CN112073193B - Information safety processing method, device and system and engineering vehicle - Google Patents
Information safety processing method, device and system and engineering vehicle Download PDFInfo
- Publication number
- CN112073193B CN112073193B CN202010928331.7A CN202010928331A CN112073193B CN 112073193 B CN112073193 B CN 112073193B CN 202010928331 A CN202010928331 A CN 202010928331A CN 112073193 B CN112073193 B CN 112073193B
- Authority
- CN
- China
- Prior art keywords
- key
- encrypted
- monitoring server
- information
- message
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000003672 processing method Methods 0.000 title claims abstract description 11
- 238000012545 processing Methods 0.000 claims abstract description 89
- 238000012544 monitoring process Methods 0.000 claims abstract description 81
- 238000000034 method Methods 0.000 claims abstract description 20
- 230000010365 information processing Effects 0.000 claims description 4
- 238000010586 diagram Methods 0.000 description 18
- 238000004891 communication Methods 0.000 description 5
- 230000005540 biological transmission Effects 0.000 description 3
- 230000003993 interaction Effects 0.000 description 3
- 238000004519 manufacturing process Methods 0.000 description 3
- 238000010276 construction Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 238000005065 mining Methods 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0822—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
- H04L9/0631—Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/085—Secret sharing or secret splitting, e.g. threshold schemes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0866—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3066—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Theoretical Computer Science (AREA)
- Computing Systems (AREA)
- Algebra (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Mathematical Analysis (AREA)
- Mathematical Optimization (AREA)
- Mathematical Physics (AREA)
- Pure & Applied Mathematics (AREA)
- Computer Hardware Design (AREA)
- Traffic Control Systems (AREA)
Abstract
The disclosure provides an information safety processing method, device and system and an engineering vehicle. The information security processing device acquires a public key from the monitoring server; generating a shared key by using a user identifier and a vehicle identifier of a current login user; encrypting the shared key with the public key to generate an encrypted key; sending the encryption key to a monitoring server so that the monitoring server decrypts the encryption key by using a private key corresponding to the public key to obtain a shared key; after receiving the encryption instruction information sent by the monitoring server, decrypting the encryption instruction information by using the shared secret key to obtain a control instruction; and executing corresponding operation according to the control instruction. The method and the system can effectively ensure the data safety between the engineering vehicle and the monitoring server.
Description
Technical Field
The disclosure relates to the field of secure transmission, and in particular to an information security processing method, device and system, and an engineering vehicle.
Background
In a production scene such as a mine, in order to realize unmanned work, it is necessary to transmit relevant data on an unmanned vehicle to a monitoring server to realize safety monitoring. Data transmitted in a plaintext mode can be easily intercepted and tampered, so that safety accidents of the unmanned vehicle occur, and personnel and property losses are caused.
Disclosure of Invention
The inventors have noted that, in the related art, in order to secure information, production data and a video stream are written into a black box. However, this solution cannot be effectively applied to unmanned transportation control in a production scene such as a surface mine, and cannot ensure data security between the unmanned vehicle and the monitoring server.
Accordingly, the present disclosure provides an information security processing scheme to effectively ensure data security between an unmanned vehicle and a monitoring server.
According to a first aspect of the embodiments of the present disclosure, there is provided an information security processing method, including: acquiring a public key from a monitoring server; generating a shared key by using a user identifier and a vehicle identifier of a current login user; encrypting the shared secret key by using the public key to generate an encryption secret key; sending the encryption key to the monitoring server so that the monitoring server decrypts the encryption key by using a private key corresponding to the public key to obtain the shared key; after receiving the encrypted instruction information sent by the monitoring server, decrypting the encrypted instruction information by using the shared key to obtain a control instruction; and executing corresponding operation according to the control instruction.
In some embodiments, after performing a corresponding operation according to the control instruction, feedback information associated with the operation is encrypted using the shared key to generate encrypted feedback information; and sending the encrypted feedback information to the monitoring server so that the monitoring server can decrypt the encrypted feedback information by using the shared key to obtain the feedback information.
In some embodiments, after the user logs out, sending a user logout indication to the monitoring server so that the monitoring server destroys the shared key associated with the user.
In some embodiments, the state data of the vehicle is collected in a preset period to generate a state data message; encrypting the state data message by using a preset encryption algorithm to generate an encrypted message; and broadcasting the encrypted message so that the information security processing device in other vehicles decrypts the encrypted message by using a preset decryption algorithm to obtain a corresponding state data message.
In some embodiments, after receiving the encrypted message sent by the information security processing device in another vehicle, the encrypted message is decrypted by using a preset decryption algorithm to obtain a corresponding state data message.
In some embodiments, the preset encryption algorithm is a BASE64 encryption algorithm; the preset decryption algorithm is a BASE64 decryption algorithm.
According to a second aspect of the embodiments of the present disclosure, there is provided an information security processing apparatus including: a public key obtaining module configured to obtain a public key from the monitoring server; the shared key generation module is configured to generate a shared key by using the user identification and the vehicle identification of the current login user; an encryption key processing module configured to encrypt the shared key by using the public key to generate an encryption key, and send the encryption key to the monitoring server, so that the monitoring server decrypts the encryption key by using a private key corresponding to the public key to obtain the shared key; and the instruction processing module is configured to decrypt the encrypted instruction information by using the shared key after receiving the encrypted instruction information sent by the monitoring server so as to obtain a control instruction, and execute corresponding operation according to the control instruction.
In some embodiments, the above apparatus further comprises: and the feedback information processing module is configured to encrypt feedback information associated with the operation by using the shared key after executing a corresponding operation according to the control instruction to generate encrypted feedback information, and send the encrypted feedback information to the monitoring server so that the monitoring server decrypts the encrypted feedback information by using the shared key to obtain the feedback information.
In some embodiments, the above apparatus further comprises: and the quitting processing module is configured to send a user quitting instruction to the monitoring server after the user logs out, so that the monitoring server destroys the shared key associated with the user.
In some embodiments, the above apparatus further comprises: the message processing module is configured to collect state data of the vehicle in a preset period to generate a state data message, encrypt the state data message by using a preset encryption algorithm to generate an encrypted message, and broadcast the encrypted message, so that the information security processing device in other vehicles decrypts the encrypted message by using a preset decryption algorithm to obtain a corresponding state data message.
In some embodiments, the message processing module is further configured to decrypt the encrypted message by using a preset decryption algorithm after receiving the encrypted message sent by the information security processing device in the other vehicle, so as to obtain a corresponding state data message.
In some embodiments, the preset encryption algorithm is a BASE64 encryption algorithm; the preset decryption algorithm is a BASE64 decryption algorithm.
According to a third aspect of the embodiments of the present disclosure, there is provided an information security processing apparatus including: a memory configured to store instructions; a processor coupled to the memory, the processor configured to perform a method implementing any of the embodiments described above based on instructions stored by the memory.
According to a fourth aspect of the embodiments of the present disclosure, there is provided an engineering vehicle including the information safety processing apparatus according to any one of the embodiments.
According to a fifth aspect of the embodiments of the present disclosure, there is provided an information security processing system including: the engineering vehicle according to any one of the embodiments; the monitoring server is configured to provide a public key for the engineering vehicle, decrypt the encrypted key by using a private key corresponding to the public key after receiving the encrypted key sent by the engineering vehicle to obtain the shared key, encrypt a control command by using the shared key to generate encrypted command information, and send the encrypted command information to the engineering vehicle.
In some embodiments, the monitoring server is further configured to decrypt the encrypted feedback information by using the shared key after receiving the encrypted feedback information sent by the engineering vehicle to obtain the feedback information.
In some embodiments, the monitoring server is further configured to destroy the shared key associated with the user upon receiving a user exit indication sent by the engineering vehicle.
According to a sixth aspect of the embodiments of the present disclosure, a computer-readable storage medium is provided, in which computer instructions are stored, and when executed by a processor, the computer-readable storage medium implements the method according to any of the embodiments described above.
Other features of the present disclosure and advantages thereof will become apparent from the following detailed description of exemplary embodiments thereof, which proceeds with reference to the accompanying drawings.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments of the disclosure and together with the description, serve to explain the principles of the disclosure.
The present disclosure may be more clearly understood from the following detailed description, taken with reference to the accompanying drawings, in which:
FIG. 1 is a schematic flow diagram of a method for secure processing of information, according to one embodiment of the present disclosure;
FIG. 2 is a schematic flow chart diagram of a method for secure processing of information, according to another embodiment of the present disclosure;
FIG. 3 is a schematic structural diagram of an information security processing apparatus according to an embodiment of the present disclosure;
FIG. 4 is a schematic structural diagram of an information security processing apparatus according to another embodiment of the present disclosure;
FIG. 5 is a schematic structural diagram of an information security processing device according to yet another embodiment of the present disclosure;
FIG. 6 is a schematic structural diagram of a work vehicle according to one embodiment of the present disclosure;
FIG. 7 is a schematic block diagram of an information security processing system according to one embodiment of the present disclosure;
FIG. 8 is a schematic diagram of an information security process flow according to one embodiment of the present disclosure;
fig. 9 is a schematic diagram of an information security process flow according to another embodiment of the present disclosure.
It should be understood that the dimensions of the various parts shown in the figures are not drawn to scale. Further, the same or similar reference numerals denote the same or similar components.
Detailed Description
Various exemplary embodiments of the present disclosure will now be described in detail with reference to the accompanying drawings. The description of the exemplary embodiments is merely illustrative and is in no way intended to limit the disclosure, its application, or uses. The present disclosure may be embodied in many different forms and is not limited to the embodiments described herein. These embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art. It should be noted that: the relative arrangement of parts and steps, the composition of materials and values set forth in these embodiments are to be construed as illustrative only and not as limiting unless otherwise specifically stated.
The use of the word "comprising" or "comprises" and the like in this disclosure means that the elements listed before the word encompass the elements listed after the word and do not exclude the possibility that other elements may also be encompassed.
All terms (including technical or scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this disclosure belongs unless specifically defined otherwise. It will be further understood that terms, such as those defined in commonly used dictionaries, should be interpreted as having a meaning that is consistent with their meaning in the context of the relevant art and will not be interpreted in an idealized or overly formal sense unless expressly so defined herein.
Techniques, methods, and apparatus known to those of ordinary skill in the relevant art may not be discussed in detail but are intended to be part of the specification where appropriate.
Fig. 1 is a schematic flow chart diagram of an information security processing method according to one embodiment of the present disclosure. In some embodiments, the following information security processing method steps are performed by an information security processing apparatus.
In step 101, a public key is obtained from a monitoring server.
At step 102, a shared key is generated using the user identification and the vehicle identification of the current logged-in user.
At step 103, the shared key is encrypted with the public key to generate an encryption key.
In step 104, the encryption key is sent to the monitoring server, so that the monitoring server decrypts the encryption key by using a private key corresponding to the public key to obtain a shared key.
Through the above processing, the information security processing apparatus and the monitoring server both have the same shared key.
In step 105, after receiving the encrypted instruction information sent by the monitoring server, the encrypted instruction information is decrypted by using the shared key to obtain the control instruction.
It should be noted here that the monitoring server encrypts the control instruction by using the shared key to generate the encrypted instruction information.
In step 106, corresponding operations are executed according to the control instructions.
In some embodiments, after performing the respective operation according to the control instruction, feedback information associated with the operation is encrypted using the shared key to generate encrypted feedback information. And sending the encrypted feedback information to the monitoring server so that the monitoring server decrypts the encrypted feedback information by using the shared secret key to obtain the feedback information.
In the information security processing method provided by the above embodiment of the present disclosure, an encryption manner in which asymmetric encryption and symmetric encryption are mixed is adopted, where an asymmetric encryption algorithm is adopted to manage a secret key, and a symmetric encryption algorithm is adopted to manage a message. Therefore, the timeliness of communication is guaranteed while the data transmission safety is met.
In some embodiments, the corresponding public key and private key are obtained through an ECC (Elliptic curve Cryptography) Encryption algorithm and are subjected to corresponding Encryption and decryption processing, and the message is encrypted and decrypted by using the shared key through an AES (Advanced Encryption Standard).
In some embodiments, after the user logs out, a user logout indication is sent to the monitoring server so that the monitoring server destroys the shared key associated with the user. Thereby ensuring system safety.
Fig. 2 is a schematic flow chart diagram of an information security processing method according to another embodiment of the present disclosure. In some embodiments, the following information security processing method steps are performed by an information security processing apparatus.
In step 201, state data of the vehicle is collected at a preset period to generate a state data message.
At step 202, the status data packet is encrypted using a predetermined encryption algorithm to generate an encrypted packet.
For example, the preset encryption algorithm is the BASE64 encryption algorithm.
In step 203, the encrypted message is broadcasted so that the information security processing apparatus in other vehicles decrypts the encrypted message by using a preset decryption algorithm to obtain a corresponding status data message.
For example, the preset decryption algorithm is the BASE64 decryption algorithm.
In some embodiments, after receiving the encrypted message sent by the information security processing device in the other vehicle, the encrypted message is decrypted by using a preset decryption algorithm to obtain a corresponding status data message. Thereby enabling interaction between the engineering vehicles.
It should be noted here that, because the BASE64 encryption and decryption algorithm is processed faster, real-time interaction between vehicles can be realized.
Fig. 3 is a schematic structural diagram of an information security processing apparatus according to an embodiment of the present disclosure. As shown in fig. 3, the information security processing apparatus includes a public key acquisition module 31, a shared key generation module 32, an encryption key processing module 33, and an instruction processing module 34.
The public key obtaining module 31 is configured to obtain a public key from the monitoring server.
The shared key generation module 32 is configured to generate a shared key using the user identification and the vehicle identification of the current logged-in user.
The encryption key processing module 33 is configured to encrypt the shared key with the public key to generate an encryption key, and send the encryption key to the monitoring server, so that the monitoring server decrypts the encryption key with a private key corresponding to the public key to obtain the shared key.
Through the above processing, the information security processing apparatus and the monitoring server both have the same shared key.
The instruction processing module 34 is configured to, after receiving the encrypted instruction information sent by the monitoring server, decrypt the encrypted instruction information by using the shared key to obtain a control instruction, and perform a corresponding operation according to the control instruction.
In the information security processing apparatus provided in the above embodiment of the present disclosure, an encryption manner in which asymmetric encryption and symmetric encryption are mixed is used, where an asymmetric encryption algorithm is used to manage a secret key, and a symmetric encryption algorithm is used to manage a message. Therefore, the timeliness of communication is guaranteed while the data transmission safety is met.
Fig. 4 is a schematic structural diagram of an information security processing apparatus according to another embodiment of the present disclosure. Fig. 4 is different from fig. 3 in that, in the embodiment described in fig. 4, the information security processing apparatus further includes a feedback information processing module 35.
The feedback information processing module 35 is configured to encrypt feedback information associated with the operation by using the shared key after performing the corresponding operation according to the control instruction to generate encrypted feedback information, and send the encrypted feedback information to the monitoring server, so that the monitoring server decrypts the encrypted feedback information by using the shared key to obtain the feedback information.
In some embodiments, as shown in FIG. 4, the information security processing device further includes an exit processing module 36.
The logout processing module 36 is configured to send a user logout indication to the monitoring server after the user logs out, so that the monitoring server destroys the shared key associated with the user.
In some embodiments, as shown in fig. 4, the information security processing apparatus further includes a message processing module 37.
The message processing module 37 is configured to collect the state data of the vehicle at a preset period to generate a state data message, encrypt the state data message using a preset encryption algorithm to generate an encrypted message, and broadcast the encrypted message, so that the information security processing apparatus in the other vehicle decrypts the encrypted message using a preset decryption algorithm to obtain a corresponding state data message.
For example, the preset encryption algorithm is the BASE64 encryption algorithm, and the preset decryption algorithm is the BASE64 decryption algorithm.
In some embodiments, the message processing module 37 is further configured to decrypt the encrypted message by using a preset decryption algorithm after receiving the encrypted message sent by the information security processing device in the other vehicle, so as to obtain a corresponding status data message.
Fig. 5 is a schematic structural diagram of an information security processing apparatus according to still another embodiment of the present disclosure. As shown in fig. 5, the information security processing apparatus includes a memory 51 and a processor 52.
The memory 51 is used to store instructions. The processor 52 is coupled to the memory 51. The processor 52 is configured to perform a method as referred to in any of the embodiments of fig. 1 or fig. 2 based on instructions stored by the memory.
As shown in fig. 5, the information security processing apparatus further includes a communication interface 53 for information interaction with other devices. Meanwhile, the information security processing device also comprises a bus 54, and the processor 52, the communication interface 53 and the memory 51 are communicated with each other through the bus 54.
The Memory 51 may include a Random Access Memory (RAM) or a Non-Volatile Memory (NVM). Such as at least one disk storage. The memory 51 may also be a memory array. The storage 51 may also be partitioned and the blocks may be combined into virtual volumes according to certain rules.
Further, the processor 52 may be a central processing unit, or may be an ASIC (Application Specific Integrated Circuit), or one or more Integrated circuits configured to implement embodiments of the present disclosure.
The present disclosure also provides a computer-readable storage medium. The computer-readable storage medium stores computer instructions, which when executed by the processor implement a method according to any one of the embodiments of fig. 1 or fig. 2.
FIG. 6 is a schematic structural diagram of a work vehicle according to one embodiment of the present disclosure. As shown in fig. 6, the work vehicle 60 includes an information safety processing device 61. The information security processing device 61 is the information security processing device according to any one of the embodiments of fig. 3 to 5.
For example, the construction vehicle 60 is an unmanned mining truck, and the information security processing device 61 is a fanless industrial personal computer.
Fig. 7 is a schematic structural diagram of an information security processing system according to an embodiment of the present disclosure. As shown in fig. 7, the information security processing system includes an engineering vehicle 71 and a monitoring server 72. The work vehicle 71 is the work vehicle according to any one of the embodiments shown in fig. 6.
In some embodiments, the monitoring server 72 is a blade server, and the engineering vehicle 71 and the monitoring server 72 communicate via a wireless network, which may be a MESH, 4G, 5G, or other wireless communication network.
FIG. 8 is a schematic diagram of an information security process flow according to one embodiment of the present disclosure.
In step 801, an information security processing apparatus in a work vehicle transmits a login request to a monitoring server.
In step 802, the monitoring server sends a verification success message to the information security processing apparatus after the login request is successfully verified.
In step 803, the information security processing apparatus transmits a public key request to the monitoring server.
In step 804, the monitoring server transmits the public key to the information security processing apparatus.
In step 805, the information security processing apparatus generates a shared key using the user identification and the vehicle identification of the currently logged-in user.
In step 806, the information security processing apparatus encrypts the shared key with the public key to generate an encryption key.
In step 807, the information security processing apparatus transmits the encryption key to the monitoring server.
In step 808, the monitoring server decrypts the encrypted key using a private key corresponding to the public key to obtain a shared key.
In step 809, the monitoring server encrypts the control instruction with the shared key to generate encrypted instruction information.
In step 810, the monitoring server transmits the encrypted instruction information to the information security processing apparatus.
In step 811, the information security processing apparatus decrypts the encrypted instruction information using the shared key to obtain the control instruction.
In step 812, the information security processing apparatus executes corresponding operations according to the control instructions.
In step 813, the information security processing device encrypts feedback information associated with the operation using the shared key to generate encrypted feedback information.
In step 814, the information security processing apparatus transmits the encrypted feedback information to the monitoring server.
The monitoring server decrypts the encrypted feedback information using the shared key to obtain the feedback information, in step 815.
In step 816, the information security processing apparatus sends a user logout instruction to the monitoring server after the user logs out.
In step 817, the monitoring server destroys the shared key associated with the user.
Fig. 9 is a schematic diagram of an information security process flow according to another embodiment of the present disclosure.
In step 901, a first information safety processing device in a first engineering vehicle collects state data of the vehicle in a preset period to generate a state data message.
In step 902, the first information security processing apparatus encrypts the status data message using a predetermined encryption algorithm to generate an encrypted message.
For example, the preset encryption algorithm is the BASE64 encryption algorithm.
In step 903, the first information security processing device broadcasts an encrypted message.
In step 904, the second information security processing apparatus in the second engineering vehicle decrypts the encrypted message by using a preset decryption algorithm to obtain a corresponding status data message.
For example, the preset decryption algorithm is the BASE64 decryption algorithm.
In some embodiments, the functional modules may be implemented as a general purpose Processor, a Programmable Logic Controller (PLC), a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA), or other Programmable Logic device, discrete Gate or transistor Logic, discrete hardware components, or any suitable combination thereof, for performing the functions described in this disclosure.
So far, embodiments of the present disclosure have been described in detail. Some details that are well known in the art have not been described in order to avoid obscuring the concepts of the present disclosure. It will be fully apparent to those skilled in the art from the foregoing description how to practice the presently disclosed embodiments.
Although some specific embodiments of the present disclosure have been described in detail by way of example, it should be understood by those skilled in the art that the foregoing examples are for purposes of illustration only and are not intended to limit the scope of the present disclosure. It will be understood by those skilled in the art that various changes may be made in the above embodiments or equivalents may be substituted for elements thereof without departing from the scope and spirit of the present disclosure. The scope of the present disclosure is defined by the appended claims.
Claims (18)
1. An information security processing method comprises the following steps:
acquiring a public key from a monitoring server;
generating a shared key by using a user identifier and a vehicle identifier of a current login user;
encrypting the shared secret key by using the public key to generate an encryption secret key;
sending the encryption key to the monitoring server so that the monitoring server decrypts the encryption key by using a private key corresponding to the public key to obtain the shared key;
after receiving the encrypted instruction information sent by the monitoring server, decrypting the encrypted instruction information by using the shared key to obtain a control instruction;
and executing corresponding operation according to the control instruction.
2. The method of claim 1, further comprising:
after corresponding operation is executed according to the control instruction, encrypting feedback information associated with the operation by using the shared secret key to generate encrypted feedback information;
and sending the encrypted feedback information to the monitoring server so that the monitoring server decrypts the encrypted feedback information by using the shared key to obtain the feedback information.
3. The method of claim 1, further comprising:
and after the user logs out, sending a user log-out instruction to the monitoring server so that the monitoring server destroys the shared key associated with the user.
4. The method of any of claims 1-3, further comprising:
collecting state data of the vehicle in a preset period to generate a state data message;
encrypting the state data message by using a preset encryption algorithm to generate an encrypted message;
and broadcasting the encrypted message so that the information security processing device in other vehicles decrypts the encrypted message by using a preset decryption algorithm to obtain a corresponding state data message.
5. The method of claim 4, further comprising:
and after receiving the encrypted message sent by the information safety processing device in other vehicles, decrypting the encrypted message by using a preset decryption algorithm to obtain a corresponding state data message.
6. The method of claim 4, wherein,
the preset encryption algorithm is a BASE64 encryption algorithm;
the preset decryption algorithm is a BASE64 decryption algorithm.
7. An information security processing apparatus comprising:
a public key obtaining module configured to obtain a public key from the monitoring server;
the shared key generation module is configured to generate a shared key by using the user identification and the vehicle identification of the current login user;
an encryption key processing module configured to encrypt the shared key by using the public key to generate an encryption key, and send the encryption key to the monitoring server, so that the monitoring server decrypts the encryption key by using a private key corresponding to the public key to obtain the shared key;
and the instruction processing module is configured to decrypt the encrypted instruction information by using the shared key after receiving the encrypted instruction information sent by the monitoring server so as to obtain a control instruction, and execute corresponding operation according to the control instruction.
8. The apparatus of claim 7, further comprising:
and the feedback information processing module is configured to encrypt feedback information associated with the operation by using the shared key after executing a corresponding operation according to the control instruction to generate encrypted feedback information, and send the encrypted feedback information to the monitoring server so that the monitoring server decrypts the encrypted feedback information by using the shared key to obtain the feedback information.
9. The apparatus of claim 7, further comprising:
and the quitting processing module is configured to send a user quitting instruction to the monitoring server after the user logs out, so that the monitoring server destroys the shared key associated with the user.
10. The apparatus of any of claims 7-9, further comprising:
the message processing module is configured to collect state data of the vehicle in a preset period to generate a state data message, encrypt the state data message by using a preset encryption algorithm to generate an encrypted message, and broadcast the encrypted message, so that the information security processing device in other vehicles decrypts the encrypted message by using a preset decryption algorithm to obtain a corresponding state data message.
11. The apparatus of claim 10, wherein:
the message processing module is also configured to decrypt the encrypted message by using a preset decryption algorithm after receiving the encrypted message sent by the information security processing device in other vehicles, so as to obtain a corresponding state data message.
12. The apparatus of claim 10, wherein,
the preset encryption algorithm is a BASE64 encryption algorithm;
the preset decryption algorithm is a BASE64 decryption algorithm.
13. An information security processing apparatus comprising:
a memory configured to store instructions;
a processor coupled to the memory, the processor configured to perform implementing the method of any of claims 1-6 based on instructions stored by the memory.
14. An engineering vehicle comprising the information safety processing device according to any one of claims 7 to 13.
15. An information security processing system, comprising:
the work vehicle of claim 14;
the monitoring server is configured to provide a public key for the engineering vehicle, decrypt the encrypted key by using a private key corresponding to the public key after receiving the encrypted key sent by the engineering vehicle to obtain the shared key, encrypt a control command by using the shared key to generate encrypted command information, and send the encrypted command information to the engineering vehicle.
16. The system of claim 15, wherein:
the monitoring server is further configured to decrypt the encrypted feedback information by using the shared secret key after receiving the encrypted feedback information sent by the engineering vehicle so as to obtain the feedback information.
17. The system of claim 15, wherein:
the monitoring server is further configured to destroy the shared secret key associated with the user after receiving a user quit instruction sent by the engineering vehicle.
18. A computer-readable storage medium, wherein the computer-readable storage medium stores computer instructions which, when executed by a processor, implement the method of any one of claims 1-6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010928331.7A CN112073193B (en) | 2020-09-07 | 2020-09-07 | Information safety processing method, device and system and engineering vehicle |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010928331.7A CN112073193B (en) | 2020-09-07 | 2020-09-07 | Information safety processing method, device and system and engineering vehicle |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112073193A CN112073193A (en) | 2020-12-11 |
| CN112073193B true CN112073193B (en) | 2022-06-07 |
Family
ID=73663805
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010928331.7A Active CN112073193B (en) | 2020-09-07 | 2020-09-07 | Information safety processing method, device and system and engineering vehicle |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112073193B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112995896B (en) * | 2021-02-26 | 2023-04-28 | 北京骑胜科技有限公司 | Vehicle parking control method, device, vehicle, server, parking pile and system |
| CN113126542B (en) * | 2021-03-02 | 2023-09-19 | 北京汽车研究总院有限公司 | Remote control method and system for monitoring screen, monitoring screen host and control terminal |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102264068A (en) * | 2010-05-28 | 2011-11-30 | 中国移动通信集团公司 | Shared key consultation method, system, network platform and terminal |
| CN103167494A (en) * | 2011-12-16 | 2013-06-19 | 中国电信股份有限公司 | Information sending method and information sending system |
| CA2929173A1 (en) * | 2013-10-30 | 2015-05-07 | Huawei Device Co., Ltd. | Key configuration method, system, and apparatus |
| CN105635147A (en) * | 2015-12-30 | 2016-06-01 | 深圳市图雅丽特种技术有限公司 | Vehicle-mounted-special-equipment-system-based secure data transmission method and system |
| CN107085870A (en) * | 2016-02-16 | 2017-08-22 | 通用汽车环球科技运作有限责任公司 | Accessed using encryption method regulation vehicle |
| CN107948212A (en) * | 2018-01-10 | 2018-04-20 | 武汉斗鱼网络科技有限公司 | A kind of processing method and processing device of daily record |
-
2020
- 2020-09-07 CN CN202010928331.7A patent/CN112073193B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102264068A (en) * | 2010-05-28 | 2011-11-30 | 中国移动通信集团公司 | Shared key consultation method, system, network platform and terminal |
| CN103167494A (en) * | 2011-12-16 | 2013-06-19 | 中国电信股份有限公司 | Information sending method and information sending system |
| CA2929173A1 (en) * | 2013-10-30 | 2015-05-07 | Huawei Device Co., Ltd. | Key configuration method, system, and apparatus |
| CN105635147A (en) * | 2015-12-30 | 2016-06-01 | 深圳市图雅丽特种技术有限公司 | Vehicle-mounted-special-equipment-system-based secure data transmission method and system |
| CN107085870A (en) * | 2016-02-16 | 2017-08-22 | 通用汽车环球科技运作有限责任公司 | Accessed using encryption method regulation vehicle |
| CN107948212A (en) * | 2018-01-10 | 2018-04-20 | 武汉斗鱼网络科技有限公司 | A kind of processing method and processing device of daily record |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112073193A (en) | 2020-12-11 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108347331B (en) | Method and device for safe communication between T _ Box device and ECU device in Internet of vehicles system | |
| CN101448130B (en) | Method, system and device for protecting data encryption in monitoring system | |
| CN110912690A (en) | Data encryption and decryption method, vehicle and storage medium | |
| CN105577364B (en) | A kind of encryption method, decryption method and relevant apparatus | |
| CN105262772A (en) | Data transmission method, data transmission system and related apparatus for data transmission method and system | |
| CN109005027B (en) | Random data encryption and decryption method, device and system | |
| CN106549939B (en) | Data processing method and device for intelligent access control system | |
| CN112073193B (en) | Information safety processing method, device and system and engineering vehicle | |
| CN101990748A (en) | Method and device for transmitting messages in real time | |
| KR101608815B1 (en) | Method and system for providing service encryption in closed type network | |
| CN101707767B (en) | Data transmission method and devices | |
| KR101568871B1 (en) | Encrypting method for vital control system | |
| CN107181584B (en) | Asymmetric completely homomorphic encryption and key replacement and ciphertext delivery method thereof | |
| EP2560319B1 (en) | Method, apparatus and system for data encryption transmission in m2m | |
| CN104735070A (en) | Universal data sharing method for heterogeneous encryption clouds | |
| CN106453391A (en) | Long repeating data encryption and transmission method and system | |
| CN101789863B (en) | Safe data information transmission method | |
| US11308242B2 (en) | Method for protecting encrypted control word, hardware security module, main chip and terminal | |
| CN105262586B (en) | The method for distributing key and device of automobile burglar equipment | |
| CN101931623B (en) | Safety communication method suitable for remote control with limited capability at controlled end | |
| CN112073115A (en) | Lora-based low-orbit satellite Internet of things registration security verification method, Internet of things terminal, network server and user server | |
| CN101132408A (en) | Stream media content processing method, equipment and system | |
| CN109005151A (en) | A kind of encryption of information, decryption processing method and processing terminal | |
| CN101984626B (en) | Method and system for safely exchanging files | |
| JP6950605B2 (en) | Vehicle communication system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |