CN114244553B - Rail transit operation information safety release method and device - Google Patents

Rail transit operation information safety release method and device Download PDF

Info

Publication number
CN114244553B
CN114244553B CN202111290551.2A CN202111290551A CN114244553B CN 114244553 B CN114244553 B CN 114244553B CN 202111290551 A CN202111290551 A CN 202111290551A CN 114244553 B CN114244553 B CN 114244553B
Authority
CN
China
Prior art keywords
information
scheduling
platform
security
operation information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202111290551.2A
Other languages
Chinese (zh)
Other versions
CN114244553A (en
Inventor
赵伟慧
汪晓臣
李樊
田源
黄志威
孙同庆
王志飞
宫玉昕
杜呈欣
孟宇坤
张铭
刘小满
张胜阳
张馨
吴跃
李佳宁
李波
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Academy of Railway Sciences Corp Ltd CARS
Institute of Computing Technologies of CARS
Beijing Jingwei Information Technology Co Ltd
Original Assignee
China Academy of Railway Sciences Corp Ltd CARS
Institute of Computing Technologies of CARS
Beijing Jingwei Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Academy of Railway Sciences Corp Ltd CARS, Institute of Computing Technologies of CARS, Beijing Jingwei Information Technology Co Ltd filed Critical China Academy of Railway Sciences Corp Ltd CARS
Priority to CN202111290551.2A priority Critical patent/CN114244553B/en
Publication of CN114244553A publication Critical patent/CN114244553A/en
Application granted granted Critical
Publication of CN114244553B publication Critical patent/CN114244553B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/045Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/126Applying verification of the received information the source of the received data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y04INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
    • Y04SSYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
    • Y04S40/00Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
    • Y04S40/20Information technology specific aspects, e.g. CAD, simulation, modelling, system security

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Alarm Systems (AREA)

Abstract

The invention provides a method and a device for safely publishing rail transit operation information, wherein the method comprises the following steps: based on the connection of the station and the central network, sending a scheduling request to a data management platform, and receiving scheduling information returned by the data management platform, wherein the scheduling information is operation information or source alarm information obtained by extracting operation information according to the scheduling request and performing source security verification on the operation information; the scheduling information is operation information passing through source security verification, the scheduling information is sent to the central security platform, and the encryption scheduling information returned by the central security platform is received, wherein the encryption scheduling information is obtained by encrypting the scheduling information; and sending the encrypted scheduling information to the station terminal to decrypt by using the station security platform. The invention ensures the data security in the process of releasing the operation information, avoids the station terminal from broadcasting illegal information or tampered information, and improves the security of releasing the operation information.

Description

Rail transit operation information safety release method and device
Technical Field
The invention relates to the technical field of information security, in particular to a method and a device for releasing rail transit operation information security.
Background
The rail transit Passenger Information System (PIS) is used as an operation information release management core system, can provide information such as train operation information, travel information, government notices and the like in real time, and can play guiding information such as emergency evacuation, disaster prevention and the like in emergency situations such as fire and the like, so that the rail transit Passenger Information System (PIS) is an important means for guaranteeing urban rail transit operation safety.
PIS system is widely used, audience population is huge, and the security of information release is crucial. Currently, two potential safety hazards exist in the operation information release. The number of rail transit sites is large, and an information transmission chain from central release to station display lacks a safe and reliable data verification method and device, so that operation information has security risks of malicious interception, tampering and the like in the processes of database storage and network transmission.
Disclosure of Invention
The invention provides a method and a device for releasing the security of rail transit operation information, which are used for solving the defects of easy leakage and easy tampering caused by the poor security of the rail transit operation information in the prior art and realizing the reliability of station terminal operation information sources and the security of data transmission.
The invention provides a method for safely publishing rail transit operation information, which is characterized by comprising the following steps: based on the connection of the station and the central network, sending a scheduling request to a data management platform, and receiving scheduling information returned by the data management platform, wherein the scheduling information is operation information or source alarm information obtained by extracting operation information according to the scheduling request and performing source security verification on the operation information; based on the scheduling information, which is the operation information passing the source security check, the scheduling information is sent to the central security platform, and the encryption scheduling information returned by the central security platform is received, wherein the encryption scheduling information is obtained by encrypting the scheduling information; and sending the encrypted scheduling information to the station terminal to decrypt by using the station security platform.
According to the method for safely publishing the rail transit operation information, provided by the invention, the operation information which fails the source safety verification is stopped from being scheduled based on the source alarm information which is generated by the operation information which fails the source safety verification;
source security verification, comprising: based on an information abstract algorithm, abstracts of operation information extracted from a database according to a scheduling request are obtained; comparing the abstract with a pre-stored initial abstract, wherein the initial abstract is obtained based on an information abstract algorithm when operation information is stored in a database; if the comparison is consistent, checking the source safety; otherwise, marking the operation as illegal information and generating source alarm information.
According to the rail transit operation information safety release method provided by the invention, the operation information extracted from the database comprises the operation information which is released by the center information release platform based on the authentication information returned by the center safety platform and is sent to the database by the center information release platform; the authentication information is obtained by the center security platform performing face recognition on the basis of the user image sent by the center information release platform and performing digital signature on a service operation completion request corresponding to the user through face recognition; the user image is obtained by photographing the user after living body detection based on a user service operation completion request by the central information release platform; and/or the operation information extracted from the database includes operation information transmitted to the database by an external system including at least one of an operation command center (TCC), an integrated monitoring system (ISCS), an environment and equipment monitoring system (BAS), and a Fire Alarm System (FAS).
According to the method for safely publishing the rail transit operation information, the encrypted scheduling information comprises a ciphertext packaged into a digital envelope and a secret key, wherein the ciphertext is obtained by encrypting the scheduling information by a central security platform based on a symmetric encryption algorithm, and the secret key is obtained by encrypting parameters of the symmetric encryption algorithm by the central security platform based on an asymmetric encryption algorithm.
The invention provides a method for safely publishing rail transit operation information, which comprises the following steps: based on the connection of the station and the central network, receiving the encryption scheduling information sent by the information scheduling platform, wherein the encryption scheduling information is obtained by encrypting the operation information extracted from the data management platform by the information scheduling platform and utilizing the central security platform; the encrypted scheduling information is sent to a station security platform, and first information returned by the station security platform is received, wherein the first information is decryption scheduling information or transmission alarm information obtained by carrying out transmission security verification on the encrypted scheduling information and according to a transmission security verification result; and broadcasting the decryption scheduling information based on the first information which is decryption scheduling information obtained by decrypting the encryption scheduling information passing the transmission security verification. According to the method for safely publishing the rail transit operation information, the encryption scheduling information comprises a ciphertext and a secret key, and the decryption scheduling information is obtained by judging whether the ciphertext accords with an agreed encryption rule and decrypting the ciphertext by using the secret key corresponding to the ciphertext which accords with the agreed encryption rule;
Further comprises: based on the first information, stopping issuing the encrypted scheduling information which fails the transmission security verification, wherein the encrypted scheduling information is generated according to the encrypted scheduling information which fails the transmission security verification;
further comprises: based on station and central network interruption, receiving encrypted operation information sent by a station information release platform, wherein the encrypted operation information is obtained by encrypting operation information released by a local encryption software package of the station information release platform; and decrypting the encrypted operation information by using the local decryption software package, and broadcasting the decryption scheduling information.
The invention provides a rail transit operation information safety release device, which comprises: the dispatching information acquisition module is connected with the central network based on the station, sends a dispatching request to the data management platform, and receives dispatching information returned by the data management platform, wherein the dispatching information is operation information extracted according to the dispatching request and is operation information or source alarm information obtained by carrying out source security verification on the operation information; the encryption information acquisition module is used for transmitting the scheduling information to the central security platform based on the fact that the scheduling information is the operation information passing the source security verification and receiving the encryption scheduling information returned by the central security platform, wherein the encryption scheduling information is obtained by encrypting the scheduling information; and the information sending module is used for sending the encrypted scheduling information to the station terminal to decrypt by using the station security platform.
The invention provides a rail transit operation information safety release device, which comprises: the information receiving module is connected with the central network based on the station, receives the encrypted scheduling information sent by the information scheduling platform, wherein the encrypted scheduling information is operation information extracted from the data management platform by the information scheduling platform and is obtained by encrypting the operation information by utilizing the central security platform; the first information acquisition module is used for transmitting the encrypted scheduling information to the station safety platform and receiving first information returned by the station safety platform, wherein the first information is decryption scheduling information or transmission alarm information obtained according to the transmission safety verification result; and the information broadcasting module broadcasts the decryption scheduling information based on the fact that the first information is the decryption scheduling information obtained by decrypting the encryption scheduling information passing the transmission security verification.
The invention also provides an electronic device, which comprises a memory, a processor and a computer program stored on the memory and capable of running on the processor, wherein the steps of the rail transit operation information security release method are realized by the processor when the program is executed.
The present invention also provides a non-transitory computer readable storage medium having stored thereon a computer program which, when executed by a processor, implements the steps of the rail transit operation information security issuing method as described in any one of the above.
The invention also provides a computer program product comprising a computer program which, when executed by a processor, implements the steps of the rail transit operation information security issuing method as described in any one of the above.
According to the method and the device for safely publishing the rail transit operation information, disclosed by the invention, the encryption box of the central security platform is used for encrypting the scheduling information scheduled by the information scheduling platform, the encrypted scheduling information is sent to the station terminal, the station security platform is used for decrypting, the security in the data transmission process is ensured, the station terminal is prevented from broadcasting tampered information, and the risk brought by malicious tampering of the operation information in the transmission process is effectively reduced; the data management platform is utilized to carry out source security verification on the extracted operation information, so that the reliability of the extracted operation information is improved, illegal information is prevented from being scheduled and released, and the safety of the release of the operation information is further improved; meanwhile, abnormal conditions such as malicious tampering and illegal release of information can be timely early-warned, the operation abnormality detection sensing capability is improved, and the safety of operation information release management is improved.
Drawings
In order to more clearly illustrate the invention or the technical solutions of the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described, and it is obvious that the drawings in the description below are some embodiments of the invention, and other drawings can be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a schematic flow chart of a method for releasing the security of the rail transit operation information;
FIG. 2 is a schematic diagram of a flow of source security verification provided by the present invention;
FIG. 3 is a schematic diagram of a user identification and digital signature process provided by the present invention;
FIG. 4 is a schematic flow chart of the transmission security verification provided by the invention;
FIG. 5 is a second flow chart of the method for releasing the security of the rail transit operation information provided by the invention;
fig. 6 is one of schematic diagrams of a structure of the method for releasing security of rail transit operation information provided by the invention;
FIG. 7 is a second schematic diagram of a method for releasing security of information of rail transit operation according to the present invention;
fig. 8 is a schematic structural diagram of a rail transit operation information security issuing device provided by the invention;
FIG. 9 is a second schematic diagram of a security issuing device for information of rail transit operation according to the present invention;
fig. 10 is a third schematic structural diagram of the security issuing device for rail transit operation information provided by the present invention;
FIG. 11 is a schematic diagram of a structure of a security issuing device for information of rail transit operation according to the present invention;
fig. 12 is a schematic structural diagram of an electronic device provided by the present invention.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the present invention more apparent, the technical solutions of the present invention will be clearly and completely described below with reference to the accompanying drawings, and it is apparent that the described embodiments are some embodiments of the present invention, not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
Fig. 1 shows a flow diagram of a method for releasing security of rail transit operation information, which includes:
s11, based on the connection of the station and the central network, sending a scheduling request to the data management platform, and receiving scheduling information returned by the data management platform, wherein the scheduling information is operation information or source alarm information obtained by extracting operation information according to the scheduling request and carrying out source security verification on the operation information;
S12, based on the scheduling information, which is the operation information passing the source security check, the scheduling information is sent to the central security platform, and the encryption scheduling information returned by the central security platform is received, wherein the encryption scheduling information is obtained by encrypting the scheduling information;
s13, the encrypted scheduling information is sent to the station terminal to be decrypted by the station security platform.
It should be noted that, the execution body of the embodiment is an information scheduling platform, and when the station is connected to the central network, the information scheduling platform extracts the operation information from the data management platform and encrypts the operation information by using the central security platform. S1N in the present specification does not represent the sequence of the method for releasing the security of the rail transit operation information, and the method for releasing the security of the rail transit operation information of the present invention is described below with reference to fig. 2 to 4.
Step S11, based on the connection of the station and the central network, a scheduling request is sent to the data management platform, scheduling information returned by the data management platform is received, wherein the scheduling information is operation information or source alarm information obtained by extracting operation information according to the scheduling request and performing source security verification on the operation information.
It should be noted that, after receiving a request sent by the information scheduling platform, the data management platform extracts corresponding operation information according to the scheduling request; and the data management platform performs source security verification on the extracted operation information to obtain scheduling information, and returns the scheduling information to the information scheduling platform. It should be noted that if the operation information passes the source security check, the operation information is used as the scheduling information; otherwise, the operation information is marked, and source alarm information is generated as scheduling information. In addition, based on the connection of the station and the central network, the central information release platform independently manages the information release of the station terminal managed by the station.
Specifically, referring to fig. 2, the source security check includes: based on an information abstract algorithm, abstracts of operation information extracted from a database according to a scheduling request are obtained; comparing the abstract with a pre-stored initial abstract, wherein the initial abstract is obtained based on an information abstract algorithm when operation information is stored in a database; and if the comparison is consistent, checking the source safety, taking the operation information as scheduling information, otherwise, marking the operation information as illegal information, and generating source alarm information. It should be noted that the summary calculation object of the operation information includes the content, time, level, and distribution user of the operation information.
In an alternative embodiment, the operation information extracted from the database includes operation information which is issued by the central information issuing platform based on authentication information returned by the central security platform and is sent to the database by the central information issuing platform; the authentication information is obtained by the center security platform performing face recognition on the basis of the user image sent by the center information release platform and performing digital signature on a service operation completion request corresponding to the user through face recognition; the user image is obtained by photographing the user after living body detection based on the user service operation completion request by the central information release platform.
Specifically, a user performs service operation based on a central information release platform and sends an operation completion request to the central information release platform; the center information release platform receives the operation completion request, performs living body detection on a user by using a face recognition camera, acquires a user image, and sends the acquired user image and the operation completion request to the center security platform; referring to fig. 3, the central security platform compares the user image with the pre-stored face image, if the comparison is consistent, the current user key is obtained, the service operation requested by the operation completion is digitally signed based on the key invoking signature service, and the authentication information with the signature is returned to the central information release platform; otherwise, judging the user as an illegal user, generating operation alarm information unsafe for user operation by the central security platform, and returning the operation alarm information to the central information release platform; the center information release platform completes service operation according to the received authentication information and sends operation information formed based on the service operation to the data management platform; the data management platform calculates an initial abstract based on the information abstract algorithm, and stores the operation information and the initial abstract into a database to wait for scheduling.
When the central security platform compares the user image with the pre-stored face image, the similarity between the user image and the face image is calculated, and if the similarity is not smaller than a preset threshold, the comparison is consistent, and the face recognition verification is passed. The initial abstract is used as the digital fingerprint of the operation information, so that the operation information and the operation information are stored in the database at the same time, and if the operation information is tampered by other people, the corresponding abstract is changed, so that when the operation information is subsequently called, whether the operation information is tampered or not is judged through comparison of the abstract, and the accuracy of the operation information is ensured. In addition, before the central security platform compares the user image with the pre-stored face image, the user basic information and the face image are collected, and a unique digital certificate is bound for each user. Thereby facilitating subsequent retrieval of the key of the user through face recognition for digital signature.
The user identity dual-authentication technology based on face recognition and digital signature realizes signature authentication of user information release management operation events on the basis of user identity authenticity verification, forms a complete evidence chain of user operation, avoids risks of one-number multiple use, password embezzlement, illegal release and the like, enhances user behavior anti-repudiation and improves operation management efficiency. By means of the fusion application of the identity authentication technology and the information encryption and decryption technology, a safety support platform is added on the basis of a passenger information system center-station two-stage control architecture, data safety verification is added aiming at key links such as editing, auditing, storing, transmitting and displaying of operation information distribution functions, and effective identity authentication technology is adopted, so that the safety control of the whole flow of operation information from a control center to a station playing terminal is realized, and the reliability of the source of the operation information of the station terminal and the safety of data are ensured.
In order to facilitate abnormality investigation, the central security platform reserves authentication information to the central information release platform to be used as a user operation log for recording and subsequent abnormality investigation. It should be noted that, the business operations include operations such as information editing, information auditing, or information revocation, which may be specifically set according to actual use requirements or design requirements, and are not further limited herein.
In another alternative embodiment, the operation information extracted from the database includes system operation information transmitted from an external system to the database. The external system includes at least one of an operation command center (TCC), an integrated monitoring system (ISCS), an environment and equipment monitoring system (BAS), and a Fire Alarm System (FAS), and the operation information is information transmitted from the external system to a Passenger Information System (PIS). It should be noted that, in the present embodiment, the external system is a platform other than the center information distribution platform, and is not further limited herein.
In an alternative embodiment, before sending the scheduling request to the data management platform based on the station-to-center network connection, the method further comprises: judging whether the station is in degradation operation or not, namely judging whether the station is in degradation operation or not based on the connection state of the station and the central network, if the station is connected with the central network, normally operating, otherwise, carrying out degradation operation. It should be noted that, the degradation operation refers to interruption of the station and the central network, separation from the central information release management platform, and independent management of information release of the station terminal managed by the station information release platform.
And step S12, based on the fact that the scheduling information is the operation information passing the source security check, the scheduling information is sent to the central security platform, and the encryption scheduling information returned by the central security platform is received, wherein the encryption scheduling information is obtained by encrypting the scheduling information.
In this embodiment, when the scheduling information is operation information passing the source security check, the information scheduling platform receives the scheduling information and then sends the scheduling information to the central security platform for encryption; and after receiving the scheduling information, the central security platform encrypts the scheduling information and returns the encrypted scheduling information to the information scheduling platform. It should be noted that, the encrypted scheduling information includes a ciphertext packaged into a digital envelope and a key, the ciphertext is obtained by encrypting the scheduling information by the central security platform based on a symmetric encryption algorithm, the key is obtained by encrypting parameters of the symmetric encryption algorithm by the central security platform based on an asymmetric encryption algorithm, and the symmetric encryption algorithm and the asymmetric encryption algorithm can adopt the existing algorithm or a new algorithm designed based on actual encryption requirements, which is not limited further herein. In addition, the central security platform encrypts the scheduling information by using an encryption box, the encryption box realizes data encryption based on a national encryption mixing algorithm, supports data encryption transmission under Socket, HTTP, FTP, TCP/IP protocol, and provides a standard API encryption service interface.
In an alternative embodiment, scheduling of operation information that fails the source security check is aborted based on the scheduling information being source alert information generated from operation information that fails the source security check. When the scheduling information is the source alarm information generated according to the operation information which does not pass the source security check, the source alarm information is returned to the information scheduling platform so that the information scheduling platform can stop the scheduling operation, and the operation information is known to have security risks, so that the security of information transmission is improved.
And step S13, the encrypted scheduling information is sent to the station terminal to be decrypted by using the station security platform.
In this embodiment, after the information scheduling platform sends the encrypted scheduling information to the station terminal, the station terminal receives the encrypted scheduling information, sends the encrypted scheduling information to the station security platform, and receives first information returned by the station security platform, where the first information is obtained by performing transmission security verification on the encrypted scheduling information and according to the transmission security verification result. It should be noted that, the first information may be decryption scheduling information passing through transmission security verification or transmission alarm information failing through transmission security verification, specifically referring to fig. 4, after the station terminal sends the encryption scheduling information to the station security platform, the station security platform receives the encryption scheduling information and judges whether ciphertext in the encryption scheduling information accords with a predetermined encryption principle, if so, the ciphertext is decrypted by using a secret key, so as to obtain decryption scheduling information, otherwise, the data is tampered in the transmission process, the data is discarded, and transmission alarm information indicating that the data transmission is unsafe is generated; the station safety platform feeds back decryption scheduling information or transmission alarm information to the station terminal; after receiving the decryption scheduling information, the station terminal broadcasts the decryption scheduling information according to a preset playing rule, or after receiving the transmission alarm information, the station terminal timely determines that the information is tampered data, so that the data is prevented from being broadcast.
In an alternative embodiment, the method further comprises: encrypting scheduling operation information by using a local encryption software package of a station information release platform based on station and central network interruption to obtain encrypted operation information, wherein the scheduling operation information comprises operation information released by the station information release platform; and the station information release platform sends the encrypted operation information to the station terminal to be decrypted by using the local decryption software package. After decrypting the encrypted operation information by using the local decryption software package, the station terminal obtains the decrypted operation information and broadcasts the decrypted operation information through the station terminal. In addition, based on the station and the central network terminal, the information release of the station terminal managed by the station is separated from the central information release platform and is independently managed by the station information release platform, so that the situation that the operation information release is interrupted due to the fact that hardware such as an encryption box of the central safety platform and a decryption box of the station safety platform are failed in the emergency such as fire disaster of the PIS system is avoided.
Fig. 5 shows a flow diagram of a method for releasing security of rail transit operation information, which includes:
s21, based on the connection of the station and the central network, receiving the encrypted scheduling information sent by the information scheduling platform, wherein the encrypted scheduling information is operation information extracted from the data management platform by the information scheduling platform and is obtained by encrypting the operation information by utilizing the central security platform;
S22, sending the encrypted scheduling information to a station safety platform, and receiving first information returned by the station safety platform, wherein the first information is decryption scheduling information or transmission alarm information obtained by carrying out transmission safety verification on the encrypted scheduling information and according to a transmission safety verification result;
s23, broadcasting the decryption scheduling information based on the decryption scheduling information obtained by decrypting the encryption scheduling information passing the transmission security verification.
It should be noted that, the execution body of the embodiment is a station terminal, which is configured to receive the encrypted scheduling information sent from the information scheduling platform and decrypt the encrypted scheduling information by using the station security platform to broadcast the decrypted scheduling information, where the station terminal in the embodiment includes, but is not limited to, at least one of a station play controller, an inquiry all-in-one machine, an electronic guidance, an intelligent customer service play terminal, and other common passenger service play terminals. S2N in the present specification does not represent the sequence of the rail transit operation information security issuing method, and the rail transit operation information security issuing method of the present invention is specifically described below.
Step S21, based on the connection of the station and the central network, the encryption scheduling information sent by the information scheduling platform is received, wherein the encryption scheduling information is obtained by the operation information extracted from the data management platform by the information scheduling platform and encrypting the operation information by utilizing the central security platform.
In this embodiment, the station terminal receives the encrypted scheduling information sent by the information scheduling platform, where the encrypted scheduling information is based on the information scheduling platform to extract the operation information from the data management platform, and encrypts the operation information by using the central security platform. Specifically, the information scheduling platform sends a scheduling request to the data management platform; after receiving the scheduling request, the data management platform extracts corresponding operation information from the database according to the scheduling request, performs source security verification on the operation information to obtain scheduling information, and then sends the scheduling information to the information scheduling platform; if the scheduling information is the operation information passing the source security check, the information scheduling platform sends the scheduling information to the central security platform for encryption, and sends the encrypted scheduling information returned after the central security platform is encrypted to the station terminal. In addition, if the scheduling information is the source alarm information generated according to the operation information which does not pass the source security check, the information scheduling platform timely terminates the scheduling information operation so as to avoid scheduling error information or tampered information, thereby improving the security of information transmission.
It should be noted that, the encrypted scheduling information includes a ciphertext packaged into a digital envelope and a key, the ciphertext is obtained by encrypting the scheduling information by the central security platform based on a symmetric encryption algorithm, the key is obtained by encrypting parameters of the symmetric encryption algorithm by the central security platform based on an asymmetric encryption algorithm, and the symmetric encryption algorithm and the asymmetric encryption algorithm can adopt the existing algorithm or a new algorithm designed based on actual encryption requirements, which is not limited further herein.
Step S22, the encrypted scheduling information is sent to the station security platform, and first information returned by the station security platform is received, wherein the first information is decryption scheduling information or transmission alarm information obtained by carrying out transmission security verification on the encrypted scheduling information and according to a transmission security verification result.
In this embodiment, after the station terminal transmits the encrypted scheduling information to the station security platform, the station security platform receives the encrypted scheduling information and performs transmission security verification, where the transmission security verification includes: judging whether the ciphertext in the encryption scheduling information accords with the agreed encryption principle, and if so, passing the transmission security verification. Obtaining first information according to the transmission security verification result, including: if the transmission security verification is passed, decrypting the ciphertext by using a key in the encrypted scheduling information to obtain decrypted scheduling information; otherwise, discarding the corresponding encryption scheduling information and generating transmission alarm information representing the unsafe alarms of data transmission; the station security platform returns the decrypted scheduling information or the transmission alarm information to the station terminal as the first information.
Step S23, broadcasting the decryption scheduling information based on the first information which is the decryption scheduling information obtained by decrypting the encryption scheduling information passing the transmission security verification.
In this embodiment, the encryption scheduling information includes a ciphertext and a key, and the decryption scheduling information is obtained by judging whether the ciphertext meets an agreed encryption rule, and decrypting the ciphertext using the key corresponding to the ciphertext meeting the agreed encryption rule. In an optional embodiment, the first information is transmission alarm information generated according to the encrypted scheduling information which does not pass the transmission security verification, and the station terminal stops broadcasting, so that error data or tampered data is prevented from being broadcasted.
In an alternative embodiment, issuing the encrypted schedule information that fails the transmission security verification is aborted based on the first information being the transmission alert information generated from the encrypted schedule information that fails the transmission security verification. When the first information is the transmission alarm information generated according to the encrypted scheduling information which does not pass the transmission security verification, the transmission alarm information is returned to the station terminal so as to facilitate the station terminal to stop the information release operation, thereby effectively reducing the risk brought by malicious tampering of the operation information in the transmission process.
In an alternative embodiment, the method further comprises: based on station and central network interruption, receiving encrypted operation information sent by a station information release platform, wherein the encrypted operation information is obtained by encrypting operation information released by a local encryption software package of the station information release platform; and decrypting the encrypted operation information by using the local decryption software package to obtain decryption operation information, and broadcasting the decryption operation information by using the station terminal. The station information release platform locally stores the encrypted software package, and the station terminal locally stores the decrypted software package, so that the situation that the operation information release is interrupted due to the fact that hardware such as an encryption box of the central safety platform and a decryption box of the station safety platform are faulty under emergency conditions such as fire disaster and the like of the PIS system is avoided. The station information release platform stores an encryption software package so as to encrypt operation information to be released; the station terminal receives the encrypted scheduling information sent by the station information issuing platform and decrypts the encrypted scheduling information based on the local decryption software package. It should be noted that, the encryption software package and/or the decryption software package may employ software packages based on symmetric encryption algorithms. When an emergency situation occurs, the station information release platform detects a central security platform fault, directly calls a local encryption software package to encrypt and release operation information, and calls a local decryption software package to decrypt and play the station play terminal program, so that normal operation of PIS system operation information release service is ensured.
In an optional embodiment, the method for releasing the security of the rail transit operation information comprises the following steps:
s31, based on the connection of the station and the central network, the information scheduling platform sends a scheduling request to the data management platform and receives scheduling information returned by the data management platform, wherein the scheduling information is operation information or source alarm information obtained by extracting operation information according to the scheduling request and performing source security verification on the operation information;
s32, if the scheduling information is the operation information passing the source security check, the information scheduling platform sends the scheduling information to the central security platform and receives the encryption scheduling information returned by the central security platform, wherein the encryption scheduling information is obtained by encrypting the scheduling information;
s33, the information scheduling platform sends the encrypted scheduling information to the station terminal;
s34, the station terminal receives the encrypted scheduling information sent by the information scheduling platform;
s35, the station terminal sends the encrypted scheduling information to the station safety platform, and receives first information returned by the station safety platform, wherein the first information is decryption scheduling information or transmission alarm information obtained by carrying out transmission safety verification on the encrypted scheduling information and according to a transmission safety verification result;
And S36, if the first information is decryption scheduling information obtained by decrypting the encryption scheduling information passing the transmission security verification, broadcasting the decryption scheduling information by the station terminal.
It should be noted that, the specific implementation steps of the present embodiment may be referred to the foregoing description, and will not be repeated herein. S3N in the present specification does not represent the order of the track traffic operation information security issuing method, and the track traffic operation information security issuing method of the present invention is described below.
In an alternative embodiment, the method further comprises: based on station and central network interruption, the station information release platform encrypts scheduling operation information by utilizing a local encryption software package thereof to obtain encrypted operation information, wherein the scheduling operation information comprises operation information released by the station information release platform; the station information release platform sends the encrypted operation information to the station terminal; the station terminal receives the encrypted operation information sent by the station information release platform, the encrypted operation information is obtained by encrypting the operation information released by the station information release platform by utilizing a local encryption software package, the encrypted operation information is decrypted by utilizing a local decryption software package, the decrypted operation information is obtained, and the station terminal is used for broadcasting the decrypted operation information.
Fig. 6 shows a schematic architecture diagram of a method for releasing security of rail transit operation information, which includes:
s41, based on the connection of the station and the central network, the information scheduling platform sends a scheduling request to the data management platform;
s42, the data management platform receives the scheduling request sent by the information scheduling platform, extracts operation information from the database according to the scheduling request, performs source security verification on the operation information, obtains the operation information or source alarm information as scheduling information, and returns the scheduling information to the information scheduling platform; the data management platform receives operation information issued by an external system and/or operation information which is transmitted by the central information issuing platform and is verified by central security platform information issuing in advance, calculates the abstract of the received information based on an information abstract algorithm, and stores the abstract and the corresponding information as initial abstract into the database;
s43, if the scheduling information is the operation information passing the source security check, the information scheduling platform sends the scheduling information to the central security platform;
s44, the central security platform receives the scheduling information sent by the information scheduling platform, encrypts the scheduling information by using an encryption box to obtain encrypted scheduling information, and returns the encrypted scheduling information to the information scheduling platform;
S45, the information scheduling platform sends the encrypted scheduling information to the station terminal;
s46, the station terminal sends the encrypted scheduling information to the station safety platform and receives first information returned by the station safety platform, wherein the first information is decryption scheduling information or transmission alarm information obtained by carrying out transmission safety verification on the encrypted scheduling information and according to a transmission safety verification result;
and S47, if the first information is decryption scheduling information obtained by decrypting the encryption scheduling information passing the transmission security verification, broadcasting the decryption scheduling information by the station terminal.
It should be noted that, the specific implementation steps of the present embodiment may be referred to the foregoing description, and will not be repeated herein. S4N in the present specification does not represent the sequence of the method for safely publishing rail transit operation information, and the method for safely publishing rail transit operation information of the present invention is described below with reference to fig. 7.
When the information stored in the database is the operation information sent by the central information publishing platform, before the data management platform receives the scheduling request sent by the information scheduling platform in step S42, the method further includes: the user performs service operation based on the center information release platform and sends an operation completion request to the center information release platform; the center information release platform receives the operation completion request, performs living body detection on a user by using a face recognition camera, acquires a user image, and sends the acquired user image and the operation completion request to the center security platform; the center security platform compares the user image with a pre-stored face image, if the comparison is consistent, a current user key is obtained, a signature service is called based on the key to digitally sign the business operation of the operation completion request, and authentication information with the signature is returned to the center information release platform; otherwise, judging the user as an illegal user, generating operation alarm information unsafe for user operation by the central security platform, and returning the operation alarm information to the central information release platform; and the central information release platform completes service operation according to the received authentication information and sends operation information formed based on the service operation to the data management platform. In addition, after receiving the operation information issued by the external system and/or the operation information sent by the central information issuing platform, the data management platform calculates the abstract of the received information based on the information abstract algorithm, and stores the abstract and the corresponding information as initial abstract into a database to wait for scheduling.
When the central security platform compares the user image with the pre-stored face image, the similarity between the user image and the face image is calculated, and if the similarity is not smaller than a preset threshold, the comparison is consistent, and the face recognition verification is passed. The initial abstract is used as the digital fingerprint of the operation information, so that the operation information and the operation information are stored in the database at the same time, and if the operation information is tampered by other people, the corresponding abstract is changed, so that when the operation information is subsequently called, whether the operation information is tampered or not is judged through comparison of the abstract, and the accuracy of the operation information is ensured. In addition, in order to facilitate the abnormality investigation, the central security platform reserves authentication information to the central information release platform so as to be used as a user operation log for recording and subsequent abnormality investigation. It should be noted that, the business operations include operations such as information editing, information auditing, or information revocation, which may be specifically set according to actual use requirements or design requirements, and are not further limited herein.
In an alternative embodiment, the method further comprises: based on the interruption of the station and the central network, the local encryption software package of the station information release platform encrypts the scheduling operation information to obtain encrypted operation information, wherein the scheduling operation information comprises the operation information released by the station information release platform; the station information release platform sends the encrypted operation information to the station terminal; the station terminal receives the encrypted operation information sent by the station information release platform, the encrypted operation information is obtained by encrypting the operation information released by the station information release platform by utilizing a local encryption software package, the encrypted operation information is decrypted by utilizing a local decryption software package, the decrypted operation information is obtained, and the station terminal is used for broadcasting the decrypted operation information.
In summary, the encryption box of the central security platform encrypts the scheduling information scheduled by the information scheduling platform, and sends the encrypted scheduling information to the station terminal, and the station security platform is utilized for decryption, so that the security in the data transmission process is ensured, the station terminal is prevented from broadcasting tampered information, and the risk brought by malicious tampering of the operation information in the transmission process is effectively reduced; the data management platform is utilized to carry out source security verification on the extracted operation information, so that the reliability of the extracted operation information is improved, illegal information is prevented from being scheduled and released, and the safety of the release of the operation information is further improved; meanwhile, abnormal conditions such as malicious tampering and illegal release of information can be timely early-warned, the operation abnormality detection sensing capability is improved, and the safety of operation information release management is improved.
The track traffic operation information security issuing device provided by the invention is described below, and the track traffic operation information security issuing device described below and the track traffic operation information security issuing method described above can be correspondingly referred to each other.
Fig. 8 shows a schematic structural diagram of a rail transit operation information security issuing device, which is an information scheduling platform, and includes:
The scheduling information acquisition module 81 is connected with the central network based on the station, sends a scheduling request to the data management platform, and receives scheduling information returned by the data management platform, wherein the scheduling information is operation information or source alarm information obtained by extracting operation information according to the scheduling request and performing source security verification on the operation information;
the encryption information acquisition module 82 is used for transmitting the scheduling information to the central security platform based on the scheduling information being the operation information passing the source security verification and receiving the encryption scheduling information returned by the central security platform, wherein the encryption scheduling information is obtained by encrypting the scheduling information;
the information transmitting module 83 transmits the encrypted schedule information to the station terminal for decryption by the station security platform.
In this embodiment, the scheduling information obtaining module 81 includes: a request transmitting unit for transmitting a scheduling request to the data management platform; the information receiving unit is used for receiving scheduling information returned by the data management platform, wherein the scheduling information is operation information extracted according to a scheduling request, and the operation information is obtained by performing source security verification on the operation information or source alarm information. Specifically, the data management platform includes: a request receiving unit for receiving the access request sent by the request sending unit; the extraction unit extracts corresponding operation information according to the scheduling request; the source safety verification unit is used for carrying out source safety verification on the extracted operation information to obtain scheduling information; and the information return unit returns the scheduling information to the information scheduling platform. It should be noted that if the operation information passes the source security check, the operation information is used as the scheduling information; otherwise, the operation information is marked, and source alarm information is generated as scheduling information.
Further, the source security verification unit includes: a summary calculation subunit, based on the information summary algorithm, obtaining a summary of the operation information extracted from the database according to the scheduling request; the comparison subunit is used for comparing the abstract with a pre-stored initial abstract, wherein the initial abstract is obtained based on an information abstract algorithm when operation information is stored in a database; if the comparison is consistent, the source security check is passed, otherwise, the operation information is marked as illegal information, and source alarm information is generated. It should be noted that the summary calculation object of the operation information includes the content, time, level, and distribution user of the operation information.
In an alternative embodiment, the operation information extracted from the data includes operation information which is issued by the central information issuing platform based on the authentication information returned by the central security platform and is sent to the database by the central information issuing platform; the authentication information is obtained by the center security platform performing face recognition on the basis of the user image sent by the center information release platform and performing digital signature on a service operation completion request corresponding to the user through face recognition; the user image is obtained by photographing the user after living body detection based on the user service operation completion request by the central information release platform. Specifically, the center information distribution platform includes: an operation receiving unit for receiving an operation completion request sent by a user after performing service operation; the image acquisition unit is used for performing living body detection on a user by using a face recognition camera and acquiring a user image; the data sending unit is used for sending the acquired user image and the operation completion request to the central security platform for information release verification; and the data receiving unit is used for completing service operation according to the received authentication information returned by the central security platform and sending operation information formed based on the service operation to the data management platform.
The data management platform further comprises a storage unit, after receiving the authentication information, the data management platform calculates an initial digest of the received authentication information based on the digest calculation subunit, and then the storage unit is used for storing the operation information and the initial digest thereof into a database to wait for scheduling.
The central security platform includes: the comparison unit is used for comparing the user image with a pre-stored face image, acquiring a current user key if the comparison is consistent, carrying out digital signature on the business operation of the operation completion request based on the key calling signature service, and returning the authentication information with the signature to the central information release platform; otherwise, judging the user as an illegal user, generating operation alarm information unsafe for user operation by the central security platform, and returning the operation alarm information to the central information release platform. When the central security platform compares the user image with the pre-stored face image, the similarity between the user image and the face image is calculated, and if the similarity is not smaller than a preset threshold, the comparison is consistent, and the face recognition verification is passed. The initial abstract is used as the digital fingerprint of the operation information, so that the operation information and the operation information are stored in the database at the same time, and if the operation information is tampered by other people, the corresponding abstract is changed, so that when the operation information is subsequently called, whether the operation information is tampered or not is judged through comparison of the abstract, and the accuracy of the operation information is ensured.
In another alternative embodiment, the operational information extracted from within the database includes system operational information sent by the external system to the database. The external system may be at least one of an operation command center (TCC), an integrated monitoring system (ISCS), an environment and equipment monitoring system (BAS), and a Fire Alarm System (FAS), and the operation information is information transmitted from the external system to a Passenger Information System (PIS). It should be noted that, in the present embodiment, the external system is a platform other than the center information distribution platform, and is not further limited herein.
In an optional embodiment, the device further comprises a judging module for judging whether the station is in degradation operation, namely judging whether the station is in degradation operation based on the connection state of the station and the central network, if the station is connected with the central network, the station is in normal operation, and if the station is not in degradation operation. It should be noted that, the degradation operation refers to interruption of the station and the central network, separation from the central information release management platform, and independent management of information release of the station terminal managed by the station information release platform.
If the scheduling information is operation information passing the source security check, the encryption information obtaining module 82 includes: the information sending unit is used for sending the scheduling information to the central security platform; and the information receiving unit is used for receiving the encryption scheduling information returned by the central security platform, wherein the encryption scheduling information is obtained by encrypting the scheduling information. The encryption scheduling information comprises a ciphertext packaged into a digital envelope and a secret key, wherein the ciphertext is obtained by encrypting the scheduling information by the central security platform based on a symmetric encryption algorithm, and the secret key is obtained by encrypting parameters of the symmetric encryption algorithm by the central security platform based on an asymmetric encryption algorithm.
In an alternative embodiment, if the scheduling information is source alarm information generated according to the operation information that fails the source security check, the source alarm information is returned to the information scheduling platform, so that the information scheduling platform suspends the scheduling operation, and it is known that the operation information has security risk, and the security of information transmission is improved.
The information transmitting module 83 transmits the encrypted schedule information to the station terminal for decryption.
The station terminal includes: a first receiving unit that receives encrypted scheduling information; the first sending unit sends the received encrypted scheduling information to the station security platform, receives first information returned by the station security platform, and obtains the first information according to the transmission security verification result by carrying out transmission security verification on the encrypted scheduling information. It should be noted that, the first information may be decryption scheduling information passing through the transmission security verification or transmission alarm information not passing through the transmission security verification.
The station safety platform comprises a station information receiving unit, a verification unit, a decryption unit, an alarm unit and a station information return unit, wherein: the station information receiving unit is used for receiving the encrypted scheduling information; the verification unit is used for judging whether the ciphertext in the encryption scheduling information accords with a preset encryption principle; if the verification unit judges that the data is in accordance with the encrypted message, the decryption unit decrypts the encrypted message by using the key so as to obtain decryption scheduling information, otherwise, the alarm unit indicates that the data is tampered in the transmission process, discards the data and generates transmission alarm information representing unsafe alarms of data transmission; and the station information return unit is used for feeding back the decryption scheduling information or the transmission alarm information to the station terminal.
If the first information is decryption scheduling information, the station terminal further includes: the information broadcasting unit broadcasts the decryption scheduling information according to a preset broadcasting rule; if the first information is a prompt unit, the station terminal further includes: the prompting unit timely determines that the information is tampered data, so that the data is prevented from being broadcasted.
In an optional embodiment, the device further comprises a station information release platform, and specifically comprises: the station information encryption unit encrypts scheduling operation information by utilizing a local encryption software package of the station information release platform based on station and central network interruption to obtain encrypted operation information, wherein the scheduling operation information comprises operation information released by the station information release platform; and the station information sending unit is used for sending the encrypted operation information to the station terminal and decrypting the encrypted operation information by using the local decryption software package. After the station terminal decrypts the decrypted operation information by using the local decryption software package, the station terminal broadcasts the decrypted operation information. In addition, based on the station and the central network terminal, the information release of the station terminal managed by the station is separated from the central information release platform and is independently managed by the station information release platform, so that the situation that the operation information release is interrupted due to the fact that hardware such as an encryption box of the central safety platform and a decryption box of the station safety platform are failed in the emergency such as fire disaster of the PIS system is avoided.
Fig. 9 shows a schematic structural diagram of a rail transit operation information security issuing device, which is a station terminal, including:
the information receiving module 91 receives the encrypted scheduling information sent by the information scheduling platform based on the connection of the station and the central network, wherein the encrypted scheduling information is obtained by the operation information extracted from the data management platform by the information scheduling platform and encrypting the operation information by utilizing the central security platform;
the first information acquisition module 92 sends the encrypted scheduling information to the station security platform, and receives first information returned by the station security platform, wherein the first information is decryption scheduling information or transmission alarm information obtained by carrying out transmission security verification on the encrypted scheduling information and according to a transmission security verification result;
the information broadcasting module 93 broadcasts the decrypted schedule information based on the first information being the decrypted schedule information decrypted according to the encrypted schedule information passing the transmission security verification.
In the present embodiment, the information receiving module 91 includes: the first receiving unit is used for receiving the encryption scheduling information sent by the information scheduling platform, wherein the encryption scheduling information is operation information extracted from the data management platform by the information scheduling platform and is obtained by encrypting the operation information by utilizing the central security platform.
The first information acquisition module 92 includes: the first sending unit sends the encrypted scheduling information to the station security platform, receives first information returned by the station security platform, and the first information is obtained by carrying out transmission security verification on the encrypted scheduling information and according to a transmission security verification result. It should be noted that, the first information may be decryption scheduling information passing through the transmission security verification or transmission alarm information not passing through the transmission security verification. Transmission security verification, comprising: judging whether the ciphertext in the encryption scheduling information accords with the agreed encryption principle, and if so, passing the transmission security verification.
The information broadcasting module 93 includes: and the broadcasting unit broadcasts the decryption scheduling information based on the fact that the first information is the decryption scheduling information obtained by decrypting the encryption scheduling information passing the transmission security verification.
In an alternative embodiment, the information broadcasting module 93 further includes: the prompting unit timely determines that the information is tampered data, so that the data is prevented from being broadcasted.
In an optional embodiment, the device further comprises a station information release platform, and specifically comprises: the station information encryption unit encrypts scheduling operation information by utilizing a local encryption software package of the station information release platform based on station and central network interruption to obtain encrypted operation information, wherein the scheduling operation information comprises operation information released by the station information release platform; and the station information sending unit is used for sending the encrypted operation information to the station terminal and decrypting the encrypted operation information by using the local decryption software package.
The station information release platform locally stores the encrypted software package, and the station terminal locally stores the decrypted software package, so that the situation that the operation information release is interrupted due to the fact that hardware such as an encryption box of the central safety platform and a decryption box of the station safety platform are faulty under emergency conditions such as fire disaster and the like of the PIS system is avoided. The station information release platform stores an encryption software package so as to encrypt operation information to be released; the station terminal receives the encrypted scheduling information sent by the station information issuing platform and decrypts the encrypted scheduling information based on the local decryption software package. It should be noted that, the encryption software package and/or the decryption software package may employ software packages based on symmetric encryption algorithms. When an emergency situation occurs, the station information release platform detects a central security platform fault, directly calls a local encryption software package to encrypt and release operation information, and calls a local decryption software package to decrypt and play the station play terminal program, so that normal operation of PIS system operation information release service is ensured.
Fig. 10 shows a schematic structural diagram of a rail transit operation information security issuing apparatus, the apparatus comprising: a data management platform 101, an information scheduling platform 102, a central security platform 103, a station terminal 104, and a station security platform 105, wherein:
The information scheduling platform 102 is connected with the central network based on the station, sends a scheduling request to the data management platform 101, and receives scheduling information returned by the data management platform 101, wherein the scheduling information is operation information extracted according to the scheduling request and is obtained by performing source security verification on the operation information or source alarm information;
if the scheduling information is the operation information passing the source security check, the information scheduling platform 102 sends the scheduling information to the central security platform 103 and receives the encryption scheduling information returned by the central security platform 103, wherein the encryption scheduling information is obtained by encrypting the scheduling information;
the information scheduling platform 102 transmits the encrypted scheduling information to the station terminal 104;
station terminal 104 receives the encrypted scheduling information sent by information scheduling platform 102;
the station terminal 104 sends the encrypted scheduling information to the station security platform 105, and receives first information returned by the station security platform, wherein the first information is decryption scheduling information or transmission alarm information obtained by carrying out transmission security verification on the encrypted scheduling information and according to a transmission security verification result;
if the first information is decryption schedule information obtained by decrypting the encrypted schedule information passing the transmission security verification, the station terminal 104 broadcasts the decryption schedule information.
It should be noted that, specific structures of the data management platform 101, the information scheduling platform 102, the central security platform 103, the station terminal 104, and the station security platform 105 may be described with reference to the foregoing embodiments, and will not be described herein.
In an optional embodiment, the device further comprises a station information release platform, and specifically comprises: encrypting scheduling operation information by using a local encryption software package of a station information release platform based on station and central network interruption to obtain encrypted operation information, wherein the scheduling operation information comprises operation information released by the station information release platform; the encrypted operation information is transmitted to the station terminal 104 to be decrypted by using the local decryption software package. After the station terminal 104 decrypts the decrypted operation information by using the local decryption software package, the station terminal 104 broadcasts the decrypted operation information. In addition, based on the station and the central network terminal, the information release of the station terminal 104 managed by the station is separated from the central information release platform, and is independently managed by the station information release platform, so as to avoid the situation that the operation information release is interrupted due to the failure of hardware such as an encryption box of the central security platform and a decryption box of the station security platform in the emergency such as fire disaster of the PIS system.
Fig. 11 shows a schematic structural diagram of a rail transit operation information security issuing apparatus, the apparatus comprising: a center information distribution platform 111, an external system 112, a data management platform 113, an information scheduling platform 114, a center security platform 115, a station terminal 116, and a station security platform 117, wherein:
based on the station and the central network connection, sending a scheduling request to the data management platform 113 by using the information scheduling platform 114;
the data management platform 113 receives the scheduling request sent by the information scheduling platform 114, extracts operation information from the database according to the scheduling request, performs source security verification on the operation information, obtains the operation information or source alarm information as scheduling information, and returns the scheduling information to the information scheduling platform 114; the data management platform 113 receives system operation information issued by the external system 112 and/or operation information which is transmitted by the central information issuing platform 111 and is verified by central security platform information issuing in advance, calculates an abstract of the received information based on an information abstract algorithm, and stores the abstract and corresponding information as an initial abstract in a database;
if the scheduling information is the operation information passing the source security check, the information scheduling platform 114 transmits the scheduling information to the central security platform 115;
The central security platform 115 receives the scheduling information sent by the information scheduling platform 114, encrypts the scheduling information by using an encryption box to obtain encrypted scheduling information, and returns the encrypted scheduling information to the information scheduling platform 114;
the information scheduling platform 114 transmits the encrypted scheduling information to the station terminal 116;
the station terminal 116 sends the encrypted scheduling information to the station security platform 117, and receives first information returned by the station security platform 117, wherein the first information is decryption scheduling information or transmission alarm information obtained by carrying out transmission security verification on the encrypted scheduling information and according to a transmission security verification result;
if the first information is decryption schedule information obtained by decrypting the encrypted schedule information passing the transmission security verification, the station terminal 116 broadcasts the decryption schedule information.
It should be noted that, the specific structures of the data management platform 113, the information scheduling platform 114, the central security platform 115, the station terminal 116 and the station security platform 117 may be described with reference to the foregoing embodiments, and will not be described herein. In addition, the center information distribution platform includes: an operation receiving unit for receiving an operation completion request sent by a user after performing service operation; the image acquisition unit is used for performing living body detection on a user by using a face recognition camera and acquiring a user image; the data sending unit is used for sending the acquired user image and the operation completion request to the central security platform; and the data receiving unit is used for completing service operation according to the received authentication information returned by the central security platform and sending operation information formed based on the service operation to the data management platform.
Correspondingly, the central security platform further comprises: the comparison unit is used for comparing the user image with a pre-stored face image, if the comparison is consistent, acquiring a current user key, carrying out digital signature on the business operation of the operation completion request based on a key calling signature service, and returning the authentication information with the signature to the central information release platform; otherwise, judging the user as an illegal user, generating operation alarm information unsafe for user operation by the central security platform, and returning the operation alarm information to the central information release platform.
When the central security platform compares the user image with the pre-stored face image, the similarity between the user image and the face image is calculated, and if the similarity is not smaller than a preset threshold, the comparison is consistent, and the face recognition verification is passed. The initial abstract is used as the digital fingerprint of the operation information, so that the operation information and the operation information are stored in the database at the same time, and if the operation information is tampered by other people, the corresponding abstract is changed, so that when the operation information is subsequently called, whether the operation information is tampered or not is judged through comparison of the abstract, and the accuracy of the operation information is ensured.
In addition, in order to facilitate the abnormality investigation, the central security platform reserves authentication information to the central information release platform so as to be used as a user operation log for recording and subsequent abnormality investigation. It should be noted that, the business operations include operations such as information editing, information auditing, or information revocation, which may be specifically set according to actual use requirements or design requirements, and are not further limited herein.
In an optional embodiment, the device further comprises a station information release platform, and specifically comprises: the station information encryption unit encrypts scheduling operation information by utilizing a local encryption software package of the station information release platform based on station and central network interruption to obtain encrypted operation information, wherein the scheduling operation information comprises operation information released by the station information release platform; and the station information sending unit is used for sending the encrypted operation information to the station terminal and decrypting the encrypted operation information by using the local decryption software package.
Fig. 12 illustrates a physical structure diagram of an electronic device, as shown in fig. 12, which may include: processor 121, communication interface (Communications Interface) 122, memory 123 and communication bus 124, wherein processor 121, communication interface 122, memory 123 accomplish communication with each other through communication bus 124. The processor 121 may call logic instructions in the memory 123 to perform a rail transit operation information security issuing method, the method comprising: based on the connection of the station and the central network, sending a scheduling request to a data management platform, and receiving scheduling information returned by the data management platform, wherein the scheduling information is operation information or source alarm information obtained by extracting operation information according to the scheduling request and performing source security verification on the operation information; based on the scheduling information, which is the operation information passing the source security check, the scheduling information is sent to the central security platform, and the encryption scheduling information returned by the central security platform is received, wherein the encryption scheduling information is obtained by encrypting the scheduling information; the encrypted scheduling information is sent to a station terminal to be decrypted by using a station security platform; or based on the connection of the station and the central network, receiving the encrypted scheduling information sent by the information scheduling platform, wherein the encrypted scheduling information is obtained by the operation information extracted from the data management platform by the information scheduling platform and encrypting the operation information by utilizing the central security platform; the encrypted scheduling information is sent to a station security platform, and first information returned by the station security platform is received, wherein the first information is decryption scheduling information or transmission alarm information obtained by carrying out transmission security verification on the encrypted scheduling information and according to a transmission security verification result; and broadcasting the decryption scheduling information based on the first information which is decryption scheduling information obtained by decrypting the encryption scheduling information passing the transmission security verification.
Further, the logic instructions in the memory 123 described above may be implemented in the form of software functional units and may be stored in a computer readable storage medium when sold or used as a stand alone product. Based on this understanding, the technical solution of the present invention may be embodied essentially or in a part contributing to the prior art or in a part of the technical solution, in the form of a software product stored in a storage medium, comprising several instructions for causing a computer device (which may be a personal computer, a server, a network device, etc.) to perform all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
In another aspect, the present invention also provides a computer program product, where the computer program product includes a computer program, where the computer program can be stored on a non-transitory computer readable storage medium, and when the computer program is executed by a processor, the computer can execute a rail transit operation information security issuing method provided by the above methods, and the method includes: based on the connection of the station and the central network, sending a scheduling request to a data management platform, and receiving scheduling information returned by the data management platform, wherein the scheduling information is operation information or source alarm information obtained by extracting operation information according to the scheduling request and performing source security verification on the operation information; based on the scheduling information, which is the operation information passing the source security check, the scheduling information is sent to the central security platform, and the encryption scheduling information returned by the central security platform is received, wherein the encryption scheduling information is obtained by encrypting the scheduling information; the encrypted scheduling information is sent to a station terminal to be decrypted by using a station security platform; or based on the connection of the station and the central network, receiving the encrypted scheduling information sent by the information scheduling platform, wherein the encrypted scheduling information is obtained by the operation information extracted from the data management platform by the information scheduling platform and encrypting the operation information by utilizing the central security platform; the encrypted scheduling information is sent to a station security platform, and first information returned by the station security platform is received, wherein the first information is decryption scheduling information or transmission alarm information obtained by carrying out transmission security verification on the encrypted scheduling information and according to a transmission security verification result; and broadcasting the decryption scheduling information based on the first information which is decryption scheduling information obtained by decrypting the encryption scheduling information passing the transmission security verification.
In still another aspect, the present invention further provides a non-transitory computer readable storage medium having stored thereon a computer program which, when executed by a processor, is implemented to perform the method for safely distributing rail transit operation information provided by the above methods, the method comprising: based on the connection of the station and the central network, sending a scheduling request to a data management platform, and receiving scheduling information returned by the data management platform, wherein the scheduling information is operation information or source alarm information obtained by extracting operation information according to the scheduling request and performing source security verification on the operation information; based on the scheduling information, which is the operation information passing the source security check, the scheduling information is sent to the central security platform, and the encryption scheduling information returned by the central security platform is received, wherein the encryption scheduling information is obtained by encrypting the scheduling information; the encrypted scheduling information is sent to a station terminal to be decrypted by using a station security platform; or based on the connection of the station and the central network, receiving the encrypted scheduling information sent by the information scheduling platform, wherein the encrypted scheduling information is obtained by the operation information extracted from the data management platform by the information scheduling platform and encrypting the operation information by utilizing the central security platform; the encrypted scheduling information is sent to a station security platform, and first information returned by the station security platform is received, wherein the first information is decryption scheduling information or transmission alarm information obtained by carrying out transmission security verification on the encrypted scheduling information and according to a transmission security verification result; and broadcasting the decryption scheduling information based on the first information which is decryption scheduling information obtained by decrypting the encryption scheduling information passing the transmission security verification.
The apparatus embodiments described above are merely illustrative, wherein the elements illustrated as separate elements may or may not be physically separate, and the elements shown as elements may or may not be physical elements, may be located in one place, or may be distributed over a plurality of network elements. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment. Those of ordinary skill in the art will understand and implement the present invention without undue burden.
From the above description of the embodiments, it will be apparent to those skilled in the art that the embodiments may be implemented by means of software plus necessary general hardware platforms, or of course may be implemented by means of hardware. Based on this understanding, the foregoing technical solution may be embodied essentially or in a part contributing to the prior art in the form of a software product, which may be stored in a computer readable storage medium, such as ROM/RAM, a magnetic disk, an optical disk, etc., including several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the method described in the respective embodiments or some parts of the embodiments.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solution of the present invention, and are not limiting; although the invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the present invention.

Claims (10)

1. The method for safely publishing the rail transit operation information is characterized by comprising the following steps of:
based on the connection of a station terminal and a central network, sending a scheduling request to a data management platform, and receiving scheduling information returned by the data management platform, wherein the scheduling information is operation information or source alarm information obtained by extracting operation information according to the scheduling request and carrying out source security verification on the operation information;
based on the scheduling information being the operation information passing the source security verification, sending the scheduling information to a central security platform, and receiving encryption scheduling information returned by the central security platform, wherein the encryption scheduling information is obtained by encrypting the scheduling information;
And sending the encrypted scheduling information to a station terminal for decryption by using a station security platform.
2. The method for releasing the security of the rail transit operation information according to claim 1, further comprising: stopping scheduling the operation information which fails the source security check based on the scheduling information which is the source alarm information generated according to the operation information which fails the source security check;
the source security check includes:
based on an information abstract algorithm, obtaining an abstract of operation information extracted from a database of the data management platform according to the scheduling request;
comparing the abstract with a pre-stored initial abstract, wherein the initial abstract is obtained based on an information abstract algorithm when the operation information is stored in the database;
if the comparison is consistent, passing the source security check;
otherwise, marking the operation as illegal information and generating source alarm information.
3. The track traffic operation information security issuing method according to claim 2, characterized in that the operation information extracted from the database includes operation information issued by a center information issuing platform based on authentication information returned by the center security platform and transmitted to the database by the center information issuing platform;
The authentication information is obtained by carrying out face recognition on the basis of the user image sent by the central information release platform by the central security platform and carrying out digital signature on a service operation completion request corresponding to the user through the face recognition;
the user image is obtained by photographing the user after living body detection based on a user service operation completion request by the central information release platform;
and/or;
the operation information extracted from the database includes operation information transmitted to the database by an external system including at least one of an operation command center, a comprehensive monitoring system, an environment and equipment monitoring system, and a fire alarm system.
4. The method for safely issuing the rail transit operation information according to claim 1, wherein the encrypted scheduling information comprises ciphertext packaged into a digital envelope and a secret key, the ciphertext is obtained by the central security platform encrypting the scheduling information based on a symmetric encryption algorithm, and the secret key is obtained by the central security platform encrypting parameters of the symmetric encryption algorithm based on an asymmetric encryption algorithm.
5. The method for safely publishing the rail transit operation information is characterized by comprising the following steps of:
Based on the connection of the station terminal and the central network, receiving encryption scheduling information sent by an information scheduling platform, wherein the encryption scheduling information is operation information obtained by carrying out source security verification and extracted from a data management platform by the information scheduling platform, and is obtained by encrypting the operation information by utilizing a central security platform;
the encrypted scheduling information is sent to a station security platform, and first information returned by the station security platform is received, wherein the first information is decryption scheduling information or transmission alarm information obtained by carrying out transmission security verification on the encrypted scheduling information and according to a transmission security verification result;
and broadcasting the decryption scheduling information based on the fact that the first information is the decryption scheduling information obtained by decrypting the encryption scheduling information passing the transmission security verification.
6. The method for safely issuing the rail transit operation information according to claim 5, wherein the encryption scheduling information comprises a ciphertext and a secret key, and the decryption scheduling information is obtained by judging whether the ciphertext accords with a stipulated encryption rule and decrypting the ciphertext by using the secret key corresponding to the ciphertext which accords with the stipulated encryption rule;
Further comprises: based on the first information, stopping issuing the encrypted scheduling information which fails the transmission security verification, wherein the encrypted scheduling information is generated according to the encrypted scheduling information which fails the transmission security verification;
further comprises:
based on interruption of a station terminal and a central network, receiving encrypted operation information sent by a station information release platform, wherein the encrypted operation information is obtained by encrypting operation information released by a local encryption software package of the station information release platform;
and decrypting the encrypted operation information by using a local decryption software package, and broadcasting the decryption scheduling information.
7. The utility model provides a track traffic operation information safety issue device which characterized in that includes:
the system comprises a dispatching information acquisition module, a data management platform and a dispatching information processing module, wherein the dispatching information acquisition module is connected with a central network based on a station terminal, sends a dispatching request to the data management platform, and receives dispatching information returned by the data management platform, wherein the dispatching information is operation information extracted according to the dispatching request and is operation information or source alarm information obtained by carrying out source security verification on the operation information;
the encryption information acquisition module is used for transmitting the scheduling information to a central security platform based on the fact that the scheduling information is the operation information passing the source security verification, and receiving encryption scheduling information returned by the central security platform, wherein the encryption scheduling information is obtained by encrypting the scheduling information;
And the information sending module is used for sending the encrypted scheduling information to the station terminal and decrypting the encrypted scheduling information by using the station security platform.
8. The utility model provides a track traffic operation information safety issue device which characterized in that includes:
the information receiving module is connected with the central network based on the station terminal, receives encrypted scheduling information sent by the information scheduling platform, wherein the encrypted scheduling information is operation information which is extracted by the information scheduling platform from the data management platform and obtained by carrying out source security verification, and is obtained by encrypting the operation information by utilizing the central security platform;
the first information acquisition module is used for sending the encrypted scheduling information to a station security platform and receiving first information returned by the station security platform, wherein the first information is decryption scheduling information or transmission alarm information obtained by carrying out transmission security verification on the encrypted scheduling information and according to a transmission security verification result;
and the information broadcasting module broadcasts the decryption scheduling information based on the decryption scheduling information which is obtained by decrypting the encryption scheduling information passing the transmission security verification.
9. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor implements the steps of the rail transit operation information security distribution method according to any one of claims 1 to 4 when executing the computer program or the steps of the rail transit operation information security distribution method according to any one of claims 5 to 6 when executing the computer program.
10. A non-transitory computer-readable storage medium having stored thereon a computer program, characterized in that the computer program, when executed by a processor, implements the steps of the rail transit operation information security distribution method according to any one of claims 1 to 4, or the steps of the rail transit operation information security distribution method according to any one of claims 5 to 6.
CN202111290551.2A 2021-11-02 2021-11-02 Rail transit operation information safety release method and device Active CN114244553B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111290551.2A CN114244553B (en) 2021-11-02 2021-11-02 Rail transit operation information safety release method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111290551.2A CN114244553B (en) 2021-11-02 2021-11-02 Rail transit operation information safety release method and device

Publications (2)

Publication Number Publication Date
CN114244553A CN114244553A (en) 2022-03-25
CN114244553B true CN114244553B (en) 2024-04-02

Family

ID=80743638

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111290551.2A Active CN114244553B (en) 2021-11-02 2021-11-02 Rail transit operation information safety release method and device

Country Status (1)

Country Link
CN (1) CN114244553B (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105451186A (en) * 2015-12-31 2016-03-30 天津市北海通信技术有限公司 Mobile stop-reporting platform for PIS system based on wireless beacon technology
CN110458445A (en) * 2019-08-07 2019-11-15 上海鸣啸信息科技股份有限公司 A kind of Customer information release management system
CN213122985U (en) * 2020-07-07 2021-05-04 中国铁道科学研究院集团有限公司电子计算技术研究所 PIS authentication system
CN113034325A (en) * 2021-03-05 2021-06-25 中建空列(北京)科技有限公司 Suspension type rail transit PIS system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105451186A (en) * 2015-12-31 2016-03-30 天津市北海通信技术有限公司 Mobile stop-reporting platform for PIS system based on wireless beacon technology
CN110458445A (en) * 2019-08-07 2019-11-15 上海鸣啸信息科技股份有限公司 A kind of Customer information release management system
CN213122985U (en) * 2020-07-07 2021-05-04 中国铁道科学研究院集团有限公司电子计算技术研究所 PIS authentication system
CN113034325A (en) * 2021-03-05 2021-06-25 中建空列(北京)科技有限公司 Suspension type rail transit PIS system

Also Published As

Publication number Publication date
CN114244553A (en) 2022-03-25

Similar Documents

Publication Publication Date Title
CN111447276B (en) Encryption continuous transmission method with key agreement function
CN106357690B (en) data transmission method, data sending device and data receiving device
CN107613316B (en) Live network push stream verification method and system
CN110061849A (en) Verification method, server, mobile unit and the storage medium of mobile unit
CN110035058B (en) Resource request method, device and storage medium
CN110113745A (en) Verification method, server, mobile unit and the storage medium of mobile unit
CN104506497A (en) Information issuing method and system
CN112328271B (en) Vehicle-mounted equipment software upgrading method and system
CN104053149A (en) Method and system for realizing security mechanism of vehicle networking equipment
CN115051813B (en) New energy platform control instruction protection method and system
CN111669404A (en) Verification method and device for digital certificate installation
CN110796220A (en) Identification code sending system based on public transport
CN105607592A (en) Remote utilization system for public work mechanical vehicles, and implementation method
CN106850669B (en) Message security transmission method for Internet of things monitoring system
CN110445782B (en) Multimedia safe broadcast control system and method
CN105191332B (en) For the method and apparatus of the embedded watermark in unpressed video data
CN104579684B (en) A kind of SM2 checking algorithms suitable for distribution network data
CN102571341B (en) A kind of Verification System based on dynamic image and authentication method
CN112865965B (en) Train service data processing method and system based on quantum key
CN109246148A (en) Message processing method, device, system, equipment and computer readable storage medium
CN114244553B (en) Rail transit operation information safety release method and device
CN103441989B (en) A kind of authentication, information processing method and device
CN112383577A (en) Authorization method, device, system, equipment and storage medium
CN110838910B (en) Subway comprehensive monitoring system based on SM3 and SM4 communication encryption
CN111711527B (en) Access method, node server and terminal

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant