CN116033415A - Reference station data transmission method and device, reference station, server and medium - Google Patents
Reference station data transmission method and device, reference station, server and medium Download PDFInfo
- Publication number
- CN116033415A CN116033415A CN202111250803.9A CN202111250803A CN116033415A CN 116033415 A CN116033415 A CN 116033415A CN 202111250803 A CN202111250803 A CN 202111250803A CN 116033415 A CN116033415 A CN 116033415A
- Authority
- CN
- China
- Prior art keywords
- reference station
- server
- data
- authentication
- target
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/70—Reducing energy consumption in communication networks in wireless communication networks
Abstract
The application discloses a reference station data transmission method, a reference station data transmission device, a reference station, a server and a medium, and belongs to the technical field of positioning. The reference station data transmission method comprises the following steps: authenticating the server; encrypting target reference station data to obtain encrypted data under the condition that a server passes reference station authentication; and sending the encrypted data to the server through the public network for decrypting the encrypted data by the server to obtain the target reference station data. The reference station data transmission method, the reference station data transmission device, the reference station, the server and the medium can safely transmit the reference station data on the public network.
Description
Technical Field
The application belongs to the technical field of positioning, and particularly relates to a reference station data transmission method, a reference station data transmission device, a reference station, a server and a medium.
Background
The reference station is a ground fixed observation station for continuously observing satellite navigation signals for a long time and transmitting observation data to a data center in real time or at fixed time by a communication facility.
In the related art, reference station data is transmitted to a data center through a private network. The safety of data transmission of the reference station can be ensured through the private network. However, private networks are costly and difficult to maintain, and therefore, how to securely transmit reference station data over public networks is a challenge.
Disclosure of Invention
The embodiment of the application aims to provide a reference station data transmission method, a reference station data transmission device, a reference station, a server and a medium, which can solve the problem that reference station data cannot be safely transmitted on a public network.
In a first aspect, an embodiment of the present application provides a reference station data transmission method, including:
authenticating the server;
encrypting target reference station data to obtain encrypted data under the condition that a server passes reference station authentication;
and sending the encrypted data to the server through the public network for decrypting the encrypted data by the server to obtain the target reference station data.
In a second aspect, an embodiment of the present application provides a reference station data transmission method, including:
transmitting a first authentication request to the reference station for the reference station to authenticate the server according to first authentication data, a first digital signature and a first digital certificate included in the first authentication request in response to the first authentication request;
receiving encrypted data transmitted by the reference station through the public network under the condition that the server passes the authentication of the reference station;
and decrypting the encrypted data to obtain the target reference station data.
In a third aspect, an embodiment of the present application provides a reference station data transmission apparatus, including:
The first authentication module is used for authenticating the server;
the encryption module is used for encrypting the target reference station data to obtain encrypted data under the condition that the server passes the reference station authentication;
and the first sending module is used for sending the encrypted data to the server through the public network so as to be used for decrypting the encrypted data by the server and obtaining the target reference station data.
In a fourth aspect, an embodiment of the present application provides a reference station data transmission apparatus, including:
a fifth transmitting module, configured to transmit a first authentication request to the reference station, for the reference station to authenticate the server according to first authentication data, a first digital signature, and a first digital certificate included in the first authentication request in response to the first authentication request;
a fifth receiving module for receiving the encrypted data transmitted from the reference station through the public network in case that the server passes the authentication of the reference station;
and the second decryption module is used for decrypting the encrypted data to obtain the target reference station data.
In a fifth aspect, embodiments of the present application provide a reference station comprising a processor, a memory and a program or instructions stored on the memory and executable on the processor, the program or instructions implementing the steps of the method according to the first aspect when executed by the processor.
In a sixth aspect, embodiments of the present application provide a server comprising a processor, a memory and a program or instructions stored on the memory and executable on the processor, the program or instructions implementing the steps of the method according to the second aspect when executed by the processor.
In a seventh aspect, embodiments of the present application provide a readable storage medium having stored thereon a program or instructions which, when executed by a processor, implement the steps of the method according to the first or second aspect.
In the embodiment of the application, on one hand, the reference station authenticates the server, and data is sent to the server only when the server is authenticated by the reference station; on the other hand, when the server passes the reference station authentication, the target reference station data is encrypted to obtain encrypted data, and the encrypted data is transmitted to the server via the public network. In this way, reference station data is not directly transmitted on the public network, and safe transmission of the reference station data on the public network can be ensured.
Drawings
Fig. 1 is a first flowchart of a reference station data transmission method according to an embodiment of the present application;
Fig. 2 is a schematic process diagram of a reference station authentication server provided in an embodiment of the present application;
FIG. 3 is a schematic diagram of a server authentication reference station provided in an embodiment of the present application;
FIG. 4 is a schematic diagram of a first process of mutual authentication provided by an embodiment of the present application;
FIG. 5 is a schematic diagram of a second process of mutual authentication provided by an embodiment of the present application;
FIG. 6 is a schematic diagram of a process for issuing a digital certificate of a reference station according to an embodiment of the present application;
fig. 7 is a schematic diagram of a process for transmitting data based on target ciphertext according to an embodiment of the present application;
fig. 8 is a schematic diagram of a process for transmitting data based on index information according to an embodiment of the present application;
fig. 9 is a second flowchart of a reference station data transmission method according to an embodiment of the present application;
FIG. 10 is a schematic diagram of an overall process of a reference station transmitting data to a server according to an embodiment of the present application;
fig. 11 is a schematic diagram of a first structure of a reference station data transmission device according to an embodiment of the present application;
fig. 12 is a schematic diagram of a second structure of the reference station data transmission device according to the embodiment of the present application;
FIG. 13 is a schematic diagram of a reference station provided in an embodiment of the present application;
fig. 14 is a schematic structural diagram of a server according to an embodiment of the present application.
Detailed Description
Technical solutions in the embodiments of the present application will be clearly described below with reference to the drawings in the embodiments of the present application, and it is apparent that the described embodiments are some embodiments of the present application, but not all embodiments. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments in the present application are within the scope of the protection of the present application.
The terms first, second and the like in the description and in the claims, are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged, as appropriate, such that embodiments of the present application may be implemented in sequences other than those illustrated or described herein, and that the objects identified by "first," "second," etc. are generally of a type and not limited to the number of objects, e.g., the first object may be one or more. Furthermore, in the description and claims, "and/or" means at least one of the connected objects, and the character "/", generally means that the associated object is an "or" relationship.
The reference station data transmission method, the reference station, the server and the medium provided by the embodiment of the application are described in detail below through specific embodiments and application scenes thereof with reference to the accompanying drawings.
Fig. 1 is a schematic flow chart of a first method for transmitting reference station data according to an embodiment of the present application. The reference station data transmission method may include:
s101: authenticating the server;
s102: encrypting target reference station data to obtain encrypted data under the condition that a server passes reference station authentication;
s103: and sending the encrypted data to the server through the public network for decrypting the encrypted data by the server to obtain the target reference station data.
The specific implementation of each of the above steps will be described in detail below.
It should be noted that, in the embodiments of the present application, the server is a server included in the data center.
In the embodiment of the application, on one hand, the reference station authenticates the server, and data is sent to the server only when the server is authenticated by the reference station; on the other hand, when the server passes the reference station authentication, the target reference station data is encrypted to obtain encrypted data, and the encrypted data is transmitted to the server via the public network. In this way, reference station data is not directly transmitted on the public network, and safe transmission of the reference station data on the public network can be ensured.
In some possible implementations of embodiments of the present application, S101 may include: receiving a first authentication request sent by a server, wherein the first authentication request comprises first authentication data, a first digital signature and a first digital certificate; responding to the first authentication request, and verifying whether the first digital certificate is a digital certificate corresponding to the server; verifying whether the first digital signature is a digital signature corresponding to the first authentication data when the first digital certificate is a digital certificate corresponding to the server; if the first digital signature is a digital signature corresponding to the first authentication data, it is verified whether the first authentication data is authentication data generated by the reference station, and if the first authentication data is authentication data generated by the reference station, it is indicated that the server is authenticated by the reference station.
The embodiment of the application is not limited to the manner in which the first digital certificate is verified as the digital certificate corresponding to the server, and any available manner may be applied to the embodiment of the application. For example, it is verified whether or not the address described in the first digital certificate is the address of the server, and if the address described in the digital certificate is the address of the server, it is determined that the first digital certificate is the digital certificate corresponding to the server. For another example, the reference station searches whether or not the digital certificate identical to the first digital certificate exists in the certificate manager, if the digital certificate identical to the first digital certificate exists in the certificate manager, verifies whether or not the issuing target corresponding to the digital certificate identical to the first digital certificate described in the certificate manager is a server, and determines that the first digital certificate is a digital certificate corresponding to the server when the issuing target corresponding to the digital certificate identical to the first digital certificate described in the certificate manager is a server.
The embodiment of the present application is not limited to the manner of verifying whether the first digital signature is the digital signature corresponding to the first authentication data, and any available manner may be applied to the embodiment of the present application. For example, the first digital signature is decrypted by using the server public key to obtain a first digest, the first authentication data is operated by using the hash function to obtain a second digest, and when the first digest and the second digest match, the first digital signature is represented as the digital signature corresponding to the first authentication data.
The embodiment of the present application is not limited to the manner in which the first authentication data is verified as being the authentication data generated by the reference station, and any available manner may be applied to the embodiment of the present application. For example, the first authentication data is calculated using a hash function to obtain a third digest, the authentication data generated by the reference station is calculated using a hash function to obtain a fourth digest, and when the third digest and the fourth digest match, it is indicated that the first authentication data is the authentication data generated by the reference station.
The authentication procedure of the reference station to the server is shown in fig. 2. Fig. 2 is a schematic process diagram of a reference station authentication server according to an embodiment of the present application.
In fig. 2, the server transmits a first authentication request to the reference station, the first authentication request including a first digital certificate DC1, a first digital signature S1, and first authentication data R1, sequentially authenticates DC1, S1, and R1, and then feeds back an authentication result to the server.
In some possible implementations of the embodiments of the present application, before S102, the reference station data transmission method provided by the embodiments of the present application further includes: sending a second authentication request to the server, wherein the second authentication request is used for the server to respond to the second authentication request and authenticate the reference station according to second authentication data, a second digital signature and a second digital certificate corresponding to the reference station, which are included in the second authentication request; and receiving an authentication result sent by the server for the reference station. Accordingly, S102 may include: and encrypting the target reference station data to obtain encrypted data when the authentication result indicates that the reference station passes the authentication of the server.
The server, in response to the second authentication request, authenticates the reference station according to second authentication data included in the second authentication request, the second digital signature, and a second digital certificate corresponding to the reference station, and may include: verifying whether the second digital certificate is a digital certificate corresponding to the reference station; if the second digital certificate is a digital certificate corresponding to the reference station, verifying whether the second digital signature is a digital signature corresponding to the second authentication data; if the second digital signature is a digital signature corresponding to the second authentication data, it is verified whether the second authentication data is the authentication data generated by the server, and if the second authentication data is the authentication data generated by the server, it indicates that the reference station is authenticated by the server.
The authentication process of the server to the reference station is similar to the authentication process of the reference station to the server, and the authentication process of the reference station to the server may be specifically referred to, which is not described herein in detail in the embodiment of the present application.
The authentication process of the server to the reference station is shown in fig. 3. Fig. 3 is a schematic diagram of a server authentication reference station according to an embodiment of the present application.
In fig. 3, the reference station transmits a second authentication request to the server, the second authentication request including a second digital certificate DC2, a second digital signature S2, and second authentication data R2, sequentially authenticates DC2, S2, and R2, and then feeds back an authentication result to the reference station.
In the embodiment of the application, when the reference station passes the server authentication, data is sent to the server, that is, after the reference station and the server complete the bidirectional authentication, the data is sent to the server. The method can avoid the situation that the illegal equipment sends illegal data to the server to cause the server to be attacked, the data in the server is damaged or stolen, and the safety of the data in the server is improved.
In some possible implementations of the embodiments of the present application, the authentication process of the server to the reference station and the authentication process of the reference station to the server may both be initiated by the server, i.e., after the server initiates an authentication request to the reference station, the reference station authenticates the server, and the server authenticates the reference station. The process of mutual authentication is shown in fig. 4. Fig. 4 is a schematic diagram of a first procedure of mutual authentication according to an embodiment of the present application.
In fig. 4, the server sends a two-way authentication request to the reference station; after receiving the bidirectional authentication request, the reference station generates first authentication data R1 and sends R1 to the server; after receiving the R1, the server generates second authentication data R2, generates a first digital signature S1 according to the R1, and then sends first digital certificates DC1, S1, R1 and R2 of the server to the reference station; after the reference station receives the first digital certificates DC1, S1, R1 and R2, the reference station verifies the DC1, S1 and R1, generates a second digital signature S2 according to the R2, and sends a verification result of the server and the second digital certificates DC2, S2 and R2 of the reference station to the server; after receiving DC2, S2 and R2, the server verifies DC2, S2 and R2, and sends the verification result of the reference station to the reference station.
In some possible implementations of the embodiments of the present application, the authentication process of the server to the reference station and the authentication process of the reference station to the server may also be initiated by the reference station, that is, when the reference station wants to send data to the server, the server authenticates the reference station after initiating the authentication request to the server, and the reference station authenticates the server again. The process of mutual authentication is shown in fig. 5. Fig. 5 is a schematic diagram of a second procedure of mutual authentication according to an embodiment of the present application.
In fig. 5, the reference station first generates first authentication data R1, and transmits a bidirectional authentication request including R1 to the server; after receiving the bidirectional verification request, the server generates second authentication data R2, generates a first digital signature S1 according to R1, and then sends first digital certificates DC1, S1, R1 and R2 of the server to the reference station; after the reference station receives the first digital certificates DC1, S1, R1 and R2, the reference station verifies the DC1, S1 and R1, generates a second digital signature S2 according to the R2, and sends a verification result of the server and the second digital certificates DC2, S2 and R2 of the reference station to the server; after receiving DC2, S2 and R2, the server verifies DC2, S2 and R2, and sends the verification result of the reference station to the reference station.
In some possible implementations of the embodiments of the present application, before the reference station sends the second authentication request to the server, the reference station data transmission method provided by the embodiments of the present application further includes: receiving a file request sent by a server, wherein the file request is used for requesting a certificate request file (Certificate Signing Request, CSR) corresponding to a reference station; responding to the file request, and generating a certificate request file; sending a certificate request file to a server, wherein the certificate request file is used for requesting a second digital certificate corresponding to the reference station based on the certificate request file by the server; and receiving the second digital certificate sent by the server.
The certificate request file CSR is also generated by the encryption service provider (Cryptographic Service Provider, CSP) at the time of application of the digital certificate by the reference station, and the certificate public key file, namely the certificate issued to the reference station, is generated by the CA using the private key signature of the root certificate of the reference station as long as the reference station submits the CSR file to the certificate issuing authority (Certificate Authority, CA).
In the embodiment of the application, the reference station does not directly communicate with the CA, and the issuing of the digital certificate is completed through the server.
The process by which the reference station obtains its digital certificate is shown in fig. 6. Fig. 6 is a schematic diagram of a process for issuing a digital certificate of a reference station according to an embodiment of the present application.
In fig. 6, the server transmits a file request for requesting the CSR corresponding to the reference station; after receiving the file request, the reference station generates a CSR and sends the CSR to the server; after receiving the CSR, the server sends the CSR to a CA, and the CA generates a reference station digital certificate based on the CSR and feeds back the digital certificate to the server; after receiving the digital certificate, the server sends the digital certificate to a reference station; the reference station stores the digital certificate.
In some possible implementations of the embodiments of the present application, before S102, the reference station data transmission method provided by the embodiments of the present application may further include: receiving a target ciphertext sent by a server; and decrypting the target ciphertext to obtain a target key corresponding to the target ciphertext. Accordingly, S102 may include: and encrypting the target reference station data by using the target key to obtain encrypted data.
The data transmission process based on the target ciphertext is shown in fig. 7. Fig. 7 is a schematic diagram of a process for transmitting data based on target ciphertext according to an embodiment of the present application.
In fig. 7, the server transmits ciphertext DK' corresponding to key DK to the reference station; after receiving the DK ', the reference station firstly decrypts the DK' to obtain DK, then encrypts target reference station data by using the DK to obtain encrypted data, and sends the encrypted data to the server; after receiving the encrypted data, the server decrypts the encrypted data to obtain the target reference station data.
In some possible implementations of the embodiments of the present application, before decrypting the target ciphertext to obtain the target key corresponding to the target ciphertext, the reference station data transmission method provided by the embodiments of the present application may further include: and receiving index information of the target ciphertext transmitted by the server, wherein the index information is used for searching the target ciphertext by the server. After S103, the reference station data transmission method provided in the embodiment of the present application may further include: and sending index information corresponding to the target ciphertext to the server, so that the server can find the target ciphertext corresponding to the index information according to the index information, and decrypting the encrypted data by utilizing a target key corresponding to the target ciphertext to obtain the target reference station data.
The data transmission process based on the index information is shown in fig. 8. Fig. 8 is a schematic diagram of a process for transmitting data based on index information according to an embodiment of the present application.
In fig. 8, the server transmits ciphertext DK' and index information corresponding to key DK to the reference station; after receiving the DK ', the reference station firstly decrypts the DK' to obtain DK, then encrypts target reference station data by using the DK to obtain encrypted data, and sends the encrypted data and index information to the server; after receiving the encrypted data and the index information, the server searches DK based on the index information, and then decrypts the encrypted data by using the DK to obtain the target reference station data.
Fig. 9 is a second flowchart of a reference station data transmission method according to an embodiment of the present application. The reference station data transmission method may include:
s901: transmitting a first authentication request to the reference station for the reference station to authenticate the server according to first authentication data, a first digital signature and a first digital certificate included in the first authentication request in response to the first authentication request;
s902: receiving encrypted data transmitted by the reference station through the public network under the condition that the server passes the authentication of the reference station;
S903: and decrypting the encrypted data to obtain the target reference station data.
The authentication process of the reference station to the server may refer specifically to the process of the reference station authenticating the server shown in fig. 2, which is not described herein in detail in the embodiment of the present application.
In the embodiment of the application, on one hand, the reference station authenticates the server, and data is sent to the server only when the server is authenticated by the reference station; on the other hand, when the server passes the reference station authentication, the target reference station data is encrypted to obtain encrypted data, and the encrypted data is transmitted to the server via the public network. In this way, reference station data is not directly transmitted on the public network, and safe transmission of the reference station data on the public network can be ensured.
In some possible implementations of the embodiments of the present application, before S902, the reference station data transmission method provided by the embodiments of the present application may further include: receiving a second authentication request sent by the reference station, wherein the second authentication request comprises second authentication data, a second digital signature and a second digital certificate; in response to the second authentication request, authenticating the reference station according to the second authentication data, the second digital signature and the second digital certificate; transmitting an authentication result for the reference station to the reference station, and accordingly, S902 may include: in the case where the authentication result indicates that the reference station is authenticated by the server, the encrypted data transmitted by the reference station is received through the public network.
In some possible implementations of embodiments of the present application, authenticating the reference station based on the second authentication data, the second digital signature, and the second digital certificate may include: verifying whether the second digital certificate is a digital certificate corresponding to the reference station; if the second digital certificate is a digital certificate corresponding to the reference station, verifying whether the second digital signature is a digital signature corresponding to the second authentication data; if the second digital signature is a digital signature corresponding to the second authentication data, it is verified whether the second authentication data is the authentication data generated by the server, and if the second authentication data is the authentication data generated by the server, it indicates that the reference station is authenticated by the server.
The authentication process of the server to the reference station may refer specifically to the process of the server to authenticate the reference station shown in fig. 3, which is not described herein in detail in this embodiment of the present application.
In some possible implementations of the embodiments of the present application, before receiving the second authentication request sent by the reference station, the reference station data transmission method provided by the embodiments of the present application may further include: sending a file request to a reference station, wherein the file request is used for requesting a certificate request file corresponding to the reference station; receiving a certificate request file sent by a reference station; requesting a digital certificate corresponding to the reference station according to the certificate request file; and sending the digital certificate corresponding to the reference station.
The process of obtaining the digital certificate by the reference station may refer specifically to the process of issuing the digital certificate by the reference station shown in fig. 6, which is not described herein in detail in the embodiment of the present application.
In some possible implementations of the embodiments of the present application, before S902, the reference station data transmission method provided by the embodiments of the present application may further include: and sending the target ciphertext to the reference station, so that the reference station encrypts the target reference station data by utilizing a target key corresponding to the target ciphertext to obtain encrypted data. Accordingly, S903 may include: and decrypting the encrypted data by using the target key to obtain the target reference station data.
The data transmission process based on the target ciphertext may specifically refer to the process of transmitting data based on the target ciphertext shown in fig. 7, which is not described herein in detail in the embodiment of the present application.
In some possible implementations of the embodiments of the present application, before S902, the reference station data transmission method provided by the embodiments of the present application may further include: and sending index information corresponding to the target ciphertext to the reference station. After S902, the reference station data transmission method provided in the embodiment of the present application further includes: receiving index information sent by a reference station; searching a target ciphertext corresponding to the index information according to the index information; and determining a target key corresponding to the target ciphertext according to the target ciphertext.
The data transmission process based on the target ciphertext may specifically refer to the process of transmitting data based on the index information shown in fig. 8, which is not described herein in detail in the embodiment of the present application.
Fig. 10 is a schematic diagram of an overall process of transmitting data from a reference station to a server according to an embodiment of the present application.
In fig. 10, a server transmits a file request for requesting a CSR corresponding to a reference station to the reference station; after receiving the file request, the reference station generates a CSR and sends the CSR to the server; after receiving the CSR, the server sends the CSR to a CA, and the CA generates a reference station digital certificate DC2 based on the CSR and feeds back the digital certificate DC2 to the server; after receiving the digital certificate DC2, the server sends the digital certificate DC2 to a reference station; the reference station stores the digital certificate DC2.
The server sends a bidirectional authentication request to the reference station; after receiving the bidirectional authentication request, the reference station generates first authentication data R1 and sends R1 to the server; after receiving the R1, the server generates second authentication data R2, generates a first digital signature S1 according to the R1, and then sends first digital certificates DC1, S1, R1 and R2 of the server to the reference station; after the reference station receives the first digital certificates DC1, S1, R1 and R2, verifying the DC1, S1 and R1, generating a second digital signature S2 according to the R2, and sending a verification result of the server, DC2, S2 and R2 to the server; after receiving DC2, S2 and R2, the server verifies DC2, S2 and R2, and sends the verification result of the reference station to the reference station.
The server sends ciphertext DK' corresponding to the key DK and index information to the reference station; after receiving the DK ', the reference station firstly decrypts the DK' to obtain DK, then encrypts target reference station data by using the DK to obtain encrypted data, and sends the encrypted data and index information to the server; after receiving the encrypted data and the index information, the server searches DK based on the index information, and then decrypts the encrypted data by using the DK to obtain the target reference station data.
It should be noted that, in the reference station data transmission method provided in the embodiment of the present application, the execution body may be a reference station data transmission device, or a control module in the reference station data transmission device for executing the reference station data transmission method. In the embodiment of the present application, a reference station data transmission device executes a reference station data transmission method as an example, and the reference station data transmission device provided in the embodiment of the present application is described.
Fig. 11 is a schematic diagram of a first structure of a reference station data transmission device according to an embodiment of the present application. The reference station data transmission apparatus 1100 may include:
a first authentication module 1101, configured to authenticate a server;
an encryption module 1102, configured to encrypt target reference station data to obtain encrypted data when the server passes the reference station authentication;
The first sending module 1103 is configured to send the encrypted data to the server through the public network, so that the server decrypts the encrypted data to obtain the target reference station data.
In the embodiment of the application, on one hand, the reference station authenticates the server, and data is sent to the server only when the server is authenticated by the reference station; on the other hand, when the server passes the reference station authentication, the target reference station data is encrypted to obtain encrypted data, and the encrypted data is transmitted to the server via the public network. In this way, reference station data is not directly transmitted on the public network, and safe transmission of the reference station data on the public network can be ensured.
In some possible implementations of embodiments of the present application, the first authentication module 1101 is specifically configured to:
receiving a first authentication request sent by a server, wherein the first authentication request comprises first authentication data, a first digital signature and a first digital certificate;
responding to the first authentication request, and verifying whether the first digital certificate is a digital certificate corresponding to the server;
verifying whether the first digital signature is a digital signature corresponding to the first authentication data when the first digital certificate is a digital certificate corresponding to the server;
If the first digital signature is a digital signature corresponding to the first authentication data, it is verified whether the first authentication data is authentication data generated by the reference station, and if the first authentication data is authentication data generated by the reference station, it is indicated that the server is authenticated by the reference station.
In some possible implementations of embodiments of the present application, the reference station data transmission apparatus 1100 further includes:
the second sending module is used for sending a second authentication request to the server, and the server is used for responding to the second authentication request and authenticating the reference station according to second authentication data, a second digital signature and a second digital certificate corresponding to the reference station, which are included in the second authentication request;
the first receiving module is used for receiving an authentication result sent by the server for the reference station;
accordingly, the encryption module 1102 is specifically configured to:
and encrypting the target reference station data to obtain encrypted data when the authentication result indicates that the reference station passes the authentication of the server.
In some possible implementations of embodiments of the present application, the reference station data transmission apparatus 1100 further includes:
the second receiving module is used for receiving a file request sent by the server, wherein the file request is used for requesting a certificate request file corresponding to the reference station;
The first generation module is used for responding to the file request and generating a certificate request file;
the third sending module is used for sending a certificate request file to the server, so that the server requests a second digital certificate corresponding to the reference station based on the certificate request file;
and the third receiving module is used for receiving the second digital certificate sent by the server.
In some possible implementations of embodiments of the present application, the reference station data transmission apparatus 1100 further includes:
the fourth receiving module is used for receiving the target ciphertext sent by the server;
the first decryption module is used for decrypting the target ciphertext to obtain a target key corresponding to the target ciphertext;
accordingly, the encryption module 1102 is specifically configured to:
and encrypting the target reference station data by using the target key to obtain encrypted data.
In some possible implementations of embodiments of the present application, the reference station data transmission apparatus 1100 further includes:
and the fourth sending module is used for sending index information corresponding to the target ciphertext to the server, searching the target ciphertext corresponding to the index information according to the index information by the server, and decrypting the encrypted data by utilizing a target key corresponding to the target ciphertext to obtain the target reference station data.
The reference station data transmission device in the embodiment of the application may be a device, or may be a component, an integrated circuit, or a chip in a terminal.
The reference station data transmission device in the embodiment of the present application may be a device having an operating system. The operating system may be an Android operating system, an iOS operating system, or other possible operating systems, which are not specifically limited in the embodiments of the present application.
The reference station data transmission device provided in the embodiment of the present application can implement each process in the embodiment of the reference station data transmission method in fig. 1 to 8, and in order to avoid repetition, a description is omitted here.
Fig. 12 is a schematic diagram of a second structure of the reference station data transmission device according to the embodiment of the present application. The reference station data transmission apparatus 1200 may include:
a fifth transmitting module 1201, configured to transmit a first authentication request to the reference station, for the reference station to authenticate the server according to the first authentication data, the first digital signature, and the first digital certificate included in the first authentication request in response to the first authentication request;
a fifth receiving module 1202, configured to receive, through a public network, encrypted data sent by a reference station in a case where the server passes authentication of the reference station;
The second decryption module 1203 is configured to decrypt the encrypted data to obtain the target reference station data.
In the embodiment of the application, on one hand, the reference station authenticates the server, and data is sent to the server only when the server is authenticated by the reference station; on the other hand, when the server passes the reference station authentication, the target reference station data is encrypted to obtain encrypted data, and the encrypted data is transmitted to the server via the public network. In this way, reference station data is not directly transmitted on the public network, and safe transmission of the reference station data on the public network can be ensured.
In some possible implementations of embodiments of the present application, the reference station data transmission apparatus 1200 further includes:
a sixth receiving module, configured to receive a second authentication request sent by the reference station, where the second authentication request includes second authentication data, a second digital signature, and a second digital certificate;
the second authentication module is used for responding to a second authentication request and authenticating the reference station according to second authentication data, a second digital signature and a second digital certificate;
a sixth transmitting module configured to transmit an authentication result for the reference station to the reference station;
Accordingly, the fifth receiving module 1202 is specifically configured to:
in the case where the authentication result indicates that the reference station is authenticated by the server, the encrypted data transmitted by the reference station is received through the public network.
In some possible implementations of embodiments of the present application, the second authentication module is specifically configured to:
verifying whether the second digital certificate is a digital certificate corresponding to the reference station;
if the second digital certificate is a digital certificate corresponding to the reference station, verifying whether the second digital signature is a digital signature corresponding to the second authentication data;
if the second digital signature is a digital signature corresponding to the second authentication data, it is verified whether the second authentication data is the authentication data generated by the server, and if the second authentication data is the authentication data generated by the server, it indicates that the reference station is authenticated by the server.
In some possible implementations of embodiments of the present application, the reference station data transmission apparatus 1200 further includes:
a seventh sending module, configured to send a file request to the reference station, where the file request is used to request a certificate request file corresponding to the reference station;
a seventh receiving module, configured to receive a certificate request file sent by the reference station;
The request module is used for requesting the digital certificate corresponding to the reference station according to the certificate request file;
and the eighth sending module is used for sending the digital certificate corresponding to the reference station.
In some possible implementations of embodiments of the present application, the reference station data transmission apparatus 1200 further includes:
a ninth sending module, configured to send a target ciphertext to the reference station, so that the reference station encrypts target reference station data by using a target key corresponding to the target ciphertext to obtain encrypted data;
accordingly, the second decryption module 1203 is specifically configured to:
and decrypting the encrypted data by using the target key to obtain the target reference station data.
In some possible implementations of embodiments of the present application, the reference station data transmission apparatus 1200 further includes:
a tenth sending module, configured to send index information corresponding to the target ciphertext to the reference station;
an eighth receiving module, configured to receive index information sent by the reference station;
the searching module is used for searching the target ciphertext corresponding to the index information according to the index information;
and the determining module is used for determining a target key corresponding to the target ciphertext according to the target ciphertext.
The reference station data transmission device in the embodiment of the application may be a device, or may be a component, an integrated circuit, or a chip in a terminal.
The reference station data transmission device in the embodiment of the present application may be a device having an operating system. The operating system may be an Android operating system, an iOS operating system, or other possible operating systems, which is not specifically limited in the embodiments of the present application.
The reference station data transmission device provided in the embodiment of the present application can implement each process in the embodiment of the reference station data transmission method of fig. 9, and in order to avoid repetition, a description is omitted here.
Optionally, as shown in fig. 13, the embodiment of the present application further provides a reference station 1300, including a processor 1301, a memory 1302, and a program or an instruction stored in the memory 1302 and capable of being executed on the processor 1301, where the program or the instruction implements each process of the embodiment of the data transmission method of the reference station of fig. 1 to fig. 8, and the same technical effects can be achieved, and for avoiding repetition, a description is omitted herein.
In some possible implementations of embodiments of the present application, processor 1301 may include a Central Processing Unit (CPU), or an application specific integrated circuit (Application Specific Integrated Circuit, ASIC), or may be configured to implement one or more integrated circuits of embodiments of the present application.
In some possible implementations of embodiments of the present application, memory 1302 may include Read-Only Memory (ROM), random-access Memory (Random Access Memory, RAM), magnetic disk storage media devices, optical storage media devices, flash Memory devices, electrical, optical, or other physical/tangible Memory storage devices. Thus, in general, the memory 1302 includes one or more tangible (non-transitory) computer-readable storage media (e.g., memory devices) encoded with software comprising computer-executable instructions and when the software is executed (e.g., by one or more processors) it is operable to perform the operations described with reference to the reference station data transmission method of fig. 1-8 in accordance with embodiments of the present application.
As shown in fig. 14, the embodiment of the present application further provides a server 1400, which includes a processor 1401, a memory 1402, and a program or an instruction stored in the memory 1402 and capable of being executed on the processor 1401, where the program or the instruction implements each process of the embodiment of the reference station data transmission method of the above 9 when executed by the processor 1401, and the same technical effects can be achieved, and for avoiding repetition, a description is omitted herein.
In some possible implementations of embodiments of the present application, the processor 1401 may include a CPU, or ASIC, or may be configured to implement one or more integrated circuits of embodiments of the present application.
In some possible implementations of embodiments of the present application, memory 1402 may include ROM, RAM, magnetic disk storage media devices, optical storage media devices, flash memory devices, electrical, optical, or other physical/tangible memory storage devices. Thus, in general, memory 1402 includes one or more tangible (non-transitory) computer-readable storage media (e.g., memory devices) encoded with software comprising computer-executable instructions and when the software is executed (e.g., by one or more processors) it is operable to perform the operations described with reference to the reference station data transmission method of fig. 9 in accordance with embodiments of the present application.
The embodiment of the present application further provides a readable storage medium, on which a program or an instruction is stored, where the program or the instruction, when executed by a processor, implements each process of the embodiments of the reference station data transmission method of fig. 1 to 10, and can achieve the same technical effects, so that repetition is avoided, and no redundant description is provided herein.
Wherein the processor is the processor in the reference station or the server in the above embodiments. The readable storage medium includes a computer readable storage medium, and examples of the computer readable storage medium include a non-transitory computer readable storage medium such as ROM, RAM, magnetic disk, or optical disk.
The embodiment of the present application further provides a chip, including a processor and a communication interface, where the communication interface is coupled to the processor, and the processor is configured to execute a program or an instruction, to implement each process of the embodiments of the reference station data transmission method of fig. 1 to fig. 10, and achieve the same technical effects, so that repetition is avoided, and no redundant description is provided herein.
It should be understood that the chips referred to in the embodiments of the present application may also be referred to as system-on-chip chips, chip systems, or system-on-chip chips, etc.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element. Furthermore, it should be noted that the scope of the methods and apparatus in the embodiments of the present application is not limited to performing the functions in the order shown or discussed, but may also include performing the functions in a substantially simultaneous manner or in an opposite order depending on the functions involved, e.g., the described methods may be performed in an order different from that described, and various steps may also be added, omitted, or combined. Additionally, features described with reference to certain examples may be combined in other examples.
From the above description of the embodiments, it will be clear to those skilled in the art that the above-described embodiment method may be implemented by means of software plus a necessary general hardware platform, but of course may also be implemented by means of hardware, but in many cases the former is a preferred embodiment. Based on such understanding, the technical solution of the present application may be embodied essentially or in a part contributing to the related art in the form of a computer software product stored in a storage medium (such as ROM/RAM, magnetic disk, optical disk), including several instructions for causing a terminal (which may be a mobile phone, a computer, a server, or a network device, etc.) to perform the method described in the embodiments of the present application.
The embodiments of the present application have been described above with reference to the accompanying drawings, but the present application is not limited to the above-described embodiments, which are merely illustrative and not restrictive, and many forms may be made by those of ordinary skill in the art without departing from the spirit of the present application and the scope of the claims, which are also within the protection of the present application.
Claims (17)
1. A method of reference station data transmission, the method comprising:
authenticating the server;
encrypting target reference station data to obtain encrypted data under the condition that the server passes the reference station authentication;
and sending the encrypted data to the server through a public network so as to be used for decrypting the encrypted data by the server to obtain the target reference station data.
2. The method of claim 1, wherein authenticating the server comprises:
receiving a first authentication request sent by the server, wherein the first authentication request comprises first authentication data, a first digital signature and a first digital certificate;
responding to the first authentication request, and verifying whether the first digital certificate is a digital certificate corresponding to the server;
verifying whether the first digital signature is a digital signature corresponding to the first authentication data when the first digital certificate is a digital certificate corresponding to the server;
and verifying whether the first authentication data is authentication data generated by the reference station when the first digital signature is a digital signature corresponding to the first authentication data, and indicating that the server is authenticated by the reference station when the first authentication data is authentication data generated by the reference station.
3. The method of claim 1, wherein the encrypting the target reference station data, prior to obtaining the encrypted data, further comprises:
sending a second authentication request to the server, wherein the second authentication request is used for the server to respond to the second authentication request and authenticate the reference station according to second authentication data, a second digital signature and a second digital certificate corresponding to the reference station, which are included in the second authentication request;
receiving an authentication result sent by the server for the reference station;
the encrypting the target reference station data to obtain encrypted data comprises the following steps:
and encrypting the target reference station data to obtain encrypted data under the condition that the authentication result indicates that the reference station passes the authentication of the server.
4. A method according to claim 3, wherein before said sending a second authentication request to the server, the method further comprises:
receiving a file request sent by the server, wherein the file request is used for requesting a certificate request file corresponding to the reference station;
responding to the file request, and generating the certificate request file;
sending the certificate request file to the server, wherein the certificate request file is used for requesting a second digital certificate corresponding to the reference station by the server based on the certificate request file;
And receiving the second digital certificate sent by the server.
5. The method of claim 1, wherein the encrypting the target reference station data, prior to obtaining the encrypted data, further comprises:
receiving a target ciphertext sent by the server;
decrypting the target ciphertext to obtain a target key corresponding to the target ciphertext;
the encrypting the target reference station data to obtain encrypted data comprises the following steps:
and encrypting the target reference station data by using the target key to obtain the encrypted data.
6. The method of claim 5, wherein the method further comprises:
and sending index information corresponding to the target ciphertext to the server, wherein the index information is used for the server to find the target ciphertext corresponding to the index information according to the index information, and decrypting the encrypted data by utilizing the target key corresponding to the target ciphertext to obtain the target reference station data.
7. A method of reference station data transmission, the method comprising:
sending a first authentication request to a reference station, wherein the reference station responds to the first authentication request and authenticates a server according to first authentication data, a first digital signature and a first digital certificate included in the first authentication request;
Receiving encrypted data transmitted by the reference station through a public network under the condition that the server passes the authentication of the reference station;
and decrypting the encrypted data to obtain the target reference station data.
8. The method of claim 7, wherein prior to receiving the encrypted data transmitted by the reference station over the public network, the method further comprises:
receiving a second authentication request sent by the reference station, wherein the second authentication request comprises second authentication data, a second digital signature and a second digital certificate;
authenticating the reference station in response to the second authentication request according to the second authentication data, the second digital signature and the second digital certificate;
transmitting an authentication result for the reference station to the reference station;
the receiving, by the public network, the encrypted data sent by the reference station, including:
and receiving the encrypted data sent by the reference station through the public network in the case that the authentication result indicates that the reference station is authenticated by the server.
9. The method of claim 8, wherein authenticating the reference station based on the second authentication data, the second digital signature, and the second digital certificate comprises:
Verifying whether the second digital certificate is a digital certificate corresponding to the reference station;
verifying whether the second digital signature is a digital signature corresponding to the second authentication data in the case that the second digital certificate is a digital certificate corresponding to the reference station;
verifying whether the second authentication data is authentication data generated by the server in the case where the second digital signature is a digital signature corresponding to the second authentication data, and indicating that the reference station is authenticated by the server in the case where the second authentication data is authentication data generated by the server.
10. The method of claim 8, wherein prior to receiving the second authentication request sent by the reference station, the method further comprises:
sending a file request to the reference station, wherein the file request is used for requesting a certificate request file corresponding to the reference station;
receiving the certificate request file sent by the reference station;
requesting a digital certificate corresponding to the reference station according to the certificate request file;
and sending the digital certificate corresponding to the reference station.
11. The method of claim 7, wherein prior to receiving the encrypted data transmitted by the reference station over the public network, the method further comprises:
sending a target ciphertext to the reference station, wherein the target ciphertext is used for encrypting the target reference station data by the reference station by using a target key corresponding to the target ciphertext to obtain the encrypted data;
the decrypting the encrypted data to obtain the target reference station data comprises the following steps:
and decrypting the encrypted data by using the target key to obtain target reference station data.
12. The method of claim 11, wherein prior to receiving the encrypted data transmitted by the reference station over the public network, the method further comprises:
transmitting index information corresponding to the target ciphertext to the reference station;
after receiving the encrypted data sent by the reference station through the public network, the method further includes:
receiving the index information sent by the reference station;
searching the target ciphertext corresponding to the index information according to the index information;
and determining the target key corresponding to the target ciphertext according to the target ciphertext.
13. A reference station data transmission apparatus, the apparatus comprising:
the first authentication module is used for authenticating the server;
the encryption module is used for encrypting the target reference station data to obtain encrypted data under the condition that the server passes the reference station authentication;
and the first sending module is used for sending the encrypted data to the server through a public network so as to be used for decrypting the encrypted data by the server to obtain the target reference station data.
14. A reference station data transmission apparatus, the apparatus comprising:
a fifth sending module, configured to send a first authentication request to a reference station, so that the reference station responds to the first authentication request, and authenticates a server according to first authentication data, a first digital signature and a first digital certificate included in the first authentication request;
a fifth receiving module, configured to receive, through a public network, encrypted data sent by the reference station, in a case where the server passes authentication of the reference station;
and the second decryption module is used for decrypting the encrypted data to obtain the target reference station data.
15. A reference station, the reference station comprising: a processor, a memory and a program or instruction stored on the memory and executable on the processor, which when executed by the processor implements the steps of the reference station data transmission method of any one of claims 1 to 6.
16. A server, the server comprising: a processor, a memory and a program or instruction stored on the memory and executable on the processor, which when executed by the processor carries out the steps of the reference station data transmission method as claimed in any one of claims 7 to 12.
17. A readable storage medium having stored thereon a program or instructions which when executed by a processor performs the steps of the reference station data transmission method of any of claims 1 to 12.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111250803.9A CN116033415A (en) | 2021-10-26 | 2021-10-26 | Reference station data transmission method and device, reference station, server and medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111250803.9A CN116033415A (en) | 2021-10-26 | 2021-10-26 | Reference station data transmission method and device, reference station, server and medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116033415A true CN116033415A (en) | 2023-04-28 |
Family
ID=86071056
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111250803.9A Pending CN116033415A (en) | 2021-10-26 | 2021-10-26 | Reference station data transmission method and device, reference station, server and medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116033415A (en) |
-
2021
- 2021-10-26 CN CN202111250803.9A patent/CN116033415A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109347835B (en) | Information transmission method, client, server, and computer-readable storage medium | |
| CN110061846B (en) | Method, device and computer readable storage medium for identity authentication and confirmation of user node in block chain | |
| WO2018050081A1 (en) | Device identity authentication method and apparatus, electric device, and storage medium | |
| CN109729523B (en) | Terminal networking authentication method and device | |
| CN112926051B (en) | Multi-party security computing method and device | |
| CN110990827A (en) | Identity information verification method, server and storage medium | |
| US9917692B2 (en) | Key exchange system, key exchange method, key exchange device, control method thereof, and recording medium for storing control program | |
| JP2005102163A (en) | Equipment authentication system, server, method and program, terminal and storage medium | |
| CN110365486B (en) | Certificate application method, device and equipment | |
| CN110690956B (en) | Bidirectional authentication method and system, server and terminal | |
| CN104836784A (en) | Information processing method, client, and server | |
| KR20160113248A (en) | Device certificate provision apparatus, device certificate provision system, and device certificate provision program | |
| CN106411520B (en) | Method, device and system for processing virtual resource data | |
| CN114499837B (en) | Message leakage prevention method, device, system and equipment | |
| CN111080856A (en) | Bluetooth entrance guard unlocking method | |
| CN110838919A (en) | Communication method, storage method, operation method and device | |
| CN111291398B (en) | Block chain-based authentication method and device, computer equipment and storage medium | |
| CN111510421B (en) | Data processing method and device, electronic equipment and computer readable storage medium | |
| CN108429621B (en) | Identity verification method and device | |
| US8522046B2 (en) | Method, apparatus and system for acquiring service by portable device | |
| CN114297597B (en) | Account management method, system, equipment and computer readable storage medium | |
| CN115941328A (en) | Sharable user data encryption processing method, device and system | |
| CN114944921A (en) | Login authentication method and device, electronic equipment and storage medium | |
| US20210111906A1 (en) | Pseudonym credential configuration method and apparatus | |
| CN116073989A (en) | Authentication data processing method, device, system, equipment and medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |