CN116155633B - Sensor external data security protection and bidirectional authentication method, system and device - Google Patents

Sensor external data security protection and bidirectional authentication method, system and device Download PDF

Info

Publication number
CN116155633B
CN116155633B CN202310438678.7A CN202310438678A CN116155633B CN 116155633 B CN116155633 B CN 116155633B CN 202310438678 A CN202310438678 A CN 202310438678A CN 116155633 B CN116155633 B CN 116155633B
Authority
CN
China
Prior art keywords
data
hash value
sensor
uplink data
standard
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202310438678.7A
Other languages
Chinese (zh)
Other versions
CN116155633A (en
Inventor
徐晓瑶
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chengdu Shuzhili Technology Co.,Ltd.
Original Assignee
Nongshuyuan Chengdu Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nongshuyuan Chengdu Technology Co ltd filed Critical Nongshuyuan Chengdu Technology Co ltd
Priority to CN202310438678.7A priority Critical patent/CN116155633B/en
Publication of CN116155633A publication Critical patent/CN116155633A/en
Application granted granted Critical
Publication of CN116155633B publication Critical patent/CN116155633B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/70Reducing energy consumption in communication networks in wireless communication networks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention provides a method, a system and a device for protecting the safety and two-way identification of external data of a sensor, which comprise the steps of calculating and encrypting uplink data output by the sensor; after receiving the current task, verifying the uplink data and signing the uplink data; the invention realizes the authentication of the sensor through the binding of the sensor and the external device of the invention and the key management under the condition that the sensor is not changed, and the confidentiality, the authenticity and the integrity of the data sent by the sensor are protected, and meanwhile, the background subsystem can authenticate the uplink data and the downlink data after the sensor receives the background data, so that the authenticity, the integrity and the non-repudiation of the data are judged.

Description

Sensor external data security protection and bidirectional authentication method, system and device
Technical Field
The invention relates to the technical field of sensor data encryption, in particular to a method, a system and a device for external data security protection and bidirectional authentication of a sensor.
Background
After the sensor collects the data, the data or signals are generally directly sent to the background subsystem, in the process, the confidentiality of the data is not guaranteed, and the background subsystem cannot identify the authenticity and the integrity of the data. The sensor does not have the ability to authenticate instructions sent in the background.
Currently, in the patent application CN202010962790.7, which discloses a secure encryption method suitable for a sensor network, it is proposed to fix an encryption algorithm in an encryption chip to encrypt data, but the method does not include key management, data authenticity and integrity protection, verification of equipment by a background subsystem and verification of data by the background subsystem, so that the background cannot identify received data, the sensor cannot identify whether the received data is actually sent by the background subsystem, and the data is easy to leak.
Therefore, it is necessary to provide a method, a system and a device for protecting and identifying external data of a sensor in two directions to solve the above technical problems.
Disclosure of Invention
In order to solve the technical problems, the invention provides a method, a system and a device for external data security protection and bidirectional authentication of a sensor, which are used for solving the problems that the confidentiality of data is not guaranteed when the sensor is used for data transmission, the authenticity and the integrity of the data cannot be authenticated by a background subsystem, and the sensor does not have the capability of authenticating instructions sent by the background subsystem.
The invention provides a method, a system and a device for protecting and bidirectionally identifying external data of a sensor, which comprise the following steps:
calculating and encrypting uplink data output by the sensor;
after receiving the current task, verifying the uplink data and signing the uplink data;
verifying downlink data received by a sensor;
wherein, the calculating and encrypting the uplink data output by the sensor comprises:
encrypting the uplink data to obtain a ciphertext;
calculating the uplink data to obtain a standard hash value;
after receiving the current task, verifying the uplink data and signing the uplink data comprises the following steps:
decrypting the ciphertext to obtain a plaintext, and calculating an actual hash value of the plaintext;
comparing the actual hash value with the standard hash value;
the actual hash value that is passed the comparison is signed.
Preferably, before calculating and encrypting the upstream data output by the sensor, the method further comprises: and carrying out an initialization operation.
Preferably, the upstream data includes sensor data and a unique identifier.
Preferably, the encryption processing of the uplink data is performed, and the encryption mode in the obtained secret is a symmetric cryptographic algorithm.
Preferably, the standard hash value and the actual hash value are calculated by a cryptographic hash algorithm.
The external data security protection and two-way authentication system of the sensor comprises a data processing subsystem and a background subsystem;
the data processing subsystem is used for calculating and encrypting the uplink data output by the sensor and verifying the downlink data received by the sensor;
the background subsystem is used for verifying uplink data and signing the uplink data after receiving the current task:
an information channel is arranged between the data processing subsystem and the background subsystem;
the calculating and encrypting the uplink data output by the sensor specifically includes: encrypting the uplink data to obtain a ciphertext;
calculating the uplink data to obtain a standard hash value;
after receiving the current task, verifying the uplink data and signing the uplink data specifically comprises the following steps: decrypting the ciphertext to obtain a plaintext, and calculating an actual hash value of the plaintext;
comparing the actual hash value with the standard hash value;
the actual hash value that is passed the comparison is signed.
An external data security protection and two-way authentication device of a sensor, comprising:
the data security protection module is used for calculating and encrypting the uplink data output by the sensor and verifying the downlink data received by the sensor;
the data verification signature module is used for verifying uplink data and signing the uplink data after receiving the current task;
the data security protection module calculates and encrypts uplink data output by the sensor and verifies downlink data received by the sensor, and specifically includes: encrypting the uplink data to obtain a ciphertext;
calculating the uplink data to obtain a standard hash value;
after receiving the current task, the data verification signature module verifies uplink data and signs the uplink data specifically comprises: decrypting the ciphertext to obtain a plaintext, and calculating an actual hash value of the plaintext;
comparing the actual hash value with the standard hash value;
the actual hash value that is passed the comparison is signed.
Compared with the related art, the external data security protection and bidirectional authentication method, system and device for the sensor provided by the invention have the following beneficial effects:
under the condition that the sensor is not changed, the sensor is bound with the external device in one-to-one correspondence, and the key management is adopted, so that the sensor is identified, confidentiality, authenticity and integrity of data transmitted by the sensor are protected, meanwhile, the background subsystem can identify uplink data, and the sensor can identify downlink data after receiving the background data, so that the authenticity, the integrity and the non-repudiation of the data are judged.
Drawings
FIG. 1 is a schematic diagram of a system for protecting and identifying external data security of a sensor and two-way authentication according to the present invention;
FIG. 2 is a flow chart of a method for protecting and identifying external data of a sensor in two directions according to the present invention;
FIG. 3 is a schematic diagram of a data processing subsystem processing flow of a sensor external data security protection and two-way authentication method according to the present invention;
FIG. 4 is a schematic diagram of a background subsystem processing flow of a method for protecting and identifying sensor external data security and two-way authentication according to the present invention;
FIG. 5 is a schematic diagram of a hash value calculation process of the method for protecting and identifying external data security of a sensor according to the present invention;
FIG. 6 is a schematic signature flow chart of a method for protecting and identifying external data of a sensor in two directions according to the present invention;
fig. 7 is a schematic structural diagram of an external data security protection and bidirectional authentication module of the sensor according to the present invention.
Detailed Description
The following description of the embodiments of the present application will be made clearly and fully with reference to the accompanying drawings, in which it is evident that the embodiments described are only some, but not all, of the embodiments of the present application. All other embodiments, which can be made by one of ordinary skill in the art without undue burden from the present disclosure, are within the scope of the present disclosure.
For ease of understanding by those skilled in the art, referring to fig. 1, an external data security protection and two-way authentication system for a sensor includes: the system comprises a data processing subsystem and a background subsystem, wherein an information channel is arranged between the data processing subsystem and the background subsystem and comprises an uplink channel and a downlink channel;
the invention provides a method for protecting the safety and identifying the external data of a sensor in two directions, which is applied to the sensor, and is shown by referring to the attached figure 2, and comprises the following steps:
step S100: the data processing subsystem calculates and encrypts uplink data output by the sensor.
The specific implementation process of the step is shown in fig. 3:
step S101: encrypting the uplink data output by the sensor by using a symmetric cryptographic algorithm to obtain a ciphertext;
the method comprises the steps of encrypting data by adopting a symmetric cryptographic algorithm after receiving the data transmitted by a sensor to obtain a ciphertext, and transmitting the ciphertext to a background subsystem through a data transmitting module;
the symmetric cryptographic algorithm belongs to the prior art for those skilled in the art who know all the technical knowledge of the technical field of the invention before the application date or priority date and can know all the prior art in the field, and the specific working principle is not repeated here;
in this embodiment, as shown in fig. 5, step S102: calculating the uplink data by using a password hash algorithm to obtain a standard hash value;
specific: for the received first group of data, calculating the unique identifier of the data and the device by adopting a password hash algorithm to obtain a standard hash value, storing the standard hash value, and simultaneously transmitting the standard hash value to a background subsystem through a data transmission module; and for the data after the first group, a standard hash value of the data and the previous group of data is calculated by adopting a password hash algorithm to obtain the standard hash value, the standard hash value is also stored, and the standard hash value is sent to a background subsystem through a data sending module.
Similarly, the cryptographic hash algorithm belongs to the prior art, and the specific working principle is not described herein, for those skilled in the art who know all the technical knowledge of the present invention prior to the filing date or priority date and can know all the prior art in the field.
Step S200: after receiving the current task, the uplink data is verified and signed.
The specific implementation process of the step is shown in fig. 4:
step 201: decrypting the ciphertext by using the key to obtain a plaintext, and calculating an actual hash value of the plaintext by using a password hash algorithm;
specific: after receiving the ciphertext, the background subsystem decrypts the ciphertext by adopting a secret key received in the device initialization stage to obtain plaintext data; for the first group of data, the background subsystem calculates the plaintext data and the unique identifier of the device by adopting a cryptographic hash algorithm to obtain an actual hash value;
step 202: comparing the actual hash value with the standard hash value;
specific: comparing the actual hash value with the standard hash value received by the background subsystem, and if the actual hash value is consistent with the standard hash value, passing the verification; otherwise, an error is prompted. For the first group of later data, the background subsystem adopts a password hash algorithm to calculate the actual hash value of the last group of data to obtain the actual hash value, compares the actual hash value with the received standard hash value, and if the actual hash value is consistent with the received standard hash value, passes verification; otherwise, an error is prompted.
In this embodiment, as shown in fig. 6, step 203: signing the actual hash value which passes the comparison by using the private key;
specifically, the background subsystem sets the time for signing the actual hash value, and for the first signature, the background subsystem calculates the hash value of the hash value, the device state, the signature sequence and the like passing verification in the time period by adopting a password hash algorithm, and signs the hash value by utilizing a private key to obtain a signature value; for the signatures after the first time, the background subsystem adopts a password hash algorithm to calculate hash values passing verification, last signature values, device states, signature sequences and the like in the time period, and signs the hash values by using a private key.
Step S300: verifying downlink data received by a sensor;
specifically, the background subsystem encrypts the issued data by adopting a secret key of a symmetric cryptographic algorithm of the device, signs the issued data by adopting a private key, and then issues the data and the signature value to the data processing subsystem, wherein the data processing subsystem is used for processing the issued data. The data that is delivered includes, but is not limited to: instruction data, device configuration, key exchange, etc.
The data processing subsystem adopts the public key to verify the signature value, and if the verification is passed, the data processing subsystem operates according to the data; otherwise, an error is prompted.
In the invention, the background subsystem can check the data generated by each device, authenticate the data by verifying the hash value and/or the signature value corresponding to the required authentication data, and if the data passes the authentication;
similarly, the data processing subsystem authenticates the data issued by the background subsystem through the hash value and/or the signature value corresponding to the authentication data, and the authenticity and the integrity of the data are ensured.
In this embodiment, before use, an initialization operation is further required, which specifically includes: sensor, data processing subsystem and background subsystem pre-preparation: the sensor information including but not limited to name, manufacturer, type, unique identification, data verification mode, etc. is entered into the background subsystem;
inputting information of the data processing subsystem, including but not limited to name, manufacturer, type, unique identifier, etc., into the background subsystem;
the cryptographic algorithm supported by the data processing subsystem is imported by the background subsystem and comprises a symmetric cryptographic algorithm, a public key cryptographic algorithm and a cryptographic hash algorithm;
the background subsystem adopts a random number generator to produce random numbers, and the random numbers are imported into the device.
The sensor, the data processing subsystem and the background subsystem are connected, and specifically comprise: and selecting a corresponding interface according to the butted sensor data transmission interface, realizing one-to-one correspondence between the sensor and the data processing subsystem, and inputting the corresponding sensor unique identifier and the device unique identifier into the background subsystem.
After the sensor is successfully connected with the data processing subsystem, the specified data is sent to the background subsystem, the background subsystem locks the one-to-one correspondence relationship between the sensor and the data processing subsystem, and the data processing subsystem is activated and can be used.
The background subsystem adopts a cryptographic hash algorithm to calculate a hash value of the content formed by the unique identifier of the sensor and the unique identifier of the data processing subsystem, and the hash value is reserved.
The data processing subsystem needs to be initialized after being activated, and specifically includes:
automatically generating a key and a security parameter of a preset cryptographic algorithm while the data processing subsystem is activated;
calculating hash values of information such as unique identification of the data processing subsystem, activation time, position (available space) of the device during activation, automatically generated secret key and security parameter, corresponding relation between the data processing subsystem and the sensor and the like by using a password hash algorithm;
encrypting information such as unique identification of the data processing subsystem, activation time, position (available space) of the device during activation, automatically generated secret key and security parameter, corresponding relation between the data processing subsystem and the sensor and the like by using a symmetric cryptographic algorithm to obtain ciphertext;
encrypting the data such as the ciphertext and the secret key of the symmetric cryptographic algorithm by using a preset public key cryptographic algorithm to obtain the ciphertext, and sending the ciphertext and the hash value to a background subsystem;
the background subsystem uses a private key corresponding to a preset public key cryptographic algorithm to decrypt, so as to obtain the unique identification of the data processing subsystem, the activation time, the position of the data processing subsystem during activation, the automatically generated secret key and security parameter, the ciphertext of the information such as the corresponding relation with the sensor, and the secret key of the symmetric cryptographic algorithm.
The background subsystem decrypts the unique identifier of the data processing subsystem, the activation time, the position of the activation time, the automatically generated key and the security parameter, the ciphertext of the information such as the corresponding relation with the sensor and the like by using the key of the symmetric cryptographic algorithm, and obtains the unique identifier of the data processing subsystem, the activation time, the position of the activation time, the automatically generated key and the security parameter and the corresponding relation with the sensor.
The background subsystem calculates the unique identification of the data processing subsystem, the activation time, the position of the data processing subsystem when the data processing subsystem is activated, the automatically generated key, the automatically generated security parameter, the corresponding relation with the sensor and other information hash values by using the key and the security parameter of the hash algorithm obtained after decryption, compares the value (namely the actual hash value) with the received hash value (namely the standard hash value), and if the value is consistent, passes verification; otherwise, an error is prompted.
The background subsystem compares the received corresponding relation between the data processing subsystem and the sensor with the stored corresponding relation, and if the corresponding relation is consistent, the verification is passed; otherwise, an error is prompted.
The comparison mode which can be added comprises the position of the data processing subsystem when in activation;
after the background subsystem passes the verification, the data activated by the data processing subsystem is signed by adopting a private key, and the activated data and a signature value are returned to the data;
after receiving the data and the signature value, the data processing subsystem verifies the signature value by adopting a public key, and enters a normal working state after verification; otherwise, an error is prompted.
In this embodiment, the method further includes checking the data processing subsystem, specifically including: if the connection with the sensor is disconnected, the data processing subsystem records and sends disconnection information to the background subsystem;
the data processing subsystem performs self-checking regularly and sends self-checking information to the background subsystem.
The background subsystem receives the abnormal state signal of the data processing subsystem or can not receive the signal of the data processing subsystem and checks the abnormal state signal;
the background subsystem monitors the data quantity sent by all the data processing subsystems, counts the usual data quantity, sets a boundary value, and automatically reminds the device to carry out abnormality detection after the data quantity exceeds the boundary value.
And monitoring the data processing subsystem according to the power consumption of the data processing subsystem, and automatically reminding to check when the power consumption is abnormal.
The invention also provides a sensor external data security protection and bidirectional authentication device, as shown in figure 7, which comprises a data receiving module, a data security protection module, a data sending module, a data verification signature module, a data management module, a power supply and an information channel between the modules;
the data receiving module and the data transmitting module are formed by all modularized interfaces, including but not limited to RJ45 interfaces, RS485 interfaces, RS232 interfaces, WIFI interfaces, GPRS interfaces, USB interfaces, 4G interfaces, 5G interfaces and NB-IOT interfaces; the data security protection module comprises a password module, a memory card, a driver and a firmware which meet the GB/T37092 information security technology password module security requirements, realizes data encryption protection and digital signature on received data sent by the sensor, authenticates the data sent by the background, and sends the data to the sensor after the authentication is passed; the data verification signature module and the data management module comprise the functions of key generation, distribution and other management, equipment management, data processing and storage, data authentication and the like.
In the description of the present invention, it should be noted that the directions or positional relationships indicated by the terms "center", "upper", "lower", "left", "right", "vertical", "horizontal", "inner", "outer", etc. are based on the directions or positional relationships shown in the drawings, are merely for convenience of describing the present invention and simplifying the description, and do not indicate or imply that the devices or elements referred to must have a specific orientation, be configured and operated in a specific orientation, and thus should not be construed as limiting the present invention.
The foregoing description is only illustrative of the present invention and is not intended to limit the scope of the invention, and all equivalent structures or equivalent processes or direct or indirect application in other related technical fields are included in the scope of the present invention.

Claims (7)

1. The external data security protection and two-way authentication method for the sensor is characterized by comprising the following steps of:
calculating and encrypting uplink data output by the sensor;
after receiving the current task, verifying the uplink data and signing the uplink data;
verifying downlink data received by a sensor;
wherein, the calculating and encrypting the uplink data output by the sensor comprises:
encrypting the uplink data to obtain a ciphertext;
calculating the uplink data to obtain a standard hash value;
after receiving the current task, verifying the uplink data and signing the uplink data comprises the following steps:
decrypting the ciphertext to obtain a plaintext, and calculating an actual hash value of the plaintext;
comparing the actual hash value with the standard hash value;
signing the actual hash value by comparison;
the method comprises the steps of calculating uplink data by using a password hash algorithm to obtain a standard hash value, and specifically comprises the following steps: for the received first group of data, calculating the unique identifier of the data and the device by adopting a password hash algorithm to obtain a standard hash value, storing the standard hash value, and simultaneously transmitting the standard hash value to a background subsystem through a data transmission module; for the data after the first group, a password hash algorithm is adopted to calculate the standard hash value of the data and the previous group of data to obtain the standard hash value, the standard hash value is also stored, and the standard hash value is sent to a background subsystem through a data sending module;
signing the actual hash value which passes the comparison by using the private key, and specifically comprises the following steps: the background subsystem sets the signing time of the actual hash value, and for the first signing, the background subsystem adopts a password hash algorithm to calculate the hash value of the hash value, the device state, the signature sequence and the like which pass verification in the time period, and signs the hash value by using a private key to obtain a signature value; for the signatures after the first time, the background subsystem adopts a password hash algorithm to calculate hash values passing verification, last signature values, device states, signature sequences and the like in the time period, and signs the hash values by using a private key.
2. The method for protecting and authenticating external data of a sensor according to claim 1, further comprising, prior to said calculating and encrypting the output uplink data of the sensor: and carrying out an initialization operation.
3. The method for protecting and authenticating external data of a sensor according to claim 1, wherein the uplink data comprises sensor data and a unique identifier.
4. The method for protecting and authenticating external data security of sensor according to claim 1, wherein the encryption of the uplink data is performed in a symmetric cryptographic algorithm.
5. The method for protecting and authenticating external data security of a sensor according to claim 1, wherein the standard hash value and the actual hash value are calculated by a cryptographic hash algorithm.
6. The external data security protection and two-way authentication system of the sensor is characterized by comprising a data processing subsystem and a background subsystem;
the data processing subsystem is used for calculating and encrypting the uplink data output by the sensor and verifying the downlink data received by the sensor;
the background subsystem is used for verifying uplink data and signing the uplink data after receiving the current task:
an information channel is arranged between the data processing subsystem and the background subsystem;
the calculating and encrypting the uplink data output by the sensor specifically includes: encrypting the uplink data to obtain a ciphertext;
calculating the uplink data to obtain a standard hash value;
after receiving the current task, verifying the uplink data and signing the uplink data specifically comprises the following steps: decrypting the ciphertext to obtain a plaintext, and calculating an actual hash value of the plaintext;
comparing the actual hash value with the standard hash value;
signing the actual hash value by comparison;
the method comprises the steps of calculating uplink data by using a password hash algorithm to obtain a standard hash value, and specifically comprises the following steps: for the received first group of data, calculating the unique identifier of the data and the device by adopting a password hash algorithm to obtain a standard hash value, storing the standard hash value, and simultaneously transmitting the standard hash value to a background subsystem through a data transmission module; for the data after the first group, a password hash algorithm is adopted to calculate the standard hash value of the data and the previous group of data to obtain the standard hash value, the standard hash value is also stored, and the standard hash value is sent to a background subsystem through a data sending module;
signing the actual hash value which passes the comparison by using the private key, and specifically comprises the following steps: the background subsystem sets the signing time of the actual hash value, and for the first signing, the background subsystem adopts a password hash algorithm to calculate the hash value of the hash value, the device state, the signature sequence and the like which pass verification in the time period, and signs the hash value by using a private key to obtain a signature value; for the signatures after the first time, the background subsystem adopts a password hash algorithm to calculate hash values passing verification, last signature values, device states, signature sequences and the like in the time period, and signs the hash values by using a private key.
7. The utility model provides an external data security protection of sensor and two-way authentication device which characterized in that includes:
the data security protection module is used for calculating and encrypting the uplink data output by the sensor and verifying the downlink data received by the sensor;
the data verification signature module is used for verifying uplink data and signing the uplink data after receiving the current task;
the data security protection module calculates and encrypts uplink data output by the sensor and verifies downlink data received by the sensor, and specifically includes: encrypting the uplink data to obtain a ciphertext;
calculating the uplink data to obtain a standard hash value;
after receiving the current task, the data verification signature module verifies uplink data and signs the uplink data specifically comprises: decrypting the ciphertext to obtain a plaintext, and calculating an actual hash value of the plaintext;
comparing the actual hash value with the standard hash value;
signing the actual hash value by comparison;
the method comprises the steps of calculating uplink data by using a password hash algorithm to obtain a standard hash value, and specifically comprises the following steps: for the received first group of data, calculating the unique identifier of the data and the device by adopting a password hash algorithm to obtain a standard hash value, storing the standard hash value, and simultaneously transmitting the standard hash value to a background subsystem through a data transmission module; for the data after the first group, a password hash algorithm is adopted to calculate the standard hash value of the data and the previous group of data to obtain the standard hash value, the standard hash value is also stored, and the standard hash value is sent to a background subsystem through a data sending module;
signing the actual hash value which passes the comparison by using the private key, and specifically comprises the following steps: the background subsystem sets the signing time of the actual hash value, and for the first signing, the background subsystem adopts a password hash algorithm to calculate the hash value of the hash value, the device state, the signature sequence and the like which pass verification in the time period, and signs the hash value by using a private key to obtain a signature value; for the signatures after the first time, the background subsystem adopts a password hash algorithm to calculate hash values passing verification, last signature values, device states, signature sequences and the like in the time period, and signs the hash values by using a private key.
CN202310438678.7A 2023-04-23 2023-04-23 Sensor external data security protection and bidirectional authentication method, system and device Active CN116155633B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310438678.7A CN116155633B (en) 2023-04-23 2023-04-23 Sensor external data security protection and bidirectional authentication method, system and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310438678.7A CN116155633B (en) 2023-04-23 2023-04-23 Sensor external data security protection and bidirectional authentication method, system and device

Publications (2)

Publication Number Publication Date
CN116155633A CN116155633A (en) 2023-05-23
CN116155633B true CN116155633B (en) 2023-06-27

Family

ID=86358583

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310438678.7A Active CN116155633B (en) 2023-04-23 2023-04-23 Sensor external data security protection and bidirectional authentication method, system and device

Country Status (1)

Country Link
CN (1) CN116155633B (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2012149717A1 (en) * 2011-08-31 2012-11-08 华为技术有限公司 License dynamic management method, device and system based on tcm or tpm
WO2022135391A1 (en) * 2020-12-26 2022-06-30 西安西电捷通无线网络通信股份有限公司 Identity authentication method and apparatus, and storage medium, program and program product

Family Cites Families (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101486782B1 (en) * 2010-06-27 2015-01-28 킹 사우드 유니버시티 One-time password authentication with infinite nested hash chains
KR101765917B1 (en) * 2011-01-06 2017-08-24 삼성전자주식회사 Method for authenticating personal network entity
CN103701797B (en) * 2013-12-23 2017-01-25 江苏物联网研究发展中心 Light-weight node and gateway two-way identity authentication method
CN103888241B (en) * 2014-03-28 2017-04-19 北京工业大学 Method for implementing digital-forensics-oriented digital evidence supervision chain
WO2017053048A1 (en) * 2015-09-25 2017-03-30 Pcms Holdings, Inc. Domain based iot authorization and authentication
CN111201752A (en) * 2017-08-11 2020-05-26 塞库尔开放***公司 Data verification system based on Hash
CN109905877B (en) * 2017-12-08 2020-11-10 大唐移动通信设备有限公司 Message verification method of communication network system, communication method and communication network system
US11277406B2 (en) * 2019-06-28 2022-03-15 Intel Corporation MTS-based mutual-authenticated remote attestation
CN112434279B (en) * 2020-12-08 2024-06-14 北京万协通信息技术有限公司 Bidirectional authentication method based on embedded type inter-account book

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2012149717A1 (en) * 2011-08-31 2012-11-08 华为技术有限公司 License dynamic management method, device and system based on tcm or tpm
WO2022135391A1 (en) * 2020-12-26 2022-06-30 西安西电捷通无线网络通信股份有限公司 Identity authentication method and apparatus, and storage medium, program and program product

Also Published As

Publication number Publication date
CN116155633A (en) 2023-05-23

Similar Documents

Publication Publication Date Title
CN102111265B (en) Method for encrypting secure chip of power system acquisition terminal
CN101559745B (en) Vehicle control system for preventing stealing and robbery and implementation method thereof
CN103731259B (en) A kind of terminal master key TMK safety downloading method and systems
CN103001771B (en) Data transmission security encryption method for metering automation system
CN106572106B (en) Method for transmitting message between TBOX terminal and TSP platform
CN106327184A (en) Intelligent mobile terminal payment system and intelligent mobile terminal payment method based on safe hardware isolation
CN106790064B (en) The method that both sides are communicated in credible root server-cloud computing server model
CN103679062A (en) Intelligent electric meter main control chip and security encryption method
CN106357400A (en) Method and system for establishing channel between TBOX terminal and TSP platform
CN101483654A (en) Method and system for implementing authentication and data safe transmission
CN112910100B (en) Credible power supply and receiving device and control method thereof
CN107135070A (en) Method for implanting, framework and the system of RSA key pair and certificate
CN111435390B (en) Safety protection method for operation and maintenance tool of power distribution terminal
CN111654510B (en) Signing terminal with national encryption function and signing data transmission method
CN105281910A (en) Internet of things lock with CA digital certificate serving as network access identity identifier and network access identity identification method
CN104283675A (en) Concentrator, electricity meter and message processing method of concentrator and electricity meter
CN112020038A (en) Domestic encryption terminal suitable for rail transit mobile application
CN111147257A (en) Identity authentication and information confidentiality method, monitoring center and remote terminal unit
CN111435389A (en) Power distribution terminal operation and maintenance tool safety protection system
CN105933117A (en) Data encryption and decryption device and method based on TPM (Trusted Platform Module) key security storage
CN116155633B (en) Sensor external data security protection and bidirectional authentication method, system and device
CN113506388A (en) Lockset safety control method and device and storage medium
CN114826742B (en) Communication security system and authentication method for engineering machinery internet of things perception layer network
CN115296800A (en) Verification method and system for cipher module firmware
CN113676330B (en) Digital certificate application system and method based on secondary secret key

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right

Effective date of registration: 20240401

Address after: No. 2803, 28th Floor, Building 3, No. 138 Tianfu Second Street, Chengdu High tech Zone, China (Sichuan) Pilot Free Trade Zone, Chengdu City, Sichuan Province, 610095

Patentee after: Chengdu Shuzhili Technology Co.,Ltd.

Country or region after: China

Address before: No. 2722, 27th Floor, Unit 1, Building 1, No. 18 Dongsi South 1st Road, High tech Zone, Chengdu, Sichuan, 610000

Patentee before: Nongshuyuan (Chengdu) Technology Co.,Ltd.

Country or region before: China

TR01 Transfer of patent right