CN116633555A

CN116633555A - Method and system for terminal equipment data acquisition interaction

Info

Publication number: CN116633555A
Application number: CN202310535799.3A
Authority: CN
Inventors: 王聪; 张蓬鹤; 郜波; 陈昊; 郑安刚; 杨艺宁; 宋如楠; 吴忠强
Original assignee: China Electric Power Research Institute Co Ltd CEPRI
Current assignee: China Electric Power Research Institute Co Ltd CEPRI
Priority date: 2023-05-12
Filing date: 2023-05-12
Publication date: 2023-08-22

Abstract

The invention discloses a method and a system for data acquisition interaction of terminal equipment, wherein the method comprises the following steps: the sending module encrypts the identity identification information and the identity key information of the terminal to generate an identity information ciphertext; generating a confusion character string, and adding the confusion character string to the identity information ciphertext; the identity information ciphertext added with the confusion character string is sent to a receiving module; deleting the received confusion character strings in the identity information ciphertext, decrypting the identity information ciphertext, and obtaining identity identification information and identity key information; after the identity identification information and the identity key information pass through verification, encrypting the data file through a sending module to generate an encrypted file; generating a data file signature through a sending module; the encrypted file and the data file signature are sent to a receiving module through a sending module; decrypting the encrypted file through the receiving module, obtaining the decrypted data file, authenticating the signature of the data file, and confirming the integrity of the data file.

Description

Method and system for terminal equipment data acquisition interaction

Technical Field

The invention relates to the technical field of data interaction, in particular to a method and a system for data acquisition and interaction of terminal equipment.

Background

Along with the development of economy and society, the demands of various industries and resident users for electric power are increasing, and power supply service scenes are increasing, so that power supply service personnel have the characteristics of multiple points, line length, dispersion, difficulty in centralized management and the like when performing power supply service, and in the power supply service scene, the scene is in more contact with the power utilization customer, so that the problem of disputes is easily caused by complaints. In order to improve the standardization service awareness of power supply service personnel, ensure the power supply service personnel to fulfill responsibility, standardize service language, strengthen self-restraint, improve operation level and working effect, objectively and truly record the whole process of power supply service, fix site conditions in time, examine, evaluate and supervise the power supply service quality of the power supply service personnel, maintain the legal rights and interests of the power supply service personnel and the principal, the power supply company definitely proposes that the whole-course audio and video recording should be carried out when relevant work of power supply site service is carried out, and records site service behaviors, so that the power supply service recorder can be generated. However, the video and audio files of the existing power supply service recorder are not stored in a fixed place, and are mostly manually exported to a specific computer, so that video and audio data are large, the exporting time is long, the efficiency is low, and risks such as data classification errors, data loss and the like are easy to occur in the transmission process.

Therefore, a technology is needed to realize the data acquisition interaction of the terminal equipment.

Disclosure of Invention

The technical scheme of the invention provides a method and a system for terminal equipment data acquisition interaction, which are used for solving the problem of how to acquire and interact terminal equipment data.

In order to solve the above problems, the present invention provides a method for terminal device data acquisition interaction, the method comprising:

encrypting the identity identification information and the identity key information of the terminal through a sending module to generate an identity information ciphertext; generating an confusion character string and adding the confusion character string to the identity information ciphertext; the identity information ciphertext added with the confusion character string is sent to a receiving module;

deleting the confusion character string in the identity information ciphertext of the received confusion character string by the receiving module, decrypting the identity information ciphertext, and obtaining decrypted identity identification information and identity key information; verifying the identity identification information and the identity key information;

after the identity identification information and the identity key information pass through verification, encrypting the data file through the sending module to generate an encrypted file; generating a data file signature through the sending module;

the encrypted file and the data file signature are sent to the receiving module through the sending module;

decrypting the encrypted file through the receiving module, obtaining the decrypted data file, authenticating the data file signature, and confirming the integrity of the data file.

Preferably, the identification information includes a terminal identity ID; the identity key information comprises an identity key and a key validity period;

the verifying the identity identification information and the identity key information comprises the following steps:

and verifying the key validity period, and comparing the received terminal identity ID and the identity key with a pre-stored terminal identity ID and identity key through the receiving module when the key validity period is within the validity period.

Preferably, the generating the confusion string and adding the confusion string to the identity information ciphertext includes:

calculating the character string length n of the identity information ciphertext;

randomly generating a random character string of a preset group number to obtain the length of the random character string;

randomly acquiring a position index random (1, n) with a designated number as an insertion position between 1 and n;

inserting the random character string generated randomly into the secret according to the position index random (1, n);

and storing the identity information ciphertext, the random character string, the insertion position and the random character string length added with the confusion character string.

Preferably, the receiving module deletes the confusion character string in the identity information ciphertext of the received confusion character string, decrypts the identity information ciphertext, and obtains decrypted identity identification information and identity key information; verifying the identity identification information and the identity key information, including:

deleting the confusion character strings in the identity information ciphertext of the received confusion character strings by the receiving module to obtain an identity information ciphertext M2;

decrypting according to the identity information ciphertext M2 to obtain plaintext identity identification information M1;

based on the plaintext identity recognition information m1, acquiring identity recognition information, an identity key and a key validity period;

and comparing and verifying the identity identification information, the identity key and the key validity period acquired from the plaintext identity identification information m1 with the identity identification information, the identity key and the key validity period in a legal identity information base respectively.

Preferably, after the identity identification information and the identity key information pass verification, encrypting the data file through the sending module to generate an encrypted file; generating, by the sending module, a data file signature, comprising:

dividing an original data file into data file blocks according to a preset size, and encrypting each data file block through an encryption algorithm to generate a digital fingerprint of each data file block;

encrypting, by the sending module, the digital fingerprint based on an encryption algorithm and the public key using the asymmetrically encrypted public key obtained from the receiving module, and generating a hash value for each data file block;

generating a digital signature for each data file block based on the encryption key and the hash value;

the hash values and digital signatures of all the data file blocks are combined to generate a set of hash values and a set of digital signatures.

Preferably, the decrypting the encrypted file by the receiving module, obtaining a decrypted data file and authenticating the data file signature, includes:

decrypting the digital signature of each data file block based on an encryption algorithm and a decryption key through the receiving module to obtain the digital fingerprint and the hash value of each data file block;

and comparing the digital fingerprint with the digital fingerprint of the data file block in the original data file in the sending module, and comparing the hash value with the hash value in the hash value set of the data file block in the original data file to check the integrity of the data file.

Based on another aspect of the present invention, the present invention provides a system for terminal device data acquisition interaction, the system comprising:

the sending module is used for encrypting the identity identification information and the identity key information of the terminal to generate an identity information ciphertext; generating an confusion character string and adding the confusion character string to the identity information ciphertext; the identity information ciphertext added with the confusion character string is sent to a receiving module; after the identity identification information and the identity key information pass through verification, encrypting the data file through the sending module to generate an encrypted file; generating a data file signature through the sending module; the encrypted file and the data file signature are sent to the receiving module through the sending module;

the receiving module is used for deleting the confusion character strings in the identity information ciphertext of the received confusion character strings, decrypting the identity information ciphertext and obtaining decrypted identity identification information and identity key information; verifying the identity identification information and the identity key information;

Preferably, the sending module is configured to generate an confusion string, and add the confusion string to the identity information ciphertext, and is further configured to:

Preferably, the receiving module is configured to delete an confusion string in the identity information ciphertext of the received confusion string, decrypt the identity information ciphertext, and obtain decrypted identity identification information and identity key information; the identity identification information and the identity key information are verified and are also used for:

Preferably, the receiving module is configured to decrypt the encrypted file, obtain a decrypted data file, authenticate the data file signature, and further is configured to:

The technical scheme of the invention provides a method and a system for terminal equipment data acquisition interaction, wherein the method comprises the following steps: encrypting the identity identification information and the identity key information of the terminal through a sending module to generate an identity information ciphertext; generating a confusion character string, and adding the confusion character string to the identity information ciphertext; the identity information ciphertext added with the confusion character string is sent to a receiving module; deleting the confusion character string in the identity information ciphertext of the received confusion character string by the receiving module, decrypting the identity information ciphertext, and obtaining decrypted identity identification information and identity key information; verifying the identity identification information and the identity key information; after the identity identification information and the identity key information pass through verification, encrypting the data file through a sending module to generate an encrypted file; generating a data file signature through a sending module; the encrypted file and the data file signature are sent to a receiving module through a sending module; decrypting the encrypted file through the receiving module, obtaining the decrypted data file, authenticating the signature of the data file, and confirming the integrity of the data file. The technical scheme of the invention provides a method and a system for data acquisition interaction of terminal equipment, which can realize automatic data acquisition interaction and file integrity verification of a power supply service recorder and a video and audio storage device, improve the field work efficiency, ensure the integrity and compliance of video and audio data of the power supply service recorder and improve the trusted acceptance.

Drawings

Exemplary embodiments of the present invention may be more completely understood in consideration of the following drawings:

FIG. 1 is a flow chart of a method for terminal device data acquisition interactions in accordance with a preferred embodiment of the present invention;

fig. 2 is a schematic diagram of a configuration of a transmitting module according to a preferred embodiment of the present invention;

fig. 3 is a schematic structural view of a receiving module according to a preferred embodiment of the present invention;

FIG. 4 is a schematic diagram of a symmetric encryption flow in accordance with a preferred embodiment of the present invention;

FIG. 5 is a schematic diagram of a data decryption flow according to a preferred embodiment of the present invention;

FIG. 6 is a schematic diagram of an automated collection and data interaction flow according to a preferred embodiment of the present invention;

FIG. 7 is a schematic diagram of a digital fingerprint generation flow chart in accordance with a preferred embodiment of the present invention;

FIG. 8 is a schematic diagram of a hash set and digital signature set generation flow in accordance with a preferred embodiment of the present invention;

FIG. 9 is a schematic diagram of a data file decryption flow according to a preferred embodiment of the present invention; and

fig. 10 is a system configuration diagram for data acquisition interaction of a terminal device according to a preferred embodiment of the present invention.

Detailed Description

The exemplary embodiments of the present invention will now be described with reference to the accompanying drawings, however, the present invention may be embodied in many different forms and is not limited to the examples described herein, which are provided to fully and completely disclose the present invention and fully convey the scope of the invention to those skilled in the art. The terminology used in the exemplary embodiments illustrated in the accompanying drawings is not intended to be limiting of the invention. In the drawings, like elements/components are referred to by like reference numerals.

Unless otherwise indicated, terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art. In addition, it will be understood that terms defined in commonly used dictionaries should be interpreted as having a meaning that is consistent with their meaning in the context of the relevant art and will not be interpreted in an idealized or overly formal sense.

Fig. 1 is a flow chart of a method for terminal device data acquisition interaction according to a preferred embodiment of the present invention. In order to realize automatic data acquisition interaction and file integrity verification of a power supply service recorder and a video and audio storage device, improve the field work efficiency, ensure the integrity and compliance of video and audio data of the power supply service recorder and improve the acceptance of public trust, the invention provides a method for data acquisition interaction of terminal equipment. The data interaction method and the automatic acquisition system for the power supply service recorder provided by the invention consist of a sending module and a receiving module, and can realize data automatic acquisition interaction and file integrity verification. The sending module mainly realizes the preprocessing and storage processes of the identity information and generates the digital fingerprint and the digital signature of the data file. The receiving module mainly realizes identity information verification and data file integrity verification.

As shown in fig. 1, the present invention provides a method for data acquisition interaction of a terminal device, the method comprising:

step 101: encrypting the identity identification information and the identity key information of the terminal through a sending module to generate an identity information ciphertext; generating a confusion character string, and adding the confusion character string to the identity information ciphertext; the identity information ciphertext added with the confusion character string is sent to a receiving module;

verifying the identity identification information and the identity key information, including:

and verifying the validity period of the key, and comparing the received terminal identity ID and the identity key with the pre-stored terminal identity ID and the pre-stored identity key through the receiving module when the validity period of the key is within the validity period.

Preferably, generating the confusion character string and adding the confusion character string to the identity information ciphertext includes:

and (5) preserving the identity information ciphertext, the random character string, the insertion position and the random character string length of the added confusion character string.

Fig. 2 is a schematic diagram of a transmission module structure; in fig. 2, the functions of the pins are as follows:

SCL is serial clock input pin to control all data input and output of device;

SDA is serial data input/output pin;

VCC is power supply voltage, and working voltage is 3.0-5.5V;

GND is ground.

Fig. 3 is a schematic diagram of a receiving module structure; in fig. 3, the functions of the pins are as follows:

SCL is serial clock input pin to control all data input and output of device;

SDA is serial data input/output pin;

VCC is power supply voltage, and working voltage is 3.0-5.5V;

GND is ground.

The invention realizes data interaction and automatic acquisition, firstly, a sending module packs and encrypts the related information such as the identity ID, the identity key, the key effective time and the like of a power supply service recorder through a national cipher SM1 algorithm, takes encrypted ciphertext, and calculates the character string length n; randomly generating 3 groups of random character strings random (a-z|A-Z|0-9, random (10)), wherein each group of character strings consists of 52 English letters with the lower case and 0-9 Arabic numerals, and the length is not more than 10; randomly taking 3 numbers between 1 and n as indexes random (1, n) of the insertion positions, and inserting the randomly generated character strings into the text according to the index positions; and storing the finally processed ciphertext, the inserted character string, the inserted position and the inserted character string length. Symmetric encryption and information confusion are achieved. As shown in fig. 4.

