CN115457687A - Safety configuration method and system for intelligent pole - Google Patents
Safety configuration method and system for intelligent pole Download PDFInfo
- Publication number
- CN115457687A CN115457687A CN202211124024.9A CN202211124024A CN115457687A CN 115457687 A CN115457687 A CN 115457687A CN 202211124024 A CN202211124024 A CN 202211124024A CN 115457687 A CN115457687 A CN 115457687A
- Authority
- CN
- China
- Prior art keywords
- intelligent
- security configuration
- key
- legal
- password key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 40
- 238000004422 calculation algorithm Methods 0.000 claims description 15
- 230000005540 biological transmission Effects 0.000 claims description 9
- 238000013475 authorization Methods 0.000 claims description 5
- 238000004590 computer program Methods 0.000 description 10
- 238000010586 diagram Methods 0.000 description 10
- 230000006870 function Effects 0.000 description 4
- 238000012545 processing Methods 0.000 description 4
- 238000004364 calculation method Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 206010039203 Road traffic accident Diseases 0.000 description 1
- 238000012550 audit Methods 0.000 description 1
- 230000006399 behavior Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000008685 targeting Effects 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/00174—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
- G07C9/00857—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys where the code of the data carrier can be programmed
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/085—Secret sharing or secret splitting, e.g. threshold schemes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Small-Scale Networks (AREA)
- Storage Device Security (AREA)
Abstract
A method of secure configuration of a smart pole, comprising: starting a security configuration tool; random number authentication is carried out through SCSI instructions and legal intelligent cipher keys to generate hardware random numbers, and SM4 shared secret key factors are generated according to the hardware random numbers; reading the sequence tag data of the intelligent rod through the Ethernet, sending the sequence tag data to the intelligent password key, matching the sequence tag data and authorizing to be legal; encrypting sequence label data with a heartbeat packet, and sending the sequence label data to the intelligent password key through the SCSI instruction; after the sequence tag data with the heartbeat packet is decrypted, judging whether the sequence tag data with the heartbeat packet is legal or not; when the sequence label data with the heartbeat package is legal and authorizes the intelligent password key, the intelligent rod enters a normal configuration mode, and the safety configuration tool generates an authority certificate and sends the authority certificate to the platform end and the intelligent rod. The security configuration method provided by the invention ensures that the configuration between the intelligent rod and the intelligent password key is safer through the security configuration tool.
Description
Technical Field
The application relates to the technical field of communication safety, in particular to a safety configuration method and system of an intelligent pole.
Background
Along with the progress of science and technology, various intelligent devices can be integrated into the intelligent rod system, various intelligent devices on the intelligent rod are controlled and managed through the intelligent platform, and meanwhile, video identification of a fixed scene is achieved through the internet, so that environment monitoring and information network sharing are achieved. However, before the normal business and scene operation of the existing intelligent pole, the manual scene configuration of the field intelligent pole is needed, the procedure is long and complicated, and the safety is low.
Disclosure of Invention
In view of the above, an object of the present invention is to provide a method and a system for configuring security of a smart stick, so as to solve the problem of low security caused by the need of manual scene configuration of a field smart stick in the prior art.
In order to achieve the purpose, the technical scheme of the application is realized as follows:
in a first aspect, the present application provides a security configuration method for a smart pole, the security configuration method comprising:
starting a security configuration tool by the smart key;
the security configuration tool carries out random number authentication with a legal intelligent cipher key through an SCSI instruction to generate a hardware random number, and generates a factor of an SM4 shared secret key according to the hardware random number;
the security configuration tool reads sequence tag data of the smart pole through Ethernet according to the SM4 shared key factor, and sends the sequence tag data to the smart password key, and the smart password key matches and authorizes the sequence tag data to be legal;
the security configuration tool encrypts sequence label data with a heartbeat packet and sends the sequence label data to the intelligent password key through the SCSI instruction;
after the intelligent password key decrypts the sequence label data with the heartbeat packet, judging whether the sequence label data with the heartbeat packet is legal or not, if not, quitting and generating a log;
and when the sequence label data with the heartbeat packet is legal and authorizes the intelligent password key, the intelligent rod enters a normal configuration mode, and the security configuration tool generates an authority certificate and sends the authority certificate to the platform end and the intelligent rod.
In one embodiment, after the security configuration tool is started by the smart key, the security configuration method includes:
the security configuration tool sends the SCSI instruction to the intelligent password key;
and the security configuration tool receives a return result of the SCSI instruction sent by the intelligent password key, judges whether the intelligent password key is legal or not according to the return result of the SCSI instruction, and quits and generates a log if the intelligent password key is not legal.
In an embodiment, after the security configuration tool performs random number authentication with a legal smart key through a SCSI command to generate a hardware random number, and generates a factor of an SM4 shared key according to the hardware random number, the security configuration method includes:
the intelligent cryptographic key and the security configuration tool respectively generate SM4 shared keys according to the factors of the SM4 shared keys;
the security configuration tool encrypts a negotiation identifier according to the SM4 shared key and sends the negotiation identifier to the intelligent password key through the SCSI instruction;
after the intelligent password key decrypts the negotiation identifier, judging whether the decrypted negotiation identifier is legal or not, and if not, quitting and generating a log;
and when the negotiation identifier is legal, establishing a transmission channel through an SM4 cryptographic algorithm according to the SM4 shared key.
In an embodiment, after determining whether the sequence tag data with the heartbeat packet is legal, the security configuration method includes:
and when the sequence label data with the heartbeat package is legal, the safety configuration tool starts a normal configuration mode of the intelligent rod.
In one embodiment, the time unit of the heartbeat packet is second, minute or time; the intelligent pole comprises an intelligent pole edge computing unit or an intelligent pole gateway, and the time unit of the heartbeat packet is dynamically adjusted according to the program content metadata of the playing unit connected with the intelligent pole edge computing unit or the intelligent pole gateway.
In a second aspect, the present application provides a security configuration system for a smart pole, the security configuration system comprising:
the starting module is used for controlling the intelligent password key to start the security configuration tool;
the first generation module is used for controlling the security configuration tool to carry out random number authentication with a legal intelligent cipher key through an SCSI instruction, generating a hardware random number and generating an SM4 shared secret key factor according to the hardware random number;
the reading module is used for controlling the security configuration tool to read sequence tag data of the intelligent pole through Ethernet according to the SM4 shared key factor and sending the sequence tag data to the intelligent password key, and the intelligent password key matches the sequence tag data and authorizes the sequence tag data to be legal;
the first sending module is used for controlling the security configuration tool to encrypt sequence label data with heartbeat packets and sending the sequence label data to the intelligent password key through the SCSI instruction;
the first decryption module is used for controlling the intelligent password key to decrypt the sequence label data with the heartbeat packet, judging whether the sequence label data with the heartbeat packet is legal or not, and quitting and generating a log when the sequence label data is illegal;
and the authorization module is used for controlling the intelligent pole to enter a normal configuration mode after the sequence tag data with the heartbeat packet is legal and authorizes the intelligent password key, and the safety configuration tool generates an authority certificate and sends the authority certificate to the platform end and the intelligent pole.
In one embodiment, the security configuration system comprises:
the second sending module is used for controlling the security configuration tool to send the SCSI instruction to the intelligent password key;
and the receiving module is used for controlling the security configuration tool to receive a returned result of the SCSI instruction sent by the intelligent password key, judging whether the intelligent password key is legal or not according to the returned result of the SCSI instruction, and quitting and generating a log when the intelligent password key is illegal.
In one embodiment, the security configuration system comprises:
a second generation module, configured to control the smart cryptographic key and the security configuration tool to generate an SM4 shared key according to the factors of the SM4 shared key, respectively;
the encryption module is used for controlling the security configuration tool to encrypt a negotiation identifier according to the SM4 shared key and sending the negotiation identifier to the intelligent password key through the SCSI instruction;
the second decryption module is used for controlling the intelligent password key to decrypt the negotiation identifier, judging whether the decrypted negotiation identifier is legal or not, and quitting and generating a log when the negotiation identifier is illegal;
and the establishing module is used for controlling that a transmission channel is established through an SM4 cryptographic algorithm according to the SM4 shared key when the negotiation identifier is legal.
In one embodiment, the secure configuration system comprises:
and the opening module is used for controlling the safety configuration tool to open the normal configuration mode of the intelligent rod when the sequence tag data with the heartbeat packet is legal.
In one embodiment, the time unit of the heartbeat packet is second, minute or time; the intelligent pole comprises an intelligent pole edge computing unit or an intelligent pole gateway, and the time unit of the heartbeat packet is dynamically adjusted according to the program content metadata of the playing unit connected with the intelligent pole edge computing unit or the intelligent pole gateway.
From the above, the present invention provides a method for configuring security of a smart pole, comprising: starting a security configuration tool; random number authentication is carried out through the SCSI instruction and a legal intelligent cipher key to generate a hardware random number, and an SM4 shared secret key factor is generated according to the hardware random number; reading sequence tag data of the intelligent pole through the Ethernet, sending the sequence tag data to the intelligent password key, matching the sequence tag data and authorizing legality; encrypting sequence label data with a heartbeat packet, and sending the sequence label data to the intelligent password key through the SCSI instruction; after the sequence tag data with the heartbeat packet is decrypted, judging whether the sequence tag data with the heartbeat packet is legal or not; when the sequence label data with the heartbeat package is legal and authorizes the intelligent password key, the intelligent rod enters a normal configuration mode, and the safety configuration tool generates an authority certificate and sends the authority certificate to the platform end and the intelligent rod. According to the security configuration method provided by the invention, the configuration between the intelligent rod and the intelligent password key is safer through the security configuration tool. In addition, when the intelligent password key is illegal, a log capable of recording historical information is generated, so that trace tracing in the process of the security configuration method is effectively realized, data leakage can be effectively prevented, the illegal intelligent password key is recorded, the authentication security is improved, and convenience is realized.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are required to be used in the embodiments will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present application and therefore should not be considered as limiting the scope, and for those skilled in the art, other related drawings can be obtained from the drawings without inventive effort.
Fig. 1 is a flowchart of a method of configuring a smart pole according to the present disclosure.
Fig. 2 is an architecture diagram of a security configuration method of a smart pole provided in the present application.
Fig. 3 is a block diagram illustrating a security configuration system of a smart pole according to the present application.
Detailed Description
Specific embodiments of the present application will now be described in detail with reference to the accompanying drawings. It is to be understood that the described embodiments are merely a few embodiments of the present application and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the description of the present application without inventive step, are within the scope of the present application.
In the description of the present application, unless otherwise expressly specified or limited, the terms "disposed," "mounted," "connected," and the like are to be construed broadly, e.g., as meaning a fixed connection, a removable connection, or an integral connection; can be mechanically or electrically connected; may be directly connected or indirectly connected through an intermediate. The specific meaning of the above terms can be understood as a special case for those of ordinary skill in the art.
The terms "first," "second," "third," and the like are used solely to distinguish between similar items or elements and not to indicate or imply relative importance or a particular order.
The terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, including not only those elements listed, but also other elements not expressly listed.
Referring to fig. 1 and fig. 2, fig. 1 is a flowchart illustrating a method for configuring a security of a smart pole according to the present application. Fig. 2 is an architecture diagram of a security configuration method for a smart pole according to the present application.
The application provides a safety configuration method of a smart pole, comprising the following steps:
and S110, starting the security configuration tool by the intelligent password key.
In an embodiment, the smart cryptographic key may be referred to as a UKey, for example, the UKey is a component of an internet of things device (including a smart pole), and the internet of things device accesses the UKey through a USB2.0 interface. For example, ukey is also called UsbKey, is a hardware device, and is implemented by a built-in single chip microcomputer or a smart card chip, and the UsbKey communicates with a security configuration tool through a USB interface under a USB protocol. Information such as private keys and security certificates of users or intelligent poles can be stored in the internal storage space of UKey. The key information stored inside the UKey is accessed through an API (application programming interface) provided by a manufacturer, the key can be only used inside the UKey and cannot be read from the outside, all encryption and decryption operations are performed inside the UKey, encrypted data are guaranteed not to be tampered, and safety is improved.
And S111, the security configuration tool sends the SCSI instruction to the intelligent password key.
After the security configuration tool is started by the intelligent password key, for example, the UsbKey communicates with the security configuration tool through the USB interface under the USB protocol, and the security configuration tool sends an SCSI command to the intelligent password key
S113, the security configuration tool receives a return result of the SCSI instruction sent by the intelligent password key, judges whether the intelligent password key is legal or not according to the return result of the SCSI instruction, and if not, quits and generates a log.
After the security configuration tool sends the SCSI instruction to the intelligent password key, the security configuration tool receives a return result which is sent by the intelligent password key and generated according to the SCSI instruction, whether the intelligent password key is legal or not is judged according to the return result, when the intelligent password key is legal, the intelligent password key enters S120, when the intelligent password key is not legal, the intelligent password key exits and generates a log through the intelligent password key, a storage unit of the intelligent password key can record when and where illegal sequence tag data cannot be successfully matched, and the security is improved.
And S120, the security configuration tool carries out random number authentication with a legal intelligent password key through a SCSI instruction to generate a hardware random number, and generates a factor of an SM4 shared key according to the hardware random number.
In one embodiment, after the security configuration tool is started, random number authentication is performed with a legal smart key through a SCSI command. For example, the SCSI (Small Computer System Interface) protocol may be applied to a Small Computer System Interface, and many electronic devices interact data with a Computer based on instructions of the SCSI protocol. The legal intelligent cipher key firstly generates a hardware random number by an internally packaged random number generating algorithm, and then calculates the hardware random number by a cipher key generating algorithm to obtain a factor of an SM4 shared cipher key. For example, the cryptographic SM4 algorithm is an iterative block cipher algorithm, and adopts an unbalanced Feistel structure, the block length is 128 bits, and the key length is 128 bits. The encryption algorithm adopts a 32-round nonlinear iteration structure, and the algorithm structures of the encryption algorithm and the decryption algorithm are the same. If the identity identification code of the legal intelligent cipher key passes the verification, the edge computing equipment of the intelligent pole divides the identity identification code into two parts, and respectively operates with the timestamp to obtain the sub-key and the vector of the SM4 key, wherein the sub-key and the vector of the SM4 key are the factors of the SM4 shared key.
S121, the intelligent cipher key and the security configuration tool respectively generate SM4 shared keys according to the factors of the SM4 shared keys.
The intelligent cipher key and the security configuration tool perform negotiation operation on the factors of the SM4 shared secret key to generate a secret key for encrypting the identity information, namely the SM4 shared secret key.
And S123, the security configuration tool sends the negotiation identifier to the intelligent cipher key through the SCSI instruction according to the SM4 shared key encryption negotiation identifier.
The security configuration tool encrypts the negotiation identifier according to the SM4 shared key, and then sends the encrypted negotiation identifier to the smart key for decryption through a SCSI instruction.
And S125, after the intelligent password key decrypts the negotiation identifier, judging whether the decrypted negotiation identifier is legal or not, and if not, quitting and generating a log.
After receiving the negotiation identifier sent by the security configuration tool, the intelligent password key decrypts the negotiation identifier, and when the decrypted negotiation identifier is legal, the intelligent password key enters S127, and when the decrypted negotiation identifier is not legal, the intelligent password key exits the security configuration process and generates a log to record the illegal negotiation identifier, so that the security is improved.
And S127, when the negotiation identifier is legal, establishing a transmission channel through an SM4 cryptographic algorithm according to the SM4 shared key.
And when the intelligent cipher key judges that the decrypted negotiation identifier is legal, establishing a legal and effective transmission channel with the security configuration tool and/or the intelligent rod through an SM4 cipher algorithm according to the SM4 shared key.
S130, the security configuration tool reads sequence label data of the intelligent rod through Ethernet according to the SM4 secret key sharing factor, and sends the sequence label data to the intelligent password key, and the intelligent password key matches the sequence label data and authorizes the sequence label data to be legal.
In one embodiment, the security configuration tool then reads the sequence tag data (SN) of the smart pole over ethernet according to the previously obtained factors of the SM4 shared key. For example, ethernet (Ethernet) is a local area network that performs media access control by using a carrier sense multiple access method with collision detection, and Ethernet mainly refers to a physical cable through which data is transmitted, while Wi-Fi refers to a network of wirelessly connected interconnected devices, and Ethernet is basically a cable, is a connection between a computer and the internet, is a wired connection, and can be connected to a computer interface of a smart bar through a USB interface of a smart key, and transmits sequence tag data to the smart key. And the intelligent password key matches the sequence tag data according to the built-in data information and authorizes the data to be legal.
S140, the security configuration tool encrypts the sequence label data with the heartbeat packet and sends the sequence label data to the intelligent password key through the SCSI instruction.
In one embodiment, after the smart key matches the sequence tag data according to the built-in data and authorizes the data to be legal, the security configuration tool encrypts the sequence tag data with the heartbeat packet and sends the sequence tag data with the heartbeat packet to the smart key through a SCSI command. For example, the heartbeat packet has a time unit of second, minute or hour, the smart pole may include a smart pole edge calculation unit or a smart pole gateway, and the smart pole may further include other electronic devices with computing capabilities. The time unit of the heartbeat packet is dynamically adjusted according to the program content metadata of the playing unit connected with the intelligent pole edge calculating unit or the intelligent pole gateway, for example, the program content metadata is related to traffic accidents, the time unit of the heartbeat packet can be seconds, for example, the program content metadata is related to traffic congestion, the time unit of the heartbeat packet can be minutes, for example, the program content metadata is related to weather forecast, and the time unit of the heartbeat packet can be hours, so that the flexibility and the instantaneity are effectively increased.
S150, after the sequence tag data with the heartbeat packet are decrypted by the intelligent password key, judging whether the sequence tag data with the heartbeat packet are legal or not, if not, quitting and generating a log;
after receiving the sequence tag data with the heartbeat packet, the intelligent password key decrypts the sequence tag data with the heartbeat packet, further judges whether the sequence tag data with the heartbeat packet is legal, for example, judges whether the sequence tag data is legal by the built-in data of the intelligent password key, when the sequence tag data is legal, the intelligent password key enters S160, and when the sequence tag data is not legal, the security configuration method exits and the intelligent password key generates a log, for example, a storage unit of the intelligent password key can record when and where the illegal sequence tag data cannot be successfully matched, so that the security is improved.
And S151, when the sequence tag data with the heartbeat packet is legal, the safety configuration tool starts a normal configuration mode of the intelligent rod.
And when the intelligent password key decrypts the sequence label data with the heartbeat packet and judges that the sequence label data is legal and effective, the normal configuration mode of the intelligent rod for the intelligent password key is started by the security configuration tool.
And S160, when the sequence label data with the heartbeat package is legal and authorizes the intelligent password key, the intelligent pole enters a normal configuration mode, and the security configuration tool generates an authority certificate and sends the authority certificate to the platform end and the intelligent pole.
In one embodiment, when the storage unit of the smart key matches the sequence tag data with the heartbeat packet as legal, and then obtains authorization, the smart pole edge calculation unit of the smart pole and the smart pole gateway enter a normal matching mode. For example, the authority certificate generated by the security configuration tool is a digital certificate, and adopts an asymmetric cryptosystem. The file is a file which is issued by a certificate authority and contains user identity information, a public key and a digital signature of the certificate authority. The digital certificate is valid only for a certain period of time. The encryption technology taking the digital certificate as the core can encrypt and decrypt, digitally sign and verify the information transmitted on the network, thereby ensuring the confidentiality, the integrity and the non-repudiation of the transmitted information. The security configuration tool sends the authority certificate to the platform end in an HTTPS (Hypertext Transfer Protocol security, HTTP channel targeting security, and security of the transmission process is guaranteed by transmission encryption and identity authentication on the basis of HTTP) mode, so as to increase security. In addition, the security configuration method provided by the invention conforms to the service scenes of the intelligent pole, the platform end, the security configuration tool and the intelligent password key, and private data can be configured and modified on line without authorization. The behavior in the configuration process is not marked, and the follow-up audit cannot be traced. All configuration information can be modified at will, convenience is improved, configuration is safer and more reliable, and observability is stronger.
Referring to fig. 1, fig. 2 and fig. 3, fig. 3 is a block diagram illustrating a security configuration system of a smart pole according to the present application.
A security configuration system for a smart pole, the security configuration system 300 comprising:
a start module 310, configured to control the smart key to start the security configuration tool;
a first generating module 320, configured to control the security configuration tool to perform random number authentication with a valid smart key through an SCSI command, generate a hardware random number, and generate a factor of an SM4 shared key according to the hardware random number;
a reading module 330, configured to control the security configuration tool to read, through an ethernet network, sequence tag data of a smart pole according to the SM4 shared key factor, and send the sequence tag data to the smart key, where the smart key matches and authorizes the sequence tag data to be legitimate;
a first sending module 340, configured to control the security configuration tool to encrypt sequence tag data with a heartbeat packet, and send the sequence tag data to the smart key via the SCSI command;
the first decryption module 350 is configured to control the smart key to decrypt the sequence tag data with the heartbeat packet, determine whether the sequence tag data with the heartbeat packet is legal, and exit and generate a log when the sequence tag data is illegal;
and the authorization module 360 is used for controlling the intelligent pole to enter a normal configuration mode after the sequence tag data with the heartbeat packet is legal and authorizes the intelligent password key, and the security configuration tool generates an authority certificate and sends the authority certificate to the platform end and the intelligent pole.
In one embodiment, the security configuration system comprises:
the second sending module is used for controlling the security configuration tool to send the SCSI instruction to the intelligent password key;
and the receiving module is used for controlling the security configuration tool to receive a returned result of the SCSI instruction sent by the intelligent password key, judging whether the intelligent password key is legal or not according to the returned result of the SCSI instruction, and quitting and generating a log when the intelligent password key is illegal.
In one embodiment, the security configuration system comprises:
a second generation module, configured to control the smart cryptographic key and the security configuration tool to generate an SM4 shared key according to the factors of the SM4 shared key, respectively;
the encryption module is used for controlling the security configuration tool to encrypt a negotiation identifier according to the SM4 shared key and sending the negotiation identifier to the intelligent password key through the SCSI instruction;
the second decryption module is used for controlling the intelligent password key to decrypt the negotiation identifier, judging whether the decrypted negotiation identifier is legal or not, and quitting and generating a log when the negotiation identifier is illegal;
and the establishing module is used for controlling the establishment of a transmission channel through an SM4 cryptographic algorithm according to the SM4 shared secret key when the negotiation identifier is legal.
In one embodiment, the security configuration system comprises:
and the opening module is used for controlling the safety configuration tool to open the normal configuration mode of the intelligent rod when the sequence tag data with the heartbeat packet is legal.
In one embodiment, the time unit of the heartbeat packet is second, minute or time; the intelligent pole comprises an intelligent pole edge computing unit or an intelligent pole gateway, and the time unit of the heartbeat package is dynamically adjusted according to the program content metadata of a playing unit connected with the intelligent pole edge computing unit or the intelligent pole gateway.
The embodiment of the invention also provides computer equipment which comprises a memory, a processor and a computer program which is stored on the memory and can run on the processor, wherein the processor realizes the safety configuration method of the intelligent pole when executing the computer program.
Embodiments of the present invention also provide a computer-readable storage medium storing a computer program for executing the above-described security configuration method of the smart stick, which will be apparent to those skilled in the art, and embodiments of the present invention may be provided as a method, an apparatus, or a computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention has been described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (which may also be systems or devices), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
The above description is only for the specific embodiments of the present application, but the scope of the present application is not limited thereto, and any changes or substitutions that can be easily conceived by those skilled in the art within the technical scope of the present application should be covered within the scope of the present application. Therefore, the protection scope of the present application shall be subject to the appended claims.
Claims (10)
1. A security configuration method for a smart pole, the security configuration method comprising:
starting a security configuration tool by the smart key;
the security configuration tool carries out random number authentication with a legal intelligent cipher key through an SCSI instruction to generate a hardware random number, and generates a factor of an SM4 shared secret key according to the hardware random number;
the security configuration tool reads sequence tag data of the intelligent pole through Ethernet according to the SM4 secret key sharing factor, and sends the sequence tag data to the intelligent password key, and the intelligent password key matches the sequence tag data and authorizes the sequence tag data to be legal;
the security configuration tool encrypts sequence label data with a heartbeat packet and sends the sequence label data to the intelligent password key through the SCSI instruction;
after the intelligent password key decrypts the sequence label data with the heartbeat packet, judging whether the sequence label data with the heartbeat packet is legal or not, if not, quitting and generating a log;
and when the sequence label data with the heartbeat packet is legal and authorizes the intelligent password key, the intelligent rod enters a normal configuration mode, and the security configuration tool generates an authority certificate and sends the authority certificate to the platform end and the intelligent rod.
2. The security configuration method of claim 1, wherein after the security configuration tool is activated by the smart key, the security configuration method comprises:
the security configuration tool sends the SCSI instruction to the intelligent password key;
and the security configuration tool receives a return result of the SCSI instruction sent by the intelligent password key, judges whether the intelligent password key is legal or not according to the return result of the SCSI instruction, and quits and generates a log if the intelligent password key is not legal.
3. The secure media propagation method of claim 1, wherein after the security configuration tool performs random number authentication with a legal smart key via SCSI commands to generate a hardware random number, and generates a factor of SM4 shared secret key according to the hardware random number, the security configuration method comprises:
the intelligent cryptographic key and the security configuration tool respectively generate SM4 shared keys according to the factors of the SM4 shared keys;
the security configuration tool encrypts a negotiation identifier according to the SM4 shared key and sends the negotiation identifier to the intelligent password key through the SCSI instruction;
after the intelligent password key decrypts the negotiation identifier, judging whether the decrypted negotiation identifier is legal or not, if not, quitting and generating a log;
and when the negotiation identifier is legal, establishing a transmission channel through an SM4 cryptographic algorithm according to the SM4 shared key.
4. The secure media propagation method of claim 1, wherein after determining whether the sequence tag data with heartbeat packets is legitimate, the secure configuration method comprises:
and when the sequence label data with the heartbeat package is legal, the safety configuration tool starts a normal configuration mode of the intelligent rod.
5. The secure media propagation method of claim 1, wherein the heartbeat packet has a time unit of seconds, minutes, or hours; the intelligent pole comprises an intelligent pole edge computing unit or an intelligent pole gateway, and the time unit of the heartbeat packet is dynamically adjusted according to the program content metadata of the playing unit connected with the intelligent pole edge computing unit or the intelligent pole gateway.
6. A security configuration system for a smart pole, the security configuration system comprising:
the starting module is used for controlling the intelligent password key to start the security configuration tool;
the first generation module is used for controlling the security configuration tool to carry out random number authentication with a legal intelligent cipher key through an SCSI instruction, generating a hardware random number and generating an SM4 shared secret key factor according to the hardware random number;
the reading module is used for controlling the security configuration tool to read the sequence tag data of the intelligent rod through the Ethernet according to the SM4 shared key factor and sending the sequence tag data to the intelligent password key, and the intelligent password key matches the sequence tag data and authorizes the sequence tag data to be legal;
the first sending module is used for controlling the security configuration tool to encrypt sequence label data with heartbeat packets and sending the sequence label data to the intelligent password key through the SCSI instruction;
the first decryption module is used for controlling the intelligent password key to decrypt the sequence label data with the heartbeat packet, judging whether the sequence label data with the heartbeat packet is legal or not, and quitting and generating a log when the sequence label data is illegal;
and the authorization module is used for controlling the intelligent pole to enter a normal configuration mode after the sequence tag data with the heartbeat packet is legal and authorizes the intelligent password key, and the safety configuration tool generates an authority certificate and sends the authority certificate to the platform end and the intelligent pole.
7. The security configuration system of claim 6, wherein the security configuration system comprises:
the second sending module is used for controlling the security configuration tool to send the SCSI instruction to the intelligent password key;
and the receiving module is used for controlling the security configuration tool to receive a returned result of the SCSI instruction sent by the intelligent password key, judging whether the intelligent password key is legal or not according to the returned result of the SCSI instruction, and quitting and generating a log when the intelligent password key is illegal.
8. The security configuration system of claim 6, wherein the security configuration system comprises:
a second generation module, configured to control the smart cryptographic key and the security configuration tool to generate an SM4 shared key according to the factors of the SM4 shared key, respectively;
the encryption module is used for controlling the security configuration tool to encrypt a negotiation identifier according to the SM4 shared key and sending the negotiation identifier to the intelligent password key through the SCSI instruction;
the second decryption module is used for controlling the intelligent password key to decrypt the negotiation identifier, judging whether the decrypted negotiation identifier is legal or not, and quitting and generating a log when the negotiation identifier is illegal;
and the establishing module is used for controlling the establishment of a transmission channel through an SM4 cryptographic algorithm according to the SM4 shared secret key when the negotiation identifier is legal.
9. The security configuration system of claim 6, wherein the security configuration system comprises:
and the starting module is used for controlling the security configuration tool to start the normal configuration mode of the intelligent rod when the sequence tag data with the heartbeat packet is legal.
10. The security configuration system of claim 6 wherein the heartbeat packet has a time unit of seconds, minutes or hours; the intelligent pole comprises an intelligent pole edge computing unit or an intelligent pole gateway, and the time unit of the heartbeat packet is dynamically adjusted according to the program content metadata of a playing unit connected with the intelligent pole edge computing unit or the intelligent pole gateway.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202211124024.9A CN115457687B (en) | 2022-09-15 | 2022-09-15 | Security configuration method and system for intelligent pole |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202211124024.9A CN115457687B (en) | 2022-09-15 | 2022-09-15 | Security configuration method and system for intelligent pole |
Publications (2)
Publication Number | Publication Date |
---|---|
CN115457687A true CN115457687A (en) | 2022-12-09 |
CN115457687B CN115457687B (en) | 2024-05-03 |
Family
ID=84305056
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202211124024.9A Active CN115457687B (en) | 2022-09-15 | 2022-09-15 | Security configuration method and system for intelligent pole |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN115457687B (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20230291549A1 (en) * | 2022-03-14 | 2023-09-14 | Vmware, Inc. | Securely sharing secret information through an unsecure channel |
Citations (25)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20010054357A (en) * | 1999-12-06 | 2001-07-02 | 한승조 | Method for controlling Universal Serial Bus security module using crypto-chip |
JP2005222211A (en) * | 2004-02-04 | 2005-08-18 | Seiko Instruments Inc | System for authenticating user |
CN103634114A (en) * | 2013-11-26 | 2014-03-12 | 广东数字证书认证中心有限公司 | Verifying method and system for intelligent secret key |
CN104346556A (en) * | 2014-09-26 | 2015-02-11 | 中国航天科工集团第二研究院七〇六所 | Hard disk security protection system based on wireless security certification |
CN105303093A (en) * | 2014-07-04 | 2016-02-03 | 上海交通大学深圳研究院 | Token verification method for cryptographic smart token |
US9683394B1 (en) * | 2015-08-12 | 2017-06-20 | C. Joseph Rickrode | Simplified system and method for secure shipment of high-value cargo |
US20170366980A1 (en) * | 2015-04-14 | 2017-12-21 | ETAK Systems, LLC | Unmanned aerial vehicles landing zones at cell sites |
CN108256745A (en) * | 2017-12-28 | 2018-07-06 | 广州建软科技股份有限公司 | A kind of metering design Life cycle managing and control system |
CN109361594A (en) * | 2018-11-21 | 2019-02-19 | 深圳奇迹智慧网络有限公司 | The gateway system and Multifunctional rod of Multifunctional rod |
DE202018103689U1 (en) * | 2018-06-28 | 2019-07-03 | Lightcase UG (haftungsbeschränkt) | Apparatus for holding small utensils and lighting means therefor |
CN110474898A (en) * | 2019-08-07 | 2019-11-19 | 北京明朝万达科技股份有限公司 | Data encrypting and deciphering and key location mode, device, equipment and readable storage medium storing program for executing |
CN111614621A (en) * | 2020-04-20 | 2020-09-01 | 深圳奇迹智慧网络有限公司 | Internet of things communication method and system |
CN112087417A (en) * | 2020-07-22 | 2020-12-15 | 深圳奇迹智慧网络有限公司 | Terminal authority control method and device, computer equipment and storage medium |
CN112102529A (en) * | 2020-09-25 | 2020-12-18 | 无锡职业技术学院 | Power facility protection system based on passive intelligent lock and execution process thereof |
CN112133003A (en) * | 2020-09-18 | 2020-12-25 | 深圳合创永安智能科技有限公司 | Multifunctional intelligent rod case and control method thereof |
CN212453872U (en) * | 2020-05-26 | 2021-02-02 | 中汽院智能网联科技有限公司 | Multifunctional rod integrated rod piece |
CN112866046A (en) * | 2019-11-27 | 2021-05-28 | 宇龙计算机通信科技(深圳)有限公司 | Software upgrading method and device for intelligent rod, storage medium and intelligent rod |
CN112910706A (en) * | 2021-02-02 | 2021-06-04 | 烽火通信科技股份有限公司 | Automatic configuration method, system, device and readable storage medium |
CN112996313A (en) * | 2021-02-07 | 2021-06-18 | 杭州佳服科技有限公司 | Modular intelligent electronic integrated box |
KR102278121B1 (en) * | 2021-01-01 | 2021-07-16 | 채령 | The combined smartpole with CPTED BOX and the Way to contract with muli-provider system of Smartpole CPTED BOX with a anti-crime CCTV, PA/AV broadcasting system, and the Way to broadcast municipal public relations and Health Management CCTV monitor for worker's disaster prevention and the Industrial Safety and Health Management CCTV monitor system with A.l. for worker's disaster prevention |
CN113359584A (en) * | 2021-05-07 | 2021-09-07 | 烽火通信科技股份有限公司 | Method and device for diagnosing state of intelligent pole equipment in offline mode |
WO2021183339A1 (en) * | 2020-03-09 | 2021-09-16 | Commscope Technologies Llc | Smart pole based incident detection and alerting system |
CN114495348A (en) * | 2022-01-13 | 2022-05-13 | 海之景科技集团有限公司 | Intelligent pole control system passes by way |
CN114650173A (en) * | 2022-03-16 | 2022-06-21 | 深圳奇迹智慧网络有限公司 | Encryption communication method and system |
CN114826659A (en) * | 2022-03-16 | 2022-07-29 | 深圳奇迹智慧网络有限公司 | Encryption communication method and system |
-
2022
- 2022-09-15 CN CN202211124024.9A patent/CN115457687B/en active Active
Patent Citations (25)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20010054357A (en) * | 1999-12-06 | 2001-07-02 | 한승조 | Method for controlling Universal Serial Bus security module using crypto-chip |
JP2005222211A (en) * | 2004-02-04 | 2005-08-18 | Seiko Instruments Inc | System for authenticating user |
CN103634114A (en) * | 2013-11-26 | 2014-03-12 | 广东数字证书认证中心有限公司 | Verifying method and system for intelligent secret key |
CN105303093A (en) * | 2014-07-04 | 2016-02-03 | 上海交通大学深圳研究院 | Token verification method for cryptographic smart token |
CN104346556A (en) * | 2014-09-26 | 2015-02-11 | 中国航天科工集团第二研究院七〇六所 | Hard disk security protection system based on wireless security certification |
US20170366980A1 (en) * | 2015-04-14 | 2017-12-21 | ETAK Systems, LLC | Unmanned aerial vehicles landing zones at cell sites |
US9683394B1 (en) * | 2015-08-12 | 2017-06-20 | C. Joseph Rickrode | Simplified system and method for secure shipment of high-value cargo |
CN108256745A (en) * | 2017-12-28 | 2018-07-06 | 广州建软科技股份有限公司 | A kind of metering design Life cycle managing and control system |
DE202018103689U1 (en) * | 2018-06-28 | 2019-07-03 | Lightcase UG (haftungsbeschränkt) | Apparatus for holding small utensils and lighting means therefor |
CN109361594A (en) * | 2018-11-21 | 2019-02-19 | 深圳奇迹智慧网络有限公司 | The gateway system and Multifunctional rod of Multifunctional rod |
CN110474898A (en) * | 2019-08-07 | 2019-11-19 | 北京明朝万达科技股份有限公司 | Data encrypting and deciphering and key location mode, device, equipment and readable storage medium storing program for executing |
CN112866046A (en) * | 2019-11-27 | 2021-05-28 | 宇龙计算机通信科技(深圳)有限公司 | Software upgrading method and device for intelligent rod, storage medium and intelligent rod |
WO2021183339A1 (en) * | 2020-03-09 | 2021-09-16 | Commscope Technologies Llc | Smart pole based incident detection and alerting system |
CN111614621A (en) * | 2020-04-20 | 2020-09-01 | 深圳奇迹智慧网络有限公司 | Internet of things communication method and system |
CN212453872U (en) * | 2020-05-26 | 2021-02-02 | 中汽院智能网联科技有限公司 | Multifunctional rod integrated rod piece |
CN112087417A (en) * | 2020-07-22 | 2020-12-15 | 深圳奇迹智慧网络有限公司 | Terminal authority control method and device, computer equipment and storage medium |
CN112133003A (en) * | 2020-09-18 | 2020-12-25 | 深圳合创永安智能科技有限公司 | Multifunctional intelligent rod case and control method thereof |
CN112102529A (en) * | 2020-09-25 | 2020-12-18 | 无锡职业技术学院 | Power facility protection system based on passive intelligent lock and execution process thereof |
KR102278121B1 (en) * | 2021-01-01 | 2021-07-16 | 채령 | The combined smartpole with CPTED BOX and the Way to contract with muli-provider system of Smartpole CPTED BOX with a anti-crime CCTV, PA/AV broadcasting system, and the Way to broadcast municipal public relations and Health Management CCTV monitor for worker's disaster prevention and the Industrial Safety and Health Management CCTV monitor system with A.l. for worker's disaster prevention |
CN112910706A (en) * | 2021-02-02 | 2021-06-04 | 烽火通信科技股份有限公司 | Automatic configuration method, system, device and readable storage medium |
CN112996313A (en) * | 2021-02-07 | 2021-06-18 | 杭州佳服科技有限公司 | Modular intelligent electronic integrated box |
CN113359584A (en) * | 2021-05-07 | 2021-09-07 | 烽火通信科技股份有限公司 | Method and device for diagnosing state of intelligent pole equipment in offline mode |
CN114495348A (en) * | 2022-01-13 | 2022-05-13 | 海之景科技集团有限公司 | Intelligent pole control system passes by way |
CN114650173A (en) * | 2022-03-16 | 2022-06-21 | 深圳奇迹智慧网络有限公司 | Encryption communication method and system |
CN114826659A (en) * | 2022-03-16 | 2022-07-29 | 深圳奇迹智慧网络有限公司 | Encryption communication method and system |
Non-Patent Citations (2)
Title |
---|
王黎;: "基于空间资源配置的城市智慧多功能杆研究", 智能建筑与智慧城市, no. 01 * |
邓其锋;张琨;: "关于物联网时代多功能杆塔建设模式的研究", 湖南邮电职业技术学院学报, no. 04 * |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20230291549A1 (en) * | 2022-03-14 | 2023-09-14 | Vmware, Inc. | Securely sharing secret information through an unsecure channel |
Also Published As
Publication number | Publication date |
---|---|
CN115457687B (en) | 2024-05-03 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109150835B (en) | Cloud data access method, device, equipment and computer readable storage medium | |
KR102689195B1 (en) | Method and device for realizing session identifier synchronization | |
CN105050081B (en) | Method, device and system for connecting network access device to wireless network access point | |
CN106571951B (en) | Audit log obtaining method, system and device | |
JP5860815B2 (en) | System and method for enforcing computer policy | |
TWI288552B (en) | Method for implementing new password and computer readable medium for performing the method | |
CN106878245B (en) | Graphic code information providing and obtaining method, device and terminal | |
CN108768963B (en) | Communication method and system of trusted application and secure element | |
CN107317677B (en) | Secret key storage and equipment identity authentication method and device | |
CN108243176B (en) | Data transmission method and device | |
JP2005102163A (en) | Equipment authentication system, server, method and program, terminal and storage medium | |
US20150113283A1 (en) | Protecting credentials against physical capture of a computing device | |
JP2012527141A (en) | Method for authenticating access to secured chip by test equipment | |
KR20200127258A (en) | Online authentication based on consensus | |
JPH11196084A (en) | Ciphering system | |
CN111401901B (en) | Authentication method and device of biological payment device, computer device and storage medium | |
JP2018500823A (en) | Device key protection | |
CN110868287A (en) | Authentication encryption ciphertext coding method, system, device and storage medium | |
JP4107420B2 (en) | Secure biometric authentication / identification method, biometric data input module and verification module | |
US20200136816A1 (en) | Authentication using asymmetric cryptography key pairs | |
CN109151823A (en) | The method and system of eSIM card authentication | |
CN109640175A (en) | A kind of block chain encipher-decipher method based on video file | |
CN112672342A (en) | Data transmission method, device, equipment, system and storage medium | |
CN109451504B (en) | Internet of things module authentication method and system | |
CN106656955A (en) | Communication method and system and user terminal |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |