CN115361669A - Vehicle-mounted data encryption method and device, computer equipment and communication system - Google Patents

Abstract

The invention relates to the technical field of communication, in particular to an encryption method and device for vehicle-mounted data, computer equipment and a storage medium. The method comprises the steps of obtaining data to be encrypted, wherein the data to be encrypted is a character string to be encrypted; randomly selecting an encryption method and generating random numbers, and acquiring a designated character string based on the character string to be encrypted and the random numbers; encrypting the designated character string according to the randomly selected encryption method, and generating an encrypted designated character string; and arranging and combining the encrypted designated character strings after encryption processing to generate an encrypted character string. The invention has high calculation speed and low CPU load because the direct XOR operation of the time bytes used in the encryption and decryption process does not relate to the cyclic redundancy calculation similar to other algorithms.

Description

Vehicle data encryption method, device, computer equipment and communication system

technical field

The invention relates to the field of communication technology, in particular to an encryption method, device, computer equipment and communication system for vehicle data.

Background technique

In recent years, with the development of my country's rail transit, the implementation of standardization and the comprehensive promotion of vehicle-mounted systems such as LKJ, TCMS, and 6A, my country's rail transit has already met the conditions for vehicle information collection, and the real-time and safety requirements for vehicle-to-ground data transmission Higher and higher.

Traditional vehicle-ground mobile communication private network, 4G mobile communication network, WLAN, satellite communication and other vehicle-ground communication wireless technologies have certain limitations, and cannot fully meet the requirements of intelligent operation and maintenance systems for vehicle-ground seamless data transmission. With the development of communication technology, 5G communication technology is gradually applied to rail transit data transmission. At present, both at home and abroad have begun to carry out research and experiments on the application of 5G communication in the railway field. Communication is the first of the new infrastructure. At present, both at home and abroad have begun to carry out research and experiments on the application of 5G communication in the railway field. European Railways has researched a 5G-based train control system (Europe Train Control System, ETCS), and carried out train control system tests below 200km/h; South Korea has carried out a 5G-based train automatic control system test on its dedicated track test line. Test; Japan has completed 4K surveillance video transmission test using 28GHz spectrum; my country has implemented public network 5G coverage project in some stations and lines, carried out millimeter-wave point-to-point large-capacity data transmission application in several typical stations, and is testing circular railway The base builds a railway 5G-R private network test environment and prepares to carry out relevant tests.

The existing subway vehicle-to-ground wireless transmission system transmits the operating status information and fault information of the vehicles to the operation monitoring center in real time, and analyzes and processes the information in real time, so as to realize the full tracking of the vehicle operating status and early warning of faults. The usual implementation method is: the vehicle host usually collects the vehicle MVB bus and Ethernet bus data according to the sampling period of 500ms or 1s, and then sends the data to the server through 4G or WLAN.

Since a subway line usually has dozens of trains running at the same time, each train needs to push data to the ground cloud server in real time. If the data encryption and decryption algorithm is complicated, the server will overload the analysis data, and even cause serious packet loss. Therefore, in view of the characteristics of the train-to-ground communication of subway trains, the data encryption and decryption algorithms in train-to-ground transmission need to ensure data security and reliability as well as fast and efficient encryption and decryption, which puts forward higher special requirements for encryption and decryption algorithms.

Contents of the invention

In order to solve the technical problems existing in the above-mentioned prior art, the present invention provides a kind of encryption method, device, computer equipment and storage medium of vehicle-mounted data, after providing the fully automatic realization of group raid function, multiple Use cases are placed in the same task to automatically execute tests in sequence, and the group raid operation of each use case is automatically completed.

In order to achieve the above object, the embodiment of the present invention provides the following technical solutions:

According to a first aspect of the present invention, there is provided a method for encrypting vehicle-mounted data, the method comprising the following steps:

Obtain the data to be encrypted, the data to be encrypted is a character string to be encrypted;

Randomly select the encryption method and generate a random number, and obtain the specified string based on the string to be encrypted and the random number;

Encrypt the specified string according to a randomly selected encryption method, and generate an encrypted specified string;

The encrypted specified character strings are permuted and combined after encryption processing to generate encrypted character strings.

As a further solution of the present invention, wherein the data to be encrypted comes from two types of bus data of the train, namely MVB bus data and Ethernet bus data.

As a further solution of the present invention, the MVB bus data is obtained by sampling, and the Ethernet bus data is obtained by blocking monitoring.

As a further solution of the present invention, the specified character string is a part selected from the editing bit of the character string to be encrypted according to the value of the random number, and the specified character is the corresponding character of the value of the random number in the specified character string.

As a further solution of the present invention, the encryption method includes:

Randomly sort the communication data frames of the character strings to be encrypted, and each data frame is assigned a number n in the random sorting;

Two random quantities, the number n of the data frame and the effective data length m of the data frame, are selected as encryption and decryption factors.

According to a second aspect of the present invention, there is provided an encryption device for rail transit on-board data, the device comprising:

The data acquisition module is configured to acquire data to be encrypted, and the data to be encrypted is a character string to be encrypted.

The encryption module is configured to randomly select an encryption method and generate a random number, obtain a specified string based on the string to be encrypted and the random number, encrypt the specified string according to the randomly selected encryption method, and generate encrypted specified characters string;

Encrypted character string generation, its configuration is used to perform string arrangement and combination of encrypted specified characters after encryption processing to generate an encrypted character string.

According to a third aspect of the present invention, a computer device is provided, including a memory and a processor, the memory stores a computer program, and when the processor loads and executes the computer program, the steps of the method for encrypting vehicle-mounted data as described above are realized.

According to a fourth aspect of the present invention there is provided a communication system comprising at least one computer device and ground application equipment. Wherein the computer equipment communicates with the ground application equipment.

As a further solution of the present invention, the computer equipment is provided with multiple Ethernet communication interfaces and one MVB communication interface.

The technical scheme provided by the invention has the following beneficial effects:

The encryption method, device, computer equipment and storage medium of the vehicle-mounted data provided by the present invention, because the encryption and decryption process used in the present invention is directly XOR operation, does not involve cyclic redundancy calculation similar to other algorithms, so the calculation speed is efficient, CPU load is low. And because each key sequence has strong randomness and variability, data security can be guaranteed to the maximum extent. The data frame encryption algorithm of the present invention effectively solves the problem of safe encryption of train transmission data.

Description of drawings

Fig. 1 is the flow chart of the encryption method of rail transit vehicle-mounted data of an embodiment of the present invention;

Fig. 2 is the structural block diagram of the encryption device of rail transit vehicle-mounted data of an embodiment of the present invention;

Fig. 3 is a structural block diagram of a communication system according to an embodiment of the present invention.

In the figure: data acquisition module-100, encryption module-200, encrypted character string generation module-300.

Detailed ways

The following will clearly and completely describe the technical solutions in the embodiments of the present invention with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are some of the embodiments of the present invention, but not all of them. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the protection scope of the present invention.

The flow charts shown in the drawings are just illustrations, and do not necessarily include all contents and operations/steps, nor must they be performed in the order described. For example, some operations/steps can be decomposed, combined or partly combined, so the actual order of execution may be changed according to the actual situation.

It should be understood that the terminology used in the description of the present invention is for the purpose of describing particular embodiments only and is not intended to be limiting of the present invention. As used in this specification and the appended claims, the singular forms "a", "an" and "the" are intended to include plural referents unless the context clearly dictates otherwise.

The current general encryption algorithm is a general term for encryption algorithm and decryption algorithm, which is the core of the cryptosystem. A cryptographic algorithm can be regarded as a combination of exchanges. When the input is plaintext, after these transformations, the output is ciphertext. Conversely, when the input is ciphertext, the output is plaintext after cipher transformation, which is the process of exchanging secrets. Commonly used encryption algorithms are: AES/RSA/ECC/Diffie-heliman, SHA-1/SHA-256. The disadvantage is that these methods require bit-by-bit operations when decrypting, and the CPU load is relatively large. At the same time, since the encryption and decryption algorithms are publicly available, there are cracking methods, so neither efficiency nor security is good enough.

The encryption and decryption process of the present invention uses direct XOR operation of bytes, and does not involve cyclic redundancy calculation similar to other algorithms, so the calculation speed is high and the CPU load is low.

Specifically, the embodiments of the present invention will be further described below in conjunction with the accompanying drawings.

Please refer to FIG. 1 . FIG. 1 is a flowchart of a method for encrypting vehicle-mounted data provided by an embodiment of the present invention. As shown in FIG. 1 , the method for encrypting vehicle-mounted data includes steps S10 to S30.

S10. Acquire data to be encrypted, where the data to be encrypted is a character string to be encrypted.

Wherein, the data to be encrypted comes from two kinds of bus data of the train, namely MVB bus data and Ethernet bus data, both of which are binary byte stream arrays.

In an embodiment of the present invention, the MVB bus data is acquired using a sampling method, and for each sink port (each train subsystem will allocate one or several port addresses for sending MVB vehicle control data), it is sampled according to the characteristic period, and the characteristic The periods are 32ms, 64ms, 128ms, 256ms, 512ms and 1024ms respectively. The data length is in the range of 4 to 32 bytes.

In the embodiment of the present invention, the Ethernet bus data is obtained by blocking monitoring, that is, the host device always monitors the bus, and when the subsystem sends a UDP multicast data message, it can be captured and entered into the application program.

S20. Randomly select an encryption method and generate a random number, and obtain a specified character string based on the character string to be encrypted and the random number;

Encrypts the specified character string according to a randomly selected encryption method, and generates an encrypted specified character string.

Wherein, the encryption method includes a character adding encryption method and a transposition encryption method.

The specified character string is a part selected from the editing bit of the character string to be encrypted according to the value of the random number, and the specified character is a corresponding character of the value of the random number in the specified character string.

Wherein, the encryption method includes:

Randomly sort the communication data frames of the character strings to be encrypted, and each data frame is assigned a number n in the random sorting;

Two random quantities, the number n of the data frame and the effective data length m of the data frame, are selected as encryption and decryption factors.

In the embodiment of the present invention, the present invention randomly sorts all data frames of the train-ground communication according to the artificial system debugging sequence of the train-related subsystems, and each data frame is assigned a number n in the random sorting, and the number n The range is 1≤n≤311. In addition, each communication data frame has its own effective data length m. For example, the shortest data frame has an effective data length of 4 bytes, and the longest is 3792 bytes. They also change at any time according to the subsystem-related data frames and project requirements. uncertain amount. The present invention selects these two random quantities as encryption and decryption factors, namely the data frame number n and the data frame length m. During the debugging process, the document will be inserted and the data length will also be changed, so n and m are changed during the shunting process, and the probability of early capture is extremely small. Data security can be guaranteed.

Based on the above data frame number n and data length m, uniquely generate a set of keys consistent with the data length. The initial value of this key is the remainder of n and 255, and the position number is 0. It is recorded as key[0]=n%255.

Use the value of key[0] whose position is 0 to be different from the value of data[0] to be encrypted at the same position or obtain the value of encrypted data secret[0] at position 0.

In an embodiment of the present invention, for the m-1 length data after the data to be encrypted, a key sequence of m-1 length is also generated, and the value of each key sequence position is key[m]=(n+m-1 )% 255. That is, the value of the entire key sequence is a data sequence of (n)%255, (n+1)%255, (n+2)%255...(n+m-1)%255. Since the number and data length of each data frame are uniquely determined, the key sequence of each data frame is uniquely determined. When encrypting, the sender directly uses each byte of the valid data of the data frame and the corresponding byte of the key sequence to generate the ciphertext, that is, secret[i]=key[i]^data[i], where 0 ≤i≤m-1.

After the key sequence generated by S20, plaintext identification information (port address, time stamp, length) is added to form an encrypted data stream in which plaintext and ciphertext are mixed.

S30. Arranging and combining the encrypted designated character strings after the encryption processing to generate an encrypted character string.

In the present invention, since the number and data length of each data frame are uniquely determined, the key sequence of each data frame is uniquely determined. When encrypting, the sender directly uses each byte of the valid data of the data frame and its corresponding byte of the key sequence to generate the ciphertext, that is, data[0]^(n)%255, data[1]^( n+1)%255...data[m-1]^(n+m)%255. The effective data part is encrypted, and the header information is not encrypted, which can further save CPU load. When decrypting, the algorithm is consistent, and each byte of the received ciphertext sequence can be used to sequentially XOR each byte of the key sequence to obtain the plaintext.

Because the encryption and decryption process of the present invention uses direct XOR operation of bytes and does not involve cyclic redundancy calculation similar to other algorithms, the calculation speed is high and the CPU load is low. And because each key sequence has strong randomness and variability, data security can be guaranteed to the maximum extent. The data frame encryption algorithm of the present invention effectively solves the problem of safe encryption of train transmission data.

It should be understood that although the above description is in a certain order, these steps are not necessarily executed in sequence in the above order. Unless otherwise specified herein, there is no strict order restriction on the execution of these steps, and these steps can be executed in other orders. Moreover, some of the steps in this embodiment may include multiple steps or stages, and these steps or stages are not necessarily executed at the same time, but may be executed at different times, and the order of execution of these steps or stages is also different. It must be performed sequentially, but may be performed alternately or alternately with other steps or at least a part of steps or stages in other steps.

In one embodiment, as shown in FIG. 3 , an encryption device for rail transit on-board data is also provided in an embodiment of the present invention, and the device includes a data acquisition module 100 , an encryption module 200 and an encrypted string generation module 300 .

The data acquisition module 100 is configured to acquire data to be encrypted, and the data to be encrypted is a character string to be encrypted.

Wherein, the data obtaining module 100 obtains the data to be encrypted from the MVB bus Ethernet bus, and the obtained data to be encrypted are all binary byte stream arrays.

In an embodiment of the present invention, the data to be encrypted of the MVB bus is acquired using a sampling method, and for each sink port (each train subsystem will allocate one or several port addresses for sending MVB vehicle control data), according to the characteristic period Sampling, the characteristic periods are 32ms, 64ms, 128ms, 256ms, 512ms and 1024ms respectively. The data length is in the range of 4 to 32 bytes.

In the embodiment of the present invention, the data to be encrypted on the Ethernet bus is obtained using a blocking monitoring method, that is, the host device always monitors the bus, and when the subsystem sends a UDP multicast data message, it can be captured and entered into the application program.

The encryption module 200 is configured to randomly select an encryption method and generate a random number, obtain a specified character string based on the character string to be encrypted and the random number; perform encryption processing on the specified character string according to the randomly selected encryption method, and generate an encrypted specified character string.

Wherein, the encryption method includes a character adding encryption method and a transposition encryption method.

The specified character string is a part selected from the editing bit of the character string to be encrypted according to the value of the random number, and the specified character is a corresponding character of the value of the random number in the specified character string.

Wherein, the encryption method includes:

Randomly sort the communication data frames of the character strings to be encrypted, and each data frame is assigned a number n in the random sorting;

Two random quantities, the number n of the data frame and the effective data length m of the data frame, are selected as encryption and decryption factors.

In the embodiment of the present invention, the present invention randomly sorts all data frames of the train-ground communication according to the artificial system debugging sequence of the train-related subsystems, and each data frame is assigned a number n in the random sorting, and the number n The range is 1≤n≤311. In addition, each communication data frame has its own effective data length m. For example, the shortest data frame has an effective data length of 4 bytes, and the longest is 3792 bytes. They also change at any time according to the subsystem-related data frames and project requirements. uncertain amount. The present invention selects these two random quantities as encryption and decryption factors, namely the data frame number n and the data frame length m. During the debugging process, the document will be inserted and the data length will also be changed, so n and m are changed during the shunting process, and the probability of early capture is extremely small. Data security can be guaranteed.

Based on the above data frame number n and data length m, uniquely generate a set of keys consistent with the data length. The initial value of this key is the remainder of n and 255, and the position number is 0. It is recorded as key[0]=n%255.

Use the value of key[0] whose position is 0 to be different from the value of data[0] to be encrypted at the same position or obtain the value of encrypted data secret[0] at position 0.

In an embodiment of the present invention, for the m-1 length data after the data to be encrypted, a key sequence of m-1 length is also generated, and the value of each key sequence position is key[m]=(n+m-1 )% 255. That is, the value of the entire key sequence is a data sequence of (n)%255, (n+1)%255, (n+2)%255...(n+m-1)%255. Since the number and data length of each data frame are uniquely determined, the key sequence of each data frame is uniquely determined. When encrypting, the sender directly uses each byte of the valid data of the data frame and the corresponding byte of the key sequence to generate the ciphertext, that is, secret[i]=key[i]^data[i], where 0 ≤i≤m-1.

After the key sequence is generated, add plaintext identification information (port address, time stamp, length) to form an encrypted data stream in which plaintext and ciphertext are mixed.

The encrypted character string generation 300 is used to perform string arrangement and combination on the encrypted designated characters after encryption processing to generate an encrypted character string.

In the present invention, since the number and data length of each data frame are uniquely determined, the key sequence of each data frame is uniquely determined. When encrypting, the sender directly uses each byte of the valid data of the data frame and its corresponding byte of the key sequence to generate the ciphertext, that is, data[0]^(n)%255, data[1]^( n+1)%255...data[m-1]^(n+m)%255. The effective data part is encrypted, and the header information is not encrypted, which can further save CPU load. When decrypting, the algorithm is consistent, and each byte of the received ciphertext sequence can be used to sequentially XOR each byte of the key sequence to obtain the plaintext.

In one embodiment, the embodiment of the present invention also provides a computer device, including at least one processor, and a memory connected to the at least one processor in communication, and the memory stores information that can be accessed by the at least one processor. An instruction executed by a processor, the instruction is executed by the at least one processor, so that the at least one processor executes the method for encrypting vehicle-mounted data, and when the processor executes the instruction, the method in the above method embodiment is implemented step.

The computer equipment includes user equipment and network equipment. Wherein, the user equipment includes, but is not limited to, computers, smart phones, PDAs, etc.; Or a cloud composed of network servers, among them, cloud computing is a kind of distributed computing, a super virtual computer composed of a group of loosely coupled computer sets. Wherein, the computer device can operate independently to realize the present invention, and can also be connected to a network and realize the present invention by interacting with other computer devices in the network. Wherein, the network where the computer device is located includes, but is not limited to, the Internet, a wide area network, a metropolitan area network, a local area network, a VPN network, and the like.

It should also be understood that the term "and/or" used in the description of the present invention and the appended claims refers to any combination and all possible combinations of one or more of the associated listed items, and includes these combinations .

An embodiment of the present invention also provides a storage medium on which a computer program is stored, and when the computer program is executed by a processor, the steps in the above method embodiments are implemented.

Those of ordinary skill in the art can understand that all or part of the processes in the methods of the above embodiments can be implemented through computer programs to instruct related hardware, and the computer programs can be stored in a non-volatile computer-readable memory In the medium, when the computer program is executed, it may include the process of the above-mentioned method embodiment. Wherein, any reference to memory, storage, database or other media used in the embodiments of the present invention may include at least one of non-volatile and volatile memory.

In one embodiment, as shown in FIG. 3 , a communication system is also provided in the embodiment of the present invention, the communication system includes no less than one computer device and ground application equipment; the computer equipment and the ground application equipment are communicatively connected.

In the embodiment of the present invention, wherein the computer equipment is arranged on a vehicle, the vehicle is provided with no less than two computer equipment.

The computer equipment is provided with multiple Ethernet communication interfaces and one MVB communication interface.

In an embodiment of the present invention, the Ethernet communication interface includes an ETH1 communication interface and an ETH2 communication interface.

In an embodiment of the present invention, the ETH1 communication interface is mainly responsible for collecting the data of each Ethernet communication subsystem of the train, and is responsible for the redundant communication of the WTS at both ends of the same train, while allowing RDAS (WTS to adapt to desktop data analysis software) connect.

In the embodiment of the present invention, the WTSs at both ends of the same train use ETH1 to realize redundant communication. The WTSs at both ends use UDP to send contact messages at an interval of 100ms, and the messages carry the master-slave identifier. The master and slave work at the same time, but only the master reports real-time data to the ground application equipment.

In the embodiment of the present invention, the master is powered on and starts to work normally after the self-check is completed, and the working status of the slave is not judged.

In the embodiment of the present invention, within 30s of power-on start-up or continuous 1s during normal operation, if the slave does not receive the redundant contact signal from the master, it will take over the work of reporting real-time data. When the slave machine takes over and reports real-time data, if it suddenly receives a redundant contact message from the master machine, it will immediately stop reporting real-time data and switch to the default working mode of the slave machine. At this point the host takes over the reporting work.

In the embodiment of the present invention, the ETH2 communication interface is mainly responsible for the communication between the WTS and the ground application equipment. WTS sends real-time data to the ground application equipment every 500ms through the ETH2 communication interface and TCP mode. Each WTS maintains a TCP long connection with the ground application equipment, and only the main WTS reports data in real time. At the same time, WTS regularly (configurable) transmits data record files to ground application equipment through FTP.

Real-time data TCP connection port: 32100

Real-time data reporting cycle: 500ms

Maintain TCP long connection (always keep connected after connection, once disconnected, try to connect again immediately).

In an embodiment of the present invention, the MVB communication interface is mainly responsible for collecting data of each MVB communication subsystem of the train. The train MVB subsystem includes CCU, etc. (TBD).

WTS generates a historical data record file every fixed time (period can be modified) and uploads it to the ground expert system. The historical data record file contains the flight records of all data frames of the Ethernet and MVB bus within the fixed time (data transmitted on the bus frame). The file size is not fixed, and the flight record storage sequence of the data frame in the file is arranged according to the flight time stamp. In order to prevent data loss, WTS has a 64G local storage space inside, which can back up historical data record files in a distributed manner. At the same time, in order to save storage space, the file uses the zip compression method (can be compressed by 10 to 15 times).

The above descriptions are only preferred embodiments of the present invention, and are not intended to limit the present invention. Any modifications, equivalent replacements and improvements made within the spirit and principles of the present invention should be included in the protection of the present invention. within range.

The above are the exemplary embodiments disclosed in the present invention, but it should be noted that various changes and modifications can be made without departing from the scope of the disclosed embodiments of the present invention defined in the claims. The functions, steps and/or actions of the method claims in accordance with the disclosed embodiments described herein need not be performed in any particular order. In addition, although the elements disclosed in the embodiments of the present invention may be described or required in an individual form, they may also be understood as a plurality unless explicitly limited to a singular number.

It should be understood that as used herein, the singular form "a" and "an" are intended to include the plural forms as well, unless the context clearly supports an exception. It should also be understood that "and/or" as used herein is meant to include any and all possible combinations of one or more of the associated listed items. The serial numbers of the embodiments disclosed in the above-mentioned embodiments of the present invention are only for description, and do not represent the advantages and disadvantages of the embodiments.

Those of ordinary skill in the art should understand that: the discussion of any of the above embodiments is exemplary only, and is not intended to imply that the scope (including claims) disclosed by the embodiments of the present invention is limited to these examples; under the idea of the embodiments of the present invention , the technical features in the above embodiments or different embodiments can also be combined, and there are many other changes in different aspects of the above embodiments of the present invention, which are not provided in details for the sake of brevity. Therefore, within the spirit and principle of the embodiments of the present invention, any omissions, modifications, equivalent replacements, improvements, etc., shall be included in the protection scope of the embodiments of the present invention.

Claims (10)

1. A method for encrypting vehicle-mounted data, comprising: Obtain data to be encrypted, the data to be encrypted is a character string to be encrypted; Randomly select an encryption method and generate a random number, and obtain a specified character string based on the character string to be encrypted and the random number; Encrypting the specified character string according to the randomly selected encryption method, and generating an encrypted specified character string; The encryption-specified character strings after encryption processing are permuted and combined to generate encrypted character strings. 2. the encryption method of vehicle-mounted data as claimed in claim 1, is characterized in that, wherein, said data to be encrypted comes from two kinds of bus data of train, is respectively MVB bus data and Ethernet bus data. 3. The encryption method of vehicle-mounted data as claimed in claim 2, is characterized in that, described MVB bus data uses sampling mode to obtain, and described Ethernet bus data uses blocking monitoring mode to obtain. 4. the encryption method of vehicle-mounted data as claimed in claim 1, is characterized in that, described specified character string is the selected part from the editing bit of character string to be encrypted according to the value of described random number, and specified character is random The value of the number corresponds to the character in the specified string. 5. the encryption method of vehicle-mounted data as claimed in claim 1, is characterized in that, described encryption method comprises character addition encryption method, transposition encryption method. 6. The encryption method of vehicle-mounted data as claimed in claim 5, is characterized in that, described encryption method comprises: Randomly sort the communication data frames of the character strings to be encrypted, and each data frame is assigned a number n in the random sorting; Two random quantities, the number n of the data frame and the effective data length m of the data frame, are selected as encryption and decryption factors. 7. An encryption device for on-board data in rail transit, characterized in that it comprises: A data acquisition module configured to acquire data to be encrypted, where the data to be encrypted is a character string to be encrypted; The encryption module is configured to randomly select an encryption method and generate a random number, obtain a specified string based on the string to be encrypted and the random number, encrypt the specified string according to the randomly selected encryption method, and generate an encrypted specified string ; Encrypted character string generation, which is configured to arrange and combine encrypted specified characters after encryption to generate encrypted character strings. 8. A computer device, comprising a memory and a processor, the memory stores a computer program, and when the processor loads and executes the computer program, the encryption of the vehicle-mounted data as claimed in any one of claims 1-6 is realized method steps. 9. A communication system, characterized in that the communication system comprises at least one computer device as claimed in claim 8 and ground application equipment, wherein the computer equipment is communicatively connected with the ground application equipment. 10. The communication system according to claim 9, wherein the computer equipment is provided with multiple Ethernet communication interfaces and one MVB communication interface.

Images