唯一的。相比之下,伪造的RTK设备不具有SN,因此也不会具有该SN对应的密钥,从而无法建立与安全服务器103建立加密的通信连接。For example, different RTK devices 101 have different SNs, that is, each RTK device 101 has a unique SN. Therefore, the keys generated based on the SNs of different RTK devices 101 are also different and unique. In contrast, a fake RTK device does not have an SN, and therefore does not have a key corresponding to the SN, so that an encrypted communication connection with the security server 103 cannot be established.
步骤S34,安全服务器103基于该标识对该认证证书加密。In step S34, the security server 103 encrypts the authentication certificate based on the identification.
安全服务器103具有加密算法,本申请对该加密算法具体为用于加密的哪种算法不做限定。The security server 103 has an encryption algorithm, and this application does not limit which encryption algorithm is specifically used for encryption.
可选地,该加密算法为对称加密算法。举例说明,对称加密算法可以是数据加密标准(Data Encryption Standard,DES),或者是三重数据加密算法(Triple Data Encryption Algorithm,TDEA),或者是高级加密标准(Advanced Encryption Standard,AES)。Optionally, the encryption algorithm is a symmetric encryption algorithm. For example, the symmetric encryption algorithm can be Data Encryption Standard (DES), Triple Data Encryption Algorithm (Triple Data Encryption Algorithm, TDEA), or Advanced Encryption Standard (Advanced Encryption Standard, AES).
举例说明,计算RTK设备的SN的哈希值,将计算得到的哈希值转换为M位的第一二进制数;计算RTK设备的星历数据的哈希值,将计算得到的哈希值转换为M位的第二二进制数,M为正整数。对认证证书加密的过程为:先将认证证书按照M位划分出N个数据片段;然后将N个数据片段分别与第一二进制数做异或运算;再将经过异或运算的N个数据片段分别与第二二进制数进行或运算,得到加密后的该认证证书。N为正整数。For example, calculate the hash value of the SN of the RTK device, convert the calculated hash value into the first binary number of M bits; calculate the hash value of the ephemeris data of the RTK device, and calculate the hash The value is converted to a second binary number of M bits, where M is a positive integer. The process of encrypting the authentication certificate is as follows: first divide the authentication certificate into N data fragments according to M bits; then perform the exclusive OR operation on the N data fragments and the first binary number; and then the N pieces after the exclusive OR operation The data fragments are ORed with the second binary number to obtain the encrypted certificate. N is a positive integer.
可选地,该加密算法为非对称加密算法。举例说明,非对称加密算法可以是RSA算法,或者可以是DSA(Digital Signature Algorithm)算法,或者是椭圆曲线密码学(Elliptic curve cryptography,ECC)算法。Optionally, the encryption algorithm is an asymmetric encryption algorithm. For example, the asymmetric encryption algorithm may be the RSA algorithm, or may be the DSA (Digital Signature Algorithm) algorithm, or the elliptic curve cryptography (Elliptic curve cryptography, ECC) algorithm.
安全服务器103基于RTK设备101的标识使用该加密算法对该认证证书加密。举例说明,将该RTK设备101的标识作为非对称加密算法的参数,使用该非对称加密算法生成密钥对,该密钥对包括公开密钥和私有密钥。应知,公开密钥与私有密钥是一对,如果用公开密钥对该认证证书加密进行加密,则RTK设备101需要基于该标识生成该公开密钥对应的私有密钥,因为只有使用该公开密钥对应的私有密钥才能解密出认证证 书;如果用私有密钥对该认证证书进行加密,那么则RTK设备101需要基于该标识生成该私有密钥对应的公开密钥,因为只有使用该私有密钥对应的公开密钥才能解密出认证证书。The security server 103 uses the encryption algorithm to encrypt the authentication certificate based on the identification of the RTK device 101. For example, the identifier of the RTK device 101 is used as a parameter of an asymmetric encryption algorithm, and the asymmetric encryption algorithm is used to generate a key pair, and the key pair includes a public key and a private key. It should be understood that the public key and the private key are a pair. If the public key is used to encrypt the authentication certificate, the RTK device 101 needs to generate the private key corresponding to the public key based on the identifier, because only the Only the private key corresponding to the public key can decrypt the authentication certificate; if the private key is used to encrypt the authentication certificate, the RTK device 101 needs to generate the public key corresponding to the private key based on the identifier, because only the Only the public key corresponding to the private key can decrypt the authentication certificate.
可选地,对于基于RTK设备101的标识生成的用于建立加密通信的密钥,安全服务器103仍然基于RTK设备101的标识使用该加密算法对该密钥进行加密。Optionally, for the key for establishing encrypted communication generated based on the identifier of the RTK device 101, the security server 103 still uses the encryption algorithm to encrypt the key based on the identifier of the RTK device 101.
可选地,安全服务器103可以同时对用于建立加密通信的密钥和认证证书进行加密。或者,安全服务器103可以分别对用于建立加密通信的密钥和认证证书进行分开加密。Alternatively, the security server 103 may simultaneously encrypt the key and the authentication certificate used to establish encrypted communication. Alternatively, the security server 103 may separately encrypt the key and the authentication certificate used to establish the encrypted communication.
本申请中,安全服务器103生成携带有已加密的认证证书的加密信息。可选地,安全服务器103同时将该已加密的用于建立加密通信的密钥携带在该加密信息中。In this application, the security server 103 generates encrypted information carrying an encrypted authentication certificate. Optionally, the security server 103 also carries the encrypted key used to establish encrypted communication in the encrypted information.
步骤S35,安全服务器103向调参设备102反馈携带有已加密的认证证书的加密信息。In step S35, the security server 103 feeds back the encrypted information carrying the encrypted authentication certificate to the assistant device 102.
具体地,安全服务器103向调参设备102发送该加密信息。该加密信息携带有已加密的认证证书。可选地,该加密信息同时携带有已加密的用于建立加密通信的密钥和该认证证书。Specifically, the security server 103 sends the encrypted information to the assistant device 102. The encrypted information carries an encrypted authentication certificate. Optionally, the encrypted information carries both the encrypted key used to establish encrypted communication and the authentication certificate.
步骤S36,调参设备102向RTK设备101发送该加密信息。In step S36, the assistant device 102 sends the encrypted information to the RTK device 101.
该加密信息携带有已加密的认证证书。可选地,该加密信息同时携带有已加密的用于建立加密通信的密钥和该认证证书。The encrypted information carries an encrypted authentication certificate. Optionally, the encrypted information carries both the encrypted key used to establish encrypted communication and the authentication certificate.
RTK设备101存储该加密信息。The RTK device 101 stores this encrypted information.
步骤S37,RTK设备101使用该RTK设备101的标识生成用于解密该加密信息的密钥。In step S37, the RTK device 101 uses the ID of the RTK device 101 to generate a key for decrypting the encrypted information.
应知,步骤S31所述的标识与步骤S37所述的标识是相同的标识。即步骤S37用于生成解密密钥的标识与步骤S31调参设备102获取的标识是相同的标识。It should be understood that the identifier described in step S31 and the identifier described in step S37 are the same identifier. That is, the identifier used to generate the decryption key in step S37 is the same as the identifier acquired by the assistant device 102 in step S31.
可选地,RTK设备101获取所述RTK设备的标识,对获取的标识进行合法性验证,在合法性验证通过后使用所述RTK设备的标识生成用于解密所述加密信息的密钥。Optionally, the RTK device 101 acquires the ID of the RTK device, performs legality verification on the acquired ID, and uses the ID of the RTK device to generate a key for decrypting the encrypted information after the legality verification is passed.
举例说明,RTK设备101启动时,首先从加载程序(例如bootloader)中获取RTK设备101的标识。然后对获取到的标识进行合法性验证,在合法性验证通过后,才能使用该标识生成用于解密所述加密信息的密钥。如果合法性验证未通过,则可以不做处理。可选地,RTK设备101的标识通过合法性验证后,使用该标识生成用于解密所述加密信息的密钥,并将生成的密钥存储至存储模块SPRAM中,便于后续使用该密钥。For example, when the RTK device 101 is started, the ID of the RTK device 101 is first obtained from a loader (such as a bootloader). Then, the legality verification is performed on the obtained identification. After the verification of the legality is passed, the identification can be used to generate a key for decrypting the encrypted information. If the legality verification fails, no processing is required. Optionally, after the ID of the RTK device 101 passes the legality verification, the ID is used to generate a key for decrypting the encrypted information, and the generated key is stored in the storage module SPRAM to facilitate subsequent use of the key.
步骤S38,RTK设备101使用生成的密钥从该加密信息中解密出该认证证书。In step S38, the RTK device 101 decrypts the authentication certificate from the encrypted information using the generated key.
举例说明,计算RTK设备的SN的哈希值,将计算得到的哈希值转换为M位的第一二进制数;计算RTK设备的星历数据的哈希值,将计算得到的哈希值转换为M位的 第二二进制数,M为正整数。该第一二进制数和第二二进制数即为用于解密该加密信息的密钥。对认证证书解密的过程为:先将该加密信息中按照M位划分出Q个数据片段;然后将Q个数据片段分别与第二二进制数做或运算;再将经过异或运算的Q个数据片段分别与第一二进制数进行异或运算,得到解密后的信息。解密后的信息包括明文的该认证证书,解密后的信息还可能包括用于建立加密通信的密钥。Q为正整数。For example, calculate the hash value of the SN of the RTK device, convert the calculated hash value into the first binary number of M bits; calculate the hash value of the ephemeris data of the RTK device, and calculate the hash The value is converted to a second binary number of M bits, where M is a positive integer. The first binary number and the second binary number are the keys used to decrypt the encrypted information. The process of decrypting the authentication certificate is as follows: first divide the encrypted information into Q data fragments according to M bits; and then perform an OR operation on the Q data fragments and the second binary number; and then perform the XOR operation on the Q Each piece of data is XORed with the first binary number to obtain the decrypted information. The decrypted information includes the authentication certificate in plain text, and the decrypted information may also include a key used to establish encrypted communication. Q is a positive integer.
步骤S39,RTK设备101使用该认证证书建立与安全服务器103的通信。In step S39, the RTK device 101 uses the authentication certificate to establish communication with the security server 103.
本申请中,通过步骤S37、步骤S38和步骤S39,RTK设备101可以根据RTK设备101的标识生成解密的密钥,使用该密钥从该加密信息中解密出认证证书。这样,RTK设备101可以使用该认证证书与安全服务器103建立合法的通信连接。In this application, through step S37, step S38, and step S39, the RTK device 101 may generate a decryption key according to the identifier of the RTK device 101, and use the key to decrypt the authentication certificate from the encrypted information. In this way, the RTK device 101 can use the authentication certificate to establish a legal communication connection with the security server 103.
可选地,RTK设备101使用根据该RTK设备101的标识生成的用于解密的密钥从该加密信息中解密用于建立加密通信的密钥和该认证证书。这样,RTK设备101可以使用该认证证书与安全服务器103建立加密的通信连接,例如建立基于SSL的加密通信连接。Optionally, the RTK device 101 uses the key for decryption generated according to the identifier of the RTK device 101 to decrypt the key and the authentication certificate for establishing encrypted communication from the encrypted information. In this way, the RTK device 101 can use the authentication certificate to establish an encrypted communication connection with the security server 103, for example, to establish an encrypted communication connection based on SSL.
可选地,安全服务器103为连续运行参考站(Continuously Operating Reference Stations,CORS)。在RTK设备101与CORS建立基于SSL的加密通信后,CORS可以向RTK设备101发送加密的RTCM数据。该RTCM数据携带全球导航卫星系统(Global Navigation Satellite System,,GNSS)差分数据,该GNSS差分数据也可以替换为差分全球定位系统(Differential Global Positioning System,DGPS)差分数据;即该RTCM数据携带GNSS差分数据或者DGPS差分数据。Optionally, the security server 103 is a continuously running reference station (Continuously Operating Reference Stations, CORS). After the RTK device 101 establishes SSL-based encrypted communication with CORS, CORS can send the encrypted RTCM data to the RTK device 101. The RTCM data carries global navigation satellite system (Global Navigation Satellite System, GNSS) differential data, and the GNSS differential data can also be replaced with differential global positioning system (Differential Global Positioning System, DGPS) differential data; that is, the RTCM data carries GNSS differential Data or DGPS differential data.
下面以RTCM SC-104协议的数据格式举例说明。The following uses the data format of the RTCM SC-104 protocol as an example.
RTCM数据的基本帧格式由数目可变的30比特字组成,每个字的25~30位是奇偶校验位。每一帧的前两个字称为报头,报头内容如下所示:The basic frame format of RTCM data consists of a variable number of 30-bit words, with 25 to 30 bits of each word being parity bits. The first two words of each frame are called headers. The contents of the header are as follows:
Figure PCTCN2018124015-appb-000001
Figure PCTCN2018124015-appb-000001
引导字,可以由固定序列01100110组成,供用户搜索同步使用。The guide word can be composed of a fixed sequence of 01100110, which is used for user search synchronization.
帧标识(帧ID),用于标识电文类型。Frame identification (frame ID), used to identify the type of message.
基准站标识(基准站ID),记录基准站的序号。The base station identification (base station ID) records the serial number of the base station.
修正Z计数器,记录DGPS差分数据(或者DGPS差分数据)的时间基准,分辨率为0.6s,范围为0~3599.4s;这样用户可根据RTK设备101的时间确定Z计数器对应的准确GPS时间。Revise the Z counter to record the time reference of DGPS differential data (or DGPS differential data) with a resolution of 0.6s and a range of 0 to 3599.4s; so that the user can determine the accurate GPS time corresponding to the Z counter based on the time of the RTK device 101.
序列号,是按每个帧增加的,用于验证帧同步。The serial number is increased by each frame and is used to verify frame synchronization.
帧长度,表明了本帧除报头以外的字数,也就标识了本帧的终止位置。The frame length indicates the number of words in this frame except for the header, which also identifies the end position of this frame.
基准站健康状况,表示基准站是否工作正常以及基准站的传输是否被监测到。The health status of the base station indicates whether the base station is working properly and whether the transmission of the base station is monitored.
负载(payload),用于记录GNSS差分数据或者DGPS差分数据。The payload is used to record GNSS differential data or DGPS differential data.
DGPS差分数据,记录“比例因子”、“UDRE”、“卫星标识”、“伪距及其变化率校正值”和“数据期号”。GNSS差分数据跟DGPS差分数据记录的内容类似。DGPS differential data, record "scale factor", "UDRE", "satellite identification", "pseudorange and its rate of change correction value" and "data period number". GNSS differential data is similar to DGPS differential data records.
下面以RTCM SC-104协议的数据格式举例说明解密算法。The decryption algorithm is exemplified by the data format of the RTCM SC-104 protocol.
解密的第一步,字节扫描。具体地,RTCM数据中,通常只有低6位是有效位,7、8位是填充位,7位置“1”,8位置“0”。所以,接收到的字节值只有在64~127之间,才是有效的,否则就要删除掉。The first step in decryption is byte scanning. Specifically, in RTCM data, usually only the lower 6 bits are valid bits, the 7 and 8 bits are padding bits, the 7 position is "1", and the 8 position is "0". Therefore, the received byte value is only valid between 64 and 127, otherwise it will be deleted.
解密的第二步,字节滚动。具体地,由于通用异步收发传输器(Universal Asynchronous Receiver/Transmitter,UART)为异步通信,优先发送或接收低位数据,收到的RTCM字节后低6位必须进行字节滚动,但7、8两位不参与滚动。The second step of decryption, byte rolling. Specifically, because the Universal Asynchronous Receiver/Transmitter (UART) is asynchronous communication, priority is given to sending or receiving low-level data. The lower 6 bits of the received RTCM byte must be byte-rolled, but both 7 and 8 Bit does not participate in scrolling.
解密的第三步,字节取补码。具体地,按上述步骤处理连续5个RTCM字节后,将每个字节的低6位连接起来,得到一个完整的RTCM字。与GPS导航电文类似,若前一个字的最后一个bit d30为1,则当前字的前24位d1~d24需要取补码;若d30为0,则当前字保持不变。In the third step of decryption, the bytes are complemented. Specifically, after processing 5 consecutive RTCM bytes according to the above steps, the lower 6 bits of each byte are connected to obtain a complete RTCM word. Similar to the GPS navigation message, if the last bit of the previous word d30 is 1, the first 24 bits d1 to d24 of the current word need to be complemented; if d30 is 0, the current word remains unchanged.
解密的第四步,字节跳页。当需要进行逻辑左移操作时,采用跳页处理。The fourth step of decryption, byte page jumping. When logical left shift operation is required, page jump processing is adopted.
解密的第五步,电文同步。具体地,RTCM数据中,每帧起始是引导字01100110,先在数据串中找到该序列,然后进行奇偶校验。若奇偶校验通过,则开始解码。如果能够正确解码,则认为该引导字正确,完成电文同步;若不能正确解码,则需要重新搜索引导字。In the fifth step of decryption, the message is synchronized. Specifically, in RTCM data, the start of each frame is the leading word 01100110, first find the sequence in the data string, and then perform parity check. If the parity check passes, the decoding starts. If it can be decoded correctly, the pilot word is considered correct and the message synchronization is completed; if it cannot be decoded correctly, the pilot word needs to be searched again.
解密的第六步,奇偶校验。具体地,奇偶校验是根据接收到的RTCM数据计算出新的奇偶校验比特,并与当前接收到的奇偶校验比特比较。若两者一致,则校验通过;若不一致,则校验未通过,必须重新搜索引导字进行同步。The sixth step of decryption, parity. Specifically, the parity check is to calculate a new parity bit according to the received RTCM data, and compare it with the currently received parity bit. If the two are consistent, the verification is passed; if the two are not consistent, the verification is not passed, and the pilot word must be searched again for synchronization.
如果上述用于解密RTCM数据的六步均通过,则可以从该RTCM数据中,解密出RTCM数据携带的GNSS差分数据或者DGPS差分数据。后续可以使用该GNSS差分数据或者DGPS差分数据对无人机进行手持打点等操作。If the above six steps for decrypting RTCM data all pass, the GNSS differential data or DGPS differential data carried in the RTCM data can be decrypted from the RTCM data. The GNSS differential data or DGPS differential data can be used to perform operations such as hand-held hitting on the UAV.
在上述基于图2提供的系统交互实施例的基础上,本申请提供一种加密通信系统,如图1所示。Based on the foregoing system interaction embodiment provided based on FIG. 2, the present application provides an encrypted communication system, as shown in FIG. 1.
如图1所示,在该加密通信系统中,所述加密通信系统包括:RTK设备101、安全 服务器103以及调参设备102。As shown in FIG. 1, in the encrypted communication system, the encrypted communication system includes: an RTK device 101, a security server 103, and a parameter adjustment device 102.
RTK设备101、安全服务器103以及调参设备102分别具有执行上述系统交互实施例中各自负责的步骤的功能。The RTK device 101, the security server 103, and the assistant device 102 each have a function of executing the steps in the above-mentioned system interaction embodiment.
下面提供RTK设备101、安全服务器103以及调参设备102的一种功能举例。The following provides an example of functions of the RTK device 101, the security server 103, and the assistant device 102.
调参设备102,用于从所述RTK设备101获取所述RTK设备101的标识,使用所述标识向安全服务器103请求认证证书,接收所述安全服务器103反馈的加密信息,向所述RTK设备101发送所述加密信息,所述加密信息包括基于所述标识加密后的认证证书。The assistant device 102 is used to obtain the identifier of the RTK device 101 from the RTK device 101, use the identifier to request an authentication certificate from the security server 103, receive the encrypted information fed back by the security server 103, and send the RTK device 101 Send the encrypted information, the encrypted information including an authentication certificate encrypted based on the identifier.
安全服务器103,用于从所述调参设备102接收携带有RTK设备101的标识的请求,生成认证证书,基于所述标识对所述认证证书加密,向所述调参设备102反馈携带有已加密的认证证书的加密信息。The security server 103 is configured to receive a request carrying the identifier of the RTK device 101 from the assistant device 102, generate an authentication certificate, encrypt the authentication certificate based on the identifier, and feed back to the assistant device 102 Encrypted information of encrypted authentication certificate.
RTK设备101,用于从所述调参设备102接收所述安全服务器103生成的加密信息,所述加密信息包括基于所述RTK设备101的标识加密后的认证证书。The RTK device 101 is configured to receive the encrypted information generated by the security server 103 from the assistant device 102, and the encrypted information includes an authentication certificate encrypted based on the identifier of the RTK device 101.
RTK设备101,还用于使用所述RTK设备101的标识生成用于解密所述加密信息的密钥,使用生成的密钥从所述加密信息中解密出所述认证证书,以及使用所述认证证书建立与所述安全服务器103的通信。The RTK device 101 is also used to generate a key for decrypting the encrypted information using the ID of the RTK device 101, use the generated key to decrypt the authentication certificate from the encrypted information, and use the authentication The certificate establishes communication with the security server 103.
可选地,所述RTK设备101,用于使用生成的密钥从所述加密信息中解密出用于与所述安全服务器103建立通信的密钥,所述加密信息还包括基于所述标识加密后的密钥。Optionally, the RTK device 101 is configured to decrypt the key used to establish communication with the security server 103 from the encrypted information using the generated key, and the encrypted information further includes encryption based on the identifier Key.
可选地,所述RTK设备101,用于使用所述认证证书和解密出的密钥建立与所述安全服务器103的基于安全套接层SSL的加密通信。Optionally, the RTK device 101 is configured to use the authentication certificate and the decrypted key to establish an encrypted communication with the security server 103 based on a secure socket layer SSL.
可选地,所述RTK设备101,用于获取所述RTK设备101的标识,对获取的标识进行合法性验证,在合法性验证通过后使用所述RTK设备101的标识生成用于解密所述加密信息的密钥。Optionally, the RTK device 101 is used to obtain the ID of the RTK device 101, verify the validity of the obtained ID, and use the ID of the RTK device 101 to generate the decryption after the validity verification is passed The key to encrypt information.
可选地,所述安全服务器103,用于生成与所述认证证书对应的密钥,基于所述标识对所述认证证书对应的密钥加密,将加密的密钥携带在所述加密信息中。Optionally, the security server 103 is configured to generate a key corresponding to the authentication certificate, encrypt the key corresponding to the authentication certificate based on the identifier, and carry the encrypted key in the encrypted information .
可选地,安全服务器103,用于计算所述RTK设备101的SN的哈希值,将计算得到的哈希值转换为M位的第一二进制数,M为正整数;计算所述RTK设备101的星历数据的哈希值,将计算得到的哈希值转换为M位的第二二进制数;将所述认证证书按照M位划分出N个数据片段,将所述N个数据片段分别与所述第一二进制数做异或运算,将经过异或运算的所述N个数据片段分别与所述第二二进制数进行或运算,得到加密后的该认证证书,N为正整数。同理,安全服务器10基于类似方式,使用该第一二 进制数和该第二二进制数对用于用于与所述安全服务器103建立通信的密钥进行加密。Optionally, the security server 103 is configured to calculate the hash value of the SN of the RTK device 101, convert the calculated hash value into an M-bit first binary number, and M is a positive integer; calculate the The hash value of the ephemeris data of the RTK device 101 converts the calculated hash value into an M-bit second binary number; divides the authentication certificate into N data fragments according to M bits, and divides the N Each data segment performs an XOR operation with the first binary number, and performs an OR operation on the N data segments subjected to the XOR operation with the second binary number to obtain the encrypted authentication Certificate, N is a positive integer. Similarly, the security server 10 uses the first binary number and the second binary number to encrypt the key used to establish communication with the security server 103 in a similar manner.
可选地,RTK设备101,用于计算RTK设备101的SN的哈希值,将计算得到的哈希值转换为M位的第一二进制数;计算RTK设备101的星历数据的哈希值,将计算得到的哈希值转换为M位的第二二进制数,所述第一二进制数和所述第二进制数为用于解密所述加密信息的密钥。Optionally, the RTK device 101 is used to calculate the hash value of the SN of the RTK device 101, and convert the calculated hash value into an M-bit first binary number; calculate the ephemeris data of the RTK device 101 Hopefully, the calculated hash value is converted into an M-bit second binary number, and the first binary number and the second binary number are keys used to decrypt the encrypted information.
RTK设备101,用于对认证证书解密,包括:将该加密信息中按照M位划分出Q个数据片段,将Q个数据片段分别与第二二进制数做或运算,将经过异或运算的Q个数据片段分别与第一二进制数进行异或运算,得到解密后的信息,Q为正整数。The RTK device 101 is used to decrypt the authentication certificate, including: dividing the encrypted information into Q data fragments according to M bits, and performing an OR operation on the Q data fragments and the second binary number, respectively, and performing an exclusive OR operation Q pieces of data are XORed with the first binary number to obtain the decrypted information, Q is a positive integer.
解密后的信息包括明文的该认证证书,解密后的信息还可能包括用于建立加密通信的密钥。The decrypted information includes the authentication certificate in plain text, and the decrypted information may also include a key used to establish encrypted communication.
在上述基于图2提供的系统交互实施例的基础上,针对调参设备102提供一种加密通信方法,如图3所示。On the basis of the system interaction embodiment provided based on FIG. 2 described above, an encrypted communication method is provided for the assistant device 102, as shown in FIG. 3.
步骤S31,调参设备102获取RTK设备101的标识。In step S31, the assistant device 102 obtains the identifier of the RTK device 101.
具体地,调参设备102从所述RTK设备101获取所述RTK设备101的标识。获取的具体实施方式,参见上述系统交互实施例的描述。Specifically, the assistant device 102 obtains the identifier of the RTK device 101 from the RTK device 101. For the specific implementation manner of acquisition, refer to the description of the foregoing system interaction embodiment.
RTK设备101的标识包括:所述RTK设备101的序列号(Serial Number,SN)和/或所述RTK设备101的星历数据。可选地,所述RTK设备101的星历数据是指RTK设备101从全球导航卫星系统(Global Navigation Satellite System,GNSS)接收的星历数据。The identifier of the RTK device 101 includes: a serial number (SN) of the RTK device 101 and/or ephemeris data of the RTK device 101. Optionally, the ephemeris data of the RTK device 101 refers to the ephemeris data received by the RTK device 101 from the Global Navigation Satellite System (Global Navigation Satellite System, GNSS).
可选地,RTK设备101为应用于无人机的RTK设备。Optionally, the RTK device 101 is an RTK device applied to a drone.
步骤S32,调参设备102使用所述标识向安全服务器103请求认证证书。In step S32, the assistant device 102 uses the identifier to request an authentication certificate from the security server 103.
具体地,调参设备102向安全服务器103发送请求,该请求携带RTK设备101的标识,该请求具体用于向安全服务器103请求认证证书。Specifically, the assistant device 102 sends a request to the security server 103, the request carries the identifier of the RTK device 101, and the request is specifically used to request the security server 103 for an authentication certificate.
步骤S33,调参设备102接收所述安全服务器103反馈的加密信息。In step S33, the assistant device 102 receives the encrypted information fed back by the security server 103.
其中,所述加密信息包括基于所述标识加密后的认证证书。具体地,该安全服务器103基于该RTK设备101的标识使用加密算法对该认证证书加密,然后将加密后的该认证证书携带在该加密信息中。Wherein, the encrypted information includes an authentication certificate encrypted based on the identifier. Specifically, the security server 103 uses an encryption algorithm to encrypt the authentication certificate based on the identifier of the RTK device 101, and then carries the encrypted authentication certificate in the encrypted information.
可选地,所述加密信息还包括基于所述标识加密后的密钥。具体地,该安全服务器103基于该RTK设备101的标识使用加密算法对该密钥加密,然后将加密后的该密钥携带在该加密信息中。该密钥为用于RTK设备101与安全服务器103建立加密通信的密钥。Optionally, the encrypted information further includes a key encrypted based on the identifier. Specifically, the security server 103 encrypts the key using an encryption algorithm based on the identification of the RTK device 101, and then carries the encrypted key in the encrypted information. This key is a key used to establish encrypted communication between the RTK device 101 and the security server 103.
可选地,所述加密信息包括的所述认证证书和所述密钥,用于建立所述RTK设备与所述安全服务器的SSL通信。Optionally, the authentication certificate and the key included in the encrypted information are used to establish SSL communication between the RTK device and the security server.
步骤S34,调参设备102向所述RTK设备101发送所述加密信息。In step S34, the assistant device 102 sends the encrypted information to the RTK device 101.
这样,RTK设备101可以使用RTK设备101本地存储的标识生成用于解密该加密信息的密钥。并使用该密钥从该加密信息中获取到用于RTK设备101与安全服务器103建立加密通信的认证证书和密钥。后续,RTK设备101可以使用解密出的认证证书和密钥,请求与安全服务器103建立加密的通信连接。可选地,解密出的认证证书和密钥用于基于SSL建立加密的通信连接。In this way, the RTK device 101 can use the identifier stored locally by the RTK device 101 to generate a key for decrypting the encrypted information. And use the key to obtain the authentication certificate and key for the RTK device 101 and the security server 103 to establish encrypted communication from the encrypted information. Subsequently, the RTK device 101 may use the decrypted authentication certificate and key to request an encrypted communication connection with the security server 103. Optionally, the decrypted authentication certificate and key are used to establish an encrypted communication connection based on SSL.
在上述基于图2提供的系统交互实施例的基础上,针对安全服务器103提供一种加密通信方法,如图4所示。Based on the foregoing system interaction embodiment provided based on FIG. 2, an encrypted communication method is provided for the security server 103, as shown in FIG. 4.
步骤S41,安全服务器103接收携带有RTK设备101的标识的请求。In step S41, the security server 103 receives a request carrying the identifier of the RTK device 101.
具体地,该请求用于从安全服务器103请求用于建立通信的认证证书。可选的,该请求还可以用于从安全服务器103请求用于建立加密通信的密钥。Specifically, the request is used to request an authentication certificate for establishing communication from the security server 103. Optionally, the request can also be used to request a key for establishing encrypted communication from the security server 103.
可选的,该请求可以是RTK设备101发送的。Optionally, the request may be sent by the RTK device 101.
可选的,该请求可以是调参设备102发送的。Optionally, the request may be sent by the assistant device 102.
步骤S42,安全服务器103生成认证证书。In step S42, the security server 103 generates an authentication certificate.
安全服务器103响应调参设备102发送的请求,生成用于对RTK设备101进行安全认证的认证证书。通过该认证证书,RTK设备101可以请求与安全服务器103建立通信连接。In response to the request sent by the assistant device 102, the security server 103 generates an authentication certificate for performing security authentication on the RTK device 101. With this authentication certificate, the RTK device 101 can request to establish a communication connection with the security server 103.
可选地,安全服务器103在响应调参设备102发送的请求时,使用RTK设备101的标识生成该认证证书对应的密钥。结合该密钥和该认证证书,RTK设备101可以请求与安全服务器103建立加密的通信连接,例如建立基于SSL的加密通信连接。Optionally, in response to the request sent by the assistant device 102, the security server 103 uses the identifier of the RTK device 101 to generate the key corresponding to the authentication certificate. Combining the key and the authentication certificate, the RTK device 101 may request to establish an encrypted communication connection with the security server 103, for example, establish an encrypted communication connection based on SSL.
应知,不同RTK设备101具有不同的标识,即每个RTK设备101具有唯一的标识。因此,基于不同RTK设备101的标识生成的密钥,也是不同的,唯一的。相比之下,伪造的RTK设备不具有标识,因此也不会具有该标识对应的密钥,从而无法建立与安全服务器103建立加密的通信连接。It should be understood that different RTK devices 101 have different identifications, that is, each RTK device 101 has a unique identification. Therefore, the keys generated based on the identifications of different RTK devices 101 are also different and unique. In contrast, the fake RTK device does not have an identification, and therefore does not have a key corresponding to the identification, so that it is impossible to establish an encrypted communication connection with the security server 103.
可选地,所述加密信息包括的所述认证证书和所述密钥,用于建立所述RTK设备101与所述安全服务器103的基于安全套接层SSL的加密通信。Optionally, the authentication certificate and the key included in the encrypted information are used to establish a secure socket layer SSL-based encrypted communication between the RTK device 101 and the security server 103.
步骤S43,安全服务器103基于所述标识对该认证证书加密。In step S43, the security server 103 encrypts the authentication certificate based on the identification.
安全服务器103具有加密算法,本申请对该加密算法具体为用于加密的哪种算法不做限定。The security server 103 has an encryption algorithm, and this application does not limit which encryption algorithm is specifically used for encryption.
可选地,该加密算法为对称加密算法。举例说明,对称加密算法可以是数据加密标 准(Data Encryption Standard,DES),或者是三重数据加密算法(Triple Data Encryption Algorithm,TDEA),或者是高级加密标准(Advanced Encryption Standard,AES)。Optionally, the encryption algorithm is a symmetric encryption algorithm. For example, the symmetric encryption algorithm can be Data Encryption Standard (DES), Triple Data Encryption Algorithm (Triple Data Encryption Algorithm, TDEA), or Advanced Encryption Standard (Advanced Encryption Standard, AES).
举例说明,计算RTK设备的SN的哈希值,将计算得到的哈希值转换为M位的第一二进制数;计算RTK设备的星历数据的哈希值,将计算得到的哈希值转换为M位的第二二进制数,M为正整数。对认证证书加密的过程为:先将认证证书按照M位划分出N个数据片段;然后将N个数据片段分别与第一二进制数做异或运算;再将经过异或运算的N个数据片段分别与第二二进制数进行或运算,得到加密后的该认证证书。For example, calculate the hash value of the SN of the RTK device, convert the calculated hash value into the first binary number of M bits; calculate the hash value of the ephemeris data of the RTK device, and calculate the hash The value is converted to a second binary number of M bits, where M is a positive integer. The process of encrypting the authentication certificate is as follows: first divide the authentication certificate into N data fragments according to M bits; then perform the exclusive OR operation on the N data fragments and the first binary number; and then the N pieces after the exclusive OR operation The data fragments are ORed with the second binary number to obtain the encrypted certificate.
可选地,该加密算法为非对称加密算法。举例说明,非对称加密算法可以是RSA算法,或者可以是DSA(Digital Signature Algorithm)算法,或者是椭圆曲线密码学(Elliptic curve cryptography,ECC)算法。Optionally, the encryption algorithm is an asymmetric encryption algorithm. For example, the asymmetric encryption algorithm may be the RSA algorithm, or may be the DSA (Digital Signature Algorithm) algorithm, or the elliptic curve cryptography (Elliptic curve cryptography, ECC) algorithm.
安全服务器103基于RTK设备101的标识使用该加密算法对该认证证书加密。The security server 103 uses the encryption algorithm to encrypt the authentication certificate based on the identification of the RTK device 101.
可选地,安全服务器103基于所述标识对所述认证证书对应的密钥加密。具体地,对于基于RTK设备101的标识生成的用于建立加密通信的密钥(即该认证证书对应的密钥),安全服务器103仍然基于RTK设备101的标识使用该加密算法对该密钥进行加密。Optionally, the security server 103 encrypts the key corresponding to the authentication certificate based on the identification. Specifically, for the key for establishing encrypted communication (that is, the key corresponding to the authentication certificate) generated based on the ID of the RTK device 101, the security server 103 still uses the encryption algorithm to perform the key on the key based on the ID of the RTK device 101 encryption.
可选地,安全服务器103可以同时对用于建立加密通信的密钥和认证证书进行加密。或者,安全服务器103可以分别对用于建立加密通信的密钥和认证证书进行分开加密。Alternatively, the security server 103 may simultaneously encrypt the key and the authentication certificate used to establish encrypted communication. Alternatively, the security server 103 may separately encrypt the key and the authentication certificate used to establish the encrypted communication.
步骤S44,安全服务器103反馈携带有已加密的认证证书的加密信息。In step S44, the security server 103 feeds back the encrypted information carrying the encrypted authentication certificate.
具体地,该加密信息携带有已加密的认证证书。可选地,该加密信息同时携带有已加密的用于建立加密通信的密钥和该认证证书。Specifically, the encrypted information carries an encrypted authentication certificate. Optionally, the encrypted information carries both the encrypted key used to establish encrypted communication and the authentication certificate.
可选地,在步骤S41中,如果是调参设备102发送的请求,则安全服务器103向调参设备102发送该加密信息。Optionally, in step S41, if it is a request sent by the assistant device 102, the security server 103 sends the encrypted information to the assistant device 102.
可选地,在步骤S41中,如果是RTK设备101发送的请求,则安全服务器103向RTK设备101发送该加密信息。Optionally, in step S41, if it is a request sent by the RTK device 101, the security server 103 sends the encrypted information to the RTK device 101.
在上述基于图2提供的系统交互实施例的基础上,针对RTK设备101提供一种加密通信方法,如图5所示。Based on the above system interaction embodiment provided based on FIG. 2, an encrypted communication method is provided for the RTK device 101, as shown in FIG. 5.
步骤S51,RTK设备101接收安全服务器103生成的加密信息。In step S51, the RTK device 101 receives the encrypted information generated by the security server 103.
可选地,RTK设备101是接收安全服务器103发送的该加密信息。Optionally, the RTK device 101 receives the encrypted information sent by the security server 103.
可选地,RTK设备101是接收调参设备102转发的安全服务器103生成的加密信息。Optionally, the RTK device 101 is to receive encrypted information generated by the security server 103 forwarded by the assistant device 102.
应知,不同RTK设备101具有不同的标识,即每个RTK设备101具有唯一的标识。因此,基于不同RTK设备101的标识生成的加密信息(包括用于建立通信的认证证书和密钥),也是不同的,唯一的。相比之下,伪造的RTK设备不具有标识,也不会接 收到该标识对应的加密信息,从而无法建立与安全服务器103建立加密的通信连接。It should be understood that different RTK devices 101 have different identifications, that is, each RTK device 101 has a unique identification. Therefore, the encrypted information (including the authentication certificate and key used to establish communication) generated based on the identification of different RTK devices 101 is also different and unique. In contrast, a fake RTK device does not have an identifier, nor does it receive encrypted information corresponding to the identifier, so that an encrypted communication connection with the security server 103 cannot be established.
步骤S52,RTK设备101使用RTK设备101的标识生成用于解密该加密信息的密钥。In step S52, the RTK device 101 uses the ID of the RTK device 101 to generate a key for decrypting the encrypted information.
可选地,RTK设备101获取所述RTK设备101的标识,对获取的标识进行合法性验证。RTK设备101在合法性验证通过后,使用所述RTK设备101的标识生成用于解密所述加密信息的密钥。Optionally, the RTK device 101 obtains the identifier of the RTK device 101, and performs legality verification on the obtained identifier. After passing the legality verification, the RTK device 101 uses the ID of the RTK device 101 to generate a key for decrypting the encrypted information.
步骤S53,RTK设备101使用生成的密钥从该加密信息中解密出所述认证证书。In step S53, the RTK device 101 decrypts the authentication certificate from the encrypted information using the generated key.
可选地,RTK设备101还可以使用生成的密钥从所述加密信息中解密出用于与所述安全服务器103建立通信的密钥。Optionally, the RTK device 101 may also use the generated key to decrypt the key used to establish communication with the security server 103 from the encrypted information.
举例说明,计算RTK设备的SN的哈希值,将计算得到的哈希值转换为M位的第一二进制数;计算RTK设备的星历数据的哈希值,将计算得到的哈希值转换为M位的第二二进制数,M为正整数。该第一二进制数和第二二进制数即为用于解密该加密信息的密钥。对认证证书解密的过程为:先将该加密信息中按照M位划分出Q个数据片段;然后将Q个数据片段分别与第二二进制数做或运算;再将经过异或运算的Q个数据片段分别与第一二进制数进行异或运算,得到解密后的信息。解密后的信息包括明文的该认证证书,解密后的信息还可能包括用于建立加密通信的密钥。For example, calculate the hash value of the SN of the RTK device, convert the calculated hash value into the first binary number of M bits; calculate the hash value of the ephemeris data of the RTK device, and calculate the hash The value is converted to a second binary number of M bits, where M is a positive integer. The first binary number and the second binary number are the keys used to decrypt the encrypted information. The process of decrypting the authentication certificate is as follows: first divide the encrypted information into Q data fragments according to M bits; and then perform an OR operation on the Q data fragments and the second binary number; and then perform the XOR operation on the Q Each piece of data is XORed with the first binary number to obtain the decrypted information. The decrypted information includes the authentication certificate in plain text, and the decrypted information may also include a key used to establish encrypted communication.
步骤S54,RTK设备101使用该认证证书建立与安全服务器103的通信。In step S54, the RTK device 101 uses the authentication certificate to establish communication with the security server 103.
本申请中,通过步骤S51到步骤54,RTK设备101可以根据RTK设备101的标识生成解密的密钥,使用该密钥从该加密信息中解密出认证证书。这样,RTK设备101可以使用该认证证书与安全服务器103建立合法的通信连接。In this application, through step S51 to step 54, the RTK device 101 may generate a decryption key according to the identifier of the RTK device 101, and use the key to decrypt the authentication certificate from the encrypted information. In this way, the RTK device 101 can use the authentication certificate to establish a legal communication connection with the security server 103.
可选地,RTK设备101使用根据该RTK设备101的标识生成的用于解密的密钥从该加密信息中解密用于建立加密通信的密钥和该认证证书。RTK设备101使用所述认证证书和解密出的密钥建立与所述安全服务器103的基于安全套接层SSL的加密通信。Optionally, the RTK device 101 uses the key for decryption generated according to the identifier of the RTK device 101 to decrypt the key and the authentication certificate for establishing encrypted communication from the encrypted information. The RTK device 101 uses the authentication certificate and the decrypted key to establish an encrypted communication with the security server 103 based on the secure socket layer SSL.
与如图3针对调参设备102提供一种加密通信方法相对应地,本申请还提供一种用于实现该加密通信方法的加密通信装置60,加密通信装置60部署在调参设备102。本申请不对加密通信装置60中的功能模块划分做限定,下面结合图6给出加密通信装置60包含的功能模块的一种划分举例。Corresponding to FIG. 3 providing an encrypted communication method for the parameter adjustment device 102, the present application further provides an encrypted communication device 60 for implementing the encrypted communication method. The encrypted communication device 60 is deployed in the parameter adjustment device 102. This application does not limit the division of functional modules in the encrypted communication device 60. An example of division of the functional modules included in the encrypted communication device 60 is given below with reference to FIG. 6.
参见图6,加密通信装置60包括:6, the encrypted communication device 60 includes:
获取单元61,用于从所述RTK设备101获取所述RTK设备101的标识;An obtaining unit 61, configured to obtain the identifier of the RTK device 101 from the RTK device 101;
请求单元62,用于使用所述标识向安全服务器103请求认证证书;The requesting unit 62 is used to request an authentication certificate from the security server 103 using the identifier;
接收单元63,用于接收所述安全服务器103反馈的加密信息,所述加密信息包括基于所述标识加密后的认证证书;The receiving unit 63 is configured to receive encrypted information fed back by the security server 103, where the encrypted information includes an authentication certificate encrypted based on the identifier;
发送单元,向所述RTK设备101发送所述加密信息。The sending unit sends the encrypted information to the RTK device 101.
可选地,所述加密信息还包括基于所述标识加密后的密钥。Optionally, the encrypted information further includes a key encrypted based on the identifier.
可选地,所述加密信息包括的所述认证证书和所述密钥用于建立所述RTK设备101与所述安全服务器103的基于安全套接层SSL的加密通信。Optionally, the authentication certificate and the key included in the encrypted information are used to establish a secure socket layer SSL-based encrypted communication between the RTK device 101 and the security server 103.
与如图5针对RTK设备101提供一种加密通信方法相对应地,本申请还提供一种用于实现该加密通信方法的加密通信装置70,加密通信装置70部署在RTK设备101。本申请不对加密通信装置70中的功能模块划分做限定,下面结合图7给出加密通信装置70包含的功能模块的一种划分举例。Corresponding to FIG. 5, which provides an encrypted communication method for the RTK device 101, the present application also provides an encrypted communication device 70 for implementing the encrypted communication method. The encrypted communication device 70 is deployed on the RTK device 101. This application does not limit the division of functional modules in the encryption communication device 70. An example of division of the functional modules included in the encryption communication device 70 is given below with reference to FIG. 7.
参见图7,加密通信装置70包括:7, the encrypted communication device 70 includes:
加密通信装置70包括:The encrypted communication device 70 includes:
接收单元71,用于接收安全服务器103生成的加密信息,所述加密信息包括基于所述RTK设备101的标识加密后的认证证书;The receiving unit 71 is configured to receive encrypted information generated by the security server 103, and the encrypted information includes an authentication certificate encrypted based on the identifier of the RTK device 101;
使用单元72,用于使用所述RTK设备101的标识生成用于解密所述加密信息的密钥,使用生成的密钥从所述加密信息中解密出所述认证证书,以及使用所述认证证书建立与所述安全服务器103的通信。The using unit 72 is used to generate a key for decrypting the encrypted information using the identifier of the RTK device 101, use the generated key to decrypt the authentication certificate from the encrypted information, and use the authentication certificate Establish communication with the security server 103.
可选地,所述使用单元72,用于使用生成的密钥从所述加密信息中解密出用于与所述安全服务器103建立通信的密钥,所述加密信息还包括基于所述标识加密后的密钥。Optionally, the using unit 72 is configured to use the generated key to decrypt the key used to establish communication with the security server 103 from the encrypted information, the encrypted information further includes encryption based on the identifier Key.
可选地,所述使用单元72,用于使用所述认证证书和解密出的密钥建立与所述安全服务器103的基于安全套接层SSL的加密通信。Optionally, the use unit 72 is configured to use the authentication certificate and the decrypted key to establish an encrypted communication with the security server 103 based on a secure socket layer SSL.
可选地,所述使用单元72,用于:获取所述RTK设备101的标识,对获取的标识进行合法性验证以及在合法性验证通过后使用所述RTK设备101的标识生成用于解密所述加密信息的密钥。Optionally, the using unit 72 is configured to: obtain the ID of the RTK device 101, perform legality verification on the obtained ID, and use the ID of the RTK device 101 to generate a decryption device after the legality verification is passed The key to encrypt information.
可选地,所述使用单元72,用于:Optionally, the use unit 72 is configured to:
计算RTK设备101的SN的哈希值,将计算得到的哈希值转换为M位的第一二进制数;Calculate the hash value of the SN of the RTK device 101, and convert the calculated hash value into an M-bit first binary number;
计算RTK设备101的星历数据的哈希值,将计算得到的哈希值转换为M位的第二二进制数,所述第一二进制数和所述第二进制数为用于解密所述加密信息的密钥。Calculate the hash value of the ephemeris data of the RTK device 101, convert the calculated hash value into an M-bit second binary number, the first binary number and the second binary number are used for decryption The key of the encrypted information.
与如图4针对安全服务器103提供一种加密通信方法,相对应地,本申请还提供一种用于实现该加密通信方法的加密通信装置80,加密通信装置80部署在安全服务器103。本申请不对加密通信装置80中的功能模块划分做限定,下面结合图8给出加密通信装置80包含的功能模块的一种划分举例。Corresponding to FIG. 4, which provides an encrypted communication method for the security server 103, the present application also provides an encrypted communication device 80 for implementing the encrypted communication method. The encrypted communication device 80 is deployed on the security server 103. This application does not limit the division of functional modules in the encrypted communication device 80. An example of division of the functional modules included in the encrypted communication device 80 is given below with reference to FIG. 8.
加密通信装置80包括:The encrypted communication device 80 includes:
接收单元81,用于接收携带有RTK设备101的标识的请求;The receiving unit 81 is configured to receive a request carrying the identifier of the RTK device 101;
生成单元82,用于生成认证证书;The generating unit 82 is used to generate an authentication certificate;
加密单元83,用于基于所述标识对所述认证证书加密;An encryption unit 83, configured to encrypt the authentication certificate based on the identification;
反馈单元84,用于反馈携带有已加密的认证证书的加密信息。The feedback unit 84 is configured to feed back encrypted information carrying the encrypted authentication certificate.
可选地,所述生成单元82,用于生成与所述认证证书对应的密钥;Optionally, the generating unit 82 is configured to generate a key corresponding to the authentication certificate;
所述加密单元83,用于基于所述标识对所述认证证书对应的密钥加密;The encryption unit 83 is configured to encrypt the key corresponding to the authentication certificate based on the identification;
所述加密通信装置80包括携带单元85,所述携带单元85用于将加密的密钥携带在所述加密信息中。The encrypted communication device 80 includes a carrying unit 85 for carrying the encrypted key in the encrypted information.
可选地,所述加密信息包括的所述认证证书和所述密钥用于建立所述RTK设备101与所述安全服务器103的基于安全套接层SSL的加密通信。Optionally, the authentication certificate and the key included in the encrypted information are used to establish a secure socket layer SSL-based encrypted communication between the RTK device 101 and the security server 103.
可选地,加密单元83,用于:Optionally, the encryption unit 83 is used to:
计算所述RTK设备101的SN的哈希值,将计算得到的哈希值转换为M位的第一二进制数,M为正整数;Calculate the hash value of the SN of the RTK device 101, and convert the calculated hash value into an M-bit first binary number, where M is a positive integer;
计算所述RTK设备101的星历数据的哈希值,将计算得到的哈希值转换为M位的第二二进制数;Calculate the hash value of the ephemeris data of the RTK device 101, and convert the calculated hash value into an M-bit second binary number;
将所述认证证书按照M位划分出N个数据片段,将所述N个数据片段分别与所述第一二进制数做异或运算,将经过异或运算的所述N个数据片段分别与所述第二二进制数进行或运算,得到加密后的该认证证书,N为正整数。Dividing the authentication certificate into N data fragments according to M bits, performing an exclusive OR operation on the N data fragments and the first binary number respectively, and separately dividing the N data fragments subjected to the exclusive OR operation Perform an OR operation with the second binary number to obtain the encrypted authentication certificate, and N is a positive integer.
本申请还提供一种调参设备102,参加图9,调参设备102包括处理器1021和存储器1022,所述处理器1021和存储器1022通过总线1023连接;所述存储器1022存储计算机指令;所述处理器1021执行存储器1022中的计算机指令,使得调参设备102执行针对调参设备102提供一种加密通信方法,例如图3所示的方法步骤。The present application also provides a parameter adjustment device 102. Referring to FIG. 9, the parameter adjustment device 102 includes a processor 1021 and a memory 1022. The processor 1021 and the memory 1022 are connected through a bus 1023; the memory 1022 stores computer instructions; The processor 1021 executes the computer instructions in the memory 1022, so that the assistant device 102 executes an encrypted communication method for the assistant device 102, for example, the method steps shown in FIG. 3.
可选地,所述处理器1021可以是中央处理单元(Central Processing Unit,CPU),该处理器还可以是其他通用处理器、数字信号处理器(Digital Signal Processor,DSP)、专用集成电路(Application Specific Integrated Circuit,ASIC)、现成可编程门阵列(Field-Programmable Gate Array,FPGA)或者其他可编程逻辑器件、分立门或者晶体管逻辑器件、分立硬件组件等。通用处理器可以是微处理器或者该处理器也可以是任何常规的处理器等。Optionally, the processor 1021 may be a central processing unit (Central Processing Unit, CPU), and the processor may also be other general-purpose processors, digital signal processors (Digital Signal Processor, DSP), and application-specific integrated circuits (Application Specific (Integrated Circuit, ASIC), ready-made programmable gate array (Field-Programmable Gate Array, FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc. The general-purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
可选地,该存储器1022可以包括只读存储器和/或随机存取存储器,并向处理器提供指令和数据。存储器的一部分还可以包括非易失性随机存取存储器。例如,存储器还可以存储设备类型的信息。Optionally, the memory 1022 may include read-only memory and/or random access memory, and provide instructions and data to the processor. A portion of the memory may also include non-volatile random access memory. For example, the memory may also store device type information.
本申请还提供一种安全服务器103,参加图10,安全服务器103包括处理器1031和存储器1032,所述处理器1031和存储器1032通过总线1033连接;所述存储器1032存储计算机指令;所述处理器1031执行存储器中的计算机指令,使得安全服务器103执行针对安全服务器103提供一种加密通信方法,例如执行图4所示的方法步骤。This application also provides a security server 103. Referring to FIG. 10, the security server 103 includes a processor 1031 and a memory 1032. The processor 1031 and the memory 1032 are connected through a bus 1033. The memory 1032 stores computer instructions. The processor 1031 executes computer instructions in the memory, so that the security server 103 executes an encrypted communication method for the security server 103, for example, executes the method steps shown in FIG. 4.
可选地,所述处理器1031可以是中央处理单元(Central Processing Unit,CPU),该处理器还可以是其他通用处理器、数字信号处理器(Digital Signal Processor,DSP)、专用集成电路(Application Specific Integrated Circuit,ASIC)、现成可编程门阵列(Field-Programmable Gate Array,FPGA)或者其他可编程逻辑器件、分立门或者晶体管逻辑器件、分立硬件组件等。通用处理器可以是微处理器或者该处理器也可以是任何常规的处理器等。Optionally, the processor 1031 may be a central processing unit (Central Processing Unit, CPU), and the processor may also be other general-purpose processors, digital signal processors (Digital Signal Processor, DSP), and application-specific integrated circuits (Application Specific (Integrated Circuit, ASIC), ready-made programmable gate array (Field-Programmable Gate Array, FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc. The general-purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
可选地,该存储器1032可以包括只读存储器和/或随机存取存储器,并向处理器提供指令和数据。存储器的一部分还可以包括非易失性随机存取存储器。例如,存储器还可以存储设备类型的信息。Optionally, the memory 1032 may include read-only memory and/or random access memory, and provide instructions and data to the processor. A portion of the memory may also include non-volatile random access memory. For example, the memory may also store device type information.
本申请提供一种RTK设备101,参加图11,RTK设备101包括处理器1011和存储器1012,所述处理器1011和存储器1012通过总线1013连接;所述存储器1012存储计算机指令;所述处理器1011执行存储器1012中的计算机指令,使得RTK设备101执行针对RTK设备101提供一种加密通信方法,例如执行图5所示的方法步骤。This application provides an RTK device 101. Referring to FIG. 11, the RTK device 101 includes a processor 1011 and a memory 1012. The processor 1011 and the memory 1012 are connected through a bus 1013. The memory 1012 stores computer instructions. The processor 1011 The execution of the computer instructions in the memory 1012 causes the RTK device 101 to perform an encrypted communication method provided for the RTK device 101, for example, the method steps shown in FIG. 5 are executed.
可选地,所述处理器1011可以是中央处理单元(Central Processing Unit,CPU),该处理器还可以是其他通用处理器、数字信号处理器(Digital Signal Processor,DSP)、专用集成电路(Application Specific Integrated Circuit,ASIC)、现成可编程门阵列(Field-Programmable Gate Array,FPGA)或者其他可编程逻辑器件、分立门或者晶体管逻辑器件、分立硬件组件等。通用处理器可以是微处理器或者该处理器也可以是任何常规的处理器等。Optionally, the processor 1011 may be a central processing unit (Central Processing Unit, CPU), and the processor may also be other general-purpose processors, digital signal processors (Digital Signal Processor, DSP), and application-specific integrated circuits (Application Specific (Integrated Circuit, ASIC), ready-made programmable gate array (Field-Programmable Gate Array, FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc. The general-purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
可选地,该存储器1012可以包括只读存储器和/或随机存取存储器,并向处理器提供指令和数据。存储器的一部分还可以包括非易失性随机存取存储器。例如,存储器还可以存储设备类型的信息。Optionally, the memory 1012 may include read-only memory and/or random access memory, and provide instructions and data to the processor. A portion of the memory may also include non-volatile random access memory. For example, the memory may also store device type information.
本申请还提供一种计算机可读存储介质,该计算机可读存储介质存储计算机指令。所述计算机指令指示调参设备102执行针对调参设备102提供一种加密通信方法,例如执行图3所示的方法步骤。The present application also provides a computer-readable storage medium that stores computer instructions. The computer instruction instructs the assistant device 102 to provide an encrypted communication method for the assistant device 102, for example, to perform the method steps shown in FIG. 3.
本申请还提供一种计算机可读存储介质,该计算机可读存储介质存储计算机指令。所述计算机指令指示安全服务器103执行针对安全服务器103提供一种加密通信方法,例如执行图4所示的方法步骤。The present application also provides a computer-readable storage medium that stores computer instructions. The computer instruction instructs the security server 103 to perform an encrypted communication method provided for the security server 103, for example, the method steps shown in FIG. 4 are performed.
本申请还提供一种计算机可读存储介质,该计算机可读存储介质存储计算机指令。所述计算机指令指示RTK设备101执行针对RTK设备101提供一种加密通信方法,例如执行图5所示的方法步骤。The present application also provides a computer-readable storage medium that stores computer instructions. The computer instruction instructs the RTK device 101 to provide an encrypted communication method for the RTK device 101, for example, to perform the method steps shown in FIG. 5.
在本说明书的描述中,参考术语“一个实施方式”、“一些实施方式”、“示意性实施方式”、“示例”、“具体示例”、或“一些示例”等的描述意指结合实施方式或示例描述的具体特征、结构、材料或者特点包含于本申请的至少一个实施方式或示例中。在本说明书中,对上述术语的示意性表述不一定指的是相同的实施方式或示例。尽管已经示出和描述了本申请的实施方式,本领域的普通技术人员可以理解:在不脱离本申请的原理和宗旨的情况下可以对这些实施方式进行多种变化、修改、替换和变型,本申请的范围由权利要求及其等同物限定。In the description of this specification, reference to the descriptions of the terms "one embodiment", "some embodiments", "schematic embodiments", "examples", "specific examples", or "some examples" means combined embodiments The specific features, structures, materials or characteristics described in the examples are included in at least one embodiment or example of the present application. In this specification, the schematic expression of the above terms does not necessarily refer to the same embodiment or example. Although the embodiments of the present application have been shown and described, those of ordinary skill in the art may understand that various changes, modifications, substitutions, and variations can be made to these embodiments without departing from the principle and purpose of the present application, The scope of the application is defined by the claims and their equivalents.

Claims (36)

  1. 一种加密通信方法,其特征在于,应用于无人机的RTK设备;所述加密通信方法包括:An encrypted communication method, characterized in that it is applied to a drone's RTK equipment; the encrypted communication method includes:
    从所述RTK设备获取所述RTK设备的标识,所述标识包括所述RTK设备的系列号SN和/或所述RTK设备的星历数据;Acquiring the identifier of the RTK device from the RTK device, the identifier including the serial number SN of the RTK device and/or the ephemeris data of the RTK device;
    使用所述标识向安全服务器请求认证证书;Use the identifier to request an authentication certificate from the security server;
    接收所述安全服务器反馈的加密信息,所述加密信息包括基于所述标识加密后的认证证书;Receiving encrypted information fed back by the security server, the encrypted information including an authentication certificate encrypted based on the identifier;
    向所述RTK设备发送所述加密信息。Sending the encrypted information to the RTK device.
  2. 如权利要求1所述的加密通信方法,其特征在于,所述加密信息还包括基于所述标识加密后的密钥。The encrypted communication method according to claim 1, wherein the encrypted information further includes a key encrypted based on the identification.
  3. 如权利要求2所述的加密通信方法,其特征在于,所述加密信息包括的所述认证证书和所述密钥用于建立所述RTK设备与所述安全服务器的基于安全套接层SSL的加密通信。The encrypted communication method according to claim 2, wherein the authentication certificate and the key included in the encrypted information are used to establish a secure socket layer SSL encryption of the RTK device and the security server Communication.
  4. 一种加密通信方法,其特征在于,应用于无人机的RTK设备;所述加密通信方法包括:An encrypted communication method, characterized in that it is applied to a drone's RTK equipment; the encrypted communication method includes:
    所述RTK设备接收安全服务器生成的加密信息,所述加密信息包括基于所述RTK设备的标识加密后的认证证书,所述标识包括所述RTK设备的系列号SN和/或所述RTK设备的星历数据;The RTK device receives encrypted information generated by a security server, and the encrypted information includes an authentication certificate encrypted based on the identifier of the RTK device, and the identifier includes the serial number SN of the RTK device and/or the RTK device Ephemeris data
    所述RTK设备使用所述RTK设备的标识生成用于解密所述加密信息的密钥;The RTK device uses the ID of the RTK device to generate a key for decrypting the encrypted information;
    所述RTK设备使用生成的密钥从所述加密信息中解密出所述认证证书;The RTK device uses the generated key to decrypt the authentication certificate from the encrypted information;
    所述RTK设备使用所述认证证书建立与所述安全服务器的通信。The RTK device uses the authentication certificate to establish communication with the security server.
  5. 如权利要求4所述的加密通信方法,其特征在于,所述加密信息还包括基于所述标识加密后的密钥,所述方法还包括:The encrypted communication method according to claim 4, wherein the encrypted information further includes a key encrypted based on the identification, and the method further includes:
    所述RTK设备使用生成的密钥从所述加密信息中解密出用于与所述安全服务器建立通信的密钥。The RTK device uses the generated key to decrypt the key used to establish communication with the security server from the encrypted information.
  6. 如权利要求5所述的加密通信方法,其特征在于,所述RTK设备使用所述认证证书建立与所述安全服务器的通信,包括:The encrypted communication method according to claim 5, wherein the RTK device uses the authentication certificate to establish communication with the security server, including:
    所述RTK设备使用所述认证证书和解密出的密钥建立与所述安全服务器的基于安全套接层SSL的加密通信。The RTK device uses the authentication certificate and the decrypted key to establish an encrypted communication with the security server based on a secure socket layer SSL.
  7. 如权利要求4所述的加密通信方法,其特征在于,所述使用所述RTK设备的标识生成用于解密所述加密信息的密钥包括:The encrypted communication method according to claim 4, wherein the use of the identifier of the RTK device to generate a key for decrypting the encrypted information includes:
    所述RTK设备获取所述RTK设备的标识;The RTK device obtains the identifier of the RTK device;
    所述RTK设备对获取的标识进行合法性验证;The RTK device performs legality verification on the obtained identification;
    所述RTK设备在合法性验证通过后,使用所述RTK设备的标识生成用于解密所述加密信息的密钥。After the legality verification is passed, the RTK device uses the ID of the RTK device to generate a key for decrypting the encrypted information.
  8. 如权利要求4至7任一项所述的加密通信方法,其特征在于,所述使用所述RTK设备的标识生成用于解密所述加密信息的密钥包括:The encrypted communication method according to any one of claims 4 to 7, wherein the generating a key for decrypting the encrypted information using the ID of the RTK device includes:
    计算RTK设备的SN的哈希值,将计算得到的哈希值转换为M位的第一二进制数;Calculate the hash value of the SN of the RTK device, and convert the calculated hash value into the first binary number of M bits;
    计算RTK设备的星历数据的哈希值,将计算得到的哈希值转换为M位的第二二进制数,所述第一二进制数和所述第二进制数为用于解密所述加密信息的密钥。Calculate the hash value of the ephemeris data of the RTK device, and convert the calculated hash value into an M-bit second binary number. The first binary number and the second binary number are used for decryption. The key to encrypt information.
  9. 一种加密通信方法,其特征在于,应用于无人机的RTK设备;所述加密通信方法包括:An encrypted communication method, characterized in that it is applied to a drone's RTK equipment; the encrypted communication method includes:
    安全服务器接收携带有RTK设备的标识的请求,所述标识包括所述RTK设备的系列号SN和/或所述RTK设备的星历数据;The security server receives the request carrying the identifier of the RTK device, the identifier including the serial number SN of the RTK device and/or the ephemeris data of the RTK device;
    所述安全服务器生成认证证书;The security server generates an authentication certificate;
    所述安全服务器基于所述标识对所述认证证书加密;The security server encrypts the authentication certificate based on the identification;
    所述安全服务器反馈携带有已加密的认证证书的加密信息。The security server feeds back encrypted information carrying the encrypted authentication certificate.
  10. 如权利要求9所述的加密通信方法,其特征在于,所述加密通信方法还包括:The encrypted communication method according to claim 9, wherein the encrypted communication method further comprises:
    所述安全服务器生成与所述认证证书对应的密钥;The security server generates a key corresponding to the authentication certificate;
    所述安全服务器基于所述标识对所述认证证书对应的密钥加密;The security server encrypts the key corresponding to the authentication certificate based on the identification;
    所述安全服务器将加密的密钥携带在所述加密信息中。The security server carries the encrypted key in the encrypted information.
  11. 如权利要求10所述的加密通信方法,其特征在于,所述加密信息包括的所述认证证书和所述密钥用于建立所述RTK设备与所述安全服务器的基于安全套接层SSL的加密通信。The encrypted communication method according to claim 10, wherein the authentication certificate and the key included in the encrypted information are used to establish a secure socket layer SSL-based encryption between the RTK device and the security server Communication.
  12. 如权利要求9至11任一项所述的加密通信方法,其特征在于,所述安全服务器基于所述标识对所述认证证书加密包括:The encrypted communication method according to any one of claims 9 to 11, wherein the encryption of the authentication certificate by the security server based on the identification includes:
    计算所述RTK设备的SN的哈希值,将计算得到的哈希值转换为M位的第一二进制数,M为正整数;Calculate the hash value of the SN of the RTK device, and convert the calculated hash value into an M-bit first binary number, where M is a positive integer;
    计算所述RTK设备的星历数据的哈希值,将计算得到的哈希值转换为M位的第二二进制数;Calculating the hash value of the ephemeris data of the RTK device, and converting the calculated hash value into an M-bit second binary number;
    将所述认证证书按照M位划分出N个数据片段,将所述N个数据片段分别与所述第一二进制数做异或运算,将经过异或运算的所述N个数据片段分别与所述第二二进制数进行或运算,得到加密后的该认证证书,N为正整数。Dividing the authentication certificate into N data fragments according to M bits, performing an exclusive OR operation on the N data fragments and the first binary number respectively, and separately dividing the N data fragments subjected to the exclusive OR operation Perform an OR operation with the second binary number to obtain the encrypted authentication certificate, and N is a positive integer.
  13. 一种加密通信装置,其特征在于,应用于无人机的RTK设备,所述加密通信装置包括:An encrypted communication device is characterized by being applied to an RTK device of an unmanned aerial vehicle. The encrypted communication device includes:
    获取单元,用于从所述RTK设备获取所述RTK设备的标识,所述标识包括所述RTK设备的系列号SN和/或所述RTK设备的星历数据;An obtaining unit, configured to obtain an identifier of the RTK device from the RTK device, the identifier including a serial number SN of the RTK device and/or ephemeris data of the RTK device;
    请求单元,用于使用所述标识向安全服务器请求认证证书;A requesting unit for requesting an authentication certificate from the security server using the identifier;
    接收单元,用于接收所述安全服务器反馈的加密信息,所述加密信息包括基于所述标识加密后的认证证书;A receiving unit, configured to receive encrypted information fed back by the security server, where the encrypted information includes an authentication certificate encrypted based on the identifier;
    发送单元,向所述RTK设备发送所述加密信息。The sending unit sends the encrypted information to the RTK device.
  14. 如权利要求13所述的加密通信装置,其特征在于,所述加密信息还包括基于所述标识加密后的密钥。The encrypted communication device according to claim 13, wherein the encrypted information further includes a key encrypted based on the identification.
  15. 如权利要求14所述的加密通信装置,其特征在于,所述加密信息包括的所述认证证书和所述密钥用于建立所述RTK设备与所述安全服务器的基于安全套接层SSL的加密通信。The encrypted communication device according to claim 14, wherein the authentication certificate and the key included in the encrypted information are used to establish a secure socket layer SSL-based encryption between the RTK device and the security server Communication.
  16. 一种加密通信装置,其特征在于,应用于无人机的RTK设备;所述加密通信装置包括:An encrypted communication device, characterized in that it is applied to an RTK device of a drone; the encrypted communication device includes:
    接收单元,用于接收安全服务器生成的加密信息,所述加密信息包括基于所述RTK设备的标识加密后的认证证书,所述标识包括所述RTK设备的系列号SN和/或所述RTK设备的星历数据;A receiving unit, configured to receive encrypted information generated by a security server, the encrypted information including an authentication certificate encrypted based on an identifier of the RTK device, the identifier including the serial number SN of the RTK device and/or the RTK device Ephemeris data;
    使用单元,用于使用所述RTK设备的标识生成用于解密所述加密信息的密钥,使用生成的密钥从所述加密信息中解密出所述认证证书,以及使用所述认证证书建立与所述安全服务器的通信。A using unit, for generating a key for decrypting the encrypted information using the identifier of the RTK device, decrypting the authentication certificate from the encrypted information using the generated key, and establishing and using the authentication certificate The communication of the security server.
  17. 如权利要求16所述的加密通信装置,其特征在于,The encrypted communication device according to claim 16, wherein
    所述使用单元,用于使用生成的密钥从所述加密信息中解密出用于与所述安全服务器建立通信的密钥,所述加密信息还包括基于所述标识加密后的密钥。The using unit is configured to decrypt a key used for establishing communication with the security server from the encrypted information using the generated key, and the encrypted information further includes a key encrypted based on the identifier.
  18. 如权利要求17所述的加密通信装置,其特征在于,The encrypted communication device according to claim 17, wherein
    所述使用单元,用于使用所述认证证书和解密出的密钥建立与所述安全服务器的基于安全套接层SSL的加密通信。The use unit is configured to use the authentication certificate and the decrypted key to establish an encrypted communication with the security server based on a secure socket layer SSL.
  19. 如权利要求16所述的加密通信装置,其特征在于,The encrypted communication device according to claim 16, wherein
    所述使用单元,用于:获取所述RTK设备的标识,对获取的标识进行合法性验证以及在合法性验证通过后使用所述RTK设备的标识生成用于解密所述加密信息的密钥。The use unit is configured to: obtain an ID of the RTK device, perform legality verification on the obtained ID, and use the ID of the RTK device to generate a key for decrypting the encrypted information after the legality verification is passed.
  20. 如权利要求16至19任一项所述的加密通信装置,其特征在于,The encrypted communication device according to any one of claims 16 to 19, wherein
    所述使用单元,用于计算RTK设备的SN的哈希值,将计算得到的哈希值转换为M位的第一二进制数;The use unit is used to calculate the hash value of the SN of the RTK device, and convert the calculated hash value into an M-bit first binary number;
    所述使用单元,用于计算RTK设备的星历数据的哈希值,将计算得到的哈希值转换为M位的第二二进制数,所述第一二进制数和所述第二进制数为用于解密所述加密信息的密钥。The using unit is used to calculate the hash value of the ephemeris data of the RTK device, and convert the calculated hash value into an M-bit second binary number, the first binary number and the first The binary number is the key used to decrypt the encrypted information.
  21. 一种加密通信装置,其特征在于,应用于无人机的RTK设备;所述加密通信装置包括:An encrypted communication device, characterized in that it is applied to an RTK device of a drone; the encrypted communication device includes:
    接收单元,用于接收携带有RTK设备的标识的请求,所述标识包括所述RTK设备的系列号SN和/或所述RTK设备的星历数据;A receiving unit, configured to receive a request carrying an identifier of the RTK device, the identifier including the serial number SN of the RTK device and/or ephemeris data of the RTK device;
    生成单元,用于生成认证证书;Generating unit, used to generate authentication certificate;
    加密单元,用于基于所述标识对所述认证证书加密;An encryption unit for encrypting the authentication certificate based on the identification;
    反馈单元,用于反馈携带有已加密的认证证书的加密信息。The feedback unit is used for feeding back encrypted information carrying the encrypted authentication certificate.
  22. 如权利要求21所述的加密通信装置,其特征在于,The encrypted communication device according to claim 21, wherein
    所述生成单元,用于生成与所述认证证书对应的密钥;The generating unit is configured to generate a key corresponding to the authentication certificate;
    所述加密单元,用于基于所述标识对所述认证证书对应的密钥加密;The encryption unit is configured to encrypt the key corresponding to the authentication certificate based on the identification;
    所述加密通信装置包括携带单元,所述携带单元用于将加密的密钥携带在所述加密信息中。The encrypted communication device includes a carrying unit for carrying an encrypted key in the encrypted information.
  23. 如权利要求22所述的加密通信装置,其特征在于,所述加密信息包括的所述认证证书和所述密钥用于建立所述RTK设备与所述安全服务器的基于安全套接层SSL的加密通信。The encrypted communication device according to claim 22, wherein the authentication certificate and the key included in the encrypted information are used to establish a secure socket layer SSL-based encryption between the RTK device and the security server Communication.
  24. 如权利要求21至23任一项所述的加密通信装置,其特征在于,The encrypted communication device according to any one of claims 21 to 23, wherein
    所述加密单元,用于计算所述RTK设备的SN的哈希值,将计算得到的哈希值转换为M位的第一二进制数,M为正整数;The encryption unit is used to calculate the hash value of the SN of the RTK device, and convert the calculated hash value into an M-bit first binary number, where M is a positive integer;
    所述加密单元,用于计算所述RTK设备的星历数据的哈希值,将计算得到的哈希值转换为M位的第二二进制数;The encryption unit is used to calculate the hash value of the ephemeris data of the RTK device, and convert the calculated hash value into an M-bit second binary number;
    所述加密单元,用于将所述认证证书按照M位划分出N个数据片段,将所述N个数据片段分别与所述第一二进制数做异或运算,将经过异或运算的所述N个数据片段分别与所述第二二进制数进行或运算,得到加密后的该认证证书,N为正整数。The encryption unit is configured to divide the authentication certificate into N data fragments according to M bits, and perform XOR operation on the N data fragments and the first binary number respectively, The N data fragments are ORed with the second binary number to obtain the encrypted authentication certificate, and N is a positive integer.
  25. 一种加密通信系统,其特征在于,所述加密通信系统包括:RTK设备、安全服务器以及调参设备;An encrypted communication system, characterized in that the encrypted communication system includes: an RTK device, a security server, and a parameter adjustment device;
    所述调参设备,用于从所述RTK设备获取所述RTK设备的标识,使用所述标识向安全服务器请求认证证书,接收所述安全服务器反馈的加密信息,向所述RTK设备发送所述加密信息,所述加密信息包括基于所述标识加密后的认证证书,所述标识包括所述RTK设备的系列号SN和/或所述RTK设备的星历数据;The parameter adjustment device is used to obtain the identification of the RTK device from the RTK device, use the identification to request an authentication certificate from a security server, receive the encrypted information fed back by the security server, and send the RTK device the said Encrypted information, the encrypted information including an authentication certificate encrypted based on the identifier, the identifier including the serial number SN of the RTK device and/or ephemeris data of the RTK device;
    所述安全服务器,用于从所述调参设备接收携带有RTK设备的标识的请求,生成认证证书,基于所述标识对所述认证证书加密,向所述调参设备反馈携带有已加密的认证证书的加密信息;The security server is configured to receive a request carrying an ID of the RTK device from the assistant device, generate an authentication certificate, encrypt the authentication certificate based on the identifier, and feed back the encrypted device with the encrypted Encrypted information of authentication certificate;
    所述RTK设备,用于从所述调参设备接收所述安全服务器生成的加密信息,所述加密信息包括基于所述RTK设备的标识加密后的认证证书;The RTK device is configured to receive encrypted information generated by the security server from the assistant device, and the encrypted information includes an authentication certificate encrypted based on the identifier of the RTK device;
    所述RTK设备,还用于使用所述RTK设备的标识生成用于解密所述加密信息的密钥,使用生成的密钥从所述加密信息中解密出所述认证证书,以及使用所述认证证书建立与所述安全服务器的通信。The RTK device is also used to generate a key for decrypting the encrypted information using the ID of the RTK device, use the generated key to decrypt the authentication certificate from the encrypted information, and use the authentication The certificate establishes communication with the security server.
  26. 如权利要求25所述的加密通信系统,其特征在于,The encrypted communication system according to claim 25, wherein
    所述RTK设备,用于使用生成的密钥从所述加密信息中解密出用于与所述安全服务器建立通信的密钥,所述加密信息还包括基于所述标识加密后的密钥。The RTK device is configured to decrypt the key used for establishing communication with the security server from the encrypted information using the generated key, and the encrypted information further includes a key encrypted based on the identifier.
  27. 如权利要求25所述的加密通信系统,其特征在于,The encrypted communication system according to claim 25, wherein
    所述RTK设备,用于使用所述认证证书和解密出的密钥建立与所述安全服务器的基于安全套接层SSL的加密通信。The RTK device is configured to use the authentication certificate and the decrypted key to establish an encrypted communication with the security server based on SSL.
  28. 如权利要求25所述的加密通信系统,其特征在于,The encrypted communication system according to claim 25, wherein
    所述RTK设备,用于获取所述RTK设备的标识,对获取的标识进行合法性验证,在合法性验证通过后使用所述RTK设备的标识生成用于解密所述加密信息的密钥。The RTK device is used to obtain the ID of the RTK device, verify the validity of the obtained ID, and use the ID of the RTK device to generate a key for decrypting the encrypted information after the validity verification is passed.
  29. 如权利要求25所述的加密通信系统,其特征在于,The encrypted communication system according to claim 25, wherein
    所述安全服务器,用于生成与所述认证证书对应的密钥,基于所述标识对所述认证证书对应的密钥加密,将加密的密钥携带在所述加密信息中。The security server is configured to generate a key corresponding to the authentication certificate, encrypt the key corresponding to the authentication certificate based on the identifier, and carry the encrypted key in the encrypted information.
  30. 如权利要求25所述的加密通信系统,其特征在于,The encrypted communication system according to claim 25, wherein
    所述安全服务器,用于计算所述RTK设备的SN的哈希值,将计算得到的哈希值转换为M位的第一二进制数,M为正整数;计算所述RTK设备的星历数据的哈希值,将计算得到的哈希值转换为M位的第二二进制数;将所述认证证书按照M位划分出N个数据片段,将所述N个数据片段分别与所述第一二进制数做异或运算,将经过异或运算 的所述N个数据片段分别与所述第二二进制数进行或运算,得到加密后的该认证证书,N为正整数;The security server is used to calculate the hash value of the SN of the RTK device, convert the calculated hash value into a first binary number of M bits, M is a positive integer; calculate the star of the RTK device The hash value of the calendar data, convert the calculated hash value into an M-bit second binary number; divide the authentication certificate into N data fragments according to M bits, and separate the N data fragments with Performing an exclusive OR operation on the first binary number, performing an OR operation on the N data fragments subjected to the exclusive OR operation and the second binary number, respectively, to obtain the encrypted authentication certificate, where N is positive Integer
    所述RTK设备,用于计算RTK设备的SN的哈希值,将计算得到的哈希值转换为M位的第一二进制数;计算RTK设备的星历数据的哈希值,将计算得到的哈希值转换为M位的第二二进制数,所述第一二进制数和所述第二进制数为用于解密所述加密信息的密钥。The RTK device is used to calculate the hash value of the SN of the RTK device, and convert the calculated hash value into an M-bit first binary number; to calculate the hash value of the ephemeris data of the RTK device, calculate The obtained hash value is converted into an M-bit second binary number, and the first binary number and the second binary number are keys used to decrypt the encrypted information.
  31. 一种调参设备,其特征在于,包括处理器和存储器;所述存储器存储计算机指令;所述处理器执行存储器中的计算机指令,使得调参设备执行权利要求1至3任一项所述的加密通信方法。A parameter adjustment device, comprising a processor and a memory; the memory stores computer instructions; the processor executes the computer instructions in the memory, so that the parameter adjustment device executes any one of claims 1 to 3. Encrypted communication method.
  32. 一种RTK设备,其特征在于,包括处理器和存储器;所述存储器存储计算机指令;所述处理器执行存储器中的计算机指令,使得RTK设备执行权利要求4至8任一项所述的加密通信方法。An RTK device, characterized in that it includes a processor and a memory; the memory stores computer instructions; the processor executes the computer instructions in the memory, so that the RTK device performs the encrypted communication according to any one of claims 4 to 8. method.
  33. 一种安全服务器,其特征在于,包括处理器和存储器;所述存储器存储计算机指令;所述处理器执行存储器中的计算机指令,使得安全服务器执行权利要求9至12任一项所述的加密通信方法。A security server, comprising a processor and a memory; the memory stores computer instructions; the processor executes the computer instructions in the memory, so that the security server executes the encrypted communication according to any one of claims 9 to 12. method.
  34. 一种计算机可读存储介质,其特征在于,所述计算机可读存储介质存储计算机指令,所述计算机指令指示调参设备执行权利要求1至3任一项所述的加密通信方法。A computer-readable storage medium, characterized in that the computer-readable storage medium stores computer instructions that instruct a parameter adjustment device to perform the encrypted communication method according to any one of claims 1 to 3.
  35. 一种计算机可读存储介质,其特征在于,所述计算机可读存储介质存储计算机指令,所述计算机指令指示RTK设备执行权利要求4至8任一项所述的加密通信方法。A computer-readable storage medium, characterized in that the computer-readable storage medium stores computer instructions that instruct an RTK device to perform the encrypted communication method according to any one of claims 4 to 8.
  36. 一种计算机可读存储介质,其特征在于,所述计算机可读存储介质存储计算机指令,所述计算机指令指示安全服务器执行权利要求9至12任一项所述的加密通信方法。A computer-readable storage medium, characterized in that the computer-readable storage medium stores computer instructions that instruct a security server to perform the encrypted communication method according to any one of claims 9 to 12.
PCT/CN2018/124015 2018-12-26 2018-12-26 Encrypted communication method, apparatus and system, and computer storage medium WO2020132978A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
PCT/CN2018/124015 WO2020132978A1 (en) 2018-12-26 2018-12-26 Encrypted communication method, apparatus and system, and computer storage medium
CN201880071010.0A CN111406390A (en) 2018-12-26 2018-12-26 Encrypted communication method, device, system and computer storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2018/124015 WO2020132978A1 (en) 2018-12-26 2018-12-26 Encrypted communication method, apparatus and system, and computer storage medium

Publications (1)

Publication Number Publication Date
WO2020132978A1 true WO2020132978A1 (en) 2020-07-02

Family

ID=71126139

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2018/124015 WO2020132978A1 (en) 2018-12-26 2018-12-26 Encrypted communication method, apparatus and system, and computer storage medium

Country Status (2)

Country Link
CN (1) CN111406390A (en)
WO (1) WO2020132978A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112235263A (en) * 2020-09-27 2021-01-15 深圳市元征科技股份有限公司 Diagnostic device security authentication method, server, vehicle, and storage medium
CN117579392A (en) * 2024-01-16 2024-02-20 北京富通亚讯网络信息技术有限公司 Reliable data transmission method, device, equipment and medium based on encryption processing

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113724482B (en) * 2021-08-05 2023-05-30 北京三快在线科技有限公司 Radio frequency remote control method and device, storage medium and electronic equipment

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107317674A (en) * 2016-04-27 2017-11-03 华为技术有限公司 Key distribution, authentication method, apparatus and system
CN107408351A (en) * 2015-03-31 2017-11-28 深圳市大疆创新科技有限公司 For generating the Verification System and method of air traffic control
CN107615359A (en) * 2015-03-31 2018-01-19 深圳市大疆创新科技有限公司 For detecting the Verification System and method of unwarranted unmanned vehicle activity
CN108683641A (en) * 2018-04-24 2018-10-19 广州亿航智能技术有限公司 A kind of data communications method, device, unmanned plane and computer storage media
CN108696517A (en) * 2018-05-08 2018-10-23 山东渔翁信息技术股份有限公司 A kind of safe communication method, the apparatus and system of unmanned vehicle information

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1391073B8 (en) * 2001-05-01 2018-09-05 OneSpan International GmbH Method and system for increasing security of a secure connection
CN102801730B (en) * 2012-08-16 2015-01-28 厦门市美亚柏科信息股份有限公司 Information protection method and device for communication and portable devices
CN105871857B (en) * 2016-04-13 2019-09-27 北京怡和嘉业医疗科技股份有限公司 Authentication method, device, system and therapeutic equipment
US10277407B2 (en) * 2016-04-19 2019-04-30 Microsoft Technology Licensing, Llc Key-attestation-contingent certificate issuance

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107408351A (en) * 2015-03-31 2017-11-28 深圳市大疆创新科技有限公司 For generating the Verification System and method of air traffic control
CN107615359A (en) * 2015-03-31 2018-01-19 深圳市大疆创新科技有限公司 For detecting the Verification System and method of unwarranted unmanned vehicle activity
CN107317674A (en) * 2016-04-27 2017-11-03 华为技术有限公司 Key distribution, authentication method, apparatus and system
CN108683641A (en) * 2018-04-24 2018-10-19 广州亿航智能技术有限公司 A kind of data communications method, device, unmanned plane and computer storage media
CN108696517A (en) * 2018-05-08 2018-10-23 山东渔翁信息技术股份有限公司 A kind of safe communication method, the apparatus and system of unmanned vehicle information

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112235263A (en) * 2020-09-27 2021-01-15 深圳市元征科技股份有限公司 Diagnostic device security authentication method, server, vehicle, and storage medium
CN112235263B (en) * 2020-09-27 2023-01-24 深圳市元征科技股份有限公司 Diagnostic device security authentication method, server, vehicle, and storage medium
CN117579392A (en) * 2024-01-16 2024-02-20 北京富通亚讯网络信息技术有限公司 Reliable data transmission method, device, equipment and medium based on encryption processing
CN117579392B (en) * 2024-01-16 2024-04-16 北京富通亚讯网络信息技术有限公司 Reliable data transmission method, device, equipment and medium based on encryption processing

Also Published As

Publication number Publication date
CN111406390A (en) 2020-07-10

Similar Documents

Publication Publication Date Title
US11082224B2 (en) Location aware cryptography
AU2017358604B2 (en) Systems and methods for secure communication using Random Cipher Pad cryptography
EP3318043B1 (en) Mutual authentication of confidential communication
US7283629B2 (en) Deriving keys used to securely process electronic messages
US11784801B2 (en) Key management method and related device
US11658803B2 (en) Method and apparatus for decrypting and authenticating a data record
CN109510818B (en) Data transmission system, method, device, equipment and storage medium of block chain
US20160127131A1 (en) Distributed Validation of Digitally Signed Electronic Documents
WO2017032242A1 (en) Key generation method and apparatus
EP3761203A1 (en) Information processing method, blockchain node, and electronic apparatus
WO2020132978A1 (en) Encrypted communication method, apparatus and system, and computer storage medium
WO2016000453A1 (en) Fully homomorphic message authentication method, device and system
US8995669B1 (en) Updating shared keys
US10937339B2 (en) Digital cryptosystem with re-derivable hybrid keys
US9692770B2 (en) Signature verification using unidirectional function
WO2018176312A1 (en) Pairing method, apparatus, machine readable storage medium, and system
TWM542178U (en) Device of hiding and restoring information of transaction party during blockchain transaction
US11533181B2 (en) Information processing apparatus, registration apparatus, information processing method, and registration method
TWI637619B (en) Device for hiding/reverting information of nodes in blockchain and method thereof
US9331852B2 (en) System and method for securing data transaction
US20140281536A1 (en) Secured embedded data encryption systems
CN112231397B (en) Transaction file transfer method and device based on blockchain
WO2023197853A1 (en) Apparatuses, methods, and computer-readable media for generating and utilizing a physical unclonable function key
US10021074B2 (en) Encrypting method and decrypting method of security short message and receiving apparatus for receiving security short message
US11456866B2 (en) Key ladder generating a device public key

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18944457

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 18944457

Country of ref document: EP

Kind code of ref document: A1