CN117640089A - Secure transmission method, device and storage medium for trusted dynamic data - Google Patents
Secure transmission method, device and storage medium for trusted dynamic data Download PDFInfo
- Publication number
- CN117640089A CN117640089A CN202410010603.3A CN202410010603A CN117640089A CN 117640089 A CN117640089 A CN 117640089A CN 202410010603 A CN202410010603 A CN 202410010603A CN 117640089 A CN117640089 A CN 117640089A
- Authority
- CN
- China
- Prior art keywords
- trusted
- message
- switch
- link layer
- dynamic data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 230000005540 biological transmission Effects 0.000 title claims abstract description 29
- 238000000034 method Methods 0.000 title claims abstract description 29
- 238000012795 verification Methods 0.000 claims abstract description 11
- 238000004590 computer program Methods 0.000 claims description 10
- 230000006854 communication Effects 0.000 claims description 6
- 238000004891 communication Methods 0.000 claims description 5
- 230000006399 behavior Effects 0.000 description 3
- 238000007726 management method Methods 0.000 description 3
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000010248 power generation Methods 0.000 description 1
- 238000011160 research Methods 0.000 description 1
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses a safe transmission method, equipment and storage medium of trusted dynamic data, comprising the following steps: the sending end reads the encryption module in the trusted chip, generates a trusted root by using the read encryption module, sends the trusted root to the receiving end by using the link layer, and performs trusted chain verification by using the trusted chip on the link layer switch in the link layer when the sending end communicates with the receiving end.
Description
Technical Field
The invention belongs to the technical field of information transmission, and relates to a safe transmission method, equipment and storage medium of trusted dynamic data.
Background
The energy power generation group manages a plurality of affiliated power plants through the group rear end, establishes communication with the power plants through a power special communication network, acquires the running state of the power plants in real time, exerts a certain degree of control, and then the group rear end does not encrypt and verify in the data transmission process when communicating with the power plants, so the safety of the data transmission is lower, hidden dangers are buried for the safe and stable running of an energy system, and how to improve the safety of the data transmission becomes an important research direction of the whole industry.
Disclosure of Invention
The invention aims to overcome the defects of the prior art and provide a safe transmission method, equipment and storage medium of trusted dynamic data, which can improve the safety of information transmission between power plants behind a group.
In order to achieve the above purpose, the invention adopts the following technical scheme:
in one aspect of the present invention, the present invention provides a secure transmission method of trusted dynamic data, including: the transmitting end reads the encryption module in the trusted chip, generates a trusted root for the message sent at this time according to the encryption algorithm in the encryption module, adds the trusted root to the end of the message, and sends the message to the receiving end after carrying out trusted chain verification through the trusted switch in the link layer.
The method specifically comprises the following steps:
the method comprises the steps that a transmitting end configures a trusted chip, an encryption module is arranged in a fixed area of the trusted chip, the transmitting end generates a trusted root by utilizing an encryption algorithm in the encryption module, the trusted root is added to the end of a message, and then the trusted root is transmitted to a trusted switch in a link layer;
the trusted switch verifies the trusted root at the end of the message, and when the trusted root passes verification, a digital signature is generated according to an encryption algorithm and a unique id stored by a trusted chip on the trusted switch, and the digital signature is attached to the end of the message and then sent to the next trusted switch of a link layer; discarding the message when the verification fails;
and the receiving end receives the message sent by the last trusted switch in the link layer and decrypts the received message.
The link layer comprises a plurality of trusted switches, wherein the trusted chip on each trusted switch is stored with an encryption algorithm and unique id, and each trusted switch notifies the trusted switch connected with the trusted switch of the local id.
And all the trusted switches in the link layer, the trusted switches and the receiving end and the trusted switches and the transmitting end adopt PPP point-to-point protocols added with link node record fields for communication.
The specific process of the receiving end receiving the message sent by the last trusted switch in the link layer and decrypting the received message is as follows:
the receiving end receives the message sent by the last trusted exchanger in the link layer, decrypts the received message, verifies the digital signature of the tail end of the message, and discards the message when the verification fails.
The sending end calculates the summary result of the message by adopting a summary algorithm, encrypts the summary result through a public key and an encryption algorithm to generate a digital signature, and takes the digital signature as a trusted root.
In a second aspect of the present invention, a computer device is provided, comprising a memory, a processor and a computer program stored in the memory and executable on the processor, the processor implementing the steps of the method for secure transmission of trusted dynamic data when executing the computer program.
In a third aspect of the invention, a computer readable storage medium is provided, storing a computer program which, when executed by a processor, implements the steps of the method for secure transmission of trusted dynamic data.
The invention has the following beneficial effects:
when the method, the device and the storage medium for safely transmitting the trusted dynamic data are specifically operated, the sending end and the receiving end communicate through the link layer, and meanwhile, in the communication process, the trusted chip on the trusted switch in the link layer is used for carrying out trusted chain verification so as to improve the safety of information transmission between power plants behind a group.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the description serve to explain the invention.
In the drawings:
fig. 1 is a schematic diagram of a system of the present invention.
Detailed Description
In order that those skilled in the art will better understand the present invention, a technical solution in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in which it is apparent that the described embodiments are only some embodiments of the present invention, not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the present invention without making any inventive effort, shall fall within the scope of the present invention.
It should be noted that the terms "first," "second," and the like in the description and the claims of the present invention and the above figures are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate such that the embodiments of the invention described herein may be implemented in sequences other than those illustrated or otherwise described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
The invention is described in further detail below with reference to the attached drawing figures:
example 1
The safe transmission method of the trusted dynamic data comprises the following steps:
referring to fig. 1, an encryption module and a key generation algorithm module are written in a fixed area of a trusted chip, when a group back end establishes connection with a station terminal, the group back end determines an encryption algorithm, generates a corresponding key by using the key generation algorithm, and then issues a public key to the station terminal; when a single message is generated and sent, a sending end encrypts the message by adopting a current encryption algorithm, meanwhile, a digital signature generated by the node is added in the message, and then the encrypted message is sent to a receiving end through a link layer, and the receiving end decrypts the received message by utilizing a public key.
The trusted management system is deployed at the back end of the group and at the station terminal. The trusted management system controls data transmission behavior according to the whitelist. For the data sending behavior, the data transmission white list comprises a sending target ip, a sending target port and a local sending port. For data reception behavior, the data transmission whitelist includes a message source ip and a local reception port. The unregistered sender and receiver related messages are discarded. The trusted management system is also deployed on a trusted switch of the link layer for generating a trusted verification root and verifying a trusted chain.
The trusted switch in the link layer is provided with a trusted chip, the trusted chip is internally provided with a unique 6-byte id determined by delivery, a message format is designed for a message in the link layer, and a link node record field is added on the basis of a PPP point-to-point protocol so as to ensure a trusted chain of current communication. Specifically, when a trusted switch in a link layer receives a message, extracting end node information of a link node record field in the message, and verifying whether the end node information is matched with the last trusted switch; discarding the message when the information is not matched; and when the information is matched, adding a digital signature generated according to the message content at the tail end of the link node record field, and transmitting the digital signature to the next link layer node, namely the next trusted switch. For the next link layer node selection, a trusted switch with a trusted chip code registered in a private network is selected, for the switch of a receiving terminal, each link node information in the message is verified one by one and compared with a white list to judge whether the transmission process of the message in the link layer is trusted or not, and when the transmission process of the message in the link layer is trusted, the message is analyzed.
Example two
A computer device comprising a memory, a processor and a computer program stored in the memory and executable on the processor, the processor implementing the steps of the method for secure transmission of trusted dynamic data when the computer program is executed.
Example III
A computer readable storage medium storing a computer program which when executed by a processor performs the steps of a method of secure transmission of trusted dynamic data.
Finally, it should be noted that: the above embodiments are only for illustrating the technical aspects of the present invention and not for limiting the same, and although the present invention has been described in detail with reference to the above embodiments, it should be understood by those of ordinary skill in the art that: modifications and equivalents may be made to the specific embodiments of the invention without departing from the spirit and scope of the invention, which is intended to be covered by the claims.
Claims (8)
1. A secure transmission method of trusted dynamic data, comprising: the sending end reads the encryption algorithm in the encryption module of the trusted chip, generates a trusted root for the message sent at this time according to the encryption algorithm in the encryption module, adds the trusted root to the end of the message, and sends the message to the receiving end after carrying out trusted chain verification through a trusted switch in a link layer.
2. The method for secure transmission of trusted dynamic data according to claim 1, comprising the specific steps of:
the method comprises the steps that a transmitting end configures a trusted chip, an encryption module is arranged in a fixed area of the trusted chip, the transmitting end generates a trusted root by utilizing an encryption algorithm in the encryption module, the trusted root is added to the end of a message, and then the trusted root is transmitted to a trusted switch in a link layer;
the trusted switch verifies the trusted root at the end of the message, and when the trusted root passes verification, a digital signature is generated according to an encryption algorithm and a unique id stored by a trusted chip on the trusted switch, and the digital signature is attached to the end of the message and then sent to the next trusted switch of a link layer; discarding the message when the verification fails;
and the receiving end receives the message sent by the last trusted switch in the link layer and decrypts the received message.
3. The secure transmission method of trusted dynamic data according to claim 2, wherein the link layer comprises a plurality of trusted switches, wherein the trusted chip on each trusted switch stores an encryption algorithm and a unique id, and each trusted switch notifies its connected trusted switch of its own id.
4. The method for securely transmitting trusted dynamic data according to claim 2, wherein the link layer uses PPP point-to-point protocols with added link node record fields for communication between each trusted switch, between the trusted switch and the receiving end, and between the trusted switch and the transmitting end.
5. The secure transmission method of trusted dynamic data according to claim 2, wherein the specific process of receiving the message sent by the last trusted switch in the link layer by the receiving end and decrypting the received message is as follows:
the receiving end receives the message sent by the last trusted exchanger in the link layer, decrypts the received message, verifies the digital signature of the tail end of the message, and discards the message when the verification fails.
6. The secure transmission method of trusted dynamic data according to claim 1, wherein the sender calculates a digest result of the message by using a digest algorithm, encrypts the digest result by using a public key and an encryption algorithm to generate a digital signature, and uses the digital signature as a trusted root.
7. Computer device comprising a memory, a processor and a computer program stored in the memory and executable on the processor, characterized in that the processor implements the steps of the method for secure transmission of trusted dynamic data according to any one of claims 1-6 when the computer program is executed by the processor.
8. A computer readable storage medium storing a computer program, characterized in that the computer program when executed by a processor implements the steps of the secure transmission method of trusted dynamic data according to any one of claims 1-6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410010603.3A CN117640089A (en) | 2024-01-03 | 2024-01-03 | Secure transmission method, device and storage medium for trusted dynamic data |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410010603.3A CN117640089A (en) | 2024-01-03 | 2024-01-03 | Secure transmission method, device and storage medium for trusted dynamic data |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117640089A true CN117640089A (en) | 2024-03-01 |
Family
ID=90020123
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202410010603.3A Pending CN117640089A (en) | 2024-01-03 | 2024-01-03 | Secure transmission method, device and storage medium for trusted dynamic data |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117640089A (en) |
-
2024
- 2024-01-03 CN CN202410010603.3A patent/CN117640089A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102577462B (en) | Methods and apparatus for deriving, communicating and/or verifying ownership of expressions | |
| CN104518864B (en) | Utilize segmentation and then power line communication (PLC) network node of encryption safe | |
| CN102724207B (en) | Method and device for transmitting/processing service request, client end and service end | |
| CN108391238A (en) | Wireless MESH network matches network method | |
| CN102474724A (en) | Method for securely broadcasting sensitive data in a wireless network | |
| US11558361B2 (en) | Communication method between mesh network and cloud server, mesh network system and node device thereof | |
| CN102377571A (en) | Method and system for implementing IEC104 message transmission | |
| US20120011566A1 (en) | System and method for sensor network authentication based on xor chain | |
| CN104836784A (en) | Information processing method, client, and server | |
| CN115208924B (en) | Internet of things data acquisition method and device based on unmanned aerial vehicle | |
| CN115396177A (en) | Encrypted communication method for realizing efficient communication of web end based on WASM | |
| CN103874059A (en) | Method, device and system for message processing | |
| CN104769907A (en) | Apparatus and method for transmitting data | |
| CN117098123B (en) | Quantum key-based Beidou short message encryption communication system | |
| CN112512064B (en) | Wireless distribution network method, wireless gateway and equipment to be accessed | |
| CN117098120A (en) | Beidou short message data encryption and decryption method, equipment and storage medium | |
| CN117640089A (en) | Secure transmission method, device and storage medium for trusted dynamic data | |
| CN107040921B (en) | Short message encryption system based on point-to-point | |
| CN114025346B (en) | Data transmission method for data security and effectiveness between mobile self-setting networks | |
| CN113271586B (en) | Power equipment body area network safety communication method and system and storage medium | |
| Veeramallu et al. | Confidentiality in wireless sensor networks | |
| CN114374550A (en) | Electric power measurement platform that possesses high security | |
| CN101877693A (en) | Method, device and system for obtaining public key | |
| CN111818521A (en) | Authority authentication method and system based on data center 5G network encryption multicast | |
| JP5664104B2 (en) | COMMUNICATION SYSTEM, COMMUNICATION DEVICE, AND PROGRAM |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |