CN114244553A - Method and device for safely releasing rail transit operation information - Google Patents

Method and device for safely releasing rail transit operation information Download PDF

Info

Publication number
CN114244553A
CN114244553A CN202111290551.2A CN202111290551A CN114244553A CN 114244553 A CN114244553 A CN 114244553A CN 202111290551 A CN202111290551 A CN 202111290551A CN 114244553 A CN114244553 A CN 114244553A
Authority
CN
China
Prior art keywords
information
platform
scheduling
encrypted
station
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202111290551.2A
Other languages
Chinese (zh)
Other versions
CN114244553B (en
Inventor
赵伟慧
汪晓臣
李樊
田源
黄志威
孙同庆
王志飞
宫玉昕
杜呈欣
孟宇坤
张铭
刘小满
张胜阳
张馨
吴跃
李佳宁
李波
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Academy of Railway Sciences Corp Ltd CARS
Institute of Computing Technologies of CARS
Beijing Jingwei Information Technology Co Ltd
Original Assignee
China Academy of Railway Sciences Corp Ltd CARS
Institute of Computing Technologies of CARS
Beijing Jingwei Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Academy of Railway Sciences Corp Ltd CARS, Institute of Computing Technologies of CARS, Beijing Jingwei Information Technology Co Ltd filed Critical China Academy of Railway Sciences Corp Ltd CARS
Priority to CN202111290551.2A priority Critical patent/CN114244553B/en
Publication of CN114244553A publication Critical patent/CN114244553A/en
Application granted granted Critical
Publication of CN114244553B publication Critical patent/CN114244553B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/045Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/126Applying verification of the received information the source of the received data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y04INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
    • Y04SSYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
    • Y04S40/00Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
    • Y04S40/20Information technology specific aspects, e.g. CAD, simulation, modelling, system security

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Alarm Systems (AREA)

Abstract

The invention provides a method and a device for safely releasing rail transit operation information, wherein the method comprises the following steps: based on the connection between a station and a central network, sending a scheduling request to a data management platform and receiving scheduling information returned by the data management platform, wherein the scheduling information is operation information extracted according to the scheduling request and is obtained by performing source safety check on the operation information or source alarm information; the scheduling information is operation information which passes source safety verification, the scheduling information is sent to the central safety platform, and encrypted scheduling information returned by the central safety platform is received, wherein the encrypted scheduling information is obtained by encrypting the scheduling information; and sending the encrypted scheduling information to the station terminal for decryption by using the station security platform. The invention ensures the data security in the process of issuing the operation information, avoids the broadcasting of illegal information or tampered information by the station terminal, and improves the security of issuing the operation information.

Description

Method and device for safely releasing rail transit operation information
Technical Field
The invention relates to the technical field of information safety, in particular to a method and a device for safely releasing rail transit operation information.
Background
The rail transit Passenger Information System (PIS) is used as an operation information release management core system, can provide information such as train operation information, trip information, government bulletins and the like in real time, and can play guiding information such as emergency evacuation, disaster prevention and the like in a striking manner under emergency conditions such as fire and the like, so that the PIS is an important means for guaranteeing the operation safety of urban rail transit.
The PIS system is wide in application and huge in audience population, and the safety of information release of the PIS system is very important. Currently, there are two potential safety hazards in operation information distribution. The rail transit stations are more, a safe and reliable data verification method and device are lacked in an information transmission chain which is released from the center to the station for display, and the operation information has safety risks of being maliciously intercepted, tampered and the like in the database storage and network transmission processes.
Disclosure of Invention
The invention provides a method and a device for safely releasing rail transit operation information, which are used for solving the defects of easy leakage and easy tampering caused by poor safety of the rail transit operation information in the prior art and realizing the reliability of a station terminal operation information source and the safety of data transmission.
The invention provides a rail transit operation information safety release method which is characterized by comprising the following steps: based on the connection between a station and a central network, sending a scheduling request to a data management platform and receiving scheduling information returned by the data management platform, wherein the scheduling information is operation information extracted according to the scheduling request and is obtained by performing source safety check on the operation information or source alarm information; based on the scheduling information being operation information which passes source security verification, sending the scheduling information to a central security platform, and receiving encrypted scheduling information returned by the central security platform, wherein the encrypted scheduling information is obtained by encrypting the scheduling information; and sending the encrypted scheduling information to the station terminal for decryption by using the station security platform.
According to the rail transit operation information safety release method provided by the invention, the scheduling information is source alarm information generated according to the operation information which does not pass the source safety verification, and the operation information which does not pass the source safety verification is stopped;
source security verification, comprising: obtaining the abstract of the operation information extracted from the database according to the scheduling request based on an information abstract algorithm; comparing the abstract with a pre-stored initial abstract, wherein the initial abstract is obtained based on an information abstract algorithm when the operation information is stored in a database; if the comparison is consistent, the source safety check is passed; otherwise, marking the operation as illegal information and generating source alarm information.
According to the rail transit operation information safety release method provided by the invention, the operation information extracted from the database comprises operation information which is released by a central information release platform based on authentication information returned by the central safety platform and is sent to the database by the central information release platform; the authentication information is obtained by the central security platform performing face recognition based on a user image sent by the central information publishing platform and performing digital signature on a business operation completion request corresponding to the user passing the face recognition; the user image is obtained by taking a picture after a user performs living body detection on the user based on a user service operation completion request by the user image-centered information release platform; and/or the operation information extracted from the database includes operation information transmitted to the database by an external system, and the external system includes at least one of an operation command center (TCC), an integrated monitoring system (ISCS), an environment and equipment monitoring system (BAS), and a Fire Alarm System (FAS).
According to the rail transit operation information safe issuing method provided by the invention, the encrypted scheduling information comprises a ciphertext and a secret key which are packaged into a digital envelope, the ciphertext is obtained by encrypting the scheduling information by the central security platform based on a symmetric encryption algorithm, and the secret key is obtained by encrypting parameters of the symmetric encryption algorithm by the central security platform based on an asymmetric encryption algorithm.
The invention provides a safe release method of rail transit operation information, which comprises the following steps: based on the connection of a station and a central network, receiving encrypted scheduling information sent by an information scheduling platform, wherein the encrypted scheduling information is obtained by encrypting operation information extracted from a data management platform by the information scheduling platform and by utilizing a central security platform; sending the encrypted scheduling information to a station safety platform, and receiving first information returned by the station safety platform, wherein the first information is decrypted scheduling information or transmission alarm information obtained by carrying out transmission safety verification on the encrypted scheduling information and according to a transmission safety verification result; and broadcasting the decrypted scheduling information based on the decrypted scheduling information obtained by decrypting the encrypted scheduling information which passes the transmission security verification based on the first information. According to the safe release method of the rail transit operation information, the encryption scheduling information comprises a ciphertext and a key, and the decryption scheduling information is obtained by judging whether the ciphertext accords with an agreed encryption rule and decrypting the ciphertext by using the key corresponding to the ciphertext which accords with the agreed rule;
further comprising: based on the first information, the transmission alarm information is generated according to the encrypted scheduling information which fails the transmission security verification, and the release of the encrypted scheduling information which fails the transmission security verification is stopped;
further comprising: receiving encrypted operation information sent by a station information release platform based on station and central network interruption, wherein the encrypted operation information is obtained by encrypting the released operation information by using a local encryption software package of the station information release platform; and decrypting the encrypted operation information by using the local decryption software package, and broadcasting the decryption scheduling information.
The invention provides a rail transit operation information safety release device, which comprises: the dispatching information acquisition module is connected with a central network based on a station, sends a dispatching request to the data management platform and receives dispatching information returned by the data management platform, wherein the dispatching information is operation information extracted according to the dispatching request and is operation information or source alarm information obtained by performing source safety verification on the operation information; the encrypted information acquisition module is used for sending the scheduling information to the central security platform and receiving encrypted scheduling information returned by the central security platform based on the fact that the scheduling information is operation information which passes source security verification, wherein the encrypted scheduling information is obtained by encrypting the scheduling information; and the information sending module is used for sending the encrypted scheduling information to the station terminal and decrypting the encrypted scheduling information by using the station safety platform.
The invention provides a rail transit operation information safety release device, which comprises: the information receiving module is connected with the central network based on a station and receives encrypted scheduling information sent by the information scheduling platform, wherein the encrypted scheduling information is operation information extracted from the data management platform by the information scheduling platform and obtained by encrypting the operation information by using the central security platform; the first information acquisition module is used for sending the encrypted scheduling information to the station safety platform and receiving first information returned by the station safety platform, wherein the first information is decrypted scheduling information or transmission alarm information obtained by carrying out transmission safety verification on the encrypted scheduling information and according to a transmission safety verification result; and the information broadcasting module is used for broadcasting the decryption scheduling information based on the decryption scheduling information obtained by decrypting the encryption scheduling information which passes the transmission safety verification based on the first information.
The invention also provides an electronic device, which comprises a memory, a processor and a computer program which is stored on the memory and can run on the processor, wherein the processor executes the program to realize the steps of any one of the rail transit operation information safety release methods.
The present invention also provides a non-transitory computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, implements the steps of the method for safely distributing rail transit operation information as described in any one of the above.
The invention also provides a computer program product comprising a computer program, wherein the computer program realizes the steps of the rail transit operation information safety release method according to any one of the above steps when being executed by a processor.
According to the safe release method and device for the rail transit operation information, the dispatching information dispatched by the information dispatching platform is encrypted through the encryption box of the central safety platform, the encrypted dispatching information is sent to the station terminal, the station safety platform is used for decryption, the safety in the data transmission process is ensured, the station terminal is prevented from broadcasting the tampered information, and the risk caused by malicious tampering of the operation information in the transmission process is effectively reduced; the data management platform is used for carrying out source safety check on the extracted operation information, so that the reliability of the extracted operation information is improved, illegal information is prevented from being dispatched and released, and the safety of issuing the operation information is further improved; meanwhile, abnormal conditions such as malicious tampering and illegal release of information can be warned in time, the detection sensing capability of operation abnormity is improved, and the safety of operation information release management is improved.
Drawings
In order to more clearly illustrate the technical solutions of the present invention or the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 is one of the flow diagrams of a method for safely publishing rail transit operation information provided by the present invention;
FIG. 2 is a schematic flow chart of source security verification provided by the present invention;
FIG. 3 is a schematic flow chart of user identification and digital signature provided by the present invention;
FIG. 4 is a flow diagram of transmission security verification provided by the present invention;
fig. 5 is a second schematic flow chart of the method for safely publishing the rail transit operation information provided by the present invention;
fig. 6 is one of the schematic structural diagrams of the method for safely publishing the rail transit operation information provided by the present invention;
fig. 7 is a second schematic diagram of the architecture of the method for safely publishing the rail transit operation information provided by the present invention;
fig. 8 is one of the schematic structural diagrams of the track transportation operation information security issuing device provided by the present invention;
fig. 9 is a second schematic structural diagram of the rail transit operation information security issuing device provided by the present invention;
fig. 10 is a third schematic structural diagram of a rail transit operation information security issuing device provided by the present invention;
fig. 11 is a fourth schematic structural diagram of the rail transit operation information security issuing device provided by the present invention;
fig. 12 is a schematic structural diagram of an electronic device provided in the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention clearer, the technical solutions of the present invention will be clearly and completely described below with reference to the accompanying drawings, and it is obvious that the described embodiments are some, but not all embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Fig. 1 shows a flow diagram of a method for safely releasing rail transit operation information according to the present invention, where the method includes:
s11, based on the connection between the station and the central network, sending a scheduling request to the data management platform and receiving scheduling information returned by the data management platform, wherein the scheduling information is operation information extracted according to the scheduling request and operation information or source alarm information obtained by performing source safety verification on the operation information;
s12, based on the fact that the scheduling information is operation information which passes source safety verification, the scheduling information is sent to a central safety platform, and encrypted scheduling information returned by the central safety platform is received, wherein the encrypted scheduling information is obtained by encrypting the scheduling information;
and S13, sending the encrypted scheduling information to the station terminal for decryption by using the station security platform.
It should be noted that the execution main body of this embodiment is an information scheduling platform, and when the station is connected to the central network, the information scheduling platform extracts the operation information from the data management platform and encrypts the operation information by using the central security platform. S1N in this specification does not represent the sequence of the method for safely issuing the track transportation operation information, and the method for safely issuing the track transportation operation information according to the present invention is described below with reference to fig. 2 to 4.
And step S11, based on the connection between the station and the central network, sending a scheduling request to the data management platform and receiving scheduling information returned by the data management platform, wherein the scheduling information is operation information extracted according to the scheduling request and is obtained by performing source safety verification on the operation information or source alarm information.
It should be noted that, after the data management platform receives the scheduling request sent by the information scheduling platform, the data management platform extracts corresponding operation information according to the scheduling request; and the data management platform performs source safety verification on the extracted operation information to obtain scheduling information, and returns the scheduling information to the information scheduling platform. It should be noted that if the operation information passes the source security check, the operation information is taken as the scheduling information; otherwise, labeling the operation information and generating source alarm information as scheduling information. In addition, based on the connection between the station and the central network, the central information publishing platform independently manages the information publishing of the station terminal managed by the station.
Specifically, referring to FIG. 2, the source security check includes: obtaining the abstract of the operation information extracted from the database according to the scheduling request based on an information abstract algorithm; comparing the abstract with a pre-stored initial abstract, wherein the initial abstract is obtained based on an information abstract algorithm when the operation information is stored in a database; if the comparison is consistent, the source safety check is passed, the operation information is used as scheduling information, otherwise, the operation information is marked as illegal information, and source alarm information is generated. It should be noted that the summary calculation object of the operation information includes the content, time, level and publishing user of the operation information.
In an optional embodiment, the operation information extracted from the database comprises operation information which is issued by the central information issuing platform based on authentication information returned by the central security platform and is sent to the database by the central information issuing platform; the authentication information is obtained by the central security platform performing face recognition based on a user image sent by the central information publishing platform and performing digital signature on a business operation completion request corresponding to the user passing the face recognition; the user image is obtained by taking a picture of the user after the user performs living body detection on the user based on the user service operation completion request by the user image-centered information publishing platform.
Specifically, a user performs service operation based on a central information publishing platform and sends an operation completion request to the central information publishing platform; the central information issuing platform receives the operation completion request, performs living body detection on the user by using the face recognition camera, acquires a user image, and sends the acquired user image and the operation completion request to the central safety platform; referring to fig. 3, the central security platform compares the user image with the pre-stored face image, and if the comparison is consistent, obtains the current user key, digitally signs the service operation of the operation completion request based on the key-invoking signature service, and returns the authentication information with the signature to the central information publishing platform; otherwise, judging that the user is an illegal user, generating operation alarm information unsafe for user operation by the central security platform, and returning the operation alarm information to the central information publishing platform; the central information issuing platform completes the business operation according to the received authentication information and sends the operation information formed based on the business operation to the data management platform; and the data management platform calculates the initial abstract of the data management platform based on an information abstract algorithm, and stores the operation information and the initial abstract thereof in a database to wait for scheduling.
It should be noted that, when the central security platform compares the user image with the pre-stored face image, the similarity between the user image and the face image is mainly calculated, and if the similarity is not less than a preset threshold, the comparison is consistent, and the face recognition verification is performed. The initial abstract is used as the digital fingerprint of the operation information, so that the initial abstract and the operation information are simultaneously stored in the database, if other people tamper the operation information, the corresponding abstract is also changed, so that whether the operation information is tampered or not is judged through comparison of the abstract when the operation information is called subsequently, and the accuracy of the operation information is ensured. In addition, before the central security platform compares the user image with the face image stored in advance, the basic information of the user and the face image are collected, and a unique digital certificate is bound to each user. Therefore, the key of the user through face recognition can be conveniently acquired subsequently to carry out digital signature.
Based on the face recognition and digital signature user identity dual authentication technology, on the basis of user identity authenticity verification, signature authentication of user information issuing management operation events is achieved, a complete evidence chain of user operation is formed, risks of one number for multiple purposes, password embezzlement, illegal issuing and the like are avoided, user behavior resistance is enhanced, and operation management efficiency is improved. Through the fusion application of the identity authentication technology and the information encryption and decryption technology, on the basis of a passenger information system center-station two-stage control architecture, a safety support platform is added, the safety check of data is added according to key links of editing, auditing, storing, transmitting, displaying and the like of an operation information distribution function, the safety control of the whole process of operation information from a control center to a station playing terminal is realized by assisting with an effective identity authentication technology, and the reliability of an operation information source of the station terminal and the safety of the data are guaranteed.
In order to facilitate abnormal investigation, the central security platform saves the authentication information to the central information issuing platform to be used as a user operation log for recording and subsequent abnormal investigation. It should be noted that the service operation includes operations such as information editing, information auditing, or information revocation, which may be specifically set according to actual use requirements or design requirements, and is not further limited herein.
In another alternative embodiment, the operational information extracted from the database includes system operational information sent to the database by the external system. It should be noted that the external system includes at least one of an operation command center (TCC), an integrated monitoring system (ISCS), an environment and equipment monitoring system (BAS), and a Fire Alarm System (FAS), and the operation information is information transmitted from the external system to a Passenger Information System (PIS). It should be noted that in the present embodiment, the external system is a platform other than the central information distribution platform, and is not further limited herein.
In an optional embodiment, before sending the scheduling request to the data management platform based on the station-to-central network connection, the method further includes: and judging whether the station is degraded in operation, namely judging whether the station is degraded in operation based on the connection state of the station and the central network, if so, normally operating, and otherwise, degrading operation. It should be noted that the degraded operation means that the station is disconnected from the central network, and the central information distribution management platform is separated, and the station information distribution platform independently manages information distribution of the station terminal governed by the station.
And step S12, based on the operation information of the scheduling information passing the source security verification, sending the scheduling information to the central security platform, and receiving the encrypted scheduling information returned by the central security platform, wherein the encrypted scheduling information is obtained by encrypting the scheduling information.
In this embodiment, when the scheduling information is the operation information passing the source security verification, the information scheduling platform receives the scheduling information and then sends the scheduling information to the central security platform for encryption; and after receiving the scheduling information, the central security platform encrypts the scheduling information and returns the encrypted scheduling information to the information scheduling platform. It should be noted that the encrypted scheduling information includes a ciphertext and a key that are encapsulated into a digital envelope, the ciphertext is obtained by encrypting the scheduling information based on a symmetric encryption algorithm by the central security platform, the key is obtained by encrypting parameters of the symmetric encryption algorithm based on an asymmetric encryption algorithm by the central security platform, the symmetric encryption algorithm and the asymmetric encryption algorithm may adopt an existing algorithm or a new algorithm designed based on actual encryption requirements, and the present disclosure is not further limited. In addition, the central security platform encrypts scheduling information by using an encryption box, the encryption box realizes data encryption based on a national encryption hybrid algorithm, supports data encryption transmission under Socket, HTTP, FTP and TCP/IP protocols, and provides a standard API encryption service interface.
In an optional embodiment, based on the source alarm information generated by the scheduling information according to the operation information which fails the source security verification, the scheduling of the operation information which fails the source security verification is suspended. It should be noted that, when the scheduling information is the source alarm information generated according to the operation information that does not pass the source security check, the source alarm information is returned to the information scheduling platform, so that the information scheduling platform stops the scheduling operation, knows that the operation information has the security risk, and improves the security of information transmission.
And step S13, sending the encrypted scheduling information to the station terminal for decryption by using the station security platform.
In this embodiment, after the information dispatching platform sends the encrypted dispatching information to the station terminal, the station terminal receives the encrypted dispatching information, sends the encrypted dispatching information to the station security platform, and receives first information returned by the station security platform, where the first information is obtained by performing transmission security verification on the encrypted dispatching information and according to a transmission security verification result. It should be noted that the first information may be decrypted scheduling information that passes transmission security verification or transmission warning information that does not pass transmission security verification, specifically, referring to fig. 4, after the station terminal sends the encrypted scheduling information to the station security platform, the station security platform receives the encrypted scheduling information and determines whether a ciphertext in the encrypted scheduling information conforms to a predetermined encryption principle, if so, the ciphertext is decrypted by using a key to obtain the decrypted scheduling information, otherwise, the data is described to be tampered in the transmission process, the data is discarded, and transmission warning information representing data transmission insecurity warning is generated; the station safety platform feeds back the decrypted scheduling information or the transmission alarm information to the station terminal; and broadcasting the decrypted scheduling information according to a preset broadcasting rule after the station terminal receives the decrypted scheduling information, or timely determining that the information is tampered data after the station terminal receives and transmits the alarm information, thereby avoiding broadcasting the data.
In an optional embodiment, the method further comprises: on the basis of station and central network interruption, encrypting scheduling operation information by using a local encryption software package of a station information release platform to obtain encrypted operation information, wherein the scheduling operation information comprises operation information released by the station information release platform; and the station information issuing platform sends the encrypted operation information to the station terminal and decrypts the operation information by using the local decryption software package. It should be noted that, after the station terminal decrypts the encrypted operation information by using the local decryption software package, the decrypted operation information is obtained, and is broadcasted by the station terminal. In addition, based on the station and the central network terminal, information release of the station terminal governed by the station is separated from the central information release platform and is independently managed by the station information release platform, so that the situation that operation information release is interrupted due to the fact that hardware such as an encryption box of the central safety platform and a decryption box of the station safety platform break down in emergency situations such as fire disasters of the PIS system is avoided.
Fig. 5 shows a flow diagram of a method for safely releasing rail transit operation information according to the present invention, where the method includes:
s21, based on the connection of the station and the central network, receiving encrypted scheduling information sent by the information scheduling platform, wherein the encrypted scheduling information is obtained by the information scheduling platform extracting operation information from the data management platform and encrypting the operation information by using the central security platform;
s22, sending the encrypted scheduling information to a station safety platform, and receiving first information returned by the station safety platform, wherein the first information is decrypted scheduling information or transmission alarm information obtained by carrying out transmission safety verification on the encrypted scheduling information and according to a transmission safety verification result;
and S23, broadcasting the decryption scheduling information based on the decryption scheduling information obtained by decrypting the encryption scheduling information passing the transmission security verification based on the first information.
It should be noted that the execution main body of this embodiment is a station terminal, and is configured to receive the encrypted scheduling information sent from the information scheduling platform, and decrypt the encrypted scheduling information by using the station security platform, so as to broadcast the decrypted scheduling information. S2N in this specification does not represent the sequence of the track traffic operation information security issuing method, and the track traffic operation information security issuing method of the present invention is described in detail below.
And step S21, based on the connection between the station and the central network, receiving the encrypted scheduling information sent by the information scheduling platform, wherein the encrypted scheduling information is the operation information extracted by the information scheduling platform from the data management platform and obtained by encrypting the operation information by using the central security platform.
In this embodiment, the station terminal receives encrypted scheduling information sent by the information scheduling platform, where the encrypted scheduling information is obtained by extracting operation information from the data management platform based on the information scheduling platform and encrypting the operation information by using the central security platform. Specifically, the information scheduling platform sends a scheduling request to the data management platform; after receiving the scheduling request, the data management platform extracts corresponding operation information from the database according to the scheduling request, performs source safety verification on the operation information to obtain scheduling information, and then sends the scheduling information to the information scheduling platform; and if the scheduling information is the operation information which passes the source safety verification, the information scheduling platform sends the scheduling information to the central safety platform for encryption, and sends the encrypted scheduling information returned after the central safety platform is encrypted to the station terminal. In addition, if the scheduling information is the source alarm information generated according to the operation information which does not pass the source security verification, the information scheduling platform terminates the operation of the scheduling information in time so as to avoid scheduling the wrong information or the tampered information, thereby improving the security of information transmission.
It should be noted that the encrypted scheduling information includes a ciphertext and a key that are encapsulated into a digital envelope, the ciphertext is obtained by encrypting the scheduling information based on a symmetric encryption algorithm by the central security platform, the key is obtained by encrypting parameters of the symmetric encryption algorithm based on an asymmetric encryption algorithm by the central security platform, the symmetric encryption algorithm and the asymmetric encryption algorithm may adopt an existing algorithm or a new algorithm designed based on actual encryption requirements, and the present disclosure is not further limited.
And step S22, sending the encrypted scheduling information to a station safety platform, and receiving first information returned by the station safety platform, wherein the first information is decrypted scheduling information or transmission alarm information obtained by carrying out transmission safety verification on the encrypted scheduling information and according to the transmission safety verification result.
In this embodiment, after the station terminal sends the encrypted scheduling information to the station security platform, the station security platform receives the encrypted scheduling information and performs transmission security verification, where the transmission security verification includes: and judging whether the ciphertext in the encrypted scheduling information conforms to an agreed encryption principle, and if so, passing transmission security verification. Obtaining first information according to the transmission security verification result, wherein the first information comprises: if the transmission security verification is passed, decrypting the ciphertext by using the key in the encrypted scheduling information to obtain decrypted scheduling information; otherwise, discarding the corresponding encrypted scheduling information, and generating transmission alarm information representing unsafe alarm of data transmission; and the station safety platform returns the decrypted scheduling information or the transmission alarm information to the station terminal as first information.
And step S23, broadcasting the decrypted scheduling information based on the decrypted scheduling information obtained by decrypting the encrypted scheduling information passing the transmission security verification based on the first information.
In this embodiment, the encryption scheduling information includes a ciphertext and a key, and the decryption scheduling information is obtained by determining whether the ciphertext conforms to an agreed encryption rule and decrypting the ciphertext using the key corresponding to the ciphertext conforming to the agreed encryption rule. In an optional embodiment, the first information is transmission warning information generated according to encrypted scheduling information which does not pass transmission security verification, and the station terminal stops broadcasting to avoid broadcasting error data or tampered data.
In an optional embodiment, based on the transmission warning information generated by the first information according to the encrypted scheduling information which fails the transmission security verification, the issuing of the encrypted scheduling information which fails the transmission security verification is suspended. When the first information is transmission warning information generated according to encrypted scheduling information which does not pass transmission security verification, the transmission warning information is returned to the station terminal, so that the station terminal can stop information issuing operation, and risks caused by malicious tampering of operation information in the transmission process are effectively reduced.
In an optional embodiment, the method further comprises: receiving encrypted operation information sent by a station information release platform based on station and central network interruption, wherein the encrypted operation information is obtained by encrypting the released operation information by using a local encryption software package of the station information release platform; and decrypting the encrypted operation information by using the local decryption software package to obtain decrypted operation information, and broadcasting the decrypted operation information by using the station terminal. The station information issuing platform locally stores the encryption software package, and the station terminal application locally stores the decryption software package, so that the condition that operation information issuing is interrupted due to the fact that hardware such as an encryption box of a central safety platform and a decryption box of a station safety platform are broken down in emergency situations such as fire disasters of the PIS system is avoided. The station information publishing platform stores an encryption software package to encrypt the operation information to be published; and the station terminal receives the encrypted scheduling information sent by the station information release platform and decrypts the encrypted scheduling information based on the local decryption software package. It should be noted that the encryption software package and/or the decryption software package may adopt a software package based on a symmetric encryption algorithm. When an emergency occurs, the station information publishing platform detects a fault of the central safety platform, a local encryption software package is directly called to encrypt and publish the operation information, and a station playing terminal program calls a local decryption software package to decrypt and play, so that normal operation of a PIS system operation information publishing service is ensured.
In an optional embodiment, the rail transit operation information safety issuing method comprises the following steps:
s31, based on the connection between the station and the central network, the information dispatching platform sends dispatching request to the data management platform and receives dispatching information returned by the data management platform, the dispatching information is the operation information extracted according to the dispatching request and the operation information or source alarm information obtained by the source safety check of the operation information;
s32, if the scheduling information is the operation information passing the source security check, the information scheduling platform sends the scheduling information to the central security platform and receives the encrypted scheduling information returned by the central security platform, and the encrypted scheduling information is obtained by encrypting the scheduling information;
s33, the information dispatching platform sends the encrypted dispatching information to the station terminal;
s34, the station terminal receives the encrypted scheduling information sent by the information scheduling platform;
s35, the station terminal sends the encrypted scheduling information to a station safety platform and receives first information returned by the station safety platform, wherein the first information is decrypted scheduling information or transmission alarm information obtained by carrying out transmission safety verification on the encrypted scheduling information and according to a transmission safety verification result;
and S36, if the first information is decrypted scheduling information obtained by decrypting the encrypted scheduling information passing the transmission security verification, the station terminal broadcasts the decrypted scheduling information.
It should be noted that, the specific implementation steps of this embodiment may refer to the foregoing descriptions, and are not described herein again. S3N in this specification does not represent the sequence of the track traffic operation information security issuing method, and the track traffic operation information security issuing method of the present invention is described below.
In an optional embodiment, the method further comprises: based on the interruption of the station and the central network, the station information release platform encrypts scheduling operation information by using a local encryption software package of the station information release platform to obtain encrypted operation information, wherein the scheduling operation information comprises operation information released by the station information release platform; the station information issuing platform sends the encrypted operation information to a station terminal; the station terminal receives encrypted operation information sent by the station information release platform, the encrypted operation information is obtained by encrypting the operation information released by using a local encryption software package of the station information release platform, the encrypted operation information is decrypted by using a local decryption software package to obtain decrypted operation information, and the decrypted operation information is broadcasted by using the station terminal.
Fig. 6 shows an architecture diagram of a method for safely publishing rail transit operation information, which includes:
s41, based on the connection between the station and the central network, the information dispatching platform sends dispatching request to the data management platform;
s42, the data management platform receives the scheduling request sent by the information scheduling platform, extracts the operation information from the database according to the scheduling request, and performs source security check on the operation information to obtain the operation information or source alarm information as the scheduling information, and returns the scheduling information to the information scheduling platform; the data management platform receives operation information issued by an external system and/or operation information which is sent by a central information issuing platform and passes through central security platform information issuing verification in advance, calculates an abstract of the received information based on an information abstract algorithm, and stores the abstract and the corresponding information as an initial abstract in a database;
s43, if the scheduling information is the operation information passing the source safety check, the information scheduling platform sends the scheduling information to the central safety platform;
s44, the central security platform receives the dispatching information sent by the information dispatching platform, encrypts the dispatching information by using the encryption box to obtain encrypted dispatching information, and returns the encrypted dispatching information to the information dispatching platform;
s45, the information dispatching platform sends the encrypted dispatching information to the station terminal;
s46, the station terminal sends the encrypted scheduling information to a station safety platform and receives first information returned by the station safety platform, wherein the first information is decrypted scheduling information or transmission alarm information obtained by carrying out transmission safety verification on the encrypted scheduling information and according to a transmission safety verification result;
and S47, if the first information is decrypted scheduling information obtained by decrypting the encrypted scheduling information passing the transmission security verification, the station terminal broadcasts the decrypted scheduling information.
It should be noted that, the specific implementation steps of this embodiment may refer to the foregoing descriptions, and are not described herein again. S4N in this specification does not represent the sequence of the track transportation operation information security issuing method, and the track transportation operation information security issuing method of the present invention is described below with reference to fig. 7 in detail.
When the information stored in the database is the operation information sent by the central information distribution platform, in step S42, before the data management platform receives the scheduling request sent by the information scheduling platform, the method further includes: the user carries out service operation based on the central information publishing platform and sends an operation completion request to the central information publishing platform; the central information issuing platform receives the operation completion request, performs living body detection on the user by using the face recognition camera, acquires a user image, and sends the acquired user image and the operation completion request to the central safety platform; the central security platform compares the user image with a pre-stored face image, if the comparison is consistent, a current user key is obtained, digital signature is carried out on the service operation of the operation completion request based on the key calling signature service, and the authentication information with the signature is returned to the central information issuing platform; otherwise, judging that the user is an illegal user, generating operation alarm information unsafe for user operation by the central security platform, and returning the operation alarm information to the central information publishing platform; the central information issuing platform completes the business operation according to the received authentication information and sends the operation information formed based on the business operation to the data management platform. In addition, after receiving the operation information released by the external system and/or the operation information sent by the central information release platform, the data management platform calculates the abstract of the received information based on an information abstract algorithm, and stores the abstract and the corresponding information as an initial abstract and the corresponding information into the database to wait for scheduling.
It should be noted that, when the central security platform compares the user image with the pre-stored face image, the similarity between the user image and the face image is mainly calculated, and if the similarity is not less than a preset threshold, the comparison is consistent, and the face recognition verification is performed. The initial abstract is used as the digital fingerprint of the operation information, so that the initial abstract and the operation information are simultaneously stored in the database, if other people tamper the operation information, the corresponding abstract is also changed, so that whether the operation information is tampered or not is judged through comparison of the abstract when the operation information is called subsequently, and the accuracy of the operation information is ensured. In addition, in order to facilitate exception troubleshooting, the central security platform saves the authentication information to the central information issuing platform to be used as a user operation log for recording and subsequent exception troubleshooting. It should be noted that the service operation includes operations such as information editing, information auditing, or information revocation, which may be specifically set according to actual use requirements or design requirements, and is not further limited herein.
In an optional embodiment, the method further comprises: on the basis of interruption of a station and a central network, a local encryption software package of a station information release platform encrypts scheduling operation information to obtain encrypted operation information, wherein the scheduling operation information comprises operation information released by the station information release platform; the station information issuing platform sends the encrypted operation information to a station terminal; the station terminal receives encrypted operation information sent by the station information release platform, the encrypted operation information is obtained by encrypting the operation information released by using a local encryption software package of the station information release platform, the encrypted operation information is decrypted by using a local decryption software package to obtain decrypted operation information, and the decrypted operation information is broadcasted by using the station terminal.
In summary, the dispatching information dispatched by the information dispatching platform is encrypted through the encryption box of the central security platform, the encrypted dispatching information is sent to the station terminal, and the station security platform is used for decryption, so that the security in the data transmission process is ensured, the tampered information is prevented from being broadcasted by the station terminal, and the risk caused by malicious tampering of the operation information in the transmission process is effectively reduced; the data management platform is used for carrying out source safety check on the extracted operation information, so that the reliability of the extracted operation information is improved, illegal information is prevented from being dispatched and released, and the safety of issuing the operation information is further improved; meanwhile, abnormal conditions such as malicious tampering and illegal release of information can be warned in time, the detection sensing capability of operation abnormity is improved, and the safety of operation information release management is improved.
The track traffic operation information security issuing device provided by the invention is described below, and the track traffic operation information security issuing device described below and the track traffic operation information security issuing method described above can be referred to in a corresponding manner.
Fig. 8 shows a schematic structural diagram of a rail transit operation information security issuing device, which is an information scheduling platform and includes:
the scheduling information acquisition module 81 is connected with a central network based on a station, sends a scheduling request to the data management platform, and receives scheduling information returned by the data management platform, wherein the scheduling information is operation information extracted according to the scheduling request and is operation information or source alarm information obtained by performing source safety verification on the operation information;
the encrypted information acquisition module 82 is used for sending the scheduling information to the central security platform and receiving encrypted scheduling information returned by the central security platform based on the fact that the scheduling information is operation information which passes source security verification, wherein the encrypted scheduling information is obtained by encrypting the scheduling information;
and the information sending module 83 sends the encrypted scheduling information to the station terminal for decryption by using the station security platform.
In this embodiment, the scheduling information obtaining module 81 includes: the request sending unit is used for sending a scheduling request to the data management platform; and the information receiving unit is used for receiving scheduling information returned by the data management platform, wherein the scheduling information is operation information extracted according to the scheduling request and is obtained by performing source safety verification on the operation information or source alarm information. Specifically, the data management platform comprises: the request receiving unit is used for receiving the calling request sent by the request sending unit; the extracting unit extracts corresponding operation information according to the scheduling request; the source safety verification unit is used for performing source safety verification on the extracted operation information to obtain scheduling information; and the information returning unit returns the scheduling information to the information scheduling platform. It should be noted that if the operation information passes the source security check, the operation information is taken as the scheduling information; otherwise, labeling the operation information and generating source alarm information as scheduling information.
More specifically, the source security check unit includes: the abstract calculation subunit is used for obtaining an abstract of the operation information extracted from the database according to the scheduling request based on an information abstract algorithm; the comparison subunit compares the abstract with a pre-stored initial abstract, wherein the initial abstract is obtained based on an information abstract algorithm when the operation information is stored in the database; if the comparison is consistent, the source safety check is passed, otherwise, the operation information is marked as illegal information, and source alarm information is generated. It should be noted that the summary calculation object of the operation information includes the content, time, level and publishing user of the operation information.
In an optional embodiment, the operation information extracted from the data comprises operation information which is issued by the central information issuing platform based on authentication information returned by the central security platform and is sent to the database by the central information issuing platform; the authentication information is obtained by the central security platform performing face recognition based on a user image sent by the central information publishing platform and performing digital signature on a business operation completion request corresponding to the user passing the face recognition; the user image is obtained by taking a picture of the user after the user performs living body detection on the user based on the user service operation completion request by the user image-centered information publishing platform. Specifically, the central information distribution platform includes: the operation receiving unit is used for receiving an operation completion request sent by a user after service operation is carried out; the image acquisition unit is used for carrying out living body detection on the user by using the face recognition camera and acquiring a user image; the data sending unit is used for sending the acquired user image and the operation completion request to the central security platform for information release verification; and the data receiving unit is used for finishing the business operation according to the received authentication information returned by the central security platform and sending the operation information formed based on the business operation to the data management platform.
The data management platform further comprises a storage unit, after receiving the authentication information, the storage unit calculates an initial abstract of the received authentication information based on the abstract calculation subunit, and then stores the operation information and the initial abstract thereof in the database for scheduling.
The central security platform comprises: the comparison unit is used for comparing the user image with a pre-stored face image, if the comparison is consistent, acquiring a current user key, carrying out digital signature on the service operation of the operation completion request based on the key calling signature service, and returning the authentication information with the signature to the central information release platform; otherwise, judging that the user is an illegal user, generating operation alarm information unsafe for user operation by the central security platform, and returning the operation alarm information to the central information publishing platform. It should be noted that, when the central security platform compares the user image with the pre-stored face image, the similarity between the user image and the face image is mainly calculated, and if the similarity is not less than a preset threshold, the comparison is consistent, and the face recognition verification is performed. The initial abstract is used as the digital fingerprint of the operation information, so that the initial abstract and the operation information are simultaneously stored in the database, if other people tamper the operation information, the corresponding abstract is also changed, so that whether the operation information is tampered or not is judged through comparison of the abstract when the operation information is called subsequently, and the accuracy of the operation information is ensured.
In another alternative embodiment, the operational information extracted from the database includes system operational information sent to the database by the external system. It should be noted that the external system may be at least one of an operation command center (TCC), an integrated monitoring system (ISCS), an environment and equipment monitoring system (BAS), and a Fire Alarm System (FAS), and the operation information is information transmitted from the external system to a Passenger Information System (PIS). It should be noted that in the present embodiment, the external system is a platform other than the central information distribution platform, and is not further limited herein.
In an optional embodiment, the apparatus further includes a determining module, which determines whether the station performs degraded operation, that is, whether the station performs degraded operation is determined based on a connection state between the station and the central network, and if the station is connected to the central network, the station performs normal operation, otherwise, the station performs degraded operation. It should be noted that the degraded operation means that the station is disconnected from the central network, and the central information distribution management platform is separated, and the station information distribution platform independently manages information distribution of the station terminal governed by the station.
If the scheduling information is the operation information passing the source security verification, the encrypted information obtaining module 82 includes: the information sending unit is used for sending the scheduling information to the central safety platform; and the information receiving unit is used for receiving the encrypted scheduling information returned by the central security platform, and the encrypted scheduling information is obtained by encrypting the scheduling information. It should be noted that the encrypted scheduling information includes a ciphertext and a key that are encapsulated into a digital envelope, the ciphertext is obtained by encrypting the scheduling information based on a symmetric encryption algorithm by the central security platform, and the key is obtained by encrypting parameters of the symmetric encryption algorithm based on an asymmetric encryption algorithm by the central security platform.
In an optional embodiment, if the scheduling information is source alarm information generated according to the operation information which does not pass the source security check, the source alarm information is returned to the information scheduling platform, so that the information scheduling platform stops scheduling operation, knows that the operation information has a security risk, and improves the security of information transmission.
And an information sending module 83 for sending the encrypted scheduling information to the station terminal for decryption.
The station terminal includes: a first receiving unit that receives encrypted scheduling information; and the first sending unit is used for sending the received encrypted scheduling information to a station safety platform and receiving first information returned by the station safety platform, wherein the first information is obtained by carrying out transmission safety verification on the encrypted scheduling information and according to a transmission safety verification result. It should be noted that the first information may be decrypted scheduling information that passes the transmission security verification or transmission alarm information that fails the transmission security verification.
Station safety platform, including station information receiving element, verification unit, decryption unit, warning unit and station information return unit, wherein: the station information receiving unit is used for receiving the encrypted scheduling information; the verification unit is used for judging whether the ciphertext in the encrypted scheduling information conforms to a preset encryption principle or not; if the verification unit judges that the data transmission is not safe, the decryption unit decrypts the ciphertext by using the key to obtain decryption scheduling information, otherwise, the alarm unit indicates that the data is tampered in the transmission process, discards the data and generates transmission alarm information indicating that the data transmission is safe; and the station information returning unit feeds back the decrypted scheduling information or the transmission alarm information to the station terminal.
If the first information is the decrypted scheduling information, the station terminal further includes: the information broadcasting unit is used for broadcasting the decryption scheduling information according to a preset broadcasting rule; if the first information is a prompt unit, the station terminal further includes: and the prompting unit is used for determining the information as tampered data in time so as to avoid broadcasting the data.
In an optional embodiment, the apparatus further includes a station information issuing platform, specifically including: the station information encryption unit encrypts scheduling operation information by using a local encryption software package of a station information release platform based on station and central network interruption to obtain encrypted operation information, wherein the scheduling operation information comprises operation information released by the station information release platform; and the station information sending unit is used for sending the encrypted operation information to the station terminal and decrypting the encrypted operation information by using the local decryption software package. It should be noted that, after the station terminal decrypts by using the local decryption software package to obtain the decrypted operation information, the station terminal broadcasts the decrypted operation information. In addition, based on the station and the central network terminal, information release of the station terminal governed by the station is separated from the central information release platform and is independently managed by the station information release platform, so that the situation that operation information release is interrupted due to the fact that hardware such as an encryption box of the central safety platform and a decryption box of the station safety platform break down in emergency situations such as fire disasters of the PIS system is avoided.
Fig. 9 is a schematic structural diagram of a rail transit operation information security issuing device, which is a station terminal and includes:
the information receiving module 91 is connected with the central network based on a station, and receives encrypted scheduling information sent by the information scheduling platform, wherein the encrypted scheduling information is operation information extracted from the data management platform by the information scheduling platform and obtained by encrypting the operation information by using the central security platform;
the first information obtaining module 92 sends the encrypted scheduling information to the station security platform, and receives first information returned by the station security platform, wherein the first information is decrypted scheduling information or transmission alarm information obtained by performing transmission security verification on the encrypted scheduling information and according to a transmission security verification result;
the information broadcasting module 93 broadcasts the decryption scheduling information, which is obtained by decrypting the encryption scheduling information according to the transmission security verification, based on the first information.
In this embodiment, the information receiving module 91 includes: and the first receiving unit is used for receiving the encrypted scheduling information sent by the information scheduling platform, wherein the encrypted scheduling information is the operation information extracted by the information scheduling platform from the data management platform and obtained by encrypting the operation information by using the central security platform.
The first information obtaining module 92 includes: and the first sending unit is used for sending the encrypted scheduling information to the station safety platform and receiving first information returned by the station safety platform, wherein the first information is obtained by carrying out transmission safety verification on the encrypted scheduling information and according to a transmission safety verification result. It should be noted that the first information may be decrypted scheduling information that passes the transmission security verification or transmission alarm information that fails the transmission security verification. A transmission security validation comprising: and judging whether the ciphertext in the encrypted scheduling information conforms to an agreed encryption principle, and if so, passing transmission security verification.
Information broadcast module 93 includes: and the broadcasting unit is used for broadcasting the decryption scheduling information based on the decryption scheduling information obtained by decrypting the encryption scheduling information which passes the transmission safety verification based on the first information.
In an optional embodiment, the information broadcasting module 93 further includes: and the prompting unit is used for determining the information as tampered data in time so as to avoid broadcasting the data.
In an optional embodiment, the apparatus further includes a station information issuing platform, specifically including: the station information encryption unit encrypts scheduling operation information by using a local encryption software package of a station information release platform based on station and central network interruption to obtain encrypted operation information, wherein the scheduling operation information comprises operation information released by the station information release platform; and the station information sending unit is used for sending the encrypted operation information to the station terminal and decrypting the encrypted operation information by using the local decryption software package.
The station information issuing platform locally stores the encryption software package, and the station terminal application locally stores the decryption software package, so that the condition that operation information issuing is interrupted due to the fact that hardware such as an encryption box of a central safety platform and a decryption box of a station safety platform are broken down in emergency situations such as fire disasters of the PIS system is avoided. The station information publishing platform stores an encryption software package to encrypt the operation information to be published; and the station terminal receives the encrypted scheduling information sent by the station information release platform and decrypts the encrypted scheduling information based on the local decryption software package. It should be noted that the encryption software package and/or the decryption software package may adopt a software package based on a symmetric encryption algorithm. When an emergency occurs, the station information publishing platform detects a fault of the central safety platform, a local encryption software package is directly called to encrypt and publish the operation information, and a station playing terminal program calls a local decryption software package to decrypt and play, so that normal operation of a PIS system operation information publishing service is ensured.
Fig. 10 shows a schematic structural diagram of a rail transit operation information security issuing device, which comprises: data management platform 101, information scheduling platform 102, central security platform 103, station terminal 104 and station security platform 105, wherein:
the information scheduling platform 102 is connected with the central network based on a station, and sends a scheduling request to the data management platform 101 and receives scheduling information returned by the data management platform 101, wherein the scheduling information is operation information extracted according to the scheduling request and is operation information or source alarm information obtained by performing source safety verification on the operation information;
if the scheduling information is the operation information which passes the source security verification, the information scheduling platform 102 sends the scheduling information to the central security platform 103 and receives encrypted scheduling information returned by the central security platform 103, wherein the encrypted scheduling information is obtained by encrypting the scheduling information;
the information dispatching platform 102 sends the encrypted dispatching information to the station terminal 104;
the station terminal 104 receives the encrypted scheduling information sent by the information scheduling platform 102;
the station terminal 104 sends the encrypted scheduling information to the station security platform 105, and receives first information returned by the station security platform, wherein the first information is decrypted scheduling information or transmission alarm information obtained by carrying out transmission security verification on the encrypted scheduling information and according to a transmission security verification result;
if the first information is decrypted scheduling information obtained by decrypting the encrypted scheduling information passing the transmission security verification, the station terminal 104 broadcasts the decrypted scheduling information.
It should be noted that specific structures of the data management platform 101, the information scheduling platform 102, the central security platform 103, the station terminal 104, and the station security platform 105 may refer to the foregoing embodiments, and are not described herein again.
In an optional embodiment, the apparatus further includes a station information issuing platform, specifically including: on the basis of station and central network interruption, encrypting scheduling operation information by using a local encryption software package of a station information release platform to obtain encrypted operation information, wherein the scheduling operation information comprises operation information released by the station information release platform; the encrypted operation information is transmitted to the station terminal 104 to be decrypted by using the local decryption software package. It should be noted that after the station terminal 104 decrypts by using the local decryption software package to obtain the decrypted operation information, the station terminal 104 broadcasts the decrypted operation information. In addition, based on the station and the central network terminal, the information release of the station terminal 104 governed by the station is separated from the central information release platform and is independently managed by the station information release platform, so that the situation that the operation information release is interrupted due to the fact that hardware such as an encryption box of the central safety platform and a decryption box of the station safety platform of the PIS fails in emergency situations such as fire disasters is avoided.
Fig. 11 shows a schematic structural diagram of a rail transit operation information security issuing device, which comprises: the central information issuing platform 111, the external system 112, the data management platform 113, the information dispatching platform 114, the central security platform 115, the station terminal 116 and the station security platform 117, wherein:
based on the connection between the station and the central network, the information dispatching platform 114 is used for sending a dispatching request to the data management platform 113;
the data management platform 113 receives the scheduling request sent by the information scheduling platform 114, extracts the operation information from the database according to the scheduling request, performs source security check on the operation information to obtain the operation information or source alarm information as scheduling information, and returns the scheduling information to the information scheduling platform 114; the data management platform 113 receives system operation information issued by the external system 112 and/or operation information which is sent by the central information issuing platform 111 and passes through central security platform information issuing verification in advance, calculates an abstract of the received information based on an information abstract algorithm, and stores the abstract and the corresponding information as an initial abstract into a database;
if the scheduling information is the operation information passing the source security verification, the information scheduling platform 114 sends the scheduling information to the central security platform 115;
the central security platform 115 receives the dispatching information sent by the information dispatching platform 114, encrypts the dispatching information by using an encryption box to obtain encrypted dispatching information, and returns the encrypted dispatching information to the information dispatching platform 114;
the information dispatching platform 114 sends the encrypted dispatching information to the station terminal 116;
the station terminal 116 sends the encrypted scheduling information to the station security platform 117, and receives first information returned by the station security platform 117, where the first information is decrypted scheduling information or transmission warning information obtained by performing transmission security verification on the encrypted scheduling information and according to a transmission security verification result;
if the first information is decrypted scheduling information obtained by decrypting the encrypted scheduling information passing the transmission security verification, the station terminal 116 broadcasts the decrypted scheduling information.
It should be noted that specific structures of the data management platform 113, the information scheduling platform 114, the central security platform 115, the station terminal 116, and the station security platform 117 may refer to the foregoing embodiments, and are not described herein again. In addition, the central information publishing platform comprises: the operation receiving unit is used for receiving an operation completion request sent by a user after service operation is carried out; the image acquisition unit is used for carrying out living body detection on the user by using the face recognition camera and acquiring a user image; the data sending unit is used for sending the acquired user image and the operation completion request to the central security platform; and the data receiving unit is used for finishing the business operation according to the received authentication information returned by the central security platform and sending the operation information formed based on the business operation to the data management platform.
Correspondingly, the central security platform further comprises: the comparison unit is used for comparing the user image with a face image stored in advance, if the comparison is consistent, the current user key is obtained, digital signature is carried out on the business operation of the operation completion request based on the key calling signature service, and the authentication information with the signature is returned to the central information issuing platform; otherwise, judging that the user is an illegal user, generating operation alarm information unsafe for user operation by the central security platform, and returning the operation alarm information to the central information publishing platform.
It should be noted that, when the central security platform compares the user image with the pre-stored face image, the similarity between the user image and the face image is mainly calculated, and if the similarity is not less than a preset threshold, the comparison is consistent, and the face recognition verification is performed. The initial abstract is used as the digital fingerprint of the operation information, so that the initial abstract and the operation information are simultaneously stored in the database, if other people tamper the operation information, the corresponding abstract is also changed, so that whether the operation information is tampered or not is judged through comparison of the abstract when the operation information is called subsequently, and the accuracy of the operation information is ensured.
In addition, in order to facilitate exception troubleshooting, the central security platform saves the authentication information to the central information issuing platform to be used as a user operation log for recording and subsequent exception troubleshooting. It should be noted that the service operation includes operations such as information editing, information auditing, or information revocation, which may be specifically set according to actual use requirements or design requirements, and is not further limited herein.
In an optional embodiment, the apparatus further includes a station information issuing platform, specifically including: the station information encryption unit encrypts scheduling operation information by using a local encryption software package of a station information release platform based on station and central network interruption to obtain encrypted operation information, wherein the scheduling operation information comprises operation information released by the station information release platform; and the station information sending unit is used for sending the encrypted operation information to the station terminal and decrypting the encrypted operation information by using the local decryption software package.
Fig. 12 illustrates a physical structure diagram of an electronic device, which may include, as shown in fig. 12: a processor (processor)121, a communication Interface (communication Interface)122, a memory (memory)123 and a communication bus 124, wherein the processor 121, the communication Interface 122 and the memory 123 complete communication with each other through the communication bus 124. The processor 121 may call logic instructions in the memory 123 to execute a method for safely issuing rail transit operation information, the method including: based on the connection between a station and a central network, sending a scheduling request to a data management platform and receiving scheduling information returned by the data management platform, wherein the scheduling information is operation information extracted according to the scheduling request and is obtained by performing source safety check on the operation information or source alarm information; based on the scheduling information being operation information which passes source security verification, sending the scheduling information to a central security platform, and receiving encrypted scheduling information returned by the central security platform, wherein the encrypted scheduling information is obtained by encrypting the scheduling information; sending the encrypted scheduling information to a station terminal for decryption by using a station security platform; or based on the connection between the station and the central network, receiving encrypted scheduling information sent by the information scheduling platform, wherein the encrypted scheduling information is obtained by the information scheduling platform by extracting operation information from the data management platform and encrypting the operation information by using the central security platform; sending the encrypted scheduling information to a station safety platform, and receiving first information returned by the station safety platform, wherein the first information is decrypted scheduling information or transmission alarm information obtained by carrying out transmission safety verification on the encrypted scheduling information and according to a transmission safety verification result; and broadcasting the decrypted scheduling information based on the decrypted scheduling information obtained by decrypting the encrypted scheduling information which passes the transmission security verification based on the first information.
In addition, the logic instructions in the memory 123 may be implemented in the form of software functional units and stored in a computer readable storage medium when the logic instructions are sold or used as independent products. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
In another aspect, the present invention further provides a computer program product, where the computer program product includes a computer program, the computer program may be stored on a non-transitory computer readable storage medium, and when the computer program is executed by a processor, a computer can execute the method for safely distributing rail transit operation information provided by the above methods, where the method includes: based on the connection between a station and a central network, sending a scheduling request to a data management platform and receiving scheduling information returned by the data management platform, wherein the scheduling information is operation information extracted according to the scheduling request and is obtained by performing source safety check on the operation information or source alarm information; based on the scheduling information being operation information which passes source security verification, sending the scheduling information to a central security platform, and receiving encrypted scheduling information returned by the central security platform, wherein the encrypted scheduling information is obtained by encrypting the scheduling information; sending the encrypted scheduling information to a station terminal for decryption by using a station security platform; or based on the connection between the station and the central network, receiving encrypted scheduling information sent by the information scheduling platform, wherein the encrypted scheduling information is obtained by the information scheduling platform by extracting operation information from the data management platform and encrypting the operation information by using the central security platform; sending the encrypted scheduling information to a station safety platform, and receiving first information returned by the station safety platform, wherein the first information is decrypted scheduling information or transmission alarm information obtained by carrying out transmission safety verification on the encrypted scheduling information and according to a transmission safety verification result; and broadcasting the decrypted scheduling information based on the decrypted scheduling information obtained by decrypting the encrypted scheduling information which passes the transmission security verification based on the first information.
In yet another aspect, the present invention also provides a non-transitory computer-readable storage medium, on which a computer program is stored, the computer program being implemented by a processor to execute the method for safely distributing rail transit operation information provided by the above methods, the method including: based on the connection between a station and a central network, sending a scheduling request to a data management platform and receiving scheduling information returned by the data management platform, wherein the scheduling information is operation information extracted according to the scheduling request and is obtained by performing source safety check on the operation information or source alarm information; based on the scheduling information being operation information which passes source security verification, sending the scheduling information to a central security platform, and receiving encrypted scheduling information returned by the central security platform, wherein the encrypted scheduling information is obtained by encrypting the scheduling information; sending the encrypted scheduling information to a station terminal for decryption by using a station security platform; or based on the connection between the station and the central network, receiving encrypted scheduling information sent by the information scheduling platform, wherein the encrypted scheduling information is obtained by the information scheduling platform by extracting operation information from the data management platform and encrypting the operation information by using the central security platform; sending the encrypted scheduling information to a station safety platform, and receiving first information returned by the station safety platform, wherein the first information is decrypted scheduling information or transmission alarm information obtained by carrying out transmission safety verification on the encrypted scheduling information and according to a transmission safety verification result; and broadcasting the decrypted scheduling information based on the decrypted scheduling information obtained by decrypting the encrypted scheduling information which passes the transmission security verification based on the first information.
The above-described embodiments of the apparatus are merely illustrative, and the units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment. One of ordinary skill in the art can understand and implement it without inventive effort.
Through the above description of the embodiments, those skilled in the art will clearly understand that each embodiment can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware. With this understanding in mind, the above-described technical solutions may be embodied in the form of a software product, which can be stored in a computer-readable storage medium such as ROM/RAM, magnetic disk, optical disk, etc., and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the methods described in the embodiments or some parts of the embodiments.
Finally, it should be noted that: the above examples are only intended to illustrate the technical solution of the present invention, but not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.

Claims (10)

1. A rail transit operation information safety release method is characterized by comprising the following steps:
based on the connection between a station and a central network, sending a scheduling request to a data management platform and receiving scheduling information returned by the data management platform, wherein the scheduling information is operation information extracted according to the scheduling request and is obtained by performing source safety verification on the operation information or source alarm information;
based on the scheduling information being operation information which passes the source security verification, sending the scheduling information to a central security platform, and receiving encrypted scheduling information returned by the central security platform, wherein the encrypted scheduling information is obtained by encrypting the scheduling information;
and sending the encrypted scheduling information to a station terminal for decryption by using a station safety platform.
2. The rail transit operation information security issuing method according to claim 1, characterized by further comprising: based on the source alarm information generated by the operation information which does not pass the source security verification, stopping scheduling the operation information which does not pass the source security verification;
the source security check includes:
obtaining the abstract of the operation information extracted from the database according to the scheduling request based on an information abstract algorithm;
comparing the abstract with a pre-stored initial abstract, wherein the initial abstract is obtained based on an information abstract algorithm when the operation information is stored in the database;
if the comparison is consistent, the source safety check is passed;
otherwise, marking the operation as illegal information and generating source alarm information.
3. The rail transit operation information security issuing method according to claim 2, wherein the operation information extracted from the database includes operation information that is issued by a central information issuing platform based on authentication information returned by the central security platform and that is sent to the database by the central information issuing platform;
the authentication information is obtained by the central security platform performing face recognition based on the user image sent by the central information publishing platform and performing digital signature on the business operation completion request corresponding to the user passing the face recognition;
the user image is obtained by photographing the user after the central information publishing platform carries out living body detection on the user based on the user service operation completion request;
and/or;
the operation information extracted from the database includes operation information transmitted to the database by an external system, and the external system includes at least one of an operation command center (TCC), an integrated monitoring system (ISCS), an environment and equipment monitoring system (BAS), and a Fire Alarm System (FAS).
4. The rail transit operation information security issuing method according to claim 1, wherein the encrypted scheduling information includes a ciphertext and a key that are packaged into a digital envelope, the ciphertext is obtained by the central security platform encrypting the scheduling information based on a symmetric encryption algorithm, and the key is obtained by the central security platform encrypting a parameter of the symmetric encryption algorithm based on an asymmetric encryption algorithm.
5. A rail transit operation information safety release method is characterized by comprising the following steps:
based on the connection of a station and a central network, receiving encrypted scheduling information sent by an information scheduling platform, wherein the encrypted scheduling information is obtained by extracting operation information from a data management platform for the information scheduling platform and encrypting the operation information by using a central security platform;
sending the encrypted scheduling information to a station safety platform, and receiving first information returned by the station safety platform, wherein the first information is decrypted scheduling information or transmission alarm information obtained by carrying out transmission safety verification on the encrypted scheduling information and according to a transmission safety verification result;
and broadcasting the decryption scheduling information based on the decryption scheduling information obtained by decrypting the encryption scheduling information passing the transmission security verification based on the first information.
6. The rail transit operation information security release method according to claim 5, wherein the encryption scheduling information includes a ciphertext and a key, and the decryption scheduling information is obtained by judging whether the ciphertext conforms to an agreed encryption rule and decrypting the ciphertext by using the key corresponding to the ciphertext conforming to the agreed rule;
further comprising: based on the first information, the transmission alarm information is generated according to the encrypted scheduling information which fails the transmission security verification, and the release of the encrypted scheduling information which fails the transmission security verification is stopped;
further comprising:
receiving encrypted operation information sent by a station information release platform based on station and central network interruption, wherein the encrypted operation information is obtained by encrypting the operation information released by a local encryption software package of the station information release platform;
and decrypting the encrypted operation information by using a local decryption software package, and broadcasting the decryption scheduling information.
7. The utility model provides a track traffic operation information safety issue device which characterized in that includes:
the dispatching information acquisition module is connected with a central network based on a station, sends a dispatching request to a data management platform and receives dispatching information returned by the data management platform, wherein the dispatching information is operation information extracted according to the dispatching request and is operation information or source alarm information obtained by performing source safety verification on the operation information;
the encrypted information acquisition module is used for sending the scheduling information to a central security platform and receiving encrypted scheduling information returned by the central security platform based on the fact that the scheduling information is operation information which passes the source security verification, wherein the encrypted scheduling information is obtained by encrypting the scheduling information;
and the information sending module is used for sending the encrypted scheduling information to a station terminal and decrypting the encrypted scheduling information by using a station safety platform.
8. The utility model provides a track traffic operation information safety issue device which characterized in that includes:
the system comprises an information receiving module, a central network connection module and a data management module, wherein the information receiving module is used for receiving encrypted scheduling information sent by an information scheduling platform based on station and central network connection, and the encrypted scheduling information is obtained by the information scheduling platform through extracting operation information from a data management platform and encrypting the operation information by using a central security platform;
the first information acquisition module is used for sending the encrypted scheduling information to a station safety platform and receiving first information returned by the station safety platform, wherein the first information is decrypted scheduling information or transmission alarm information obtained by carrying out transmission safety verification on the encrypted scheduling information and according to a transmission safety verification result;
and the information broadcasting module is used for broadcasting the decryption scheduling information based on the decryption scheduling information obtained by decrypting the encryption scheduling information passing the transmission safety verification according to the first information.
9. An electronic device comprising a memory, a processor and a computer program stored on the memory and operable on the processor, wherein the processor implements the steps of the rail transit operation information security distribution method according to any one of claims 1 to 4 when executing the computer program, or implements the steps of the rail transit operation information security distribution method according to any one of claims 5 to 6 when executing the computer program.
10. A non-transitory computer readable storage medium, on which a computer program is stored, wherein the computer program, when being executed by a processor, implements the steps of the rail transit operation information security distribution method according to any one of claims 1 to 4, or implements the steps of the rail transit operation information security distribution method according to any one of claims 5 to 6.
CN202111290551.2A 2021-11-02 2021-11-02 Rail transit operation information safety release method and device Active CN114244553B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111290551.2A CN114244553B (en) 2021-11-02 2021-11-02 Rail transit operation information safety release method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111290551.2A CN114244553B (en) 2021-11-02 2021-11-02 Rail transit operation information safety release method and device

Publications (2)

Publication Number Publication Date
CN114244553A true CN114244553A (en) 2022-03-25
CN114244553B CN114244553B (en) 2024-04-02

Family

ID=80743638

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111290551.2A Active CN114244553B (en) 2021-11-02 2021-11-02 Rail transit operation information safety release method and device

Country Status (1)

Country Link
CN (1) CN114244553B (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105451186A (en) * 2015-12-31 2016-03-30 天津市北海通信技术有限公司 Mobile stop-reporting platform for PIS system based on wireless beacon technology
CN110458445A (en) * 2019-08-07 2019-11-15 上海鸣啸信息科技股份有限公司 A kind of Customer information release management system
CN213122985U (en) * 2020-07-07 2021-05-04 中国铁道科学研究院集团有限公司电子计算技术研究所 PIS authentication system
CN113034325A (en) * 2021-03-05 2021-06-25 中建空列(北京)科技有限公司 Suspension type rail transit PIS system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105451186A (en) * 2015-12-31 2016-03-30 天津市北海通信技术有限公司 Mobile stop-reporting platform for PIS system based on wireless beacon technology
CN110458445A (en) * 2019-08-07 2019-11-15 上海鸣啸信息科技股份有限公司 A kind of Customer information release management system
CN213122985U (en) * 2020-07-07 2021-05-04 中国铁道科学研究院集团有限公司电子计算技术研究所 PIS authentication system
CN113034325A (en) * 2021-03-05 2021-06-25 中建空列(北京)科技有限公司 Suspension type rail transit PIS system

Also Published As

Publication number Publication date
CN114244553B (en) 2024-04-02

Similar Documents

Publication Publication Date Title
CN106256111B (en) Method for verifying message
CN112469003B (en) Traffic sensor network data transmission method, system and medium based on hybrid encryption
CN110035058B (en) Resource request method, device and storage medium
CN106657268A (en) GYK remote maintenance monitoring system and implementation method
CN110061849A (en) Verification method, server, mobile unit and the storage medium of mobile unit
CN112328271B (en) Vehicle-mounted equipment software upgrading method and system
CN104053149A (en) Method and system for realizing security mechanism of vehicle networking equipment
CN104506497A (en) Information issuing method and system
CN105607592A (en) Remote utilization system for public work mechanical vehicles, and implementation method
CN111787027A (en) Safety protection system and method for traffic information release
CN110445782B (en) Multimedia safe broadcast control system and method
CN106850669B (en) Message security transmission method for Internet of things monitoring system
CN112035896A (en) Electronic contract deposit certificate system based on transaction mode
CN109951294B (en) Information updating management method in electronic label system and related equipment
CN104579684B (en) A kind of SM2 checking algorithms suitable for distribution network data
CN109246148A (en) Message processing method, device, system, equipment and computer readable storage medium
CN112383577A (en) Authorization method, device, system, equipment and storage medium
CN114244553B (en) Rail transit operation information safety release method and device
CN102594772B (en) A kind of safe control method for playing back of digital signage
CN114827200B (en) Intelligent automobile basic map data safety protection assembly
KR102029740B1 (en) Method for proof of play in digital signage systems
CN108270601B (en) Mobile terminal, alarm information acquisition method and device and alarm information sending method and device
CN104732701A (en) Method and system for monitoring fire warning information
CN115118751A (en) Block chain-based supervision system, method, equipment and medium
CN114422266A (en) IDaaS system based on dual verification mechanism

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant