CN111092860A

CN111092860A - Medical data safety interaction transmission module

Info

Publication number: CN111092860A
Application number: CN201911184826.7A
Authority: CN
Inventors: 李海燕; 张瑞; 王兴蕾; 尹立青; 郝红旗; 杨雪静; 徐文博; 幺子顺; 董智辉; 梁慧玲
Original assignee: Beijing Times Smart Iot Technology Co Ltd
Current assignee: Beijing Times Smart Iot Technology Co Ltd
Priority date: 2019-11-27
Filing date: 2019-11-27
Publication date: 2020-05-01

Abstract

The invention provides a medical data safety interactive transmission module, which consists of a hardware part and a software part, wherein the hardware part consists of a processor, an RAM, an ROM, a network interface, a parallel port, a serial port, a safety certification encryption and decryption chip and a random number generation chip, and a hardware supporting platform of a system is formed together; the processor, the RAM and the ROM form a basic system and a software running platform; the software part of the medical data safety interaction transmission module consists of a Linux operating system which is configured and compiled with a protocol stack of IPv6, a development safety chip, a driving module, a driver of a universal bus, a transmission module, a network communication program, a safety certification encryption and decryption chip, a certification module, a control program module and the like.

Description

Medical data safety interaction transmission module

Technical Field

The invention relates to the technical field of medical equipment communication, in particular to a medical data safety interaction transmission module.

Background

In recent years, the attention of people on data safety is constantly increased, various protection measures are adopted by various industries to protect the data safety of the industries, and the data safety situation of the medical industry is not optimistic.

The existing data management and control system of the medical industry is to be perfected, although the data security consciousness is gradually enhanced in the face of data threat to medical organization, a unified management mechanism is not established about data management and control, the perfection of the data management and control system is relatively lagged, and external attack risks are caused.

In the face of data security threats and current situations in the medical industry, medical information batch leakage is focused on through accumulation in the medical industry for many years, a coping idea of active defense is given, and a solution for encrypting data interface transmission interaction is provided.

Disclosure of Invention

The invention aims to provide a medical data security interaction transmission module, which is a security module supporting external medical data to a universal bus and having an encryption function and can realize the authentication encryption transmission of 8/32-bit parallel port data and serial port data in an external network environment in a server or client mode. According to the functional application requirements, the design is realized in a hardware and software mode, and on the premise of finishing the functional indexes, the design of improving the reliability and compatibility is strived to.

The purpose of the invention is realized by the following technical scheme: a medical data security interaction transmission module is composed of a hardware part and a software part, wherein the hardware part is composed of a processor, an RAM, an ROM, a network interface, a parallel port, a serial port, a security authentication encryption and decryption chip and a random number generation chip, and a hardware supporting platform of a system is formed by the hardware part and the software part; the processor, the RAM and the ROM form a basic system and a software running platform;

the software part of the medical data safety interaction transmission module consists of a Linux operating system which is configured and compiled with a protocol stack of IPv6, a development safety chip, a driving module, a driver of a universal bus, a transmission module, a network communication program, a safety certification encryption and decryption chip, a certification module, a control program module and the like;

the working mode of the security authentication encryption and decryption chip adopts a block cipher algorithm and adopts a CTR working mode, so that the current encryption or decryption state can be switched to the decryption or encryption state synchronous with the other party at any time;

the network interface consists of an 802.3Ethernet MAC and an Ethernet PHY, and specifically comprises a network chip, a network transformer, an RJ-45 interface socket and the like, and forms a data link layer and a physical layer of the lowest two layers in a network model, wherein the layers in the network model are realized by an operating system and software;

the software part is set to two working modes of a TCP server side or a client side, carries out bidirectional authentication on a connected client or server, negotiates a session key, and then carries out data communication to encrypt and communicate by using the session key;

furthermore, the ARM processor interface selects a 5V level and selects a network chip model of 10M/100M to match with the ARM processor interface.

Further, the software portion may be configured to operate as a TCP server or client, to authenticate a connected client or server bidirectionally, and to negotiate a session key, and subsequent data communications will be encrypted using the session key.

Further, an external MCU interface arranged at the client comprises an 8/32 bit parallel port mode and a serial port mode, the external MCU uses any one of the parallel port or the serial port connection to access and control the medical data security interaction transmission module through a driving program, and authentication encryption communication of the parallel port-network and the serial port-network is realized.

Further, the parallel port mode is set as a TCP server, the external MCU inputs corresponding parameters from the parallel port and transmits the parameters into the dual port RAM in the FPGA, starting from address 5, one address can use three bytes, and the parameters are as follows:

< port > < password > < overflow time > < Hardware/Sotfware > and carriage return;

a parameter description;

netcs is a command;

the < port > is a port number for monitoring and ranges from 1025 to 65535;

< password > is a user private key password;

the overflowtime is overflow time, the unit is second, when the client is connected, authentication is not carried out in the overflow time, or no data is transmitted in the overflow time after the authentication, the current connection is quitted, and the monitoring is continued to wait for the connection of other users;

selecting Hardware or software encryption, inputting lower case H or upper case H as Hardware encryption, and inputting lower case S or upper case S as software encryption;

the parallel mode is set as a TCP client, and the external MCU inputs parameters from the parallel to the dual port RAM of the FPGA (starting from address 5, one address can be three bytes): cs < port > < dst IPv6> < dst user ID > < password > < overflow time > < Hardware/Software > and carriage returns,

description of the parameters:

the < port > is a port number for monitoring and ranges from 1025 to 65535;

< dst IPv6> Server IPv6 address;

< dstuser ID > server user ID, range 1-65535;

< password > is a user private key password;

the overflow time is the overflow time, the unit is second, after the server is connected, the reverse authentication is not received in the overflow time, or no data transmission exists in the overflow time after the authentication, the current connection program is quitted, and the server continues to monitor and wait for the connection of other users;

after the server and the client are connected and authenticated, the server and the client can both receive the prompt message of Authentication OK, and then the server and the client can directly receive and transmit data through the serial port for communication.

Further, the serial port mode is set as a TCP server, and an external MCU inputs a command from the serial port: cs is

< port > < password > < overflow time > < Hardware/Sotfware > and carriage return

Description of the parameters:

netcs is a command;

the < port > is a port number for monitoring and ranges from 1025 to 65535;

< password > is a user private key password;

the parallel port mode is set as a TCP client, and an external MCU inputs a command from a serial port: cs < port > < dst IPv6> < dst user ID > < password > < overflow time > < Hardware/Software > and carriage return

Description of the parameters:

cs is a command;

the < port > is a port number for monitoring and ranges from 1025 to 65535;

< dst IPv6> Server IPv6 address;

< dstuser ID > server user ID, range 1-65535;

< password > is a user private key password;

after the connection Authentication of the server and the client, both will receive Authentication OK! The two parties can directly receive and send data through the serial port to communicate with each other.

Compared with the prior art, the invention has the beneficial effects that: the user of the invention can carry out authentication and data encryption transmission only by simple configuration without considering the control of the network, and the invention has high safety and reliability. The invention provides two interfaces: a user configurable 8/32 bit parallel and serial port. The parallel port can provide high transmission rate, is suitable for high-speed data transmission occasions, is simple, convenient and quick in serial port connection configuration, and is suitable for occasions insensitive to data time delay requirements.

Drawings

FIG. 1 is a general schematic of the present invention;

FIG. 2 is a schematic diagram of the connection of the MCU of the present invention through the 8/32 bit parallel port;

FIG. 3 is a schematic diagram of the MCU of the present invention connected via a serial port;

FIG. 4 is a flow chart of the parallel port mode setup of the present invention;

FIG. 5 is a schematic view of the 8/32 bit parallel port of the present invention;

FIG. 6 is a schematic diagram of a parallel port test of the present invention;

FIG. 7 is a schematic diagram of a serial port test of the present invention;

FIG. 8 is a schematic diagram of a product architecture of the present invention;

FIG. 9 is a software architecture diagram of the present invention;

fig. 10 is a schematic diagram of the authentication communication architecture of the present invention.

Detailed Description

The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all embodiments, and all other embodiments obtained by a person of ordinary skill in the art without creative efforts based on the embodiments of the present invention belong to the protection scope of the present invention.

As shown in fig. 1-7, a medical data secure interactive transmission module is composed of a hardware portion and a software portion, wherein the hardware portion is composed of a processor, a RAM, a ROM, a network interface, a parallel port, a serial port, a secure authentication encryption/decryption chip and a random number generation chip, and jointly constitutes a hardware support platform of a system; the processor, the RAM and the ROM form a basic system and a software running platform;

the processor, the RAM, the ROM and the like form a basic system and software running platform; the network interface consists of 802.3Ethernet MAC and Ethernet PHY, and specifically comprises a network chip, a network transformer, an RJ-45 interface socket and the like, and forms a data link layer and a physical layer of the bottom two layers in a network model, wherein the layers in the network model are realized by an operating system and software. The safety chip is used for encrypting communication data and is connected with the processor through a general bus, and the random number generation chip is used for generating a true random number for an authentication process; the MCU interface comprises 8/32 parallel ports and serial ports, and an external MCU can access the control network module through a driver by using the parallel ports or the serial ports to realize authentication encryption communication of parallel port-network and serial port-network.

in this embodiment, the ARM processor interface selects a 5V level and selects a network chip model of 10M/100M to match with the ARM processor interface.

In this embodiment, the software part may be set to a TCP server or a client operating mode, perform bidirectional authentication on a connected client or server, negotiate a session key, and perform subsequent data communication using the session key to encrypt communication.

In summary, the components of the network module of the invention are electrically connected.

The network module may be configured as a server or a client. The network module, which is configured as a server, is in a wait-for-connection state. And after the client is connected to the server, sending an authentication and negotiation session key data packet to the server. The server receives a data packet with a correct word length, reads a local ECC private KEY from a local Flash, decrypts the local ECC private KEY by a password input by a user from a parallel port or a serial port, and decrypts the data packet by the decrypted ECC private KEY, wherein the data packet is in a structure of source ID + destination ID + session KEY + MAC _ KEY + count + ECC signature. The server checks whether the target ID is a local ID, checks whether a count value is in a range from a receiving count value of the source ID stored in a local Flash to count +2000, if so, assigns the count value to the receiving count and stores the receiving count value in a cnt file corresponding to the source ID in the Flash, searches an ECC public key of the client according to the source ID, and uses the public key to verify the signature of the other party. And after the verification is passed, reading the session key information sent by the client and assigning the session key information to a corresponding variable, generating a certification and negotiation session key packet of the existing party, signing by using an ECC (error correction code) private key of the existing party, encrypting by using a public key of the client and sending to the client. After receiving the authentication and negotiation session KEY data packet, the client decrypts the data packet by using a local ECC private KEY stored in local Flash after decrypting the data packet by using a user password, and the data packet structure is a source ID + a destination ID + a session KEY + IV + count + ECC signature. The client checks whether the destination ID is a local machine, checks whether the source ID is a source ID which the local machine requests for authentication, checks whether a count value is in a range from a receiving count value of the source ID stored in a local Flash to count +2000, if the count value is in the range, assigns the count value to the receiving count and stores the count value in a cnt file of the source ID corresponding to the Flash, checks whether the received session KEY is consistent with a value specified when the local machine sends authentication, reads a corresponding ECC public KEY according to the source ID to carry out verification signature, and after the verification is passed, the two parties use a negotiated session KEY, namely the SCB2 to encrypt and decrypt session KEY and IV values required by authentication code and the MAC _ KEY required by the CMAC message authentication code to carry out bidirectional encrypted data communication. After authentication, the data packet of the opposite party is received, MAC verification is carried out firstly, and then SCB2 decryption is carried out. When the two parties send the count value, the sending count value in the ID.cnt file corresponding to the target ID stored in the local Flash is read first, 1 is added to the sending count value, the sending count value is placed in an authentication packet, and the corresponding value stored in the Flash is updated. Key, the private key is a value encrypted by an SSX30-E encryption chip, and contains the private key and a user name corresponding to the private key, and before the private key is used, the private key is decrypted by inputting a password by a user. The public key file is ID.key, and the corresponding sending and receiving counting file is ID.cnt. The process of replacing the private key is to copy a new ephevate. And adding the new user, and only copying the public key of the new user and the cnt counting file. And deleting the user only by deleting the public key and the cnt counting file corresponding to the user.

In this embodiment, the external MCU interface set in the client includes an 8/32-bit parallel port mode and a serial port mode, and the external MCU uses any one of the parallel port and the serial port connection to access the control medical data security interaction transmission module through the driver, so as to implement authentication encryption communication between the parallel port-network and the serial port-network.

In this embodiment, the parallel port mode is set as a TCP server, the external MCU inputs corresponding parameters from the parallel port and transmits the parameters to the dual port RAM in the FPGA, and starting from address 5, one address can use three bytes, and the parameters are as follows:

a parameter description;

netcs is a command;

the < port > is a port number for monitoring and ranges from 1025 to 65535;

< password > is a user private key password;

description of the parameters:

the < port > is a port number for monitoring and ranges from 1025 to 65535;

< dst IPv6> Server IPv6 address;

< dstuser ID > server user ID, range 1-65535;

< password > is a user private key password;

In this embodiment, the serial port mode is set as a TCP server, and the external MCU inputs a command from the serial port:

cs < port > < password > < overflow time > < Hardware/Sotfware > and carriage return

Description of the parameters:

netcs is a command;

the < port > is a port number for monitoring and ranges from 1025 to 65535;

< password > is a user private key password;

Description of the parameters:

cs is a command;

the < port > is a port number for monitoring and ranges from 1025 to 65535;

< dst IPv6> Server IPv6 address;

< dstuser ID > server user ID, range 1-65535;

< password > is a user private key password;

The design of the hardware part of the invention comprehensively considers various factors such as the integration level of a chip, the maturity and the availability of an application circuit, the cost performance, the technical support (including the support of corresponding driving software), the popularization condition of market application, the expandability and the safety of a product and the like on the premise of finishing the function and the performance required by the design, strives for concise hardware and low power consumption (reducing the complexity of distributing a PCB, effectively reducing the fault rate and the power consumption of the hardware part, reducing electromagnetic radiation, having a certain effect on resisting the attacks of SPA, DPA and EMA, and facilitating the upgrading expansion of the product on the original basis) so as to accelerate the research and development process and improve the success rate and the marketing speed of the product research and development.

In order to further improve the capacity of resisting interference, resisting side channel attack and reducing electromagnetic radiation, the shielding shell can be used for shielding the circuit board. The applicant considers that the ARM processor is mainly powered by 3.3V, and the parallel port equipment of the external interface mainly has 3.3V or 5V interface level, and the selected ARM processor interface can tolerate the 5V level, so that the level compatibility of the product is improved. The 10M/100M adaptive network chip is selected, so that the product can be used in a 100M or 1000M network environment. The serial port transmission mode is provided, which is convenient for the access of a more popular serial port (can be switched into the industrial differential transmission mode such as 485/422 and the like to improve the transmission distance), and is suitable for low-speed transmission occasions. The 8/32 bit parallel port provides high speed transmission application, and the interface level is TTL level.

The software part of the invention generally uses an operating system to schedule and manage resources because the processor needs to use more peripheral resources, and considers that the prior Linux operating system already supports a network protocol stack and has open and mature source codes, thus being suitable for being applied to the project. In the Linux environment, a security chip, a driver of a universal bus, a network communication program and an authentication encryption part are developed. The data encryption working mode takes the actual situation of real-time interactive communication of two parties into consideration, and the packet cipher algorithm adopts the CTR working mode, so that the current encryption or decryption state can be switched to the decryption or encryption state synchronous with the other party at any time, and vice versa.

In the design of the program reliability, the abnormal return condition is considered, and error information is displayed or corresponding processing is carried out. For example, in the process of encrypted communication, the server program does not send and receive data within a set time, and should quit the current communication and wait for other users to access, so as to prevent the server from refusing to provide services for other users due to network interruption and the like. The design of the security protocol needs to take the existing attack mode into consideration and formulate a proper security protocol. In the key agreement, keys generated by both communication parties are required to form a key required by the whole encrypted communication, so that the attack is prevented.

In the key agreement, keys generated by both communication parties are required to form a key required by the whole encrypted communication, so that the attack is prevented.

The security protocol and key agreement is designed as follows:

the cryptographic algorithm chip adopts a SSX30-E chip certified by the State and Key office, provides an SCB2 algorithm, tests according to an instruction manual thereof, and can normally work. The ECC encryption and decryption algorithm, the ECC signature and verification algorithm and the like use a code library Libtomcrypt with a source code open, the version of the code library Libtomcrypt is 1.17, and in order to adopt a hash algorithm SM3 with a code open by the State encryption Bureau, the SM3 algorithm is realized and added into the Libtomcrypt library so as to facilitate the ECC encryption and decryption, signature and verification to be directly called. The corresponding fast math library tomsfastmath, version 0.10. Libtomcrypt and tomsfastmath are public libraries of source codes, the correctness of the Libtomcrypt and tomsfastmath can be subjected to public inspection, and the actual measurement result also proves that the Libtomcrypt and tomsfastmath can work correctly.

The generation and management of ECC public and private keys are described in detail below

The key generation method comprises the steps of running a key generation function, obtaining a key stream by taking the parameters of a user password and a user ID, and then respectively deriving a public key stream and a private key stream. Since the public key is public, it does not need to be encrypted, so we can directly store the public key stream to the corresponding public key file ID.

For the private key stream, two bytes of ID identification are added at the end of the private key stream, so that the value of the local ID can be conveniently extracted in the authentication process.

Then, the private key stream needs to be encrypted first, and then stored in the private key file ephevate. This is to ensure that the private key is stored locally. The process of encrypting the private key stream is as follows.

Firstly, a parameter user password is used as an input of a hash function algorithm SM3, a hash value of 256 bits can be generated, the hash value is divided into two 128-bit hashes 1 and hash2, and the two hashes are used as keys (the key length of an encryption chip is 128 bits) of an encryption chip SSX30-E to encrypt a private key stream.

The private key stream is subjected to a first round of encryption by using the hash1 as the key of the SSX30-E, the obtained encryption result is subjected to a second round of encryption by using the hash2 as the key of the SSX30-E to obtain a final encryption result, and the final encryption result is stored in a private key file (containing the user ID).

After a group of public and private key files are generated, a private key is distributed once, and the names of the private key files are the same, so that the next generated private key covers the currently generated private key, and the generated private key file can be prevented from being recovered from a key generation position, and the public key file and the communication counting file cannot be covered due to different IDs. After the keys of all the users are generated, a group can be generated to cover the private key file of the last user, so that the security of the key of the last user is ensured.

And (4) key distribution, namely distributing a private key file (ephevate.key) corresponding to each ID by each user, and distributing other public key files (ID.key) and communication counting file (ID.cnt) sets of other users.

Key, public key file set and communication counting file set are put under the working directory, and the communication software calls the local private key, the public key of the communication counterpart and the corresponding communication counting file for use in the authentication process. The private key is encrypted by an encryption chip SSX30-E, and when the private key is used, the private key needs to be decrypted by the reverse process generated by the key at the position of instantly inputting a user password through a parallel port or a serial port.

And (4) storing the secret key, wherein the private key file, the public key file set and the communication counting file set are stored in a working directory on a Flash medium.

And (4) key backup, namely, the private key file, the public key file set and the communication counting file set can be backed up to a local Flash backup directory in a simple and convenient way of copying, or transmitted to other storage media such as a U disk through ftp for backup. The user password is not stored in the network module, needs to be memorized by the user, or is written into the equipment needing to be connected with the parallel port or the serial port, and is input through the parallel port or the serial port when in application.

And (4) replacing the key, and generating a new private key file ephevate.key, a new public key file ID.key and a new communication counting file ID.cnt by using the key generation program again. And updating the local private key by using the new private key file, and updating the public key and the communication counting file of the user by using other users.

And key destruction, namely, in order to achieve higher security performance except for the mode mentioned in the key generation part, overwriting is carried out on the key file needing to be destroyed for a specified number of times and a specified data pattern according to the data overwriting standard requirement, so as to achieve the purpose of preventing data recovery. In addition, the probability of recovery by other means is potentially increased in consideration of the remanence effect of the hard disk storage medium, and data can be safely destroyed as long as the data is completely covered by adopting semiconductor media such as Flash and the like to store data due to the fact that the remanence effect is not generated.

The designed authentication and session key agreement protocol is as follows:

A->B:EBk(A||B||KEY||MAC_KEY||count||SignA

(HASH(A||B||KEY||MAC_KEY||count)))

wherein A is a source address; b is a destination address; KEY is a temporarily generated session KEY; MAC _ KEY is a KEY used for making MAC in the session; the count is the count value of the number of times A sends to B; SignA (HASH (a | | B | | KEY | | MAC _ KEY | | count)) is a private KEY of a used to sign the HASH value of the information; finally, EBk encrypts all information using the public key of the destination address B.

B->A:EAk(B||A||KEY||IV||count||SignB(HASH

(B||A||KEY||IV||count)))

Wherein B is a source address; a is a destination address; KEY is the session KEY sent from A to B; IV is a conversation initial vector temporarily generated by B; the count is the count value of the number of times B sends to A; sign B (HASH (B | | a | | KEY | | IV | | | count)) is a private KEY of B used to sign the HASH value of the information; finally EAk is the encryption of all information using the public key of the destination address a.

B decrypts the information by using the private key of B after receiving the authentication information packet of A, and if the information fails, the information is damaged or is an invalid value; if the address is correct, checking whether the destination address is the address of the user, otherwise, indicating that the destination address is the information which can be transferred or reflected; if the message is a forged message, checking whether the count value is between the locally stored receiving count value communicated with the A and the count +2000, and if the message is incorrect, indicating that the message is a forged message or a replayed message; if the source address is correct, the corresponding public key is searched according to the source address, and if the source address is not correct, the source address is wrong or the own public key library is not updated. And if the public key is found, verifying whether the signature information is correct by using the public key. Incorrect indicates that the packet is corrupted or is a counterfeit packet. The count value is processed by considering that when the sender authenticates to the receiver, the receiver does not receive the message due to network problems, the receiving count value of the receiver cannot be increased by itself, the sender increases the count value by itself after sending the message, and the count value of the sender is larger than the receiving count value when the sender communicates next time. If the sender sends the authentication, the receiver needs to receive the reverse authentication of the receiver and then self-increment the count value, if the network problem causes the receiver to receive the authentication and self-increment the count value, the information of the reverse authentication to the sender is blocked, the sender does not receive the information but does not self-increment the count value, and thus the count value of the receiver is larger than the count value of the sender. Thus, both party count values may be greater than the counterpart value due to network problems and cannot be determined to be legitimate. Therefore, two corresponding receiving and transmitting sides are set to have two count values, namely a sending count value and a receiving count value. The sender reads the count value of the corresponding communication party, sends the authentication containing the self increment 1 and stores the count value after the self increment 1. After receiving, the receiving party compares the received count value with the corresponding receiving count value of the sending party. Since the receiver may not receive the message due to a network problem, the sending count value of the sender is always equal to or greater than the receiving count value of the receiver, and a range greater than this is set, for example, a range less than 2000 is set for comparison. If the receiving party receives the value normally, the receiving counter value is updated to the newly received counter value after the value is compared to be in the correct range. Thus, if the successfully communicated information is replayed by the enemy, the count value is smaller than the received count value, and the receiver refuses to communicate with the successfully communicated information after judging.

After receiving the reverse authentication packet of B, a checks whether the destination address is a local address and the source address is the source address of the authentication request itself, similarly to the above steps. Meanwhile, a needs to compare whether the received session KEY is consistent with the session KEY sent by itself. If the two authentication information are inconsistent, the B can not correctly decrypt the authentication information sent by the A, but sends back an authentication packet to attempt to communicate with the A, and possibly deceptive communication. If the two information are consistent, the information sent by the A can be correctly decrypted by the B, and whether the signature is correct or not is continuously verified.

A. After B is authenticated bidirectionally, a session KEY KEY temporarily generated by A, a message authentication code KEY MAC _ KEY and a session initial vector IV temporarily generated by B are negotiated. The latter may then use symmetric cryptography for conversational communication.

A->B:EKEY(M)||CMACMAC_KEY(EKEY(M))

After receiving the information, the MAC is verified to be correct, and if the MAC is incorrect, the data is damaged or forged. And if the decryption is correct, the decryption is normally carried out.

In the working mode of the block cipher, because the CTR mode has no short circulation, the security level equal to that of the block cipher under the attack of selecting the plaintext is provided, a decryption program is not needed, the block cipher is allowed to randomly access the plaintext, the block cipher encryption and decryption method is suitable for bidirectional interactive communication needing to be interrupted and recovered at any time, and the input plaintext does not need to be equal to the length of the block, so the CTR mode is selected.

The above steps complete A, B mutual authentication of the identity and negotiation of the session key.

The authentication packet specifies the communication source and destination addresses to prevent transfer replay and reflection replay.

The messages in both directions are asymmetric in the authentication, which prevents reflected replay.

When ECC signature and encryption are carried out, random numbers are added in the ECC signature and encryption, so that even if signature and encryption of the same message content are processed, the result is not the same.

And a communication source address and a communication destination address are specified, a single session thread is limited in communication, and parallel session attack is prevented.

The public key of the communication counterpart is preset, and the main identity information is added into the message to prevent binding attack.

And recording the communication count, wherein the count is monotonically increased, and the count is compared with the record every time so as to prevent replay attack. The sending count and the receiving count of the corresponding user are both stored in the corresponding id.cnt file.

The signature of the abstract can distinguish the signature of an information source and whether the information source is tampered, and authentication, non-repudiation and data integrity are provided.

The encryption is carried out by the public key of the other party, so that confidentiality is provided, and a person without a private key cannot know the communication content.

The set of the private key of the party and the public key of the other party is stored in a file form, so that the secret key can be conveniently replaced without recompiling a program. The public key is stored in a plaintext form, the file name is ID.key, the ID is a user identification number, the private key is stored in a ciphertext form, the private key file comprises the user ID corresponding to the private key, and the user private key names are all ephevate. When the method is applied, the encrypted private key is read, and the private key is input through a parallel interface or a serial port and then used after being decrypted, so that an enemy can be prevented from invading through a network or directly entering a system and then copying and stealing the private key. After the private key is encrypted, even if an opposite party steals the private key file, the private key cannot be decoded and obtained due to the fact that an encryption chip is not arranged. Even if owned, the encryption pieces of SSX30-E must be decrypted first. The execution program does not have the password, and the password is temporarily input from the outside through the parallel port or the serial port in the running process, so that the execution program cannot be directly used even if the execution program is stolen. Since the PKCS #1v2.1 has a special tag parameter, even if the same key is used, an ECC system adopting a tag of a different or other version after stealing the key cannot decrypt correctly.

The complete session key does not exist in the process of one-time authentication communication, and even if attack and decoding are required, the private keys of two parties are required to be obtained firstly to obtain complete session key information, and then calculation is carried out, so that the attack cost is increased. If the session data is directly decrypted, the session KEY and the session IV are required to be obtained. If the session data needs to be forged, the MAC _ KEY forged message authentication code also needs to be obtained.

The following is a session for transmitting a large amount of data by using KEY, if MAC is added to the data, an attacker can be prevented from cheating or tampering the communication data by using other data, similar count can be added to prevent replay, but identity identification cannot be provided, and if identification is required, the speed is affected by adding a signature, and especially, an application with high real-time requirement is sensitive to time delay.

The SCB2 algorithm of the SSX30-E chip only provides three modes of ECB, CBC and OFB, the ECB can not be directly applied generally because the same ciphertext is obtained from the same plaintext, the latter two modes need to work continuously and are not interrupted, otherwise, the ECB needs to be repeated, and the encryption and decryption have some problems during the frequent interactive communication of data. In the project, based on the basic mode of an SSX30-E chip ECB, a CTR working mode is simulated by software.

In the program, the robustness of communication is considered from the communication point of view, and after the client is connected with the server, bidirectional authentication is required. When the waiting authentication time exceeds the overflow time, the current connection is stopped, and the server enters a listening connection state, so that other clients can connect to the server. After the client is connected and authenticated, data communication is carried out with the server, after the data communication is finished, no data is received or sent within the overflow time, the client closes the connection, and meanwhile the server is informed to close the connection. Similarly, if the server reaches the overflow time first in this case, the server closes the connection, and in turn notifies the client to close the connection. Or in the connection process, when the network is blocked due to failure, both the client and the server in data communication automatically close the connection because no data is transmitted within the overflow time set by the client and the server, so that the server can continuously enter the interception connection to provide services for other clients without being dragged by the failure to provide services for other clients.

The operating system uses linux with open source code, whose version is 2.3.16. In order to improve the capacity of resisting interference and side channel attack of products and reduce electromagnetic radiation, a physical protection measure is adopted to shield the module by using a metal shielding shell.

The serial port uses RX, TX and GND in a standard RS-232 serial port to carry out three-wire system communication. The setting process of the parallel port is carried out in a 32-bit mode.

Serial applications for example:

one end inputs command cs 30001234567820 s enter, set to server mode and enter listening state. And the other end inputs cs 30002001:: 1:20c:29ff: fe5f:116c 167058765432115 s for carriage return, the client mode is set, an authentication request is sent to the server, the server verifies and sends a reverse authentication request to the client, and after the client verifies, the two parties can carry out bidirectional data communication under the encryption of the negotiated session key. And when the data transmission of the client is finished and the server data does not need to be received, the client closes the connection after 15 seconds of delay. After receiving the connection closing signal, the server re-enters the state of interception connection and waits for the next client to continuously request authentication and communication. Or in the transmission process after the client is connected, the closing request of the client is not received due to network reasons, or data cannot be received due to network blockage, the server delays for 20 seconds, exits the current connection, re-enters the state of monitoring the connection, and waits for the next client to continuously request authentication and communication.

Sending and receiving serial port data requirements: the user data 0x 00-0 x1f and 0x7f cannot be directly transmitted, and one conversion is needed, for example, 0x20 is uniformly added, the user data are converted into 0x 20-0 x3f and 0x9f, a prefix 0xff is added, and the transmission is repeated once if the data is 0 xff. After the data is received, if a certain byte is 0xff, the following byte is checked, and if the byte is also 0xff, the two 0xff are combined into one 0 xff. If the ranges of 0x 20-0 x3f and 0x9f are adopted, the prefix is removed, and the value of subtracting 0x20 from the next byte is obtained.

It will be evident to those skilled in the art that the invention is not limited to the details of the foregoing illustrative embodiments, and that the present invention may be embodied in other specific forms without departing from the spirit or essential attributes thereof. The present embodiments are therefore to be considered in all respects as illustrative and not restrictive, the scope of the invention being indicated by the appended claims rather than by the foregoing description, and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein. Any reference sign in a claim should not be construed as limiting the claim concerned.

Furthermore, it should be understood that although the present description refers to embodiments, not every embodiment may contain only a single embodiment, and such description is for clarity only, and those skilled in the art should integrate the description, and the embodiments may be combined as appropriate to form other embodiments understood by those skilled in the art.

Claims

1. A medical data safety interaction transmission module is characterized in that: the medical data secure interaction transmission module consists of a hardware part and a software part, wherein the hardware part consists of a processor, an RAM, an ROM, a network interface, a parallel port, a serial port, a secure authentication encryption and decryption chip and a random number generation chip, and a hardware support platform of the system is formed together; the processor, the RAM and the ROM form a basic system and a software running platform;

the software part of the medical data safety interaction transmission module consists of a Linux operating system which is configured and compiled with a protocol stack of IPv6, a development safety chip, a driving module, a driver of a universal bus, a transmission module, a network communication program, a safety certification encryption and decryption chip, a certification module and a control program module; software can be set to a TCP server side or a client side working mode, bidirectional authentication is carried out on a connected client or server, a session key is negotiated, and then data communication is carried out, and session key encryption communication is used;

the network interface consists of 802.3Ethernet MAC and Ethernet PHY, and specifically comprises a network chip, a network transformer and an RJ-45 interface socket, and forms a data link layer and a physical layer of the lowest two layers in a network model, wherein the layers in the network model are realized by an operating system and software.

2. The medical data secure interactive transmission module according to claim 1, characterized in that: the ARM processor interface selects 5V level and selects the model of a network chip to be 10M/100M to match with the ARM processor interface.

3. The medical data secure interactive transmission module according to claim 1, characterized in that: the software part can be set to a TCP server side or a client side working mode, carries out bidirectional authentication on a connected client or server, negotiates a session key, and then carries out data communication, wherein the communication is encrypted by using the session key.

4. The medical data secure interactive transmission module according to claim 1, characterized in that: the external MCU interface arranged at the client comprises an 8/32 bit parallel port mode and a serial port mode, the external MCU uses any one of the parallel port or the serial port connection to access and control the medical data security interaction transmission module through a driving program, and authentication encryption communication of the parallel port-network and the serial port-network is realized.

5. The medical data secure interactive transmission module according to claim 1, characterized in that: the parallel port mode is set as a TCP server, an external MCU inputs corresponding parameters from the parallel port and transmits the parameters into a dual-port RAM in an FPGA, and starting from an address 5, one address can use three bytes, and the parameters are as follows:

a parameter description;

netcs is a command;

the < port > is a port number for monitoring and ranges from 1025 to 65535;

< password > is a user private key password;

description of the parameters:

the < port > is a port number for monitoring and ranges from 1025 to 65535;

< dst IPv6> Server IPv6 address;

< dstuser ID > server user ID, range 1-65535;

< password > is a user private key password;

6. The medical data secure interactive transmission module according to claim 1, characterized in that: the serial port mode is set as a TCP server, and an external MCU inputs a command from the serial port: cs < port > < password > < overflow time > < Hardware/Sotfware > and carriage return

Description of the parameters:

netcs is a command;

the < port > is a port number for monitoring and ranges from 1025 to 65535;

< password > is a user private key password;

the parallel port mode is set as a TCP client, and an external MCU inputs a command from a serial port: cs < port > < dst IPv6> < dsttuser ID > < password > < overflow time > < Hardware/Software > and carriage return

Description of the parameters:

cs is a command;

the < port > is a port number for monitoring and ranges from 1025 to 65535;

< dst IPv6> Server IPv6 address;

< dstuser ID > server user ID, range 1-65535;

< password > is a user private key password;