JP6730138B2 - Data decoding system and data decoding method - Google Patents

Description

The data decryption system and the data decryption method according to the present application relate to a technique of sending encrypted data at a constant cycle, reading the data at a constant cycle, and decrypting the data.

With the development of data communication technology, information leakage during communication is regarded as a problem, and various data encryption/decryption technologies have been proposed to prevent this. By the way, the data communication technology may be used for the inspection system of the piping system installed in the industrial plant. In this technology, sensors are installed everywhere in the piping system to periodically detect the condition of the piping and wirelessly transmit data. Such detection data may include confidential information that should not be known to a third party, and the sensor encrypts the detection data and transmits the encrypted data in order to prevent information leakage.

The transmitted encrypted data is received by a relay device such as a gateway, and the data is held in a memory.The encrypted data is wirelessly read by a terminal device at regular intervals and decrypted to obtain detection data. There is.

Here, depending on the data communication environment, the contents of communication data may be lost due to the influence of external factors such as the distance between communication devices and the presence of interfering radio waves. In particular, relay devices installed in various places of an industrial plant are often arranged in a wide area within the plant, and encrypted data read by a terminal is likely to be affected by external factors.

If the encrypted data is missing, proper decryption cannot be performed and decryption fails. Even if the encrypted data is not lost, the decryption process itself may fail and the decryption may fail.

In this case, if the terminal can recognize the decoding failure, it can take necessary measures, but if the format of the data is in order, it may be mistakenly recognized as successful decoding. .. For this reason, it is possible to confirm the decoding failure using an error detection code such as Check Sum or CRC, but the accuracy of the confirmation is not perfect.

It should be noted that there is a technique described in the patent document described later regarding confirmation of transmission/reception of communication data, although the technique is not related to data decoding. In this technology, when the transmitting station wirelessly transmits data to the receiving station, the same data is transmitted multiple times at regular intervals, and when the receiving station receives the same data from the transmitting station multiple times, the data is valid. It is determined and taken in.

JP 2001-292081 JP

The technique described in the above-mentioned patent document relates to confirmation of transmission/reception of communication data, and is not a technique for determining success or failure of data decoding. Further, no consideration is given to the relationship between the transmission cycle of communication data and the read cycle when decoding communication data.

Therefore, an object of the data decoding system and the data decoding method according to the present application is to provide a data decoding system and a data decoding method that can reliably determine the success or failure of the decoding.

The data decoding system according to the present application,
Sending means that encrypts data to generate encrypted data and sends out at a fixed sending cycle,
Storage means for storing the encrypted data sent by the sending means,
Reading means for reading the encrypted data stored in the storage means at a constant read cycle, decrypting the encrypted data to obtain decrypted data,
In a data decoding system equipped with
The read cycle is less than half of the send cycle,
The reading means determines that the decoding is successful when the same decoded data is continuously obtained a predetermined number of times.
It is characterized by
Further, the data decoding method according to the present application,
The detection target is detected, the detection data is acquired, the detection data is encrypted to generate encrypted data, and the encrypted data is sent at a fixed transmission cycle.
Store the sent encrypted data,
The stored encrypted data is read at a constant read cycle, and the encrypted data is decrypted to obtain decrypted data.
In the method of decrypting data including
The read cycle is less than half of the send cycle,
When the same decoded data is continuously obtained for a predetermined number of confirmation times, it is determined that the decoding is successful,
It is characterized by

In the data decoding system and the data decoding method according to the present application, the read cycle is smaller than one half of the transmission cycle, and the decoding succeeds when the same decoded data is continuously obtained for a predetermined number of confirmation times. I judge that I did.

Here, if the read cycle is equal to or more than half of the sending cycle, it may not be possible to secure reading multiple times within one sending cycle depending on the timing of sending and reading data, and the predetermined reading It is not possible to confirm the success of the decoding due to the number of confirmations and the same decoded data being continuously obtained.

In this regard, in the data decoding system and the data decoding method according to the present application, the read cycle is smaller than one half of the sending cycle, so that regardless of the timing of sending and reading the data, It is possible to always secure reading a plurality of times within the range, and it is possible to reliably determine the success or failure of decoding.

1 is a functional block diagram showing an embodiment of a data decoding system and a data decoding method according to the present application. FIG. 2A is a conceptual diagram showing the configuration of the content of the detection data detected by the sensor shown in FIG. 1, and B is a diagram showing the storage state of each data. 3 is a diagram showing a sending cycle C1 in which each sensor 5 shown in FIG. 1 sends data to the gateway 6 and a reading cycle C2 in which the terminal 8 reads data from the gateway 6. FIG.

[Explanation of Terms in Embodiment]
Main terms used in the embodiments correspond to the following components of the data decoding system and the data decoding method according to the present application, respectively.
Sensor 5... Sending means, detecting means Memory 7... Storage means Terminal 8... Reading means Sending cycle C1... Sending cycle Reading cycle C2... Reading cycle

[First Embodiment]
A first embodiment of a data decoding system and a data decoding method according to the present application will be described by taking an example of a piping system inspection system installed in an industrial plant. A large number of inspection sensors 5 shown in Fig. 1 are provided throughout the piping system of the industrial plant. Each sensor 5 periodically detects the state of the piping and wirelessly detects it toward the gateway 6. Sending data.

By the way, such detection data may include confidential information that a third party does not want to be known to the third party due to the detection process or the like. FIG. 2A is a conceptual diagram showing the structure of the content of detection data. The data D1 to D3 are public data, and the data D4 to D7 are secret data. Publishable data refers to information that has already been disclosed to a third party, or information that may be disclosed to a third party in the future, and confidential data is information that you want to conceal to a third party. Say.

The sensor 5 encrypts these detection data and generates encrypted data. In this embodiment, as an encryption method, a method is used in which public data D1 to D3 are used to generate an encryption key, and secret data is encrypted by this encryption key to generate encrypted data. Note that a predetermined encryption key generation algorithm and encryption algorithm that are set in advance can be used for generating the encryption key and the encryption data. Examples include DES, TripleDES, RC2, or Rijndael of shared key encryption method, DSA or RSA of public key encryption method.

Each sensor 5 wirelessly transmits the generated encrypted data to the gateway 6. It should be noted that each sensor 5 transmits encrypted data representing the latest state of piping at a predetermined sending cycle C1 shown in FIG. As shown in FIG. 2B, the gateway 6 stores the encrypted data D1, D2, D3, D4x, D5x, D6x, D7x in each address of the memory 7.

On the other hand, the terminal 8 wirelessly accesses the gateway 6 at a predetermined read cycle C2 shown in FIG. 3 to read and decrypt the encrypted data stored in the memory 7. At the time of decryption, first, the public data D1 to D3 are extracted, the decryption key is generated by this, and the encrypted secret data D4x to D7x are decrypted to obtain the secret data D4 to D7. When generating the decryption key, a decryption key generation algorithm corresponding to the encryption key generation algorithm used by the sensor 5 is used. For example, in the case of the common key cryptosystem, the generated decryption key can be decrypted as the common key, and in the case of the public key cryptosystem, the generated decryption key can be decrypted as the public key. As described above, the terminal 8 acquires the decoded data D1 to D7, grasps the detection data detected by the sensor 5, and recognizes the state of the pipe.

In the present embodiment, the read cycle C2 is set to one third of the sending cycle C1. Then, the terminal 8 determines that the decoding is successful when the decoded data that have been decoded are the same twice or more consecutively. If it does not continue twice or more, it is recognized that the encrypted data is missing or an error has occurred in the decryption process itself, and it is determined that the decryption has failed and the predetermined process is executed. To do. In this embodiment, this “twice” is the number of confirmations.

Here, the transmission of the encrypted data by the sensor 5 and the reading of the data by the terminal device 8 operate independently, and the timings of both are not synchronized. However, in the present embodiment, the read cycle C2 is set to one-third of the send cycle C1, so as shown in FIG. 3, the timing t1 at which the sensor 5 transmits the encrypted data and the terminal 8 Even if the timing t2 at which the data is read coincidentally with each other, it is possible to reliably ensure a plurality of (two) read processes by the terminal device 8 within the range of one sending cycle C1. ..

That is, it is possible to secure a plurality of read processes while avoiding adverse effects on the read process when the gateway 6 receives the encrypted data from the sensor 5 while the terminal 8 is executing the read process. Therefore, it is possible to always secure proper reading a plurality of times within the range of one sending cycle C1, and it is possible to reliably determine the success or failure of decoding.

In the present embodiment, an encryption key is generated using the openable data included in a group of detection data, and the secret data in the same detection data is encrypted by this, and it depends on other past detection data, for example. Since the encryption key is not generated, the loss due to loss of data during communication can be reduced. That is, in the present embodiment, it is possible to more reliably determine the success or failure of decoding while reducing the loss due to the loss of data during communication.

In the present embodiment, the read cycle C2 is set to one-third of the sending cycle C1. However, the read cycle C2 is set to one-third of the sending cycle C1 minus the time required for one read process. A cycle smaller than 1 may be set as the read cycle. As a result, when the gateway 6 receives the encrypted data from the sensor 5 during the execution of the reading process by the terminal device 8, it is possible to reliably avoid an adverse effect on the reading process.

[Second Embodiment]
Next, a second embodiment of the data decoding system and the data decoding method according to the present application will be described. In the above-described first embodiment, as shown in FIG. 3, the case where the timing t1 at which the sensor 5 transmits the encrypted data and the timing t2 at which the terminal 8 reads the data match each other is taken as an example. If the timing t1 and the timing t2 do not match, the data reading process by the terminal 8 may be executed three times within the range of one sending cycle C1. As another embodiment, when the reading cycle C2 is set to be smaller than one-third of the sending cycle C1, the data reading process by the terminal 8 is executed four times or more within one sending cycle C1. May be done.

In the present embodiment, it is assumed that the data read processing by the terminal device 8 is executed three or more times within the range of one sending cycle C1 in this manner, and the decoded data read and decoded is read twice consecutively. As described above, when the same data is obtained after the third time, if the same data is obtained, the decoding process is not performed on the data after the third time in order to improve the processing efficiency of the terminal.

To determine whether or not the acquired data is the same, data for specifying the detection data such as detection date/time data is used. The detection date/time data and the like are included in the header shown in FIG. 2A in the first embodiment.

The specific processing procedure is as follows. The terminal 8 wirelessly accesses the gateway 6 at a predetermined read cycle C2 to read the encrypted data stored in the memory 7. In this case, the terminal 8 stores the detection date/time data included in the header of the read encrypted data in the memory. Then, as in the first embodiment, it is determined that the decoding is successful when the decoded data that have been decoded are the same twice or more consecutively.

After determining that the decryption was successful, for the read encrypted data, the detection date/time data included in the header is taken out, compared with the detection date/time data of the immediately preceding encrypted data, and if they are the same, further decryption processing is performed. No decoding is performed because it is inefficient.

Then, when the encrypted data including the detection date/time data different from the detection date/time data of the immediately preceding encrypted data is acquired, it is recognized as new encrypted data and the decryption process is executed. Other configurations are similar to those of the above-described first embodiment.
[Other Embodiments]

In each of the above-described embodiments, as an encryption method, an encryption key is generated using public data, and secret data is encrypted by this encryption key to generate encrypted data. The data decryption method is not limited to this, and other encryption methods can be adopted.

Further, in each of the above-described embodiments, the example in which the reading cycle C2 is set to one third of the sending cycle C1 is shown, but as long as the reading cycle is a cycle smaller than one half of the sending cycle, , And another different cycle may be set as the read cycle.

In this case, the shorter the read cycle, the higher the accuracy of determination of success or failure of decoding. For example, if the communication environment between the sensor 5 and the gateway 6 deteriorates, the arrival of encrypted data at the gateway 6 may be delayed. In such a case, the read cycle C2 is set to 3 minutes of the transmission cycle C1. Even if it is set to 1, it may not be possible to secure reading multiple times within the range of one sending cycle C1. Therefore, it is more reliable if the read cycle C2 is set to 1/4 of the send cycle C1.
Further, in each of the above-described embodiments, the number of confirmations is two, but three or more may be used as the number of confirmations.

5: Sensor
6: Gateway
7: Memory
8: Terminal
C1: Transmission cycle
C2: Read cycle

Claims (4)

Sending means that encrypts data to generate encrypted data and sends out at a fixed sending cycle,
Storage means for storing the encrypted data sent by the sending means,
A read unit that reads the immediately preceding encrypted data stored in the storage unit at a constant read cycle and decrypts the encrypted data to obtain decrypted data.
In a data decoding system equipped with
The read cycle is less than half of the send cycle,
The reading means reads the immediately preceding encrypted data a plurality of times, and determines that the decryption is successful when the same decrypted data is obtained continuously for a predetermined number of confirmation times.
A data decoding system characterized by the above. A detection unit that detects a detection target, obtains detection data, encrypts the detection data to generate encrypted data, and sends the encrypted data at a constant transmission cycle.
Storage means for storing the encrypted data sent out by the detection means,
A read unit that reads the immediately preceding encrypted data stored in the storage unit at a constant read cycle and decrypts the encrypted data to obtain decrypted data.
In a data decoding system equipped with
The read cycle is less than half of the send cycle,
The reading means reads the immediately preceding encrypted data a plurality of times, and determines that the decryption is successful when the same decrypted data is obtained continuously for a predetermined number of confirmation times.
A data decoding system characterized by the above. Detects the detection target, obtains a group of detection data composed of openable data and secret data, encrypts the detected data using openable data to generate encrypted data, and at a fixed transmission cycle Detection means to send out,
Storage means for storing the encrypted data sent out by the detection means,
A read unit that reads the immediately preceding encrypted data stored in the storage unit at a constant read cycle and decrypts the data to obtain decrypted data,
In a data decoding system equipped with
The read cycle is less than half of the send cycle,
The reading means reads the immediately preceding encrypted data a plurality of times, and determines that the decryption is successful when the same decrypted data is obtained continuously for a predetermined number of confirmation times.
A data decoding system characterized by the above. The detection means detects the detection target, obtains the detection data, encrypts the detection data to generate encrypted data, and sends the encrypted data at a constant transmission cycle.
Storage means stores the delivery means has left the feed encrypted data,
Reading means reads the encrypted data immediately before the storage means is stored in a fixed read cycle to obtain a decoded data by decoding the encrypted data,
The reading means reads the immediately preceding encrypted data a plurality of times, and determines that the decryption is successful when the same decrypted data is obtained continuously for a predetermined number of confirmation times.
A method for decrypting data, comprising:
Read cycle is not smaller than one-half of the transmission cycle,
A method for decoding data, which is characterized in that:

Images