CN106961432B - Legal identity intelligent initialization method and device for rail transit equipment - Google Patents

Legal identity intelligent initialization method and device for rail transit equipment Download PDF

Info

Publication number
CN106961432B
CN106961432B CN201710166600.9A CN201710166600A CN106961432B CN 106961432 B CN106961432 B CN 106961432B CN 201710166600 A CN201710166600 A CN 201710166600A CN 106961432 B CN106961432 B CN 106961432B
Authority
CN
China
Prior art keywords
initialization
legal identity
target
target server
local
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201710166600.9A
Other languages
Chinese (zh)
Other versions
CN106961432A (en
Inventor
陈新溅
黎博闻
肖志均
陈锦宇
张超
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhuzhou CRRC Times Electric Co Ltd
Original Assignee
Zhuzhou CRRC Times Electric Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhuzhou CRRC Times Electric Co Ltd filed Critical Zhuzhou CRRC Times Electric Co Ltd
Priority to CN201710166600.9A priority Critical patent/CN106961432B/en
Publication of CN106961432A publication Critical patent/CN106961432A/en
Application granted granted Critical
Publication of CN106961432B publication Critical patent/CN106961432B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer And Data Communications (AREA)
  • Small-Scale Networks (AREA)

Abstract

The invention discloses a legal identity intelligent initialization method and a device for rail transit equipment, wherein the method comprises the following steps: 1) loading an initialization module in target equipment in advance; 2) when the target equipment is in communication, if legal identity initialization needs to be executed, an initialization module is started, the initialization module establishes connection between the target equipment and a target server, and judges whether a required legal identity mark corresponding to the target server exists in the local part of the target equipment or not when connection is established every time, wherein if the required legal identity mark does not exist in the local part of the target equipment, the required legal identity mark corresponding to the target server is obtained from the target server. The method can be suitable for intelligent initialization of the legal identity of the rail transit equipment, and has the advantages of simple implementation method, low required cost, high initialization efficiency, high accuracy and the like.

Description

Legal identity intelligent initialization method and device for rail transit equipment
Technical Field
The invention relates to the technical field of rail transit communication, in particular to a legal identity intelligent initialization method and device for rail transit equipment.
Background
In a rail transit train, before data communication is performed on equipment, both communication parties generally adopt an identity authentication method to ensure that both communication parties are legal equipment, when the equipment is authenticated for the first time, both communication parties need to perform initialization authentication on the legality of the other communication party, and the initialization authentication process is generally implemented by manual configuration, namely, the equipment is manually configured one by one to set the two communication parties as mutual credibility. However, in rail transit, two communication parties are usually far away from each other in physical distance, distributed relatively dispersedly, and many communication devices are provided, and the manual configuration mode needs to be adopted to deploy or configure many devices one by one, which is time-consuming, labor-consuming, inefficient, and high in cost. Therefore, it is desirable to provide a method for performing legal identity initialization on rail transit equipment, which can reduce the initialization cost and improve the initialization efficiency and accuracy.
Disclosure of Invention
The technical problem to be solved by the invention is as follows: aiming at the technical problems in the prior art, the invention provides the intelligent initialization method and the intelligent initialization device for the legal identity of the rail transit equipment, which can be suitable for the rail transit equipment to realize the intelligent initialization of the legal identity authentication, and have the advantages of simple realization method, low required cost, high initialization efficiency and high accuracy.
In order to solve the technical problems, the technical scheme provided by the invention is as follows:
a legal identity intelligent initialization method for rail transit equipment comprises the following steps:
1) loading an initialization module in target equipment in advance;
2) when the target equipment is in communication, if the target equipment is subjected to identity authentication for the first time, the initialization module is started, the initialization module establishes connection between the target equipment and the target server, and judges whether a legal identity mark corresponding to the target server exists in the local part of the target equipment or not when the connection is established every time, wherein if the legal identity mark does not exist in the local part of the target equipment, the corresponding legal identity mark is obtained from the target server.
As a further improvement of the method of the present invention, the specific execution steps of the initialization module in step 2) for establishing connection each time are as follows:
2.1) establishing server connection: establishing TCP connection between target equipment and a target server;
2.2) initializing intelligent judgment: judging whether a legal identity mark corresponding to the target server exists in the local of the target equipment, and if not, executing the step 2.3); otherwise, judging that the initialization is finished, and exiting the current initialization;
2.3) initializing intelligent execution: and sending an initialization request to the target server, acquiring a corresponding legal identity mark according to response information returned by the target server, and storing the legal identity mark to a local designated position.
As a further improvement of the method of the present invention, the specific steps of step 2.1) are:
2.11) acquiring the address of a target server and a corresponding legal identity mark from the local of target equipment, wherein the address of the target server comprises an IP address and a port number, and generating a local secret key pair consisting of a local private key and a local public key;
and 2.12) sending a connection request to the target server according to the obtained target server address and the corresponding legal identity mark until the connection is successful.
As a further improvement of the method of the present invention, the specific steps of step 2.3) are:
2.31) sending an initialization request to a target server, waiting for response information returned by target equipment, and executing the step 2.32);
2.32) receiving response information which is returned by the target server and encrypted by using the local public key and signed by using a server-side private key, wherein the response information comprises a plaintext part and a ciphertext encrypted by using the local public key, and turning to execute the step 2.33);
2.33) analyzing the received response information, and performing signature verification by using a server public key of a plaintext part in the response information, after the signature verification is passed, judging whether the current initialization is allowed according to the analysis information, if so, acquiring a ciphertext in the response information, and executing the step 2.34), otherwise, returning to execute the step 2.31);
2.34) decrypting the ciphertext by using a local private key to obtain a required legal identity mark, and switching to execute the step 2.35);
2.35) storing the obtained legal identity mark to a local appointed position, and switching to execute the step 2.36);
2.36) sending initialization completion information to the target server to complete initialization.
The intelligent legal identity initialization device for the rail transit equipment comprises an initialization module which is pre-loaded in target equipment, wherein when the target equipment is in communication, the initialization module is started if the legal identity initialization needs to be executed, the initialization module establishes connection between the target equipment and a target server, and judges whether a legal identity mark corresponding to the target server exists in the local part of the target equipment or not when the connection is established every time, wherein if the legal identity mark does not exist in the local part of the target equipment, the corresponding legal identity mark is obtained from the target server.
As a further improvement of the apparatus of the present invention, the initialization module specifically includes:
a server connection establishing unit for establishing a TCP connection between the target device and the storage target server;
the intelligent initialization judging unit is used for judging whether the local part of the target equipment has a legal identity mark corresponding to the target server or not, and if not, the intelligent initialization executing unit is executed; otherwise, judging that the initialization is finished, and exiting the current initialization;
and the intelligent initialization execution unit is used for sending an initialization request to the target server, acquiring a corresponding legal identity mark according to response information returned by the target server and storing the legal identity mark to a local designated position.
As a further improvement of the apparatus of the present invention, the server connection establishing unit specifically includes:
the system comprises an information acquisition subunit, a data processing subunit and a data processing subunit, wherein the information acquisition subunit is used for acquiring a target server address and a corresponding legal identity mark from the local of target equipment, the target server address comprises an IP address and a port number, and a local secret key pair consisting of a local private key and a local public key is generated;
and the connection subunit is used for sending a connection request to the server according to the acquired target server address and the corresponding legal identity mark until the connection is successful.
As a further improvement of the apparatus of the present invention, the initializing intelligent execution unit includes:
the request sending subunit is used for sending an initialization request to the target server and switching to the execution receiving subunit;
the receiving subunit is used for receiving response information returned by the target server, wherein the response information comprises a plaintext part and a ciphertext encrypted by using a local public key, and the response information is transferred to the execution analysis and judgment unit;
the analysis and judgment subunit is used for analyzing the received response information, performing signature verification by using a server public key of a plaintext part in the response information, judging whether the current initialization is allowed or not according to the analysis information after the signature verification is passed, if so, acquiring a ciphertext in the response information, and switching to the execution decryption subunit, otherwise, returning to the execution of the request sending subunit;
the decryption subunit is used for decrypting the ciphertext by using a local private key, acquiring a legal certificate corresponding to the target server, and transferring the legal certificate into the execution storage subunit;
the storage subunit is used for storing the obtained legal identity mark to a local specified position and transferring the legal identity mark to the execution completion information sending subunit;
and the completion information sending subunit is used for sending the initialization completion information to the target server to complete initialization.
Compared with the prior art, the invention has the advantages that:
1) based on the distribution characteristics of the rail transit equipment, the initialization module is loaded in the target equipment, when the target equipment is in communication, the initialization module is started when legal identity initialization is required, the initialization judgment and initialization process is automatically completed by the initialization module, the legal identity initialization of each equipment can be automatically completed in batches without human intervention, the realization process is simple, the efficiency and accuracy of the deployment, configuration and initialization of the rail transit equipment are effectively improved, and meanwhile the cost required by initialization can be reduced;
2) according to the invention, the target equipment and the target server stored with the corresponding legal identity mark are connected through the initialization module, whether the target equipment has the corresponding legal identity mark of the target server locally is judged, if not, the corresponding legal identity mark is acquired from the target server, and the intelligent judgment and the intelligent execution of initialization can be realized, so that the initialization process can be efficiently and intelligently completed without manual participation in the whole process.
Drawings
Fig. 1 is a schematic flow chart of an implementation of the legal identity intelligent initialization method for rail transit equipment in this embodiment.
Fig. 2 is a schematic diagram of a specific execution flow of the initialization module according to this embodiment.
Fig. 3 is a schematic diagram of a specific implementation flow of step 2.3) in this embodiment.
Fig. 4 is a detailed flowchart illustrating a method for implementing intelligent initialization of a legal identity in an embodiment of the present invention.
Fig. 5 is a schematic structural diagram of the initialization module in this embodiment.
Fig. 6 is a schematic diagram of a specific structure of the initialization smart execution unit according to this embodiment.
Detailed Description
The invention is further described below with reference to the drawings and specific preferred embodiments of the description, without thereby limiting the scope of protection of the invention.
As shown in fig. 1, the legal identity intelligent initialization method for the rail transit equipment in the embodiment includes the steps of:
1) loading an initialization module in target equipment in advance;
2) when the target equipment is in communication, if legal identity initialization needs to be executed, an initialization module is started, the initialization module establishes connection between the target equipment and a target server, and judges whether a legal identity mark corresponding to the target server exists in the local part of the target equipment or not when connection is established every time, wherein if the legal identity mark does not exist in the local part of the target equipment, the corresponding legal identity mark is obtained from the target server.
Based on the distribution characteristics of the rail transit equipment, the initialization module is loaded in the target equipment, when the target equipment is in communication, the initialization module is started when legal identity initialization is required to be executed, the initialization process is automatically completed by the initialization module, intelligent initialization of the legal identity of the equipment is realized, when the number of terminal equipment is large, the initialization of the legal identity of each equipment can be automatically completed in batches without human intervention, the realization process is simple, the efficiency and accuracy of deployment, configuration and initialization of the rail transit equipment are effectively improved, and meanwhile the cost required by initialization can be reduced.
When the initialization module is executed in this embodiment, when the initialization module establishes connection with the target server every time, a detection link for judging whether the local area of the target device has a legal identity mark matched with the target server needs to be performed, so as to detect whether the device is initialized, thereby ensuring that the device is a legal device in connection every time, reducing the risk of accessing illegal devices, and facilitating the realization of automatic replacement and update of the identity mark.
As shown in fig. 2, in this embodiment, the specific execution steps of the initialization module in step 2) to establish the connection each time are as follows:
2.1) establishing server connection: establishing TCP connection between target equipment and a target server;
2.2) initializing intelligent judgment: judging whether a legal identity mark corresponding to the target server exists in the local of the target equipment, and if not, executing the step 2.3); otherwise, judging that the initialization is finished, and exiting the current initialization;
2.3) initializing intelligent execution: and sending an initialization request to the target server, acquiring a corresponding legal identity mark according to response information returned by the target server, and storing the legal identity mark to a local designated position.
In the embodiment, the initialization module establishes a connection between the target device and the target server in which the corresponding legal identity mark is stored during the device initialization process, determines whether the target device has the corresponding legal identity mark locally, if not, acquires the corresponding legal identity mark from the target server, if so, the device is initialized, and ends the initialization process, so that the intelligent determination and intelligent execution of the initialization can be realized, and the initialization process can be efficiently and intelligently completed.
The initialization module in this embodiment is specifically a program module having the functions of establishing server connection, performing intelligent initialization judgment and performing intelligent initialization, and the initialization module is called when a legal identity needs to be initialized, so that the establishment of server connection, the intelligent initialization judgment and the intelligent initialization execution can be automatically realized, and the initialization process of the device is automatically completed.
In this embodiment, the specific steps of step 2.1) are as follows:
2.11) obtaining the address of the target server and the legal identity mark from the Local of the target device, wherein the address of the target server comprises an IP address and a port number, and generating a Local secret key pair (private key _ Local and public key _ Local) consisting of a Local private key and a Local public key;
and 2.12) sending a connection request to the target server according to the obtained target server address and the legal identity mark until the connection is successful.
As shown in fig. 3, the specific steps of step 2.3) in this embodiment are:
2.31) sending an initialization request to a target server, waiting for response information returned by target equipment, and executing the step 2.32);
2.32) receiving response information which is returned by the target server and encrypted by using a Local public key (public key _ Local) and signed by using a server-side private key, wherein the response information comprises a plaintext part and a ciphertext encrypted by using the Local public key, and then executing the step 2.33);
2.33) the received response information is checked and analyzed, signature verification is carried out by using a Server public key of a plaintext part in the response information, whether current initialization is allowed or not is judged according to analysis information after the signature verification is passed, if so, a ciphertext in the response information is obtained, and the step 2.34 is executed, otherwise, the step 2.31 is executed;
2.34) decrypting the ciphertext by using a Local private key (PrivateKey _ Local), acquiring a legal identity mark corresponding to the target server, and transferring to execute the step 2.35);
2.35) storing the obtained legal identity mark to a local appointed position, and switching to execute the step 2.36);
2.36) sending initialization completion information to the target server to complete initialization.
In this embodiment, when it is detected that the target device does not have the legal identity mark corresponding to the target server locally, and after the target device establishes connection with the target server, an initialization request is sent to the target server, where the initialization request specifically includes a train number, an exchange MAC/IP address, an interface MAC address, an initialization request mark, a local public key, a line identity mark, a digital signature, and the like, to request to acquire the legal identity mark corresponding to the target server, and wait for a response from the target server; after receiving the initialization request, the target server responds to the initialization request, encrypts by using the public key _ Local and sends response information to the target equipment, wherein the response information specifically comprises a train number, a line number, an initialization permission flag, the number of ciphertext packets, the length of the ciphertext, a digital signature and the like; and the initialization module in the target equipment analyzes the received response information sent by the target server, if the initialization is allowed, the ciphertext is decrypted by using the private key, the legal identity mark corresponding to the target server is obtained, the legal identity mark is stored to the local equipment, and then the initialization completion information is sent to the target server, so that the initialization process is completed.
Fig. 4 shows an implementation process of the method for implementing intelligent initialization of a legal identity in the embodiment of the present invention, which includes the following detailed steps:
① obtaining the server address from the local, such as IP address, port number, legal identity tag, etc., turning to ②;
②, initiating a connection request to the target server, judging whether the connection is successful, if so, turning to ③, otherwise, returning to ②;
③ checking whether there is an identity mark corresponding to the server locally, judging whether there is an identity mark, if not, turning to ④;
④ sends an initialization request to the server, and the server is switched to ⑤;
⑤ receiving the response information of initialization request, judging whether to allow initialization, if yes, turning to ⑥, otherwise returning to ④;
⑥, decrypting the ciphertext by using a Local private key (PrivateKey _ Local), judging whether the decryption is successful, and if the decryption is successful, turning to ⑦;
⑦ storing the obtained legal identity mark locally, and turning to ⑧;
⑧ sends an initialization success message to the server, and the initialization ends.
As shown in fig. 5, the initialization module of this embodiment specifically includes:
a server connection establishing unit for establishing a TCP connection between the target device and the storage target server;
the intelligent initialization judging unit is used for judging whether the local part of the target equipment has a legal identity mark corresponding to the target server or not, and if not, the intelligent initialization executing unit is executed; otherwise, judging that the initialization is finished, and exiting the current initialization;
and the intelligent initialization execution unit is used for sending an initialization request to the target server, acquiring a corresponding legal identity mark according to response information returned by the target server and storing the legal identity mark to a local designated position.
In this embodiment, the server connection establishing unit specifically includes:
the information acquisition subunit is used for acquiring a target server address and a corresponding legal identity mark from the local of the target equipment, wherein the target server address comprises an IP address and a port number, and a local secret key pair consisting of a local private key and a local public key is generated;
and the connection subunit is used for sending a connection request to the server according to the acquired target server address and the corresponding legal identity mark until the connection is successful.
As shown in fig. 6, initializing the smart execution unit in this embodiment includes:
the request sending subunit is used for sending an initialization request to the target server and switching to the execution receiving subunit;
the receiving subunit is used for receiving response information which is returned by the target server and encrypted by using the local public key, wherein the response information comprises a plaintext part and a ciphertext encrypted by using the local public key, and the response information is transferred to the execution analysis and judgment unit;
the analysis and judgment subunit is used for analyzing the received response information, verifying the signature by using a server public key of a plaintext part in the response information, judging whether the current initialization is allowed according to the analysis information after the signature verification is passed, if so, acquiring a ciphertext in the response information, switching to the execution decryption subunit, and otherwise, returning to the execution request sending subunit;
the decryption subunit is used for decrypting the ciphertext by using the local private key, acquiring a legal certificate corresponding to the target server, and transferring the legal certificate into the execution storage subunit;
the storage subunit is used for storing the obtained legal identity mark to a local specified position and transferring the legal identity mark to the execution completion information sending subunit;
and the completion information sending subunit is used for sending the initialization completion information to the target server to complete initialization.
The initialization module is simple in structure, can automatically realize the legal identity initialization process of the equipment, effectively improves the efficiency and accuracy of the deployment, configuration and initialization of the rail transit equipment, and can reduce the cost required by the initialization.
The foregoing is considered as illustrative of the preferred embodiments of the invention and is not to be construed as limiting the invention in any way. Although the present invention has been described with reference to the preferred embodiments, it is not intended to be limited thereto. Therefore, any simple modification, equivalent change and modification made to the above embodiments according to the technical spirit of the present invention should fall within the protection scope of the technical scheme of the present invention, unless the technical spirit of the present invention departs from the content of the technical scheme of the present invention.

Claims (6)

1. A legal identity intelligent initialization method for rail transit equipment is characterized by comprising the following steps:
1) loading an initialization module in target equipment in advance;
2) when the target equipment is in communication, if legal identity initialization needs to be executed, the initialization module is started, the initialization module establishes connection between the target equipment and the target server, and judges whether a legal identity mark corresponding to the target server exists in the local part of the target equipment or not when connection is established every time, wherein if the legal identity mark does not exist in the local part of the target equipment, the corresponding legal identity mark is acquired from the target server; the specific execution steps of the initialization module for establishing connection each time in the step 2) are as follows:
2.1) establishing server connection: establishing TCP connection between target equipment and a target server;
2.2) initializing intelligent judgment: judging whether a legal identity mark corresponding to the target server exists in the local of the target equipment, and if not, executing the step 2.3); otherwise, judging that the initialization is finished, and exiting the current initialization;
2.3) initializing intelligent execution: and sending an initialization request to the target server, acquiring a corresponding legal identity mark according to response information returned by the target server, and storing the legal identity mark to a local designated position.
2. The intelligent initialization method for the legal identity of the rail transit equipment according to claim 1, wherein the specific steps of the step 2.1) are as follows:
2.11) acquiring the address of a target server and a corresponding legal identity mark from the local of target equipment, wherein the address of the target server comprises an IP address and a port number, and generating a local secret key pair consisting of a local private key and a local public key;
and 2.12) sending a connection request to the target server according to the obtained target server address and the corresponding legal identity mark until the connection is successful.
3. The intelligent initialization method for the legal identity of the rail transit equipment according to claim 1 or 2, wherein the specific steps of the step 2.3) are as follows:
2.31) sending an initialization request to a target server, waiting for response information returned by target equipment, and executing the step 2.32);
2.32) receiving response information which is returned by the target server and encrypted by using a local public key and signed by using a server-side private key, wherein the response information comprises a plaintext part and a ciphertext encrypted by using the local public key, and turning to execute the step 2.33);
2.33) analyzing the received response information, and performing signature verification by using a server public key of a plaintext part in the response information, after the signature verification is passed, judging whether the current initialization is allowed according to the analysis information, if so, acquiring a ciphertext in the response information, and executing the step 2.34), otherwise, returning to execute the step 2.31);
2.34) decrypting the ciphertext by using a local private key to obtain a legal identity mark corresponding to the target server, and executing the step 2.35);
2.35) storing the obtained legal identity mark to a local appointed position, and switching to execute the step 2.36);
2.36) sending initialization completion information to the target server to complete initialization.
4. The intelligent legal identity initialization device for the rail transit equipment is characterized by comprising an initialization module which is pre-loaded in target equipment, wherein the initialization module specifically comprises:
a server connection establishing unit for establishing a TCP connection between the target device and the storage target server;
the intelligent initialization judging unit is used for judging whether the local part of the target equipment has a legal identity mark corresponding to the target server or not, and if not, the intelligent initialization executing unit is executed; otherwise, judging that the initialization is finished, and exiting the current initialization;
the intelligent initialization execution unit is used for sending an initialization request to the target server, acquiring a corresponding legal identity mark according to response information returned by the target server and storing the legal identity mark to a local designated position;
when the target equipment is in communication, if legal identity initialization needs to be executed, the initialization module is started, the initialization module establishes connection between the target equipment and the target server, and judges whether a legal identity mark corresponding to the target server exists in the local part of the target equipment or not when connection is established every time, wherein if the legal identity mark does not exist in the local part of the target equipment, the corresponding legal identity mark is acquired from the target server.
5. The intelligent initialization apparatus for legal identity of rail transit equipment according to claim 4, wherein the server connection establishing unit specifically comprises:
the system comprises an information acquisition subunit, a data processing subunit and a data processing subunit, wherein the information acquisition subunit is used for acquiring a target server address and a corresponding legal identity mark from the local of target equipment, the target server address comprises an IP address and a port number, and a local secret key pair consisting of a local private key and a local public key is generated;
and the connection subunit is used for sending a connection request to the server according to the acquired target server address and the corresponding legal identity mark until the connection is successful.
6. The legal identity intelligent initialization device for rail transit equipment according to claim 4 or 5, the initialization intelligent execution unit comprising:
the request sending subunit is used for sending an initialization request to the target server and switching to the execution receiving subunit;
the receiving subunit is used for receiving response information returned by the target server, wherein the response information comprises a plaintext part and a ciphertext encrypted by using a local public key, and the response information is transferred to the execution analysis and judgment unit;
the analysis and judgment subunit is used for analyzing the received response information, performing signature verification by using a server public key of a plaintext part in the response information, judging whether the current initialization is allowed or not according to the analysis information after the signature verification is passed, if so, acquiring a ciphertext in the response information, and switching to the execution decryption subunit, otherwise, returning to the execution of the request sending subunit;
the decryption subunit is used for decrypting the ciphertext by using a local private key, acquiring a legal certificate corresponding to the target server, and transferring the legal certificate into the execution storage subunit;
the storage subunit is used for storing the obtained legal identity mark to a local specified position and transferring the legal identity mark to the execution completion information sending subunit;
and the completion information sending subunit is used for sending the initialization completion information to the target server to complete initialization.
CN201710166600.9A 2017-03-20 2017-03-20 Legal identity intelligent initialization method and device for rail transit equipment Active CN106961432B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710166600.9A CN106961432B (en) 2017-03-20 2017-03-20 Legal identity intelligent initialization method and device for rail transit equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710166600.9A CN106961432B (en) 2017-03-20 2017-03-20 Legal identity intelligent initialization method and device for rail transit equipment

Publications (2)

Publication Number Publication Date
CN106961432A CN106961432A (en) 2017-07-18
CN106961432B true CN106961432B (en) 2020-06-26

Family

ID=59471268

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710166600.9A Active CN106961432B (en) 2017-03-20 2017-03-20 Legal identity intelligent initialization method and device for rail transit equipment

Country Status (1)

Country Link
CN (1) CN106961432B (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102546523A (en) * 2010-12-08 2012-07-04 中国电信股份有限公司 Security certification method, system and equipment for internet access
CN104980920A (en) * 2015-05-20 2015-10-14 小米科技有限责任公司 Method and device for establishing communication connection of intelligent terminal
CN105049401A (en) * 2015-03-19 2015-11-11 浙江大学 Secure communication method based on intelligent vehicle
CN106506442A (en) * 2016-09-14 2017-03-15 上海百芝龙网络科技有限公司 A kind of smart home multi-user identification and its Rights Management System

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030177210A1 (en) * 2002-03-12 2003-09-18 Stringham Gary G. Method and device for specifying initialization tasks for a peripheral device

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102546523A (en) * 2010-12-08 2012-07-04 中国电信股份有限公司 Security certification method, system and equipment for internet access
CN105049401A (en) * 2015-03-19 2015-11-11 浙江大学 Secure communication method based on intelligent vehicle
CN104980920A (en) * 2015-05-20 2015-10-14 小米科技有限责任公司 Method and device for establishing communication connection of intelligent terminal
CN106506442A (en) * 2016-09-14 2017-03-15 上海百芝龙网络科技有限公司 A kind of smart home multi-user identification and its Rights Management System

Also Published As

Publication number Publication date
CN106961432A (en) 2017-07-18

Similar Documents

Publication Publication Date Title
CN106850680B (en) Intelligent identity authentication method and device for rail transit equipment
CN109246053B (en) Data communication method, device, equipment and storage medium
EP3529965B1 (en) System and method for configuring a wireless device for wireless network access
EP3723399A1 (en) Identity verification method and apparatus
CN106464499B (en) Communication network system, transmission node, reception node, message checking method, transmission method, and reception method
CN105119939B (en) The cut-in method and device, providing method and device and system of wireless network
JP2020064668A5 (en)
CN113099443B (en) Equipment authentication method, device, equipment and system
CN105634737B (en) Data transmission method, terminal and system
CN112559993B (en) Identity authentication method, device and system and electronic equipment
CN105847247A (en) Authentication system and working method thereof
TW201706900A (en) Method and device for authentication using dynamic passwords
CN109218263A (en) A kind of control method and device
EP3182673A1 (en) Main stream connection establishment method and device based on mptcp
CN105792194B (en) Authentication method, authentication device, the network equipment, the Verification System of base station legitimacy
JP2012530311A5 (en)
CN110061849A (en) Verification method, server, mobile unit and the storage medium of mobile unit
CN110113745A (en) Verification method, server, mobile unit and the storage medium of mobile unit
CN104836784A (en) Information processing method, client, and server
WO2017206524A1 (en) Electronic device control method, terminal and control system
CN111800377B (en) Mobile terminal identity authentication system based on safe multi-party calculation
CN113920616B (en) Method for safely connecting vehicle with Bluetooth key, bluetooth module and Bluetooth key
CN113316149A (en) Identity security authentication method, device, system, wireless access point and medium
CN106339623B (en) Login method and device
WO2018099407A1 (en) Account authentication login method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant