CN114173332B

CN114173332B - Data encryption transmission method and device suitable for 5G intelligent power grid inspection robot

Info

Publication number: CN114173332B
Application number: CN202210120905.7A
Authority: CN
Inventors: 邵炜平; 向辉; 邱兰馨; 杨鸿珍; 汤亿则; 凌芝; 汪玉成; 吴昊; 张烨华; 赵建朋; 吕玉祥; 徐阳洲
Original assignee: Anhui Jiyuan Software Co Ltd; Information and Telecommunication Branch of State Grid Zhejiang Electric Power Co Ltd
Current assignee: Anhui Jiyuan Software Co Ltd; Information and Telecommunication Branch of State Grid Zhejiang Electric Power Co Ltd
Priority date: 2022-02-09
Filing date: 2022-02-09
Publication date: 2022-04-19
Anticipated expiration: 2042-02-09
Also published as: CN114173332A

Abstract

The invention provides a data encryption transmission method and device suitable for a 5G intelligent power grid inspection robot. The 5G intelligent power grid inspection robot can monitor the environment where the robot is located to obtain corresponding video data. In the process of encrypting video data, the encrypted data key is stored by the router key management method of keyable and ikev2, and the routing message is effectively prevented from being forged/tampered by an attacker due to the routing key management mechanism and the routing message verification. The collected real-time monitoring data can be protected from being transmitted to the monitoring background in real time, and the confidentiality of the video data is guaranteed. In addition, in the transmission process of the video data, different transmission modes can be adopted according to different video data, so that an administrator can monitor the abnormal video data in an important mode.

Description

Data encryption transmission method and device suitable for 5G intelligent power grid inspection robot

Technical Field

The invention relates to the technical field of data encryption, in particular to a data encryption transmission method and device suitable for a 5G intelligent power grid inspection robot.

Background

With the application of 5G in the smart grid, the smart grid inspection robot is greatly improved. The current inspection robot for the requirements of comprehensive monitoring of the state of primary electric power equipment in a transformer substation range of 110kV and above, security inspection and the like mainly uses WIFI access, most of the inspected video information is kept in the local station, and the inspected video information cannot be transmitted back to a remote monitoring center in real time. With the development and application of the 5G in the intelligent power grid, based on the characteristics of large bandwidth and low time delay of the 5G, the intelligent power grid substation inspection robot can transmit monitoring data back to the remote monitoring center in real time. However, the current inspection robot cannot effectively encrypt data during data transmission, and cannot adopt different transmission modes according to data types.

Disclosure of Invention

The embodiment of the invention provides a data encryption transmission method and device suitable for a 5G intelligent power grid inspection robot, which can encrypt video data collected by the 5G intelligent power grid inspection robot and adopt different transmission and display modes according to different video data, so that the encrypted video data can be displayed as required.

In a first aspect of the embodiments of the present invention, a data encryption transmission method suitable for a 5G smart grid inspection robot is provided, including:

the 5G intelligent power grid inspection robots respectively identify and process video data acquired in the inspection process to obtain respective identification results;

if the identification result is that no preset target exists in the video data, encrypting the video data to obtain first encrypted data, adding first mark information to the first encrypted data, and sending the first encrypted data added with the first mark information to a server;

if the identification result is that a preset target exists in the video data, encrypting the video data to obtain second encrypted data, adding second mark information to the second encrypted data, and sending the second encrypted data added with the second mark information to a server;

the server transmits the first encrypted data to a first database for storage according to the first mark information;

the server side judges the quantity of second encrypted data with second mark information at the current moment, and if the quantity of the second encrypted data with the second mark information at the current moment is less than or equal to a first preset value, all the second encrypted data with the second mark information are transmitted to a display side to be displayed; and if the quantity of the second encrypted data with the second mark information at the current moment is greater than the first preset value, screening all the second encrypted data with the second mark information to obtain the second encrypted data with the second mark information, which has the same quantity as the first preset value, after screening, and transmitting the screened second encrypted data to a display end for display.

Optionally, in a possible implementation manner of the first aspect, the video data is processed by:

acquiring a key table at the current moment, and expanding the key table to obtain an expanded AlgID field, a KDF field and a key field;

a cryptographic algorithm used in a routing protocol SA and used for protecting the integrity of routing messages is stored in the AlgID field;

the KDF field stores an algorithm for generating a short-term key of a routing protocol according to a long-term key, and is used for enabling a key table to generate the short-term key from the long-term key of public key cryptography based on an ikev2 protocol;

the key field is used for storing a long-term key, if the key stored in the key field is judged to be a public key, the public key is allowed to be transmitted in the transmission process of the first encrypted data and/or the second encrypted data, and if the key stored in the key field is judged to be a private key, the private key is not transmitted in the transmission process of the first encrypted data and/or the second encrypted data;

and encrypting the first encrypted data and/or the second encrypted data based on the key table.

Optionally, in a possible implementation manner of the first aspect, the method further includes:

if the long-term secret key configured in the secret key table is a public-private key mode in public key cryptography, namely the key field in the secret key table is a private key, and the key _ para is a public key and a corresponding cipher material, encryption transmission is carried out based on different gateways of the public key and the private key in the data transmission process;

if the long-term key configured in the key table is a shared key of symmetric cryptography, that is, the key field in the key table is the shared key, and the key _ para is empty, then encrypted transmission is performed based on different gateways of the shared key in the data transmission process.

Optionally, in a possible implementation manner of the first aspect, the identifying the video data acquired in the polling process by the multiple 5G smart grid polling robots to obtain respective identifying results includes:

at least one preset target is arranged in each 5G intelligent power grid inspection robot in advance;

if the preset target exists in the video data, the obtained identification result has the corresponding preset target;

and if the preset target does not exist in the video data, the obtained identification result does not have the corresponding preset target.

Optionally, in a possible implementation manner of the first aspect, if it is determined that the identification result is that a preset target exists in the video data, encrypting the video data to obtain second encrypted data, adding second tag information to the second encrypted data, and sending the second encrypted data to which the second tag information is added to the server includes:

if the identification result is that the preset targets exist in the video data, acquiring the number of the preset targets, and generating second mark information based on the number of the preset targets and the ID of the 5G intelligent power grid inspection robot;

and adding second mark information to the second encrypted data, wherein the second mark information comprises the number of preset targets and the ID of the 5G intelligent power grid inspection robot, and sending the second encrypted data added with the second mark information to a server.

Optionally, in a possible implementation manner of the first aspect, if the server determines that the number of the second encrypted data with the second flag information at the current time is greater than a first preset value, the server filters all the second encrypted data with the second flag information to obtain second encrypted data with the second flag information, the number of the second encrypted data after filtering being the same as the first preset value, and the transmitting the second encrypted data after filtering to the display end for display includes:

the server side judges that the quantity of second encrypted data with second mark information at the current moment is larger than a first preset value, and obtains the quantity of preset targets in each second mark information;

extracting a target weight corresponding to the ID of each intelligent power grid inspection robot in a preset weight table, acquiring the target weight corresponding to each second mark information, obtaining the screening value of each second mark information through the following formula,

wherein the content of the first and second substances,

is as followsiA screen corresponding to the second mark informationThe value of the selected value is selected,

is as followsiThe number of preset targets in the second flag information,

is as followsiThe target weight of the second label information,

is as follows

The number of preset targets in the second flag information,

is as follows

A target weight of the second label information;

sorting all the screening values corresponding to the second mark information in a descending order to obtain a sorting result, screening the sorting result from front to back, screening second encrypted data with the same quantity as the first preset value in the sorting result, and transmitting the screened second encrypted data to a display terminal for displaying.

the server acquires behavior data of an administrator, wherein the behavior data is any second encrypted data which is not screened and selected by the administrator and is displayed through the display end;

acquiring second encrypted data which are not screened in the behavior data, extracting second mark information corresponding to the second encrypted data, and acquiring target weight of the second mark information at the current moment;

the target weight at the current moment is adjusted through the following formula to obtain the adjusted target weight,

wherein the content of the first and second substances,

in order to achieve the adjusted target weight,

the weight of the target at the current time instant,

in order to be at the first preset value,

is the first one screened

The target weight of the second label information,

is a preset adjustment coefficient.

receiving selected data, and acquiring an ID (identity) corresponding to the 5G intelligent power grid inspection robot in the selected data, wherein the first mark information comprises the ID corresponding to the 5G intelligent power grid inspection robot;

and selecting first encrypted data in the first database based on the ID in the selected data, and displaying the first encrypted data through the display terminal.

if the quantity of the second encrypted data with the second mark information at the current moment is smaller than a first preset value, obtaining a target weight corresponding to the ID of each intelligent power grid inspection robot in the weight table;

acquiring the quantity of all second encrypted data with second mark information at the current moment to obtain a first quantity value;

obtaining a second numerical value based on the first preset value and the first numerical value;

and selecting a target weight corresponding to the second numerical value in the weight table, and extracting first encrypted data corresponding to the target weight to display through a display end.

In a second aspect of the embodiments of the present invention, a data encryption transmission device suitable for a 5G smart grid inspection robot is provided, including:

the identification module is used for enabling the plurality of 5G intelligent power grid inspection robots to respectively identify and process the video data acquired in the inspection process to obtain respective identification results;

the first marking module is used for encrypting the video data to obtain first encrypted data if the identification result is that the preset target does not exist in the video data, adding first marking information to the first encrypted data, and sending the first encrypted data added with the first marking information to a server;

the second marking module is used for encrypting the video data to obtain second encrypted data if the identification result is that a preset target exists in the video data, adding second marking information to the second encrypted data, and sending the second encrypted data added with the second marking information to the server;

the first transmission module is used for enabling the server to transmit the first encrypted data to a first database for storage according to the first mark information;

the quantity judgment module is used for enabling the server to judge that the quantity of the second encrypted data with the second mark information at the current moment is less than or equal to a first preset value, and transmitting all the second encrypted data with the second mark information to the display end for displaying;

and the second transmission module is used for enabling the server to screen all the second encrypted data with the second mark information when the server judges that the quantity of the second encrypted data with the second mark information at the current moment is greater than the first preset value, obtaining the second encrypted data with the second mark information, which is the same as the first preset value in quantity after screening, and transmitting the screened second encrypted data to the display end for displaying.

In a third aspect of the embodiments of the present invention, a readable storage medium is provided, in which a computer program is stored, which, when being executed by a processor, is adapted to carry out the method according to the first aspect of the present invention and various possible designs of the first aspect of the present invention.

The data encryption transmission method and device suitable for the 5G intelligent power grid inspection robot provided by the invention can encrypt video data collected by the 5G intelligent power grid inspection robot. And carry out the discernment analysis to video data, adopt different mark mode according to the difference of video data for the video data of transmission is encrypted after being transmitted to the service end, and video data storage or show according to the different mark of video data, make a plurality of 5G smart power grids patrol and examine the robot and can adopt different processing methods according to the difference of video data when gathering video data simultaneously, easily make the administrator monitor and manage the video data that a plurality of 5G smart power grids patrol and examine the robot and gather. In the process of transmitting the video data, the invention adopts different transmission modes according to the difference of the video data, so that an administrator can monitor the abnormal video data in a key way.

According to the technical scheme provided by the invention, in the process of encrypting and transmitting the video data through the key table, the key table is expanded to obtain the expanded AlgID field, KDF field and key field, and the AlgID field, KDF field and key field are modified to allow a public key cryptographic algorithm to be used in the data transmission process to protect the routing information of the 5G gateway used by the method provided by the invention, so that the information uploaded by the inspection robot is ensured to be correctly transmitted to the monitoring terminal.

According to the technical scheme provided by the invention, when the second encrypted data corresponding to the second marking information is larger than the first preset value, the screening value of each second marking information can be obtained according to the number of preset targets in each video data and the target weight preset by an administrator. And determining the video data displayed on the display terminal according to the screening value of each piece of second mark information, so that the video data displayed on the display terminal are relatively important and possibly dangerous video data, and further assisting an administrator to quickly determine a hazard occurrence place. When the second encrypted data corresponding to the second mark information is smaller than the first preset value, the first encrypted data with the second numerical value is screened from the plurality of first encrypted data according to the target weight of the first encrypted data and displayed. Through the mode, the display end can display the video data with the first preset value number simultaneously in various scenes, and an administrator can view the video data simultaneously.

Drawings

Fig. 1 is a schematic diagram of one application scenario of a data encryption transmission method suitable for a 5G smart grid inspection robot;

FIG. 2 is a distribution schematic diagram of a 5G smart grid inspection robot;

fig. 3 is a flowchart of a first embodiment of a data encryption transmission method suitable for a 5G smart grid inspection robot;

FIG. 4 is a diagram illustrating negotiation time of RIPv2 protocol and OSPFv2 protocol;

FIG. 5 is a schematic diagram of a routing protocol SA negotiation mechanism based on public key cryptography;

FIG. 6 is a diagram illustrating a routing protocol SA negotiation mechanism based on symmetric cryptography;

fig. 7 is a structural diagram of a first embodiment of a data encryption transmission device suitable for a 5G smart grid inspection robot.

Detailed Description

In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.

The terms "first," "second," "third," "fourth," and the like in the description and in the claims, as well as in the drawings, if any, are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the invention described herein are capable of operation in sequences other than those illustrated or described herein.

It should be understood that, in various embodiments of the present invention, the sequence numbers of the processes do not mean the execution sequence, and the execution sequence of the processes should be determined by the functions and the internal logic of the processes, and should not constitute any limitation on the implementation process of the embodiments of the present invention.

It should be understood that in the present application, "comprising" and "having" and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.

It should be understood that, in the present invention, "a plurality" means two or more. "and/or" is merely an association describing an associated object, meaning that three relationships may exist, e.g., a and/or B, may mean: a exists alone, A and B exist simultaneously, and B exists alone. The character "/" generally indicates that the former and latter associated objects are in an "or" relationship. "comprises A, B and C" and "comprises A, B, C" means that all three of A, B, C comprise, "comprises A, B or C" means that one of A, B, C comprises, "comprises A, B and/or C" means that any 1 or any 2 or 3 of A, B, C comprises.

It should be understood that in the present invention, "B corresponding to a", "a corresponds to B", or "B corresponds to a" means that B is associated with a, and B can be determined from a. Determining B from a does not mean determining B from a alone, but may be determined from a and/or other information. And the matching of A and B means that the similarity of A and B is greater than or equal to a preset threshold value.

As used herein, "if" may be interpreted as "at … …" or "when … …" or "in response to a determination" or "in response to a detection", depending on the context.

The technical solution of the present invention will be described in detail below with specific examples. The following several specific embodiments may be combined with each other, and details of the same or similar concepts or processes may not be repeated in some embodiments.

As shown in fig. 1, the schematic diagram of one application scenario of the data encryption transmission method applicable to the 5G smart grid inspection robot of the present invention includes the 5G smart grid inspection robot, and the 5G smart grid inspection robot may be provided with any one or more of a lighting device, an infrared camera, and a visible light camera. The 5G smart power grid inspection robot can illuminate the area where the robot is located through the illuminating device, the 5G smart power grid inspection robot can acquire images of the environment through the infrared camera and the visible light camera to obtain infrared images and visible light images, and video data are further formed based on the infrared images and the visible light images of a plurality of moments and a plurality of frames. The number of the 5G intelligent power grid inspection robots can be multiple, and the robots are respectively arranged in different areas, as shown in fig. 2.

The 5G intelligent power grid inspection robot can be connected with the 5G gateway in a wired or wireless mode, and the 5G gateway can be a router and other equipment with a data transmission function. The 5G gateway can be connected with the 5G base station, the 5G base station is connected with a target server, the server is connected with a display end, and a monitoring background is formed by at least one display end. The form of the display end is not limited in the invention, the display end can be a large screen, for example, the large screen is divided into nine-grid and four-grid forms, and the like, and the video data collected by the 5G intelligent power grid inspection robot at different positions and with different IDs can be displayed through different grids.

The invention provides a data encryption transmission method suitable for a 5G intelligent power grid inspection robot, which comprises the following steps of:

and S110, respectively identifying the video data acquired in the inspection process by the plurality of 5G intelligent power grid inspection robots to obtain respective identification results. The 5G intelligent power grid inspection robot can acquire images through the infrared camera and the visible light camera to obtain video data in the inspection process. And actively recognizing the video data to obtain a corresponding recognition result.

In the technical solution provided by the present invention, step S110 specifically includes:

at least one preset target is arranged in each 5G intelligent power grid inspection robot in advance. The preset target may be a human body, may be a flame temperature, or the like. By taking video data generated by an infrared image collected by an infrared camera of a 5G intelligent power grid inspection robot as an example, when a pixel point in the video data is identified to reach a preset pixel value interval through an image identification technology, the corresponding pixel point or a pixel area is judged to be flame, a preset target is considered to be in the video data at the moment, and the preset target is flame at the moment. By taking video data generated by visible light images collected by a visible light camera of the 5G intelligent power grid inspection robot as an example, when the image recognition technology is used for recognizing that pixel points in the video data have human-shaped images, the video data at the moment are considered to have preset targets, and the preset targets at the moment are human bodies. The method for recognizing the preset target of the infrared image and the visible light image belongs to the field of machine vision, can be the prior art, and is not repeated.

And if the preset target exists in the video data, the obtained identification result has the corresponding preset target. When the preset target exists in the video data, it is proved that an accident situation may occur at this time, the preset target exists in the recognition result, and the preset target can reflect the possible accident situation. For example, if there are two human bodies in the video data, the preset target at this time is a human body, and the number of the preset targets is 2. Namely, the corresponding preset target in the recognition result at this time is a human body, and the number of the human bodies is 2.

And if the preset target does not exist in the video data, the obtained identification result does not have the corresponding preset target. When the preset target does not exist in the video data, it is proved that no accident happens at the moment, and the recognition result does not have the preset target at the moment.

Step S120, if the identification result is that the preset target does not exist in the video data, encrypting the video data to obtain first encrypted data, adding first mark information to the first encrypted data, and sending the first encrypted data added with the first mark information to a server. After the video data is obtained, the video data is firstly encrypted, so that the video data is prevented from being leaked in the transmission process and being obtained by a malicious terminal. The method and the device can mark the video data, namely, different mark information is added according to whether the preset target exists in the video data, and when the identification result is that the preset target does not exist in the video data, the first mark information is added to the first encrypted data.

When the preset target does not exist in the video data, it is proved that no accident situation occurs in the environment corresponding to the video data at the current moment, at this time, first mark information is added to the first encrypted data, and the mark purpose of the first mark information is to add a label without the accident situation to the first encrypted data.

Step S130, if the identification result is that the preset target exists in the video data, encrypting the video data to obtain second encrypted data, adding second mark information to the second encrypted data, and sending the second encrypted data added with the second mark information to the server. After the video data is obtained, the video data is firstly encrypted, so that the video data is prevented from being leaked in the transmission process and being obtained by a malicious terminal. The method and the device can mark the video data, namely, different mark information is added according to whether the preset target exists in the video data, and when the identification result is that the preset target exists in the video data, second mark information is added to the second encrypted data.

In the technical solution provided by the present invention, step S130 specifically includes:

and if the identification result is that the preset targets exist in the video data, acquiring the number of the preset targets, and generating second mark information based on the number of the preset targets and the ID of the 5G intelligent power grid inspection robot. When the preset targets exist in the video data, the number of the preset targets needs to be obtained at the moment, and corresponding second mark information is obtained according to the number of the preset targets and the ID of the 5G intelligent power grid inspection robot.

And adding second mark information to the second encrypted data, wherein the second mark information comprises the number of preset targets and the ID of the 5G intelligent power grid inspection robot, and sending the second encrypted data added with the second mark information to a server. The present invention adds second tag information to the second encrypted data.

Step S140, the server transmits the first encrypted data to a first database for storage according to the first flag information. The server side can adopt different transmission modes for different first encrypted data and second encrypted data according to different marking information, when the video data are judged to be marked by the first marking information, the corresponding first encrypted data are directly transmitted to the first database for storage, and the first encrypted data are directly stored through the first database.

Step S150, the server determines that the number of the second encrypted data with the second mark information at the current time is less than or equal to the first preset value, and transmits all the second encrypted data with the second mark information to the display terminal for display. The first preset value in the present invention may be related to the number of the display end and the large screen, for example, if one display end and the large screen are divided into nine display forms, the first preset value at this time is 9, and one display form may be regarded as one split screen. For example, if a display end and a large screen are divided into 4 display forms, the first preset value at this time is 4. It can be understood that the display end and the large screen are divided into a plurality of grids, and at the moment, the administrator can check video data collected by the 5G intelligent power grid inspection robot in a corresponding quantity.

If the quantity of the second encrypted data with the second mark information at the current moment is smaller than or equal to a first preset value, the fact that all the second encrypted data can be displayed by the split screen of the current display end and the large screen is proved, and then the display end displays all the second encrypted data at the moment.

Step S160, if the server determines that the amount of the second encrypted data with the second flag information at the current time is greater than the first preset value, all the second encrypted data with the second flag information are screened to obtain the second encrypted data with the second flag information, which is the same as the first preset value in amount after screening, and the screened second encrypted data are transmitted to the display terminal for display. When the quantity of the second encrypted data with the second mark information is larger than the first preset value, the fact that all the second encrypted data cannot be displayed by split screens of the current display end and the large screen is proved, so that the method can screen all the second encrypted data with the second mark information, and the screened second encrypted data with the second mark information, which is the same as the first preset value in quantity, is displayed. Therefore, when the second encrypted data is more, the video data can be correspondingly displayed.

In the technical solution provided by the present invention, step S160 specifically includes:

the server side judges that the quantity of the second encrypted data with the second mark information at the current moment is larger than the first preset value, and obtains the quantity of preset targets in each second mark information. When the number of the second encrypted data with the second mark information is larger than the first preset value, the number of the preset targets in each second mark information is counted, and the higher the number of the preset targets is, the higher the possibility that an accident situation exists in the corresponding video data is proved to be.

wherein the content of the first and second substances,

is as followsiThe second flag information corresponds to the screening value,

is as followsiThe number of preset targets of the second flag information,

is as followsiThe target weight of the second label information,

is as follows

The number of preset targets of the second flag information,

is as follows

A target weight of the second label information.

According to the screening value of each second mark information, the number and the target weight of the preset targets of each second mark information are compared with the sum of the number and the target weight of all the preset targets of the second mark information, and if the number and the target weight of the preset targets of the second mark information are more and higher, the screening value corresponding to the corresponding second mark information is higher.

Through the technical scheme, the number of the preset targets in each video data and the target weight can be comprehensively considered to obtain the corresponding screening value, so that the probability of accidents, the importance degree of the corresponding position and the like are comprehensively considered in the generation of the screening value, and the video data displayed through the display end and the large screen are videos which are suitable for being displayed.

Sorting all the screening values corresponding to the second mark information in a descending order to obtain a sorting result, screening the sorting result from front to back, screening second encrypted data with the same quantity as the first preset value in the sorting result, and transmitting the screened second encrypted data to a display terminal for displaying. The invention performs descending sorting on all the screening values corresponding to the second marking information, for example, the screening values are 1, 2 and 5 respectively, and then the sorting result of the descending sorting is 5-2-1. If the first preset value is 2, the second encrypted data with the same quantity as the first preset value at this time are the second encrypted data respectively corresponding to the screening values 5 and 2.

The technical scheme provided by the invention further comprises the following steps:

the server acquires the behavior data of the administrator, and the behavior data is any second encrypted data which is not screened and selected by the administrator and is displayed through the display end. And after the server obtains second encrypted data corresponding to the number of the first preset values in a screening mode, displaying the screened second encrypted data, wherein the mode belongs to a machine selection mode and may have a certain difference with an actual situation. At this time, the administrator can select any second encrypted data which is not screened according to needs to be displayed through the display end, and the importance degree of the corresponding position and the robot corresponding to the second encrypted data selected by the administrator is possibly higher.

When the administrator selects any second encrypted data which is not screened to be displayed through the display end, the displayed second encrypted data can be randomly selected to be deleted, and one of the displayed second encrypted data can be deleted according to the selection of the administrator.

Second encrypted data which are not screened in the behavior data are obtained, second mark information corresponding to the second encrypted data are extracted, and target weight of the second mark information at the current moment is obtained. The invention can acquire second encrypted data which is not screened in the behavior data, wherein the second encrypted data is actively selected by an administrator in the behavior data, and the invention can extract second mark information corresponding to the second encrypted data and the target weight of the second mark information at the current moment.

wherein the content of the first and second substances,

in order to achieve the adjusted target weight,

the weight of the target at the current time instant,

in order to be at the first preset value,

is the first one screened

The target weight of the second label information,

is a preset adjustment coefficient. The administrator can select the second encrypted data which is not screened, so that the video data corresponding to the second encrypted data is proved to be relatively more important, and at the moment, the method and the system can actively adjust the target weight corresponding to the second encrypted data selected by the administrator upwards, so that the adjusted target weight is larger, and a relatively higher screening value is obtained when the second encrypted data of the corresponding region and the robot are calculated next time. According to the technical scheme, an active learning mode can be adopted, so that each second mark information and each video data have more appropriate and more accurate target weight, and the quantity of the second encrypted data is largeAnd screening out second encrypted data of the corresponding target area which the user wants to see when the first preset value is reached.

and receiving selected data, and acquiring the ID corresponding to the 5G intelligent power grid inspection robot in the selected data, wherein the first mark information comprises the ID corresponding to the 5G intelligent power grid inspection robot. In the technical scheme provided by the invention, each 5G intelligent power grid inspection machine has an ID which is uniquely corresponding to the inspection machine, and the ID can be a string of numbers and a string of characters. For example 1, 1A, etc. At least one 5G intelligent power grid inspection robot may be arranged in each area. For example, the area a1 is provided with a 5G smart grid inspection robot J11, and the area a2 is provided with a 5G smart grid inspection robot J12.

When the administrator wants to see the environmental condition of a certain area, the administrator actively inputs selected data, and the selected data can be the ID of the 5G intelligent power grid inspection robot corresponding to the area that the administrator wants to see. For example, if the administrator wants to view the environment of the area a1, the selected data input by the administrator is the ID number J11 of the 5G smart grid inspection robot.

And selecting first encrypted data in the first database based on the ID in the selected data, and displaying the first encrypted data through the display terminal. The invention can select the first encrypted data in the first database according to the ID in the selected data, and further control the corresponding first encrypted data to be displayed by the display terminal.

Through the technical scheme, the administrator can call the first encrypted data in the first database to display as required, so that the user can check the first encrypted data.

and if the quantity of the second encrypted data with the second mark information at the current moment is smaller than the first preset value, obtaining the target weight corresponding to the ID of each intelligent power grid inspection robot in the weight table. In the actual display process of the video data on the display side, the server can control the display side to preferentially display the video data in the second encrypted data, but in the actual working condition, the video data in the second encrypted data is smaller than the first preset value, at the moment, a certain amount of first encrypted data and second encrypted data need to be selected to be displayed simultaneously, and when a certain amount of first encrypted data is selected, the method can select the first encrypted data according to the weight table.

And acquiring the quantity of all second encrypted data with the second mark information at the current moment to obtain a first quantity value. The invention can obtain the quantity of all the second encrypted data with the second mark information when determining the quantity of the first encrypted data, so that the quantity of the video data displayed by the display end is fixed no matter how the value of the second encrypted data changes.

And obtaining a second numerical value based on the first preset value and the first numerical value. The invention can obtain the second numerical value by subtracting the first numerical value from the first preset value. For example, if the first preset value is 9 and the amount of the second encrypted data is 5, the first amount value is 5 and the second amount value is 4.

And selecting a target weight corresponding to the second numerical value in the weight table, and extracting first encrypted data corresponding to the target weight to display through a display end. After determining the second quantity value, the present invention extracts a corresponding quantity of the first encrypted data in the weight table, for example, the weight table has 5 target weights, which are 5, 4, 3, 2, and 1, respectively. At this time, the second quantity value is 4, and the first encrypted data corresponding to the first 4 target weights in the weight table is selected at this time. That is, the present invention selects the first encrypted data of the second numerical value that is ranked first in the weight table.

According to the technical scheme, after the quantity of the second encrypted data is smaller than the first preset value, the corresponding quantity of the first encrypted data can be determined, so that the corresponding quantity of video data can be displayed by the display end under various working conditions and scenes, and an administrator can monitor and view the environment conditions of multiple areas at the same time.

Modern data networks are mostly based on IP technology, and a router is a core device on the IP technology-based network, which maintains a set of routing tables through a routing protocol running thereon, and forwards received IP data packets according to the routing tables. The IP packet sent by the sender is forwarded by a plurality of routers and then transmitted to the destination. In order to maintain a set of routing tables, routing messages need to be interacted between routing protocols on different routers so as to realize the creating/updating/learning functions of routing table information. Because the routing message is transmitted in a public network, the channel of which is shared by a plurality of network nodes, an attacker can easily intercept and forge/tamper with the routing message. Upon accepting such an erroneous routing message, the router will generate an erroneous routing table. When the routing protocol forwards the IP packet according to the wrong routing table, the packet cannot be transmitted to the destination. To address this problem, an integrity protection mechanism must be provided for the routing protocol to prevent an attacker from forging/tampering with the routing message. The basic idea of the integrity protection mechanism is to use key material to generate a message authentication code for a routing message (this process usually uses a one-way function or a threshold one-way function), and send the message authentication code to a receiver along with the message, after the receiver receives the routing message and the authentication code, the receiver verifies the message and the authentication code thereof by using the corresponding key material, and only the routing message passing the verification is a correct message which is not tampered by an attacker. Since the attacker does not have the keying material, it will not be able to forge/tamper with the message and generate the correct message authentication code. This mechanism allows only router-generated routing messages that possess keying material to be validated, and attacker-generated routing messages without keying material will not be validated. Thereby effectively preventing an attacker from forging/tampering the routing message.

Currently, most routing protocols define an integrity protection mechanism. As previously mentioned, routing protocols must use a set of keying material, called the Security Association (SA), to generate the message authentication code. Different routing protocols define different SAs but generally include information such as message authentication code generation algorithms and keys. However, most routing protocols do not provide an automatic management mechanism for the SA, but rather are manually configured and updated by a person called an administrator (administrator). However, the human hand configuration and update has the following problems: firstly, manual configuration of a human is easy to make mistakes; secondly, the manual configuration speed is low, and the requirement of networking of a large number of modern routers is not met; thirdly, many routers may belong to different operators, cannot directly configure the shared secret key on the routers, and must use a common trusted third party, and manual configuration is very difficult. Therefore, a key management protocol is urgently needed by the integrity protection mechanism of the routing protocol to realize automatic management of the security alliance so as to solve the three problems. With the improvement of the computing power of attackers and the endless layering of attack technologies, the probability and frequency of the attack and destruction of the network are higher and higher, and the cost for the modern network with rapidly increased service value is larger and larger. Therefore, an automatic key management protocol is designed for the routing protocol, and the automatic configuration, updating and negotiation of the key material are more urgent.

IKEv2 is a protocol that provides SA negotiation for the data security mechanism (IPsec) at the IP layer. A total of four types of exchanges, i.e., IKE SA INIT Exchange, IKE AUTH Exchange, CREATE CHILD SA Exchange, and INFORMATIONAL Exchange, may be involved before and after the SA negotiation process of IKEv2, wherein the first two types of exchanges, collectively referred to as Initial Exchange (Initial Exchange), are required and fixed in order, and the second two types of exchanges are optional, as desired. The Exchange (Exchange) in the IKEv2 consists of one request (request) and one response (response) that occur between two network peers (peers), where the peer that initiates the request is called the Initiator (generally denoted by i) and the peer that responds is called the Responder (generally denoted by r).

IKE _ SA _ INIT exchange negotiates cryptographic algorithms (cryptograms), exchanges random numbers (nonces), performs Diffie-Hellman (D-H) exchanges, negotiates security parameters for the two peers to generate IKE _ SA, and provides a secure channel for subsequent exchanges. The IKE AUTH exchange authenticates the peer identity and negotiates to generate a first CHILD SA, which provides the SA for the Encapsulating Security Payload (ESP) or/and Authentication Header (AH) of the IPsec. The CREATE CHILD SA exchange generates other CHILD SAs for updating the SA generated by the exchange or for use by ESP or/and AH. The information exchange is used as transmission control information, including error reporting and event notification.

In the phase 1 exchange of the IKEv2, the IKEv2 protocol uses configuration information in the authorization database PAD, such as long-term keys, identities, etc., to complete the authentication process and establish a secure channel.

In the phase 2 exchange of IKEv2, the IKEv2 protocol generates an SA for IPSEC from PAD information (note: the key is generated using the DH algorithm, not based on the configuration in the PAD database), and stores the SA in the SAD database. The PAD also generates information in the policy database SPD. And IPSEC uses the SA in the SAD database according to the configuration of the policy database SPD. Note: PAD: IKEv2 works primarily based on PAD. SPD-generated by IKEv2, which IPSEC uses for access to the SAD repository. SAD: a security association database.

The IKEv2 protocol cannot be used directly for the management of the routing protocol SA for the following reasons:

(1) the routing protocol does not have an SPD database. IKEv2 is a key management protocol designed for IPSEC. IPSEC uses the SAD using the SPD database. For example, when a packet is received by the IPSEC, the traffic selector in the SPD is used to determine which SA in the SAD bank the packet should be used to process the IPSEC packet. The traffic selector here is usually information of IP address, port number, etc. However, the routing protocol does not define the SPD database, and the routing protocol stack is not based on the so-called traffic selector but on the KEYID when processing the routing packet. This KEYID is typically included in routing protocol packets.

(2) The SA definition of the routing protocol is different from that of IPSEC, and the SA definition of each routing protocol is also different. This makes the existing IKEv2 unable to generate different SAs as required by each routing protocol.

One solution to this problem is: the routing protocol standard is modified to support the SPD database and the SAD database. However, this would change the security mechanism defined by the existing protocol a lot, and the workload is huge. Furthermore, backward compatibility is not good, which may cause impact on the existing configured router, and is difficult to be accepted by the operator.

Another solution to this problem is: and modifying the existing SPD database, PAD database and SAD database to meet the requirement of the routing protocol. However, doing so can impact the existing configured IPSEC/IKEV2 system, causing incompatibility problems. Meanwhile, a unified data structure (i.e., a database) is defined forcibly to meet the needs of a plurality of different routing protocols SA, and the definition of the database is very complex and is easy to make mistakes.

To address these problems, the best approach is: the current situation of the existing routing protocol SA is kept, and the current situations of SAD, SPD and PAD databases of the existing IPSEC are also kept. Redefines a data structure and modifies the key management protocol on the basis of this data structure. Having the key management protocol generate different SAs for different routing protocols based on this data structure. This has the further advantage that: the IKEv2 protocol does not regenerate the data of the SPD database, as long as data in the SA format defined by the routing protocol is generated. Is much simpler to implement than the generation of ISPEC SAs.

However, the work of the karp working group still stays in the first step, and only one preliminary key table is defined. The key table draft also has the following problems:

(1) the existing key table draft lacks support for public key cryptography. The existing key table draft only defines a data structure based on a symmetric key, and does not define a data structure based on public key cryptography. Public key cryptography is an important branch of modern cryptography and is also a cryptography supported by most systems (currently, the PAD database like IPSEC indicates that it supports the mechanism of public key cryptography). The Sam Hartman et al also recommended public key cryptography techniques to the karp working group. Therefore, it is necessary for the routing table to support public key cryptography.

(2) The existing key table draft does not define a mechanism how to use the key table to generate the routing protocol SA. Key tables define a suite of keying material, however, the security associations for each routing protocol are different. How to convert from generic security material defined by the key table into security associations for each routing protocol is an important issue.

(2) The existing IKEv2 protocol generates a key for the CHILD SA based on the DH exchange. The key table expects that the key of the CHILD SA is generated from the key in the key table using KDF. There is a conflict between the two. Therefore, the existing IKEv2 protocol is also incompatible with the key table protocol in terms of key generation.

(3) The existing patent has extended the IKEv2 protocol to support the data related to the transport routing protocol SA, however, the existing patent completes the key table before the key table is accepted by IETF, and the interactive flow cannot meet the requirement of the key table.

In order to solve the problems, the invention expands the existing key table draft to support public key cryptography, simultaneously establishes a conversion mechanism from the key table to the routing protocol SA, and designs a negotiation flow of IKEv2 for creating the CHILD _ SA on the basis.

The technical scheme provided by the invention comprises the following steps of encrypting the video data:

and acquiring a key table at the current moment, and expanding the key table to obtain an expanded AlgID field, a KDF field and a key field.

The AlgID field is a cryptographic algorithm used in a routing protocol SA and used for protecting the integrity of routing messages;

the KDF field is an algorithm for generating a short-term key of a routing protocol based on a long-term key, and the KDF field is used for enabling a key table to generate the short-term key from the long-term key of public key cryptography based on an ikev2 protocol;

judging that the long-term key configured in the key table is a public-private key mode in public key cryptography, namely, a key field in the key table is a private key, and key _ para is a public key and a corresponding cipher material, and carrying out encryption transmission according to different gateways based on the public key and the private key in the data transmission process;

and judging that the long-term key configured in the key table is a shared key of symmetric cryptography, namely, the key field in the key table is the shared key, and the key _ para is empty, and performing encryption transmission based on different gateways of the shared key in the data transmission process.

The example will extend the AlgID field, KDF field and key field, and add the key cryptography parameter field key _ para to make the key table support the configuration of keys based on public key cryptography. There are two implications for public key cryptography support here: one is that the long-term key may be a public key; secondly, the routing protocol can use the public key for integrity protection.

The algID field is a cryptographic algorithm used in the routing protocol SA for protecting the integrity of routing messages, and the key table draft specifies that the algorithm can only use a symmetric cryptographic algorithm and cannot use a public key cryptographic algorithm. Symmetric cryptographic algorithms are also mainly used in current routing protocols. However, public key cryptography has strong security features. It is also possible that the future routing protocol uses public key cryptography algorithms. The present invention modifies the description of the key table draft to the AlgID field, allowing the routing protocol to use public key cryptography to protect the integrity of the routing message.

The KDF field is an algorithm that generates a routing protocol short-term key from the long-term key. The current key table draft does not define a specific KDF algorithm, nor does it describe whether a public key cryptography mechanism can be used to generate a short-term key. The present invention modifies the description of the KDF field by the key table draft, allowing the ikev2 protocol to generate short-term keys from long-term keys of public key cryptography.

The Key field is a field that stores a long-term Key. The current key table draft only allows the key field to store the symmetric key. The invention modifies the description of the key table draft to the key field, allowing the router to store the private key of public key cryptography. When the field stores a private key, the field cannot be sent to other entities.

The Key _ para field is a newly added field for supplementary description of the Key field. Key _ para includes Cipher sut and Data. Wherein, the length of the Cipher sub field is 1 byte, which represents the selected Cipher system. The cryptosystem may be as shown in table 1,

the Data field length may vary. For the RSA1024 cipher system, this field holds two parameters: e, n. Where e is the public key, n = pq, p and q are two large prime numbers of 1024 bits. For elliptic curve cryptosystems, this field holds several parameters: p, a, b, G, n, h. Taking ECC192 as an example, p, a, b, n, h are 192 bits, G is a point on an elliptic curve, and both the x-coordinate and the y-coordinate are 192 bits.

The invention can also define two fields through the Key table: notbeforee and NotAfter, which perform the conversion of key life time to the key life time of the routing protocol, as shown in fig. 4, for example:

(1) for the RIPv2 protocol: start time = notbeform, Stop time = NotAfter.

(2) For the OSPFv2 protocol, Key start accept = notbeform, Key Stop accept = NotAfter, Key start generate = time of negotiation start, Key Stop generate = time of negotiation completion.

In the implementation method, the AlgID field, the KDF field and the key field are modified so as to allow the router key management method to use a public key cryptographic algorithm to protect the routing information of the 5G gateway, thereby ensuring that the uploading information of the inspection robot is correctly transmitted to the monitoring terminal.

The embodiment also provides a selection algorithm, so that the ikev2 protocol can select a corresponding record from the key table, establish connection, and be used for generating the routing protocol SA. The selection algorithm is as follows:

and the Kmp calls a corresponding detection program to traverse the interfaces field, the protocol field and the peers field in the key table. It is detected whether a corresponding routing protocol is running on it. The Key table draft does not define the format of the Interfaces, and the MAC address is used for identifying the fields of the Interfaces. The format of the Peers field is also not defined in the Key table draft, and the present invention identifies the Peers field using IP addresses. The Key table draft also has no specific content for defining the Protocol field, and the routing management method follows the definition of a routing Protocol Key management method and system based on IKEv 2. Since each routing Protocol runs on a different Protocol, the kmp detection procedure needs to associate the ID number of the Protocol field with the corresponding routing Protocol to perform the probing process. For example, the BGP protocol runs on port number 179 for TCP, the RIP protocol runs on port number 520 for UDP, and OSPF uses Raw IP transport with protocol number 89.

For example, assuming that peers are 172.21.111.1, protocol field value is RIPv2, and interfaces field is 00-eo-fc-82-4c-84, kmp detects whether the routing protocol is running on the UDP protocol 520 port on the machine with IP address 172.21.111.1 and MAC address 00-eo-fc-82-4 c-84. If a routing protocol is running, an IKE _ SA is established for it. If no routing protocol is running, then no security association may be established. In the invention, if two routers are in the same subnet, the detection of the interfaces field is taken as the main, and the peers field belongs to the optional detection direction; if the two routers are not in the same subnet, the detection peers field is taken as the main field, and the interfaces field belongs to the optional detection item.

One problem is that: if the routing protocol security association has not been established and the router has issued a routing message, this earlier routing message may be modified by the attacker. But this situation can be addressed by routing information updates after the security association is established. This safety issue is not critical.

If more sophisticated security is to be provided, the embodiment may not be run, and kmp establishes a security association directly for all entries in the key table. But the result of this may be reduced performance. The present embodiment provides a method of optimizing kmp performance: i.e. only records running the routing protocol are managed.

The present embodiment assumes that the long-term key configured in the key table is a public-private key of public key cryptography. That is, the key field in the key is the private key, and key _ para is the public key and associated cryptographic material. The routing protocol security association negotiation process in this case is shown in fig. 5. The SA negotiation between two routers has two stages, the SA negotiation in the first stage generates IKE _ SA for protecting the subsequent negotiation channel, and the second stage calculates Key ID, Authentication Algorithm and Life Time according to Key table. Finally, the routing protocol SA (CHILD SA) is negotiated using the calculation result. The Authentication Key can be generated by a D-H exchange algorithm, and can also directly use the Key in the Key table. The specific contents of the exchanges are shown in table 2:

wherein (1) the result of step X1, X2 is to generate an IKE _ SA for securing subsequent communications. The payload specification is the same as RFC 4306.

(2) Steps X3 and X4 generate the first CHILD _ SA. This is the SA generated by the IKEv2 protocol by default. The payload specification is the same as RFC 4306.

(3) Steps X5 and X6 generate CHILD SA of the routing protocol. The description of the key _ para load is as above, and the description of other loads is as same as RFC 4306.

(4) Before executing step X5, the responder first needs to find the corresponding entry in the key table according to the information such as the interfaces, peer and protocol IDs. Then, according to the first, third and fourth embodiments of the present invention, a key identifier, a life time and a key parameter are generated for the routing protocol SA.

(5) Before the initiator executes step X6, it also needs to find the corresponding record item in the key table according to the information such as the interfaces, peer and protocol IDs. Then, according to the first, third and fourth embodiments of the present invention, a key identifier, a life time and a key parameter are generated for the routing protocol SA. And comparing the SA with the received suggested SA, selecting the SA meeting the condition, and returning the SA to the responder, thereby generating a routing protocol security association.

(6) The initiator and the responder generate a key in the routing protocol SA according to the key _ para. The shared key is computed using the DH algorithm or the public key is used directly as the key for the routing protocol. The reason for transmitting Key _ para here is two points: firstly, the opposite side verifies whether the received information is consistent with the information in the database of the opposite side; and secondly, when the configuration of the peer database is incomplete, the received information can be directly used.

There are many Key generation methods, and the invention provides two methods: firstly, a DH algorithm is used for generating a symmetric key, secondly, a public key is directly sent to an opposite terminal, and the integrity of a routing protocol message is protected by adopting a public key digital signature method. When the step X5 is Key _ para in X6, the public Key is directly sent to the opposite end, and the integrity of the routing protocol message is protected by adopting a method of digital signature of the public Key. When the result in the step X5 and X6 is KE, a DH algorithm is used to generate a symmetric key, and the symmetric key is used to protect the integrity of the routing protocol message.

The present embodiment assumes that the long-term key configured in the key table is a shared key of symmetric cryptography. I.e. the key field in the key table is the shared key and key _ para is empty, the routing protocol security association negotiation process in this case is as shown in fig. 6. The SA negotiation between two routers has two stages, the SA negotiation in the first stage generates IKE _ SA for protecting the subsequent negotiation channel, the second stage calculates Key ID, Authentication Algorithm and Life Time, etc. according to Key table, and negotiates routing protocol SA (CHILD _ SA) by using the calculation result. The specific content of the exchanges is shown in the following table:

wherein (1) the result of step Y1, Y2 is to generate IKE _ SA for securing subsequent communication. The payload specification is the same as RFC 4306.

(2) Steps Y3 and Y4 generate the first CHILD _ SA. This is the SA generated by the IKEv2 protocol by default. The payload specification is the same as RFC 4306.

(3) Steps Y7 and Y8 generate CHILD _ SA of the routing protocol. The payload is described in RFC 4306.

(4) Before executing step Y8, the responder first needs to find the corresponding record item in the key table according to the information such as the interfaces, peer and protocol IDs. Then, according to the first, third and fourth embodiments of the present invention, a key identifier, a life time and a key parameter are generated for the routing protocol SA.

(5) Before executing step Y8, the initiator also needs to find the corresponding record item in the key table according to the information such as the interfaces, peer and protocol IDs. Then, according to the first, third and fourth embodiments of the present invention, a key identifier, a life time and a key parameter are generated for the routing protocol SA. And comparing the SA with the received suggested SA, selecting the SA meeting the condition, and returning the SA to the responder, thereby generating a routing protocol security association.

(6) The initiator and responder generate keys according to the key in the key table and the specification of the KDF field.

In conclusion, the key table draft can support both symmetric cryptography and public key cryptography. The embodiment of the invention also provides a mechanism for converting the key table into the routing protocol SA, so that the IKEv2 protocol can generate the routing protocol SA by using the key table negotiation. The mechanisms can provide safety protection of modern public key cryptography for a routing protocol, and the router key management protocol can protect a routing table of the 5G gateway from being tampered and attacked, so that data collected by the inspection robot can be normally transmitted to the monitoring terminal.

(1) The embodiment of the invention provides a key table expansion method, which comprises the following steps:

and expanding the AlgID field, the KDF field and the key field, and adding a key cryptography parameter field key _ para to enable the key table to support the configuration of a key based on public key cryptography. The extended AlgID field and key field are used to hold cryptographic algorithms and keys. The added key _ para field is used to hold key-related parameters.

This embodiment enables the key table to support both long-term keys based on public key cryptography and long-term keys based on symmetric cryptography.

(2) The embodiment of the invention provides a method for selecting one record in a key table, which comprises the following steps:

the Ikev2 protocol selects corresponding records from the key table according to the information of protocol, interfaces, peers, etc. for performing SA negotiation with the opposite end. The selection method can well identify the other side.

This embodiment enables ikev2 to select an appropriate long-term key record from the key table for use in generating the routing protocol SA.

(3) The embodiment of the invention provides a key identifier conversion method, which comprises the following steps:

the key identifier definition of each routing protocol is different, while the key identifier definition in the key table is the same. The embodiment defines a transformation algorithm, so that the key identifier in the key table can be transformed into the key identifier of the routing protocol SA. The transformation algorithm can enable the ikev2 protocol to correspond the key identifier in the key table with the key identifier of the routing protocol SA. The transformation and inverse transformation algorithm can prevent the key identifiers of a plurality of routing protocols SA from conflicting after transformation.

This embodiment enables the key identifier in the key table and the key identifier of the routing protocol SA to be translated with each other without collision.

(4) The embodiment of the invention provides a method for converting key life time, which comprises the following steps:

the key life time definitions of each routing protocol are different, while the key life time definitions in the key table are the same. The present embodiment defines a transformation algorithm so that the key life time in the key table can be transformed into the key life time of the routing protocol SA. The transformation algorithm can make the ikev2 protocol correspond the key life time in the key table with the key life time of the routing protocol SA. And the transformed key life time is made to meet the requirements before transformation.

This embodiment enables the key life time in the key table and the key life time of the routing protocol SA to be converted to each other without causing a collision.

(5) The embodiment of the invention provides a key parameter transmission method, which comprises the following steps:

for the public key cryptosystem, one key corresponds to not only a key with the length of a character string, but also a series of related parameters. This embodiment defines a new payload in ikev2 for loading the parameters corresponding to the key of public key cryptography. The payload can be loaded with different key parameters defined by public key cryptography.

This embodiment enables public key cryptography-based keys defined by the key table to be used in the routing protocol in the true sense.

(6) The embodiment of the invention provides a routing protocol SA negotiation mechanism based on public key cryptography, which comprises the following steps:

and negotiating by using records based on public key cryptography in the key table, and finally generating the routing protocol SA. The process can realize the conversion from the record in the key table to the routing protocol SA, and can successfully negotiate out the routing protocol SA.

This embodiment enables the ikev2 protocol to generate a routing protocol SA from public key cryptography-based key negotiations as defined in the key table.

(7) The embodiment of the invention provides a routing protocol SA negotiation mechanism based on symmetric cryptography, which comprises the following steps:

and negotiating by adopting records based on symmetric cryptography in the key table, and finally generating the routing protocol SA. The process can realize the conversion from the record in the key table to the routing protocol SA, and can successfully negotiate out the routing protocol SA.

This embodiment enables the ikev2 protocol to generate a routing protocol SA from symmetric cryptography-based key negotiations defined in the key table.

The technical scheme provided by the embodiment of the invention shows that the routing protocol key management method can provide a uniform long-term key storage form for different routing protocols, and is convenient for uniformly managing the long-term trust relationship used by the routing protocols. Meanwhile, the key table and the routing protocol SA can be corresponded, and the conversion from the key table to the routing protocol SA is realized. This greatly simplifies the operator's work of managing long-term keys, so that the operator only needs to know the format of one long-term key, instead of defining one long-term key format for each routing protocol and managing different routing protocol long-term key formats. The mode protects the safety of the routing table, so that the returned data of the 5G intelligent power grid inspection robot can be safely transmitted to the monitoring center.

The technical scheme provided by the invention also provides a data encryption transmission device suitable for the 5G intelligent power grid inspection robot, as shown in fig. 7, comprising:

The readable storage medium may be a computer storage medium or a communication medium. Communication media includes any medium that facilitates transfer of a computer program from one place to another. Computer storage media may be any available media that can be accessed by a general purpose or special purpose computer. For example, a readable storage medium is coupled to the processor such that the processor can read information from, and write information to, the readable storage medium. Of course, the readable storage medium may also be an integral part of the processor. The processor and the readable storage medium may reside in an Application Specific Integrated Circuits (ASIC). Additionally, the ASIC may reside in user equipment. Of course, the processor and the readable storage medium may also reside as discrete components in a communication device. The readable storage medium may be a read-only memory (ROM), a random-access memory (RAM), a CD-ROM, a magnetic tape, a floppy disk, an optical data storage device, and the like.

The present invention also provides a program product comprising execution instructions stored in a readable storage medium. The at least one processor of the device may read the execution instructions from the readable storage medium, and the execution of the execution instructions by the at least one processor causes the device to implement the methods provided by the various embodiments described above.

In the above embodiments of the terminal or the server, it should be understood that the Processor may be a Central Processing Unit (CPU), other general-purpose processors, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), etc. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The steps of a method disclosed in connection with the present invention may be embodied directly in a hardware processor, or in a combination of the hardware and software modules within the processor.

Finally, it should be noted that: the above embodiments are only used to illustrate the technical solution of the present invention, and not to limit the same; while the invention has been described in detail and with reference to the foregoing embodiments, it will be understood by those skilled in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some or all of the technical features may be equivalently replaced; and the modifications or the substitutions do not make the essence of the corresponding technical solutions depart from the scope of the technical solutions of the embodiments of the present invention.

Claims

1. Data encryption transmission method suitable for 5G smart power grids patrols and examines robot, its characterized in that includes:

2. The data encryption transmission method suitable for the 5G smart grid inspection robot according to claim 1, wherein the video data is encrypted through the following steps:

3. The data encryption transmission method suitable for the 5G smart grid inspection robot according to claim 2, further comprising:

4. The data encryption transmission method suitable for the 5G smart grid inspection robot according to claim 1,

a plurality of 5G smart power grids patrol and examine the video data that the robot was gathered to patrolling and examining the in-process and carry out identification processing respectively and obtain respective recognition result and include:

5. The data encryption transmission method suitable for the 5G smart grid inspection robot according to claim 1,

if the identification result is that a preset target exists in the video data, encrypting the video data to obtain second encrypted data, adding second mark information to the second encrypted data, and sending the second encrypted data added with the second mark information to a server side comprises the following steps:

6. The data encryption transmission method suitable for the 5G smart grid inspection robot according to claim 5,

the server judges that the quantity of the second encrypted data with the second mark information at the current moment is greater than a first preset value, then all the second encrypted data with the second mark information are screened to obtain the second encrypted data with the second mark information, the quantity of the second encrypted data after screening is the same as that of the second encrypted data with the second mark information of the first preset value, and the transmission of the second encrypted data after screening to the display end for display comprises the following steps: