A kind of method of Dynamic Geographical Information encryption
Technical field
The present invention relates to electronic map and geographic information services technical field, specifically a kind of Dynamic Geographical Information adds
Close method.
Background technique
With the progress of satellite positioning tech, remote sensing technology, geographic information system technology and network technology, based on electronically
Figure and geographic information services are quickly grown, and while work, the life to people provide convenient, many are also occurred and are not allowed to neglect
Depending on the problem of.Some entity and individual are intentional or unintentional, it is some it is sensitive, unsuitable disclosed in, be even related to national machine
Close related geographic coordinate data information publishes interconnection web stream and passes.The appearance of these problems, seriously compromises country
Interests threaten national information safety.For this purpose, there is practical and urgent demand in China for geography information encryption.
At present there are two types of the means of the geography information encryption of IT industry mainstream.One is carry out coordinate shift method, another kind
It is to carry out projection transform method.
One, coordinate shift method
Coordinate shift method refers to the initial data of directly encryption coordinate, gives true coordinate certain nonlinear offset, has reached
To the purpose of information privacy.Coordinate shift method algorithmically has very high requirement, should guarantee pel degree of deformation after coordinate encryption
It keeps in the reasonable scope, and needs to provide irreversible coordinate Encryption Algorithm to system user, to facilitate user by business
Data are perfectly labeled on map.The advantages of coordinate shift method is directly to have encrypted data source header, and safety is relatively high.
Currently, searching of releasing of the Baidu map coordinate system released of GCJ02 coordinate system and Baidu company, Sohu.com Inc.
Dog map coordinates system has been all made of coordinate data offset arrangement and has carried out information encryption.
The mode that cracks of coordinate shift method is generally Brute Force method.Due to official provide coordinate Encryption Algorithm be can not
Algorithm for inversion can only crack precision, each of exhaustive true coordinate value, meter according to expected by way of violence dictionary
Calculate encryption dictionary.True coordinate value can be gone out by encryption coordinate value back mapping by dictionary.
Two, projection transform method
Map projection just refers to the point established on earth surface (or other celestial body surfaces or day spherical surface) and projection plane (i.e.
Map plane) on point between one-to-one relationship method, that is, establish between mathematics conversion formula.It will be as one not
The curved surface that can be flattened i.e. earth surface projection (irradiation) ensure that spatial information on region to the basic skills of a plane
Connection with it is complete, this projection process will generate distortion of projection, and different projecting methods has heterogeneity and size
Distortion of projection.According to different customized projective parameters, original latitude and longitude coordinates translate into projection coordinate, and (projection example is shown in
Attached drawing 1).Projection transform method does not need change initial data and the problem of without the concern for pel degree of deformation, implements phase
To simple.
The mode that cracks of projection transform method is generally algorithm and cracks, can by projective parameter once projective parameter leaks
True coordinate data are calculated easily, therefore safety is poor.
Summary of the invention
Technical assignment of the invention is to provide a kind of method of Dynamic Geographical Information encryption.
Technical assignment of the invention realizes in the following manner, life cycle of the encryption method by encrypted tunnel, letter
Encryption for information module and client end AP I three parts are constituted;
The life cycle of encrypted tunnel is divided into four-stage: client application establish the channel stage, server-side Qualify Phase,
Server-side establishes the channel stage, server-side destroys the channel stage;
Information encrypting module is Information Encryption Algorithm, is to convert true longitude and latitude to encryption longitude and latitude numerical value, feeds back to
Client;
The server-side that client end AP I is used to encrypt with information interacts;Include: applying for API, coordinate transformation API and lead in channel
Road updates API.
The channel stage is established in the client application:
Client need to transmit following hardware information parameter: PC platform: operating system version number+CPU ID+ magnetic to server-side
Disk sequence number+network interface card MAC;Mobile-terminal platform: operating system version number+CPU ID+IMEI+ network interface card MAC+ manufacturer sequence code;
Server-side Qualify Phase: server-side receives the Path Setup application of client, will go in channel table to inquire whether
The equipment has had the channel of occupancy;If allowing it to establish channel without channel;
Server-side is established the channel stage: server-side generates 32 character strings as channel key at random, generates 1- at any time
Algorithmic variable of 9999999999 natural number as the channel, and channel key, algorithmic variable, client hardware information are remembered
It records in channel table;Later, unique mark of the server-side to client feedback channel key, as client request channel;
Server-side destroys the channel stage: exceeding schedule time when the client request time, server-side refuses client request
And channel is destroyed in channel table.
The Information Encryption Algorithm is made of basic algorithm and channel algorithm variable two parts;
Information Encryption Algorithm is as follows:
If constant: α=6378245.0 projects the factor;The eccentricity of the earth of β=0.00669342162296594323;
If variable: θ=channel algorithm variable 1-9999999999;(e is natural logrithm);Y=is former
Beginning latitude;The original longitude of x=;
The channel apply for API: for client to the tool-class API of server-side application encrypted tunnel;
Coordinate transformation API: original longitude and latitude is converted to for client the encryption longitude and latitude of certain encrypted tunnel;
Channel updates API: for notifying channel expired automatically, automatically updating the API of channel information.
Compared to the prior art a kind of method of Dynamic Geographical Information encryption of the invention, has the following characteristics that
1) the algorithm mechanism for using the encrypted tunnel with time-effectiveness, makes encryption data just for certain client period
Effectively, can effective prevention data sharing with crack;
2) data encryption process is of less demanding for the computing capability of computer;
Even if 3) algorithmic formula leaks, the channel algorithm variable generated due to not knowing server-side can not still be carried out reversed
It calculates.
Detailed description of the invention
Attached drawing 1 is a kind of encrypted tunnel life cycle schematic diagram of the method for Dynamic Geographical Information encryption;
Specific embodiment
Embodiment 1:
The encryption method is made of the life cycle of encrypted tunnel, information encrypting module and client end AP I three parts;
The life cycle of encrypted tunnel is divided into four-stage: client application establish the channel stage, server-side Qualify Phase,
Server-side establishes the channel stage, server-side destroys the channel stage;
The channel stage is established in client application:
Client need to transmit following hardware information parameter: PC platform: operating system version number+CPU ID+ magnetic to server-side
Disk sequence number+network interface card MAC;Mobile-terminal platform: operating system version number+CPU ID+IMEI+ network interface card MAC+ manufacturer sequence code;
Server-side Qualify Phase: server-side receives the Path Setup application of client, will go in channel table to inquire whether
The equipment has had the channel of occupancy;If allowing it to establish channel without channel;
Server-side is established the channel stage: server-side generates 32 character strings as channel key at random, generates 1- at any time
Algorithmic variable of 9999999999 natural number as the channel, and channel key, algorithmic variable, client hardware information are remembered
It records in channel table;Later, unique mark of the server-side to client feedback channel key, as client request channel;
Server-side destroys the channel stage: exceeding schedule time when the client request time, server-side refuses client request
And channel is destroyed in channel table.
Information encrypting module is Information Encryption Algorithm, is to convert true longitude and latitude to encryption longitude and latitude numerical value, feeds back to
Client;
Information Encryption Algorithm is made of basic algorithm and channel algorithm variable two parts;
Information Encryption Algorithm is as follows:
If constant: α=6378245.0 projects the factor;The eccentricity of the earth of β=0.00669342162296594323;
If variable: θ=channel algorithm variable 1-9999999999;(e is natural logrithm);Y=is former
Beginning latitude;The original longitude of x=;
The server-side that client end AP I is used to encrypt with information interacts;Include: applying for API, coordinate transformation API and lead in channel
Road updates API.
Apply for API in channel: for client to the tool-class API of server-side application encrypted tunnel;
Coordinate transformation API: original longitude and latitude is converted to for client the encryption longitude and latitude of certain encrypted tunnel;
Channel updates API: for notifying channel expired automatically, automatically updating the API of channel information.
The technical personnel in the technical field can readily realize the present invention with the above specific embodiments,.But it answers
Work as understanding, the present invention is not limited to above-mentioned several specific embodiments.On the basis of the disclosed embodiments, the technology
The technical staff in field can arbitrarily combine different technical features, to realize different technical solutions.