CN113015111B - Short message encryption communication method based on dynamic timestamp and national encryption algorithm - Google Patents
Short message encryption communication method based on dynamic timestamp and national encryption algorithm Download PDFInfo
- Publication number
- CN113015111B CN113015111B CN202110200537.2A CN202110200537A CN113015111B CN 113015111 B CN113015111 B CN 113015111B CN 202110200537 A CN202110200537 A CN 202110200537A CN 113015111 B CN113015111 B CN 113015111B
- Authority
- CN
- China
- Prior art keywords
- slave station
- public key
- station
- master station
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/12—Messaging; Mailboxes; Announcements
- H04W4/14—Short messaging services, e.g. short message services [SMS] or unstructured supplementary service data [USSD]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W24/00—Supervisory, monitoring or testing arrangements
- H04W24/04—Arrangements for maintaining operational condition
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Mobile Radio Communication Systems (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses a short message encryption communication method based on a dynamic timestamp and a national encryption algorithm. The sm2 encryption algorithm is used, so that communication data between the upper computer and the lower computer are not intercepted, and the method is safer and more reliable; by means of equipment authentication, the master station is used for distributing the slave station ID to the slave station, so that communication information between the master station and the slave station can be uniquely identified and communicated, dynamic encryption is achieved in future encryption technology application, and high reliability is achieved.
Description
Technical Field
The invention relates to an encryption communication method, in particular to a short message encryption communication method based on a dynamic timestamp and a national encryption algorithm.
Background
The Beidou satellite navigation system has a satellite Radio Determination service (RDSS) short message communication capability. The Beidou RDSS has the characteristics of monitoring, receiving, broadcasting and the like, and the RDSS short message can be used for bearing data to realize data communication.
The Beidou short message technology is practiced and applied in the fields of industry, agriculture, navigation and the like for a long time, the technology tends to be mature, and people are more and more aware of the important significance of information confidentiality along with the continuous deepening of the Internet technology and the password technology. Information confidentiality has great significance not only in the business field, but also plays a pivotal role in a plurality of fields such as politics, military and the like.
Influenced by factors such as equipment antenna orientation, weather and the like, the Beidou short message receiving and sending have certain failure probability; limited by a service queuing mechanism of the Beidou central station, the short message delivery can not guarantee complete order; the short message has no response mechanism and is not sent to the unknown terminal; if the terminal equipment of the receiving party is not started, the short message is discarded. For the above reasons, the beidou short message cannot ensure the reliability of message transmission by itself as a carrying medium of the message.
Disclosure of Invention
The invention aims to provide a short message encryption communication method based on a dynamic timestamp and a cryptographic algorithm, which is used for solving the problem of low safety of a Beidou short message method in the prior art.
In order to realize the task, the invention adopts the following technical scheme:
a short message encryption communication method based on dynamic timestamp and national encryption algorithm is used for communication between a master station and a slave station, and comprises the following steps:
step 1, equipment authentication, which specifically comprises the following steps:
step 1.1, judging whether the initiating is initiated by a master station or a slave station, if the initiating is initiated by the master station, executing step 1.2, otherwise, executing step 1.3;
step 1.2, the master station requires the slave station to send the slave station data public key, which specifically comprises the following steps:
step 1.2.1, the master station encrypts an authentication public key message of the master station by using an authentication public key of the slave station and then sends the encrypted authentication public key message to the slave station, wherein the authentication public key message comprises a unique serial number of the master station, a current sending timestamp and an authentication public key of the master station;
step 1.2.2, the slave station decrypts the master station authentication public key message encrypted in the step 1.2.1 by using the slave station authentication private key to obtain a master station unique serial number, a current sending timestamp, a master station authentication public key and a current timestamp;
the slave station judges whether the time between the current time stamp and the current time stamp is less than x seconds, wherein x is a positive integer, if the time is less than x seconds, the step 1.2.3 is executed, otherwise, the step 1.2.1 is returned;
step 1.2.3, the slave station encrypts a slave station data public key message by using the master station authentication public key and then sends the slave station data public key message to the master station, wherein the slave station data public key message comprises a slave station unique serial number, a current sending timestamp and a slave station data public key;
step 1.2.4, the master station decrypts the slave station data public key message encrypted in the step 1.2.3 by using the master station authentication private key to obtain the slave station unique serial number, the current sending time stamp, the slave station data public key and the current time stamp;
the master station judges whether the time between the current timestamp and the current sending timestamp is less than x seconds, if so, the slave station data public key is obtained, otherwise, the step 1.2.1 is returned;
step 1.3, the slave station actively sends the slave station data public key to the master station, and the method specifically comprises the following steps:
step 1.3.1, the slave station encrypts a slave station data public key message by using a master station authentication public key and then sends the slave station data public key message to the master station, wherein the slave station data public key message comprises a slave station unique serial number, a current sending timestamp and a slave station data public key;
step 1.3.2, the master station decrypts the slave station data public key message encrypted in the step 1.3.1 by using the master station authentication private key to obtain the slave station unique serial number, the current sending timestamp, the slave station data public key and the current timestamp;
and the master station judges whether the time between the current timestamp and the current sending timestamp is less than x seconds, if so, the slave station data public key is obtained, and otherwise, the step 1.3.1 is returned.
Further, the method further comprises the following steps:
step 2, equipment authentication, which specifically comprises:
step 2.1, judging whether the initiating is initiated by the master station or the slave station, if the initiating is initiated by the master station, executing the step 2.2, otherwise, executing the step 2.3;
step 2.2, the master station actively allocates the slave station ID code to the slave station, and the method specifically comprises the following steps:
step 2.2.1, the master station encrypts a master station authentication public key message by using a slave station authentication public key and then sends the master station authentication public key message to the slave station, wherein the master station authentication public key message comprises a master station unique sequence number, the sending time and a master station authentication public key;
step 2.2.2, the slave station decrypts the master station authentication public key message encrypted in the step 2.2.1 by using the slave station authentication private key to obtain a master station unique serial number, a current sending timestamp, a master station authentication public key and a current timestamp;
the slave station judges whether the time between the current timestamp and the current timestamp is less than x seconds, if so, the master station authentication public key is obtained, otherwise, the step 2.2.1 is returned;
step 2.2.3, the slave station encrypts a slave station data public key message by using the master station authentication public key and then sends the slave station data public key message to the master station, wherein the slave station data public key message comprises a slave station unique serial number, a current sending timestamp and a slave station data public key;
step 2.2.4, the master station decrypts the slave station data public key message encrypted in the step 2.2.3 by using the master station authentication private key to obtain the slave station unique serial number, the current sending timestamp, the slave station data public key and the current timestamp;
the master station judges whether the time between the current timestamp and the current sending timestamp is less than x seconds, if so, the slave station data public key is obtained, otherwise, the step 2.2.3 is returned;
step 2.2.5, the master station allocates slave station ID codes to the slave stations according to the unique serial numbers of the slave stations;
the master station encrypts a slave station ID distribution message by using a slave station data public key and then sends the slave station ID distribution message to the slave station, wherein the slave station ID distribution message comprises a slave station ID code, a current sending timestamp and a master station data public key;
step 2.2.6, the slave station decrypts the slave station ID distribution message encrypted in the step 2.2.5 by using a slave station data private key to obtain a slave station ID code, a current transmission timestamp, a master station data public key and a current timestamp;
the slave station judges whether the time between the current time stamp and the current time stamp is less than x seconds, if so, the slave station ID code and the master station data public key are obtained, otherwise, the step 2.2.5 is returned;
step 2.3, the slave station requests to distribute the slave station ID code, and the method specifically comprises the following steps:
step 2.3.1, the slave station encrypts a slave station data public key message by using a master station authentication public key and then sends the slave station data public key message to the master station, wherein the slave station data public key message comprises a slave station unique serial number, a current sending timestamp and a slave station data public key;
step 2.3.2, the master station decrypts the slave station data public key message encrypted in the step 2.3.1 by using the master station authentication private key to obtain the slave station unique serial number, the current sending timestamp, the slave station data public key and the current timestamp;
the master station judges whether the time between the current timestamp and the current sending timestamp is less than x seconds, if so, the slave station data public key is obtained, otherwise, the step 2.3.1 is returned;
step 2.3.3, the master station allocates slave station ID codes to the slave stations according to the unique serial numbers of the slave stations;
the master station encrypts a slave station ID distribution message by using a slave station data public key and then sends the slave station ID distribution message to the slave station, wherein the slave station ID distribution message comprises a slave station ID code, a current sending timestamp and a master station data public key;
step 2.3.4, the slave station decrypts the slave station ID distribution message encrypted in the step 2.3.3 by using a slave station data private key to obtain a slave station ID code, a current transmission timestamp, a master station data public key and a current timestamp;
and the slave station judges whether the time between the current time stamp and the current time stamp is less than x seconds, if so, the master station data public key is obtained, and if not, the step 2.3.4 is returned.
Further, the method further comprises the following steps:
step 3, heartbeat monitoring, which specifically comprises the following steps:
step 3.1, the slave station encrypts a heartbeat message by using a master station data public key at regular intervals and then sends the heartbeat message to the master station, wherein the heartbeat message comprises a slave station ID code, a current sending timestamp and a slave station state;
3.2, the master station decrypts the heartbeat message encrypted in the step 3.1 by using a master station data private key to obtain a slave station ID code, a current sending timestamp, a slave station state and a current timestamp;
the master station judges whether the time between the current timestamp and the current sending timestamp is less than x seconds, if so, the current communication state is normal, otherwise, the communication is abnormal, and the step 1 is returned;
3.3, the master station detects whether the encrypted heartbeat message is not received within n minutes, wherein n is a positive integer, if the heartbeat message is not received, the master station encrypts a state request message by using a slave station data public key and then sends the state request message to the slave station, and the state request message comprises a master station unique serial number, a current sending timestamp and state request data;
3.4, the slave station decrypts the encrypted state request message in the step 3.3 by using a slave station data private key to obtain a master station unique serial number, a current sending timestamp, state request data and a current timestamp;
and the slave station judges whether the time between the current time stamp and the current time stamp is less than x seconds, if so, the slave station state is obtained after inquiring according to the state request data, the step 3.1 is executed, and if not, the step 3.4 is returned.
Further, the method further comprises the following steps:
step 4, data communication, which specifically comprises:
step 4.1, the slave station actively transmits data to the master station, and the method specifically comprises the following steps:
step 4.1.1, the slave station encrypts a transmission data message by using a master station data public key and then sends the transmission data message to the master station, wherein the transmission data message comprises a slave station ID code, a current sending timestamp and transmission data content;
step 4.1.2, the master station decrypts the transmission data message encrypted in the step 4.1.1 by using a master station data private key to obtain a slave station ID code, a current sending timestamp, transmission data content and a current timestamp;
and the master station judges whether the time between the current timestamp and the current sending timestamp is less than x seconds, if so, the transmission data content is obtained, and if not, the step 4.1.1 is returned.
Further, the step 4, the data communication, further includes:
step 4.2, the master station requires the slave station to transmit data to the master station, and the method specifically comprises the following steps:
step 4.2.1, the master station encrypts a request data message by using a slave station data public key and then sends the request data message to the slave station, wherein the request data message comprises a master station unique serial number, a current sending timestamp and data request content;
step 4.2.2, the slave station decrypts the request data message encrypted in the step 4.2.1 by using a slave station data private key to obtain a master station unique serial number, a current sending timestamp, data request content and a current timestamp;
the slave station judges whether the time between the current time stamp and the current time stamp is less than x seconds, if so, the slave station obtains the transmission data content after inquiring according to the data request content, and executes the step 4.2.3, otherwise, the slave station does not respond;
4.2.3, the slave station encrypts a data content message by using a master station data public key and then sends the encrypted data content message to the master station, wherein the transmission data message comprises a slave station ID code, a current sending timestamp and transmission data content;
step 4.2.4, the master station decrypts the transmission data message encrypted in the step 4.2.3 by using the master station data private key to obtain a slave station ID code, a current sending timestamp, transmission data content and a current timestamp;
and the master station judges whether the time between the current timestamp and the current sending timestamp is less than x seconds, if so, the transmission data content is obtained, and if not, the step 4.2.1 is returned.
Further, x is 7.
Further, n is 5.
Further, the master station authentication public key and the master station authentication private key, the slave station authentication public key and the slave station authentication private key, the master station data public key and the master station data private key, and the slave station data public key and the slave station data private key are all generated by an sm2 algorithm.
Compared with the prior art, the invention has the following technical effects:
1. the invention provides a short message encryption communication method based on a dynamic timestamp and a national encryption algorithm, which comprises the steps of firstly giving a dynamic timestamp as an information mark in the information transmission process, and synchronously sending the information along with the information when information is sent between a master station and a slave station; compared with the traditional encryption technology, the short message encryption communication protocol uses dynamic time for marking, so that the cracking difficulty is increased;
2. according to the short message encryption communication method based on the dynamic timestamp and the national encryption algorithm, the ID of the slave station is distributed to the slave station by the master station in an equipment authentication mode, so that the communication information between the master station and the slave station is uniquely identified and communicated, dynamic encryption is realized in future encryption technology application, and the reliability is higher;
3. the short message encryption communication method based on the dynamic timestamp and the national encryption algorithm utilizes an online heartbeat detection mechanism to strengthen the management of a master station on a slave station, and manages the states of the slave stations by setting two modes of uploading detection messages by the slave stations at regular time and actively sending the detection messages by the master station. The master station can master the condition of the slave station in real time, when the slave station is in a disconnection state due to 'heartbeat stop', the master station can send out a control command or a signal alarm in time, and if the slave station is still in the disconnection state within a limited time, the master station actively adopts a master-slave information interaction plan.
Drawings
Fig. 1 is a schematic diagram of a short message encryption communication protocol model provided in an embodiment of the present invention;
fig. 2 is a flow chart of a communication method provided in an embodiment of the present invention.
Detailed Description
The present invention will be described in detail below with reference to the accompanying drawings and examples. So that those skilled in the art can better understand the present invention. It is to be expressly noted that in the following description, a detailed description of known functions and designs will be omitted when it may obscure the subject matter of the present invention.
The following definitions or conceptual connotations relating to the present invention are provided for illustration:
time stamping: the invention relates to a time mark, which mainly means that a unique time identifier is added to Beidou short message information transmitted between an upper computer and a lower computer, so that the generation time of remote equipment information data is uniquely proved.
Short message communication, the Beidou system user terminal in China has a two-way message communication function, and a user can transmit short message information of 120 Chinese characters at a time.
The unique serial number of the master station: the device's own unique serial number.
Examples
As shown in fig. 1-2, in the present embodiment, a short message encryption communication method based on dynamic timestamp and cryptographic algorithm is provided for communication between a primary station and a secondary station.
In the invention, only one master station is provided, and one or more slave stations can be provided.
The short message encryption communication method provided by the invention is used as a supplement of a communication encryption mode, and ensures the reliability and safety of information transmission. A stable communication relation with heartbeat detection is established between the master station and the slave station in a dynamic timestamp mode, and even if communication contents between the master station and the slave station are intercepted by a hacker, the master station and the slave station can judge whether the information is source information or not by identifying the timestamp, so that reliable communication is realized.
The communication method is based on the existing timestamp concept and the Beidou short message communication technology, and ensures that the communication between the master station and the slave station is in an online state by self-defining a monitoring mechanism and sending a piece of information to the master station. And the sm2 encryption algorithm is used, so that the communication data between the upper computer and the lower computer are not intercepted, and the method is safer and more reliable.
The method comprises the following steps:
step 1, equipment authentication, which specifically comprises the following steps:
step 1.1, judging whether the initiating is initiated by a master station or a slave station, if the initiating is initiated by the master station, executing step 1.2, otherwise, executing step 1.3;
step 1.2, the master station obtains the slave station data public key, and the method specifically comprises the following steps:
step 1.2.1, the master station encrypts an authentication public key message of the master station by using an authentication public key of the slave station and then sends the encrypted authentication public key message to the slave station, wherein the authentication public key message comprises a unique serial number of the master station, a current sending timestamp and an authentication public key of the master station;
in this embodiment, the preliminary assumptions and introduction of the dynamic timestamp concept were designed based on the practical need for information delivery privacy and encryption and the practical need for my military remote device operation and maintenance management security.
The remote equipment carries out dynamic marking according to the time of the server by the short message information sent by the Beidou terminal, and the upper computer receives the information sent by the short message and sends out an instruction, and the execution of action is carried out within the given timestamp allowance.
The design scheme can effectively prevent the quick decryption and authentication identification after the information of the remote equipment of one party is stolen, and on the premise that the relevant setting parameters and protocols of the dynamic timestamps between the upper computer and the lower computer are unknown, even if an enemy intercepts the short message information in a certain time period, the short message information is only invalid information.
Step 1.2.2, the slave station decrypts the obtained message by using the slave station authentication private key to obtain the unique serial number of the master station, the current sending timestamp, the master station authentication public key and the current timestamp;
the slave station judges whether the time between the current time stamp and the current time stamp is less than x seconds, wherein x is a positive integer, if the time is less than x seconds, the step 1.2.3 is executed, otherwise, the step 1.2.1 is returned;
step 1.2.3, the slave station encrypts a slave station data public key message by using the master station authentication public key and then sends the slave station data public key message to the master station, wherein the slave station data public key message comprises a slave station unique serial number, a current sending timestamp and a slave station data public key;
step 1.2.4, after the master station decrypts the message in the step 1.2.3 by using the master station authentication private key, the slave station unique serial number, the current sending timestamp, the slave station data public key and the current timestamp are obtained;
the master station judges whether the time between the current timestamp and the current sending timestamp is less than x seconds, if so, the slave station data public key is obtained, otherwise, the step 1.2.1 is returned;
specifically, steps 1.2.1-1.2.4 can be expressed as:
step 1.2.1, the master station sends the message
The content is as follows: the main station unique serial number, the time stamp of this time transmission and the main station authentication public key
And (3) secret key: slave station authentication public key
The algorithm is as follows: SM2
Step 1.2.2, receiving message from slave station
Obtaining the unique serial number of the main station
Verifying a timestamp
Obtaining master station authentication public key
Step 1.2.3, the slave station sends the short message
The content is as follows: the slave station unique serial number, the time stamp of this time transmission and the slave station data public key
And (3) secret key: master station authentication public key
The algorithm is as follows: SM2
And step 1.2.4, the master station decrypts to obtain the unique serial number of the slave station, the timestamp is sent this time, and the data public key of the slave station is obtained.
In the invention, the uniqueness and the safety reliability of the communication between the master station and the slave station are ensured by giving a unique time information. The master station and the slave station use time information provided by the Beidou or GSM base station as a unified standard. With the unit of seconds as the minimum, if the difference between the time stamp in the received content and the local time stamp is more than 7 seconds (leading or lagging), the communication is considered to be failed. The 7 seconds is used as a configurable parameter and can depend on the time delay of the communication parameter.
Step 1.3, the slave station sends the slave station data public key to the master station, and the method specifically comprises the following steps:
step 1.3.1, the slave station encrypts a slave station data public key message by using a master station authentication public key and then sends the slave station data public key message to the master station, wherein the slave station data public key message comprises a slave station unique serial number, a current sending timestamp and a slave station data public key;
step 1.3.2, after the master station decrypts the message in the step 1.3.1 by using the master station authentication private key, the slave station unique serial number, the current sending timestamp, the slave station data public key and the current timestamp are obtained;
and the master station judges whether the time between the current timestamp and the current sending timestamp is less than x seconds, if so, the slave station data public key is obtained, and otherwise, the step 1.3.1 is returned.
Specifically, steps 1.3.1-1.3.2 can be expressed as:
step 1.3.1, the slave station sends short message
The content is as follows: the slave station unique serial number, the time stamp of this time transmission and the slave station data public key
And (3) secret key: master station authentication public key
The algorithm is as follows: SM2
And step 1.3.2, the master station receives the message to obtain the unique serial number of the slave station, and the timestamp is checked to obtain the data public key of the slave station.
In this embodiment, when the slave station actively transmits a short message, the slave station has already obtained the master station authentication public key through communication.
Optionally, the method further comprises:
step 2, equipment authentication, which specifically comprises:
step 2.1, judging whether the initiating is initiated by the master station or the slave station, if the initiating is initiated by the master station, executing the step 2.2, otherwise, executing the step 2.3;
in the present invention, step 1 and step 2 have no chronological order, and step 1 may be executed first and then step 2 may be executed, step 2 may be executed first and then step 1 may be executed, or only step 1 may be executed and step 2 may not be executed.
In this step, the device authentication is equivalent to that the master station allocates an ID code in the communication process to the slave station, and the slave station communicates with the master station by using the slave station ID code allocated by the master station until the communication is completed, and the master station can identify which slave station is through the slave station ID code.
Step 2.2, the master station actively allocates the slave station ID code to the slave station, and the method specifically comprises the following steps:
step 2.2.1, the master station encrypts a master station authentication public key message by using a slave station authentication public key and then sends the master station authentication public key message to the slave station, wherein the master station authentication public key message comprises a master station unique sequence number, the sending time and a master station authentication public key;
step 2.2.2, the slave station decrypts the master station authentication public key message in the step 2.2.1 by using the slave station authentication private key to obtain a master station unique serial number, a current sending timestamp, a master station authentication public key and a current timestamp;
the slave station judges whether the time between the current timestamp and the current timestamp is less than x seconds, if so, the master station authentication public key is obtained, otherwise, the step 2.2.1 is returned;
step 2.2.3, the slave station encrypts a slave station data public key message by using the master station authentication public key and then sends the slave station data public key message to the master station, wherein the slave station data public key message comprises a slave station unique serial number, a current sending timestamp and a slave station data public key;
step 2.2.4, the master station decrypts the slave station data public key message in the step 2.2.3 by using the master station authentication private key to obtain the slave station unique serial number, the current sending timestamp, the slave station data public key and the current timestamp;
the master station judges whether the time between the current timestamp and the current sending timestamp is less than x seconds, if so, the slave station data public key is obtained, otherwise, the step 2.2.3 is returned;
step 2.2.5, the master station allocates slave station ID codes to the slave stations according to the unique serial numbers of the slave stations;
the master station encrypts a slave station ID distribution message by using a slave station data public key and then sends the slave station ID distribution message to the slave station, wherein the slave station ID distribution message comprises a slave station ID code, a current sending timestamp and a master station data public key;
step 2.2.6, the slave station decrypts the slave station ID distribution message in the step 2.2.5 by using the slave station data private key to obtain a slave station ID code, a current sending timestamp, a master station data public key and a current timestamp;
the slave station judges whether the time between the current time stamp and the current time stamp is less than x seconds, if so, the slave station ID code and the master station data public key are obtained, otherwise, the step 2.2.5 is returned;
in the step, the authentication is initiated by the master station, and the initiation of the authentication during normal operation is vertical to the cache related to the slave station; the master station distributes the slave station ID code to the slave station according to the unique serial number of the slave station.
(1) Master to slave: data (Master station unique serial number, time, Master station authentication public key), secret key (Slave station authentication public key)
(2) From station to master station: data (slave station SN, time, slave station data public key), secret key (master station authentication public key)
(3) Master to slave: data (slave station ID, time, master station data public key), secret key (slave station data public key)
Step 2.3, respectively transmitting the master station data public key and the slave station data public key between the master station and the slave station, specifically comprising:
step 2.3.1, the slave station encrypts a slave station data public key message by using a master station authentication public key and then sends the slave station data public key message to the master station, wherein the slave station data public key message comprises a slave station unique serial number, a current sending timestamp and a slave station data public key;
step 2.3.2, the master station decrypts the slave station data public key message in the step 2.3.1 by using the master station authentication private key to obtain the slave station unique serial number, the current sending timestamp, the slave station data public key and the current timestamp;
the master station judges whether the time between the current timestamp and the current sending timestamp is less than x seconds, if so, the slave station data public key is obtained, otherwise, the step 2.3.1 is returned;
step 2.3.3, the master station encrypts a slave station ID distribution message by using a slave station data public key and then sends the slave station ID distribution message to the slave station, wherein the slave station ID distribution message comprises a slave station ID code, a current sending timestamp and a master station data public key;
step 2.3.4, the slave station decrypts the encrypted slave station ID distribution message in the step 2.3.3 by using a slave station data private key to obtain a slave station ID code, a current transmission timestamp, a master station data public key and a current timestamp;
and the slave station judges whether the time between the current time stamp and the current time stamp is less than x seconds, if so, the slave station ID code and the master station data public key are obtained, otherwise, the step 2.3.4 is returned.
In this step, the slave station initiates, and the master station distributes the slave station ID code to the slave station according to the slave station unique serial number.
(1) From station to master station: data (slave station SN, time, slave station data public key), secret key (master station authentication public key)
(3) Master to slave: data (slave station ID, time, master station data public key), secret key (slave station data public key)
Optionally, the method further comprises:
a measurement mechanism is also defined in the present invention to send a message to the master station to ensure that the communication between the master station and the slave station is on-line. A slave is considered to be on-line if the master receives any message from the slave within 15 minutes.
Step 3, heartbeat monitoring, which specifically comprises the following steps:
step 3.1, the slave station encrypts a heartbeat message by using a master station data public key at regular intervals and then sends the heartbeat message to the master station, wherein the heartbeat message comprises a slave station ID, a current sending timestamp and a slave station state;
3.2, the master station decrypts the heartbeat message encrypted in the step 3.1 by using a master station data private key to obtain a slave station ID, a current sending timestamp, a slave station state and a current timestamp;
the master station judges whether the time between the current timestamp and the current sending timestamp is less than x seconds, if so, the current communication state is normal, otherwise, the communication is abnormal, and the step 1 is returned;
3.3, the master station detects whether the encrypted heartbeat message is not received within n minutes, wherein n is a positive integer, if the heartbeat message is not received, the master station encrypts a state request message by using a slave station data public key and then sends the state request message to the slave station, and the state request message comprises a master station unique serial number, a current sending timestamp and state request data;
3.4, the slave station decrypts the encrypted state request message in the step 3.3 by using a slave station data private key to obtain a master station unique serial number, a current sending timestamp, state request data and a current timestamp;
and the slave station judges whether the time between the current time stamp and the current time stamp is less than x seconds, if so, the slave station state is obtained after inquiring according to the state request data, the step 3.1 is executed, and if not, the step 3.4 is returned.
In this embodiment, the heartbeat detection may be implemented to report the status of the slave station:
(1) and (5) data message. Regular data messages or requests responding to the master station can be cracked as heartbeat messages to be approved by the master station.
(2) Special heartbeat messages. If the slave station does not send out a regular data message or does not receive the request of the master station within 5 minutes, the slave station actively initiates a heartbeat message.
From station to master station: data (slave ID, time, status), secret key (master data public key)
The heartbeat detection can also realize the main station detection function:
if the master station does not receive a heartbeat from the slave station within 10 minutes, the master station actively initiates a heartbeat detection to the slave station.
(1) Master to slave: data (Master station unique serial number, time, status detection flag), secret key (slave station data public key)
(2) From station to master station: data (slave ID code, time, status), secret key (master data public key)
Optionally, the method further comprises:
step 4, data communication, which specifically comprises:
step 4.1, the slave station actively transmits data to the master station, and the method specifically comprises the following steps:
step 4.1.1, the slave station encrypts a transmission data message by using a master station data public key and then sends the transmission data message to the master station, wherein the transmission data message comprises a slave station ID, a current sending timestamp and transmission data content;
step 4.1.2, the master station decrypts the transmission data message encrypted in the step 4.1.1 by using a master station data private key to obtain a slave station ID, a current sending timestamp, transmission data content and a current timestamp;
and the master station judges whether the time between the current timestamp and the current sending timestamp is less than x seconds, if so, the transmission data content is obtained, and if not, the step 4.1.1 is returned.
In this embodiment, the slave station actively reports.
(1) And reporting conditions such as periodic reporting or event reporting, abnormal reporting and the like are triggered by rules defined by the slave station.
And (3) the slave station reports to the master station: data (slave ID code, time, data content), key (master data public key)
(2) The slave station responds to the request of the master station:
the master station sends a request to the slave station: data (Master unique serial number, time, request content), secret key (slave data public key)
The slave station responds to the request of the master station: data (slave ID code, time, data content), key (master data public key)
Optionally, the step 4, the data communication, further includes:
step 4.2, the master station requires the slave station to transmit data to the master station, and the method specifically comprises the following steps:
step 4.2.1, the master station encrypts a request data message by using a slave station data public key and then sends the request data message to the slave station, wherein the request data message comprises a master station unique serial number, a current sending timestamp and data request content;
step 4.2.2, the slave station decrypts the request data message encrypted in the step 4.2.1 by using a slave station data private key to obtain a master station unique serial number, a current sending timestamp, data request content and a current timestamp;
the slave station judges whether the time between the current time stamp and the current time stamp is less than x seconds, if so, the slave station obtains the transmission data content after inquiring according to the data request content, and executes the step 4.2.3, otherwise, the slave station does not respond;
4.2.3, the slave station encrypts a data content message by using a master station data public key and then sends the encrypted data content message to the master station, wherein the transmission data message comprises a slave station ID code, a current sending timestamp and transmission data content;
step 4.2.4, the master station decrypts the transmission data message encrypted in the step 4.2.3 by using the master station data private key to obtain a slave station ID code, a current sending timestamp, transmission data content and a current timestamp;
and the master station judges whether the time between the current timestamp and the current sending timestamp is less than x seconds, if so, the transmission data content is obtained, and if not, the step 4.2.1 is returned.
In this embodiment, the master station actively sends the control command, and the master station may actively send the control command to the slave station during the communication process, and receive the feedback signal from the slave station.
Optionally, x is 7.
Optionally, n is 5.
In the embodiment, the uniqueness and the safety reliability of the communication between the master station and the slave station are ensured by giving a unique time information. 1. The master station and the slave station use time information provided by the Beidou or GSM base station as a unified standard. 2. With the unit of seconds as the minimum, if the difference between the time stamp in the received content and the local time stamp is more than 7 seconds (leading or lagging), the communication is considered to be failed. The 7 seconds is used as a configurable parameter and can depend on the time delay of the communication parameter.
Optionally, the master station authentication public key and the master station authentication private key, the slave station authentication public key and the slave station authentication private key, the master station data public key and the master station data private key, and the slave station data public key and the slave station data private key are all generated by an sm2 algorithm.
The invention firstly gives a dynamic time stamp as an information mark in the process of information transmission, and the dynamic time stamp is synchronously sent along with information when information is sent between a master station and a slave station; compared with the traditional encryption technology, the short message encryption communication protocol uses dynamic time for marking, and increases the cracking difficulty.
And secondly, the communication information between the master station and the slave station can be uniquely identified and communicated, dynamic encryption is realized in future encryption technology application, and the reliability is higher.
Moreover, an online heartbeat detection mechanism is utilized to strengthen the management of the master station on the slave stations, and the states of the slave stations are managed by setting two modes of uploading detection messages by the slave stations at regular time and actively sending the detection messages by the master station. The master station can master the condition of the slave station in real time, when the slave station is in a disconnection state due to 'heartbeat stop', the master station can send out a control command or a signal alarm in time, and if the slave station is still in the disconnection state within a limited time, the master station actively adopts a master-slave information interaction plan.
Through the above description of the embodiments, those skilled in the art will clearly understand that the present invention may be implemented by software plus necessary general hardware, and certainly may also be implemented by hardware, but in many cases, the former is a better embodiment. Based on such understanding, the technical solutions of the present invention may be substantially implemented or a part of the technical solutions contributing to the prior art may be embodied in the form of a software product, which is stored in a readable storage medium, such as a floppy disk, a hard disk, or an optical disk of a computer, and includes several instructions for enabling a computer device (which may be a personal computer, a server, or a network device) to execute the methods according to the embodiments of the present invention.
Claims (7)
1. A short message encryption communication method based on dynamic timestamp and national encryption algorithm is used for communication between a master station and a slave station, and is characterized by comprising the following steps:
step 1, equipment authentication, which specifically comprises the following steps:
step 1.1, judging whether the initiating is initiated by a master station or a slave station, if the initiating is initiated by the master station, executing step 1.2, otherwise, executing step 1.3;
step 1.2, the master station requires the slave station to send the slave station data public key, which specifically comprises the following steps:
step 1.2.1, the master station encrypts an authentication public key message of the master station by using an authentication public key of the slave station and then sends the encrypted authentication public key message to the slave station, wherein the authentication public key message comprises a unique serial number of the master station, a current sending timestamp and an authentication public key of the master station;
step 1.2.2, the slave station decrypts the encrypted authentication public key message in the step 1.2.1 by using the slave station authentication private key to obtain the master station unique serial number, the current sending timestamp, the master station authentication public key and the current timestamp;
the slave station judges whether the time between the current time stamp and the current time stamp is less than x seconds, wherein x is a positive integer, if the time is less than x seconds, the step 1.2.3 is executed, otherwise, the step 1.2.1 is returned;
step 1.2.3, the slave station encrypts a slave station data public key message by using the master station authentication public key and then sends the slave station data public key message to the master station, wherein the slave station data public key message comprises a slave station unique serial number, a current sending timestamp and a slave station data public key;
step 1.2.4, the master station decrypts the slave station data public key message encrypted in the step 1.2.3 by using the master station authentication private key to obtain the slave station unique serial number, the current sending time stamp, the slave station data public key and the current time stamp;
the master station judges whether the time between the current timestamp and the current sending timestamp is less than x seconds, if so, the slave station data public key is obtained, otherwise, the step 1.2.1 is returned;
step 1.3, the slave station actively sends the slave station data public key to the master station, and the method specifically comprises the following steps:
step 1.3.1, the slave station encrypts a slave station data public key message by using a master station authentication public key and then sends the slave station data public key message to the master station, wherein the slave station data public key message comprises a slave station unique serial number, a current sending timestamp and a slave station data public key;
step 1.3.2, the master station decrypts the slave station data public key message encrypted in the step 1.3.1 by using the master station authentication private key to obtain the slave station unique serial number, the current sending time stamp, the slave station data public key and the current time stamp;
the master station judges whether the time between the current timestamp and the current sending timestamp is less than x seconds, if so, the slave station data public key is obtained, otherwise, the step 1.3.1 is returned;
step 2, equipment authentication, which specifically comprises:
step 2.1, judging whether the initiating is initiated by the master station or the slave station, if the initiating is initiated by the master station, executing the step 2.2, otherwise, executing the step 2.3;
step 2.2, the master station actively allocates the slave station ID code to the slave station, and the method specifically comprises the following steps:
step 2.2.1, the master station encrypts a master station authentication public key message by using a slave station authentication public key and then sends the master station authentication public key message to the slave station, wherein the master station authentication public key message comprises a master station unique sequence number, the sending time and a master station authentication public key;
step 2.2.2, the slave station decrypts the master station authentication public key message encrypted in the step 2.2.1 by using the slave station authentication private key to obtain a master station unique serial number, a current sending timestamp, a master station authentication public key and a current timestamp;
the slave station judges whether the time between the current timestamp and the current timestamp is less than x seconds, if so, the master station authentication public key is obtained, otherwise, the step 2.2.1 is returned;
step 2.2.3, the slave station encrypts a slave station data public key message by using the master station authentication public key and then sends the slave station data public key message to the master station, wherein the slave station data public key message comprises a slave station unique serial number, a current sending timestamp and a slave station data public key;
step 2.2.4, the master station decrypts the slave station data public key message encrypted in the step 2.2.3 by using the master station authentication private key to obtain the slave station unique serial number, the current sending timestamp, the slave station data public key and the current timestamp;
the master station judges whether the time between the current timestamp and the current sending timestamp is less than x seconds, if so, the slave station data public key is obtained, otherwise, the step 2.2.3 is returned;
step 2.2.5, the master station allocates slave station ID codes to the slave stations according to the unique serial numbers of the slave stations;
the master station encrypts a slave station ID distribution message by using a slave station data public key and then sends the slave station ID distribution message to the slave station, wherein the slave station ID distribution message comprises a slave station ID code, a current sending timestamp and a master station data public key;
step 2.2.6, the slave station decrypts the slave station ID distribution message encrypted in the step 2.2.5 by using a slave station data private key to obtain a slave station ID code, a current transmission timestamp, a master station data public key and a current timestamp;
the slave station judges whether the time between the current time stamp and the current time stamp is less than x seconds, if so, the slave station ID code and the master station data public key are obtained, otherwise, the step 2.2.5 is returned;
step 2.3, the slave station requests to distribute the slave station ID code, and the method specifically comprises the following steps:
step 2.3.1, the slave station encrypts a slave station data public key message by using a master station authentication public key and then sends the slave station data public key message to the master station, wherein the slave station data public key message comprises a slave station unique serial number, a current sending timestamp and a slave station data public key;
step 2.3.2, the master station decrypts the slave station data public key message encrypted in the step 2.3.1 by using the master station authentication private key to obtain the slave station unique serial number, the current sending timestamp, the slave station data public key and the current timestamp;
the master station judges whether the time between the current timestamp and the current sending timestamp is less than x seconds, if so, the slave station data public key is obtained, otherwise, the step 2.3.1 is returned;
step 2.3.3, the master station allocates slave station ID codes to the slave stations according to the unique serial numbers of the slave stations;
the master station encrypts a slave station ID distribution message by using a slave station data public key and then sends the slave station ID distribution message to the slave station, wherein the slave station ID distribution message comprises a slave station ID code, a current sending timestamp and a master station data public key;
step 2.3.4, the slave station decrypts the slave station ID distribution message encrypted in the step 2.3.3 by using a slave station data private key to obtain a slave station ID code, a current transmission timestamp, a master station data public key and a current timestamp;
and the slave station judges whether the time between the current time stamp and the current time stamp is less than x seconds, if so, the master station data public key is obtained, and if not, the step 2.3.4 is returned.
2. The short message encryption communication method based on dynamic timestamp and cryptographic algorithm according to claim 1, wherein said method further comprises:
step 3, heartbeat monitoring, which specifically comprises the following steps:
step 3.1, the slave station encrypts a heartbeat message by using a master station data public key at regular intervals and then sends the heartbeat message to the master station, wherein the heartbeat message comprises a slave station ID code, a current sending timestamp and a slave station state;
3.2, the master station decrypts the heartbeat message encrypted in the step 3.1 by using a master station data private key to obtain a slave station ID code, a current sending timestamp, a slave station state and a current timestamp;
the master station judges whether the time between the current timestamp and the current sending timestamp is less than x seconds, if so, the current communication state is normal, otherwise, the communication is abnormal, and the step 1 is returned;
3.3, the master station detects whether the encrypted heartbeat message is not received within n minutes, wherein n is a positive integer, if the heartbeat message is not received, the master station encrypts a state request message by using a slave station data public key and then sends the state request message to the slave station, and the state request message comprises a master station unique serial number, a current sending timestamp and state request data;
3.4, the slave station decrypts the encrypted state request message in the step 3.3 by using a slave station data private key to obtain a master station unique serial number, a current sending timestamp, state request data and a current timestamp;
and the slave station judges whether the time between the current time stamp and the current time stamp is less than x seconds, if so, the slave station state is obtained after inquiring according to the state request data, the step 3.1 is executed, and if not, the step 3.4 is returned.
3. The short message encryption communication method based on dynamic timestamp and cryptographic algorithm according to claim 2, wherein said method further comprises:
step 4, data communication, which specifically comprises:
step 4.1, the slave station actively transmits data to the master station, and the method specifically comprises the following steps:
step 4.1.1, the slave station encrypts a transmission data message by using a master station data public key and then sends the transmission data message to the master station, wherein the transmission data message comprises a slave station ID code, a current sending timestamp and transmission data content;
step 4.1.2, the master station decrypts the transmission data message encrypted in the step 4.1.1 by using a master station data private key to obtain a slave station ID code, a current sending timestamp, transmission data content and a current timestamp;
and the master station judges whether the time between the current timestamp and the current sending timestamp is less than x seconds, if so, the transmission data content is obtained, and if not, the step 4.1.1 is returned.
4. The short message encryption communication method based on dynamic timestamp and cryptographic algorithm according to claim 3, wherein said step 4, data communication further comprises:
step 4.2, the master station requires the slave station to transmit data to the master station, and the method specifically comprises the following steps:
step 4.2.1, the master station encrypts a request data message by using a slave station data public key and then sends the request data message to the slave station, wherein the request data message comprises a master station unique serial number, a current sending timestamp and data request content;
step 4.2.2, the slave station decrypts the request data message encrypted in the step 4.2.1 by using a slave station data private key to obtain a master station unique serial number, a current sending timestamp, data request content and a current timestamp;
the slave station judges whether the time between the current time stamp and the current time stamp is less than x seconds, if so, the slave station obtains the transmission data content after inquiring according to the data request content, and executes the step 4.2.3, otherwise, the slave station does not respond;
4.2.3, the slave station encrypts a data content message by using a master station data public key and then sends the encrypted data content message to the master station, wherein the transmission data message comprises a slave station ID code, a current sending timestamp and transmission data content;
step 4.2.4, the master station decrypts the transmission data message encrypted in the step 4.2.3 by using the master station data private key to obtain a slave station ID code, a current sending timestamp, transmission data content and a current timestamp;
and the master station judges whether the time between the current timestamp and the current sending timestamp is less than x seconds, if so, the transmission data content is obtained, and if not, the step 4.2.1 is returned.
5. The short message encryption communication method based on dynamic timestamp and cryptographic algorithm according to any of claims 1-4, characterized in that x is 7.
6. The short message encryption communication method based on dynamic timestamp and cryptographic algorithm according to claim 2, wherein n is 5.
7. The short message encryption communication method based on the dynamic timestamp and the national encryption algorithm as claimed in any one of claims 1 to 4, wherein the master station authentication public key and the master station authentication private key, the slave station authentication public key and the slave station authentication private key, the master station data public key and the master station data private key, and the slave station data public key and the slave station data private key are all generated by sm2 algorithm.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110200537.2A CN113015111B (en) | 2021-02-23 | 2021-02-23 | Short message encryption communication method based on dynamic timestamp and national encryption algorithm |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110200537.2A CN113015111B (en) | 2021-02-23 | 2021-02-23 | Short message encryption communication method based on dynamic timestamp and national encryption algorithm |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113015111A CN113015111A (en) | 2021-06-22 |
| CN113015111B true CN113015111B (en) | 2022-03-29 |
Family
ID=76407199
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110200537.2A Active CN113015111B (en) | 2021-02-23 | 2021-02-23 | Short message encryption communication method based on dynamic timestamp and national encryption algorithm |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113015111B (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2000242169A (en) * | 1999-02-18 | 2000-09-08 | Nippon Telegr & Teleph Corp <Ntt> | Method and device for confirming effectiveness of public key certifying card, and recording medium recording effectiveness confirming program for public key certifying card |
| CN109936447A (en) * | 2019-01-31 | 2019-06-25 | 平安科技(深圳)有限公司 | Encryption and authentication method, system and computer equipment based on timestamp |
| CN111431586A (en) * | 2020-04-17 | 2020-07-17 | 中国电子科技集团公司第三十八研究所 | Satellite network safety communication method |
| CN111669219A (en) * | 2020-07-06 | 2020-09-15 | 成都卫士通信息产业股份有限公司 | Beidou short message data transmission method and device, electronic equipment and computer medium |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20140325225A1 (en) * | 2013-04-27 | 2014-10-30 | Quantron Inc. | Self-authenticated method with timestamp |
| US20170148009A1 (en) * | 2015-11-20 | 2017-05-25 | Afirma Consulting & Technologies, S.L. | Dynamic multilayer security for internet mobile-related transactions |
| SG10201600192TA (en) * | 2016-01-11 | 2017-08-30 | Mastercard Asia Pacific Pte Ltd | A Method For Dynamic Authentication Of An Object |
-
2021
- 2021-02-23 CN CN202110200537.2A patent/CN113015111B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2000242169A (en) * | 1999-02-18 | 2000-09-08 | Nippon Telegr & Teleph Corp <Ntt> | Method and device for confirming effectiveness of public key certifying card, and recording medium recording effectiveness confirming program for public key certifying card |
| CN109936447A (en) * | 2019-01-31 | 2019-06-25 | 平安科技(深圳)有限公司 | Encryption and authentication method, system and computer equipment based on timestamp |
| CN111431586A (en) * | 2020-04-17 | 2020-07-17 | 中国电子科技集团公司第三十八研究所 | Satellite network safety communication method |
| CN111669219A (en) * | 2020-07-06 | 2020-09-15 | 成都卫士通信息产业股份有限公司 | Beidou short message data transmission method and device, electronic equipment and computer medium |
Non-Patent Citations (2)
| Title |
|---|
| 基于"北斗"的战场移动装备域间身份认证方法;晏杰等;《电讯技术》;20141228(第12期);全文 * |
| 基于北斗的军事物联网身份认证方案研究;李昊鹏等;《计算机应用研究》;20170721(第08期);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113015111A (en) | 2021-06-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106789015B (en) | Intelligent power distribution network communication safety system | |
| CN102821084B (en) | Method for identifying open platform, open platform and open system | |
| CN103297429A (en) | Embedded upgrading file transmission method | |
| CN103607389A (en) | Remote wireless identity authentication system | |
| CN112152914A (en) | Instant messaging method and system based on Beidou short message | |
| CN110474921A (en) | A kind of perception layer data fidelity method towards local Internet of Things | |
| CN106850669B (en) | Message security transmission method for Internet of things monitoring system | |
| CN114866245A (en) | Block chain-based power data acquisition method and system | |
| CN111049648B (en) | Method for ensuring reliable transmission by actively updating key of MACSec encrypted service data plane | |
| CN109525620B (en) | Message pushing system, method and device | |
| CN102026186B (en) | Service network detection system and method | |
| CN110635894B (en) | Quantum key output method and system based on frame protocol format | |
| CN113015111B (en) | Short message encryption communication method based on dynamic timestamp and national encryption algorithm | |
| CN102045870A (en) | Business processing device and method based on wireless machine-to-machine protocol (WMMP) | |
| CN112350823B (en) | CAN FD communication method between vehicle-mounted controllers | |
| US11856074B2 (en) | Apparatus, system and method for MTC | |
| CN106130874B (en) | enterprise integrated information processing method fusing multiple communication modes | |
| CN112615721B (en) | Access authentication and authority management control flow method of spatial information network based on block chain | |
| CN112434341B (en) | Business tampering-resistant blockchain light node data acquisition method and device | |
| CN110650477B (en) | Interaction method, platform, server and storage medium of NB-IOT equipment | |
| CN109445328B (en) | Method and device for preventing replay attack of instrument control system of nuclear power station | |
| CN112395647A (en) | Block chain light node data acquisition system | |
| CN112087758A (en) | Detection system and method for identifying pseudo base station based on terminal position information | |
| CN111930763A (en) | Network security protection method for encrypted https protocol | |
| KR101019849B1 (en) | System and its method for sharing authentication information |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |