CN111740954B - Elevator main controller and elevator board card communication encryption method - Google Patents

Elevator main controller and elevator board card communication encryption method Download PDF

Info

Publication number
CN111740954B
CN111740954B CN202010417149.5A CN202010417149A CN111740954B CN 111740954 B CN111740954 B CN 111740954B CN 202010417149 A CN202010417149 A CN 202010417149A CN 111740954 B CN111740954 B CN 111740954B
Authority
CN
China
Prior art keywords
data
secret key
elevator
board card
main controller
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010417149.5A
Other languages
Chinese (zh)
Other versions
CN111740954A (en
Inventor
夏清和
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Sword Electric Industrial Co ltd
Original Assignee
Beijing Sword Electric Industrial Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Sword Electric Industrial Co ltd filed Critical Beijing Sword Electric Industrial Co ltd
Priority to CN202010417149.5A priority Critical patent/CN111740954B/en
Publication of CN111740954A publication Critical patent/CN111740954A/en
Application granted granted Critical
Publication of CN111740954B publication Critical patent/CN111740954B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • BPERFORMING OPERATIONS; TRANSPORTING
    • B66HOISTING; LIFTING; HAULING
    • B66BELEVATORS; ESCALATORS OR MOVING WALKWAYS
    • B66B1/00Control systems of elevators in general
    • B66B1/34Details, e.g. call counting devices, data transmission from car to control system, devices giving information to the control system
    • B66B1/3415Control system configuration and the data transmission or communication within the control system
    • B66B1/3446Data transmission or communication within the control system
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04BTRANSMISSION
    • H04B3/00Line transmission systems
    • H04B3/60Systems for communication between relatively movable stations, e.g. for communication with lift

Landscapes

  • Engineering & Computer Science (AREA)
  • Automation & Control Theory (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Security & Cryptography (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Maintenance And Inspection Apparatuses For Elevators (AREA)
  • Elevator Control (AREA)

Abstract

The invention relates to the field of elevator data transmission, provides an elevator main controller and an elevator card communication encryption method, and aims to solve the problems that data exchange privacy is poor and data exchange safety is low between devices due to plaintext transmission in data communication between the main controller and a peripheral control panel. The method comprises the following steps: acquiring a plurality of first pre-stored data from a plurality of preset first storage units, and determining a first secret key according to a preset logic; acquiring second pre-stored data from a plurality of preset second storage units, and determining a second secret key according to a preset logic; acquiring a dynamic secret key generated by triggering a dynamic cipher rule, and generating a secret key string based on the first secret key, the second secret key and the dynamic secret key; and based on the secret key string, carrying out encryption operation on the data to be processed by using an encryption algorithm. The invention effectively protects the communication data between the master controller and the peripheral control panel from being cracked and broken through a plurality of layers of secret keys, thereby ensuring the safety of the communication data and the safety of the elevator.

Description

Elevator main controller and elevator board card communication encryption method
Technical Field
The invention relates to the field of data transmission of elevator control equipment, in particular to the field of data communication between an elevator main controller and an external control panel, and particularly relates to a communication encryption method for the elevator main controller and an elevator board card.
Background
When the elevator runs, a large amount of data exchange is carried out between the main controller of the elevator, the call board controller of the elevator and the car roof board controller. The safety of the elevator is closely related to the operation data, therefore, encrypted communication is needed when the elevator main controller exchanges data with the outer calling board controller, the inner calling board controller and the car roof board controller of the elevator, and the safety of communication data is ensured.
At present, CAN bus communication is mostly adopted for data transmission between a main controller of an elevator and an outbound board controller of each floor, and because transmission bytes are short, transparent transmission is often adopted for communication data of a control system, so that the privacy of data exchange is poor, and the safety of data exchange between devices cannot be guaranteed; and, some lawless persons can steal or change data, thus endangering the safety of the elevator and passengers; meanwhile, some bad pirate manufacturers can easily crack the communication protocol, so that the existing factory board cards are replaced, and the benefits of the regular manufacturers are damaged.
Therefore, a method for effectively protecting the safety of communication data between the elevator main controller and the hall call board controller and the car top box controller is needed.
Disclosure of Invention
The problems that in the prior art, due to the fact that transparent transmission is adopted for communication data among a main controller of an elevator, an outbound board controller and a car top box controller, privacy of data exchange is poor and safety of data exchange among devices is low are solved. The invention adopts the following technical scheme to solve the problems:
the application provides a communication encryption method for an elevator main controller and an elevator board card, which comprises the following steps: acquiring a plurality of first pre-stored data from a plurality of preset first storage units, and determining a first secret key according to a preset logic; acquiring second pre-stored data from a plurality of preset second storage units, and determining a second secret key according to a preset logic; acquiring a dynamic secret key generated by triggering a dynamic cipher rule, and generating a first secret key string based on the first secret key, the second secret key and the dynamic secret key combination; and based on the first secret key string, generating a second secret key string of fixed bytes by using an encryption compression algorithm, and carrying out encryption operation on the data to be processed.
In some examples, the step of obtaining a plurality of first pre-stored data from a plurality of preset first storage units and determining the first secret key according to a preset logic includes: respectively acquiring storage data from each preset first storage unit to serve as first pre-stored data of each first storage unit; extracting data from different word bits of the first pre-stored data to generate a first data string corresponding to the first pre-stored data; and determining the first data string as the first key stored in the first storage unit.
In some examples, the elevator master controller and elevator board card communication encryption method further includes determining whether the first secret key is normal, wherein the determining whether the first secret key is normal includes: comparing whether the first secret keys stored in the first storage units are consistent or not; if the first secret key is consistent with the second secret key, the first secret key is determined to be normal, otherwise, the first pre-stored data in each first storage unit is recovered based on the main controller coding information.
In some examples, the step of comparing whether the first keys stored in the first storage units are consistent includes: comparing the first secret keys, and counting the number of the first secret keys with the same data; judging whether the number of the first secret keys with the same data is larger than a first set threshold value; and if so, determining that the first keys stored in the first storage units are consistent.
In some examples, the step of restoring the first pre-stored data in each of the first storage units based on the encoding information of the main controller includes: acquiring key coding data of the master controller from the master controller manufacturer database based on the coding information of the master controller; the key-encoded data is stored in each of the first storage units as the first pre-stored data.
In some examples, the step of obtaining second pre-stored data from a plurality of preset second storage units and determining the second secret key according to a preset logic includes: respectively acquiring storage data from each preset second storage unit to serve as second pre-stored data of each second storage unit; extracting data from different word bits of the second pre-stored data to generate a second data string corresponding to the second pre-stored data; and determining the second data string as a second key stored in the second storage unit.
In some examples, the elevator master controller and elevator board card communication encryption method further includes determining whether the second secret key is normal, wherein the determining whether the second secret key is normal includes: counting the number of the second secret keys with the same data; judging whether the maximum number of the second secret keys with the same data is not less than a second set threshold value; if not, determining that the second secret key is normal
In some examples, the above elevator master controller and elevator floor card communication encryption method further comprises: and when the main controller and the elevator board card synchronously update the second secret key, calculating the second secret key string by using the second secret key before synchronous update, and encrypting data to be synchronized.
In some examples, the elevator master controller and elevator board card communication encryption method further includes the step of updating the dynamic key: extracting the update record of the dynamic secret key to determine the non-update time period of the dynamic secret key; after the non-updating time of the dynamic secret key reaches a set time period, randomly generating a group of dynamic data as a new dynamic secret key according to a set digit; and synchronizing the new dynamic secret key to the main controller and the elevator board card.
According to the elevator master controller and the elevator board card communication encryption method, the secret key for data encryption is set to be a multi-layer combination, each layer of secret key is data stored in a multipoint dispersion mode, the safety of the secret key is guaranteed, meanwhile, the secret key data stored in each layer in a dispersion mode need to be stored after being coded according to set logic, and the safety performance of each layer of secret key is enhanced. According to the communication encryption method for the elevator main controller and the elevator board card, the communication safety between the elevator main controller and the elevator board card can be guaranteed, and the technology and copyright of each manufacturer of an elevator control system are protected.
Drawings
Fig. 1 is a schematic diagram of an exemplary elevator control system architecture to which embodiments of the present application may be applied;
fig. 2 is a schematic flow diagram of one embodiment of an elevator master controller and elevator floor card communication encryption method according to the application;
fig. 3 is an exemplary diagram of a first key being dispersedly stored in a storage unit in an embodiment of the present application.
Detailed Description
Preferred embodiments of the present invention are described below with reference to the accompanying drawings. It should be understood by those skilled in the art that these embodiments are only for explaining the technical principle of the present invention, and are not intended to limit the scope of the present invention.
It should be noted that the embodiments and features of the embodiments in the present application may be combined with each other without conflict. The present application will be described in detail below with reference to the embodiments with reference to the attached drawings.
Fig. 1 shows a block diagram of an exemplary elevator control system to which embodiments of the present application may be applied.
As shown in fig. 1, the control system applied to the communication connection relationship between the elevator main controller and the peripheral control panel expressed by the above communication encryption method for the elevator main controller and the elevator board card comprises: a main controller 101, an outbound board 102, a ceiling board 103, and an inbound board 104. The main controller 101, the outbound board 102, the ceiling board 103, and the inbound board 104 exchange information with each other via a bus. The hall call board 102 is a control board installed on each floor, and is used to call an elevator on each floor. The inner call plate 104 and the car roof plate 103 are installed inside the elevator car, the inner call plate 104 controls the up-and-down movement and the stopping floor of the elevator in the elevator, and the car roof plate 103 controls the opening and closing of the elevator landing door and the car stopping position. It should be noted that, in this embodiment, the elevator board card includes: an outbound board 102, a ceiling board 103, and an inbound board 104. The outbound board 102, the car roof board 103 and the inbound board 104 are board controllers, the outbound board 102 is also referred to as an outbound board controller, the car roof board 103 is also referred to as a car roof board controller, and the inbound board 104 is also referred to as an inbound board controller.
The main controller 101, the outbound board 102, the car roof board 103, and the inbound board 104 need to encrypt communication data when exchanging information. Therefore, each control device (control board card) of the elevator has encryption and decryption functions. The main controller 101 and each elevator board card have a processor and a memory unit, respectively. The storage and processing of data, including the encryption and decryption functions of the data, and the drive control function are realized.
With continued reference to fig. 2, fig. 2 illustrates the flow of one embodiment of an elevator master controller and elevator card communication encryption method according to the present application. The communication encryption method for the elevator main controller and the elevator board card comprises the following steps:
step 201, obtaining a plurality of first pre-stored data from a plurality of preset first storage units, and determining a first secret key according to a preset logic.
In the embodiment, the method is applied to the control system of the elevator main controller and the elevator board card communication encryption method, and the device for implementing the method can be any control device in the control system. For example, the main controller 101 performs information interaction with the outbound board 102, and the devices implementing the method are the main controller 101 and the outbound board 102; the main controller 101 and the car roof 103 perform information interaction, and the devices for implementing the method are the main controller 101 and the car roof 103. For convenience of description, the present embodiment exemplifies that the apparatus implementing the method is the main controller 101.
The main controller 101 obtains first pre-stored data from a plurality of preset first storage units. Referring to fig. 3, fig. 3 shows a schematic diagram of data storage with respect to a first key. A plurality of distributed first storage units are preset in the storage unit of the main controller, wherein the initial address of the first storage unit 1 is xxxx #; a first memory cell 2 having a start address of yyyy #; … A first storage location N, having a starting address of zzzz #, each storage location having stored therein data generated by the factory database. The main controller 101 obtains the stored data from the first storage unit 1 to the first storage unit N, respectively, and the data in each storage unit is used as the first pre-stored data of the storage unit. It should be noted that, in the elevator board card communicating with the above-mentioned main controller, a plurality of first storage units are also provided to store the same first pre-stored data, so as to ensure that the first secret keys of the main controller and the elevator board card are consistent.
The main controller 101 determines a first secret key according to a predetermined logic based on the first pre-stored data. Specifically, the main controller 101 processes the first storage data of each storage unit according to a preset logic, and obtains a first secret key stored in each storage unit. For example, and/or operation may be performed on the first pre-stored data and preset data, and the obtained data may be used as the first key.
Further, the step of "obtaining first pre-stored data from a plurality of preset first storage units, and determining a first secret key according to a preset logic" includes: respectively acquiring data stored in each preset first storage unit as first pre-stored data of each first storage unit; extracting data from different word bits of the first pre-stored data to generate a first data string corresponding to the first pre-stored data; and determining the first data string as the first key stored in the first storage unit.
In some specific implementations, the first pre-stored data in the first pre-set unit are first arranged according to a memory unit address sequence; then, data is extracted from the arranged data according to a preset logic, and a first data string is generated. The preset logic may extract data from a set position of the first pre-stored data arranged in an address order to generate a first data string. For example, in the first memory cell 1 with the start address xxxx #, the first pre-stored data obtained in the address order of the stored data is 010100110101110101111000110010010111000101100011, the data 1101 is obtained by taking the numbers of bits 2, 4, 5, and 7 in the first byte according to a preset logic, the data 0001 is obtained by taking the numbers of bits 1, 3, 7, and 8 in the second byte, the data 1100 is obtained by taking the numbers of bits 3, 5, 6, and 8 in the third byte, the data 1000 is obtained by taking the numbers of bits 1, 3, 4, and 6 in the fourth byte, the data 1101 is obtained by taking the numbers of bits 2, 3, 7, and 8 in the fifth byte, and the data 0101 is obtained by taking the numbers of bits 1, 2, 5, and 8 in the sixth byte. Data (1101, 0001, 1100, 1000, 1101, and 0101) is obtained based on the number of the bytes, and a first data string 110100011100100011010101 stored in association with the first memory cell 1 having the start address xxxx # is generated. The first data string 110100011100100011010101 is determined to be the first key stored in the first memory cell 1 with the start address xxxx #. In the same way, the first keys stored in the first memory location 2 with the starting address of yyyy # to the first memory location N with the starting address of zzzz # can be determined respectively.
In some optional implementation manners, the above-mentioned elevator master controller and elevator board card communication encryption method further includes determining whether the first secret key is normal, where the step of determining whether the first secret key is normal includes: comparing whether the first secret keys stored in the first storage units are consistent; and if the first secret key is consistent with the second secret key, determining that the first secret key is normal, otherwise, recovering the first pre-stored data in each first storage unit based on the coded information of the elevator board card.
As an example, the first secret key M1 is extracted from the first pre-stored data stored in the first storage unit 1 with the starting address xxxx #, the first secret keys M2, … are extracted from the first pre-stored data stored in the first storage unit 2 with the starting address yyyy #, the first secret key Mn is extracted from the first pre-stored data stored in the first storage unit n with the starting address zzzz #, and the comparison result is compared to determine whether the first secret keys M1, M2, …, Mn are consistent, and if consistent, the first secret keys are normal and safe. Otherwise, the first secret key is abnormal, and the data transmission is unsafe. And the main controller and the elevator board cards synchronously restore the data which are set when the elevator board cards leave the factory and are dispersedly stored in the first storage units.
Further, in some optional implementations, the step of comparing whether the first secret keys stored in the first storage units are consistent includes: comparing the first secret keys, and counting the number of the first secret keys with the same data; judging whether the number of the first secret keys with the same data is larger than a first set threshold value; and if so, determining that the first secret keys stored in the first storage units are consistent. Specifically, the first keys M1, M2, … are compared to determine whether the first keys Mn are the same, and if the number of the first keys is greater than a predetermined threshold, the first keys are confirmed to be identical. For example, if n is set to 10 and the first threshold is set to 6, if the data of 6 or more first keys in the first keys M1, M2, … are the same, it is determined that the first keys stored in the first storage units match.
In some specific implementations, it may also be determined whether the stored data of each of the first storage units are consistent by directly comparing whether the stored data of the first storage units are consistent, counting the number of the first storage units with the same stored data, and if the number of the first storage units with the same stored data is greater than a first set threshold, determining that the first secret keys stored in the first storage units are consistent.
In some optional implementation manners of this embodiment, the step of "recovering the first pre-stored data in each of the first storage units based on the encoded information of the elevator board" includes: acquiring secret key coded data of the elevator board card from the elevator board card manufacturer database based on the coded information of the elevator board card; the key-encoded data is stored as first pre-stored data in each of the first storage units.
It should be noted that the elevator board manufacturer database stores key data corresponding to the device code information in advance. When the data stored in each first storage unit is updated, the main controller accesses the database of the elevator board manufacturer, acquires the secret key coded data of the elevator board according to the pre-stored coded information of the elevator board, and stores the acquired secret key coded data as the first pre-stored data into each first storage unit. Meanwhile, the master controller synchronizes the key coding data to each first storage unit of the elevator board card to replace original data.
Step 202, obtaining second pre-stored data from a plurality of preset second storage units, and determining a second secret key according to a preset logic.
In this embodiment, the main controller 101 obtains the second pre-stored data from a plurality of preset second storage units. A plurality of distributed memory cells, a second memory cell 1, whose start address is uuu #, are preset in the memory cells of the main controller 101; a second memory cell 2 having a start address vvvvv #; … the start address of the second storage unit N is wwwwwww #, and each storage unit stores data set by the user through pre-installed apps or software and hardware devices such as keyboard and display screen. The main controller 101 obtains the stored data from the second storage units 1 to N, respectively, and the data in each second storage unit is used as the second pre-stored data of the storage unit.
The main controller 101 determines a second secret key according to a predetermined logic based on the second pre-stored data. Specifically, the main controller 101 processes the second pre-stored data of each storage unit according to a preset logic, so as to obtain the second secret key stored in each storage unit. For example, the second storage data and the preset data may be subjected to and operation, and the obtained data may be used as the second key.
In some optional implementations of this embodiment, the step of "obtaining second pre-stored data from a plurality of preset second storage units, and determining the second secret key according to a preset logic" includes: respectively acquiring storage data from preset second storage units to serve as second pre-storage data of the second storage units; extracting data from different word bits of the second pre-stored data to generate a second data string corresponding to the second pre-stored data; and determining the second data string as a second key stored in the second storage unit. For example, at least one bit of data is extracted from each of the predetermined byte address bits of the second pre-stored data to generate a second data string, and the second data string is determined as the second key stored in the second storage unit. For example, in the second memory unit 1 with the start address uuu #, the second pre-stored data stored therein is 010100110101110101111000, and the preset address bits are: 1 st, 4 th, 9 th, 12 th, 13 th, 16 th, 19 th, 22 th and 23 th bits, extracting one bit of data at each address, and generating a second data string; thus, the extracted data is: 010111100, the generated second data string is 01011100. Therefore, the second key stored in the second storage unit 1 with the start address uuu # is 01011100.
In some optional implementations of this embodiment, the elevator master controller and elevator board card communication encryption method further includes determining whether the second secret key is normal, where the step of determining whether the second secret key is normal includes: counting the number of the second secret keys with the same data; judging whether the maximum number of the second secret keys with the same data is not less than a second set threshold value; if not, the second secret key is determined to be normal. For example, the second secret key P1 is extracted from the second pre-stored data stored in the second memory unit 1 with the start address uuu #, the second secret keys P2, … are extracted from the second pre-stored data stored in the second memory unit 2 with the start address vvvvvvv #, and the second secret key Pm is extracted from the second pre-stored data stored in the second memory unit m with the start address wwwww #. Comparing the second secret keys P1, P2, … and Pm with each other, and if the number of the second secret keys P1, P2, P … is not less than a predetermined threshold, confirming that the second secret keys are identical. For example, m is set to 5, the second threshold is set to 3, and if 3 or more second keys of the second keys P1, P2, … and P5 are the same, it is determined that the second keys stored in the second storage units are identical.
It should be noted that, if it is determined that the second keys stored in the second storage units are not consistent, the main controller may send an alarm message to the designated device, and store the data stored in the second storage unit of the designated start address as second pre-stored data in the second storage units, and synchronize the second pre-stored data with the elevator boards.
Step 203, obtaining a dynamic key generated by triggering a dynamic cryptographic rule, and generating a first secret key string based on a combination of the first secret key, the second secret key, and the dynamic key.
In this embodiment, the master controller obtains the dynamic key. The dynamic key may be a dynamic factor D1, which is generated randomly by the host controller using an internal dynamic factor random generator. The dynamic factor D1 may be the internal timing time of the main controller or the internal recording operation times; the change of the dynamic factor D1 may be defined in advance, such as once every 10 minutes, to ensure the security of the dynamic key. It will be appreciated that the dynamic factor D1 is updated synchronously between the master controller and the elevator boards.
The first secret key and the second secret key are combined to form a private key, wherein the first secret key is a manufacturer private key, and the second secret key is a user private key. The factory private key can be a character string with the length of 256 bytes, and is solidified in a plurality of storage addresses of an internal storage unit of the controller for scattered storage when the factory private key leaves a factory. The private key of the user is freely set by a terminal user, the length of the private key can be 6 bytes, and the private key can be set in modes of app, a keyboard, a touch screen, a control panel and the like.
In some optional implementations of this embodiment, the elevator master controller and the elevator board card communication encryption method further include the step of updating the dynamic key: extracting the update record of the dynamic secret key, and determining the non-update time period of the dynamic secret key; after the non-updating time of the dynamic secret key reaches a set time period, randomly generating a group of dynamic data as a new dynamic secret key according to a set digit; synchronizing the new dynamic key to the master controller and the elevator boarding card.
In order to ensure the security of the dynamic key, the dynamic key needs to be updated once after a certain time or a certain number of running times, so as to prevent the dynamic key from being decrypted. According to the time or times set by the timing or counter in the main controller, the main controller alternates the dynamic factor generation method for one time in the time period of the set interval, and synchronizes the data string represented by the new dynamic factor generation method to each elevator board card. After receiving the synchronous data, the elevator board card is decrypted to obtain a new dynamic factor generation method, so that the synchronization of data dynamic encryption between the main controller of the elevator and the elevator board card is completed. The change of the dynamic factor may be predetermined, for example, the dynamic factor is changed once every 10 minutes to ensure the security of the dynamic key.
Step 204, based on the first secret key string, generating a second secret key string of fixed bytes by using an encryption compression algorithm, and performing encryption operation on the data to be processed.
In this embodiment, the main controller performs an encryption and compression algorithm operation on the first key string by using an encryption and compression algorithm based on the first key string generated in step 203 to obtain a second key string, and performs an encryption operation on the data to be processed. In the step 203, the private key and the dynamic factor D1 are combined into a first key string K1, and the key string K1 is encrypted and compressed to generate a second key string K2. The above mentioned encryption compression may be done by an encryption compression algorithm module RAR. The data to be processed comprises data to be transmitted and data to be received. The encrypting operation of the data to be processed by using the encryption algorithm comprises encrypting operation of the data to be transmitted and decrypting operation of the data to be received.
Specifically, if the main controller confirms the data to be transmitted S1, first, the data encryption module crypt of the elevator control system encrypts the data S1 represented in plain text using the second secret key string K2 to form a data string S2 represented in plain text; the data string S2 is then sent to the elevator card with which it is in communication. If the master controller confirms the data R1 to be received, firstly, a data decryption module ENCRYP of the dynamic control system decrypts the received data string R1 into a data string R2 represented by a plaintext by using a key string K2, then, judges whether the protocol of the data string R2 is legal or not, processes the data string 2 if the protocol is legal, otherwise, discards the data string R2.
In this embodiment, when the master controller and the elevator board synchronously update the second secret key, the second secret key string is calculated using the second secret key before the synchronous update, and data to be communicated is encrypted. Specifically, when the main controller updates and sets the second key, the controller calculates the first secret key string and the second secret key string according to the second key before updating and changing, converts the updated and changed second secret key into corresponding data through a specific protocol frame format, encrypts the data through the second secret key string, and sends the encrypted data to the elevator board. After the elevator board card receives the data, the received data is decrypted based on the second secret key string to obtain data serving as second pre-stored data, and the second pre-stored data is used for replacing original data in each second storage unit of the elevator board card, so that the second secret key is updated on the elevator board card. And after the elevator board card successfully receives the second secret key updating data, the main controller automatically switches the current latest second secret key to be used as the current second secret key.
In some specific implementations of this embodiment, the user may further freely set a user key through the operation panel of the main controller, and the setting step is:
a. the elevator state is placed in a specific required state (such as maintenance);
b. debugging a management platform (such as a mobile phone APP and a PC terminal) by logging in a controller manufacturer, and verifying a user name and a password;
c. after the verification is passed, the ID information of the elevator is input into the platform, and the platform can automatically generate a group of verification codes;
d. after the user inputs the verification code on the elevator controller, the password can be set after the controller passes the verification;
e. after the password is set, the main controller sends corresponding data to place the elevator board card (such as an outbound board) to be set in a specific state; at the moment, the elevator board card (outbound board) can be stored again when receiving new private key data of the user;
d. and the elevator system is powered off and on again, and at the moment, the whole system carries out data encryption transmission according to the user secret key set by the client.
In the embodiment of the application, a secret key of communication between a main controller of an elevator and an elevator board card is a four-layer secret key, the first-layer secret key is a manufacturer secret key, a first secret key is generated through data set by the manufacturer when the manufacturer leaves a factory, the second-layer secret key is a user secret key, a second secret key is generated through data set by a panel of equipment, a display or an application program APP and the like, the third-layer secret key is a dynamic secret key, the main controller dynamically generates a random code, the fourth-layer secret key is a first secret key string generated by combining the first secret key, the second secret key and the dynamic secret key, the first secret key string is operated based on an encryption compression algorithm to obtain the second secret key string, and the second secret key string is used for encrypting or decrypting data to be sent or received. The application has the following beneficial effects:
the manufacturer data and the user data are respectively stored in different storage units in a scattered manner, so that the manufacturer data and the user data are not easily lost, and the safety of the manufacturer data and the user data is ensured;
the manufacturer data and the user data stored in each storage unit are stored according to a preset mode, so that secret keys contained in the manufacturer data and the user data cannot be easily analyzed, and the safety of the secret keys is ensured;
the dynamic factor generated by the dynamic key generation mode is updated at regular time, so that the dynamic key is ensured not to be easily analyzed, and the safety of the dynamic key is ensured.
So far, the technical solutions of the present invention have been described in connection with the preferred embodiments shown in the accompanying drawings, but it is apparent that the scope of the present invention is not limited to these specific embodiments, as will be readily understood by those skilled in the art. Equivalent changes or substitutions of related technical features can be made by those skilled in the art without departing from the principle of the invention, and the technical scheme after the changes or substitutions can fall into the protection scope of the invention.

Claims (11)

1. The communication encryption method for the elevator main controller and the elevator board card is characterized by comprising the following steps:
acquiring a plurality of first pre-stored data from a plurality of preset first storage units, and determining a first secret key according to a preset logic;
acquiring second pre-stored data from a plurality of preset second storage units, and determining a second secret key according to a preset logic;
acquiring a dynamic secret key generated by triggering a dynamic cipher rule, and generating a first secret key string based on a combination of the first secret key, the second secret key and the dynamic secret key;
and based on the first secret key string, generating a second secret key string of fixed bytes by using an encryption compression algorithm, and carrying out encryption operation on the data to be processed.
2. The elevator master controller and elevator board card communication encryption method according to claim 1, wherein the step of obtaining a plurality of first pre-stored data from a predetermined plurality of first storage cells and determining the first secret key according to a predetermined logic comprises:
respectively acquiring storage data from each preset first storage unit to serve as first pre-storage data of each first storage unit;
extracting data from different word bits of the first pre-stored data to generate a first data string corresponding to the first pre-stored data;
and determining the first data string as a first key stored in the first storage unit.
3. The elevator main controller and elevator board card communication encryption method according to claim 2, wherein the elevator main controller and elevator board card communication encryption method further comprises determining whether the first secret key is normal, wherein the step of determining whether the first secret key is normal comprises:
comparing whether the first secret keys stored in the first storage units are consistent or not;
and if the first secret key is consistent with the second secret key, determining that the first secret key is normal, otherwise, recovering the first pre-stored data in each first storage unit based on the coding information of the elevator board card.
4. The elevator master controller and elevator board card communication encryption method according to claim 3, wherein said step of comparing whether the first secret keys stored in the respective first storage units are identical includes:
comparing the first secret keys, and counting the number of the first secret keys with the same data;
judging whether the number of the first secret keys with the same data is larger than a first set threshold value or not;
and if so, determining that the first secret keys stored in the first storage units are consistent.
5. The elevator main controller and elevator board card communication encryption method according to claim 3, wherein said step of recovering the first pre-stored data in each of said first storage units based on the encoded information of the elevator board card comprises:
acquiring secret key coding data of the elevator board card from an elevator board card manufacturer database based on the coding information of the elevator board card;
storing the key coded data into each first storage unit as first pre-stored data respectively;
and synchronously updating the key coding data to the elevator board card to ensure that the main controller and the elevator board card store the same first key.
6. The elevator master controller and elevator board card communication encryption method according to claim 1, wherein the step of obtaining second pre-stored data from a predetermined plurality of second storage cells and determining a second secret key according to a predetermined logic comprises:
respectively acquiring storage data from each preset second storage unit to serve as second pre-storage data of each second storage unit;
extracting data from different word bits of the second pre-stored data to generate a second data string corresponding to the second pre-stored data;
and determining the second data string as a second key stored in the second storage unit.
7. The elevator main controller and elevator board card communication encryption method according to claim 6, wherein the elevator main controller and elevator board card communication encryption method further comprises determining whether the second secret key is normal, wherein the step of determining whether the second secret key is normal comprises:
counting the number of each second secret key with the same data;
judging whether the maximum number of the second secret keys with the same data is not less than a second set threshold value;
if not, the second secret key is determined to be normal.
8. The elevator main controller and elevator board card communication encryption method according to claim 7, wherein the elevator main controller and elevator board card communication encryption method further comprises: and when the main controller and the elevator board card synchronously update the second secret key, calculating the second secret key string according to the second secret key before synchronous update, and encrypting and transmitting data to be synchronized.
9. The elevator master controller and elevator board card communication encryption method according to claim 1, characterized in that the elevator master controller and elevator board card communication encryption method further comprises the step of updating the dynamic key:
extracting the non-updated time period of the dynamic secret key from the update record of the dynamic secret key;
after the non-updating time of the dynamic secret key reaches a set time period, randomly generating a group of dynamic data as a new dynamic secret key according to a set digit;
and synchronizing the new dynamic secret key to the main controller and the elevator board card.
10. The elevator main controller and elevator board card communication encryption method according to claim 1, wherein the data to be processed is data to be transmitted, and the step of generating a second secret key string of fixed bytes by using an encryption compression algorithm based on the first secret key string and performing encryption operation on the data to be processed further comprises:
and encrypting data to be sent represented by a plaintext into ciphertext data by using the second secret key string, and transmitting the ciphertext data between the main controller and the elevator board card.
11. The elevator master controller and elevator card communication encryption method according to claim 1, wherein the data to be processed is data to be received, and the step of generating a second secret key string of fixed bytes by using an encryption compression algorithm based on the first secret key string and performing encryption operation on the data to be processed further comprises:
decrypting the data to be received in ciphertext representation into the data to be received in plaintext representation using the second secret key string;
and filtering the data to be received represented by the plaintext according to a pre-agreed protocol frame format to be legal and then confirming effective received data.
CN202010417149.5A 2020-05-18 2020-05-18 Elevator main controller and elevator board card communication encryption method Active CN111740954B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010417149.5A CN111740954B (en) 2020-05-18 2020-05-18 Elevator main controller and elevator board card communication encryption method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010417149.5A CN111740954B (en) 2020-05-18 2020-05-18 Elevator main controller and elevator board card communication encryption method

Publications (2)

Publication Number Publication Date
CN111740954A CN111740954A (en) 2020-10-02
CN111740954B true CN111740954B (en) 2021-05-11

Family

ID=72647404

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010417149.5A Active CN111740954B (en) 2020-05-18 2020-05-18 Elevator main controller and elevator board card communication encryption method

Country Status (1)

Country Link
CN (1) CN111740954B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112723072A (en) * 2020-12-28 2021-04-30 上海贝思特电气有限公司 Elevator control method and device, electronic equipment and storage medium

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108282330A (en) * 2017-12-29 2018-07-13 平安科技(深圳)有限公司 Key preserves and acquisition device, method and computer readable storage medium
CN108965309A (en) * 2018-07-27 2018-12-07 腾讯科技(深圳)有限公司 A kind of data transmission processing method, device, system and equipment
CN109510703A (en) * 2018-11-23 2019-03-22 北京海泰方圆科技股份有限公司 A kind of data encryption/decryption method and device
CN109617686A (en) * 2019-01-10 2019-04-12 江苏理工学院 A kind of improved Key Exchange Protocol algorithm based on lattice
CN110808966A (en) * 2019-10-23 2020-02-18 天津华来科技有限公司 Identity information generation method and device and storage medium
CN111083681A (en) * 2019-11-20 2020-04-28 广州小鹏汽车科技有限公司 Near field communication data encryption method, terminal device and vehicle

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP5395372B2 (en) * 2008-06-19 2014-01-22 株式会社東芝 Communication device, key server and data
AU2017283544A1 (en) * 2016-06-13 2018-11-01 FHOOSH, Inc. Systems and methods for secure storage of user information in a user profile
CN109889327B (en) * 2017-12-06 2021-04-23 北京邮电大学 Shared key generation method and device
CN110247879B (en) * 2018-03-09 2021-10-01 日立楼宇技术(广州)有限公司 Generation method and generation system of elevator calling authentication code, and elevator calling authentication method and system
CN108600268B (en) * 2018-05-09 2020-09-22 聚龙股份有限公司 Encryption and decryption method applied to non-credit authentication and non-credit authentication system

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108282330A (en) * 2017-12-29 2018-07-13 平安科技(深圳)有限公司 Key preserves and acquisition device, method and computer readable storage medium
CN108965309A (en) * 2018-07-27 2018-12-07 腾讯科技(深圳)有限公司 A kind of data transmission processing method, device, system and equipment
CN109510703A (en) * 2018-11-23 2019-03-22 北京海泰方圆科技股份有限公司 A kind of data encryption/decryption method and device
CN109617686A (en) * 2019-01-10 2019-04-12 江苏理工学院 A kind of improved Key Exchange Protocol algorithm based on lattice
CN110808966A (en) * 2019-10-23 2020-02-18 天津华来科技有限公司 Identity information generation method and device and storage medium
CN111083681A (en) * 2019-11-20 2020-04-28 广州小鹏汽车科技有限公司 Near field communication data encryption method, terminal device and vehicle

Also Published As

Publication number Publication date
CN111740954A (en) 2020-10-02

Similar Documents

Publication Publication Date Title
CN107453862B (en) Scheme for generating, storing and using private key
US11335144B2 (en) Method for unlocking intelligent lock, mobile terminal, intelligent lock and server
CN108830983B (en) Access control system based on block chain and working method thereof
CN108667791B (en) Identity authentication method
CN111159684B (en) Safety protection system and method based on browser
CN110035058B (en) Resource request method, device and storage medium
CN103888292A (en) Tool and method for operation and maintenance of distribution terminal
CN104506500A (en) GOOSE message authentication method based on transformer substation
CN107368737A (en) A kind of processing method for preventing copy-attack, server and client
CN111740954B (en) Elevator main controller and elevator board card communication encryption method
CN111444496A (en) Application control method, device, equipment and storage medium
CN109951294B (en) Information updating management method in electronic label system and related equipment
CN113794563B (en) Communication network security control method and system
CN112865965B (en) Train service data processing method and system based on quantum key
CN113162928B (en) Communication method, communication device, ECU, vehicle and storage medium
CN110838910B (en) Subway comprehensive monitoring system based on SM3 and SM4 communication encryption
CN116033418A (en) Wireless communication encryption method and system applied to fire-fighting Internet of things
CN112202549B (en) Charging management method, charging terminal data processing method and charging management platform data processing method
CN105827403A (en) Security method, security gate and server
CN107920097B (en) Unlocking method and device
KR20190115489A (en) IOT equipment certification system utilizing security technology
CN107171784B (en) Emergency command scheduling method and system for emergency environment events
CN110738760A (en) Unlocking method and system for intelligent keys
CN110853186A (en) Bluetooth access control system and unlocking method thereof
CN115276991B (en) Secure chip dynamic key generation method, secure chip device, equipment and medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant