CN113742762A - Data interaction method and device, terminal equipment and storage medium - Google Patents

Data interaction method and device, terminal equipment and storage medium Download PDF

Info

Publication number
CN113742762A
CN113742762A CN202111302902.7A CN202111302902A CN113742762A CN 113742762 A CN113742762 A CN 113742762A CN 202111302902 A CN202111302902 A CN 202111302902A CN 113742762 A CN113742762 A CN 113742762A
Authority
CN
China
Prior art keywords
data
read
command
file
parameter
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202111302902.7A
Other languages
Chinese (zh)
Other versions
CN113742762B (en
Inventor
付青琴
何凡
杨光伦
袁育博
卢昭禹
付英春
陈建英
范高林
刘建奎
杨超彬
姜禹强
张勇
周峰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhongguancun Xinhai Preferred Technology Co ltd
Original Assignee
Zhongguancun Xinhai Preferred Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhongguancun Xinhai Preferred Technology Co ltd filed Critical Zhongguancun Xinhai Preferred Technology Co ltd
Priority to CN202111302902.7A priority Critical patent/CN113742762B/en
Publication of CN113742762A publication Critical patent/CN113742762A/en
Application granted granted Critical
Publication of CN113742762B publication Critical patent/CN113742762B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F7/00Methods or arrangements for processing data by operating upon the order or content of the data handled
    • G06F7/58Random or pseudo-random number generators
    • G06F7/588Random number generators, i.e. based on natural stochastic processes

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Computational Mathematics (AREA)
  • Mathematical Analysis (AREA)
  • Mathematical Optimization (AREA)
  • Pure & Applied Mathematics (AREA)
  • Medical Informatics (AREA)
  • Databases & Information Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a data interaction method, a data interaction device, terminal equipment and a storage medium, wherein the method comprises the following steps: receiving a read instruction sent by a second terminal device, wherein the read instruction comprises a first command head and a data field, the first command head comprises a read instruction, a first parameter and a second parameter, the first parameter is used for indicating an acquisition mode of a file to be read, the second parameter is used for indicating a starting offset address of the file to be read, the data field comprises a random number and a second command head, and the second command head comprises a command to be executed; acquiring data to be read according to the first parameter and the second parameter; acquiring a reading key according to the file attribute of the file to be read; and processing the second command head and the data to be read according to the random number and/or the read key to generate safety data, and sending the safety data to the second terminal equipment to execute corresponding operation. Therefore, the safety and the integrity of the data information can be effectively ensured, and the rapidity and the high efficiency of data information exchange can be effectively improved.

Description

Data interaction method and device, terminal equipment and storage medium
Technical Field
The invention relates to the technical field of power grid information security, in particular to a data interaction method, a data interaction device, terminal equipment and a storage medium.
Background
Generally, a large number of terminal devices need to be deployed in the construction of a power utilization information acquisition system so as to realize the acquisition, exchange and analysis of data information. The electric meter, the electric card and the main station are used as infrastructure of the electricity consumption information acquisition system, and a large amount of data information is often exchanged to complete business operations such as parameter presetting, data copying, recharging, money deduction and the like.
The data interaction among the traditional electric meter, the traditional electric card and the traditional main station is directly read and sent through plaintext, although the method is simple, when illegal personnel carry out malicious attack, the safety and the integrity of data information cannot be guaranteed.
Disclosure of Invention
The present invention is directed to solving, at least to some extent, one of the technical problems in the related art. Therefore, a first objective of the present invention is to provide a data interaction method, which can not only effectively ensure the security and integrity of data information, but also effectively improve the rapidity and efficiency of data information exchange.
A second object of the invention is to propose a computer-readable storage medium.
A third object of the present invention is to provide a terminal device.
The fourth purpose of the invention is to provide a data interaction device.
In order to achieve the above object, an embodiment of a first aspect of the present invention provides a data interaction method, which is applied to a first terminal device, and the method includes: receiving a reading instruction sent by second terminal equipment, wherein the reading instruction comprises a first command head and a data field, the first command head comprises a reading instruction, a first parameter and a second parameter, the first parameter is used for indicating an acquisition mode of a file to be read, a file attribute of the file to be read is used for indicating a reading key, the second parameter is used for indicating a starting offset address of the file to be read, the data field comprises a random number and a second command head, and the second command head comprises a command to be executed corresponding to the data to be read; acquiring a file to be read according to the first parameter, and reading data to be read from the file to be read according to the second parameter; acquiring a reading key according to the file attribute of the file to be read; and processing the second command head and the data to be read according to the random number and/or the read key to generate security data, and sending the security data to the second terminal equipment so that the second terminal equipment can execute corresponding operation on the data to be read according to the command to be executed.
According to the data interaction method of the embodiment of the invention, a first parameter is set in a reading instruction for indicating the acquisition mode of a file to be read, the file attribute of the file to be read is used for indicating a reading key, a second parameter is set for indicating the initial offset address of the file to be read, a random number and a second command head with a command to be executed corresponding to the data to be read are set, after the first terminal equipment receives the reading instruction, the file to be read is acquired according to the first parameter, the data to be read is read from the file to be read according to the second parameter, the reading key is acquired according to the file attribute of the file to be read, the second command head and the data to be read are processed according to the random number and/or the reading key to generate safety data, and the safety data are sent to the second terminal equipment so that the second terminal equipment executes corresponding operation on the data to be read according to the command to be executed, therefore, the safety and the integrity of the data information can be effectively ensured, and the rapidness and the high efficiency of data information exchange can be effectively improved.
According to an embodiment of the present invention, the data field further includes a dispersion factor, and after obtaining the read key according to the file attribute of the file to be read, the method further includes: and performing decentralized processing on the read key according to the decentralized factor.
According to an embodiment of the present invention, before the data to be read is read from the file to be read according to the second parameter, the method further includes: and verifying the second command head, and reading the data to be read from the file to be read according to the second parameter after the verification is passed.
According to an embodiment of the present invention, the second command header further includes a third parameter, where the third parameter is used to indicate a location to be updated of the data to be read, and the verifying the second command header includes: when the command to be executed is determined to be a binary file updating command, if the third parameter is the same as the second parameter, the verification is passed; when the command to be executed is determined to be a command for updating the record file, if the third parameter is a preset parameter, the verification is passed; when the command to be executed is determined not to be the command for updating the binary file and the command for updating the record file, the direct check is passed.
According to an embodiment of the present invention, processing the second command header and the data to be read according to the random number and/or the read key to generate the security data includes: generating an initial check code according to the random number; verifying and calculating the second command head and the data to be read according to the initial verification code and the authentication key in the read key to obtain verification data; and generating safety data according to the data to be read and the verification data.
According to an embodiment of the present invention, processing the second command header and the data to be read according to the random number and/or the read key to generate the security data includes: encrypting the second command head and the data to be read according to an encryption key in the read key to obtain ciphertext data; and generating the safety data according to the ciphertext data.
According to an embodiment of the present invention, processing the second command header and the data to be read according to the random number and/or the read key to generate the security data includes: encrypting the data to be read according to an encryption key in the read key to obtain ciphertext data; generating an initial check code according to the random number; verifying and calculating the second command head and the ciphertext data according to the initial check code and the authentication key in the read key to obtain verification data; and generating the safety data according to the ciphertext data and the check data.
According to one embodiment of the present invention, generating an initial check code from a random number includes: when a DES algorithm is adopted for checking calculation to obtain checking data, multi-byte bit complementing is carried out on the random number to generate an initial checking code; when the check calculation is carried out by adopting the cryptographic algorithm to obtain the check data, multi-byte bit complementing is carried out on the random number to obtain a bit complementing random number, then the bit complementing random number is inverted, and the initial check code is generated according to the bit complementing random number before inversion and the bit complementing random number after inversion.
According to one embodiment of the invention, the first terminal device is an electricity meter, and the second terminal device is an electricity card; or the first terminal equipment is an electric card, and the second terminal equipment is an electric meter; or the first terminal equipment is an ammeter, and the second terminal equipment is a master station.
In order to achieve the above object, a second aspect of the present invention provides a computer-readable storage medium, on which a data interaction program is stored, and the data interaction program, when executed by a processor, implements the foregoing data interaction method.
According to the computer-readable storage medium of the embodiment of the invention, through the data interaction method, not only can the safety and the integrity of the data information be effectively ensured, but also the rapidity and the high efficiency of data information exchange can be effectively improved.
In order to achieve the above object, a third embodiment of the present invention provides a terminal device, including: the data interaction method comprises a memory, a processor and a data interaction program which is stored on the memory and can run on the processor, wherein when the processor executes the program, the data interaction method is realized.
According to the terminal equipment provided by the embodiment of the invention, through the data interaction method, the safety and the integrity of the data information can be effectively ensured, and the rapidness and the high efficiency of data information exchange can be effectively improved.
In order to achieve the above object, a fourth aspect of the present invention provides a data interaction apparatus, applied to a first terminal device, including: the receiving module is used for receiving a reading instruction sent by a second terminal device, the reading instruction comprises a first command head and a data field, the first command head comprises a reading instruction, a first parameter and a second parameter, the first parameter is used for indicating an acquisition mode of a file to be read, a file attribute of the file to be read is used for indicating a reading key, the second parameter is used for indicating a starting offset address of the file to be read, the data field comprises a random number and a second command head, and the second command head comprises a command to be executed corresponding to the data to be read; the data acquisition module is used for acquiring a file to be read according to the first parameter and reading data to be read from the file to be read according to the second parameter; the key acquisition module is used for acquiring a read key according to the file attribute of the file to be read; and the generating module is used for processing the second command head and the data to be read according to the random number and/or the read key to generate safety data and sending the safety data to the second terminal equipment so that the second terminal equipment can execute corresponding operation on the data to be read according to the command to be executed.
According to the data interaction device of the embodiment of the invention, a first parameter is set in a reading instruction for indicating the acquisition mode of a file to be read, the file attribute of the file to be read is used for indicating a reading key, a second parameter is set for indicating the initial offset address of the file to be read, a random number and a second command head with a command to be executed corresponding to the data to be read are set, after the first terminal device receives the reading instruction, the file to be read is acquired according to the first parameter, the data to be read is read from the file to be read according to the second parameter, the reading key is acquired according to the file attribute of the file to be read, the second command head and the data to be read are processed according to the random number and/or the reading key to generate safety data, and the safety data are sent to the second terminal device so that the second terminal device executes corresponding operation on the data to be read according to the command to be executed, therefore, the safety and the integrity of the data information can be effectively ensured, and the rapidness and the high efficiency of data information exchange can be effectively improved.
Additional aspects and advantages of the invention will be set forth in part in the description which follows and, in part, will be obvious from the description, or may be learned by practice of the invention.
Drawings
FIG. 1 is a diagram of an application scenario of a data interaction method according to an embodiment of the present invention;
FIG. 2 is a flow diagram of a data interaction method according to one embodiment of the invention;
FIG. 3 is a flow diagram of a data interaction method according to a specific example of the present invention;
FIG. 4 is a block diagram of a data interaction device according to an embodiment of the present invention.
Detailed Description
Reference will now be made in detail to embodiments of the present invention, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to the same or similar elements or elements having the same or similar function throughout. The embodiments described below with reference to the drawings are illustrative and intended to be illustrative of the invention and are not to be construed as limiting the invention.
The data interaction method provided by the application can be applied to the application environment shown in fig. 1. The first terminal equipment can communicate with the second terminal equipment in a wired mode or a wireless mode to receive a reading instruction sent by the second terminal equipment, the reading instruction comprises a first command head and a data field, the first command head comprises a reading command, a first parameter and a second parameter, the first parameter is used for indicating the obtaining mode of a file to be read, the file attribute of the file to be read is used for indicating a reading key, the second parameter is used for indicating the initial offset address of the file to be read, the data field comprises a random number and a second command head, the second command head comprises a command to be executed corresponding to the data to be read, after receiving the reading instruction, the first terminal equipment obtains the file to be read according to the first parameter, reads the data to be read from the file to be read according to the second parameter, obtains the reading key according to the file attribute of the file to be read, processes the second command head and the data to be read according to the random number and/or the reading key to generate safety data And sending the security data to the second terminal equipment so that the second terminal equipment can execute corresponding operation on the data to be read according to the command to be executed. Therefore, the safety and the integrity of the data information can be ensured, and the rapidness and the efficiency of data interaction can be improved.
In some embodiments, as shown in fig. 2, a data interaction method is provided, which is described by taking the method as an example applied to the first terminal device in fig. 1, and may include the following steps:
step S101, receiving a read instruction sent by a second terminal device, where the read instruction includes a first command header and a data field, the first command header includes a read instruction, a first parameter and a second parameter, the first parameter is used to indicate an acquisition mode of a file to be read, a file attribute of the file to be read is used to indicate a read key, the second parameter is used to indicate a start offset address of the file to be read, the data field includes a random number and a second command header, and the second command header includes a command to be executed corresponding to the data to be read.
Specifically, when the second terminal device needs to read data from the first terminal device and complete the related execution command, the obtaining mode of the file to be read, the reading position of the data to be read, the random number, the command to be executed, and the like can be given in the read command, so that the second terminal device can safely read the data to be read from the first terminal device based on the read command and update the data to be read to the second terminal device according to the related execution command, thereby completing the safe and efficient exchange of data.
As a specific example, the read instruction may take the command format shown in Table 1:
TABLE 1
Figure 360119DEST_PATH_IMAGE001
In table 1, the first command header includes CLA, INS, P1, P2, and Lc, where CLA is a command type, represented by 1 byte, and its value may be "00" or "04", which indicates that the packet is a command packet; the INS is a command code in the command category, represented by 1 byte, and may have a value of "B0," indicating that the message is used for data reading, i.e., a read command; p1 is a first parameter, used to indicate the acquisition mode of a File to be read, represented by 1 byte, and its value may be "100 xxxxx" (binary), where b8 bit is "1", which indicates that an SFI (Short File Identifier) mode is used to acquire the File to be read, b7 and b6 bits are both reserved bits and may be set to "0", b5 to b1 bits indicate a Short File Identifier corresponding to the File to be read, and the File attribute of the File to be read is used to indicate a read key, which may include an encryption key and/or an authentication key, and the File attribute may also be used to indicate the read attribute of the File to be read, which may be any one of plaintext, plaintext check, ciphertext, and ciphertext check; p2 is a second parameter, which is used to indicate the starting offset address of the file to be read, and is represented by 1 byte; lc represents the length of the DATA field DATA in the read command.
The DATA field DATA may include the second command header, or the second command header and the dispersion factor, or the second command header, the random number, and the dispersion factor, and may specifically be determined according to a DATA manner expected to be returned, where if the DATA manner expected to be returned is a plaintext manner, the DATA field DATA may include the second command header, the type of the DATA expected to be returned is a ciphertext manner, the DATA field DATA may include the second command header and the dispersion factor, and if the DATA manner expected to be returned is a check manner, the DATA field DATA may include the second command header, the random number, and the dispersion factor. The second command header is used for combining with the data to be read to form a new command message and returning the new command message to the second terminal device after the first terminal device obtains the data to be read, so that the second terminal device can execute relevant operations on the data to be read according to the second command header, such as operations of adding money, subtracting money, updating a binary file, updating a record file and the like. The second command header may be a 5-byte command header, including CLA _1, INS _1, P1_1, P2_1, and Lc _1, where CLA _1 is a command class and is represented by 1 byte, and its value may be "00" or "04", which indicates that the new packet formed by the second command header is a command packet; INS _1 is a command code in a command category, is used to indicate a command to be executed corresponding to data to be read, is represented by 1 byte, and has a value of "D6" or "DC", where "D6" indicates that the command to be executed is a command for updating a binary file by using the data to be read, and "DC" indicates that the command to be executed is a command for updating a record file by using the data to be read, and may also be other commands to be executed, such as a parameter setting command, a recharge command, a debit command, and the like, and may be flexibly set according to actual requirements; p1_1 is a fourth parameter for indicating the obtaining manner of the file to be updated, and the setting manner can be the same as the first parameter P1; p2_1 is a third parameter for indicating the start offset address or record number of the file to be updated, which is represented by 1 byte; lc _1 indicates the length of the data field of the new packet formed by the second command header. The dispersion factor may be discrete data, which is used to perform decentralized processing on the acquired read key, and the dispersion factor may be an option and may be specifically determined according to a security level of data interaction, for example, when the security level is lower, the dispersion factor may not be set, when the security level is higher, the dispersion factor may be set, and the higher the security level is, the higher the dispersion level number of the dispersion factor is. The random number may be a 4-byte random number, etc., and may be generated by the first terminal device or the second terminal device for calculating the initial check code during the subsequent check calculation.
Le represents the expected returned byte number, which is related to the expected returned data mode, and the expected returned data mode needs to be consistent with the read attribute (not described in this application) of the file to be read.
And S102, acquiring a file to be read according to the first parameter, and reading data to be read from the file to be read according to the second parameter.
Specifically, when the first terminal device executes the read instruction, the corresponding file to be read may be obtained according to the first parameter P1. Taking table 1 as an example, when the first parameter P1 is "81", it indicates that the SFI manner is adopted to obtain the file to be read with the short file identifier of 00001; when the first parameter P1 is "82", it indicates that the SFI mode is adopted to obtain the file to be read with the short file identifier of 00002; and so on. And then, reading the data to be read from the file to be read according to the second parameter P2. Taking table 1 as an example, when the second parameter P2 is "00", it indicates that the start offset address of the file to be read is "00", and the first terminal device will read the data to be read from "00"; when the second parameter P2 is "02", it indicates that the start offset address of the file to be read is "02", and the first terminal device will read the data to be read from "02"; and so on.
In some embodiments, before reading the data to be read from the file to be read according to the second parameter, the method further includes: and verifying the second command head, and reading the data to be read from the file to be read according to the second parameter after the verification is passed.
Optionally, the second command header further includes a third parameter, where the third parameter is used to indicate a location to be updated of the data to be read, for example, to indicate a start offset address or a record number of a file to be updated, and the verifying of the second command header includes: when the command to be executed is determined to be a binary file updating command, if the third parameter is the same as the second parameter, the verification is passed; when the command to be executed is determined to be an update recording command, if the third parameter is a preset parameter, the verification is passed; when the command to be executed is determined not to be the command for updating the binary file and the command for updating the record file, the direct check is passed.
Specifically, taking the second command header in table 1 as an example, when the to-be-executed command corresponding to the command code INS _1 is "D6", it indicates that the to-be-executed command is an update binary file command, at this time, it is determined whether the third parameter P2_1 in the second command header is consistent with the second parameter P2 in the first command header, that is, it is determined whether the start offset address corresponding to the third parameter P2_1 is consistent with the start offset address corresponding to the second parameter P2, if so, the check is passed, otherwise, the check is not passed; when the command to be executed corresponding to the command code INS _1 is "DC", it indicates that the command to be executed is a command to update the record file, and at this time, it is determined whether the third parameter P2_1 is a preset parameter, such as "0C" or "04", where the preset parameter is used to indicate that the file to be updated is accessed in a record number manner, if so, the verification is passed, otherwise, the verification is not passed; when the command to be executed corresponding to the command code INS _1 is neither "D6" nor "DC", the direct check is passed, that is, the second command header is not checked, and the correctness of execution is ensured by the application process.
Step S103, a reading key is obtained according to the file attribute of the file to be read.
Specifically, after the file to be read is obtained, the read key may be obtained based on the file attribute of the file to be read.
In some embodiments, the data field further includes a dispersion factor, and after obtaining the read key according to the file attribute of the file to be read, the method further includes: and performing decentralized processing on the read key according to the decentralized factor. For example, when the security level requirement of the DATA interaction is high, the DATA field DATA in table 1 includes a scattering factor, and the first terminal device further performs scattering processing on the read key after obtaining the read key according to the first parameter P1, so as to improve the security of the DATA interaction.
And step S104, processing the second command head and the data to be read according to the random number and/or the read key to generate safety data, and sending the safety data to the second terminal equipment so that the second terminal equipment can execute corresponding operation on the data to be read according to the command to be executed.
Specifically, after the random number, the read key, the data to be read, and the second command header are obtained, the second command header and the data to be read may be processed according to a data mode expected to be returned to generate secure data, such as plaintext check data, ciphertext data, and ciphertext check data.
As a first example, processing the second command header and the data to be read according to the random number and/or the read key to generate the secure data includes: generating an initial check code according to the random number; verifying and calculating the second command head and the data to be read according to the initial verification code and the authentication key in the read key to obtain verification data; and generating safety data according to the data to be read and the verification data. Namely, the second command header and the data to be read are processed according to the random number and the authentication key to generate plaintext check data.
Optionally, in some examples, generating the initial check code according to the random number includes: when the DES algorithm is adopted to carry out check calculation to obtain check data, multi-byte complementary bits are carried out on the random number to generate an initial check code. For example, the lower bits of the 4-byte random number are complemented by 4-byte "00" to generate an 8-byte initial check code.
In other examples, generating the initial check code from the random number includes: when the check calculation is carried out by adopting the cryptographic algorithm to obtain the check data, multi-byte bit complementing is carried out on the random number to obtain a bit complementing random number, then the bit complementing random number is inverted, and the initial check code is generated according to the bit complementing random number before inversion and the bit complementing random number after inversion. For example, when performing the check calculation using the cryptographic algorithm SM1 to obtain the check data, the low order of the 4 bytes random number is supplemented with "00" of the 4 bytes to form an 8-byte random number (which may be called a complementary random number), then the 8-byte random number is inverted, and the 8-byte random numbers before and after the inversion are combined to generate an initial check code of 16 bytes.
As a second example, processing the second command header and the data to be read according to the random number and/or the read key to generate the secure data includes: encrypting the second command head and the data to be read according to an encryption key in the read key to obtain ciphertext data; and generating the safety data according to the ciphertext data. Namely, the second command header and the data to be read are processed according to the encryption key to generate ciphertext data.
As a third example, processing the second command header and the data to be read according to the random number and/or the read key to generate the secure data includes: encrypting the data to be read according to an encryption key in the read key to obtain ciphertext data; generating an initial check code according to the random number; verifying and calculating the second command head and the ciphertext data according to the initial check code and the authentication key in the read key to obtain verification data; and generating the safety data according to the ciphertext data and the check data. Namely, the second command head and the data to be read are processed according to the random number, the authentication key and the encryption key to generate ciphertext check data.
It should be noted that, under the condition that the security requirement is extremely low, the secure data is plaintext data, and includes the second command header and data to be read.
And after receiving the security data, the second terminal equipment acquires data to be read in the security data and executes corresponding operations, such as updating a binary file, updating a record file, recharging, deducting and the like, on the data to be read according to the command to be executed.
Further, as a specific example, referring to fig. 3, the data interaction method may include the following steps:
in step S201, execution of a read instruction begins.
Specifically, after receiving a read instruction sent by the second terminal device, the first terminal device starts to execute the read instruction.
Step S202, the CLA, P1, P2 and Lc states are checked, and the file specified by P1 is opened successfully in the SFI mode. If so, step S204 is executed, otherwise step S203 is executed.
Specifically, when executing the read instruction, the first terminal device first checks the command class CLA in the first command header, the first parameter P1, the second parameter P2, and the length Lc of the DATA field DATA in the read instruction, opens the specified file to be read according to the SFI manner specified by the first parameter P1, and if the opening is successful, performs step S204, otherwise performs step S203.
Step S203 returns to the error state.
Specifically, the first terminal device returns an error state that the file to be read cannot be opened to the second terminal device.
Step S204, judging whether the data field has dispersion factors. If so, step S207 is performed, otherwise step S205 is performed.
Specifically, the first terminal device determines whether there is a dispersion factor in the DATA field DATA of the read command, and if so, performs step S207, and if not, performs step S205.
In step S205, the encryption key and the authentication key specified by the P1 specified file are successfully acquired. If so, step S209 is performed, otherwise step S206 is performed.
Specifically, when the dispersion factor does not exist in the DATA field DATA, the first terminal device obtains the corresponding read key, such as the encryption key and the authentication key, directly from the file attribute of the file specified by the first parameter P1 for the subsequent calculation of the security DATA. If the acquisition is successful, step S209 is executed, otherwise step S206 is executed.
In step S206, an error state is returned.
Specifically, the first terminal device returns an error state of the read key acquisition failure to the second terminal device.
Step S207, the encryption key and the authentication key are successfully calculated by the dispersion factor. If so, step S209 is performed, otherwise step S208 is performed.
Specifically, when the dispersion factor exists in the DATA field DATA, the first terminal device first obtains a corresponding read key, such as an encryption key and an authentication key, from the file attribute of the file specified by the first parameter P1, and performs a dispersion process on the encryption key and the authentication key by using the dispersion factor to obtain the encryption key and the authentication key after the dispersion process, which are used for subsequent calculation of the security DATA. If the calculation is successful, step S209 is executed, otherwise step S208 is executed.
In step S208, the error state is returned.
Specifically, the first terminal device returns an error state of a failure in the calculation of the read key to the second terminal device.
Step S209, INS _1 is D6, P2_1= = P2; or INS _1 is DC, P2_1= =0C or 04. If yes, go to step S211, otherwise go to step S210.
Specifically, the first terminal device checks the second command header, wherein when the command to be executed corresponding to the command code INS _1 in the second command header is "D6", it is determined whether the third parameter P2_1 in the second command header is consistent with the second parameter P2 in the first command header, if so, step S211 is executed, and if not, step S210 is executed; when the command to be executed corresponding to the command code INS _1 in the second command header is "DC", determining whether the third parameter P2_1 in the second command header is "0C" or "04", if so, executing step S211, and if not, executing step S210; when the command to be executed corresponding to the command code INS _1 in the second command header is neither "D6" nor "DC", step S210 is directly performed.
Step S210 returns to the error state.
Specifically, the first terminal device returns an error state of the second command header check failure to the second terminal device.
Step S211, obtaining data to be read, and calculating security data according to the random number, the encryption key, the authentication key, the second command header, and the data to be read.
Specifically, the first terminal device obtains the data to be read according to the second parameter P2, and calculates the security data according to the random number, the encryption key, the authentication key, the second command header, and the data to be read based on the read attribute of the file to be read. For example, when the reading attribute is plaintext, plaintext data is directly generated according to the second command header and the data to be read; when the reading attribute is plaintext check (namely plaintext MAC), processing the second command head and the data to be read according to the random number and the authentication key to generate plaintext check data (namely plaintext MAC data); when the reading attribute is a ciphertext, processing the second command head and the data to be read according to the encryption key to generate ciphertext data; and when the reading attribute is ciphertext verification, processing the second command head and the data to be read according to the random number, the authentication key and the encryption key to generate ciphertext verification data (namely ciphertext MAC data).
In step S212, it is determined whether the calculation is successful. If so, step S214 is performed, otherwise step S213 is performed.
Specifically, the first terminal device performs step S214 after obtaining the security data by calculation, and otherwise performs step S213.
In step S213, an error state is returned.
Specifically, the first terminal device returns an error state of the security data calculation failure to the second terminal device.
Step S214, the safety data is returned according to the reading attribute.
Specifically, the first terminal device returns the calculated security data to the second terminal device according to the read attribute, so that the second terminal device processes the data to be read according to the command to be executed in the security data.
In step S215, the execution of the read instruction ends.
In order to facilitate a clearer understanding of the present application by those skilled in the art, the following description is given by way of example.
As a first example, an SFI mode is used to obtain a file to be read, a command to be executed is a command to update a binary file, a data field includes a dispersion factor, and security data expected to be returned is ciphertext check data.
When the second terminal device needs to read data from the first terminal device and update the binary file, a read instruction may be generated based on table 1, where the read instruction is: 04B 08201111122334404D 6850114556677889900 AABB, and sends to the first terminal device.
After receiving the read instruction, the first terminal device obtains a file with a short file identifier of 02 in an SFI manner according to a first parameter P1 "82" in a first command header "04B 0820111", and obtains an encryption key Ke and an authentication key Kmac according to file attributes of the file. Next, when the first terminal device acquires that the command code INS _1 in the second command header "04D 6850114" is "D6", and at this time, the first terminal device determines whether the third parameter P2_1 "01" in the second command header is consistent with the second parameter P2 "01" in the first command header, in this example, the third parameter is consistent with the second parameter P2_1 "01", and the first terminal device starts reading the Data to be read from the start offset address "01" of the file according to the second parameter P2 "01". Next, the first terminal device acquires that the dispersion factor "556677889900 AABB" exists in the data field, and the first terminal device performs dispersion processing on the encryption key Ke and the authentication key Kmac in sequence by using the dispersion factor to obtain the encryption key Ke 'and the authentication key Kmac' that are actually used. Then, the first terminal device encrypts the Data to be read by using the encryption key Ke 'to obtain ciphertext Data Edata, generates an initial check code (also called an initial vector) IV according to the random number "11223344", and performs check calculation (i.e. MAC calculation, such as performing MAC calculation by using an EDS algorithm or a national cryptographic algorithm) on the second command header and the ciphertext Data Edata by using the initial check code IV and the authentication key Kmac' to obtain check Data. And finally, the first terminal equipment combines the ciphertext data Edata with the check data to obtain ciphertext check data, and the ciphertext check data are returned to the second terminal equipment.
After receiving the ciphertext verification data, the second terminal device verifies and decrypts the ciphertext verification data to obtain data to be read and a second command header, and updates the data to be read into a binary file according to a command code INS _1 'D6' in the second command header, so that the data of the first terminal device is safely read and synchronized to the second terminal device.
As a second example, an SFI manner is adopted to obtain a file to be read, a command to be executed is a command to update a binary file, a data field includes a dispersion factor, and security data expected to be returned is ciphertext check data.
When the second terminal device needs to read data from the first terminal device and update the binary file, a read instruction may be generated based on table 1, where the read instruction is: 04B 08201111122334404D 6850314556677889900 AABB, and sends to the first terminal device.
After receiving the read instruction, the first terminal device obtains a file with a short file identifier of 02 in an SFI manner according to a first parameter P1 "82" in a first command header "04B 0820111", and obtains an encryption key Ke and an authentication key Kmac according to file attributes of the file. Next, when the first terminal device acquires that the command code INS _1 in the second command header "04D 6850314" is "D6", the first terminal device determines whether the third parameter P2_1 "03" in the second command header is consistent with the second parameter P2 "01" in the first command header, in this example, the third parameter P2_1 "03" in the second command header is inconsistent with the second parameter P2 "01", and at this time, the first terminal device returns an error status to the second terminal device.
As a third example, an SFI manner is adopted to obtain a file to be read, a command to be executed is an update recording command, a data field does not include a dispersion factor, and security data expected to be returned is plaintext check data.
When the second terminal device needs to read data from the first terminal device and update the record file, a read instruction may be generated based on table 1, where the read instruction is: 04B 08300091122334404 DC010C08, and transmits to the first terminal device.
After receiving the read instruction, the first terminal device obtains the file with the short file identifier 03 in an SFI manner according to the first parameter P1 "83" in the first command header "04B 0830009", and obtains the authentication key Kmac according to the file attribute of the file. Next, the first terminal device acquires that the command code INS _1 in the second command header "04 DC010C 08" is "DC", at this time, the first terminal device determines whether the third parameter P2_1 in the second command header is "0C" or "04", in this example, the third parameter P2_1 is "0C", the verification passes, and at this time, the first terminal device starts to read 4 bytes of Data to be read from the start offset address "00" of the file according to the second parameter P2 "00". Then, the first terminal device generates an initial check code IV according to the random number "11223344", and performs a check calculation on the second command header and the Data to be read by using the initial check code IV and the authentication key Kmac to obtain check Data. And finally, the first terminal equipment combines the Data to be read with the verification Data to obtain plaintext verification Data and returns the plaintext verification Data to the second terminal equipment.
And after receiving the plaintext verification data, the second terminal equipment verifies the plaintext verification data, obtains data to be read and a second command head after the plaintext verification is passed, and updates the data to be read into the recording file according to a command code INS _1 'DC' in the second command head, so that the data of the first terminal equipment is safely read and synchronized into the second terminal equipment.
As a fourth example, an SFI manner is adopted to obtain a file to be read, a command to be executed is an update recording command, a data field does not include a dispersion factor, and security data expected to be returned is plaintext check data.
When the second terminal device needs to read data from the first terminal device and update the record file, a read instruction may be generated based on table 1, where the read instruction is: 04B 08300111122334404 DC010508, and sends to the first terminal device.
After receiving the read instruction, the first terminal device obtains the file with the short file identifier 03 in an SFI manner according to the first parameter P1 "83" in the first command header "04B 0830011", and obtains the authentication key Kmac according to the file attribute of the file. Next, when the first terminal device acquires that the command code INS _1 in the second command header "04 DC 010508" is "DC", the first terminal device determines whether the third parameter P2_1 in the second command header is "0C" or "04", in this example, the third parameter P2_1 is "05", the check is not passed, and at this time, the first terminal device returns an error state to the second terminal device.
It should be noted that, for other situations, they are not listed here.
In the above embodiment, by setting the first parameter for indicating the acquisition mode of the file to be read and the second parameter for acquiring the data to be read in the read instruction, and indicating the read key according to the file attribute of the file to be read, and setting the random number in the read instruction, the first terminal device directly performs security processing on the data to be read according to the read key and/or the random number and then returns the data to the second terminal device after acquiring the data to be read, so that the data to be read is not required to be acquired by first sending an instruction, and then the data to be read is encrypted or verified by sending an instruction to obtain returned security data, but the data to be read can be safely read from the first terminal device to the second terminal device by an instruction, thereby realizing secure, complete, fast and efficient data information exchange; meanwhile, a second command head corresponding to the data to be read is arranged in the read instruction, so that after the data to be read is obtained by the first terminal device, a new instruction is generated by combining the data to be read with the second command head and returned to the second terminal device, the second terminal device directly performs corresponding operation on the data to be read according to the second command head, execution of the corresponding command is completed, services such as parameter presetting, data copying, recharging, deduction, data updating and the like are realized, the data reading and data operation can be associated through the second command head, a new verification matching mode or process is not required to be added to ensure that the data reading is consistent with the data operation, rapid and efficient data information exchange is realized, various interactive commands can be expanded, and the flexibility is high. In addition, when the security data is generated and returned, any one of plaintext data, plaintext verification data, ciphertext data and ciphertext verification data can be selectively generated and returned based on the reading attribute of the file to be read, the returning mode is various, and the requirements of different security levels can be met.
It should be noted that the data interaction method can be applied to a power consumption information acquisition system of a power grid, and specifically can be applied to an electric meter, an electric card and a master station, so as to realize rapid and efficient data exchange, information synchronization and the like among the electric meter, the electric card and the master station, and ensure the safety and integrity of data information. For example, the first terminal device is an electric card, the second terminal device is an electric meter, and data can be read from the electric card and updated to the electric meter through a data interaction method; or the first terminal device is an ammeter, the second terminal device is an electricity card, and data can be read from the ammeter and updated into the electricity card through a data interaction method; or the first terminal device is an electric meter, the second terminal device is a master station, and at the moment, reading data from the electric meter and updating the data into the master station can be realized through a data interaction method, such as the master station copying back the electric meter data.
As a first example, when the first terminal device is an electric card and the second terminal device is an electric meter, and when data is read from the electric card and updated into the electric meter by a data interaction method, a random number may be generated by the electric meter for subsequent initial check code calculation; the electric card executes the reading instruction to obtain data to be read and generates return data to the electric meter; the ammeter executes corresponding commands according to the data to be read, the data updating is completed, and the synchronization of the data information of the ammeter and the data card is guaranteed.
For example, the electricity meter executes the random number generation instruction "0084000004" to obtain the 4-byte random number Rand 4.
The electric card executes a reading instruction "04B 0810009+ Rand4+8432010C 0C", wherein a file with a short file identifier of 01 is obtained in an SFI mode according to a first parameter P1 "81" of a first command header, an authentication key is obtained according to file attributes of the file, DATA to be read is read from the file to be read from a starting offset address "00" indicated by a second parameter P2, a command to be executed corresponding to a command code INS _1 of a second command header is a recharging command, the electric card obtains an amount DATA1 to be recharged through the reading instruction, verifies and calculates the DATA amount DATA1 and the second command header "8432010C 0C" according to a random number Rand4 and the authentication key to generate verification DATA MAC1, and returns the amount DATA1 and the verification DATA MAC1 to the electric meter.
And the electric meter executes a recharging command according to the returned amount DATA1 and the check DATA MAC1, namely recharging according to 8432010C0C + DATA1+ MAC1, and updating the new balance and the transaction amount after recharging to the electric card.
The electric card executes a reading instruction "04B 0820209+ Rand4+04D68502 ″, wherein a file with a short file identifier of 02 is obtained in an SFI mode according to a first parameter P1" 82 "of the first command header, an authentication key is obtained according to file attributes of the file, the DATA to be read is read from the file to be read from a starting offset address" 02 "indicated by a second parameter P2, a command to be executed corresponding to a command code INS _1 of the second command header is a binary file updating command, the electric card obtains the DATA to be read as binary file DATA2 to be updated through the reading instruction, the DATA2 and the second command header" 04D68502 "are verified and calculated according to a random number Rand4 and the authentication key to generate verification DATA MAC2, and the DATA2 and the verification DATA MAC2 are returned to the electric meter.
The electricity meter executes the binary file update command, i.e., "04D 68502 × + DATA2+ MAC 2" for binary file update, based on the returned DATA2 and the check DATA MAC 2.
Therefore, by specifying the starting address of the read data in the first command header and writing the second command header to be used for executing the command in the data field, the data information can be safely read from the electric card, and the data can be updated to the electric meter by the relevant execution command, thereby completing the safe and efficient exchange of the data.
As a second example, when the first terminal device is an electric meter and the second terminal device is an electric card, when data is read from the electric meter and updated into the electric card by a data interaction method, a random number may be generated by the electric meter for subsequent initial check code calculation; the ammeter executes the reading instruction to obtain data to be read and generates return data to the electric card; the electric card executes corresponding commands according to the data to be read, the data updating is completed, and the synchronization of the data information of the electric meter and the electric card is ensured.
For example, the electricity meter executes the random number generation instruction "0084000004" to obtain the 4-byte random number Rand 4.
The electric meter executes a reading instruction "04B 0830311+ Rand4+04D68603 + dispersion factor", wherein a file with a short file identifier 03 is obtained in an SFI manner according to a first parameter P1 "83" of a first command header, an authentication key is obtained according to file attributes of the file, dispersion processing is performed through the dispersion factor, the DATA to be read is read from the file to be read from a starting offset address "03" indicated by a second parameter P2, a command to be executed corresponding to a command code INS _1 of a second command header is a binary file updating command, the electric meter obtains the DATA to be read as DATA3 of the binary file to be updated through the reading instruction, verification calculation is performed on the DATA3 and the second command header "04D 03" according to a random number Rand4 and the dispersed authentication key, verification DATA MAC3 is generated, and the DATA 686 3 and the DATA MAC3 are returned to the electric card.
The electric card executes the binary file updating command according to the returned DATA3 and the check DATA MAC3, namely, performs binary file updating according to "04D 68603 × + DATA3+ MAC 3".
The electric meter executes a reading command '04B 0840009+ Rand4+04DC010C 08', wherein a file with a short file identifier of 04 is obtained in an SFI mode according to a first parameter P1 '84' of a first command header, an authentication key is obtained according to file attributes of the file, DATA to be read is read from the file to be read from a starting offset address '00' indicated by a second parameter P2, a command to be executed corresponding to a command code INS _1 of a second command header is a record file updating command, the electric meter obtains DATA4 of the record file to be read through the reading command, the DATA DATA4 and the second command header '04 DC010C 08' are verified and calculated according to a random number Rand4 and the authentication key to generate verification DATA MAC4, and the DATA DATA4 and the verification DATA MAC4 are returned to the electric card.
The electric card executes an update record file command according to the returned DATA4 and the check DATA MAC4, i.e., performs record file update according to "04 DC010C08+ DATA4+ MAC 4".
Thus, the start address of the read data is specified in the first command header, the command header for executing the command is written in the data field, the data information is safely read from the electric meter, and the data is updated to the electric card with the relevant execution command, thereby completing the safe and efficient exchange of the data.
As a third example, when the first terminal device is an electric meter and the second terminal device is a master station, and the master station copies back electric meter data through a data interaction method, the electric meter can generate a random number for subsequent initial check code calculation; the ammeter executes the reading instruction to obtain data to be read and generates return data to the master station; and the master station calls the remote dynamic library according to the data to be read, checks the data, and after the check is passed, the master station indicates that the data of the electric meter is copied back successfully, so that the synchronization of the data information of the electric meter and the master station is ensured.
For example, the electricity meter executes the random number generation instruction "0084000004" to obtain the 4-byte random number Rand 4.
The electric meter executes a reading instruction "04B 0870511+ Rand4+04D68805 + dispersion factor", wherein a file with a short file identifier of 07 is obtained in an SFI manner according to a first parameter P1 "87" of a first command head, an authentication key is obtained according to file attributes of the file, the to-be-read DATA is read from the file to be read by dispersion factor dispersion processing and started from a starting offset address "05" indicated by a second parameter P2, a to-be-executed command corresponding to a command code INS _1 of a second command head is a binary file updating command, the electric meter obtains the to-be-read DATA as DATA5 of the binary file to be updated by the reading instruction, and performs verification calculation on the DATA5 and the second command head "04D 68805" according to a random number Rand4 and the dispersed authentication key to generate verification DATA MAC5, and returns the DATA5 and the verification DATA MAC5 to the master station.
And the master station performs MAC verification according to the returned DATA DATA5 and the verification DATA MAC5, and if the verification is successful, the meter DATA is copied back successfully.
Therefore, the master station can copy back the data returned by the electric meter, and can update the data after the data passes verification, so that the data information of the electric meter can be synchronized.
In summary, according to the data interaction method of the embodiment of the present invention, by setting a first parameter in a read instruction for indicating an obtaining manner of a to-be-read file, and a file attribute of the to-be-read file for indicating a read key, and setting a second parameter for indicating a start offset address of the to-be-read file, and setting a random number and a second command header having a to-be-executed command corresponding to the to-be-read data, and after receiving the read instruction, a first terminal device obtains the to-be-read file according to the first parameter, reads the to-be-read data from the to-be-read file according to the second parameter, and obtains the read key according to the file attribute of the to-be-read file, and processes the second command header and the to-be-read data according to the random number and/or the read key to generate security data, and sends the security data to a second terminal device so that the second terminal device executes a corresponding operation on the to-be-executed command, the method not only can effectively ensure the safety and the integrity of the data information, but also can effectively improve the rapidity and the high efficiency of data information exchange.
In some embodiments, a computer readable storage medium is further provided, on which a data interaction program is stored, which when executed by a processor implements the aforementioned data interaction method.
According to the computer-readable storage medium of the embodiment of the invention, through the data interaction method, not only can the safety and the integrity of the data information be effectively ensured, but also the rapidity and the high efficiency of data information exchange can be effectively improved.
In some embodiments, there is also provided a terminal device, including: the data interaction method comprises a memory, a processor and a data interaction program which is stored on the memory and can run on the processor, wherein when the processor executes the program, the data interaction method is realized.
According to the terminal equipment provided by the embodiment of the invention, through the data interaction method, the safety and the integrity of the data information can be effectively ensured, and the rapidness and the high efficiency of data information exchange can be effectively improved.
In some embodiments, a data interaction apparatus is further provided, which is applied to a first terminal device, and as shown in fig. 4, the data interaction apparatus includes: a receiving module 10, a key obtaining module 20, a data obtaining module 30 and a generating module 40.
The receiving module 10 is configured to receive a read instruction sent by a second terminal device, where the read instruction includes a first command header and a data field, the first command header includes a read command, a first parameter, and a second parameter, the first parameter is used to indicate an acquisition mode of a file to be read, a file attribute of the file to be read is used to indicate a read key, the second parameter is used to indicate a start offset address of the file to be read, the data field includes a random number and a second command header, and the second command header includes a command to be executed corresponding to the data to be read; the data acquisition module 30 is configured to acquire a file to be read according to the first parameter, and read data to be read from the file to be read according to the second parameter; the key obtaining module 20 is configured to obtain a read key according to a file attribute of a file to be read; the generating module 40 is configured to process the second command header and the data to be read according to the random number and/or the read key to generate security data, and send the security data to the second terminal device so that the second terminal device can perform corresponding operations on the data to be read according to the command to be executed.
In some embodiments, the data field further includes a dispersion factor, and the key obtaining module 20 is further configured to: and performing decentralized processing on the read key according to the decentralized factor.
In some embodiments, the data acquisition module 30 is further configured to: and verifying the second command head, and reading the data to be read from the file to be read according to the second parameter after the verification is passed.
In some embodiments, the second command header further includes a third parameter, the third parameter is used to indicate a location to be updated for the data to be read, and the data obtaining module 30 is further used to: when the command to be executed is determined to be a binary file updating command, if the third parameter is the same as the second parameter, the verification is passed; when the command to be executed is determined to be a command for updating the record file, if the third parameter is a preset parameter, the verification is passed; when the command to be executed is determined not to be the command for updating the binary file and the command for updating the record file, the direct check is passed.
In some embodiments, the generating module 40 is specifically configured to: generating an initial check code according to the random number; verifying and calculating the second command head and the data to be read according to the initial verification code and the authentication key in the read key to obtain verification data; and generating safety data according to the data to be read and the verification data.
In some embodiments, the generating module 40 is specifically configured to: encrypting the second command head and the data to be read according to an encryption key in the read key to obtain ciphertext data; and generating the safety data according to the ciphertext data.
In some embodiments, the generating module 40 is specifically configured to: encrypting the data to be read according to an encryption key in the read key to obtain ciphertext data; generating an initial check code according to the random number; verifying and calculating the second command head and the ciphertext data according to the initial check code and the authentication key in the read key to obtain verification data; and generating the safety data according to the ciphertext data and the check data.
In some embodiments, the generating module 40 is specifically configured to: when a DES algorithm is adopted for checking calculation to obtain checking data, multi-byte bit complementing is carried out on the random number to generate an initial checking code; when the check calculation is carried out by adopting the cryptographic algorithm to obtain the check data, multi-byte bit complementing is carried out on the random number to obtain a bit complementing random number, then the bit complementing random number is inverted, and the initial check code is generated according to the bit complementing random number before inversion and the bit complementing random number after inversion.
In some embodiments, the first terminal device is an electricity meter and the second terminal device is an electricity card; or the first terminal equipment is an electric card, and the second terminal equipment is an electric meter; or the first terminal equipment is an ammeter, and the second terminal equipment is a master station.
It should be noted that, for the data interaction apparatus of the present application, reference may be made to the description of the data interaction method of the present application, and details are not described herein again.
According to the data interaction device of the embodiment of the invention, a first parameter is set in a reading instruction for indicating the acquisition mode of a file to be read, the file attribute of the file to be read is used for indicating a reading key, a second parameter is set for indicating the initial offset address of the file to be read, a random number and a second command head with a command to be executed corresponding to the data to be read are set, after the first terminal device receives the reading instruction, the file to be read is acquired according to the first parameter, the data to be read is read from the file to be read according to the second parameter, the reading key is acquired according to the file attribute of the file to be read, the second command head and the data to be read are processed according to the random number and/or the reading key to generate safety data, and the safety data are sent to the second terminal device so that the second terminal device executes corresponding operation on the data to be read according to the command to be executed, the method not only can effectively ensure the safety and the integrity of the data information, but also can effectively improve the rapidity and the high efficiency of data information exchange.
It should be noted that the logic and/or steps represented in the flowcharts or otherwise described herein, such as an ordered listing of executable commands that can be considered to implement logical functions, can be embodied in any computer-readable medium for use by or in connection with a command execution system, apparatus, or device (e.g., a computer-based system, processor-containing system, or other system that can fetch the commands from the command execution system, apparatus, or device and execute the commands). For the purposes of this description, a "computer-readable medium" can be any means that can contain, store, communicate, propagate, or transport the program for use by or in connection with the command execution system, apparatus, or device. More specific examples (a non-exhaustive list) of the computer-readable medium would include the following: an electrical connection (electronic device) having one or more wires, a portable computer diskette (magnetic device), a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber device, and a portable compact disc read-only memory (CDROM). Additionally, the computer-readable medium could even be paper or another suitable medium upon which the program is printed, as the program can be electronically captured, via for instance optical scanning of the paper or other medium, then compiled, interpreted or otherwise processed in a suitable manner if necessary, and then stored in a computer memory.
It should be understood that portions of the present invention may be implemented in hardware, software, firmware, or a combination thereof. In the above embodiments, the various steps or methods may be implemented in software or firmware stored in memory and executed by a suitable command execution system. For example, if implemented in hardware, as in another embodiment, any one or combination of the following techniques, which are known in the art, may be used: a discrete logic circuit having a logic gate circuit for implementing a logic function on a data signal, an application specific integrated circuit having an appropriate combinational logic gate circuit, a Programmable Gate Array (PGA), a Field Programmable Gate Array (FPGA), or the like.
In the description herein, references to the description of the term "one embodiment," "some embodiments," "an example," "a specific example," or "some examples," etc., mean that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the invention. In this specification, the schematic representations of the terms used above do not necessarily refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.
Furthermore, the terms "first", "second" and "first" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defined as "first" or "second" may explicitly or implicitly include at least one such feature. In the description of the present invention, "a plurality" means at least two, e.g., two, three, etc., unless specifically limited otherwise.
In the present invention, unless otherwise expressly stated or limited, the terms "mounted," "connected," "secured," and the like are to be construed broadly and can, for example, be fixedly connected, detachably connected, or integrally formed; can be mechanically or electrically connected; they may be directly connected or indirectly connected through intervening media, or they may be connected internally or in any other suitable relationship, unless expressly stated otherwise. The specific meanings of the above terms in the present invention can be understood by those skilled in the art according to specific situations.
Although embodiments of the present invention have been shown and described above, it is understood that the above embodiments are exemplary and should not be construed as limiting the present invention, and that variations, modifications, substitutions and alterations can be made to the above embodiments by those of ordinary skill in the art within the scope of the present invention.

Claims (12)

1. A data interaction method is applied to a first terminal device, and comprises the following steps:
receiving a read instruction sent by a second terminal device, wherein the read instruction comprises a first command header and a data field, the first command header comprises a read instruction, a first parameter and a second parameter, the first parameter is used for indicating an acquisition mode of a file to be read, a file attribute of the file to be read is used for indicating a read key, the second parameter is used for indicating a starting offset address of the file to be read, the data field comprises a random number and a second command header, and the second command header comprises a command to be executed corresponding to the data to be read;
acquiring the file to be read according to the first parameter, and reading the data to be read from the file to be read according to the second parameter;
acquiring the read key according to the file attribute of the file to be read;
and processing the second command head and the data to be read according to the random number and/or the read key to generate security data, and sending the security data to the second terminal equipment so that the second terminal equipment can execute corresponding operation on the data to be read according to the command to be executed.
2. The data interaction method according to claim 1, wherein the data field further includes a dispersion factor, and after obtaining the read key according to the file attribute of the file to be read, the method further includes:
and performing decentralized processing on the read key according to the decentralized factor.
3. The data interaction method according to claim 1, wherein before the data to be read is read from the file to be read according to the second parameter, the method further comprises:
and verifying the second command head, and reading the data to be read from the file to be read according to the second parameter after the verification is passed.
4. The data interaction method of claim 3, wherein the second command header further comprises a third parameter, the third parameter is used to indicate a location to be updated of the data to be read, and the verifying the second command header comprises:
when the command to be executed is determined to be a command for updating the binary file, if the third parameter is the same as the second parameter, the verification is passed;
when the command to be executed is determined to be a command for updating the record file, if the third parameter is a preset parameter, the verification is passed;
and when the command to be executed is determined not to be the binary file updating command and the record file updating command, directly checking to pass.
5. The data interaction method according to claim 1, wherein the processing the second command header and the data to be read according to the random number and/or the read key to generate secure data comprises:
generating an initial check code according to the random number;
verifying and calculating the second command head and the data to be read according to the initial verification code and an authentication key in the read key to obtain verification data;
and generating the safety data according to the data to be read and the verification data.
6. The data interaction method according to claim 1, wherein the processing the second command header and the data to be read according to the random number and/or the read key to generate secure data comprises:
encrypting the second command header and the data to be read according to an encryption key in the read key to obtain ciphertext data;
and generating the safety data according to the ciphertext data.
7. The data interaction method according to claim 1, wherein the processing the second command header and the data to be read according to the random number and/or the read key to generate secure data comprises:
encrypting the data to be read according to an encryption key in the read key to obtain ciphertext data;
generating an initial check code according to the random number;
according to the initial check code and an authentication key in the read key, performing check calculation on the second command header and the ciphertext data to obtain check data;
and generating the safety data according to the ciphertext data and the check data.
8. The data interaction method according to claim 5 or 7, wherein the generating an initial check code according to the random number comprises:
when a DES algorithm is adopted for checking calculation to obtain checking data, carrying out multi-byte bit complementing on the random number to generate the initial checking code;
when the check calculation is carried out by adopting the cryptographic algorithm to obtain check data, multi-byte bit complementing is carried out on the random number to obtain a bit complementing random number, then the bit complementing random number is inverted, and the initial check code is generated according to the bit complementing random number before inversion and the bit complementing random number after inversion.
9. The data interaction method according to claim 1, wherein the first terminal device is an electricity meter, and the second terminal device is an electricity card; or, the first terminal device is the electric card, and the second terminal device is the electric meter; or, the first terminal device is an ammeter, and the second terminal device is a master station.
10. A computer-readable storage medium, having stored thereon a data interaction program, which when executed by a processor implements a data interaction method according to any one of claims 1-9.
11. A terminal device, comprising: a memory, a processor and a data interaction program stored on the memory and executable on the processor, the processor implementing the data interaction method according to any one of claims 1-9 when executing the program.
12. A data interaction device is applied to a first terminal device, and the device comprises:
a receiving module, configured to receive a read instruction sent by a second terminal device, where the read instruction includes a first command header and a data field, the first command header includes a read command, a first parameter, and a second parameter, the first parameter is used to indicate an acquisition mode of a file to be read, a file attribute of the file to be read is used to indicate a read key, the second parameter is used to indicate a start offset address of the file to be read, the data field includes a random number and a second command header, and the second command header includes a command to be executed corresponding to the data to be read;
the data acquisition module is used for acquiring the file to be read according to the first parameter and reading the data to be read from the file to be read according to the second parameter;
the key acquisition module is used for acquiring the read key according to the file attribute of the file to be read;
and the generating module is used for processing the second command head and the data to be read according to the random number and/or the read key to generate safety data and sending the safety data to the second terminal equipment so that the second terminal equipment can execute corresponding operation on the data to be read according to the command to be executed.
CN202111302902.7A 2021-11-05 2021-11-05 Data interaction method and device, terminal equipment and storage medium Active CN113742762B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111302902.7A CN113742762B (en) 2021-11-05 2021-11-05 Data interaction method and device, terminal equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111302902.7A CN113742762B (en) 2021-11-05 2021-11-05 Data interaction method and device, terminal equipment and storage medium

Publications (2)

Publication Number Publication Date
CN113742762A true CN113742762A (en) 2021-12-03
CN113742762B CN113742762B (en) 2022-04-15

Family

ID=78727362

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111302902.7A Active CN113742762B (en) 2021-11-05 2021-11-05 Data interaction method and device, terminal equipment and storage medium

Country Status (1)

Country Link
CN (1) CN113742762B (en)

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2009090046A1 (en) * 2008-01-15 2009-07-23 Giesecke & Devrient Gmbh Secure data communication
US20100131773A1 (en) * 2008-11-25 2010-05-27 Dell Products L.P. System and Method for Providing Data Integrity
CN103024012A (en) * 2012-12-03 2013-04-03 中科创达软件股份有限公司 Method of data interaction between computer and intelligent terminal modem
CN105430721A (en) * 2015-10-30 2016-03-23 东莞酷派软件技术有限公司 Data interaction control method, data interaction control device and wearable equipment
CN107529132A (en) * 2017-09-05 2017-12-29 北京京东尚科信息技术有限公司 The method and apparatus that data are transmitted between bluetooth equipment and application program
CN107682335A (en) * 2017-10-09 2018-02-09 平安普惠企业管理有限公司 Data transmission method, service end and computer-readable recording medium
CN107786331A (en) * 2017-09-28 2018-03-09 平安普惠企业管理有限公司 Data processing method, device, system and computer-readable recording medium
CN109709902A (en) * 2017-10-25 2019-05-03 富泰华精密电子(郑州)有限公司 Data interactive method, system and memory
CN113408309A (en) * 2021-08-19 2021-09-17 飞天诚信科技股份有限公司 Data processing method and device and computer readable storage medium

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2009090046A1 (en) * 2008-01-15 2009-07-23 Giesecke & Devrient Gmbh Secure data communication
US20100131773A1 (en) * 2008-11-25 2010-05-27 Dell Products L.P. System and Method for Providing Data Integrity
CN103024012A (en) * 2012-12-03 2013-04-03 中科创达软件股份有限公司 Method of data interaction between computer and intelligent terminal modem
CN105430721A (en) * 2015-10-30 2016-03-23 东莞酷派软件技术有限公司 Data interaction control method, data interaction control device and wearable equipment
CN107529132A (en) * 2017-09-05 2017-12-29 北京京东尚科信息技术有限公司 The method and apparatus that data are transmitted between bluetooth equipment and application program
CN107786331A (en) * 2017-09-28 2018-03-09 平安普惠企业管理有限公司 Data processing method, device, system and computer-readable recording medium
CN107682335A (en) * 2017-10-09 2018-02-09 平安普惠企业管理有限公司 Data transmission method, service end and computer-readable recording medium
CN109709902A (en) * 2017-10-25 2019-05-03 富泰华精密电子(郑州)有限公司 Data interactive method, system and memory
CN113408309A (en) * 2021-08-19 2021-09-17 飞天诚信科技股份有限公司 Data processing method and device and computer readable storage medium

Also Published As

Publication number Publication date
CN113742762B (en) 2022-04-15

Similar Documents

Publication Publication Date Title
CN105391717B (en) A kind of APK signature authentication method and its system
CN111723383B (en) Data storage and verification method and device
CN105160242B (en) Certificate loading method, certificate update method and the card reader of a kind of card reader
CN107743115B (en) Identity authentication method, device and system for terminal application
US8650655B2 (en) Information processing apparatus and information processing program
CN102045167A (en) Systems and methods for asymmetric cryptographic accessory authentication
CN107463838A (en) Method for safety monitoring, device, system and storage medium based on SGX
KR101976027B1 (en) Method for generating and backing up electric wallet and user terminal and server using the same
CN107980132A (en) A kind of APK signature authentications method and system
CN103269271A (en) Method and system for back-upping private key in electronic signature token
EP2547135A2 (en) Apparatus and method for preventing copying of terminal unique information in portable terminal
CN114884659B (en) Key agreement method, gateway, terminal device and storage medium
CN112019326A (en) Vehicle charging safety management method and system
CN110190958A (en) A kind of auth method of vehicle, device, electronic equipment and storage medium
EP2804341A1 (en) Information storage device, information processing system, information processing method, and program
CN104104650B (en) data file access method and terminal device
CN115062292A (en) Equipment safety starting and authentication method and device based on hierarchical encryption
CN107315945A (en) The disk decryption method and device of a kind of electronic equipment
CN113742762B (en) Data interaction method and device, terminal equipment and storage medium
CN109670289A (en) A kind of method and system identifying background server legitimacy
CN115426106B (en) Identity authentication method, device and system, electronic equipment and storage medium
CN111400771A (en) Target partition checking method and device, storage medium and computer equipment
CN111970122A (en) Official APP identification method, mobile terminal and application server
CN108833107B (en) Zero-knowledge proof public parameter generation method and system
CN113034140B (en) Method, system, equipment and storage medium for realizing intelligent contract encryption

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant