CN117640261A - Data transmission method, data transfer device, data management equipment and system - Google Patents
Data transmission method, data transfer device, data management equipment and system Download PDFInfo
- Publication number
- CN117640261A CN117640261A CN202410109424.5A CN202410109424A CN117640261A CN 117640261 A CN117640261 A CN 117640261A CN 202410109424 A CN202410109424 A CN 202410109424A CN 117640261 A CN117640261 A CN 117640261A
- Authority
- CN
- China
- Prior art keywords
- data
- data management
- transfer device
- transmitted
- industrial control
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000013523 data management Methods 0.000 title claims abstract description 275
- 238000012546 transfer Methods 0.000 title claims abstract description 188
- 238000000034 method Methods 0.000 title claims abstract description 87
- 230000005540 biological transmission Effects 0.000 title claims abstract description 86
- 238000004891 communication Methods 0.000 claims abstract description 70
- 230000004044 response Effects 0.000 claims abstract description 22
- 238000013475 authorization Methods 0.000 claims description 72
- 238000003032 molecular docking Methods 0.000 claims description 50
- 238000012545 processing Methods 0.000 claims description 23
- 230000008569 process Effects 0.000 description 10
- 238000003860 storage Methods 0.000 description 5
- 230000009977 dual effect Effects 0.000 description 4
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 238000010586 diagram Methods 0.000 description 3
- 230000000694 effects Effects 0.000 description 3
- 230000003993 interaction Effects 0.000 description 3
- 238000012544 monitoring process Methods 0.000 description 3
- 238000009825 accumulation Methods 0.000 description 2
- 210000001503 joint Anatomy 0.000 description 2
- 238000007726 management method Methods 0.000 description 2
- 238000004519 manufacturing process Methods 0.000 description 2
- 230000009466 transformation Effects 0.000 description 2
- 230000009471 action Effects 0.000 description 1
- 230000006978 adaptation Effects 0.000 description 1
- 238000012937 correction Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000009826 distribution Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000013519 translation Methods 0.000 description 1
Classifications
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02P—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
- Y02P90/00—Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
- Y02P90/02—Total factory control, e.g. smart factories, flexible manufacturing systems [FMS] or integrated manufacturing systems [IMS]
Abstract
The application discloses a data transmission method, a data transfer device, a data management device and a system, wherein the data transmission method is applied to the data transfer device, the data transfer device is used for connecting industrial control equipment and the data management device to realize data transmission between the industrial control equipment and the data management device, and the data transmission method comprises the following steps: receiving data to be transmitted; responding to the data to be transmitted sent by the industrial control equipment, and sending a communication request to the data management equipment; encrypting data to be transmitted based on a random key received from the data management device to obtain encrypted data, wherein the random key is a key generated by the data management device in response to a communication request; the encrypted data is sent to the data management device so that the data management device decrypts the encrypted data by using a decryption key corresponding to the random key to obtain data to be transmitted. By the scheme, the reliability of data transmission can be improved.
Description
Technical Field
The present invention relates to the field of data transmission, and in particular, to a data transmission method, a data transfer device, a data management device, and a system.
Background
The nature of encryption and decryption of symmetry results in the transmission data being directionally collected during transmission: if the command is a start control command, a shutdown control command and the like, an attacker can obtain a specified effect without decoding and redialing the command, and the command is easy to be attacked maliciously in the process of equipment production and data interaction.
Disclosure of Invention
The application provides at least one data transmission method, a data transfer device, data management equipment and a system.
The application provides a data transmission method, which is applied to a data transfer device, wherein the data transfer device is used for connecting industrial control equipment and data management equipment to realize data transmission between the industrial control equipment and the data management equipment, and the data transmission method comprises the following steps: receiving data to be transmitted; responding to the data to be transmitted sent by the industrial control equipment, and sending a communication request to the data management equipment; encrypting data to be transmitted based on a random key received from the data management device to obtain encrypted data, wherein the random key is a key generated by the data management device in response to a communication request; the encrypted data is sent to the data management device so that the data management device decrypts the encrypted data by using a decryption key corresponding to the random key to obtain data to be transmitted.
In the above scheme, after receiving the data to be transmitted sent by the industrial control equipment, the data transfer device sends a communication request to the data management equipment, after receiving the communication request, the data management equipment sends the generated random key to the data transfer device, the data transfer device encrypts the data to be transmitted according to the random key sent by the data management equipment, and then the data management equipment can decrypt according to the generated decryption key corresponding to the random key after receiving the encrypted data, so as to obtain the data to be transmitted.
In some embodiments, the method further comprises: receiving and storing an authorization code sent by data management equipment, wherein the authorization code is a fixed key which needs to be used in each data transmission process; encrypting data to be transmitted based on a random key received from a data management device to obtain encrypted data, comprising: determining a target key based on the random key and the authorization code; and encrypting the data to be transmitted by using the target key to obtain encrypted data.
In the scheme, the authorization code sent by the data management equipment is received, the target key is determined through combination between the authorization code and the random key in each data transmission process, and then the target key is used for encrypting the data to be transmitted.
In some embodiments, before receiving and saving the authorization code sent by the data management device, the method further comprises: receiving a docking broadcast of the data management device, wherein the docking broadcast is sent when the data management device is on line; in response to the docking broadcast, a docking request is sent to the data management device, such that the data management device sends an authorization code based on the docking request.
In the scheme, when the data management equipment is on line, the docking broadcast is sent to the data transfer device, so that the data transfer device can send a docking request to the data management equipment to obtain the authorization code sent by the data management equipment, and the authorization code is not required to be sent to the data management equipment again in the subsequent data transmission process.
In some embodiments, the method further comprises: in response to the data to be transmitted being an industrial control instruction sent by the data management equipment, determining whether the data management equipment has record information in the data transfer device, wherein the record information comprises an authorization code sent by the data management equipment and/or identification information of the data management equipment; and determining that the data management equipment has record information in the data transfer device, and sending the data to be transmitted to the industrial control equipment.
In the above scheme, after receiving the data to be transmitted sent by the data management device, whether the data management device has the record information in the data transfer device is judged, and the data to be transmitted is sent to the industrial control device only when the record information is present, so that other devices can be prevented from sending attack instructions to the industrial control device to threaten the industrial control device.
In some embodiments, the method further comprises: determining that the data management device does not have record information in the data transfer device, and executing at least one of the following steps: discarding data to be transmitted and executing preset alarm processing.
In the above scheme, in order to prevent other devices from threatening the industrial control device, after receiving the industrial control instruction sent by the data management device without the recording information, the industrial control instruction is discarded or alarm processing can be executed to remind the user that the data management device records in the data transfer device or remind the user that other devices attack the industrial control device.
In some embodiments, before determining whether the data management apparatus has the docket information in the data relay device, the method further comprises: judging whether the data management equipment and the data transfer device are in the same network domain or not; in response to the data management device and the data transfer device being within the same network domain, the step of determining whether the data management device has record information in the data transfer device is performed.
In the above scheme, by judging whether the data management device for sending the data to be transmitted and the data transfer device are in the same network domain, if the data management device is not in the same network domain, the data management device is not likely to be the recording device, the data to be transmitted is not forwarded to the industrial control device, if the data management device is in the same network domain, the data management device is likely to be the recording device, whether the recording information exists in the data transfer device can be further judged, and the reliability of data transmission is improved.
In some embodiments, after receiving the data to be transmitted, the method further comprises: storing data to be transmitted into a data register in a data transferring device; the source of each data to be transmitted in the data register is sequentially determined, and the source is industrial control equipment or data management equipment.
In the scheme, the data to be transmitted is stored in the data transfer device, and then the data sources in the data register are judged in sequence, so that confusion of the data transfer device caused by accumulation of the data to be transmitted can be reduced.
The application also provides a data transmission method, the data transmission method is applied to the data management equipment, the data management equipment is connected with the industrial control equipment through the data transfer device, and the data transmission method comprises the following steps: generating a key pair in response to a communication request received from the data transfer device, the key pair including a random key and a decryption key corresponding to the random key; sending a random key to a data transfer device; receiving encrypted data sent by a data transfer device; and decrypting the encrypted data by using the decryption key to obtain the data to be transmitted sent by the industrial control equipment.
In the above scheme, after receiving the data to be transmitted sent by the industrial control equipment, the data transfer device sends a communication request to the data management equipment, after receiving the communication request, the data management equipment sends the generated random key to the data transfer device, the data transfer device encrypts the data to be transmitted according to the random key sent by the data management equipment, and then the data management equipment can decrypt according to the generated decryption key corresponding to the random key after receiving the encrypted data, so as to obtain the data to be transmitted.
In some embodiments, after decrypting the encrypted data using the decryption key, the method further comprises: the decryption key is discarded.
In the above scheme, by deleting the decryption key corresponding to the random key after decrypting the encrypted data, the risk caused by redial can be reduced if events such as replay occur later because the decryption key is not present.
In some embodiments, the method further comprises: transmitting an authorization code to the data transfer device; decrypting the encrypted data by using the decryption key to obtain data to be transmitted sent by the industrial control equipment, wherein the method comprises the following steps: and decrypting the encrypted data by combining the authorization code and the decryption key to obtain the data to be transmitted.
In the scheme, the authorization code is sent to the data transfer device, the target key is determined through combination between the authorization code and the random key in each data transmission process, and then the target key is used for encrypting the data to be transmitted.
In some embodiments, transmitting the authorization code to the data transfer device includes: transmitting a docking broadcast in response to the data management device being on-line; receiving a docking request sent by a data transfer device, wherein the docking request is sent by the data transfer device in response to docking broadcast; in response to the docking request, an authorization code is sent to the data transfer device.
In the scheme, when the data management equipment is on line, the docking broadcast is sent to the data transfer device, so that the data transfer device can send a docking request to the data management equipment to obtain the authorization code sent by the data management equipment, and the authorization code is not required to be sent to the data management equipment again in the subsequent data transmission process.
The application also provides a data transfer device, which comprises a first memory and a first processor, wherein the first processor is used for executing program instructions stored in the first memory so as to realize any data transmission method applied to the data transfer device.
In the above scheme, after receiving the data to be transmitted sent by the industrial control equipment, the data transfer device sends a communication request to the data management equipment, after receiving the communication request, the data management equipment sends the generated random key to the data transfer device, the data transfer device encrypts the data to be transmitted according to the random key sent by the data management equipment, and then the data management equipment can decrypt according to the generated decryption key corresponding to the random key after receiving the encrypted data, so as to obtain the data to be transmitted.
In some embodiments, the data transfer device includes a plurality of data interfaces, each for connecting with an industrial control device.
In the above scheme, the data transfer device can realize communication between the data management equipment and the plurality of industrial control equipment by providing a plurality of data interfaces.
The application also provides a data management device, which comprises a second memory and a second processor, wherein the second processor is used for executing program instructions stored in the second memory so as to realize any data transmission method applied to the data management device.
In the above scheme, after receiving the data to be transmitted sent by the industrial control equipment, the data transfer device sends a communication request to the data management equipment, after receiving the communication request, the data management equipment sends the generated random key to the data transfer device, the data transfer device encrypts the data to be transmitted according to the random key sent by the data management equipment, and then the data management equipment can decrypt according to the generated decryption key corresponding to the random key after receiving the encrypted data, so as to obtain the data to be transmitted.
The application also provides a data transmission system, which comprises industrial control equipment, any one of the data management equipment and any one of the data transfer devices; the data transfer device is respectively connected with the data management equipment and the industrial control equipment to realize data transmission between the industrial control equipment and the data management equipment.
In the above scheme, after receiving the data to be transmitted sent by the industrial control equipment, the data transfer device sends a communication request to the data management equipment, after receiving the communication request, the data management equipment sends the generated random key to the data transfer device, the data transfer device encrypts the data to be transmitted according to the random key sent by the data management equipment, and then the data management equipment can decrypt according to the generated decryption key corresponding to the random key after receiving the encrypted data, so as to obtain the data to be transmitted.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the application.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the application and, together with the description, serve to explain the technical aspects of the application.
Fig. 1 is a flow chart of a data transmission method according to some embodiments of the present application;
FIG. 2 is a flow chart of another data transmission method according to some embodiments of the present application;
fig. 3 is a schematic structural diagram of an embodiment of a data transmission device according to some embodiments of the present application;
FIG. 4 is a schematic diagram of an embodiment of a data management device according to some embodiments of the present application;
fig. 5 is a schematic structural diagram of an embodiment of a data transmission system according to some embodiments of the present application.
Detailed Description
The following describes the embodiments of the present application in detail with reference to the drawings.
In the following description, for purposes of explanation and not limitation, specific details are set forth such as the particular sub-system architecture, interfaces, techniques, etc., in order to provide a thorough understanding of the present application.
The term "and/or" is herein merely an association relationship describing an associated object, meaning that there may be three relationships, e.g., a and/or B, may represent: a exists alone, A and B exist together, and B exists alone. In addition, the character "/" herein generally indicates that the front and rear associated objects are an "or" relationship. Further, "a plurality" herein means two or more than two. In addition, the term "at least one" herein means any one of a plurality or any combination of at least two of a plurality, for example, including at least one of A, B, C, and may mean including any one or more elements selected from the group consisting of A, B and C.
With the development of network technology, the network environment is more and more open, and the requirement for network security reaches an unprecedented height. The current symmetric encryption and decryption properties lead to directional acquisition of transmission data in the transmission process: if the command is a start control command, a shutdown control command and the like, an attacker can obtain a specified effect without decoding and redialing the command, and the command is easy to be attacked maliciously in the process of equipment production and data interaction. The data sent by the industrial control device to the data management device may be redialed to cause accidents.
In order to solve the technical problem, the data transfer device is arranged between the data management equipment and the industrial control equipment, and after the received data to be transmitted is determined to be transmitted by the industrial control equipment, the data transfer device transmits a communication request to the data management equipment and encrypts the data to be transmitted according to the random key transmitted by the data management equipment, and the fixed key is not used for encryption, so that threat caused by redial can be reduced, and the reliability of data transmission is improved.
Referring to fig. 1, the present application provides a data transmission method, which is applied to a data transfer device, where the data transfer device is used to connect an industrial control device and a data management device to implement data transmission between the industrial control device and the data management device, and the data transmission method provided by the present application may include the following contents from step S11 to step S14. Step S11: receiving data to be transmitted; step S12: responding to the data to be transmitted sent by the industrial control equipment, and sending a communication request to the data management equipment; step S13: the data to be transmitted is encrypted based on the random key received from the data management device to obtain encrypted data. The random key is a key generated by the data management device in response to the communication request; step S14: the encrypted data is sent to the data management device so that the data management device decrypts the encrypted data by using a decryption key corresponding to the random key to obtain data to be transmitted.
The data transfer means may be an adapter or other network intermediary, etc. In some application scenarios, the industrial control device (Industrial Control Equipment) refers to electronic devices and systems which are specially applied to the field of industrial automation control, and is mainly used for monitoring and managing industrial automation control systems and processes, so as to realize the automation, intelligent control and management of industrial equipment. Illustratively, industrial control devices typically include an overall device system of various sensors, actuators, controllers, industrial computers, and the like. The data management equipment can realize the control and management of the industrial control equipment under the connection of the data transfer device, and achieves the effects of remote monitoring and remote control. In some application scenarios, the industrial control device may be an industrial device, for example, a device that performs a preset action on an industrial pipeline, or the industrial control device may also be another device that needs to be used, and the type of the industrial control device is not specifically limited herein. The data management device may be a device or system for remote monitoring or remote control of an industrial control device. The communication connection mode between the data transfer device and the industrial control equipment can be wired connection and wireless connection, the communication connection mode between the data transfer device and the data management equipment can be wired connection and wireless connection, and the scheme takes the communication connection mode between the data transfer device and the industrial control equipment as an example and takes the communication connection mode between the data transfer device and the data management equipment as an example.
The data to be transmitted received by the data transfer device can be sent by the data management equipment or the industrial control equipment. The communication request can carry information such as an identifier of the data transfer device, so that the data management equipment can conveniently send the generated random key to the data transfer device, and record the corresponding relation between the decryption key corresponding to the random key and the data transfer device, so that after the encrypted data sent by the data transfer device is received, the encrypted data is decrypted by using the decryption key. After the data transfer device receives the random key, the method of decrypting the data to be transmitted by using the random key may be directly encrypting the data to be transmitted by using the random key or processing the random key, and encrypting the data to be transmitted by using the processed key. The decryption key corresponding to the random key may be the same key or different keys. Optionally, the random key is different within a preset time period. The length of the preset time period can be customized. That is, the random keys transmitted to the data relay device by the data management apparatus at different times during the preset time period are different.
In the above scheme, after receiving the data to be transmitted sent by the industrial control equipment, the data transfer device sends a communication request to the data management equipment, after receiving the communication request, the data management equipment sends the generated random key to the data transfer device, the data transfer device encrypts the data to be transmitted according to the random key sent by the data management equipment, and then the data management equipment can decrypt according to the generated decryption key corresponding to the random key after receiving the encrypted data, so as to obtain the data to be transmitted.
In some embodiments, the method further comprises: receiving and storing an authorization code sent by data management equipment, wherein the authorization code is a fixed key which needs to be used in each data transmission process; encrypting data to be transmitted based on a random key received from a data management device to obtain encrypted data, comprising: determining a target key based on the random key and the authorization code; and encrypting the data to be transmitted by using the target key to obtain encrypted data.
The authorization code may be considered as a fixed key that needs to be used each time the data transfer device transmits data to the data management apparatus. The method for determining the target key based on the random key and the authorization code may be to directly splice the random key and the authorization code to obtain the target key, or to extract a random number from the random key and the authorization code and combine the extracted random number to obtain the target key, or other methods for obtaining the target key by combining the authorization code and the random key are numerous, which are not limited herein. The method of encrypting the data to be transmitted by using the target key may also be a method of encrypting the data to be transmitted by using RSA encryption.
In the scheme, the authorization code sent by the data management equipment is received, the target key is determined through combination between the authorization code and the random key in each data transmission process, and then the target key is used for encrypting the data to be transmitted.
In some embodiments, before receiving and saving the authorization code sent by the data management device, the method further comprises: receiving a docking broadcast of the data management device, wherein the docking broadcast is sent when the data management device is on line; in response to the docking broadcast, a docking request is sent to the data management device, such that the data management device sends an authorization code based on the docking request.
The data transfer device receives the docking broadcast, and can send a docking request to the data management device based on the docking broadcast. The docking request can also carry the identification of the data transfer device, so that the data management equipment can record the data transfer device for establishing the docking conveniently.
In the scheme, when the data management equipment is on line, the docking broadcast is sent to the data transfer device, so that the data transfer device can send a docking request to the data management equipment to obtain the authorization code sent by the data management equipment, and the authorization code is not required to be sent to the data management equipment again in the subsequent data transmission process.
In some embodiments, the data transmission method further comprises: and responding to the to-be-transmitted data to be an industrial control instruction sent by the data management equipment, and determining whether the data management equipment has record information in the data transfer device. The proposal information comprises an authorization code sent by the data management equipment and/or identification information of the data management equipment. Then, it is determined that the data management device has record information in the data transfer device, and the data to be transmitted is sent to the industrial control device.
The data to be transmitted sent by the industrial control equipment can be industrial control data, namely data generated or detected by the industrial control equipment in the working process. The industrial control instruction sent by the data management equipment can control the industrial control equipment to execute corresponding operation to obtain corresponding industrial control data. The record information may be an authorization code or identification information of the data management device recorded during the docking of the data transfer device with the data management device. For example, if the authorization code sent by the data management device exists in the data transfer device, the data management device is considered to have record information, or the data transfer device has the identification of the data management device, and the data management device is considered to have record information in the data transfer device.
In the above scheme, after receiving the data to be transmitted sent by the data management device, whether the data management device has the record information in the data transfer device is judged, and the data to be transmitted is sent to the industrial control device only when the record information is present, so that other devices can be prevented from sending attack instructions to the industrial control device to threaten the industrial control device.
In some embodiments, the method further comprises: determining that the data management device does not have record information in the data transfer device, and executing at least one of the following steps: discarding data to be transmitted and executing preset alarm processing.
If it is determined that the data management device does not have the record information in the data transfer device, if the received industrial control instruction is transmitted to the industrial control device, threat is likely to be caused to the industrial control device, and the working stability of the industrial control device is damaged. In order to reduce the occurrence of the problem, the application can discard the data to be transmitted sent by the data management device and can execute preset alarm processing under the condition that the data management device is determined to have no record information. The preset alarm processing may be sending alarm information to a preset receiver, where the alarm information may carry one or more of a network address of the data management device, an identifier of the industrial control device, data to be transmitted, an identifier of a data transferring device, and an identifier of the industrial control device. That is, the data transfer device may store an identification of the industrial control device connected to the data transfer device. Of course, in other embodiments, it may be determined that the data management device does not have the record information in the data forwarding device, and other feasible execution operations may also be executed, which is not limited herein specifically.
In the above scheme, in order to prevent other devices from threatening the industrial control device, after receiving the industrial control instruction sent by the data management device without the recording information, the industrial control instruction is discarded or alarm processing can be executed to remind the user that the data management device records in the data transfer device or remind the user that other devices attack the industrial control device.
In some embodiments, before determining whether the data management device has the record information in the data relay device, the data transmission method further includes: and judging whether the data management equipment and the data transfer device are in the same network domain. In response to the data management device and the data transfer device being within the same network domain, the step of determining whether the data management device has record information in the data transfer device is performed.
The network domain may be a local area network. Being within the same network domain may be considered to be within the same local area network. The method for determining whether the data management device and the data transfer device are in the same network domain may be determined by determining ip addresses of the data management device and the data transfer device, or in other embodiments, may also be determined according to whether a router connected to the data management device and the data transfer device is the same router, which is not limited herein specifically. If the data management device and the data transfer device are not in the same local area network, at least one of the following steps may be directly executed: discarding data to be transmitted and executing preset alarm processing.
In the above scheme, by judging whether the data management device for sending the data to be transmitted and the data transfer device are in the same network domain, if the data management device is not in the same network domain, the data management device is not likely to be the recording device, the data to be transmitted is not forwarded to the industrial control device, if the data management device is in the same network domain, the data management device is likely to be the recording device, whether the recording information exists in the data transfer device can be further judged, and the reliability of data transmission is improved.
In some embodiments, after receiving the data to be transmitted, the data transmission method further comprises: and storing the data to be transmitted into a data register in the data transferring device. The source of each data to be transmitted in the data register is determined sequentially. The source of the data to be transmitted is industrial control equipment or data management equipment.
Registers may be considered as memory elements of limited memory capacity that may be used to temporarily store data such as instructions, data, and addresses. The manner of determining the source of the data to be transmitted may be determined according to the structure of the data to be transmitted. The data to be transmitted sent by the industrial control device is typically industrial control data, the data sent by the data management device is typically an industrial control instruction, and the data structures of the industrial control data and the industrial control instruction are typically different, so that whether the data to be transmitted comes from the data management device or comes from the industrial control device can be determined according to the data structures.
In the scheme, the data to be transmitted is stored in the data transfer device, and then the data sources in the data register are judged in sequence, so that confusion of the data transfer device caused by accumulation of the data to be transmitted can be reduced.
Optionally, the data to be transmitted sent to the data transfer device by the industrial control device may encrypt the data, where the data transfer device decrypts the received encrypted data by using a pre-stored decryption key after receiving the encrypted data from the industrial control device, and then encrypts the data by using a random key or a target key obtained based on the random key and the authorization code, and sends the encrypted data to the data management device.
In some embodiments, the data relay device (not shown) may include a logic processing chip, a register, a dual-side communication circuit, and an industrial control device-side communication circuit. The logic processing chip is respectively connected with the register, the dual-end communication circuit and the industrial control equipment end communication circuit. The logic processing chip can be used for performing logic processing of decrypting and/or encrypting, data registering and the like on data to be transmitted. The data register may be used to buffer data during data interactions, such as keys, data, etc. during data transmission. The dual-end communication circuit can be used for realizing communication with the data management equipment, and the industrial control equipment end communication circuit can be used for realizing communication with the industrial control equipment.
In some embodiments, the data transfer device includes a device housing, and the dual-end communication circuit includes a credential transceiver, where the credential transceiver is used to control a transmit-receive authority of data of the data management device, and only data to be transmitted sent by the data management device that is in the same network domain as the data transfer device can be received by the data transfer device. The logic processing chip comprises a data source judging program, and the data source judging program can judge that the data comes from the data management equipment or the industrial control equipment according to the data structure of the data to be transmitted. In some application scenarios, the data to be transmitted may further include a destination address, where the destination address may be a communication address of the data management device. The logic processing chip can also comprise a communication authorization program, and the communication authorization program can send a communication request to the corresponding data management device according to the data source and the target address of the data to be transmitted and receive the random key returned by the data management device. The logic processing chip can also comprise a data encryption program, the data to be transmitted from the industrial control equipment is encrypted according to the received random key and the authorization code stored in the butt joint process and then sent to the dual-end communication circuit, and then the dual-end communication circuit sends the encrypted data to the corresponding data management equipment. The logic processing chip also comprises a data decryption program. In some application scenarios, the data to be transmitted sent to the data transfer device by the data management device is encrypted data, and the data decryption program in the data transfer device can use RSA to symmetrically decrypt the encrypted data according to the authorization code, where if decryption can be performed or the decryption is successful, the data management device is considered to have record information, the decrypted data is sent to the communication circuit of the industrial control device side, and the communication circuit of the industrial control device side sends the data to the industrial control device. In other application scenarios, the data decryption program may decrypt the encrypted data by using RSA symmetry according to the authorization code, and then encrypt the data by using RSA symmetry encryption according to the authorization code, and then send the encrypted data to the industrial control device, where the industrial control device performs the corresponding industrial control operation after decrypting the encrypted data.
In the data transmission process, whether the data management equipment has a record, namely whether the data management equipment has authorization or not, and the like can be judged through a dual mechanism between the data transfer device and the data management equipment. Wherein in a network deployment, multiple data relay devices may be used. The data transfer devices can be the same and independent, or the data transfer devices can be connected, so that one data management device is connected with the industrial control device through one or more data transfer devices.
Each data transfer device may be a master device or a passive device. The main control device can select to release all data to be transmitted, or encrypt only the data to be transmitted sent to the specific data management device, or encrypt and decrypt only the industrial control instruction sent by the specific data management device. The passive device may be understood as a data transfer device that receives only the industrial control instructions sent by the data management device. The data transfer device provided by the application can realize efficient and low-cost deployment, namely network expansion and plug and play. The data transfer device can encrypt fixed industrial control commands or data, and the secret keys of each time are obtained and filled in pairs. Therefore, when the encrypted message is redialed for the second time, the validity is lost due to the fact that the secret key record is lost.
In addition, the data transfer device belongs to the network transmission intermediate equipment, and can encrypt the data to be transmitted after analyzing the data to be transmitted originally through acquisition and translation of the data to be transmitted, and send the encrypted data to the designated data management equipment. According to the data transfer device, the data management equipment or the industrial control equipment does not need to be subjected to interface transformation and correction, so that the data transfer device can be well compatible with data transmission among all networking equipment, and the equipment transformation and deployment cost is reduced.
Referring to fig. 2, the present application further provides a data transmission method, where the data transmission method is applied to a data management device, the data management device is connected to an industrial control device through a data transfer device, and the data transmission method includes: step S21: a key pair is generated in response to a communication request received from a data relay device. The key pair comprises a random key and a decryption key corresponding to the random key; step S22: the random key is sent to the data relay device. Step S23: and receiving the encrypted data sent by the data transfer device. Step S24: and decrypting the encrypted data by using the decryption key to obtain the data to be transmitted sent by the industrial control equipment.
The random key may be a public key and the decryption key may be a private key. The data transfer device encrypts the data received from the industrial control equipment by using the public key and then sends the encrypted data to the data management equipment. The decryption key corresponding to the random key may be the same key or different keys. Optionally, the random key is different within a preset time period. The length of the preset time period can be customized. That is, in the preset period, the random keys sent by the data management device to the data transfer device at different times are different, and in the case that the random keys are different, the decryption keys corresponding to the random keys are also different.
In the above scheme, after receiving the data to be transmitted sent by the industrial control equipment, the data transfer device sends a communication request to the data management equipment, after receiving the communication request, the data management equipment sends the generated random key to the data transfer device, the data transfer device encrypts the data to be transmitted according to the random key sent by the data management equipment, and then the data management equipment can decrypt according to the generated decryption key corresponding to the random key after receiving the encrypted data, so as to obtain the data to be transmitted.
In some embodiments, after decrypting the encrypted data using the decryption key, the method further comprises: the decryption key is discarded.
The key pair generated in the data management device may be stored in the corresponding storage space, and discarding the decryption key may be regarded as deleting the decryption key from the storage space. After discarding the decryption key, the received redial data cannot be decrypted even if the redial exists in the data management device, so that the reliability of data transmission is improved. In other embodiments, the key pair may also be discarded directly, i.e., the random key and the decryption key.
In the above scheme, by deleting the decryption key corresponding to the random key after decrypting the encrypted data, the risk caused by redial can be reduced if events such as replay occur later because the decryption key is not present.
In some embodiments, the method further comprises: and sending the authorization code to the data transfer device. Decrypting the encrypted data by using the decryption key to obtain data to be transmitted sent by the industrial control equipment, wherein the method comprises the following steps: and decrypting the encrypted data by combining the authorization code and the decryption key to obtain the data to be transmitted.
The authorization code may be considered as a fixed key that needs to be used each time the data transfer device transmits data to the data management apparatus. The data transfer device encrypts by using the authorization code and the random key when encrypting, and the data management equipment can decrypt the encrypted data by using the authorization code and the decryption key when decrypting, so as to obtain the data to be transmitted sent by the industrial control equipment. The way of this asymmetric encryption, which is particularly encrypted with the public key and decrypted with the private key, is not particularly limited here.
In the scheme, the authorization code is sent to the data transfer device, the target key is determined through combination between the authorization code and the random key in each data transmission process, and then the target key is used for encrypting the data to be transmitted.
In some embodiments, the foregoing manner of sending the authorization code to the data relay device may be: transmitting a docking broadcast in response to the data management device being on-line; receiving a docking request sent by a data transfer device, wherein the docking request is sent by the data transfer device in response to docking broadcast; in response to the docking request, an authorization code is sent to the data transfer device.
The data transfer device receives the docking broadcast, and can send a docking request to the data management device based on the docking broadcast. The docking request can also carry the identification of the data transfer device, so that the data management equipment can record the data transfer device for establishing the docking conveniently. In the case where the data relay device includes a plurality of data relay devices, the authorization codes sent by the data management apparatus to the different data relay devices may be different, and in other embodiments, the authorization codes sent to the different data relay devices may be the same.
In the scheme, when the data management equipment is on line, the docking broadcast is sent to the data transfer device, so that the data transfer device can send a docking request to the data management equipment to obtain the authorization code sent by the data management equipment, and the authorization code is not required to be sent to the data management equipment again in the subsequent data transmission process.
In some embodiments, after receiving the data to be transmitted sent by the industrial control device, the data transfer device sends a communication request to the data management device of the address designated by the data to be transmitted, that is, performs reporting, and after determining that the data management device establishes a docking with the data transfer device before (for example, an authorization code corresponding to the data transfer device exists in the data management device), the data management device sends a random key to the data transfer device in response to the communication request. The data relay device stores the random key after receiving the random key, encrypts data to be transmitted using the random key and the authorization code, and transmits the encrypted data to the data management apparatus. After receiving the encrypted data, the data management device decrypts the encrypted data using the authorization code and the decryption key. If decryption fails, a failure log may be recorded, and if decryption succeeds, a preset subsequent process may be executed, for example, statistics is performed on the decrypted data or the decrypted data is sent to a preset receiver, or an industrial control instruction is sent to the industrial control device according to the decrypted data, so that the industrial control device executes a corresponding industrial control operation. Wherein the data management device destroys the decryption key after decryption is successful.
The communication request may be considered as a dual request, that is, may be used to request that dual transmission, that is, one-to-one transmission, be implemented between the data management device and the data relay device. The data management device responds to the dual request to generate a pair of secret key pairs, namely, a public key and a private key are generated and registered, the public key is used as a random secret key to be sent to the data transfer device, the data transfer device can conveniently encrypt the pair of data by using a dynamic public key, the data transfer device can be realized by using an asymmetric encryption algorithm such as RSA, the public key can encrypt and convert file data in the encryption process, the encrypted file data is ciphertext which can be stored or transmitted, and the reliability of data transmission is improved. The data management device decrypts and processes with the private key after receiving the encrypted number, and destroys the private key registration after the process is finished, so that the request is refused to prevent the redial because the private key is destroyed when the redial request is received.
In some application scenarios, when the data management device A1 is online, the devices such as the intra-domain data relay device B1, the data relay device C1, the data relay device D1 and the like are notified to dock through broadcasting. The data relay device B1, the data relay device C1, and the data relay device D1 request the data management apparatus A1 for the authorization code by broadcasting, and the data management apparatus A1 records and transmits the random record authorization code. The data relay device B1, the data relay device C1, and the data relay device D1 record or update the authorization code B1S, C1S, D S sent by the data management apparatus A1. And the data management equipment is online. When transmitting data, the data management apparatus A1 generates to register the public key S1 and the private key S2 upon receiving a communication request transmitted by the data relay device B1, and then transmits the public key S1 to the data relay device. The data transfer device encrypts the data using the dynamic public key S1 and the authorization code B1S and transmits the encrypted data to the data management apparatus. The data management device decrypts with the private key S2 and the authorization code B1S. The private key B1S is destroyed after the process is ended, so that the request is refused to prevent the redial since the private key is destroyed when the redial request is received.
Referring to fig. 3, the present application further provides a data transfer device, where the data transfer device includes a first memory 41 and a first processor 42, and the first processor 42 is configured to execute program instructions stored in the first memory 41, so as to implement any one of the above data transmission methods applied to the data transfer device 40.
In one particular implementation scenario, the data relay device 40 may include, but is not limited to: the adapter, computer device, electric device, microcomputer, desktop computer, server, and the data transfer device 40 may also include mobile devices such as notebook computer, tablet computer, etc., which are not limited herein. The first memory 41 may be a register or other type of memory.
In particular, the first processor 42 is adapted to control itself and the first memory 41 to implement the steps of any of the data transmission method embodiments described above. The first processor 42 may also be referred to as a CPU (Central Processing Unit ). The first processor 42 may be a logic processing chip, an integrated circuit chip, with signal processing capabilities. The first processor 42 may also be a general purpose processor, a digital signal processor (Digital Signal Processor, DSP), an application specific integrated circuit (Application Specific Integrated Circuit, ASIC), a Field programmable gate array (Field-Programmable Gate Array, FPGA) or other programmable logic device, discrete gate or transistor logic device, discrete hardware components. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. In addition, the first processor 42 may be commonly implemented by an integrated circuit chip.
In the above scheme, after receiving the data to be transmitted sent by the industrial control device, the data transfer device 40 sends a communication request to the data management device, and after receiving the communication request, the data management device sends a generated random key to the data transfer device 40, the data transfer device 40 encrypts the data to be transmitted according to the random key sent by the data management device, and then the data management device can decrypt according to the generated decryption key corresponding to the random key after receiving the encrypted data, so as to obtain the data to be transmitted.
The data relay device 40 may further include a communication circuit (not shown), for example, a dual-end communication circuit and an industrial control equipment end communication circuit. The dual-end communication circuit can be used for realizing communication with the data management equipment, and the industrial control equipment end communication circuit can be used for realizing communication with the industrial control equipment.
In some embodiments, the data relay device 40 includes a plurality of data interfaces (not shown), each of which is configured to connect to an industrial control device.
The data interface can be used for connecting the industrial control equipment communication circuit and the industrial control equipment. The data interfaces may be the same type of data interface or different types of data interface. The same type of data interface may be used for connection with the same type of industrial control device and different types of data interfaces may be used for connection with different types of industrial control devices. Because of the variety of industrial control equipment and wide distribution, the requirement of large manpower and material resources for implementing and improving the scene, and how to quickly and inexpensively deploy and improve the scene becomes a great difficulty. The device can solve the seamless butt joint of most devices through multi-interface adaptation, and realizes quick deployment.
In the above scheme, the data transfer device can realize communication between the data management equipment and the plurality of industrial control equipment by providing a plurality of data interfaces.
Referring to fig. 4, the present application further provides a data management device, where the data management device 50 includes a second memory 51 and a second processor 52, and the second processor 52 is configured to execute program instructions stored in the second memory 51, so as to implement any one of the data transmission methods applied to the data management device 50.
In one particular implementation scenario, data management device 50 may include, but is not limited to: the data management device 50 may also include, but is not limited to, a mobile device such as a notebook computer, a tablet computer, a computer device, a consumer, a microcomputer, a desktop computer, and a server.
In particular, the second processor 52 is adapted to control itself and the second memory 51 to implement the steps of any of the data transmission method embodiments described above. The second processor 52 may also be referred to as a CPU (Central Processing Unit ). The second processor 52 may be an integrated circuit chip having signal processing capabilities. The second processor 52 may also be a general purpose processor, a digital signal processor (Digital Signal Processor, DSP), an application specific integrated circuit (Application Specific Integrated Circuit, ASIC), a Field programmable gate array (Field-Programmable Gate Array, FPGA) or other programmable logic device, discrete gate or transistor logic device, discrete hardware components. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. In addition, the second processor 52 may be commonly implemented by an integrated circuit chip.
In the above scheme, after receiving the data to be transmitted sent by the industrial control device, the data transfer device sends a communication request to the data management device 50, after receiving the communication request, the data management device 50 sends a generated random key to the data transfer device, the data transfer device encrypts the data to be transmitted according to the random key sent by the data management device 50, and then the data management device 50 can decrypt the encrypted data according to the generated decryption key corresponding to the random key to obtain the data to be transmitted.
Referring to fig. 5, the present application further provides a data transmission system 60, where the data transmission system includes an industrial control device 70, any one of the data management devices 50, and any one of the data transfer devices 40; the data relay device 40 is respectively connected to the data management device 50 and the industrial control device 70 to realize data transmission between the industrial control device 70 and the data management device 50.
The number of the industrial control devices 70 in the data transmission system 60 may be plural, the number of the data transfer devices 40 may be plural, the number of the data management devices 50 may be plural, the data transfer devices 40 connected to different industrial control devices 70 may be the same or different, the data transfer devices 40 connected to the same data management device 50 may be plural, and the data management devices 50 connected to the same data transfer device 40 may be plural.
In the above scheme, after the data transfer device 40 receives the data to be transmitted sent by the industrial control device 70, a communication request is sent to the data management device 50, after the data management device 50 receives the communication request, sends a generated random key to the data transfer device 40, the data transfer device 40 encrypts the data to be transmitted according to the random key sent by the data management device 50, and then the data management device 50 can decrypt the encrypted data according to the generated decryption key corresponding to the random key to obtain the data to be transmitted.
The foregoing description of various embodiments is intended to highlight differences between the various embodiments, which may be the same or similar to each other by reference, and is not repeated herein for the sake of brevity.
In the several embodiments provided in the present application, it should be understood that the disclosed methods and apparatus may be implemented in other manners. For example, the apparatus embodiments described above are merely illustrative, e.g., the division of modules or units is merely a logical functional division, and there may be additional divisions when actually implemented, e.g., the units or components may be combined or integrated into another subsystem, or some features may be omitted or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be an indirect coupling or communication connection via some interfaces, devices or units, which may be in electrical, mechanical, or other forms.
In addition, each functional unit in each embodiment of the present application may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units may be implemented in hardware or in software functional units. The integrated units, if implemented in the form of software functional units and sold or used as stand-alone products, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application may be embodied essentially or in part or all or part of the technical solution contributing to the prior art or in the form of a software product stored in a storage medium, including several instructions to cause a computer device (which may be a personal computer, a server, or a network device, etc.) or a processor (processor) to perform all or part of the steps of the methods of the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
Claims (15)
1. A data transmission method, wherein the data transmission method is applied to a data transfer device, the data transfer device is used for connecting an industrial control device and a data management device to realize data transmission between the industrial control device and the data management device, and the data transmission method comprises:
receiving data to be transmitted;
responding to the data to be transmitted sent by the industrial control equipment, and sending a communication request to the data management equipment;
encrypting the data to be transmitted based on a random key received from the data management device to obtain encrypted data, wherein the random key is a key generated by the data management device in response to the communication request;
and sending the encrypted data to the data management equipment so that the data management equipment decrypts the encrypted data by using a decryption key corresponding to the random key to obtain the data to be transmitted.
2. The method of claim 1, wherein the data transmission method further comprises:
receiving and storing an authorization code sent by the data management equipment, wherein the authorization code is a fixed key which needs to be used in each data transmission process;
The encrypting the data to be transmitted based on the random key received from the data management device to obtain encrypted data comprises the following steps:
determining a target key based on the random key and the authorization code;
and encrypting the data to be transmitted by using the target key to obtain the encrypted data.
3. The method of claim 2, wherein prior to said receiving and saving the authorization code sent by the data management device, the data transmission method further comprises:
receiving a docking broadcast of the data management device, wherein the docking broadcast is sent when the data management device is online;
and responding to the docking broadcast, sending a docking request to the data management device so that the data management device sends the authorization code based on the docking request.
4. A method according to any one of claims 1 to 3, wherein the data transmission method further comprises:
determining whether the data management equipment has record information in the data transfer device or not according to the industrial control instruction sent by the data management equipment, wherein the record information comprises an authorization code sent by the data management equipment and/or identification information of the data management equipment;
And determining that the data management equipment has record information in the data transfer device, and sending the data to be transmitted to the industrial control equipment.
5. The method of claim 4, wherein the data transmission method further comprises:
determining that the data management device does not have record information in the data transfer device, and executing at least one of the following steps: discarding the data to be transmitted and executing preset alarm processing.
6. The method of claim 5, wherein prior to said determining whether the data management device has record information in the data relay device, the method further comprises:
judging whether the data management equipment and the data transfer device are in the same network domain or not;
and in response to the data management device and the data transfer device being in the same network domain, executing the step of determining whether the data management device has record information in the data transfer device.
7. A method according to any one of claims 1 to 3, wherein after said receiving data to be transmitted, the data transmission method further comprises:
storing the data to be transmitted into a data register in the data transfer device;
And sequentially determining the source of each data to be transmitted in the data register, wherein the source is the industrial control equipment or the data management equipment.
8. A data transmission method, wherein the data transmission method is applied to a data management device, the data management device is connected with an industrial control device through a data transfer device, and the data transmission method comprises:
generating a key pair in response to a communication request received from a data transfer device, wherein the key pair comprises a random key and a decryption key corresponding to the random key;
transmitting the random key to the data transfer device;
receiving the encrypted data sent by the data transfer device;
and decrypting the encrypted data by using the decryption key to obtain data to be transmitted sent by the industrial control equipment.
9. The method of claim 8, wherein after decrypting the encrypted data using the decryption key, the data transmission method further comprises:
discarding the decryption key.
10. The method of claim 8, wherein the data transmission method further comprises:
transmitting an authorization code to the data transfer device;
The step of decrypting the encrypted data by using the decryption key to obtain data to be transmitted sent by the industrial control equipment, comprising the following steps:
and decrypting the encrypted data by combining the authorization code and the decryption key to obtain the data to be transmitted.
11. The method of claim 10, wherein said transmitting an authorization code to the data relay device comprises:
transmitting a docking broadcast in response to the data management device being on-line;
receiving a docking request sent by the data transfer device, wherein the docking request is sent by the data transfer device in response to the docking broadcast;
and responding to the docking request, and sending the authorization code to the data transfer device.
12. A data transfer device comprising a first memory and a first processor for executing program instructions stored in the first memory to implement the data transmission method of any one of claims 1 to 7.
13. The data relay device of claim 12, wherein the data relay device comprises a plurality of data interfaces, each of the data interfaces being configured to connect to an industrial control device.
14. A data management device comprising a second memory and a second processor for executing program instructions stored in the second memory to implement the data transmission method according to any one of claims 8 to 11.
15. A data transmission system, characterized in that the data transmission system comprises an industrial control device, a data management device according to claim 14, a data transfer device according to claim 12 or 13;
the data transfer device is respectively connected with the data management equipment and the industrial control equipment to realize data transmission between the industrial control equipment and the data management equipment.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410109424.5A CN117640261A (en) | 2024-01-26 | 2024-01-26 | Data transmission method, data transfer device, data management equipment and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410109424.5A CN117640261A (en) | 2024-01-26 | 2024-01-26 | Data transmission method, data transfer device, data management equipment and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117640261A true CN117640261A (en) | 2024-03-01 |
Family
ID=90020297
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202410109424.5A Pending CN117640261A (en) | 2024-01-26 | 2024-01-26 | Data transmission method, data transfer device, data management equipment and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117640261A (en) |
Citations (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101601040A (en) * | 2006-10-24 | 2009-12-09 | 麦德爱普斯股份有限公司 | Be used for the system and method for communicating by letter based on adapter with Medical Devices |
| CN106357653A (en) * | 2016-09-27 | 2017-01-25 | 深圳市欧瑞博电子有限公司 | Control authority sharing method and system |
| CN107911370A (en) * | 2017-11-22 | 2018-04-13 | 深圳市智物联网络有限公司 | A kind of data ciphering method and device, data decryption method and device |
| CN110139273A (en) * | 2019-05-31 | 2019-08-16 | 无锡东源工业自动化有限公司 | A kind of safety encryption and system for Internet of Things wireless transmission |
| CN110519755A (en) * | 2019-09-05 | 2019-11-29 | 北京百度网讯科技有限公司 | Localization method, device, electronic equipment and storage medium |
| CN111031047A (en) * | 2019-12-16 | 2020-04-17 | 中国南方电网有限责任公司 | Device communication method, device, computer device and storage medium |
| CN111585813A (en) * | 2020-05-08 | 2020-08-25 | 武汉思普崚技术有限公司 | Management method and system of network nodes in Internet of things environment |
| CN112202754A (en) * | 2020-09-25 | 2021-01-08 | 中国建设银行股份有限公司 | Data encryption method and device, electronic equipment and storage medium |
| US20210067328A1 (en) * | 2019-08-30 | 2021-03-04 | Henry Verheyen | Secure data exchange network |
| CN112866430A (en) * | 2021-01-19 | 2021-05-28 | 北京嘀嘀无限科技发展有限公司 | Domain name filing detection system, method, apparatus, storage medium, and computer program product |
| CN115988489A (en) * | 2022-12-27 | 2023-04-18 | 成都卫士通信息产业股份有限公司 | Internet of vehicles broadcast communication key management method, device, equipment and medium |
| CN116546467A (en) * | 2023-05-26 | 2023-08-04 | 重庆长安汽车股份有限公司 | Access control method and system of vehicle-mounted equipment, storage medium and electronic device |
| US11736497B1 (en) * | 2018-03-19 | 2023-08-22 | Bedrock Automation Platforms Inc. | Cyber security platform and method |
-
2024
- 2024-01-26 CN CN202410109424.5A patent/CN117640261A/en active Pending
Patent Citations (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101601040A (en) * | 2006-10-24 | 2009-12-09 | 麦德爱普斯股份有限公司 | Be used for the system and method for communicating by letter based on adapter with Medical Devices |
| CN106357653A (en) * | 2016-09-27 | 2017-01-25 | 深圳市欧瑞博电子有限公司 | Control authority sharing method and system |
| CN107911370A (en) * | 2017-11-22 | 2018-04-13 | 深圳市智物联网络有限公司 | A kind of data ciphering method and device, data decryption method and device |
| US11736497B1 (en) * | 2018-03-19 | 2023-08-22 | Bedrock Automation Platforms Inc. | Cyber security platform and method |
| CN110139273A (en) * | 2019-05-31 | 2019-08-16 | 无锡东源工业自动化有限公司 | A kind of safety encryption and system for Internet of Things wireless transmission |
| US20210067328A1 (en) * | 2019-08-30 | 2021-03-04 | Henry Verheyen | Secure data exchange network |
| CN110519755A (en) * | 2019-09-05 | 2019-11-29 | 北京百度网讯科技有限公司 | Localization method, device, electronic equipment and storage medium |
| CN111031047A (en) * | 2019-12-16 | 2020-04-17 | 中国南方电网有限责任公司 | Device communication method, device, computer device and storage medium |
| CN111585813A (en) * | 2020-05-08 | 2020-08-25 | 武汉思普崚技术有限公司 | Management method and system of network nodes in Internet of things environment |
| CN112202754A (en) * | 2020-09-25 | 2021-01-08 | 中国建设银行股份有限公司 | Data encryption method and device, electronic equipment and storage medium |
| CN112866430A (en) * | 2021-01-19 | 2021-05-28 | 北京嘀嘀无限科技发展有限公司 | Domain name filing detection system, method, apparatus, storage medium, and computer program product |
| CN115988489A (en) * | 2022-12-27 | 2023-04-18 | 成都卫士通信息产业股份有限公司 | Internet of vehicles broadcast communication key management method, device, equipment and medium |
| CN116546467A (en) * | 2023-05-26 | 2023-08-04 | 重庆长安汽车股份有限公司 | Access control method and system of vehicle-mounted equipment, storage medium and electronic device |
Non-Patent Citations (1)
| Title |
|---|
| 钟晶;王颍凯;: "物联网安全传输协议的研究与设计", 电子产品可靠性与环境试验, no. 02, 20 April 2013 (2013-04-20) * |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11316677B2 (en) | Quantum key distribution node apparatus and method for quantum key distribution thereof | |
| CN102195957B (en) | Resource sharing method, device and system | |
| JP5607655B2 (en) | Unencrypted network operation solution | |
| US20130269032A1 (en) | Detecting Network Intrusion Using a Decoy Cryptographic Key | |
| WO2013127492A1 (en) | Content-centric networking | |
| US20090122988A1 (en) | Method and apparatus for securely registering hardware and/or software components in a computer system | |
| US11303453B2 (en) | Method for securing communication without management of states | |
| US11716367B2 (en) | Apparatus for monitoring multicast group | |
| CN114938312B (en) | Data transmission method and device | |
| CN113890730A (en) | Data transmission method and system | |
| CN114142995B (en) | Key security distribution method and device for block chain relay communication network | |
| CN103856938A (en) | Encryption and decryption method, system and device | |
| CN100596350C (en) | Method for encrypting and decrypting industrial control data | |
| CN117640261A (en) | Data transmission method, data transfer device, data management equipment and system | |
| CN114915503A (en) | Data stream splitting processing encryption method based on security chip and security chip device | |
| CN110928564B (en) | Method for safely updating application, service server, cluster and storage medium | |
| CN114143038A (en) | Key secure distribution method and device for block chain relay communication network | |
| KR101691201B1 (en) | Secure communication apparatus and method of distribute network protocol message | |
| US20150222432A1 (en) | Transmission system and transmission method | |
| KR100924951B1 (en) | Network Interworking Security Gateway Apparatus and Method | |
| US20220078138A1 (en) | Trusted remote management unit | |
| CN111147344B (en) | Virtual private network implementation method, device, equipment and medium | |
| CN116226940B (en) | PCIE-based data security processing method and data security processing system | |
| CN111431846B (en) | Data transmission method, device and system | |
| CN109257630B (en) | Data transmission system, method, device and storage medium in video-on-demand |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |