CN117439657B - Satellite remote control instruction use authority management method based on key library - Google Patents
Satellite remote control instruction use authority management method based on key library Download PDFInfo
- Publication number
- CN117439657B CN117439657B CN202311763083.5A CN202311763083A CN117439657B CN 117439657 B CN117439657 B CN 117439657B CN 202311763083 A CN202311763083 A CN 202311763083A CN 117439657 B CN117439657 B CN 117439657B
- Authority
- CN
- China
- Prior art keywords
- remote control
- satellite
- key
- control instruction
- secret
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000007726 management method Methods 0.000 title claims abstract description 34
- 238000000034 method Methods 0.000 claims abstract description 20
- 238000013475 authorization Methods 0.000 claims abstract description 6
- 238000005259 measurement Methods 0.000 claims description 20
- 230000008569 process Effects 0.000 claims description 14
- 238000003860 storage Methods 0.000 claims description 13
- 230000005540 biological transmission Effects 0.000 abstract description 10
- 230000006872 improvement Effects 0.000 abstract description 2
- 230000008859 change Effects 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 4
- 238000004519 manufacturing process Methods 0.000 description 3
- 230000009286 beneficial effect Effects 0.000 description 2
- 238000011084 recovery Methods 0.000 description 2
- 230000001360 synchronised effect Effects 0.000 description 2
- 238000010923 batch production Methods 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000012217 deletion Methods 0.000 description 1
- 230000037430 deletion Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 230000009467 reduction Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04B—TRANSMISSION
- H04B7/00—Radio transmission systems, i.e. using radiation field
- H04B7/14—Relay systems
- H04B7/15—Active relay systems
- H04B7/185—Space-based or airborne stations; Stations for satellite systems
- H04B7/1851—Systems using a satellite or space-based relay
- H04B7/18519—Operations control, administration or maintenance
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/03—Protecting confidentiality, e.g. by encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- Astronomy & Astrophysics (AREA)
- Aviation & Aerospace Engineering (AREA)
- General Physics & Mathematics (AREA)
- Radio Relay Systems (AREA)
Abstract
The invention relates to a satellite remote control instruction use permission management method based on a key library, belongs to the technical field of in-orbit satellite remote control, and solves the requirements of the existing satellite remote control instruction on improvement of safety and use permission management. The method comprises the steps that a root key and a key library are stored in advance before satellite transmission; after the satellite remote control mode is switched to a secret state, a user authorized by the ground transportation management center encrypts a remote control instruction according to a root key and a designated key by the ground station and sends the remote control instruction to the satellite center, and the ground transportation management center updates or deletes the key in the satellite key library by uploading a satellite key management instruction; the central machine star software analyzes the key identification through the remote control decryption module and decrypts the secret state remote control instruction according to the key specified by the key identification. The invention grants the secret key appointed by the user own ground station using the satellite in the secret key authorization mode, so that the user own ground station can only generate the remote control instruction of the appointed satellite through the secret key, thereby achieving the purpose of managing the use authority of the user own ground station.
Description
Technical Field
The invention belongs to the technical field of in-orbit satellite remote control, and particularly relates to a satellite remote control instruction use permission management method based on a key library, which comprises the technical fields of in-orbit updating of a satellite central machine satellite software key library, transmission and switching of satellite explicit and encrypted remote control instructions, production permission management of the encrypted remote control instructions and the like.
Background
In recent years, with the continuous progress of the aerospace technology, satellite technology has also been rapidly developed, and commercial satellites have become a rapidly growing strategic emerging industry. With the reduction of satellite manufacturing and launching cost and the improvement of satellite performance, various countries invest in building satellite Internet, and commercial enterprises are encouraged to enter the aerospace and application fields thereof, and the satellite marketing application gradually forms a new industry.
The satellite remote control technology is used for controlling the real-time state of the satellite, and the satellite ground station transmits the produced instruction to the satellite through an X measurement and control uplink channel, so that the purpose of operating the satellite is achieved. The satellite remote control technology can realize task execution, orbit change, configuration parameter change and the like of the satellite.
With the increase of the number of commercial satellites transmitting into orbit, the demand for remote control of the satellites in orbit is also increased, and how to ensure the safety of satellite remote control instructions becomes a problem to be solved urgently. And aiming at satellite products sold by commercial satellite companies, satellites used by users are delivered, and the demand for management of the use authority of remote control instructions is met.
Disclosure of Invention
Aiming at the problems, the invention provides a satellite remote control instruction use permission management method based on a key store, which aims to improve the uplink security of the satellite remote control instruction and manage the use permission of a user on the satellite remote control instruction. By the method, the remote control instruction uploaded by the satellite is encrypted, so that the content of the remote control instruction is difficult to be cracked, and the malicious attack of the satellite by the remote control instruction is effectively prevented. Meanwhile, a specific key sequence is given to the own ground station of the user using the satellite in a key authorization mode, so that the own ground station of the user can only generate a specific secret remote control instruction through the key, and the secret remote control instruction can only control the appointed satellite, thereby achieving the purpose of managing the use authority of the user.
In order to solve the problems, the invention adopts the following technical scheme:
a satellite remote control instruction use authority management method based on a key store comprises the following steps:
step 1: a root key and a key library are pre-stored in a storage space MRAM of a satellite central machine before each satellite transmits, the key library contains 255 keys at most, each key has a unique key identifier, and the root key and the key stored by each satellite are different;
step 2: after the satellite is transmitted and stably operated, the ground transport management center injects a satellite remote control state switching instruction to the appointed satellite, and the current remote control mode of the appointed satellite and the default remote control mode of the satellite after the satellite is powered on again are switched into a dense remote control mode;
step 3: judging whether the satellite receives a correct secret state remote control instruction within a preset time period, if so, executing the step 4, otherwise, switching the secret state remote control mode into an open state remote control mode, and returning to the step 2;
step 4: the ground transportation management center stores root keys and key libraries of all satellites, the ground transportation management center grants a designated key in the key library of a designated satellite to remote control encryption software in a self ground station of a user, the remote control encryption software generates a secret remote control instruction of the designated satellite according to the designated key, and the generated secret remote control instruction is sent to the satellite center through an X measurement and control uplink channel;
step 5: the ground remote control encryption software in the ground transportation management center can generate corresponding secret state remote control instructions by using different keys in the key store, and the generated secret state remote control instructions are sent to the satellite center machine through the X measurement and control uplink channel;
when the ground transportation center cancels the use authority of the user own ground station on the appointed satellite, the ground transportation center annotates a satellite key management instruction on the appointed satellite corresponding to the user own ground station, updates or deletes the key granted to the user own ground station in the appointed satellite key library, and releases the authorization of the user own ground station;
step 6: in the satellite central machine of each satellite, central machine star software transmits the received secret state remote control instruction to a remote control decryption module through a software function interface, the remote control decryption module analyzes a key identification in the secret state remote control instruction, decrypts the secret state remote control instruction according to a stored root key and a key specified by the analyzed key identification, generates an explicit remote control instruction, and processes the content of the explicit remote control instruction by the central machine star software.
Compared with the prior art, the invention has the following beneficial effects:
(1) The ground management center and the authorized user own ground station encrypt the satellite remote control instruction through a designated secret key, encrypt and transmit the satellite remote control instruction through an X measurement and control uplink channel, and upload the satellite remote control instruction to the satellite center machine so as to prevent other ground users from carrying out malicious attack on the satellite uplink instruction by the own ground station;
(2) The central machine star software can select a designated key to decrypt the secret remote control instruction according to the key identification in the remote control instruction, and when the ground transportation management center and the authorized user own ground station change the key, the satellite does not need to carry out key synchronization with the ground transportation management center or the authorized user own ground station;
(3) The ground transportation management center manages the key library used by the remote control decryption module on the satellite in a mode of uploading satellite key management instructions, and replaces or deletes keys in the key library on the satellite so as to achieve the purpose of managing the use authority of the secret remote control instructions;
(4) The user purchasing the satellite use right uses the remote control encryption software of the designated key by the own ground station, the secret state remote control instruction of the satellite can be generated by the own ground station, the designated satellite is controlled by sending the secret state remote control instruction, the secret of the satellite used by the own ground station is ensured without passing through a ground transport center;
(5) The ground transportation center can assign different use authorities to the self ground stations of users using different satellites, and the authority recovery of the self ground stations of users with authority expiration does not influence the normal use of the satellites by the self ground stations of other users.
Drawings
FIG. 1 is a flow chart of a method for managing the usage rights of satellite remote control instructions based on a key store according to the present invention;
FIG. 2 is a flow chart of satellite explicit remote control command transmission;
FIG. 3 is a flow chart of satellite secret remote control command transmission;
FIG. 4 is a flow chart of the remote control decryption module decrypting a encrypted remote control command;
fig. 5 is a schematic diagram of a satellite remote control command interface and transmission process.
Detailed Description
The invention provides a satellite remote control instruction use permission management method based on a key library, which aims to improve the uplink security of a satellite remote control instruction and manage the use permission of a user on a satellite secret state remote control instruction and is mainly applied to batch production of satellites. The satellite remote control instruction use authority management method based on the key library can be concretely divided into the following steps: the first step is that before satellite transmission, the key library is solidified in a designated storage area; the second step is the initial stage of satellite emission, and the satellite remote control mode is changed from the bright state to the dense state; thirdly, judging whether key failure occurs or not; the fourth step is the satellite steady operation stage, grant the remote control encryption software using the secret key appointed by the satellite's own ground station of the user, encrypt the remote control instruction and upload the secret remote control instruction to the satellite center machine through the ground station; the fifth step is the satellite steady operation stage, the satellite central machine analyzes the received secret state remote control instruction into an open state remote control instruction through a remote control decryption function and executes the open state remote control instruction; and the sixth step is a satellite stable operation stage, when the user authority of using the satellite expires, the ground transportation management center cancels the use authority of the user on the appointed satellite remote control instruction in a mode of uploading the satellite key management instruction, and finally the purpose of managing the use authority of the user satellite remote control instruction is realized. The technical scheme of the present invention will be described in detail with reference to the accompanying drawings and preferred embodiments.
As shown in fig. 1, the invention provides a satellite remote control instruction use authority management method based on a key store, which comprises the following steps:
step 1: before each satellite transmits, the root key and the key library are stored in the storage space MRAM of the satellite central machine in advance, and the root key and the key library can be updated in a command uploading mode. The key library contains 255 keys at most, the identification of the keys is represented by a storage space with one byte, each key in the key library has a unique key identification, and the operations of selecting, deleting and the like of the keys can be performed through the identification. The root key of each satellite is different from the keys in the keystore. The root key and the key library are both stored in the storage space MRAM of the satellite center machine, so that the satellite service software of the satellite center machine can read the key more conveniently, and the root key and the key library can be modified when the satellite is in orbit. Meanwhile, the storage management of the root key and the key library in the invention is completed on the satellite central machine, and the satellite central machine has higher storage capacity and calculation capacity compared with the communication machine, so that the satellite remote control instruction use permission management method provided by the invention has higher speed and higher efficiency. In the invention, the satellite remote control telemetry uses independent root keys and key libraries respectively, and the storage spaces of the two are mutually independent on hardware physical addresses, so that the satellite remote control uplink channel and the telemetry downlink channel are prevented from being attacked at the same time, and the safety and the robustness of the measurement and control channel are enhanced.
The satellite remote control instruction use permission management method based on the key library provided by the invention realizes encryption and decryption of the satellite remote control instruction in the form of a root key and the key library, satellite center machine satellite software can select a designated key for use through a key identifier, the use permission of a user is controlled through the remote control encryption software which grants the key corresponding to the designated key of the user using the satellite, and the designated identified key (the operation instruction related to the key and the right of the right state switching instruction are not granted to the user) on the satellite can be switched, changed or deleted through the satellite key management instruction, so that the use permission of the designated satellite by the designated user is canceled, and the purpose of managing the satellite use permission of the user is achieved.
Step 2: after the satellite is transmitted and stably operates, the ground transport management center injects a satellite remote control state switching instruction to the appointed satellite, and the current remote control mode of the appointed satellite and the default remote control mode of the satellite after the satellite is powered on again are switched into a dense state.
When the satellite is initially in orbit, the satellite remote control mode defaults to an bright state, and the satellite defaults to the bright state after being powered up again; after the satellite stably operates, the ground transportation pipe center switches the current remote control clear state of the appointed satellite and the default remote control clear state after the satellite is powered up again through a mode of uploading instructions, namely by uploading satellite remote control state switching instructions to the appointed satellite, the satellite remote control mode is a dense remote control mode after switching, and the satellite remote control mode is also default to the dense remote control mode after the satellite is powered up again. When the satellite remote control mode is set to be in a dense state, the satellite only receives and processes the dense state remote control instruction, and the bright state remote control instruction does not respond. The satellite key management command and the satellite remote control state switching command are managed by a ground transportation management center, and the contents of the two types of commands are not disclosed to a user.
Step 3: in order to prevent key failure caused by single event upset of a storage space MRAM of a satellite central machine, under the condition that a satellite remote control mode is set to a secret remote control mode, judging whether the satellite receives a correct secret remote control instruction within a preset time period, if the satellite continuously receives the correct secret remote control instruction for 72 hours, the satellite central machine autonomously switches the satellite remote control mode to an open remote control mode, and then returns to the step 2 to wait for the ground transport pipe center to annotate the satellite remote control state switching instruction; if the satellite receives the correct secret state remote control instruction within 72 continuous hours, the satellite does not need to switch the remote control mode to the bright state remote control mode, and the step 4 is continuously executed.
Step 4: the ground transportation center stores root keys and key libraries of all satellites, after the satellite remote control mode is switched to a secret state, the ground transportation center grants the appointed key in the key library of the appointed satellite to remote control encryption software in the own ground station of a user, so that the remote control encryption software obtains the production authority of remote control instructions of the appointed satellite, secret state remote control instructions of the appointed satellite can be generated, and the generated secret state remote control instructions are sent to the satellite center machine through uplink channels such as X measurement and control. Because the root key and keystore of each satellite are different, the user-generated secret remote control instructions granted to a given key can only be parsed and executed by the given satellite, but not by other satellites. After the user own ground station obtains the key authorization, the secret state remote control instruction of the appointed satellite can be automatically generated, the appointed satellite can be controlled by sending the secret state remote control instruction, and the secret state remote control instruction does not pass through the ground transportation center, so that the user own ground station is not monitored by the ground transportation center in the process of using the satellite, and the privacy of the user own ground station using the satellite is ensured.
Step 5: the ground transportation management center not only can update, delete and the like the designated key of the designated satellite through uploading the satellite key management instruction, but also can encrypt the remote control instruction by using different keys through ground remote control encryption software to generate a corresponding secret remote control instruction, and the generated secret remote control instruction is sent to the satellite center through an uplink channel such as X measurement and control.
When the user arrives at the service life or breaks the contract, the ground transportation management center cancels the use authority of the user own ground station to the appointed satellite, the ground transportation management center uploads a satellite key management instruction to the appointed satellite corresponding to the user own ground station, updates or deletes the key granted to the user own ground station in the appointed satellite key library, releases the authorization to the user own ground station, and the secret remote control instruction generated by the user own ground station cannot be analyzed and executed by the appointed satellite, so that the use authority of the user to the satellite secret remote control instruction is managed. For the own ground station of the user who grants other keys in the satellite key bank, the generated secret remote control instruction can still be analyzed and executed by the satellite, so that the use authority of the own ground station of other users on the satellite is not affected.
Step 6: the satellite service software of the satellite center machine can identify the key identifications of all keys in the key store, select the corresponding appointed key in the key store after identifying the unique key identifications in the secret remote control instruction, and decrypt the secret remote control instruction by using the appointed key and the stored root key. Because the secret remote control instruction contains the key identification bit, the central machine star software can identify the unique key identification of all keys in the key library, so that when the ground station switches keys, the satellite central machine star software can analyze the identification only by updating the identification bit in the instruction information and find the appointed key in the key library to analyze the identification, and therefore, the ground transportation center and the authorized user do not need to perform key synchronization operation with the satellite by own ground station.
After the satellite remote control mode is switched to the secret remote control mode, in a satellite central machine of each satellite, central machine satellite service software transmits a remote control instruction received by a measurement and control module to a remote control decryption module through a software function interface, the remote control decryption module analyzes a key identifier in the secret remote control instruction, decrypts the secret remote control instruction according to a stored root key and a key designated by the key identifier, generates an explicit remote control instruction, and the central machine satellite service software processes the content of the explicit remote control instruction.
The function code of the remote control decryption module in the step is embedded into the satellite service software code of the central machine, the decryption process of the satellite secret state remote control instruction is carried out in the satellite central machine, and the central machine satellite service software transmits the secret state remote control instruction to the remote control decryption module through the software function interface to decrypt the secret state remote control instruction. The X measurement and control channels can upload the secret state remote control instruction, the safety in the remote control instruction transmission process is enhanced, and the measurement and control module receives the secret state remote control instruction and then forwards the secret state remote control instruction to the satellite central machine for decryption. The central machine star software and the measurement and control module perform data interaction in a CAN bus mode, and the state of the data is not distinguished in the data transmission process, but distinguished according to the key identification in the remote control instruction after the central machine star software acquires the remote control instruction.
Taking the ground transportation center as an example, the sending flow of the satellite explicit remote control instruction is shown in fig. 2, an explicit remote control instruction is sent from the ground transportation center, reaches the satellite center machine through the X measurement and control uplink channel, and the satellite center machine analyzes and processes the remote control instruction content. The satellite remote control command use authority management method based on the key library improves the satellite remote control command sending flow, and is mainly different from the clear satellite remote control command sending flow in that satellite remote control decryption software and ground remote control encryption software are added. The flow of sending the satellite secret remote control instruction is shown in fig. 3, firstly, a clear remote control instruction needs to be encrypted in a ground transportation center through ground remote control encryption software by using a designated key to obtain the secret remote control instruction, then the secret remote control instruction is sent to reach a satellite center through an X measurement and control uplink channel, then decrypted by using a designated key through an on-board remote control decryption module (namely on-board decryption software), so as to obtain the clear remote control instruction, and finally the satellite center analyzes and processes the instruction content. The ground transportation center can select different keys to encrypt the remote control instruction, and the remote control instruction can be decrypted by aiming at the different keys on the satellite. By the mode, the aim that different satellites encrypt and decrypt remote control instructions by using different keys can be achieved. For delivering the satellite used by the user, the remote control instruction encryption software of the designated key can be authorized, so that the user can obtain the uplink authority of the remote control instruction of the satellite from the ground station, and the user can not operate other satellites by the ground station, and meanwhile, the ground transportation management center can also perform operations such as replacement, deletion and the like on the designated key in the satellite key library through the uplink satellite key management instruction, thereby achieving the purpose of canceling the use authority of the designated satellite by the specific user and realizing the management of the use authority of the satellite remote control instruction.
The in-orbit satellite remote control command system comprises two remote control commands with different lengths of 64 bytes and 512 bytes, wherein the 64-byte remote control command comprises a synchronous head (with the length of 2 bytes), a mode word (with the length of 1 byte), a data area (with the length of 59 bytes) and a CRC (with the length of 2 bytes), and the 512-byte remote control command comprises the synchronous head (with the length of 2 bytes), the mode word (with the length of 1 byte), the data area (with the length of 507 bytes) and the CRC (with the length of 2 bytes), wherein the key identification is contained in the data area. The encryption process of the remote control command by the ground remote control encryption software is mainly to encrypt the content of the data area, as shown in fig. 4, the ground remote control encryption software firstly obtains the key identification of the clear remote control command, if the key identification is in the clear state, the encryption is not performed, the clear remote control command is directly output, if the key identification is in the secret state, the content of the data area is encrypted according to the key specified by the key identification and then is output, and other parts of the content are directly output. The method comprises the steps that a satellite decryption process corresponds to a remote control command encryption process of a ground management center, the satellite decryption process is similar to the ground encryption process, firstly, satellite service software of a satellite center obtains a key identification in a secret state remote control command, then the secret state remote control command is decrypted by using a key appointed by the key identification, so that an open state remote control command is obtained, and finally, the content of the open state remote control command is analyzed and processed by the satellite service software of the satellite center. For the remote control encryption software used by the delivering user, the remote control instruction can be encrypted only by using the secret key appointed by the ground transportation management center, and other secret keys can not be used, so that the purpose of controlling the user use permission is achieved.
The remote control decryption module belongs to a software module, is a subfunction in the central machine star software, and is used for interacting data between the central machine star software and the remote control decryption module through a function interface, and belongs to a software interface. The software function interface between the satellite center machine star software and the remote control decryption module is (data, length, tmtcFlag, starID, keyNum), wherein: data is a pointer pointing to a secret remote control instruction to be decrypted, and length is fixed to be 64 bytes or 512 bytes of remote control instruction length; tmtcFlag is a remote control telemetry identifier, and when tmtcFlag is 0x55, remote control is indicated, and decryption operation is performed; the starID is a satellite identifier, and different identifiers represent different satellites; and the keyNum is a key identifier, and the content of the data area is encrypted and output according to a key specified by the key identifier. The remote control command interface and the remote control command transmission process are shown in fig. 5, the remote control decryption module obtains the clear remote control command and related parameters through the interface, encrypts the remote control command, outputs the close remote control command, and transmits data to the satellite service software of the satellite center through the data pointer for processing.
The satellite remote control instruction use permission management method based on the key library has the following beneficial effects:
(1) The ground management center and the authorized user own ground station encrypt the satellite remote control instruction through a designated secret key, encrypt and transmit the satellite remote control instruction through an X measurement and control uplink channel, and upload the satellite remote control instruction to the satellite center machine so as to prevent other ground users from carrying out malicious attack on the satellite uplink instruction by the own ground station;
(2) The central machine star software can select a designated key to decrypt the secret remote control instruction according to the key identification in the remote control instruction, and when the ground transportation management center and the authorized user own ground station change the key, the satellite does not need to carry out key synchronization with the ground transportation management center or the authorized user own ground station;
(3) The ground transportation management center manages the key library used by the remote control decryption module on the satellite in a mode of uploading satellite key management instructions, and replaces or deletes keys in the key library on the satellite so as to achieve the purpose of managing the use authority of the secret remote control instructions;
(4) The user purchasing the satellite use right uses the remote control encryption software of the designated key by the own ground station, the secret state remote control instruction of the satellite can be generated by the own ground station, the designated satellite is controlled by sending the secret state remote control instruction, the secret of the satellite used by the own ground station is ensured without passing through a ground transport center;
(5) The ground transportation center can assign different use authorities to the self ground stations of users using different satellites, and the authority recovery of the self ground stations of users with authority expiration does not influence the normal use of the satellites by the self ground stations of other users.
The specific steps of the satellite remote control instruction use permission management method based on the key library provided by the invention are described below by taking Jilin-one high-score 06A series batch satellite comprising 30 satellites as an example.
The first step: before satellite transmission, a root key and a key base used by a remote control decryption module are solidified in a designated storage area of a satellite central machine, wherein the key base contains 255 keys, the keys are generated by a specific encryption algorithm, and each key has a specific and unique identification. Although the root key and the key store are solidified in the storage area of the satellite central machine before the satellite is transmitted, the root key and the key store can be updated, deleted and the like through the satellite key management instructions after the satellite is transmitted.
And a second step of: in the initial orbit entering stage of the satellite, the satellite remote control mode defaults to an bright state, and at the moment, the central machine defaults to the bright state after being powered on again or reset; in the stable operation stage of the satellite, the satellite remote control mode is switched into the dense remote control mode through the uploading instruction, and the central machine is powered on again or reset to default to the dense remote control mode after being switched into the dense remote control mode.
And a third step of: if the satellite is judged to continuously receive the correct secret state remote control instruction for 72 hours, judging that the satellite generates key failure, automatically switching the satellite remote control mode into the bright state remote control mode by the satellite central machine at the moment, returning to the second step, and waiting for the satellite remote control state switching instruction to be injected on the ground transport pipe center; if the satellite is judged to receive the correct secret remote control instruction for 72 hours continuously, the next step is continued to be executed.
Fourth step: in the satellite stable operation stage, the remote control encryption software using the secret key appointed by the satellite user own ground station is granted, and firstly, the remote control encryption software generates a clear remote control instruction, such as a parameter configuration instruction of a single satellite, according to a satellite remote control instruction file and the secret key appointed by the ground transport management center: 771642FCE53088AAAAAAAA13AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA00104F, then encrypting by using a specified key through remote control encryption software, in this example, encrypting the clear remote control instruction by using a key identifier 01, where the encrypted secret remote control instruction is: 771642C74B6ADE7B413758D57FDEB8C0A46D5AFA625F21CFF3C4FADB168164E0C6CDE9FA625F21CFF3C4FADB168164E0C6CDE9AAAAAAAAAAAAAAAAAAAAD1CF3B. And finally, the user transmits the secret remote control instruction to the measurement and control stand-alone machine such as the X measurement and control of the satellite through the X measurement and control uplink channel by the own ground station, and finally the measurement and control stand-alone machine receiving the instruction transmits the secret remote control instruction to the satellite central machine.
Fifth step: in the stable operation stage of the satellite, the satellite central machine receives a secret state remote control instruction: 771642C74B6ADE7B413758D57FDEB8C0A46D5AFA625F21CFF3C4FADB168164E0C6CDE9FA625F21CFF3C4FADB168164E0C6CDE9AAAAAAAAAAAAAAAAAAAAD1CF3B, and the secret remote control instruction is transferred to the remote decryption algorithm function through the data interface, the function interface is (data, length, tmtcFlag, starID, keyNum), wherein: data is a pointer to the encrypted remote control data to be decrypted; length is the length 64 of the secret remote control instruction; tmtcFlag is 0x55, which indicates a remote control, and a decryption operation is performed; the starID is 0x01 and represents a high-score 06A series batch satellite; the keyNum is a designated key identifier 01 given to the own ground station of the user, and the function interface is (data×64,0×55,0×01, 01). Decrypting the secret state remote control instruction data by the remote control decryption algorithm function to obtain a clear state remote control instruction: 771642FCE53088AAAAAAAA13AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA00104F, and transmits the clear remote control instruction to satellite center machine satellite service software, and the center machine software processes the content of the clear remote control instruction.
Sixth step: in the satellite stable operation stage, when the user authority of the using satellite expires, the ground transportation management center can exchange, delete and the like the secret key used by the own ground station of the user in the satellite secret key library by uploading the satellite secret key management instruction, and after the operation is finished, the secret state remote control instruction generated by the remote control encryption software used by the own ground station of the user cannot be analyzed by the satellite, so that the purpose of canceling the use authority of the own ground station of the user on the appointed satellite remote control instruction is achieved.
The technical features of the above-described embodiments may be arbitrarily combined, and all possible combinations of the technical features in the above-described embodiments are not described for brevity of description, however, as long as there is no contradiction between the combinations of the technical features, they should be considered as the scope of the description.
The above examples illustrate only a few embodiments of the invention, which are described in detail and are not to be construed as limiting the scope of the invention. It should be noted that it will be apparent to those skilled in the art that several variations and modifications can be made without departing from the spirit of the invention, which are all within the scope of the invention. Accordingly, the scope of protection of the present invention is to be determined by the appended claims.
Claims (6)
1. The satellite remote control instruction use authority management method based on the key library is characterized by comprising the following steps of:
step 1: before each satellite is transmitted, a root key and a key library are stored in a storage space MRAM of a satellite central machine in advance, the storage spaces of the root key and the key library are mutually independent on hardware physical addresses, the key library contains 255 keys at most, each key has a unique key identifier, and the root key and the key stored by each satellite are different;
step 2: after the satellite is transmitted and stably operated, the ground transport management center injects a satellite remote control state switching instruction to the appointed satellite, and the current remote control mode of the appointed satellite and the default remote control mode of the satellite after the satellite is powered on again are switched into a dense remote control mode;
step 3: judging whether the satellite receives a correct secret state remote control instruction within a preset time period, if so, executing the step 4, otherwise, switching the secret state remote control mode into an open state remote control mode, and returning to the step 2;
step 4: the ground transportation management center stores root keys and key libraries of all satellites, the ground transportation management center grants a designated key in the key library of a designated satellite to remote control encryption software in a self ground station of a user, the remote control encryption software generates a secret remote control instruction of the designated satellite according to the designated key, and the generated secret remote control instruction is sent to the satellite center through an X measurement and control uplink channel;
step 5: the ground remote control encryption software in the ground transportation management center can generate corresponding secret state remote control instructions by using different keys in the key store, and the generated secret state remote control instructions are sent to the satellite center machine through the X measurement and control uplink channel;
when the ground transportation center cancels the use authority of the user own ground station on the appointed satellite, the ground transportation center annotates a satellite key management instruction on the appointed satellite corresponding to the user own ground station, updates or deletes the key granted to the user own ground station in the appointed satellite key library, and releases the authorization of the user own ground station;
step 6: in the satellite central machine of each satellite, central machine star software transmits the received secret state remote control instruction to a remote control decryption module through a software function interface, the remote control decryption module analyzes a key identification in the secret state remote control instruction, decrypts the secret state remote control instruction according to a stored root key and a key specified by the analyzed key identification, generates an explicit remote control instruction, and processes the content of the explicit remote control instruction by the central machine star software.
2. The method for managing the use authority of the satellite remote control command based on the key library according to claim 1, wherein when a user generates a secret remote control command from a ground station, the secret remote control command is generated according to a satellite remote control command file, and then the secret remote control command is encrypted by remote control encryption software by using a designated key granted by a ground transport management center.
3. The method of claim 1, wherein the encrypted remote control command includes a synchronization header, a mode word, a data field, and a CRC check, and the key identification is included in the data field.
4. A method for managing the rights of use of a satellite remote control command based on a key store according to claim 3, wherein the synchronization header, the mode word, and the CRC check have a length of 2 bytes, 1 byte, and 2 bytes, respectively, and the data area has a length of 59 bytes or 507 bytes.
5. The method for managing the usage rights of a satellite remote control command based on a key store according to claim 1, wherein a software function interface between the central office satellite software and the remote control decryption module is (data, length, tmtcFlag, starID, keyNum), wherein: data is a pointer pointing to a secret remote control instruction to be decrypted, and length is fixed to be 64 bytes or 512 bytes of remote control instruction length; tmtcFlag is a remote control telemetry identifier, and when tmtcFlag is 0x55, remote control is indicated, and decryption operation is performed; the starID is a satellite identification; keyNum is the key identification.
6. The key store-based satellite remote command usage rights management method according to claim 1, wherein the preset duration is 72 hours.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311763083.5A CN117439657B (en) | 2023-12-21 | 2023-12-21 | Satellite remote control instruction use authority management method based on key library |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311763083.5A CN117439657B (en) | 2023-12-21 | 2023-12-21 | Satellite remote control instruction use authority management method based on key library |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN117439657A CN117439657A (en) | 2024-01-23 |
| CN117439657B true CN117439657B (en) | 2024-03-26 |
Family
ID=89556873
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311763083.5A Active CN117439657B (en) | 2023-12-21 | 2023-12-21 | Satellite remote control instruction use authority management method based on key library |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117439657B (en) |
Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6823185B1 (en) * | 2000-06-19 | 2004-11-23 | Motorola, Inc. | Systems and methods for performing authorized intercept in a satellite-based communications system |
| KR20130118579A (en) * | 2012-04-20 | 2013-10-30 | 아주대학교산학협력단 | Method and apparatus for communicating with satellite based on physical layer network coding using data encryption and decryption |
| CN107124271A (en) * | 2017-04-28 | 2017-09-01 | 成都梆梆信息科技有限公司 | A kind of data encryption, decryption method and equipment |
| CN107302460A (en) * | 2017-07-25 | 2017-10-27 | 广州邦正电力科技有限公司 | distribution automation system based on Beidou satellite communication |
| CN113098586A (en) * | 2021-03-30 | 2021-07-09 | 中国电子信息产业集团有限公司第六研究所 | Satellite measurement and control safety communication method |
| EP3993312A1 (en) * | 2020-10-29 | 2022-05-04 | Thales | Method for securing the transmission of satellite data and associated transmission system |
| CN115333609A (en) * | 2022-08-17 | 2022-11-11 | 浙江时空道宇科技有限公司 | Satellite measurement and control system, method, device, equipment and medium |
| CN115412160A (en) * | 2022-11-01 | 2022-11-29 | 清华大学 | Measurement and control data transmission method and system for satellite measurement and control link |
| CN115549769A (en) * | 2022-10-17 | 2022-12-30 | 中国电子科技集团公司第五十四研究所 | Satellite communication system bright and dense state switching method based on automatic control |
| US11626924B1 (en) * | 2020-06-11 | 2023-04-11 | Amazon Technologies, Inc. | Satellite transmission module for ground station |
| CN116582172A (en) * | 2023-06-08 | 2023-08-11 | 星众空间(西安)科技有限公司 | Quick response remote sensing satellite system |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR100653185B1 (en) * | 2005-11-17 | 2006-12-05 | 한국전자통신연구원 | Apparatus and method for verifying telecommand transmission and on-board execution status in satellite control system |
| KR100932897B1 (en) * | 2007-07-13 | 2009-12-21 | 한국전자통신연구원 | Apparatus and method for executing remote command of geostationary satellite, apparatus and method for verifying remote command execution for satellite control system |
| GB2569530B (en) * | 2017-12-13 | 2022-06-01 | Arqit Ltd | Quantum protection of telemetry tracking and command links |
-
2023
- 2023-12-21 CN CN202311763083.5A patent/CN117439657B/en active Active
Patent Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6823185B1 (en) * | 2000-06-19 | 2004-11-23 | Motorola, Inc. | Systems and methods for performing authorized intercept in a satellite-based communications system |
| KR20130118579A (en) * | 2012-04-20 | 2013-10-30 | 아주대학교산학협력단 | Method and apparatus for communicating with satellite based on physical layer network coding using data encryption and decryption |
| CN107124271A (en) * | 2017-04-28 | 2017-09-01 | 成都梆梆信息科技有限公司 | A kind of data encryption, decryption method and equipment |
| CN107302460A (en) * | 2017-07-25 | 2017-10-27 | 广州邦正电力科技有限公司 | distribution automation system based on Beidou satellite communication |
| US11626924B1 (en) * | 2020-06-11 | 2023-04-11 | Amazon Technologies, Inc. | Satellite transmission module for ground station |
| EP3993312A1 (en) * | 2020-10-29 | 2022-05-04 | Thales | Method for securing the transmission of satellite data and associated transmission system |
| CN113098586A (en) * | 2021-03-30 | 2021-07-09 | 中国电子信息产业集团有限公司第六研究所 | Satellite measurement and control safety communication method |
| CN115333609A (en) * | 2022-08-17 | 2022-11-11 | 浙江时空道宇科技有限公司 | Satellite measurement and control system, method, device, equipment and medium |
| CN115549769A (en) * | 2022-10-17 | 2022-12-30 | 中国电子科技集团公司第五十四研究所 | Satellite communication system bright and dense state switching method based on automatic control |
| CN115412160A (en) * | 2022-11-01 | 2022-11-29 | 清华大学 | Measurement and control data transmission method and system for satellite measurement and control link |
| CN116582172A (en) * | 2023-06-08 | 2023-08-11 | 星众空间(西安)科技有限公司 | Quick response remote sensing satellite system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN117439657A (en) | 2024-01-23 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104396183A (en) | A method and system for transferring firmware or software to a plurality of devices | |
| US20110158405A1 (en) | Key management method for scada system | |
| CN101981864A (en) | Method and apparatus for providing broadcast service using encryption key in a communication system | |
| JPH04256196A (en) | Portable electronic device | |
| KR102450811B1 (en) | System for key control for in-vehicle network | |
| CN115632779B (en) | Quantum encryption communication method and system based on power distribution network | |
| CN103051641A (en) | Method and system for updating multiple-client key, and information security transmission method | |
| CN102546184B (en) | Method and system for message secure transmission or key distribution in sensor network | |
| US20070081673A1 (en) | CCM encryption/decryption engine | |
| CN102546580A (en) | Method, system and device for updating user password | |
| CN104618380A (en) | Secret key update method suitable for internet of things | |
| CN117439657B (en) | Satellite remote control instruction use authority management method based on key library | |
| CN111786987B (en) | Task issuing method, device, system and equipment | |
| CN107800535A (en) | A kind of processing method and processing device of data safety | |
| KR20190040443A (en) | Apparatus and method for creating secure session of smart meter | |
| CN103856938A (en) | Encryption and decryption method, system and device | |
| US11297063B2 (en) | Method for user administration of a field device | |
| JP4239802B2 (en) | Multicast transmission method | |
| CN101471852A (en) | Method, system and client device for accessing high safety resource | |
| WO2012073340A1 (en) | Key update method, node, gateway, server, and network system | |
| CN117439658B (en) | Satellite telemetry data analysis authority management method based on key store | |
| CN112379889B (en) | IC remote self-help burning method and system | |
| CN101056169B (en) | Method and system for improving the multicast service security of the radio communication system | |
| CN110047181B (en) | Intelligent door lock safety control method based on Zigbee | |
| CN113709128A (en) | IROS system communication method and device based on block chain |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |