CN108600248B - Communication safety protection method and device - Google Patents

Communication safety protection method and device Download PDF

Info

Publication number
CN108600248B
CN108600248B CN201810419243.7A CN201810419243A CN108600248B CN 108600248 B CN108600248 B CN 108600248B CN 201810419243 A CN201810419243 A CN 201810419243A CN 108600248 B CN108600248 B CN 108600248B
Authority
CN
China
Prior art keywords
signal
rule
segmentation
signals
segment
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201810419243.7A
Other languages
Chinese (zh)
Other versions
CN108600248A (en
Inventor
林冠强
张元彦
谢炜俊
王晓光
黄俊辉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangdong Power Grid Co Ltd
Huizhou Power Supply Bureau of Guangdong Power Grid Co Ltd
Original Assignee
Guangdong Power Grid Co Ltd
Huizhou Power Supply Bureau of Guangdong Power Grid Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangdong Power Grid Co Ltd, Huizhou Power Supply Bureau of Guangdong Power Grid Co Ltd filed Critical Guangdong Power Grid Co Ltd
Priority to CN202110281576.XA priority Critical patent/CN112887336B/en
Priority to CN201810419243.7A priority patent/CN108600248B/en
Publication of CN108600248A publication Critical patent/CN108600248A/en
Application granted granted Critical
Publication of CN108600248B publication Critical patent/CN108600248B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y04INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
    • Y04SSYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
    • Y04S40/00Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
    • Y04S40/20Information technology specific aspects, e.g. CAD, simulation, modelling, system security

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Power Engineering (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Telephone Function (AREA)

Abstract

The invention provides a communication safety protection method and a device, wherein the communication safety protection method comprises the following steps: when the serial port communication is carried out with a remote terminal, a serial port analog signal sent by a modem is received; the method comprises the steps of carrying out segmentation processing on serial port analog signals according to a pre-stored segmentation rule to obtain a segmentation signal comprising a plurality of sub-segment signals, carrying out replacement processing on part of the sub-segment signals in the segmentation signal according to a pre-stored replacement rule to obtain a processed signal, and carrying out scrambling processing on the processed signal according to a pre-stored scrambling rule to obtain an encrypted signal; the encrypted signal is transmitted to the remote terminal. The communication safety protection method provided by the invention can strengthen the safety of serial port communication data, thereby improving the communication safety.

Description

Communication safety protection method and device
Technical Field
The invention relates to the technical field of communication, in particular to a communication safety protection method and device.
Background
With the rapid development of wireless communication technology, mobile broadband connection is ubiquitous, and accordingly, the security of a base station is more threatened, and the remote communication of the power dispatching master station system adopts various security protection measures, such as: the electric power encryption device for dispatching data network and the public network encryption device for outer network are all safety protection for electric power network digital signals. For analog signals to the IEC101 serial port, communication is always performed in a clear mode, and encryption protection measures for serial port data are lacked. In practice, the data transmitted by the serial port of the base station is related to the related information in the base station, and if the data is illegally acquired and utilized, a great security hole exists, and the security risk is great.
Disclosure of Invention
In view of the above problems, the present invention provides a communication security protection method and device, which can enhance the security of serial communication data, thereby improving the communication security.
In order to achieve the purpose, the invention adopts the following technical scheme:
the invention discloses a communication safety protection method in a first aspect, which comprises the following steps:
when the serial port communication is carried out with a remote terminal, a serial port analog signal sent by a modem is received;
acquiring encryption rules stored in a communication safety protection device, wherein the encryption rules comprise a segmentation rule, a replacement rule and a scrambling rule;
the serial port analog signal is subjected to segmentation processing according to a pre-stored segmentation rule to obtain a segmentation signal comprising a plurality of sub-segment signals, partial sub-segment signals in the segmentation signal are subjected to replacement processing according to a pre-stored replacement rule to obtain a processed signal, and the processed signal is subjected to scrambling processing according to a pre-stored scrambling rule to obtain an encrypted signal;
and sending the encrypted signal to the remote terminal.
As an optional implementation manner, in the first aspect, the segmenting the serial port analog signal according to a pre-stored segmentation rule to obtain a segmented signal including a plurality of sub-segment signals includes:
carrying out fast Fourier transform processing on the serial port analog signal to obtain a transform signal;
and acquiring Fourier coefficients of the transformed signals, and carrying out segmentation processing on the transformed signals according to the segmentation rule and the Fourier coefficients to obtain a segmented signal comprising a plurality of sub-segment signals.
As an optional implementation manner, in the first aspect, the performing a replacement process on part of the sub-segment signals in the one segment signal according to a pre-stored replacement rule to obtain a processed signal includes:
calculating the signal energy of each sub-segment signal in the segmented signal to obtain the signal energy of each sub-segment signal;
determining all sub-segment signals to be replaced with signal energy lower than an energy threshold in the segmented signal;
and performing replacement processing on all the subsegment signals to be replaced by using the replacement signals to obtain processing signals.
As an optional implementation manner, in the first aspect, before the receiving the serial analog signal sent by the modem, the method further includes:
judging whether an access request of a remote terminal is received, wherein the access request comprises a terminal identifier of the remote terminal;
if the access request of the remote terminal is received, judging whether the terminal identification is a legal identification;
and if the terminal identification is the legal identification, establishing communication connection with the remote terminal.
As an optional implementation manner, in the first aspect, after the establishing of the communication connection with the remote terminal and before the receiving of the serial analog signal sent by the modem, the method further includes:
adding the terminal identification into an authorization list, and generating and storing an encryption rule matched with the terminal identification, wherein the encryption rule comprises the segmentation rule, the replacement rule and the scrambling rule;
and sending the identification of the encryption rule to the remote terminal so that the remote terminal can call a decryption rule corresponding to the encryption rule from an agreed rule table stored in the remote terminal according to the identification of the encryption rule.
The second aspect of the present invention discloses a communication safety protection device, which comprises:
the receiving unit is used for receiving a serial port analog signal sent by the modem when the receiving unit is in serial port communication with the remote terminal;
the first processing unit is used for carrying out segmentation processing on the serial port analog signal according to a pre-stored segmentation rule to obtain a segmented signal comprising a plurality of sub-segment signals;
the second processing unit is used for performing replacement processing on part of the subsegment signals in the segmented signal according to a pre-stored replacement rule to obtain a processed signal;
the third processing unit is used for carrying out scrambling processing on the processing signal according to a pre-stored scrambling rule to obtain an encrypted signal;
a sending unit, configured to send the encrypted signal to the remote terminal.
As an optional implementation manner, in the first aspect, the first processing unit includes:
the first subunit is used for carrying out fast Fourier transform processing on the serial port analog signal to obtain a transform signal;
and the second subunit is used for acquiring a Fourier coefficient of the transformed signal, and performing segmentation processing on the transformed signal according to the segmentation rule and the Fourier coefficient to obtain a segmented signal comprising a plurality of sub-segment signals.
As an optional implementation manner, in the first aspect, the second processing unit includes:
a third subunit, configured to calculate a signal energy of each sub-segment signal in the segment signal, to obtain the signal energy of each sub-segment signal; determining all sub-segment signals to be replaced with signal energy lower than an energy threshold value in the segmented signal;
and the fourth subunit is configured to perform replacement processing on all the subsegment signals to be replaced by using the replacement signal, so as to obtain a processed signal.
In a third aspect, the present invention provides a mobile terminal, including a memory and a processor, where the memory is used to store a computer program, and the processor runs the computer program to make the mobile terminal execute part or all of the communication security protection method disclosed in the first aspect.
In a fourth aspect, the present invention provides a computer-readable storage medium storing a computer program for use in the above-described mobile terminal.
According to the communication safety protection method and the device provided by the invention, when serial port communication is carried out with a remote terminal, when the communication safety protection device receives a serial port analog signal sent by a modem, the serial port analog signal is firstly subjected to segmentation processing according to a pre-stored segmentation rule to obtain a segmentation signal comprising a plurality of sub-segment signals; furthermore, the communication safety protection device carries out replacement processing on part of sub-segment signals in the segmented signals according to a pre-stored replacement rule to obtain processed signals, and carries out scrambling processing on the processed signals according to a pre-stored scrambling rule to obtain encrypted signals; and finally, the communication safety protection device sends the encrypted signal to the remote terminal. Therefore, the technical scheme of the invention can strengthen the safety of serial port communication data by encrypting the serial port analog signal, avoid potential safety hazard of plaintext communication and further improve the communication safety.
In order to make the aforementioned and other objects, features and advantages of the present invention comprehensible, preferred embodiments accompanied with figures are described in detail below.
Drawings
To more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings that are required to be used in the embodiments will be briefly described below, and it should be understood that the following drawings only illustrate some embodiments of the present invention, and therefore should not be considered as limiting the scope of the present invention.
FIG. 1 is a schematic structural diagram of a serial communication system provided in the present invention;
fig. 2 is a schematic flow chart of a communication security protection method according to an embodiment of the present invention;
fig. 3 is a flowchart illustrating a communication security protection method according to a second embodiment of the present invention;
fig. 4 is a schematic structural diagram of a communication safety protection device according to a third embodiment of the present invention;
fig. 5 is a schematic structural diagram of a communication safety protection device according to a fourth embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. The components of embodiments of the present invention generally described and illustrated in the figures herein may be arranged and designed in a wide variety of different configurations. Thus, the following detailed description of the embodiments of the present invention, presented in the figures, is not intended to limit the scope of the invention, as claimed, but is merely representative of selected embodiments of the invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments of the present invention without making any creative effort, shall fall within the protection scope of the present invention.
Aiming at the problems in the prior art, the invention provides a communication safety protection method and a device; when the serial port communication is carried out with a remote terminal, when a communication safety protection device receives a serial port analog signal sent by a modem, the serial port analog signal is firstly subjected to segmentation processing according to a pre-stored segmentation rule to obtain a segmented signal comprising a plurality of sub-segment signals; furthermore, the communication safety protection device carries out replacement processing on part of sub-segment signals in the segmented signals according to a pre-stored replacement rule to obtain processed signals, and carries out scrambling processing on the processed signals according to a scrambling rule to obtain encrypted signals; and finally, the communication safety protection device sends the encrypted signal to the remote terminal. Therefore, the technical scheme of the invention can strengthen the safety of serial port communication data by encrypting the serial port analog signal, avoid potential safety hazard of plaintext communication and further improve the communication safety. Also, the techniques may be implemented in associated software or hardware, as described below by way of example.
Example 1
Referring to fig. 2, fig. 2 is a flowchart illustrating a communication security protection method according to an embodiment of the present invention. As shown in fig. 2, the communication security protection method may include the following steps:
s101, receiving a serial port analog signal sent by a modem when serial port communication is carried out with a remote terminal.
In this embodiment, the serial communication is a communication mode for performing data transmission bit by bit through a data signal line, a ground line, a control line, or the like. In the long-distance communication, the communication cost can be saved by adopting a serial port communication mode.
In this embodiment, the modem is a sending-end modem, and can perform signal modulation processing on a digital signal and convert the digital signal into an analog signal.
As an alternative implementation, when the modem is a receiving-end modem, the decrypted analog signal sent by the communication security protection device may be received, and the decrypted analog signal may be subjected to signal demodulation processing to convert the decrypted analog signal into a decrypted digital signal.
In the embodiment of the invention, the communication safety protection device comprises a memory and a processor. The memory is used for storing a computer program, and the processor executes the computer program to make the communication security protection apparatus execute part or all of the communication security protection method described in this embodiment.
Referring to fig. 1, fig. 1 is a schematic structural diagram of a serial communication system according to the present invention. As shown in fig. 1, the serial communication system includes a modem 401, a communication security device 402, and a remote terminal 403. The modem 401 sends a serial port analog signal to the communication security device 402, the communication security device 402 may encrypt the serial port analog signal to obtain an encrypted signal, and then the communication security device 402 may send the encrypted signal to the remote terminal 403.
As a further optional implementation manner, when performing serial port communication with a remote terminal and the communication security protection device receives an encrypted analog signal sent by the remote terminal, the method may further include the following steps:
acquiring a terminal identifier of the remote terminal, and acquiring a decryption rule matched with the terminal identifier;
decrypting the encrypted analog signal according to the decryption rule to obtain a decrypted analog signal;
the decrypted analog signal is sent to the modem.
In this embodiment, the modem may be an electrical communication modem or an optical communication modem, and may specifically be an amplitude modulation modem, a phase modulation modem, a quadrature modulation modem, and the like, which is not limited in the embodiment of the present invention.
In the embodiment of the invention, the communication safety protection device stores the encryption rule. The encryption rules include segmentation rules, permutation rules, and scramble rules.
In the embodiment of the invention, in order to improve the communication security of serial port communication, the communication security protection device can store a plurality of sets of encryption rules, wherein each set of encryption rules comprises different segmentation rules, different replacement rules and different disturbance rules. According to different conditions, such as different communication time, different serial port analog signals carried encryption levels and the like, a set of proper encryption rules can be determined from the stored multiple sets of encryption rules, and the received serial port analog signals are encrypted.
As an optional implementation manner, the communication security protection method may further include the following steps:
acquiring the equipment identification of the mobile equipment receiving the serial port analog signal;
determining the identifier of the encryption rule corresponding to the equipment identifier by taking a pre-stored encryption rule comparison table as a basis, wherein the pre-stored encryption rule comparison table comprises the equipment identifier and the identifier of the encryption rule corresponding to the equipment identifier;
the encryption rule is obtained from the pre-stored rule base according to the identifier of the encryption rule, and step S102 is executed.
S102, carrying out segmentation processing on the serial port analog signal according to a pre-stored segmentation rule to obtain a segmentation signal comprising a plurality of sub-segment signals, carrying out replacement processing on part of the sub-segment signals in the segmentation signal according to a pre-stored replacement rule to obtain a processed signal, and carrying out scrambling processing on the processed signal according to a pre-stored scrambling rule to obtain an encrypted signal.
As an optional implementation manner, the step of performing segmentation processing on the serial port analog signal according to a pre-stored segmentation rule to obtain a segmented signal including a plurality of sub-segment signals may include the following steps:
carrying out Fourier transform processing on the serial port analog signal to obtain a frequency domain signal;
acquiring Fourier coefficients of the frequency domain signals, and determining the total number of the Fourier coefficients;
and carrying out segmentation processing on the frequency domain signal to obtain a segmented signal comprising a plurality of sub-segment signals, wherein the number of Fourier coefficients of each sub-segment signal is five.
In the above embodiment, the number of fourier coefficients of each sub-segment signal is five, and in practice, the frequency domain signal is divided to include a plurality of sub-band spectrums, where the number of fourier coefficients of each sub-band spectrum is five.
In the above embodiment, for example, when the total number of the fourier coefficients is determined to be eighty, the frequency-domain signal may be divided into seventeen sub-band spectrums each having five fourier coefficients.
In the embodiment of the present invention, the segment rule included in the encryption rule may be: firstly, Fourier transform processing is carried out on a signal to be encrypted to obtain a frequency spectrum signal corresponding to the signal to be encrypted; then, acquiring Fourier coefficients of the frequency spectrum signals, and determining the total number of the Fourier coefficients; and finally, carrying out segmentation processing on the frequency spectrum signal according to the number of preset coefficients to obtain a segmented signal comprising a plurality of sub-segment signals, wherein the number of Fourier coefficients of each sub-segment signal is the number of the preset coefficients. The number of preset coefficients included in the segmentation rule may be 2, 3, 4, and the like, and the embodiment of the present invention is not limited.
In the embodiment of the present invention, the segment rule included in the encryption rule may be: firstly, calculating the signal energy of each sub-segment signal in the segmented signal to obtain the signal energy of each sub-segment signal; then determining all sub-segment signals with signal energy lower than an energy threshold value in the segmented signal as signals to be replaced; further, all the signals to be replaced are replaced by preset replacing signals, and processing signals are obtained. For example, when the signal energy of ten of the seventeen subband spectrums is calculated to be lower than the energy threshold after the frequency domain signal is divided into seventeen subband spectrums, the ten subband spectrums in the segmented signal may be replaced by preset replacement signals one by one, so as to obtain a processed signal, where the processed signal includes seven subband spectrum signals and ten preset replacement signals.
As an alternative embodiment, the encryption rule may include a scramble rule that: according to the sequence of the sub-segment signals and the preset replacement signals included in the processing signals, marking the sequence numbers of the sub-segment signals and the preset replacement signals one by one; extracting the signal segments with the odd numbers and rearranging the signal segments with the odd numbers according to the sequence numbers from large to small to obtain odd signal total segments, and simultaneously extracting the signal segments with the even numbers and rearranging the signal segments according to the sequence numbers from small to large to obtain even signal total segments; furthermore, the odd signal total segment is inserted into the segment tail of the even signal total segment and is combined into an encrypted signal, wherein the segment tail of the even signal total segment is the end where the signal segment with the largest sequence number is located.
In the above embodiment, for example, after obtaining the processing signal including seven subband spectrum signals and ten preset replacement signal processing signals, according to the sequence of each signal segment in the processing signal, the sequence numbers of the seventeen signal segments are labeled one by one as: nos. 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17; then, signal segments with the odd number are extracted and arranged from large to small to obtain an odd number signal total segment, and the sequence numbers of the signal segments in the odd number signal total segment are arranged as follows: 15, 13, 11, 9, 7, 5, 3, 1; simultaneously, extracting the signal segments with the even numbers as the serial numbers, and rearranging the signal segments from small to large according to the serial numbers to obtain an even number signal total segment, wherein the serial numbers of the signal segments in the even number signal total segment are arranged as follows: nos. 2, 4, 6, 8, 10, 12, 14, 16; further, the odd signal total segment is inserted into the segment tail of the even signal total segment and combined into an encrypted signal. It can be seen that, the end where the signal segment with sequence number 16 is located is the segment tail of the total segment of the even number signal, and then the sequence numbers of the signal segments in the obtained encrypted signal are arranged as follows: no. 2, No. 4, No. 6, No. 8, No. 10, No. 12, No. 14, No. 16, No. 15, No. 13, No. 11, No. 9, No. 7, No. 5, No. 3 and No. 1.
In the embodiment of the invention, the serial port analog signal is encrypted by the encryption rule to obtain the encrypted signal, the encryption effect is good, and meanwhile, compared with the original serial port analog signal, the decryption signal for decrypting the encrypted signal in the decryption process has high reduction degree, thereby being beneficial to improving the communication safety and the communication quality.
S103, sending the encrypted signal to the remote terminal.
Therefore, by implementing the communication safety protection method described in fig. 2, the safety of serial port communication data can be enhanced by encrypting the serial port analog signal, the potential safety hazard of plaintext communication is avoided, and the communication safety is further improved.
Example 2
Referring to fig. 3, fig. 3 is a flowchart illustrating a communication security protection method according to a second embodiment of the present invention. As shown in fig. 3, the communication security protection method may include the following steps:
s201, judging whether an access request of a remote terminal is received, and if so, executing a step S202; if not, step S201 is executed to continuously determine whether an access request of the remote terminal is received.
In this embodiment, the access request includes a terminal identifier of the remote terminal.
S202, judging whether the terminal identification is a legal identification, and if so, executing the step S203 to the step S212; if not, the flow is ended.
As an optional implementation, the communication security protection device prestores a legal identification library. When judging whether the terminal identification is legal identification, if the terminal identification of the remote terminal is not found in the legal identification library, determining that the terminal identification is not legal identification, namely the remote terminal is not a legal terminal.
And S203, establishing communication connection with the remote terminal.
And S204, adding the terminal identification into the authorization list, and generating and storing an encryption rule matched with the terminal identification.
In the embodiment of the invention, the encryption rule comprises a segmentation rule, a replacement rule and a scrambling rule. The communication safety protection device can carry out legal verification on the remote terminal accessed for the first time, carry out communication authorization on the legal remote terminal, and if the remote terminal is not the legal remote terminal, the access communication of the remote terminal is not authorized, so that the communication environment is maintained, and the communication safety is ensured.
S205, the identification of the encryption rule is sent to the remote terminal, so that the remote terminal can call the decryption rule corresponding to the encryption rule from the agreed rule table stored in the remote terminal according to the identification of the encryption rule.
In this embodiment, for a remote terminal that is accessed for the first time, the communication security protection device needs to perform encryption interconnection configuration with the remote terminal that is accessed for the first time, and the communication security protection device can obtain a privacy level corresponding to the terminal identifier from the legal identifier library while judging that the terminal identifier is a legal identifier, and then the communication security protection device can generate an encryption rule matched with the remote terminal according to the privacy level, where the legal identifier library includes the terminal legal identifier and the privacy level corresponding to the legal identifier.
S206, when the serial port communication is carried out with the remote terminal, the serial port analog signal sent by the modem is received.
And S207, carrying out fast Fourier transform processing on the serial port analog signal to obtain a transform signal.
S208, Fourier coefficients of the transformed signals are obtained, and the transformed signals are subjected to segmentation processing according to segmentation rules and the Fourier coefficients to obtain a segmented signal comprising a plurality of sub-segment signals.
In the embodiment of the present invention, by implementing the steps S207 to S208, the serial port analog signal can be segmented according to a pre-stored segmentation rule, so as to obtain a segmented signal including a plurality of sub-segment signals.
S209, calculating the signal energy of each sub-segment signal in one segmented signal to obtain the signal energy of each sub-segment signal.
S210, determining all sub-segment signals to be replaced, of which the signal energy is lower than an energy threshold value, in a segmented signal; and performing replacement processing on all sub-segment signals to be replaced by using the replacement signals to obtain processing signals.
In the embodiment of the present invention, by implementing the steps S209 to S210, a part of the sub-segment signals in one segment signal can be replaced according to a pre-stored replacement rule to obtain a processed signal.
S211, scrambling the processed signal according to a pre-stored scrambling rule to obtain an encrypted signal.
As an alternative implementation, performing scrambling processing on the processed signal according to a pre-stored scrambling rule to obtain an encrypted signal, may include the following steps:
according to the sequence of the sub-segment signals and the preset replacement signals included in the processing signals, marking the sequence numbers of the sub-segment signals and the preset replacement signals one by one;
extracting the signal segments with the odd numbers and rearranging the signal segments according to the odd numbers from large to small to obtain the odd signal total segment;
extracting the signal segments with the sequence numbers of the even numbers and rearranging the signal segments according to the sequence numbers from small to large to obtain an even number signal total segment;
and inserting the odd signal total segment into the segment head of the even signal total segment, and combining the odd signal total segment and the even signal total segment into an encrypted signal, wherein the segment head of the even signal total segment is the end where the signal segment with the minimum sequence number is positioned.
S212, the encrypted signal is sent to the remote terminal.
Therefore, by implementing the communication safety protection method described in fig. 3, the safety of serial port communication data can be enhanced by encrypting the serial port analog signal, the potential safety hazard of plaintext communication is avoided, and the communication safety is further improved.
Example 3
Referring to fig. 4, fig. 4 is a schematic structural diagram of a communication security device according to a third embodiment of the present invention. As shown in fig. 4, the communication security device includes:
the receiving unit 301 is configured to receive a serial analog signal sent by the modem when performing serial communication with the remote terminal.
In this embodiment of the present invention, after receiving the serial port analog signal sent by the modem, the receiving unit 301 may further trigger the first processing unit 302 to perform a segmentation process on the serial port analog signal according to a pre-stored segmentation rule, so as to obtain a segmented signal including a plurality of sub-segment signals.
The first processing unit 302 is configured to perform segmentation processing on the serial port analog signal according to a pre-stored segmentation rule to obtain a segmented signal including a plurality of sub-segment signals.
The second processing unit 303 is configured to perform permutation processing on a part of the sub-segment signals in a segment signal according to a pre-stored permutation rule, so as to obtain a processed signal.
And a third processing unit 304, configured to perform scrambling processing on the processed signal according to a scrambling rule, so as to obtain an encrypted signal.
A transmitting unit 305 for transmitting the encrypted signal to the remote terminal.
In the embodiment of the present invention, the remote terminal may be an intelligent remote terminal such as a smart phone (e.g., an Android phone, an iOS phone, etc.), a tablet computer, a palm computer, a Mobile Internet Device (MID), a PC, etc., which is not limited in the embodiment of the present invention. The operating systems of various remote terminals may include, but are not limited to, an Android operating system, an IOS operating system, a Symbian operating system, a Black Berry operating system, a Windows Phone8 operating system, and the like.
Therefore, the communication safety protection device described in fig. 4 can encrypt the serial port analog signal to enhance the safety of serial port communication data, avoid potential safety hazards of plaintext communication, and further improve communication safety.
Example 4
Referring to fig. 5, fig. 5 is a schematic structural diagram of a communication security device according to a third embodiment of the present invention. The communication security device shown in fig. 5 is optimized from the communication security device shown in fig. 4. As shown in fig. 5, the first processing unit 302 includes:
the first subunit 3021 is configured to perform fast fourier transform processing on the serial port analog signal to obtain a transform signal.
The second sub-unit 3022 is configured to obtain a fourier coefficient of the transformed signal, and perform segmentation processing on the transformed signal according to a segmentation rule and the fourier coefficient to obtain a segmented signal including a plurality of sub-segment signals.
In this embodiment of the present invention, the second processing unit 303 includes:
a third subunit 3031, configured to calculate a signal energy of each sub-segment signal in a segment signal, to obtain a signal energy of each sub-segment signal; and determining all sub-segment signals to be replaced in the segmented signal, wherein the energy of all signals in the segmented signal is lower than an energy threshold value.
A fourth subunit 3032, configured to perform replacement processing on all to-be-replaced sub-segment signals with replacement signals to obtain processed signals; wherein the permutation rule comprises an energy threshold and a replacement signal.
As an optional implementation, the communication security protection device further includes:
the first determining unit 306 is configured to determine whether an access request of the remote terminal is received before receiving the serial port analog signal sent by the modem, where the access request includes a terminal identifier of the remote terminal.
A second judging unit 307, configured to judge whether the terminal identifier is a legal identifier after the first judging unit 306 judges that the access request is received.
A connection establishing unit 308, configured to establish a communication connection with the remote terminal when the second judging unit 307 judges that the terminal identifier is a legal identifier.
As a further optional implementation, the communication security protection device further includes:
an encryption generating unit 309, configured to add the terminal identifier into the authorization list after establishing a communication connection with the remote terminal and before receiving the serial port analog signal sent by the modem, and generate and store an encryption rule matching the terminal identifier; the encryption rules include segmentation rules, permutation rules, and scramble rules.
In this embodiment, after establishing a communication connection with a remote terminal, the connection establishing unit 308 may further trigger the encryption generating unit 309 to add the terminal identifier into the authorization list, and generate an encryption rule matching the terminal identifier.
The sending unit 305 is further configured to send the identifier of the encryption rule to the remote terminal, so that the remote terminal retrieves the decryption rule corresponding to the encryption rule from the agreed rule table stored in the remote terminal according to the identifier of the encryption rule.
Therefore, the communication safety protection device described in fig. 5 can encrypt the serial port analog signal to enhance the safety of serial port communication data, avoid potential safety hazards of plaintext communication, and further improve communication safety.
In addition, the invention also provides a mobile terminal. The mobile terminal comprises a memory and a processor, wherein the memory can be used for storing a computer program, and the processor can enable the mobile terminal to execute the method or the functions of each unit in the communication safety protection device through operating the computer program.
The memory may include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function (such as a sound playing function, an image playing function, etc.), and the like; the storage data area may store data (such as audio data, a phonebook, etc.) created according to the use of the mobile terminal, and the like. Further, the memory may include high speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid state storage device.
The embodiment also provides a computer storage medium for storing the computer program used in the mobile terminal.
In the embodiments provided in the present application, it should be understood that the disclosed apparatus and method can be implemented in other ways. The apparatus embodiments described above are merely illustrative and, for example, the flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of apparatus, methods and computer program products according to various embodiments of the present invention. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
In addition, each functional module or unit in each embodiment of the present invention may be integrated together to form an independent part, or each module may exist separately, or two or more modules may be integrated to form an independent part.
The functions, if implemented in the form of software functional modules and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention or a part of the technical solution that contributes to the prior art in essence can be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a smart phone, a personal computer, a server, or a network device, etc.) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
The above description is only for the specific embodiments of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present invention, and all the changes or substitutions should be covered within the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.

Claims (10)

1. A method for securing communications, comprising:
when the serial port communication is carried out with a remote terminal, a serial port analog signal sent by a modem is received;
acquiring the equipment identification of the mobile equipment receiving the serial port analog signal;
determining an encryption rule identifier corresponding to the equipment identifier by taking a prestored encryption rule comparison table as a basis; the pre-stored encryption rule comparison table comprises the equipment identification and an encryption rule identification corresponding to the equipment identification;
acquiring an encryption rule from a pre-stored encryption rule base according to the encryption rule identifier, wherein the encryption rule comprises a segmentation rule, a replacement rule and a scrambling rule;
the serial port analog signal is subjected to segmentation processing according to a pre-stored segmentation rule to obtain a segmentation signal comprising a plurality of sub-segment signals, partial sub-segment signals in the segmentation signal are subjected to replacement processing according to a pre-stored replacement rule to obtain a processed signal, and the processed signal is subjected to scrambling processing according to a pre-stored scrambling rule to obtain an encrypted signal;
and sending the encrypted signal to the remote terminal.
2. The communication security protection method according to claim 1, wherein the segmenting the serial port analog signal according to a pre-stored segmentation rule to obtain a segmented signal including a plurality of sub-segment signals comprises:
carrying out fast Fourier transform processing on the serial port analog signal to obtain a transform signal;
and acquiring Fourier coefficients of the transformed signals, and carrying out segmentation processing on the transformed signals according to the segmentation rule and the Fourier coefficients to obtain a segmented signal comprising a plurality of sub-segment signals.
3. The communication security protection method according to claim 1, wherein the performing a replacement process on part of the sub-segment signals in the one segment signal according to a pre-stored replacement rule to obtain a processed signal comprises:
calculating the signal energy of each sub-segment signal in the segmented signal to obtain the signal energy of each sub-segment signal;
determining all sub-segment signals to be replaced with signal energy lower than an energy threshold in the segmented signal;
and performing replacement processing on all the subsegment signals to be replaced by using the replacement signals to obtain processing signals.
4. The method of claim 1, wherein before the receiving the serial analog signal sent by the modem, the method further comprises:
judging whether an access request of a remote terminal is received, wherein the access request comprises a terminal identifier of the remote terminal;
if the access request of the remote terminal is received, judging whether the terminal identification is a legal identification;
and if the terminal identification is the legal identification, establishing communication connection with the remote terminal.
5. The method of claim 4, wherein after establishing the communication connection with the remote terminal and before receiving the serial analog signal transmitted by the modem, the method further comprises:
adding the terminal identification into an authorization list, and generating and storing an encryption rule matched with the terminal identification, wherein the encryption rule comprises the segmentation rule, the replacement rule and the disturbing rule;
and sending the identification of the encryption rule to the remote terminal so that the remote terminal can call a decryption rule corresponding to the encryption rule from an agreed rule table stored in the remote terminal according to the identification of the encryption rule.
6. A communication safety apparatus, comprising:
the receiving unit is used for receiving a serial port analog signal sent by the modem when the receiving unit is in serial port communication with the remote terminal;
the first processing unit is used for carrying out segmentation processing on the serial port analog signal according to a pre-stored segmentation rule to obtain a segmentation signal comprising a plurality of sub-segment signals;
the second processing unit is used for performing replacement processing on part of the subsegment signals in the segmented signal according to a pre-stored replacement rule to obtain a processed signal;
the third processing unit is used for carrying out scrambling processing on the processing signal according to a pre-stored scrambling rule to obtain an encrypted signal; the segmentation rule, the permutation rule and the scrambling rule are based on obtaining a device identification of a mobile device receiving the serial port analog signal; determining an encryption rule identifier corresponding to the equipment identifier by taking a prestored encryption rule comparison table as a basis; the pre-stored encryption rule comparison table comprises the equipment identification and an encryption rule identification corresponding to the equipment identification; acquiring an encryption rule from a pre-stored encryption rule base according to the encryption rule identifier, wherein the encryption rule comprises a segmentation rule, a replacement rule and a scrambling rule;
a sending unit, configured to send the encrypted signal to the remote terminal.
7. The communication security guard of claim 6, wherein the first processing unit comprises:
the first subunit is used for carrying out fast Fourier transform processing on the serial port analog signal to obtain a transform signal;
and the second subunit is used for acquiring a Fourier coefficient of the transformed signal, and performing segmentation processing on the transformed signal according to the segmentation rule and the Fourier coefficient to obtain a segmented signal comprising a plurality of sub-segment signals.
8. The communication security guard of claim 6, wherein the second processing unit comprises:
a third subunit, configured to calculate a signal energy of each sub-segment signal in the segment signal, to obtain the signal energy of each sub-segment signal; determining all sub-segment signals to be replaced with signal energy lower than an energy threshold value in the segmented signal;
and the fourth subunit is configured to perform replacement processing on all the subsegment signals to be replaced by using the replacement signal, so as to obtain a processed signal.
9. A mobile terminal, characterized in that it comprises a memory for storing a computer program and a processor for executing the computer program to make the mobile terminal execute the communication security protection method according to any one of claims 1 to 5.
10. A computer-readable storage medium, characterized in that it stores a computer program for use in a mobile terminal according to claim 9.
CN201810419243.7A 2018-05-04 2018-05-04 Communication safety protection method and device Active CN108600248B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN202110281576.XA CN112887336B (en) 2018-05-04 2018-05-04 Communication safety protection method and device
CN201810419243.7A CN108600248B (en) 2018-05-04 2018-05-04 Communication safety protection method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810419243.7A CN108600248B (en) 2018-05-04 2018-05-04 Communication safety protection method and device

Related Child Applications (1)

Application Number Title Priority Date Filing Date
CN202110281576.XA Division CN112887336B (en) 2018-05-04 2018-05-04 Communication safety protection method and device

Publications (2)

Publication Number Publication Date
CN108600248A CN108600248A (en) 2018-09-28
CN108600248B true CN108600248B (en) 2021-04-13

Family

ID=63620794

Family Applications (2)

Application Number Title Priority Date Filing Date
CN202110281576.XA Active CN112887336B (en) 2018-05-04 2018-05-04 Communication safety protection method and device
CN201810419243.7A Active CN108600248B (en) 2018-05-04 2018-05-04 Communication safety protection method and device

Family Applications Before (1)

Application Number Title Priority Date Filing Date
CN202110281576.XA Active CN112887336B (en) 2018-05-04 2018-05-04 Communication safety protection method and device

Country Status (1)

Country Link
CN (2) CN112887336B (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1998051067A1 (en) * 1997-05-09 1998-11-12 Epigram, Inc. Method and apparatus for reducing signal processing requirements for transmitting packet-based data with a modem
CN101136201A (en) * 2006-08-11 2008-03-05 美国博通公司 System and method for perform replacement to considered loss part of audio signal
CN102624518A (en) * 2012-03-05 2012-08-01 华中科技大学 Voice encryption and decryption method
CN104378198A (en) * 2014-10-16 2015-02-25 南京中科龙脉物联网技术有限公司 Voice encryption method based on block cipher system
CN104393958A (en) * 2014-11-28 2015-03-04 成都航天通信设备有限责任公司 Data frame transmitting method and receiving method based on pipelining

Family Cites Families (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2804813B1 (en) * 2000-02-03 2002-09-06 Cit Alcatel ENCODING METHOD FOR FACILITATING THE SOUND RESTITUTION OF DIGITAL SPOKEN SIGNALS TRANSMITTED TO A SUBSCRIBER TERMINAL DURING TELEPHONE COMMUNICATION BY PACKET TRANSMISSION AND EQUIPMENT USING THE SAME
EP1887729A3 (en) * 2006-03-21 2011-07-13 Irdeto Access B.V. Method of providing an encrypted data stream
CN101242453B (en) * 2007-02-08 2011-07-27 联想(北京)有限公司 A transmission method and system for dual-audio multi-frequency signal
CN101388688B (en) * 2008-11-05 2012-09-05 北京理工大学 Frequency scanning interference suspending method for direct sequence spread spectrum communication system
CN104967582B (en) * 2015-07-22 2018-02-27 浙江大学 Channel estimation methods based on odd-even alternation pilot frequency sequence in NAVDAT
CN105050082B (en) * 2015-09-11 2019-10-25 成都汇研科技有限公司 Voice communication method and device
CN106254327A (en) * 2016-07-28 2016-12-21 努比亚技术有限公司 Information processor and method
CN106101147B (en) * 2016-08-12 2019-04-23 北京同余科技有限公司 A kind of method and system for realizing smart machine and the communication of remote terminal dynamic encryption
CN106412024B (en) * 2016-09-07 2019-10-15 网易无尾熊(杭州)科技有限公司 A kind of page acquisition methods and device
CN107172108A (en) * 2017-07-26 2017-09-15 成都三零盛安信息***有限公司 Data encryption, decryption method, data encryption, decryption device and communication system
CN107579961B (en) * 2017-08-23 2020-05-08 电子科技大学 Information secret transmission method of access network

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1998051067A1 (en) * 1997-05-09 1998-11-12 Epigram, Inc. Method and apparatus for reducing signal processing requirements for transmitting packet-based data with a modem
CN101136201A (en) * 2006-08-11 2008-03-05 美国博通公司 System and method for perform replacement to considered loss part of audio signal
CN102624518A (en) * 2012-03-05 2012-08-01 华中科技大学 Voice encryption and decryption method
CN104378198A (en) * 2014-10-16 2015-02-25 南京中科龙脉物联网技术有限公司 Voice encryption method based on block cipher system
CN104393958A (en) * 2014-11-28 2015-03-04 成都航天通信设备有限责任公司 Data frame transmitting method and receiving method based on pipelining

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
移动通信网中的端到端语音加密技术研究;金堃;《中国优秀硕士学位论文全文数据库(电子期刊)》;20130731(第7期);第2-4章,及附图1.1及图3.1 *

Also Published As

Publication number Publication date
CN108600248A (en) 2018-09-28
CN112887336B (en) 2023-05-05
CN112887336A (en) 2021-06-01

Similar Documents

Publication Publication Date Title
CN107483192B (en) Data transmission method and device based on quantum communication
CN106817346B (en) Data transmission method and device and electronic equipment
KR101410764B1 (en) Apparatus and method for remotely deleting important information
CN109274644B (en) Data processing method, terminal and watermark server
Muhammad et al. A secure cyclic steganographic technique for color images using randomization
CN104980278A (en) Method and device for verifying usability of biological characteristic image
CN105657702A (en) Authentication method, authentication system, authentication method of mobile terminal and mobile terminal
CN108093400B (en) Device and method for transmitting and receiving WiFi parameters
Anwar et al. Stegocrypt scheme using LSB-AES base64
US10949392B2 (en) Steganography obsfucation
JP2016021758A (en) Improvement for data transmission safety
CN112702582B (en) Secure transmission method and device for monitoring video based on SM2
CN108769038B (en) Data processing method and device based on block chain
CN108234466A (en) Information encryption communication method, device, computing device and storage medium
CN108600248B (en) Communication safety protection method and device
KR102026898B1 (en) Method and apparatus for secure communication between transmitter and receiver, method and apparatus for determining the secure information
CN116032509A (en) Mail encryption and decryption method and device
CN109214163B (en) Identity authentication method and device
Merit et al. Securing speech in GSM networks using DES with Random Permutation and Inversion Algorithm
Bucerzan et al. Contributions to steganographic techniques on mobile devices
CN111935710B (en) Application program login method and device of mobile terminal and electronic equipment
CN105430022A (en) Data input control method and terminal equipment
CN104363584A (en) Method, device and terminal for encrypting and decrypting short message
CN105722080B (en) Bluetooth pairing method, master intelligent terminal and slave intelligent terminal
CN113950049B (en) Quantum security method, system, device and medium of Internet of things based on SIM card

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant