CN104468122A - Universal flight data encryption method - Google Patents
Universal flight data encryption method Download PDFInfo
- Publication number
- CN104468122A CN104468122A CN201410737464.0A CN201410737464A CN104468122A CN 104468122 A CN104468122 A CN 104468122A CN 201410737464 A CN201410737464 A CN 201410737464A CN 104468122 A CN104468122 A CN 104468122A
- Authority
- CN
- China
- Prior art keywords
- data
- encryption
- key
- frame
- data block
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Abstract
The invention provides an effective and safe flight data encryption method to achieve effective data processing, data source encryption and secret key security change. The method comprises the steps of generating a secret key of an AES encryption algorithm randomly, encrypting the randomly generated secret key by means of a certificate corresponding to a ground system private key, and writing the encrypted secret key into a log file; acquiring the value of required flight data, and writing the value of the flight data into a memory; conducting compression and encryption on the data in the memory, wherein the AES algorithm and randomly generated secret key are used during encryption; writing the data into the log file till a log stop condition is met; downloading the log file stored onboard to the ground so that the ground can decrypt the randomly generated secret key generated in the first step with the certificate private key and then decrypt a ciphertext with the secret key.
Description
Technical field
The invention belongs to airborne embedded device transfer of data and treatment technology, be specifically related to a kind of encryption of aircraft digital flight data, process to a whole set of method of deciphering.
Background technology
Along with the development of modern Aviation industry, emerging aeronautical technology theory such as FOQA (FOQA), prediction and health control (PHM) etc. emerge in an endless stream, and these theories all need based on a large amount of flying quality or support.Flying quality results from each transducer on machine, is transferred to Ground analysis equipment subsequently through activities such as collection, storage and transmission.Along with the development of wireless fast access flight data recorder (WQAR) and universal, the cassette register that pulls out in the past will progressively be substituted, wireless transmission approach conventional at present has 2g, 3g network and airport wireless network, no matter in the use procedure of which kind of wireless transmission, ensure the confidentiality of flying quality and ensure that the high efficiency of data processing has become the emphasis of research.
Summary of the invention
In order to meet flying quality confidentiality and the requirement of downloading real-time, the present invention proposes a kind of efficient, safe flying quality encryption method (encryption method mentioned here refers to encryption, gathers a whole set of flow process storing data, deciphering), to realize data efficient process, data source header encryption (data clear text is invisible before deciphering), secret key safety exchange.
Technical scheme of the present invention is as follows:
An encryption method for general flying quality, comprises the following steps:
1) key of stochastic generation AES encryption algorithm, uses the certificate corresponding with ground system private key to encrypt the key of stochastic generation, and by the key write log file of encryption;
2) value of required flying quality is gathered, and by its write memory;
3) when internal storage data arrives the capacity of setting, then the data in internal memory are done compress, encryption, use aes algorithm in encryption process, use step 1) described in the key of stochastic generation;
4) data through overcompression, encryption are write in described log file;
5) step 2 is repeated) to step 4) until record stop condition triggers;
6), after airport stopped by aircraft, ground is reached by under the log file that machine stores;
7) ground uses certificate private key to decrypt step 1) described in the key of stochastic generation, then by this secret key decryption ciphertext.
Based on such scheme, the present invention is also further optimizes restriction as follows:
Step 1) in will through encryption key write log file foremost;
Step 2) in be generate Frame according to the form of following setting: Frame adopts and meets the storage format of ARINC717, and each Frame is made up of four subframes, and the first character of each subframe is synchronization character, and second word is " validity word "; 3rd word of first subframe of each Frame is " frame count word " (Frame Counter); Other words store digital flight parameter;
Step 4) be using multiple Frame through overcompression, encryption as data division, then add data block head and data block tail respectively at head and the tail, form a data block, be placed in step 2) after the key that writes;
Repeat step 2) to step 4) until record stop condition triggers, in this process, each data block is according in the end to end write log file of rise time order, thus completes the storage of digital flight parameter.
Whether in each data block, data block head comprises CRC check and data length information, and wherein the scope of CRC check is the data of affiliated data block, for the integrality of verification msg, make a mistake when can find transmission or write data; Data block tail occurs as block gap, on the contextual impact of parsing when making a mistake for preventing certain data block or lose.
In each subframe of Frame, first value of " validity word " represents the validity of place subframe; The second to nine bit-identify misdata positions; Ten to ten two is error code, and corresponding different error reasons, is defined according to embody rule by user.
The present invention has the following advantages:
The present invention can strengthen the confidentiality of flying quality, improve the efficiency of flying quality in encryption, downloading process, and cost is low, easily realizes.
Accompanying drawing explanation
Fig. 1 is the concrete phase flow of the present invention when practical application.
Fig. 2 is the storage organization of log file in the present invention.
Fig. 3 is the concrete storage organization of data record (Frame) in the present invention.
Embodiment
As shown in Figure 1, whole flow process of the present invention gathers starting point and halt according to the flying quality of concrete equipment and is divided into three phases, for gathering the front preparatory stage before starting point, being flying quality acquisition phase between starting point to halt, is flying quality download phase after halt.Each stage divides flow example as follows.
One, the preparatory stage before gathering
A) key of equipment stochastic generation AES encryption algorithm on machine;
B) PKI in the digital certificate of company or mechanism belonging to aircraft is used to encrypt the AES key of stochastic generation;
C) the AES key write flight data recorder file will encrypted through certificate.
First, because each Sortie is stochastic generation for encrypting the AES key of flying quality, so add the decoding difficulty of flying quality; Secondly, AES encryption algorithm is symmetric encipherment algorithm, encryption efficiency is high, be applicable to mass data encryption, but cipher key change is inconvenient, have a big risk, the present invention uses AES encryption algorithm for encryption data, uses digital certificate encryption AES key, not only ensure that high encryption efficiency but also ensure key exchange process safety; In addition, using a part of writing in files of encryption key as flight data recording, convenience file transmission and management.
Two, flying quality acquisition phase
A) equipment (register) constantly gathers flying quality and stored in internal memory;
B), when the flying quality size in internal memory reaches 48KByte, equipment can compress these data;
C), after having compressed, equipment can carry out AES encryption to the data after compression;
D) data of having encrypted are write in log file;
E) repeat b) to d) step, until reach the stop condition of equipment requirement.
The present invention has carried out corresponding optimization to the storage organization of log file, and as shown in Figure 2, log file is divided into key part and data division:
1, key part, comprise the symmetric cryptographic key DataKey for enciphered data, but DataKey itself is encrypted, encryption DataKey adopts the PKI PubKey in the digital certificate of airline, so the preparatory stage only has airline that corresponding private key PriKey decrypting ciphertext just can be used to see data encryption key DataKey before acquisition.Such design also ensures the fail safe transmitted while making the convenient transmission of DataKey.
2, data division, is made up of some data blocks, and each data block is divided into again data block head, data and data block tail three part:
2.1 data block head, data block head comprises CRC check and and data length information.Whether wherein CRC check accounts for 4 bytes (CRC check uses the CRC32 algorithm meeting ARINC665-3), and the scope of verification is the data of affiliated data block, for the integrality of verification msg, make a mistake when can find transmission or write data; Data length information accounts for 4 bytes, the length of data in data block belonging to record, because the Frame of regular length can become non-fixed length after overcompression, so in order to resolution data need to indicate in header after the size of data that follows closely.
2.2 data, are made up of the Frame through overcompression, encryption of fixed qty.For the key of scrambled data frame and the encrypted content (DataKey) of log file key part.Data encryption adopts symmetric cryptosystem to ensure encryption efficiency, so also use this key during data decryption.
Frame is the base unit of storage means of the present invention, and in order to make application equipment of the present invention have more versatility, the present embodiment adopts and meets the Frame of ARINC717 standard, and the word that expanded definition is special on the basis of standard or position and fill in mode.Data frame format as shown in Figure 3.
Data frame format shown in Fig. 3 meets the requirement of ARINC717, namely each Frame is made up of four subframes, subframe generation per second one, each subframe comprises 64,128,256 or 512 words (can expand to as required 1024 or more), word size is 12, the first character of each subframe is synchronization character, and other words are UDW.On this basis, the present embodiment has made expanded definition to Frame, comprising:
2.2.1 second word of each subframe is " validity word ".Wherein first value of each " validity word " represents the validity of place subframe; The second to nine (totally eight) identify misdata position, as in the subframe of 64 words, " validity word " second value is 1 represent in the first eight word of this subframe and there is invalid data, " validity word " the 3rd value is 1 represent in the nine to ten six word of this subframe and there is invalid data, by that analogy; Each " validity word " the ten to ten two is error code, and corresponding different error reasons, is defined according to embody rule by user.
2.2.2 the 3rd word of first subframe of each Frame is " frame count word ", i.e. " Frame Counter ".This word, by the decimal system 0 to 4095 cycle count, often produces this word of new data frame and adds one, so can mark the frame loss condition of (4.5 hours) in the short time.
2.2.3 the reference record in particular sample cycle.The Frame specified due to ARINC717 with four seconds for loop cycle produces, data burst generation per second one, so the sampling period of parameter is not set to odd number second by the present embodiment suggestion user, but still this kind of parameter and sampling period is provided to be greater than the registering capacity of the parameter of four seconds.The present embodiment specifies that the lowest order of the word recording these parameters is " validity bit of parameter ", and the validity of these parameters does not affect " validity bit " value of place subframe, when generate a certain subframe and comprise this kind of parameter but be not this parameter sampling time time, it is invalid only to need " validity bit of parameter " be set to.As: the sampling period of parameter " P " is 8 seconds, be dispensed on the 4th subframe record of each Frame, it is invalid so to need " validity bit of parameter " of this parameter be set in the 4th subframe in the moment such as the 4th second, 12 seconds, need " validity bit of parameter " of this parameter to be set to effectively in the 4th subframe in the moment such as the 8th second, 16 seconds, and pad parameter value.
2.2.4 the parameter of multiple word is accounted for.When occurring that certain parameter needs occupy-place to be greater than 12, parameter value aligns with institute occupy-place low level and write by the present embodiment regulation, and a high position remains then uses " 0 " to fill.As binary number " 10101010101010 " accounts for 14, then write two words, result is " 000,000,000,010 101010101010 ".
2.2.5 discrete magnitude.Due to discrete magnitude, to take figure place few, and the present embodiment specifies that a word can comprise multiple discrete magnitude parameter.
2.3 data block tails, occur as block gap, on the contextual impact of parsing when making a mistake for preventing certain blocks of data or lose.Block gap size is 12 bytes, and value is " 55AAAA5555AAAA5555AAAA55 " of 16 systems.
Deal with data in units of data block, with regard to the compression of complete paired data block and encryption before data are written into file, so, decreasing flight and terminating the processing time of rear aircraft to log file, can directly pass under file; In addition, data are encrypted before being written into file, and data clear text is sightless, enhances confidentiality.
Three, flying quality download phase
A) flight data recorder file is downloaded to Ground analysis equipment by modes such as wireless network, cable network, USB interface or SD cards by ground installation;
B) resolve, extract key part in file and data division respectively;
C) the digital certificate private key decruption key part of company or mechanism belonging to Ground analysis equipment use aircraft, obtains AES key;
D) ground-support equipment uses AES key data decryption part, obtains flying quality content.
Claims (4)
1. an encryption method for general flying quality, comprises the following steps:
1) key of stochastic generation AES encryption algorithm, uses the certificate corresponding with ground system private key to encrypt the key of stochastic generation, and by the key write log file of encryption;
2) value of required flying quality is gathered, and by its write memory;
3) when internal storage data arrives the capacity of setting, then the data in internal memory are done compress, encryption, use aes algorithm in encryption process, use step 1) described in the key of stochastic generation;
4) data through overcompression, encryption are write in described log file;
5) step 2 is repeated) to step 4) until record stop condition triggers;
6), after airport stopped by aircraft, ground is reached by under the log file that machine stores;
7) ground uses certificate private key to decrypt step 1) described in the key of stochastic generation, then by this secret key decryption ciphertext.
2. the encryption method of general flying quality according to claim 1, is characterized in that:
Step 1) in will through encryption key write log file foremost;
Step 2) in be generate Frame according to the form of following setting: Frame adopts and meets the storage format of ARINC717, and each Frame is made up of four subframes, and the first character of each subframe is synchronization character, and second word is " validity word "; 3rd word of first subframe of each Frame is " frame count word " (Frame Counter); Other words store digital flight parameter;
Step 4) be using multiple Frame through overcompression, encryption as data division, then add data block head and data block tail respectively at head and the tail, form a data block, be placed in step 2) after the key that writes;
Repeat step 2) to step 4) until record stop condition triggers, in this process, each data block is according in the end to end write log file of rise time order, thus completes the storage of digital flight parameter.
3. the encryption method of general flying quality according to claim 1, it is characterized in that: in each data block, data block head comprises CRC check and data length information, wherein the scope of CRC check is the data of affiliated data block, for the integrality of verification msg, whether make a mistake when can find transmission or write data; Data block tail occurs as block gap, on the contextual impact of parsing when making a mistake for preventing certain data block or lose.
4. the encryption method of general flying quality according to claim 1, is characterized in that: in each subframe of Frame, and first value of " validity word " represents the validity of place subframe; The second to nine bit-identify misdata positions; Ten to ten two is error code, and corresponding different error reasons, is defined according to embody rule by user.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410737464.0A CN104468122A (en) | 2014-12-05 | 2014-12-05 | Universal flight data encryption method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410737464.0A CN104468122A (en) | 2014-12-05 | 2014-12-05 | Universal flight data encryption method |
Publications (1)
Publication Number | Publication Date |
---|---|
CN104468122A true CN104468122A (en) | 2015-03-25 |
Family
ID=52913552
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201410737464.0A Pending CN104468122A (en) | 2014-12-05 | 2014-12-05 | Universal flight data encryption method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN104468122A (en) |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106850529A (en) * | 2015-10-20 | 2017-06-13 | 波音公司 | Using redundant circuit replaceable unit(“LRU”)Information can be changed with compound aircraft(“AMI”)Aircraft Identity Management |
WO2017096603A1 (en) * | 2015-12-10 | 2017-06-15 | 深圳市大疆创新科技有限公司 | Method and system for data connection, transmission, reception and interaction, storage device, and aircraft |
WO2017096604A1 (en) * | 2015-12-10 | 2017-06-15 | 深圳市大疆创新科技有限公司 | Method and system for exchange, transmission, and reception of flight data, storage device, and aircraft |
CN110245502A (en) * | 2019-05-16 | 2019-09-17 | 深圳市百思智能科技有限公司 | A kind of robot wireless transmission information encryption method |
CN112565402A (en) * | 2020-12-02 | 2021-03-26 | 浙江强脑科技有限公司 | Data transmission method, device, equipment and computer readable storage medium |
CN114463962A (en) * | 2020-10-21 | 2022-05-10 | 中国石油化工股份有限公司 | Intelligent node data acquisition method, electronic device and storage medium |
DE102021004059A1 (en) | 2021-08-06 | 2023-02-09 | Diehl Defence Gmbh & Co. Kg | flight data recording device |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101350725A (en) * | 2007-02-13 | 2009-01-21 | Secunet安全网络股份公司 | Safety unit |
CN101849249A (en) * | 2007-06-05 | 2010-09-29 | 空中客车运营公司 | Method and device for acquiring, recording and utilizing data captured in an aircraft |
CN101908962A (en) * | 2009-12-24 | 2010-12-08 | 中国航空工业集团公司第六三一研究所 | Key management method for integrated avionic system |
CN201742031U (en) * | 2010-08-25 | 2011-02-09 | 北京有恒斯康通信技术有限公司 | Helicopter-mounted system for inspecting power transmission line |
CN102968484A (en) * | 2012-11-23 | 2013-03-13 | 中国航空工业集团公司第六三一研究所 | Flying data analyzing method for general-purpose plane |
-
2014
- 2014-12-05 CN CN201410737464.0A patent/CN104468122A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101350725A (en) * | 2007-02-13 | 2009-01-21 | Secunet安全网络股份公司 | Safety unit |
CN101849249A (en) * | 2007-06-05 | 2010-09-29 | 空中客车运营公司 | Method and device for acquiring, recording and utilizing data captured in an aircraft |
CN101908962A (en) * | 2009-12-24 | 2010-12-08 | 中国航空工业集团公司第六三一研究所 | Key management method for integrated avionic system |
CN201742031U (en) * | 2010-08-25 | 2011-02-09 | 北京有恒斯康通信技术有限公司 | Helicopter-mounted system for inspecting power transmission line |
CN102968484A (en) * | 2012-11-23 | 2013-03-13 | 中国航空工业集团公司第六三一研究所 | Flying data analyzing method for general-purpose plane |
Non-Patent Citations (1)
Title |
---|
宫淑丽等: "飞行数据快速译码系统的实现", 《科学技术与工程》 * |
Cited By (15)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106850529A (en) * | 2015-10-20 | 2017-06-13 | 波音公司 | Using redundant circuit replaceable unit(“LRU”)Information can be changed with compound aircraft(“AMI”)Aircraft Identity Management |
CN106850529B (en) * | 2015-10-20 | 2021-11-23 | 波音公司 | Aircraft identity management using redundant line replaceable units ("LRUs") and composite aircraft alterable information ("AMI |
CN107113161B (en) * | 2015-12-10 | 2019-07-09 | 深圳市大疆创新科技有限公司 | Flying quality interaction, transmission, method of reseptance, system and memory, aircraft |
CN107113177A (en) * | 2015-12-10 | 2017-08-29 | 深圳市大疆创新科技有限公司 | Data cube computation, transmission, reception, the method and system of interaction, and memory, aircraft |
CN107113161A (en) * | 2015-12-10 | 2017-08-29 | 深圳市大疆创新科技有限公司 | Flying quality interaction, transmission, method of reseptance, system and memory, aircraft |
CN107113177B (en) * | 2015-12-10 | 2019-06-21 | 深圳市大疆创新科技有限公司 | Data connection, transmission, reception, the method and system of interaction and memory, aircraft |
WO2017096604A1 (en) * | 2015-12-10 | 2017-06-15 | 深圳市大疆创新科技有限公司 | Method and system for exchange, transmission, and reception of flight data, storage device, and aircraft |
US10999076B2 (en) | 2015-12-10 | 2021-05-04 | SZ DJI Technology Co., Ltd. | Flight data exchanging, transmitting, and receiving method and system, memory, and aerial vehicle |
US11102647B2 (en) | 2015-12-10 | 2021-08-24 | SZ DJI Technology Co., Ltd. | Data communication connection, transmitting, receiving, and exchanging method and system, memory, and aerial vehicle |
WO2017096603A1 (en) * | 2015-12-10 | 2017-06-15 | 深圳市大疆创新科技有限公司 | Method and system for data connection, transmission, reception and interaction, storage device, and aircraft |
CN110245502A (en) * | 2019-05-16 | 2019-09-17 | 深圳市百思智能科技有限公司 | A kind of robot wireless transmission information encryption method |
CN114463962A (en) * | 2020-10-21 | 2022-05-10 | 中国石油化工股份有限公司 | Intelligent node data acquisition method, electronic device and storage medium |
CN112565402A (en) * | 2020-12-02 | 2021-03-26 | 浙江强脑科技有限公司 | Data transmission method, device, equipment and computer readable storage medium |
CN112565402B (en) * | 2020-12-02 | 2022-10-28 | 浙江强脑科技有限公司 | Data transmission method, device, equipment and computer readable storage medium |
DE102021004059A1 (en) | 2021-08-06 | 2023-02-09 | Diehl Defence Gmbh & Co. Kg | flight data recording device |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104468122A (en) | Universal flight data encryption method | |
CN109040090B (en) | A kind of data ciphering method and device | |
CN104484618A (en) | Universal flying data storage method | |
CN103457718B (en) | The part ciphertext of variable-length segmentation and fixing block encryption is used to upgrade | |
US20120134490A1 (en) | Selective Data Encryption and Decryption Method and Apparatus | |
CN105245505A (en) | Data transmitting method and device, data receiving method and device, and receiving-transmitting system | |
CN110572828B (en) | Internet of things security authentication method, system and terminal based on state cryptographic algorithm | |
WO2012077541A1 (en) | Searchable encryption processing system | |
KR20080050932A (en) | Method for encrypting datas and appatus therefor | |
CN108830096B (en) | Data processing method and device, electronic equipment and storage medium | |
CN104809407A (en) | Method and system for encrypting, decrypting and verifying cloud storage front end data | |
JP2016523391A (en) | Method and apparatus for encrypting plaintext data | |
CN106788982A (en) | A kind of sectional encryption transmission method and device | |
CN102063598A (en) | Data encryption and decryption methods and devices | |
CN102546156A (en) | Method, system and device for grouping encryption | |
EP2722787A1 (en) | Method and apparatus for writing and reading encrypted hard disk data | |
CN103248650A (en) | Document download method and system | |
CN110061968A (en) | A kind of file encryption-decryption method based on block chain, system and storage medium | |
CN105071927A (en) | Mobile device data local storage method | |
CN103902342A (en) | System updating and upgrading method and system in enclosed environment | |
CN103067162A (en) | Method and device of data transmission | |
CN102804800A (en) | Segment deduplication system with encryption segments | |
CN110955896A (en) | Method for realizing safe upgrading of firmware of single chip microcomputer through near field communication | |
CN111431917B (en) | Upgrade package encryption method and device and upgrade package decryption method and device | |
CN101808100A (en) | Method and system for solving replay of remote update of information safety device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20150325 |
|
RJ01 | Rejection of invention patent application after publication |