CN115361669A - Vehicle-mounted data encryption method and device, computer equipment and communication system - Google Patents

Vehicle-mounted data encryption method and device, computer equipment and communication system Download PDF

Info

Publication number
CN115361669A
CN115361669A CN202211065590.7A CN202211065590A CN115361669A CN 115361669 A CN115361669 A CN 115361669A CN 202211065590 A CN202211065590 A CN 202211065590A CN 115361669 A CN115361669 A CN 115361669A
Authority
CN
China
Prior art keywords
data
encrypted
character string
encryption
encryption method
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211065590.7A
Other languages
Chinese (zh)
Inventor
陈龙
于延霞
曾云峰
丛培鹏
张朋
王嵩淞
苏长凯
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
CRRC Dalian Co Ltd
Original Assignee
CRRC Dalian Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by CRRC Dalian Co Ltd filed Critical CRRC Dalian Co Ltd
Priority to CN202211065590.7A priority Critical patent/CN115361669A/en
Publication of CN115361669A publication Critical patent/CN115361669A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/30Services specially adapted for particular environments, situations or purposes
    • H04W4/40Services specially adapted for particular environments, situations or purposes for vehicles, e.g. vehicle-to-pedestrians [V2P]
    • H04W4/42Services specially adapted for particular environments, situations or purposes for vehicles, e.g. vehicle-to-pedestrians [V2P] for mass transport vehicles, e.g. buses, trains or aircraft
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/30Services specially adapted for particular environments, situations or purposes
    • H04W4/40Services specially adapted for particular environments, situations or purposes for vehicles, e.g. vehicle-to-pedestrians [V2P]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Aviation & Aerospace Engineering (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Small-Scale Networks (AREA)

Abstract

The invention relates to the technical field of communication, in particular to an encryption method and device for vehicle-mounted data, computer equipment and a storage medium. The method comprises the steps of obtaining data to be encrypted, wherein the data to be encrypted is a character string to be encrypted; randomly selecting an encryption method and generating random numbers, and acquiring a designated character string based on the character string to be encrypted and the random numbers; encrypting the designated character string according to the randomly selected encryption method, and generating an encrypted designated character string; and arranging and combining the encrypted designated character strings after encryption processing to generate an encrypted character string. The invention has high calculation speed and low CPU load because the direct XOR operation of the time bytes used in the encryption and decryption process does not relate to the cyclic redundancy calculation similar to other algorithms.

Description

Vehicle-mounted data encryption method and device, computer equipment and communication system
Technical Field
The present invention relates to the field of communications technologies, and in particular, to an encryption method and apparatus for vehicle-mounted data, a computer device, and a communication system.
Background
In recent years, with the development and standardization of rail transit in China and the comprehensive popularization of vehicle-mounted systems such as LKJ, TCMS and 6A, rail transit in China already has the condition of vehicle information acquisition, and the requirements on real-time performance and safety of vehicle-ground data transmission are higher and higher.
The traditional vehicle-ground mobile communication private network, 4G mobile communication network, WLAN, satellite communication and other vehicle-ground communication wireless technologies have certain limitations, and can not completely meet the requirements of intelligent operation and maintenance and other systems on vehicle-ground seamless data transmission. With the development of communication technology, 5G communication technology is gradually applied to rail transit data transmission. At present, the application research and the test of the 5G communication in the railway field are started at home and abroad. Communication is the first of new infrastructures. At present, the application research and the test of the 5G communication in the railway field are started at home and abroad. Train Control System (ETCS) based on 5G technology is researched by European railway, and train control System tests below 200km/h are developed; korea has conducted a test of an automatic train control system based on the 5G technology on its dedicated track test line; the Japan adopts the frequency spectrum of 28GHz to complete the transmission test of the 4K monitoring video; china implements public network 5G coverage engineering at partial stations and lines, develops millimeter wave point-to-point high-capacity data transmission application at several typical stations, builds a railway 5G-R private network test environment at a circuit railway test base and prepares to develop related tests.
The existing subway ground wireless transmission system transmits the running state information and the fault information of the vehicle to an operation monitoring center in real time, analyzes and processes the information in real time, and realizes the whole-course tracking and fault early warning of the running state of the vehicle. The general implementation method is as follows: the vehicle-mounted host computer collects data of a vehicle MVB bus and an Ethernet bus according to a sampling period of 500ms or 1s, and then sends the data to the server in a 4G or WLAN mode.
Because dozens of trains usually run simultaneously on one subway line, each train needs to push data to a ground cloud server in real time, and if the data encryption and decryption algorithm is complex, the server is overloaded in analyzing data, and even serious packet loss is caused.
Disclosure of Invention
In order to solve the technical problems in the prior art, the invention provides an encryption method, an encryption device, computer equipment and a storage medium for vehicle-mounted data, after the full automation of a group raid function is realized, a plurality of use cases can be placed in the same task in an automatic test system to automatically execute tests according to the sequence, and the group raid operation of each use case is automatically completed.
In order to achieve the above purpose, the embodiment of the present invention provides the following technical solutions:
according to a first aspect of the present invention, there is provided a method for encrypting in-vehicle data, the method comprising the steps of:
acquiring data to be encrypted, wherein the data to be encrypted is a character string to be encrypted;
randomly selecting an encryption method, generating random numbers, and acquiring a designated character string based on the character string to be encrypted and the random numbers;
encrypting the designated character string according to a randomly selected encryption method, and generating an encrypted designated character string;
the encrypted specified character string after the encryption processing is arranged and combined to generate an encrypted character string.
As a further scheme of the present invention, the data to be encrypted comes from two bus data of the train, which are MVB bus data and ethernet bus data respectively.
As a further scheme of the invention, MVB bus data is acquired by using a sampling mode, and Ethernet bus data is acquired by using a blocking monitoring mode.
As a further scheme of the invention, the designated character string is a part selected from the editing position of the character string to be encrypted according to the value of the random number, and the designated character is a corresponding character of the value of the random number in the designated character string.
As a further aspect of the present invention, an encryption method includes:
randomly sequencing the communication data frames of the character string to be encrypted, wherein each data frame is assigned with a number n in random sequencing;
two random quantities, namely the number n of the data frame and the effective data length m of the data frame, are selected as encryption and decryption factors.
According to a second aspect of the invention, an encryption device for rail transit vehicle-mounted data is provided, and the device comprises:
and the data acquisition module is configured to acquire the data to be encrypted, and the data to be encrypted is the character string to be encrypted.
An encryption module configured to randomly select an encryption method and generate a random number, acquire a specified character string based on a character string to be encrypted and the random number, encrypt the specified character string according to the randomly selected encryption method, and generate an encrypted specified character string;
and generating an encryption string configured to generate an encryption string by performing string arrangement and combination on the encrypted designated characters after the encryption processing.
According to a third aspect of the present invention, there is provided a computer device comprising a memory and a processor, the memory storing a computer program, the processor implementing the steps of the encryption method of vehicle-mounted data as described above when loading and executing the computer program.
According to a fourth aspect of the present invention, there is provided a communication system comprising at least one computer device and a ground application device. Wherein the computer device is communicatively coupled to the ground application device.
As a further scheme of the invention, the computer equipment is provided with a plurality of Ethernet communication interfaces and a MVB communication interface.
The technical scheme provided by the invention has the following beneficial effects:
according to the vehicle-mounted data encryption method, the vehicle-mounted data encryption device, the computer equipment and the storage medium, due to the fact that the bytes are subjected to direct exclusive-or operation in the encryption and decryption process, cyclic redundancy calculation similar to other algorithms is not involved, the calculation speed is high, and the CPU load is low. And because each key sequence has strong randomness and variability, the data security can be guaranteed to the maximum extent. The data frame encryption algorithm effectively solves the problem of safe encryption of the data completely transmitted by the train.
Drawings
Fig. 1 is a flowchart of an encryption method for rail transit vehicle-mounted data according to an embodiment of the invention;
fig. 2 is a block diagram of an encryption device for rail transit vehicle-mounted data according to an embodiment of the present invention;
fig. 3 is a block diagram of a communication system according to an embodiment of the present invention.
In the figure: the device comprises a data acquisition module-100, an encryption module-200 and an encryption character string generation module-300.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The flowcharts shown in the figures are illustrative only and do not necessarily include all of the contents and operations/steps, nor do they necessarily have to be performed in the order described. For example, some operations/steps may be decomposed, combined or partially combined, so that the actual execution sequence may be changed according to the actual situation.
It is to be understood that the terminology used in the description of the invention herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. As used in this specification and the appended claims, the singular forms "a", "an", and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise.
At present, a general encryption algorithm is a general name of an encryption algorithm and a decryption algorithm and is the core of a cryptosystem. A cryptographic algorithm may be viewed as a combination of transformations, where when the input is plaintext, the output is ciphertext. On the contrary, when the input is the ciphertext, the plaintext is output through the password transformation, and the process of the divulgence exchange is carried out. A common encryption algorithm is: AES/RSA/ECC/Diffie-helioman, SHA-1/SHA-256. The disadvantages are that the methods need bit-by-bit operation when decrypting, and the CPU load is large. Meanwhile, the encryption and decryption algorithms are public and have a cracking method, so that the efficiency and the safety are not good enough.
The time byte used in the encryption and decryption process of the invention is directly subjected to exclusive OR operation, and cyclic redundancy calculation similar to other algorithms is not involved, so the calculation speed is high, and the CPU load is low.
Specifically, the embodiments of the present invention will be further explained below with reference to the drawings.
Referring to fig. 1, fig. 1 is a flowchart illustrating an encryption method for vehicle-mounted data according to an embodiment of the present invention, and as shown in fig. 1, the encryption method for vehicle-mounted data includes steps S10 to S30.
S10, data to be encrypted is obtained, and the data to be encrypted is a character string to be encrypted.
The data to be encrypted come from two bus data of the train, namely MVB bus data and Ethernet bus data, and the two bus data are binary byte stream arrays.
In the embodiment of the invention, the MVB bus data is acquired in a sampling mode, and for each destination port (each train subsystem can allocate one or a plurality of port addresses for sending MVB control data), sampling is performed according to a characteristic period, wherein the characteristic period respectively comprises 32ms, 64ms, 128ms, 256ms, 512ms and 1024ms. The data length is in the range of 4 to 32 bytes.
In the embodiment of the invention, the Ethernet bus data is acquired by using a blocking monitoring mode, namely, the host equipment always monitors the bus, and when the subsystem sends the UDP multicast data message, the subsystem can capture and enter the application program.
S20, randomly selecting an encryption method, generating random numbers, and acquiring designated character strings based on the character strings to be encrypted and the random numbers;
and encrypting the designated character string according to the randomly selected encryption method, and generating the encrypted designated character string.
The encryption method comprises a character adding encryption method and a transposition encryption method.
The appointed character string is a part selected from an editing position of the character string to be encrypted according to the value of the random number, and the appointed character is a character corresponding to the value of the random number in the appointed character string.
The encryption method comprises the following steps:
randomly sequencing the communication data frames of the character string to be encrypted, wherein each data frame is assigned with a number n in random sequencing;
and selecting two random quantities of the serial number n of the data frame and the effective data length m of the data frame as encryption and decryption factors.
In the embodiment of the invention, all data frames of train-ground communication are randomly ordered according to the manual system debugging sequence of the train-related subsystems, each data frame is assigned with a number n in random ordering, and the range of the number n is more than or equal to 1 and less than or equal to 311. In addition, each communication data frame has its own valid data length m, for example, the shortest valid data length is 4 bytes, and the longest valid data length is 3792 bytes, which are also uncertainties that change at any time according to the subsystem-related data frame and project requirements. The invention selects the two random quantities as encryption and decryption factors, namely a data frame number n and a data frame length m. Because the document is inserted and the data length is changed in the debugging process, n and m are changed in the shunting process, and the probability of capturing in advance is extremely low. The safety of data can be guaranteed.
Based on the above data frame number n and data length m, a set of keys consistent with the data length is uniquely generated. The initial value of this key is the remainder of n and 255, with the position number 0. Let key [0] = n%255.
And obtaining the value of the 0-position encrypted data secret [0] by using the exclusive OR of the value of the key [0] with the position of 0 and the value of the data [0] to be encrypted at the same position.
In the embodiment of the invention, m-1 length key sequences are also generated for m-1 length data after the data to be encrypted, and the value of each key sequence position is key [ m ] = (n + m-1)% 255. That is, the entire key sequence has a value of (n)% 255, (n + 1)% 255, (n + 2)% 255 \ 8230; data sequence of (n + m-1)% 255. Since the number and data length of each data frame are uniquely determined in two dimensions, the key sequence of each data frame is uniquely determined. During encryption, a sending end directly uses each byte of effective data of a data frame to XOR a corresponding byte of a key sequence to generate a ciphertext, namely secret [ i ] = key [ i ] < Lambda data [ i ], wherein i is more than or equal to 0 and less than or equal to m-1.
After the key sequence generated in the S20 manner, plaintext identification information (port address, timestamp, length) is added to form an encrypted data stream in which plaintext and ciphertext are mixed.
And S30, carrying out permutation and combination on the encrypted designated character strings after the encryption processing to generate the encrypted character strings.
The invention has the advantages that the number and the data length of each data frame are uniquely determined, so that the key sequence of each data frame is uniquely determined. When encrypting, the sending end directly uses each byte of the effective data of the data frame to XOR the corresponding byte of the key sequence to generate the cryptograph, namely data [0] < Lambda > (n)% 255, data [1] < Lambda > (n + 1)% 255 \8230 \ 8230, data [ m-1] < Lambda > (n + m)% 255. The effective data part is encrypted, and the header information is not encrypted, so that the CPU load can be further saved. When in decryption, the algorithms are consistent, and the plaintext can be obtained by sequentially carrying out XOR on all bytes of the key sequence by using all bytes of the received ciphertext sequence.
The invention has the advantages of high calculation speed and low CPU load because the byte direct exclusive OR operation is used in the encryption and decryption process and the cyclic redundancy calculation similar to other algorithms is not involved. And because each key sequence has strong randomness and variability, the data security can be guaranteed to the maximum extent. The data frame encryption algorithm of the invention effectively solves the problem of safe encryption of the data completely transmitted by the train.
It should be understood that although the steps are described above in a certain order, the steps are not necessarily performed in the order described. The steps are not limited to being performed in the exact order illustrated and, unless explicitly stated herein, may be performed in other orders. Moreover, some steps of the present embodiment may include multiple steps or multiple stages, which are not necessarily performed at the same time, but may be performed at different times, and the order of performing the steps or stages is not necessarily sequential, but may be performed alternately or in turns with other steps or at least a part of the steps or stages in other steps.
In one embodiment, referring to fig. 3, in an embodiment of the present invention, an encryption apparatus for rail transit vehicle-mounted data is further provided, and the apparatus includes a data acquisition module 100, an encryption module 200, and an encryption character string generation module 300.
The data obtaining module 100 is configured to obtain data to be encrypted, where the data to be encrypted is a character string to be encrypted.
The data obtaining module 100 obtains data to be encrypted from an MVB bus ethernet bus, where the obtained data to be encrypted are all binary byte stream arrays.
In the embodiment of the invention, data to be encrypted of the MVB bus is acquired by using a sampling mode, and for each host port (each train subsystem can allocate one or a plurality of port addresses for sending MVB control data), sampling is performed according to a characteristic period, wherein the characteristic period is respectively 32ms, 64ms, 128ms, 256ms, 512ms and 1024ms. The data length is in the range of 4 to 32 bytes.
In the embodiment of the invention, the data to be encrypted of the Ethernet bus is acquired by using a blocking monitoring mode, namely, the host equipment always monitors the bus, and when the subsystem sends the UDP multicast data message, the subsystem can capture and enter the application program.
The encryption module 200 is used for randomly selecting an encryption method, generating random numbers and acquiring a designated character string based on the character string to be encrypted and the random numbers; and encrypting the designated character string according to the randomly selected encryption method, and generating the encrypted designated character string.
The encryption method comprises a character adding encryption method and a transposition encryption method.
The appointed character string is a part selected from an editing position of the character string to be encrypted according to the value of the random number, and the appointed character is a character corresponding to the value of the random number in the appointed character string.
The encryption method comprises the following steps:
randomly sequencing communication data frames of the character string to be encrypted, wherein each data frame is assigned with a number n in random sequencing;
two random quantities, namely the number n of the data frame and the effective data length m of the data frame, are selected as encryption and decryption factors.
In the embodiment of the invention, all data frames of train-ground communication are randomly ordered according to the manual system debugging sequence of the train related subsystems, each data frame is assigned with a number n in random ordering, and the range of the number n is more than or equal to 1 and less than or equal to 311. In addition, each communication data frame has its own effective data length m, for example, the shortest effective data length of the data frame is 4 bytes, and the longest effective data length is 3792 bytes, which are also uncertainties that change at any time according to the related data frame and project requirements of the subsystem. The invention selects the two random quantities as encryption and decryption factors, namely a data frame number n and a data frame length m. Because the document is inserted and the data length is changed in the debugging process, n and m are changed in the shunting process, and the probability of capturing in advance is extremely low. The safety of data can be guaranteed.
Based on the above data frame number n and data length m, a set of keys consistent with the data length is uniquely generated. The initial value of this key is the remainder of n and 255, with the position number 0. Note key [0] = n%255.
And XOR is carried out by the key [0] value at the position of 0 and the data [0] to be encrypted at the same position to obtain the encrypted data secret [0] value at the position of 0.
In the embodiment of the invention, m-1 length key sequences are also generated for m-1 length data after the data to be encrypted, and the value of each key sequence position is key [ m ] = (n + m-1)% 255. That is, the entire key sequence has a value of (n)% 255, (n + 1)% 255, (n + 2)% 255 \8230; (n + m-1)% 255 data sequence. Since the number and data length of each data frame are uniquely determined in two dimensions, the key sequence of each data frame is uniquely determined. During encryption, a sending end directly uses each byte of effective data of a data frame to XOR a corresponding byte of a key sequence thereof to generate a ciphertext, namely secret [ i ] = key [ i ] ^ data [ i ], wherein i is more than or equal to 0 and less than or equal to m-1.
After the generated key sequence, plaintext identification information (port address, timestamp, length) is added to form a plaintext-ciphertext mixed encrypted data stream.
The encrypted character string generation 300 is configured to perform string arrangement and combination on the encrypted designated characters after the encryption processing, and generate an encrypted character string.
The invention has the advantages that the number and the data length of each data frame are uniquely determined, so that the key sequence of each data frame is uniquely determined. When encrypting, the sending end directly uses each byte of the effective data of the data frame to XOR the corresponding byte of the key sequence to generate the cryptograph, namely data [0] < Lambda > (n)% 255, data [1] < Lambda > (n + 1)% 255 \8230 \ 8230, data [ m-1] < Lambda > (n + m)% 255. The effective data part is encrypted, and the header information is not encrypted, so that the CPU load can be further saved. When in decryption, the algorithms are consistent, and each byte of the received ciphertext sequence can be used for sequentially carrying out XOR on each byte of the key sequence to obtain a plaintext.
In one embodiment, a computer device is further provided in the embodiments of the present invention, and includes at least one processor, and a memory communicatively connected to the at least one processor, where the memory stores instructions executable by the at least one processor, and the instructions are executed by the at least one processor to cause the at least one processor to execute the method for encrypting the vehicle-mounted data, and the processor executes the instructions to implement the steps in the above method embodiments.
The computer equipment comprises user equipment and network equipment. Wherein the user equipment includes but is not limited to computers, smart phones, PDAs, etc.; the network device includes, but is not limited to, a single network server, a server group consisting of a plurality of network servers, or a Cloud Computing (Cloud Computing) based Cloud consisting of a large number of computers or network servers, wherein Cloud Computing is one of distributed Computing, a super virtual computer consisting of a collection of loosely coupled computers. Wherein, the computer equipment can be operated alone to realize the invention, and also can be accessed into the network and realize the invention through the interactive operation with other computer equipment in the network. The network in which the computer device is located includes, but is not limited to, the internet, a wide area network, a metropolitan area network, a local area network, a VPN network, and the like.
It should also be understood that the term "and/or" as used in this specification and the appended claims refers to and includes any and all possible combinations of one or more of the associated listed items.
In an embodiment of the present invention, a storage medium is also provided, on which a computer program is stored, which computer program, when being executed by a processor, carries out the steps of the above-mentioned method embodiments.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above may be implemented by hardware instructions of a computer program, which may be stored in a non-volatile computer-readable storage medium, and when executed, the computer program may include the processes of the embodiments of the methods described above. Any reference to memory, storage, database or other medium used in embodiments provided herein may include at least one of non-volatile and volatile memory.
In one embodiment, referring to fig. 3, a communication system is also provided in an embodiment of the present invention, the communication system comprising at least one computer device and a ground application device; the computer device is in communication connection with the ground application device.
In an embodiment of the present invention, wherein the computer devices are provided on a vehicle, not less than two computer devices are provided on the vehicle.
The computer equipment is provided with a plurality of Ethernet communication interfaces and a MVB communication interface.
In an embodiment of the present invention, the ethernet communication interface includes an ETH1 communication interface and an ETH2 communication interface.
In the embodiment of the invention, the ETH1 communication interface is mainly responsible for collecting data of each Ethernet communication subsystem of the train, is responsible for redundant contact communication of WTS at two ends of the same train, and allows RDAS (WTS adaptive desktop data analysis software) connection.
In an embodiment of the invention, WTS's at both ends of the same train use ETH1 for redundant contact. And the WTS at two ends respectively uses UDP to send contact messages at intervals of 100ms, and the messages carry master-slave identification. The master machine and the slave machine work simultaneously, but only the master machine reports real-time data to the ground application equipment.
In the embodiment of the invention, the host computer is electrified and started, and can start to work normally after the self-checking is finished, without judging the working state of the slave computer.
In the embodiment of the invention, the slave computer is electrified and started for 30s or continuously works for 1s in the normal working period, and if the master computer redundant contact signal is not received, the work of reporting the real-time data is taken over. When the slave takes over the real-time data reporting period, if the host redundancy contact message is received suddenly, the real-time data reporting operation is stopped immediately, and the operation mode is switched to the slave default operation mode. At this time, the host receives the report operation.
In an embodiment of the present invention, the ETH2 communication interface is primarily responsible for communication between the WTS and the ground application. The WTS sends real-time data to ground application equipment every 500ms by using a TCP mode through an ETH2 communication interface. Each WTS and ground application equipment maintain a TCP long connection mode, and only the main WTS reports data in real time. Meanwhile, the WTS periodically (configurable) transmits the data record file to the ground application equipment in an FTP mode.
Real-time data TCP connection port: 32100
Real-time data reporting period: 500ms
TCP long connections are maintained (always connected after connection and re-try connection immediately once disconnected).
In the embodiment of the invention, the MVB communication interface is mainly responsible for collecting data of each MVB communication subsystem of the train. The train MVB subsystem comprises a CCU and the like (TBD).
The WTS generates a historical data record file every fixed time (period is modifiable) and uploads the historical data record file to the ground expert system, and the historical data record file contains flight records (data frames transmitted on the bus) of all data frames of the Ethernet and the MVB within the fixed time. The file size is not fixed, and the flight records of the data frames in the file are arranged according to the flight time stamps. In order to prevent data loss, the WTS is internally provided with a 64G local storage space, and historical data recording files can be backed up in a distributed mode. Meanwhile, in order to save storage space, a zip compression mode (compressible by 10-15 times) is used for files.
The above description is intended to be illustrative of the preferred embodiment of the present invention and should not be taken as limiting the invention, but rather, the intention is to cover all modifications, equivalents, and alternatives falling within the spirit and scope of the invention.
The foregoing is an exemplary embodiment of the present disclosure, but it should be noted that various changes and modifications could be made herein without departing from the scope of the present disclosure as defined by the appended claims. The functions, steps and/or actions of the method claims in accordance with the disclosed embodiments described herein need not be performed in any particular order. Furthermore, although elements of the embodiments of the invention may be described or claimed in the singular, the plural is contemplated unless limitation to the singular is explicitly stated.
It should be understood that, as used herein, the singular forms "a", "an" and "the" are intended to include the plural forms as well, unless the context clearly supports the exception. It should also be understood that "and/or" as used herein is meant to include any and all possible combinations of one or more of the associated listed items. The numbers of the embodiments disclosed in the embodiments of the present invention are merely for description, and do not represent the merits of the embodiments.
Those of ordinary skill in the art will understand that: the discussion of any embodiment above is meant to be exemplary only, and is not intended to intimate that the scope of the disclosure, including the claims, of embodiments of the invention is limited to these examples; within the idea of an embodiment of the invention, also combinations between technical features in the above embodiments or in different embodiments are possible, and there are many other variations of the different aspects of the embodiments of the invention as described above, which are not provided in detail for the sake of brevity. Therefore, any omissions, modifications, substitutions, improvements, and the like that may be made without departing from the spirit and principles of the embodiments of the present invention are intended to be included within the scope of the embodiments of the present invention.

Claims (10)

1. A method for encrypting vehicle-mounted data is characterized by comprising the following steps:
acquiring data to be encrypted, wherein the data to be encrypted is a character string to be encrypted;
randomly selecting an encryption method and generating random numbers, and acquiring a designated character string based on the character string to be encrypted and the random numbers;
encrypting the designated character string according to the randomly selected encryption method, and generating an encrypted designated character string;
and arranging and combining the encrypted designated character strings after encryption processing to generate an encrypted character string.
2. The method for encrypting the vehicle-mounted data according to claim 1, wherein the data to be encrypted is two bus data from a train, namely MVB bus data and Ethernet bus data.
3. The vehicle-mounted data encryption method according to claim 2, wherein the MVB bus data is obtained by a sampling mode, and the Ethernet bus data is obtained by a blocking monitoring mode.
4. The method for encrypting vehicle-mounted data according to claim 1, wherein the designated character string is a portion selected from an edit position of the character string to be encrypted according to the value of the random number, and the designated character is a corresponding character of the value of the random number in the designated character string.
5. The encryption method for vehicle-mounted data according to claim 1, wherein the encryption method comprises a character adding encryption method and a transposition encryption method.
6. The encryption method of the in-vehicle data according to claim 5, characterized by comprising:
randomly sequencing communication data frames of the character string to be encrypted, wherein each data frame is assigned with a number n in random sequencing;
two random quantities, namely the number n of the data frame and the effective data length m of the data frame, are selected as encryption and decryption factors.
7. An encryption device for rail transit vehicle-mounted data is characterized by comprising:
the data acquisition module is configured to acquire data to be encrypted, wherein the data to be encrypted is a character string to be encrypted;
the encryption module is configured for randomly selecting an encryption method and generating random numbers, acquiring an appointed character string based on the character string to be encrypted and the random numbers, encrypting the appointed character string according to the randomly selected encryption method and generating an encrypted appointed character string;
and generating an encryption character string, wherein the encryption character string is configured to be used for carrying out string arrangement and combination on the encryption designated characters after the encryption processing to generate the encryption character string.
8. A computer device comprising a memory storing a computer program and a processor implementing the steps of the encryption method of in-vehicle data according to any one of claims 1 to 6 when the computer program is loaded and executed.
9. A communication system, comprising at least one computer device of claim 8 and a ground application device, wherein the computer device is communicatively coupled to the ground application device.
10. The communication system of claim 9, wherein the computer device is configured with multiple ethernet communication interfaces and one MVB communication interface.
CN202211065590.7A 2022-09-01 2022-09-01 Vehicle-mounted data encryption method and device, computer equipment and communication system Pending CN115361669A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211065590.7A CN115361669A (en) 2022-09-01 2022-09-01 Vehicle-mounted data encryption method and device, computer equipment and communication system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211065590.7A CN115361669A (en) 2022-09-01 2022-09-01 Vehicle-mounted data encryption method and device, computer equipment and communication system

Publications (1)

Publication Number Publication Date
CN115361669A true CN115361669A (en) 2022-11-18

Family

ID=84004603

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211065590.7A Pending CN115361669A (en) 2022-09-01 2022-09-01 Vehicle-mounted data encryption method and device, computer equipment and communication system

Country Status (1)

Country Link
CN (1) CN115361669A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117579392A (en) * 2024-01-16 2024-02-20 北京富通亚讯网络信息技术有限公司 Reliable data transmission method, device, equipment and medium based on encryption processing

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117579392A (en) * 2024-01-16 2024-02-20 北京富通亚讯网络信息技术有限公司 Reliable data transmission method, device, equipment and medium based on encryption processing
CN117579392B (en) * 2024-01-16 2024-04-16 北京富通亚讯网络信息技术有限公司 Reliable data transmission method, device, equipment and medium based on encryption processing

Similar Documents

Publication Publication Date Title
CN108092769B (en) Quantum cipher network reliable encryption transmission system and method
US8401186B2 (en) Cloud storage data access method, apparatus and system based on OTP
CN111555872B (en) Communication data processing method, device, computer system and storage medium
CN107786404B (en) Safety realization method and device for industrial internet field layer broadband bus architecture
CN103530201A (en) Safety data repetition removing method and system applicable to backup system
CN206712810U (en) A kind of high speed password card based on PCI E buses
CN109922047B (en) Image transmission system and method
CN100440775C (en) Encryption communication method and device
CN115361669A (en) Vehicle-mounted data encryption method and device, computer equipment and communication system
CN106453391A (en) Long repeating data encryption and transmission method and system
WO2012071718A1 (en) Method, apparatus and system for storing and retreving data of cloud storage
CN115022102B (en) Transmission line monitoring data transmission method and device, computer equipment and storage medium
CN112491532A (en) Video data encryption method and device, storage medium and electronic equipment
CN111811666A (en) Electric power Internet of things infrared switch temperature measurement method and device
CN113434474B (en) Flow auditing method, equipment and storage medium based on federal learning
CN113489589A (en) Data encryption and decryption method and device and electronic equipment
CN114244635B (en) Encryption type data coding method of communication equipment
CN115967790A (en) Monitoring system and monitoring data encryption transmission method
CN117439744A (en) Service data transmission method and device based on service security level
CN111510916B (en) WAMS data encryption and decryption method, device and system
CN112118095A (en) Engineering machinery CAN bus random number generation method and system and identity authentication system
CN106844574A (en) A kind of synchronous method and apparatus of teledata
CN111030804A (en) Fault information transmission method, device, system, equipment and storage medium
CN116915501B (en) Internet of things information security management method and system
CN113055881A (en) 5G network technology-based large-flow high-speed data transmission method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination