CN112073193B - Information safety processing method, device and system and engineering vehicle - Google Patents

Information safety processing method, device and system and engineering vehicle Download PDF

Info

Publication number
CN112073193B
CN112073193B CN202010928331.7A CN202010928331A CN112073193B CN 112073193 B CN112073193 B CN 112073193B CN 202010928331 A CN202010928331 A CN 202010928331A CN 112073193 B CN112073193 B CN 112073193B
Authority
CN
China
Prior art keywords
key
encrypted
monitoring server
information
message
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010928331.7A
Other languages
Chinese (zh)
Other versions
CN112073193A (en
Inventor
赵斌
吴长龙
周长成
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Jiangsu XCMG Construction Machinery Institute Co Ltd
Original Assignee
Jiangsu XCMG Construction Machinery Institute Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Jiangsu XCMG Construction Machinery Institute Co Ltd filed Critical Jiangsu XCMG Construction Machinery Institute Co Ltd
Priority to CN202010928331.7A priority Critical patent/CN112073193B/en
Publication of CN112073193A publication Critical patent/CN112073193A/en
Application granted granted Critical
Publication of CN112073193B publication Critical patent/CN112073193B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0822Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0631Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/085Secret sharing or secret splitting, e.g. threshold schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Algebra (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Analysis (AREA)
  • Mathematical Optimization (AREA)
  • Mathematical Physics (AREA)
  • Pure & Applied Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Traffic Control Systems (AREA)

Abstract

The disclosure provides an information safety processing method, device and system and an engineering vehicle. The information security processing device acquires a public key from the monitoring server; generating a shared key by using a user identifier and a vehicle identifier of a current login user; encrypting the shared key with the public key to generate an encrypted key; sending the encryption key to a monitoring server so that the monitoring server decrypts the encryption key by using a private key corresponding to the public key to obtain a shared key; after receiving the encryption instruction information sent by the monitoring server, decrypting the encryption instruction information by using the shared secret key to obtain a control instruction; and executing corresponding operation according to the control instruction. The method and the system can effectively ensure the data safety between the engineering vehicle and the monitoring server.

Description

Information safety processing method, device and system and engineering vehicle
Technical Field
The disclosure relates to the field of secure transmission, and in particular to an information security processing method, device and system, and an engineering vehicle.
Background
In a production scene such as a mine, in order to realize unmanned work, it is necessary to transmit relevant data on an unmanned vehicle to a monitoring server to realize safety monitoring. Data transmitted in a plaintext mode can be easily intercepted and tampered, so that safety accidents of the unmanned vehicle occur, and personnel and property losses are caused.
Disclosure of Invention
The inventors have noted that, in the related art, in order to secure information, production data and a video stream are written into a black box. However, this solution cannot be effectively applied to unmanned transportation control in a production scene such as a surface mine, and cannot ensure data security between the unmanned vehicle and the monitoring server.
Accordingly, the present disclosure provides an information security processing scheme to effectively ensure data security between an unmanned vehicle and a monitoring server.
According to a first aspect of the embodiments of the present disclosure, there is provided an information security processing method, including: acquiring a public key from a monitoring server; generating a shared key by using a user identifier and a vehicle identifier of a current login user; encrypting the shared secret key by using the public key to generate an encryption secret key; sending the encryption key to the monitoring server so that the monitoring server decrypts the encryption key by using a private key corresponding to the public key to obtain the shared key; after receiving the encrypted instruction information sent by the monitoring server, decrypting the encrypted instruction information by using the shared key to obtain a control instruction; and executing corresponding operation according to the control instruction.
In some embodiments, after performing a corresponding operation according to the control instruction, feedback information associated with the operation is encrypted using the shared key to generate encrypted feedback information; and sending the encrypted feedback information to the monitoring server so that the monitoring server can decrypt the encrypted feedback information by using the shared key to obtain the feedback information.
In some embodiments, after the user logs out, sending a user logout indication to the monitoring server so that the monitoring server destroys the shared key associated with the user.
In some embodiments, the state data of the vehicle is collected in a preset period to generate a state data message; encrypting the state data message by using a preset encryption algorithm to generate an encrypted message; and broadcasting the encrypted message so that the information security processing device in other vehicles decrypts the encrypted message by using a preset decryption algorithm to obtain a corresponding state data message.
In some embodiments, after receiving the encrypted message sent by the information security processing device in another vehicle, the encrypted message is decrypted by using a preset decryption algorithm to obtain a corresponding state data message.
In some embodiments, the preset encryption algorithm is a BASE64 encryption algorithm; the preset decryption algorithm is a BASE64 decryption algorithm.
According to a second aspect of the embodiments of the present disclosure, there is provided an information security processing apparatus including: a public key obtaining module configured to obtain a public key from the monitoring server; the shared key generation module is configured to generate a shared key by using the user identification and the vehicle identification of the current login user; an encryption key processing module configured to encrypt the shared key by using the public key to generate an encryption key, and send the encryption key to the monitoring server, so that the monitoring server decrypts the encryption key by using a private key corresponding to the public key to obtain the shared key; and the instruction processing module is configured to decrypt the encrypted instruction information by using the shared key after receiving the encrypted instruction information sent by the monitoring server so as to obtain a control instruction, and execute corresponding operation according to the control instruction.
In some embodiments, the above apparatus further comprises: and the feedback information processing module is configured to encrypt feedback information associated with the operation by using the shared key after executing a corresponding operation according to the control instruction to generate encrypted feedback information, and send the encrypted feedback information to the monitoring server so that the monitoring server decrypts the encrypted feedback information by using the shared key to obtain the feedback information.
In some embodiments, the above apparatus further comprises: and the quitting processing module is configured to send a user quitting instruction to the monitoring server after the user logs out, so that the monitoring server destroys the shared key associated with the user.
In some embodiments, the above apparatus further comprises: the message processing module is configured to collect state data of the vehicle in a preset period to generate a state data message, encrypt the state data message by using a preset encryption algorithm to generate an encrypted message, and broadcast the encrypted message, so that the information security processing device in other vehicles decrypts the encrypted message by using a preset decryption algorithm to obtain a corresponding state data message.
In some embodiments, the message processing module is further configured to decrypt the encrypted message by using a preset decryption algorithm after receiving the encrypted message sent by the information security processing device in the other vehicle, so as to obtain a corresponding state data message.
In some embodiments, the preset encryption algorithm is a BASE64 encryption algorithm; the preset decryption algorithm is a BASE64 decryption algorithm.
According to a third aspect of the embodiments of the present disclosure, there is provided an information security processing apparatus including: a memory configured to store instructions; a processor coupled to the memory, the processor configured to perform a method implementing any of the embodiments described above based on instructions stored by the memory.
According to a fourth aspect of the embodiments of the present disclosure, there is provided an engineering vehicle including the information safety processing apparatus according to any one of the embodiments.
According to a fifth aspect of the embodiments of the present disclosure, there is provided an information security processing system including: the engineering vehicle according to any one of the embodiments; the monitoring server is configured to provide a public key for the engineering vehicle, decrypt the encrypted key by using a private key corresponding to the public key after receiving the encrypted key sent by the engineering vehicle to obtain the shared key, encrypt a control command by using the shared key to generate encrypted command information, and send the encrypted command information to the engineering vehicle.
In some embodiments, the monitoring server is further configured to decrypt the encrypted feedback information by using the shared key after receiving the encrypted feedback information sent by the engineering vehicle to obtain the feedback information.
In some embodiments, the monitoring server is further configured to destroy the shared key associated with the user upon receiving a user exit indication sent by the engineering vehicle.
According to a sixth aspect of the embodiments of the present disclosure, a computer-readable storage medium is provided, in which computer instructions are stored, and when executed by a processor, the computer-readable storage medium implements the method according to any of the embodiments described above.
Other features of the present disclosure and advantages thereof will become apparent from the following detailed description of exemplary embodiments thereof, which proceeds with reference to the accompanying drawings.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments of the disclosure and together with the description, serve to explain the principles of the disclosure.
The present disclosure may be more clearly understood from the following detailed description, taken with reference to the accompanying drawings, in which:
FIG. 1 is a schematic flow diagram of a method for secure processing of information, according to one embodiment of the present disclosure;
FIG. 2 is a schematic flow chart diagram of a method for secure processing of information, according to another embodiment of the present disclosure;
FIG. 3 is a schematic structural diagram of an information security processing apparatus according to an embodiment of the present disclosure;
FIG. 4 is a schematic structural diagram of an information security processing apparatus according to another embodiment of the present disclosure;
FIG. 5 is a schematic structural diagram of an information security processing device according to yet another embodiment of the present disclosure;
FIG. 6 is a schematic structural diagram of a work vehicle according to one embodiment of the present disclosure;
FIG. 7 is a schematic block diagram of an information security processing system according to one embodiment of the present disclosure;
FIG. 8 is a schematic diagram of an information security process flow according to one embodiment of the present disclosure;
fig. 9 is a schematic diagram of an information security process flow according to another embodiment of the present disclosure.
It should be understood that the dimensions of the various parts shown in the figures are not drawn to scale. Further, the same or similar reference numerals denote the same or similar components.
Detailed Description
Various exemplary embodiments of the present disclosure will now be described in detail with reference to the accompanying drawings. The description of the exemplary embodiments is merely illustrative and is in no way intended to limit the disclosure, its application, or uses. The present disclosure may be embodied in many different forms and is not limited to the embodiments described herein. These embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art. It should be noted that: the relative arrangement of parts and steps, the composition of materials and values set forth in these embodiments are to be construed as illustrative only and not as limiting unless otherwise specifically stated.
The use of the word "comprising" or "comprises" and the like in this disclosure means that the elements listed before the word encompass the elements listed after the word and do not exclude the possibility that other elements may also be encompassed.
All terms (including technical or scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this disclosure belongs unless specifically defined otherwise. It will be further understood that terms, such as those defined in commonly used dictionaries, should be interpreted as having a meaning that is consistent with their meaning in the context of the relevant art and will not be interpreted in an idealized or overly formal sense unless expressly so defined herein.
Techniques, methods, and apparatus known to those of ordinary skill in the relevant art may not be discussed in detail but are intended to be part of the specification where appropriate.
Fig. 1 is a schematic flow chart diagram of an information security processing method according to one embodiment of the present disclosure. In some embodiments, the following information security processing method steps are performed by an information security processing apparatus.
In step 101, a public key is obtained from a monitoring server.
At step 102, a shared key is generated using the user identification and the vehicle identification of the current logged-in user.
At step 103, the shared key is encrypted with the public key to generate an encryption key.
In step 104, the encryption key is sent to the monitoring server, so that the monitoring server decrypts the encryption key by using a private key corresponding to the public key to obtain a shared key.
Through the above processing, the information security processing apparatus and the monitoring server both have the same shared key.
In step 105, after receiving the encrypted instruction information sent by the monitoring server, the encrypted instruction information is decrypted by using the shared key to obtain the control instruction.
It should be noted here that the monitoring server encrypts the control instruction by using the shared key to generate the encrypted instruction information.
In step 106, corresponding operations are executed according to the control instructions.
In some embodiments, after performing the respective operation according to the control instruction, feedback information associated with the operation is encrypted using the shared key to generate encrypted feedback information. And sending the encrypted feedback information to the monitoring server so that the monitoring server decrypts the encrypted feedback information by using the shared secret key to obtain the feedback information.
In the information security processing method provided by the above embodiment of the present disclosure, an encryption manner in which asymmetric encryption and symmetric encryption are mixed is adopted, where an asymmetric encryption algorithm is adopted to manage a secret key, and a symmetric encryption algorithm is adopted to manage a message. Therefore, the timeliness of communication is guaranteed while the data transmission safety is met.
In some embodiments, the corresponding public key and private key are obtained through an ECC (Elliptic curve Cryptography) Encryption algorithm and are subjected to corresponding Encryption and decryption processing, and the message is encrypted and decrypted by using the shared key through an AES (Advanced Encryption Standard).
In some embodiments, after the user logs out, a user logout indication is sent to the monitoring server so that the monitoring server destroys the shared key associated with the user. Thereby ensuring system safety.
Fig. 2 is a schematic flow chart diagram of an information security processing method according to another embodiment of the present disclosure. In some embodiments, the following information security processing method steps are performed by an information security processing apparatus.
In step 201, state data of the vehicle is collected at a preset period to generate a state data message.
At step 202, the status data packet is encrypted using a predetermined encryption algorithm to generate an encrypted packet.
For example, the preset encryption algorithm is the BASE64 encryption algorithm.
In step 203, the encrypted message is broadcasted so that the information security processing apparatus in other vehicles decrypts the encrypted message by using a preset decryption algorithm to obtain a corresponding status data message.
For example, the preset decryption algorithm is the BASE64 decryption algorithm.
In some embodiments, after receiving the encrypted message sent by the information security processing device in the other vehicle, the encrypted message is decrypted by using a preset decryption algorithm to obtain a corresponding status data message. Thereby enabling interaction between the engineering vehicles.
It should be noted here that, because the BASE64 encryption and decryption algorithm is processed faster, real-time interaction between vehicles can be realized.
Fig. 3 is a schematic structural diagram of an information security processing apparatus according to an embodiment of the present disclosure. As shown in fig. 3, the information security processing apparatus includes a public key acquisition module 31, a shared key generation module 32, an encryption key processing module 33, and an instruction processing module 34.
The public key obtaining module 31 is configured to obtain a public key from the monitoring server.
The shared key generation module 32 is configured to generate a shared key using the user identification and the vehicle identification of the current logged-in user.
The encryption key processing module 33 is configured to encrypt the shared key with the public key to generate an encryption key, and send the encryption key to the monitoring server, so that the monitoring server decrypts the encryption key with a private key corresponding to the public key to obtain the shared key.
Through the above processing, the information security processing apparatus and the monitoring server both have the same shared key.
The instruction processing module 34 is configured to, after receiving the encrypted instruction information sent by the monitoring server, decrypt the encrypted instruction information by using the shared key to obtain a control instruction, and perform a corresponding operation according to the control instruction.
In the information security processing apparatus provided in the above embodiment of the present disclosure, an encryption manner in which asymmetric encryption and symmetric encryption are mixed is used, where an asymmetric encryption algorithm is used to manage a secret key, and a symmetric encryption algorithm is used to manage a message. Therefore, the timeliness of communication is guaranteed while the data transmission safety is met.
Fig. 4 is a schematic structural diagram of an information security processing apparatus according to another embodiment of the present disclosure. Fig. 4 is different from fig. 3 in that, in the embodiment described in fig. 4, the information security processing apparatus further includes a feedback information processing module 35.
The feedback information processing module 35 is configured to encrypt feedback information associated with the operation by using the shared key after performing the corresponding operation according to the control instruction to generate encrypted feedback information, and send the encrypted feedback information to the monitoring server, so that the monitoring server decrypts the encrypted feedback information by using the shared key to obtain the feedback information.
In some embodiments, as shown in FIG. 4, the information security processing device further includes an exit processing module 36.
The logout processing module 36 is configured to send a user logout indication to the monitoring server after the user logs out, so that the monitoring server destroys the shared key associated with the user.
In some embodiments, as shown in fig. 4, the information security processing apparatus further includes a message processing module 37.
The message processing module 37 is configured to collect the state data of the vehicle at a preset period to generate a state data message, encrypt the state data message using a preset encryption algorithm to generate an encrypted message, and broadcast the encrypted message, so that the information security processing apparatus in the other vehicle decrypts the encrypted message using a preset decryption algorithm to obtain a corresponding state data message.
For example, the preset encryption algorithm is the BASE64 encryption algorithm, and the preset decryption algorithm is the BASE64 decryption algorithm.
In some embodiments, the message processing module 37 is further configured to decrypt the encrypted message by using a preset decryption algorithm after receiving the encrypted message sent by the information security processing device in the other vehicle, so as to obtain a corresponding status data message.
Fig. 5 is a schematic structural diagram of an information security processing apparatus according to still another embodiment of the present disclosure. As shown in fig. 5, the information security processing apparatus includes a memory 51 and a processor 52.
The memory 51 is used to store instructions. The processor 52 is coupled to the memory 51. The processor 52 is configured to perform a method as referred to in any of the embodiments of fig. 1 or fig. 2 based on instructions stored by the memory.
As shown in fig. 5, the information security processing apparatus further includes a communication interface 53 for information interaction with other devices. Meanwhile, the information security processing device also comprises a bus 54, and the processor 52, the communication interface 53 and the memory 51 are communicated with each other through the bus 54.
The Memory 51 may include a Random Access Memory (RAM) or a Non-Volatile Memory (NVM). Such as at least one disk storage. The memory 51 may also be a memory array. The storage 51 may also be partitioned and the blocks may be combined into virtual volumes according to certain rules.
Further, the processor 52 may be a central processing unit, or may be an ASIC (Application Specific Integrated Circuit), or one or more Integrated circuits configured to implement embodiments of the present disclosure.
The present disclosure also provides a computer-readable storage medium. The computer-readable storage medium stores computer instructions, which when executed by the processor implement a method according to any one of the embodiments of fig. 1 or fig. 2.
FIG. 6 is a schematic structural diagram of a work vehicle according to one embodiment of the present disclosure. As shown in fig. 6, the work vehicle 60 includes an information safety processing device 61. The information security processing device 61 is the information security processing device according to any one of the embodiments of fig. 3 to 5.
For example, the construction vehicle 60 is an unmanned mining truck, and the information security processing device 61 is a fanless industrial personal computer.
Fig. 7 is a schematic structural diagram of an information security processing system according to an embodiment of the present disclosure. As shown in fig. 7, the information security processing system includes an engineering vehicle 71 and a monitoring server 72. The work vehicle 71 is the work vehicle according to any one of the embodiments shown in fig. 6.
In some embodiments, the monitoring server 72 is a blade server, and the engineering vehicle 71 and the monitoring server 72 communicate via a wireless network, which may be a MESH, 4G, 5G, or other wireless communication network.
FIG. 8 is a schematic diagram of an information security process flow according to one embodiment of the present disclosure.
In step 801, an information security processing apparatus in a work vehicle transmits a login request to a monitoring server.
In step 802, the monitoring server sends a verification success message to the information security processing apparatus after the login request is successfully verified.
In step 803, the information security processing apparatus transmits a public key request to the monitoring server.
In step 804, the monitoring server transmits the public key to the information security processing apparatus.
In step 805, the information security processing apparatus generates a shared key using the user identification and the vehicle identification of the currently logged-in user.
In step 806, the information security processing apparatus encrypts the shared key with the public key to generate an encryption key.
In step 807, the information security processing apparatus transmits the encryption key to the monitoring server.
In step 808, the monitoring server decrypts the encrypted key using a private key corresponding to the public key to obtain a shared key.
In step 809, the monitoring server encrypts the control instruction with the shared key to generate encrypted instruction information.
In step 810, the monitoring server transmits the encrypted instruction information to the information security processing apparatus.
In step 811, the information security processing apparatus decrypts the encrypted instruction information using the shared key to obtain the control instruction.
In step 812, the information security processing apparatus executes corresponding operations according to the control instructions.
In step 813, the information security processing device encrypts feedback information associated with the operation using the shared key to generate encrypted feedback information.
In step 814, the information security processing apparatus transmits the encrypted feedback information to the monitoring server.
The monitoring server decrypts the encrypted feedback information using the shared key to obtain the feedback information, in step 815.
In step 816, the information security processing apparatus sends a user logout instruction to the monitoring server after the user logs out.
In step 817, the monitoring server destroys the shared key associated with the user.
Fig. 9 is a schematic diagram of an information security process flow according to another embodiment of the present disclosure.
In step 901, a first information safety processing device in a first engineering vehicle collects state data of the vehicle in a preset period to generate a state data message.
In step 902, the first information security processing apparatus encrypts the status data message using a predetermined encryption algorithm to generate an encrypted message.
For example, the preset encryption algorithm is the BASE64 encryption algorithm.
In step 903, the first information security processing device broadcasts an encrypted message.
In step 904, the second information security processing apparatus in the second engineering vehicle decrypts the encrypted message by using a preset decryption algorithm to obtain a corresponding status data message.
For example, the preset decryption algorithm is the BASE64 decryption algorithm.
In some embodiments, the functional modules may be implemented as a general purpose Processor, a Programmable Logic Controller (PLC), a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA), or other Programmable Logic device, discrete Gate or transistor Logic, discrete hardware components, or any suitable combination thereof, for performing the functions described in this disclosure.
So far, embodiments of the present disclosure have been described in detail. Some details that are well known in the art have not been described in order to avoid obscuring the concepts of the present disclosure. It will be fully apparent to those skilled in the art from the foregoing description how to practice the presently disclosed embodiments.
Although some specific embodiments of the present disclosure have been described in detail by way of example, it should be understood by those skilled in the art that the foregoing examples are for purposes of illustration only and are not intended to limit the scope of the present disclosure. It will be understood by those skilled in the art that various changes may be made in the above embodiments or equivalents may be substituted for elements thereof without departing from the scope and spirit of the present disclosure. The scope of the present disclosure is defined by the appended claims.

Claims (18)

1. An information security processing method comprises the following steps:
acquiring a public key from a monitoring server;
generating a shared key by using a user identifier and a vehicle identifier of a current login user;
encrypting the shared secret key by using the public key to generate an encryption secret key;
sending the encryption key to the monitoring server so that the monitoring server decrypts the encryption key by using a private key corresponding to the public key to obtain the shared key;
after receiving the encrypted instruction information sent by the monitoring server, decrypting the encrypted instruction information by using the shared key to obtain a control instruction;
and executing corresponding operation according to the control instruction.
2. The method of claim 1, further comprising:
after corresponding operation is executed according to the control instruction, encrypting feedback information associated with the operation by using the shared secret key to generate encrypted feedback information;
and sending the encrypted feedback information to the monitoring server so that the monitoring server decrypts the encrypted feedback information by using the shared key to obtain the feedback information.
3. The method of claim 1, further comprising:
and after the user logs out, sending a user log-out instruction to the monitoring server so that the monitoring server destroys the shared key associated with the user.
4. The method of any of claims 1-3, further comprising:
collecting state data of the vehicle in a preset period to generate a state data message;
encrypting the state data message by using a preset encryption algorithm to generate an encrypted message;
and broadcasting the encrypted message so that the information security processing device in other vehicles decrypts the encrypted message by using a preset decryption algorithm to obtain a corresponding state data message.
5. The method of claim 4, further comprising:
and after receiving the encrypted message sent by the information safety processing device in other vehicles, decrypting the encrypted message by using a preset decryption algorithm to obtain a corresponding state data message.
6. The method of claim 4, wherein,
the preset encryption algorithm is a BASE64 encryption algorithm;
the preset decryption algorithm is a BASE64 decryption algorithm.
7. An information security processing apparatus comprising:
a public key obtaining module configured to obtain a public key from the monitoring server;
the shared key generation module is configured to generate a shared key by using the user identification and the vehicle identification of the current login user;
an encryption key processing module configured to encrypt the shared key by using the public key to generate an encryption key, and send the encryption key to the monitoring server, so that the monitoring server decrypts the encryption key by using a private key corresponding to the public key to obtain the shared key;
and the instruction processing module is configured to decrypt the encrypted instruction information by using the shared key after receiving the encrypted instruction information sent by the monitoring server so as to obtain a control instruction, and execute corresponding operation according to the control instruction.
8. The apparatus of claim 7, further comprising:
and the feedback information processing module is configured to encrypt feedback information associated with the operation by using the shared key after executing a corresponding operation according to the control instruction to generate encrypted feedback information, and send the encrypted feedback information to the monitoring server so that the monitoring server decrypts the encrypted feedback information by using the shared key to obtain the feedback information.
9. The apparatus of claim 7, further comprising:
and the quitting processing module is configured to send a user quitting instruction to the monitoring server after the user logs out, so that the monitoring server destroys the shared key associated with the user.
10. The apparatus of any of claims 7-9, further comprising:
the message processing module is configured to collect state data of the vehicle in a preset period to generate a state data message, encrypt the state data message by using a preset encryption algorithm to generate an encrypted message, and broadcast the encrypted message, so that the information security processing device in other vehicles decrypts the encrypted message by using a preset decryption algorithm to obtain a corresponding state data message.
11. The apparatus of claim 10, wherein:
the message processing module is also configured to decrypt the encrypted message by using a preset decryption algorithm after receiving the encrypted message sent by the information security processing device in other vehicles, so as to obtain a corresponding state data message.
12. The apparatus of claim 10, wherein,
the preset encryption algorithm is a BASE64 encryption algorithm;
the preset decryption algorithm is a BASE64 decryption algorithm.
13. An information security processing apparatus comprising:
a memory configured to store instructions;
a processor coupled to the memory, the processor configured to perform implementing the method of any of claims 1-6 based on instructions stored by the memory.
14. An engineering vehicle comprising the information safety processing device according to any one of claims 7 to 13.
15. An information security processing system, comprising:
the work vehicle of claim 14;
the monitoring server is configured to provide a public key for the engineering vehicle, decrypt the encrypted key by using a private key corresponding to the public key after receiving the encrypted key sent by the engineering vehicle to obtain the shared key, encrypt a control command by using the shared key to generate encrypted command information, and send the encrypted command information to the engineering vehicle.
16. The system of claim 15, wherein:
the monitoring server is further configured to decrypt the encrypted feedback information by using the shared secret key after receiving the encrypted feedback information sent by the engineering vehicle so as to obtain the feedback information.
17. The system of claim 15, wherein:
the monitoring server is further configured to destroy the shared secret key associated with the user after receiving a user quit instruction sent by the engineering vehicle.
18. A computer-readable storage medium, wherein the computer-readable storage medium stores computer instructions which, when executed by a processor, implement the method of any one of claims 1-6.
CN202010928331.7A 2020-09-07 2020-09-07 Information safety processing method, device and system and engineering vehicle Active CN112073193B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010928331.7A CN112073193B (en) 2020-09-07 2020-09-07 Information safety processing method, device and system and engineering vehicle

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010928331.7A CN112073193B (en) 2020-09-07 2020-09-07 Information safety processing method, device and system and engineering vehicle

Publications (2)

Publication Number Publication Date
CN112073193A CN112073193A (en) 2020-12-11
CN112073193B true CN112073193B (en) 2022-06-07

Family

ID=73663805

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010928331.7A Active CN112073193B (en) 2020-09-07 2020-09-07 Information safety processing method, device and system and engineering vehicle

Country Status (1)

Country Link
CN (1) CN112073193B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112995896B (en) * 2021-02-26 2023-04-28 北京骑胜科技有限公司 Vehicle parking control method, device, vehicle, server, parking pile and system
CN113126542B (en) * 2021-03-02 2023-09-19 北京汽车研究总院有限公司 Remote control method and system for monitoring screen, monitoring screen host and control terminal

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102264068A (en) * 2010-05-28 2011-11-30 中国移动通信集团公司 Shared key consultation method, system, network platform and terminal
CN103167494A (en) * 2011-12-16 2013-06-19 中国电信股份有限公司 Information sending method and information sending system
CA2929173A1 (en) * 2013-10-30 2015-05-07 Huawei Device Co., Ltd. Key configuration method, system, and apparatus
CN105635147A (en) * 2015-12-30 2016-06-01 深圳市图雅丽特种技术有限公司 Vehicle-mounted-special-equipment-system-based secure data transmission method and system
CN107085870A (en) * 2016-02-16 2017-08-22 通用汽车环球科技运作有限责任公司 Accessed using encryption method regulation vehicle
CN107948212A (en) * 2018-01-10 2018-04-20 武汉斗鱼网络科技有限公司 A kind of processing method and processing device of daily record

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102264068A (en) * 2010-05-28 2011-11-30 中国移动通信集团公司 Shared key consultation method, system, network platform and terminal
CN103167494A (en) * 2011-12-16 2013-06-19 中国电信股份有限公司 Information sending method and information sending system
CA2929173A1 (en) * 2013-10-30 2015-05-07 Huawei Device Co., Ltd. Key configuration method, system, and apparatus
CN105635147A (en) * 2015-12-30 2016-06-01 深圳市图雅丽特种技术有限公司 Vehicle-mounted-special-equipment-system-based secure data transmission method and system
CN107085870A (en) * 2016-02-16 2017-08-22 通用汽车环球科技运作有限责任公司 Accessed using encryption method regulation vehicle
CN107948212A (en) * 2018-01-10 2018-04-20 武汉斗鱼网络科技有限公司 A kind of processing method and processing device of daily record

Also Published As

Publication number Publication date
CN112073193A (en) 2020-12-11

Similar Documents

Publication Publication Date Title
CN108347331B (en) Method and device for safe communication between T _ Box device and ECU device in Internet of vehicles system
CN101448130B (en) Method, system and device for protecting data encryption in monitoring system
CN105262772A (en) Data transmission method, data transmission system and related apparatus for data transmission method and system
CN102333093A (en) Data encryption transmission method and system
CN109005027B (en) Random data encryption and decryption method, device and system
CN112073193B (en) Information safety processing method, device and system and engineering vehicle
CN101990748A (en) Method and device for transmitting messages in real time
KR101608815B1 (en) Method and system for providing service encryption in closed type network
CN101707767B (en) Data transmission method and devices
CN110753321A (en) Safe communication method for vehicle-mounted TBOX and cloud server
KR101568871B1 (en) Encrypting method for vital control system
CN104202158A (en) Symmetric and asymmetric hybrid data encryption/decryption method based on cloud computing
EP2560319B1 (en) Method, apparatus and system for data encryption transmission in m2m
CN104735070A (en) Universal data sharing method for heterogeneous encryption clouds
WO2018090967A1 (en) Secure data transmission method and system based on eoc network
CN106453391A (en) Long repeating data encryption and transmission method and system
CN101789863B (en) Safe data information transmission method
US11308242B2 (en) Method for protecting encrypted control word, hardware security module, main chip and terminal
CN105262586B (en) The method for distributing key and device of automobile burglar equipment
CN112073115A (en) Lora-based low-orbit satellite Internet of things registration security verification method, Internet of things terminal, network server and user server
CN101132408B (en) Stream media content processing method, equipment and system
CN114500064B (en) Communication security verification method and device, storage medium and electronic equipment
CN109005151A (en) A kind of encryption of information, decryption processing method and processing terminal
CN101984626B (en) Method and system for safely exchanging files
JPH10107832A (en) Cipher multi-address mail system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant