CN104301111A - High-precision Beidou differential information security transmission method - Google Patents

High-precision Beidou differential information security transmission method Download PDF

Info

Publication number
CN104301111A
CN104301111A CN 201410535665 CN201410535665A CN104301111A CN 104301111 A CN104301111 A CN 104301111A CN 201410535665 CN201410535665 CN 201410535665 CN 201410535665 A CN201410535665 A CN 201410535665A CN 104301111 A CN104301111 A CN 104301111A
Authority
CN
Grant status
Application
Patent type
Prior art keywords
signature
information
message
key
packet
Prior art date
Application number
CN 201410535665
Other languages
Chinese (zh)
Inventor
洪浩
卢晓春
Original Assignee
中国科学院国家授时中心
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date

Links

Abstract

The invention provides a high-precision Beidou differential information security transmission method. For a common user, an RSA secret key pair is adopted to add a signature to an appointed section in telegraph text information, a receiver verifies the validity of the signature through an RSA public key, and the telegraph text information is discarded if the signature is verified to be invalid. For a special user, the telegraph text information is encrypted according to the AES standard procedure, a signature is added to the appointed section through an RSA private key, and the receiver carries out decryption through an AES encryption key and verifies the validity of the signature through the RSA public key. By means of the method, deceptive attack methods of the outside can be effectively resisted, and therefore the communication reliability of a system can be further improved.

Description

北斗高精度差分信息安全传输方法 Compass secure transmission method with high accuracy difference information

技术领域 FIELD

[0001] 本发明涉及一种北斗高精度差分信息安全传输实现方法。 [0001] The present invention relates to a high accuracy difference information Beidou secure transmission method implemented.

背景技术 Background technique

[0002] 我国的北斗卫星导航系统是继美国GPS、俄罗斯GL0NASS之后,全球第三大卫星导航系统。 [0002] our country's Beidou satellite navigation system after the US GPS, Russian GL0NASS, the world's third largest satellite navigation system. 2003年“北斗一号”卫星导航系统的建成,标志着我国成为世界上第三个拥有独立自主卫星导航系统的国家。 Completed in 2003 "Compass" satellite navigation system, indicates that China has become the world's third have an independent satellite navigation system of the country. 北斗卫星导航系统2012年将覆盖亚太区域,2020年将形成由35颗卫星组网具有覆盖全球的卫星导航系统。 Beidou satellite navigation system in 2012 will cover the Asia-Pacific region in 2020 will form a satellite navigation system has a network of 35 satellites covering the globe. 但由于通信卫星星体长时间暴露在其覆盖区域的上空;通信卫星的服务对象多且分散,卫星的天线覆盖范围大,电文导航信号比较微弱,而且信号频率和带宽固定,因此电文信号很容易受到干扰。 However, due to prolonged exposure to the star communication satellite over its coverage area; satellite communication services and distributed multi-target, the large antenna coverage satellite navigation message signal relatively weak, and the signal frequency and bandwidth fixed, the message signals are susceptible to interference. 从技术角度出发,电子干扰可以分为两类:一是压制性干扰,二是欺骗性干扰。 From a technical point of view, electronic interference can be divided into two categories: repressive interference, the second is deceptive interference. 压制式干扰容易被发现,而欺骗性干扰,是指将接收到的电文卫星信号重新广播出去,从而构成一个虚假的电文卫星信号(称为转发式干扰欺骗)或由干扰机发射与电文卫星信号相同的无线信号来欺骗接收机(称为产生式干扰欺骗),因此是电文信息安全领域亟待解决的问题。 Blanket jamming easily be found, and fraudulent interference refers to the satellite signals received rebroadcast message out of the message so as to constitute a false satellite signals (referred to as forward jamming spoofing) or a message by the interfering with the satellite signal transmitting unit the same wireless signal to deceive the receiver (referred to as spoofing production interference), and therefore the message information security problems to be solved.

[0003] 对于以密码体制为基础的信息安全策略如果以密钥为基准,它们都可以分为双钥密码体制和单钥密码体制。 [0003] For password-based information system security policy if the key basis, they can be divided into single and dual-key cryptosystem key cryptosystem. 前者,每个用户都有一对密钥,即公钥和私钥;后者的加密过程和解密过程相同,而且在这两个过程中所用的密钥也相同。 The former, each user has a key pair, namely a public key and a private key; the latter the same encryption process and the decryption process, and in the two processes used in the same key. RSA算法是公开密钥系统的代表,其安全性建立在具有大素数因子的合数,其因子分解困难这一法则之上的。 RSA public key algorithm is the representative system, the establishment of security in combination with a number of large prime factor, the factoring on the difficulties of this law. Rijndael算法作为新一代的高级加密标准(AES),其属于单钥密码体制范畴,运行时不需要芯片有非常高的处理能力和大的内存,操作可以很容易的抵御时间和空间的攻击,在不同的运行环境下始终能保持良好的性能。 Rijndael algorithm as a new generation of Advanced Encryption Standard (AES), which belongs to the category of single-key cryptosystem, the chip does not need to have a very high processing power and large memory, the operator can easily withstand the time and space to attack operation, in under different operating environment has always been able to maintain good performance. 这使AES将安全,高效,性能,方便,灵活性集于一体,理应成为大数据量加密的首选。 This will enable AES security, efficiency, performance, convenience and flexibility in one set, should become the first choice for large data encryption. 相比较,因为目前AES密钥的长度最长只有256比特,可以利用软件和硬件实现高速处理,而RSA算法需要进行大整数的乘幂和求模等多倍字长处理,处理速度明显慢于AES ;所以AES算法加解密处理效率明显高于RSA算法。 To compare it to the current length of the longest only AES key of 256 bits, may be utilized to achieve high-speed processing hardware and software, the RSA algorithm requires a large integers modulo exponentiation and other multiple length processing, the processing speed is significantly slower than AES; AES encryption algorithm so that the processing efficiency is significantly higher than the RSA algorithm. 在密钥管理方面,因为AES算法要求在通信前对密钥进行秘密分配,解密的私钥必须通过网络传送至加密数据接收方,而RSA采用公钥加密,私钥解密(或私钥加密,公钥解密),加解密过程中不必网络传输保密的密钥;所以RSA算法密钥管理和签名机制上要明显优于AES算法。 In the key management because the AES algorithm requires a secret key before communication to the distribution of the private key to decrypt the encrypted data to be transmitted to the receiver via a network, the use of RSA public key encryption, decryption private key (or private key encryption, public key to decrypt), encryption and decryption process does not have to network transmission secret key; so the RSA algorithm and signature key management mechanism is much better than the AES algorithm. 综上所述,RSA加解密速度慢,不适合大量数据文件加密,因此在通信中完全用公开密码体制传输机密信息是没有必要,也是不太现实的。 In summary, RSA encryption and decryption is slow, not suitable for large data file encryption, so communication cryptography public transport entirely confidential information is not necessary, is not realistic. AES加密速度很快,但是在网络传输过程中如何安全管理AES密钥是保证AES加密安全的重要环节。 AES encryption is fast, but how to safely manage the AES key in the network transmission process is AES encryption to ensure the security of an important part. 这样在传送机密信息的双方,如果使用AES对称密码体制对传输数据加密,同时使用RSA不对称密码体制来作为签名验证机制,就可以综合发挥AES和RSA的优点同时避免它们缺点。 The two sides so that the transmission of confidential information, if the use of AES symmetric cryptosystem to encrypt data transmission while using RSA asymmetric cryptosystem as a signature verification mechanism, you can play the comprehensive advantages of AES and RSA while avoiding their disadvantages.

发明内容 SUMMARY

[0004] 为了克服现有技术的不足,本发明提供一种基于RSA和AES相结合的综合加密体制对北斗高精度差分系统进行信息处理,可以有效地抵制外界的欺骗性攻击方法,从而进一步提高系统的通信可靠性。 [0004] In order to overcome the deficiencies of the prior art, the present invention provides an encryption system based on an integrated combination of RSA and AES for the Big Dipper high accuracy difference information processing system can effectively resist external fraudulent attack, thereby further improving communication system reliability.

[0005] 本发明解决其技术问题所采用的技术方案包括以下步骤: [0005] The present invention solves the technical problem using the technical solution comprising the steps of:

[0006] (I)根据信息帧头区分普通用户和特权用户,普通用户进入步骤(2),特权用户进入步骤⑶; [0006] (I) The information header distinguished privileged users and ordinary users, the average user proceeds to step (2), proceeds to step ⑶ privileged user;

[0007] (2)普通用户执行以下步骤: [0007] (2) general user to perform the following steps:

[0008] (a)发送方编辑电文信息的同时,产生RSA密钥对; [0008] (a) the sender editing message information generated while RSA key pair;

[0009] (b)对电文信息中的指定区段添加签名; [0009] (b) adding a signature to a specific portion of the message information;

[0010] (C)将签名后的电文信息上注给卫星; [0010] (C) the signature on the note message information to the satellite;

[0011] (d)接收方收到卫星转发过来的电文信息,利用RSA的公钥验证签名的正确性,若签名验证无效则丢弃该电文信息;反之,则接受电文信息进行后期定位解算; [0011] (d) the receiver receives message information over the satellite transponder, the RSA public key to verify the correctness of the signature, signature verification is invalid if the message information is discarded; the other hand, the post-message information accepted position solution;

[0012] (3)特权用户执行以下步骤: [0012] (3) a privileged user the following steps:

[0013] (a)发送方编辑电文信息的同时,产生RSA密钥对; [0013] (a) the sender editing message information generated while RSA key pair;

[0014] (b)依照AES标准流程对电文信息进行加密,再利用RSA的私钥对指定区段添加签名; [0014] (b) encrypting the message information in accordance with the AES standard procedures, and then using the RSA private key signature is added to the specified section;

[0015] (C)将签名、加密后的电文信息上注给卫星; [0015] (C) the signature, the encrypted message information to the satellite injection;

[0016] (d)接收方收到卫星转发过来的电文信息,利用发送方提供的AES加密密钥进行解密; [0016] (d) the receiver receives message information over the satellite transponder, using the AES encryption key provided by the sender to decrypt;

[0017] (e)利用RSA的公钥验证签名的正确性,若签名验证无效则丢弃该电文信息;反之,则接受电文信息进行后期定位解算。 [0017] (e) using the RSA public key to verify the correctness of the signature, signature verification is invalid if the message information is discarded; the other hand, the post-message information accepted position solution.

[0018] 所述的RSA密钥对采用以下步骤产生: [0018] the RSA key pair is generated using the following steps:

[0019] Stepl:随机产生两个大质数P和q,P和q的取值范围为96_1024 ; [0019] Stepl: two randomly generated large prime numbers P and q, P and q ranges 96_1024;

[0020] Step2:计算n = pXq, Φ (η) = (ρ_1) X (q_l), mod 代表同余符号; [0020] Step2: calculating n = pXq, ​​Φ (η) = (ρ_1) X (q_l), mod symbol representative of congruence;

[0021] Step3:随机选取一个与Φ (η)互素的整数e作为公开密钥,即gcd(e,Φ (η))=I ; [0021] Step3: a randomly selected and Φ (η) prime integer e as the public key, i.e. gcd (e, Φ (η)) = I;

[0022] Step4:计算私有密钥d = e_1mod( Φ (η))。 [0022] Step4: calculating a private key d = e_1mod (Φ (η)).

[0023] 所述的添加签名包括以下步骤:将电文信息息M分解成为若干消息比特串分组,分组长度L保证< η,用m表示某一分组后的十进制消息的表示,则O < m < η ;采用私有密钥d执行分组模指数运算,得到分组信息c = md(modn),将分组信息组合成签名C,将签名C及电文信息M —起发送。 Add a signature [0023] comprising the steps of: decomposing the message information M information bit string into several message packets, the packet length L to ensure that <η, expressed in decimal after a message packet by m, then O <m < [eta]; using the private key d modular exponentiation to perform packet, the packet information obtained c = md (modn), combined into signature information packet C, the signature and the message information C M - starting transmission.

[0024] 所述的验证签名包括以下步骤:接收方从公布的公钥簿上获得公钥e,然后执行分组模指数运算m, = c'e(modn),然后将解算出的m,组合成M' ;比较M和M',如果相同则认为签名有效,反之则认为此次签名不是真实的,拒绝接受信息。 [0024] The signature verification comprising the steps of: obtaining from the recipient's published public key PKD e, then performs packet modular exponentiation m, = c'e (modn), and then solves for the m, a combination of to M '; comparing M and M', is considered the same as if the signature is valid, otherwise considered the signature is not true, refused to accept the message.

[0025] 所述的加密过程中,将分组长度等于原电文信息帧长度的分组用AES进行数据加密,将分组长度小于原电文信息帧长度的分组用前一组加密后的密文的后部数据补足,得到分组长度等于原电文信息帧长度的分组然后再进行加密,最后将得到的密文按次序重新填充到原有帧长度中。 [0025] In the encryption process, the packet length is equal to the original message information packet frame length data encrypted with AES, the packet length is less than the original message information packet with the frame length of the rear portion of the previous ciphertext encrypted set complement data, the original packet to obtain the packet length is equal to the frame length information message and then encrypts the resulting final ciphertext is refilled in sequence to the original frame length.

[0026] 本发明的有益效果是:针对北斗高精度差分信息的不同用户将单钥密码体制与公钥密码体制有机结合,在安全性、时效性以及实用性中找出最佳的平衡点,使北斗高精度差分系统在满足现有需求的同时,其自身安全性得以保障。 [0026] Advantageous effects of the present invention are: the single key cryptosystem and public-key cryptosystem for different users Compass combine high accuracy difference information, to find the best balance in terms of safety, and usability of timeliness, Compass makes high-precision differential system while meeting existing needs, their own safety is guaranteed. 采用本发明,可以有效地遏制差分信息传递过程中的欺骗性干扰问题。 According to the present invention, it can effectively curb fraudulent interference difference information transfer process.

附图说明 BRIEF DESCRIPTION

[0027] 图1是本发明针对普通用户的方法流程图; [0027] FIG. 1 is a flowchart of the present invention is a method for the average user;

[0028] 图2是本发明针对特权用户的方法流程图; [0028] FIG 2 is a flowchart of the present invention is a method for privileged users;

[0029] 图3是本发明针对特权用户分组密码二次加密的方法流程图 [0029] FIG. 3 is a flowchart illustrating the present invention, the secondary passwords for privileged user packet encryption method

具体实施方式 Detailed ways

[0030] 下面结合附图和实施例对本发明进一步说明,本发明包括但不仅限于下述实施例。 Figures and examples further illustrate the present invention, [0030] in conjunction with the following, the present invention includes but not limited to the following examples.

[0031] 北斗高精度差分信息有两类用户——普通用户、特权用户(根据信息帧头进行区分),针对每一类用户,电文方面将采用不同的信息安全方案。 [0031] There are two types of difference information accurately Hokuto - A normal user privileged user (differentiated according to header information), for each type of user, the message will be of different aspects of the information security program.

[0032] 普通用户的信息安全机制 [0032] ordinary users of information security

[0033] 定义:普通用户是指可以获得非加密通道的导航电文,电文信息只具有检错能力,基本保证信号的完整性,只可以完成粗略的定位导航功能的用户。 [0033] Definition: refers to the average user can obtain unencrypted channel navigation message, message error detection capability information only has substantially ensure signal integrity, only the user can complete the coarse positioning and navigation functions.

[0034] 安全机制:发送方只对电文信息采用签名保护,对于电文数据本身并不加密。 [0034] security mechanism: the sender of the message using only signature protection information for the message data itself is not encrypted. 在定期更换密钥对的情况下可以防止前文所提到的产生式干扰欺骗。 In the case of periodic replacement of the key pair can be prevented formula hereinbefore mentioned interference deception. 具体操作见图1,包括以下步骤: Specific operation shown in Figure 1, comprising the steps of:

[0035] (I)发送方编辑电文信息的同时,产生RSA密钥对; [0035] (I) edited sender message information generated while RSA key pair;

[0036] (2)对特定信息(例:子帧中100〜300区间的电文信息)进行签名; [0036] (2) to specific information: sign (Example subframe interval message information 100~300);

[0037] (3)将签名后的电文信息上注给卫星; [0037] (3) Note the message information to the satellite on the signature;

[0038] (4)接收方(接收机)收到通过卫星转发器发射过来的签名电文,利用RSA的公钥验证签名的正确性,若签名验证无效则丢弃导航电文;反之,则接受电文进行后期定位解笪 [0038] (4) the recipient (receiver) receives the message signature emitted by coming satellite transponder, verifies the signature using the public key of the RSA correctness of the signature verification is invalid if the navigation message is discarded; otherwise, the message is accepted for Da late positioning solution

ο ο

[0039] 特权用户(商用和军用)的信息安全机制 [0039] privileged user (commercial and military) information security

[0040] 定义:特权用户是指通过特定通道获得导航电文,电文不仅具有检错能力,而且具有较高信号的完整性,以及附加信息(例如差分信息等),以满足较高精度的导航定位要求需要。 [0040] Definition: refers to the privileged user navigation data obtained through a particular channel, only the message having error detection capability, and having high signal integrity, and additional information (e.g., difference information, etc.) to meet the high accuracy of navigation positioning requirements needed.

[0041 ] 安全机制:发送方不仅对电文采用签名保护,而且对于电文数据本身进行加密。 [0041] security mechanism: the sender of the message not only to protect the use of signatures, but also for the message data itself is encrypted. 在定期更换密钥对的情况下,不仅可以防止前文所提到的产生式干扰欺骗,而且由于电文数据本身被加密亦可以应对转发式干扰。 In the case of periodic replacement of key pair, not only can prevent type previously mentioned interference deception, and because the message itself is encrypted data can also deal with forward jamming. 从商业运作角度考虑,加密电文还可以防止未授权的第三方擅自使用,从而可以达到便于管理的目的。 From the point of view of business operations, message encryption can also prevent unauthorized use of unauthorized third party, which can achieve manageable. 具体操作见图2,包括以下步骤: Specific operation shown in Figure 2, comprising the steps of:

[0042] (I)发送方编辑电文信息的同时,产生RSA密钥对; [0042] (I) edited sender message information generated while RSA key pair;

[0043] (2)依照AES标准流程对电文信息进行加密,再利用RSA的私钥对特定信息进行签名(例:子帧中100〜300区间的电文信息); [0043] (2) encrypts the message information in accordance with the AES standard procedures, and then the RSA private key signing specific information (for example: 100~300 subframe section information message);

[0044] (3)将签名、加密后的电文信息上注给卫星; [0044] (3) the signature, the encrypted message information to the satellite injection;

[0045] (4)当接收方(接收机)收到通过卫星转发器发射过来的密文后,利用发送方AES的加密密钥(加密密钥可以通过运控中心颁发给授权用户的电子卡获得)进行解密; [0045] (4) When the receiving side (receiver) received by the transmitter over the satellite transponder ciphertext by using the encryption key of the sender AES (encryption key may be issued to the authorized user through the operation control center of the electronic card obtained) to decrypt;

[0046] (5)进行RSA的公钥解密验证签名的正确性(公钥可以通过地面运控中心或官网上获得),若签名验证无效则丢弃导航电文;反之,则利用所接收到电文进行解算。 [0046] The public key (5) for decrypting the RSA signature verification accuracy (public key can be obtained by the official or ground operation control center line), the signature verification is invalid if the navigation message is discarded; the contrary, using the received message for solver.

[0047] 进行所述的签名时,包括以下步骤: When [0047] performing the signature, comprising the steps of:

[0048] RSA算法初始化的时候一般要填入密钥长度,在96_1024bits间。 [0048] RSA algorithm generally filled initialization of the key length, between 96_1024bits. 鉴于卫星通信效率和实时性考虑,本实施例选用密钥长度为155bit。 In view of the efficiency of satellite communication and real-time considerations, the present embodiment chosen key length is 155bit.

[0049] RSA密钥产生算法 [0049] RSA key generation algorithm

[0050] Stepl:随机产生两个大质数(155bit长度)p, q ; [0050] Stepl: randomly generating two large prime numbers (155bit length) p, q quality;

[0051] Step2:计算η = pXq, d = e_1mod( Φ (n)) Φ (n) = (p_l) X (q-1) (mod 代表同余符号); [0051] Step2: calculate η = pXq, ​​d = e_1mod (Φ (n)) Φ (n) = (p_l) X (q-1) (mod symbols represent the same I);

[0052] St印3:随机选取一个与Φ (η)互素的整数e作为公开密钥,即gcd(e,Φ (η))=I ; [0052] St 3 India: a randomly selected and Φ (η) prime integer e as the public key, i.e. gcd (e, Φ (η)) = I;

[0053] Step4:计算私有密钥d = e_1mod( Φ (η)); [0053] Step4: calculating a private key d = e_1mod (Φ (η));

[0054] 公开η、e,保密p、q、d,就可以使用它们进行签名验证工作了。 [0054] Publication η, e, confidentiality p, q, d, can use them for the verification of the signature.

[0055] 签名验证过程 [0055] signature verification process

[0056] Stepl:对签名的原始数据M进行加密前,首先将消息M分解成为消息比特串分组,分组长度L保证彡n,若用m表示某一分组后的消息的十进制表示,则O彡m彡η ;然后取得用自己的私钥d,执行分组模指数运算:c = md(modn),将运算后的分组信息组合成签名C,最后通过信道将签名C及文本M —起发送; [0056] Stepl: before the signature of the original data M is encrypted, the message M is first decomposed into a bit string message packet, the packet length L to ensure San n, if the message represents a group represented by a decimal m is O San m San [eta]; then made with its private key d, performs packet exponentiation: c = md (modn), the packet information calculation combined into signature C, and finally through a channel signature C and text m - starting the transmission;

[0057] Step2:接收方从网上公布的公钥簿上获得公钥e,然后按照和签名相同的分组方式执行下面的模指数运算:m,= c'd(modn),然后将解算出的m,组合成Μ' ; [0057] Step2: receiving party obtaining the public key e from the online publication PKD, and follow the same signature, and grouping the following modular exponentiation: m, = c'd (modn), then the solution is calculated m, combined into Μ ';

[0058] Step3:比较M和Μ',如果相同则认为签名有效,反之则认为此次签名不是真实的,拒绝接受信息。 [0058] Step3: Comparison of M and Μ ', is considered the same as if the signature is valid, otherwise considered the signature is not true, refused to accept the message.

[0059] 外层数据加密 [0059] layer data encryption

[0060] 利用AES的加密算法,加密前后数据长度一致,所以经其加密后的密文不会对帧长度产生影响。 [0060] using the AES encryption algorithm, encryption of data before and after the same length, so it will not affect the frame length by which the encrypted ciphertext. 本实施例采用128bit密钥,对于原始数据也是采用每128bit为一组进行加密,所得密文长度也是128bit为一组,然后重新填充至原始帧结构中进行播发。 The present embodiment employs 128bit key for each original data is performed using a set of 128bit encryption, resulting ciphertexts are 128bit for a group, and then repopulate the original frame structure to be broadcast. 若子帧结构的长度不是128bit的倍数,则先将分组长度满足128bit的分组用AES进行数据加密,剩下的不足128bit的数据和前一组加密后的密文重组凑成128bit然后再进行加密,最后将密文按次序重新填充到原有帧长度中。 If the length is not a multiple of the sub-frame structure 128bit, the packet length to meet the first packet of data encrypted with 128bit AES, the ciphertext data remaining after recombination is less than the previous set 128bit encryption and then encrypted 128bit make up, Finally, the ciphertext is refilled in sequence to the original frame length. 具体操作见附图3。 Specific operations, see Figure 3.

Claims (5)

  1. 1.一种北斗高精度差分信息安全传输方法,其特征在于包括下述步骤: (1)根据信息帧头区分普通用户和特权用户,普通用户进入步骤(2),特权用户进入步骤⑶; (2)普通用户执行以下步骤: (a)发送方编辑电文信息的同时,产生RSA密钥对; (b)对电文信息中的指定区段添加签名; (c)将签名后的电文信息上注给卫星; (d)接收方收到卫星转发过来的电文信息,利用RSA的公钥验证签名的正确性,若签名验证无效则丢弃该电文信息;反之,则接受电文信息进行后期定位解算; (3)特权用户执行以下步骤: (a)发送方编辑电文信息的同时,产生RSA密钥对; (b)依照AES标准流程对电文信息进行加密,再利用RSA的私钥对指定区段添加签名; (c)将签名、加密后的电文信息上注给卫星; (d)接收方收到卫星转发过来的电文信息,利用发送方提供的AES加密密钥进行解密; (e)利用RSA的公 An information security Beidou precision differential transmission method, comprising the steps of: (1) the user to distinguish between normal and privileged user information according to the frame header, an ordinary user proceeds to step (2), the privileged user proceeds to step ⑶; ( 2) ordinary users perform the following steps: (a) the sender editing message information while generating the RSA key pair; (b) adding a signature to a specific portion of the message information; (c) Note on the signature of the message information to the satellite; (d) the receiver receives message information over the satellite transponder, the RSA public key to verify the correctness of the signature, signature verification is invalid if the message information is discarded; the other hand, the post-message information accepted position solution; (3) a privileged user steps: (a) the sender editing message information while generating the RSA key pair; (b) encrypting the message information in accordance with the AES standard procedures, and then added using the RSA private key for the specified segment signature; (c) the signature, the encrypted message information to the satellite injection; (d) the receiver receives message information over the satellite transponder, using the AES encryption key provided by the sender decrypts; (e) use of RSA public 钥验证签名的正确性,若签名验证无效则丢弃该电文信息;反之,则接受电文信息进行后期定位解算。 The correctness of the signature verification key, the signature verification is invalid if the message information is discarded; otherwise, the message information accepted late position solution.
  2. 2.根据权利要求1所述的北斗高精度差分信息安全传输方法,其特征在于所述的RSA密钥对采用以下步骤产生: Stepl:随机产生两个大质数P和q,P和q的取值范围为96-1024 ; Step2:计算n = pXq, Φ (η) = (ρ_1) X (q_l), mod 代表同余符号; Step3:随机选取一个与Φ (η)互素的整数e作为公开密钥,即gcd(e,Φ (η)) = I ; Step4:计算私有密钥d = e_1mod( Φ (η))。 The Compass difference information accurately secure transmission method according to claim 1, wherein an RSA key pair is generated using the following steps: Stepl: Take two randomly generated large prime numbers P and q, P and q value in the range 96-1024; Step2: calculating n = pXq, ​​Φ (η) = (ρ_1) X (q_l), mod symbol representative of congruence; Step3: a randomly selected and Φ (η) as the integer e relatively prime disclosed key, i.e. gcd (e, Φ (η)) = I; Step4: calculating a private key d = e_1mod (Φ (η)).
  3. 3.根据权利要求1所述的北斗高精度差分信息安全传输方法,其特征在于:所述的添加签名包括以下步骤:将电文信息息M分解成为若干消息比特串分组,分组长度L保证2L ( n,用m表示某一分组后的十进制消息的表示,则OSmSn ;采用私有密钥d执行分组模指数运算,得到分组信息c = md (modn),将分组信息组合成签名C,将签名C及电文信息M一起发送。 The Compass difference information accurately secure transmission method according to claim 1, wherein: said signature adding comprises the steps of: decomposing the message information M information bit string into several message packets, the packet length L guaranteed 2L ( n, m represents a certain packet after a decimal representation of the message, the OSmSn; performed using the private key d modular exponentiation packet, the packet information obtained c = md (modn), combined into signature information packet C, the signature C and message information transmitted together with M.
  4. 4.根据权利要求1所述的北斗高精度差分信息安全传输方法,其特征在于:所述的验证签名包括以下步骤:接收方从公布的公钥簿上获得公钥e,然后执行分组模指数运算m'= c'e (modn),然后将解算出的m'组合成M,;比较M和M',如果相同则认为签名有效,反之则认为此次签名不是真实的,拒绝接受信息。 The Compass difference information accurately secure transmission method according to claim 1, wherein: said signature verification comprising the steps of: obtaining the public key e from the recipient's published on PKD, and then performs packet mode index calculating m '= c'e (modn), and then the solution calculated m' are combined into m and m ,; comparing m ', the same as if the signature is considered valid, otherwise the signature that is not true, the information rejected.
  5. 5.根据权利要求1所述的北斗高精度差分信息安全传输方法,其特征在于:所述的加密过程中,将分组长度等于原电文信息帧长度的分组用AES进行数据加密,将分组长度小于原电文信息帧长度的分组用前一组加密后的密文的后部数据补足,得到分组长度等于原电文信息帧长度的分组然后再进行加密,最后将得到的密文按次序重新填充到原有帧长度中。 The Compass difference information accurately secure transmission method according to claim 1, wherein: said encryption process, the packet length is equal to the original message information packet frame length data encrypted with AES, the packet length is less than original message information packet frame length of the rear portion of the ciphertext data before and after make up a set of encryption, the packet length is equal to the packet to obtain the original message frame length information and then encrypting the obtained final ciphertext refilled in sequence to the original there are frame lengths.
CN 201410535665 2014-10-11 2014-10-11 High-precision Beidou differential information security transmission method CN104301111A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN 201410535665 CN104301111A (en) 2014-10-11 2014-10-11 High-precision Beidou differential information security transmission method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN 201410535665 CN104301111A (en) 2014-10-11 2014-10-11 High-precision Beidou differential information security transmission method

Publications (1)

Publication Number Publication Date
CN104301111A true true CN104301111A (en) 2015-01-21

Family

ID=52320691

Family Applications (1)

Application Number Title Priority Date Filing Date
CN 201410535665 CN104301111A (en) 2014-10-11 2014-10-11 High-precision Beidou differential information security transmission method

Country Status (1)

Country Link
CN (1) CN104301111A (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101783793A (en) * 2009-01-14 2010-07-21 北京中星微电子有限公司;北京中盾安全技术开发公司 Method, system and device for improving safety of monitoring data
CN101807238A (en) * 2009-02-13 2010-08-18 索尼公司 Content distribution apparatus, content use apparatus, content distribution system, content distribution method and program
CN101895882A (en) * 2009-05-21 2010-11-24 中兴通讯股份有限公司 Data transmission method, system and device in WiMAX system
CN102609667A (en) * 2012-02-22 2012-07-25 浙江机电职业技术学院 Automatic file encryption and decryption system and automatic file encryption and decryption method based on filter drive program
CN103618610A (en) * 2013-12-06 2014-03-05 上海千贯节能科技有限公司 Information safety algorithm based on energy information gateway in smart power grid

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101783793A (en) * 2009-01-14 2010-07-21 北京中星微电子有限公司;北京中盾安全技术开发公司 Method, system and device for improving safety of monitoring data
CN101807238A (en) * 2009-02-13 2010-08-18 索尼公司 Content distribution apparatus, content use apparatus, content distribution system, content distribution method and program
CN101895882A (en) * 2009-05-21 2010-11-24 中兴通讯股份有限公司 Data transmission method, system and device in WiMAX system
CN102609667A (en) * 2012-02-22 2012-07-25 浙江机电职业技术学院 Automatic file encryption and decryption system and automatic file encryption and decryption method based on filter drive program
CN103618610A (en) * 2013-12-06 2014-03-05 上海千贯节能科技有限公司 Information safety algorithm based on energy information gateway in smart power grid

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
袁宗伟: "基于RSA和AES加密系统的网络信息传输的安全技术研究", 《中国优秀硕士学位论文全文数据库信息科技辑》 *

Similar Documents

Publication Publication Date Title
US5796833A (en) Public key sterilization
US20030210789A1 (en) Data transmission links
US5796830A (en) Interoperable cryptographic key recovery system
US20030081774A1 (en) Method and apparatus for dynamic generation of symmetric encryption keys and exchange of dynamic symmetric key infrastructure
US20030172278A1 (en) Data transmission links
US20020199103A1 (en) Method and apparatus for real-time digital certification of electronic files and transactions using entropy factors
US5907618A (en) Method and apparatus for verifiably providing key recovery information in a cryptographic system
US20100098253A1 (en) Broadcast Identity-Based Encryption
US20090185677A1 (en) Short message encryption
US7657037B2 (en) Apparatus and method for identity-based encryption within a conventional public-key infrastructure
US20100031051A1 (en) Protocol And Method For Client-Server Mutual Authentication Using Event-Based OTP
US20120023336A1 (en) System and method for designing secure client-server communication protocols based on certificateless public key infrastructure
US20050084114A1 (en) Conference session key distribution method in an ID-based cryptographic system
CN102118710A (en) System and method for transmitting data between mobile terminals
US20090100264A1 (en) Communication device and communication system
US8583921B1 (en) Method and system for identity authentication
CN1447269A (en) Certificate authentication system and method based on hardware characteristics
CN1472914A (en) High performance and quick public pin encryption
CN1801029A (en) Method for generating digital certificate and applying the generated digital certificate
Kumari et al. Cryptanalysis and improvement of ‘a privacy enhanced scheme for telecare medical information systems’
Lee et al. Security flaw of authentication scheme with anonymity for wireless communications
CN101465725A (en) Key distribution method for public key system based on identification
US20090010436A1 (en) Decipherable searchable encryption method, system for such an encryption
CN101483518A (en) Customer digital certificate private key management method and system
US20110307698A1 (en) Masking the output of random number generators in key generation protocols

Legal Events

Date Code Title Description
C06 Publication
C10 Entry into substantive examination
WD01