Step 102: deleting the confusion character string in the identity information ciphertext of the received confusion character string by the receiving module, decrypting the identity information ciphertext, and obtaining decrypted identity identification information and identity key information; verifying the identity identification information and the identity key information;

when the invention is used for data transmission, after the receiving module receives the information, the confusion character strings added in the data confusion process of the sending module are deleted, and the information of the identity ID, the identity key and the key effective time is obtained through decryption by the SM1 algorithm of the national secret. And verifying the key effective time of the identity information, if the received device ID and the identity key are compared with the legal identity information stored by the receiving module in the effective period, and after the comparison is successful, the transmitting module automatically starts the encryption transmission of the data file by using the HTTPS protocol encryption. As shown in fig. 5.

Preferably, deleting the confusion character string in the identity information ciphertext of the received confusion character string by the receiving module, decrypting the identity information ciphertext, and obtaining decrypted identity identification information and identity key information; verifying the identity identification information and the identity key information, including:

deleting the confusion character strings in the identity information ciphertext of the received confusion character strings through a receiving module to obtain an identity information ciphertext M2;

and comparing and verifying the identity identification information, the identity key and the key validity period acquired from the plaintext identity identification information m1 with the identity identification information, the identity key and the key validity period in a legal identity information base respectively. As shown in fig. 6.

Step 103: after the identity identification information and the identity key information pass through verification, encrypting the data file through a sending module to generate an encrypted file; generating a data file signature through a sending module;

preferably, after the identity identification information and the identity key information pass verification, the data file is encrypted through the sending module to generate an encrypted file; generating, by the sending module, a data file signature, comprising:

encrypting the digital fingerprint by the transmitting module based on an encryption algorithm and the public key by using the asymmetrically encrypted public key acquired from the receiving module, and generating a hash value of each data file block;

Step 104: the encrypted file and the data file signature are sent to a receiving module through a sending module;

step 105: decrypting the encrypted file through the receiving module, obtaining the decrypted data file, authenticating the signature of the data file, and confirming the integrity of the data file.

Preferably, decrypting the encrypted file by the receiving module, obtaining a decrypted data file and authenticating a signature of the data file, including:

decrypting the digital signature of each data file block based on the encryption algorithm and the decryption key through the receiving module to obtain the digital fingerprint and the hash value of each data file block;

The invention checks the integrity of the data file. Firstly, a sending module divides an original file generated by a power supply service recorder into a plurality of file blocks with the size of 256K, encrypts each file block by using an AES256 encryption algorithm of SM1, and generates a digital fingerprint of each file block. As shown in fig. 7.

The sending module then obtains an asymmetrically encrypted public key from the receiving module, encrypts the digital fingerprint using the national encryption SM3 algorithm and the public key, and generates a hash value H1, h2. for each file block. As shown in fig. 8.

Finally, when the receiving module receives the file, the receiving module applies the SM3 cryptographic algorithm and the decryption key to decrypt the digital signature of the received file block to obtain the digital fingerprint and the hash value h of the file block. And comparing the digital fingerprint and the hash value H with each single quantity in the file block digital fingerprint and the hash set H generated by the original file by the sending module, thereby realizing the integrity check of the data file and ensuring the integrity of the data in the transmission process. As shown in fig. 9.

The invention provides a data interaction method and an automatic acquisition method for a power supply service recorder, which are characterized in that the identity information and an original file of the power supply service recorder are symmetrically encrypted and mixed by a sending module, and automatic authentication is carried out in a mode of decrypting and removing mixed information by a receiving module, so that the interaction and automatic acquisition of data are realized; the method comprises the steps of splitting an original file into file blocks by a sending module, encrypting and hashing the single file block digital fingerprints, generating a digital signature set and a hash set, decrypting by a receiving module, and comparing the decrypted digital signature set and the hash set item by item with the digital signature set and the hash set of the sending module for analysis, so that data integrity verification is achieved. By the system and the method, the automatic data acquisition interaction and file integrity verification of the power supply service recorder and the video and audio storage device are realized, the field work efficiency is improved, the integrity and compliance of the video and audio data of the power supply service recorder are ensured, and the public approval is improved.

As shown in fig. 10, the present invention provides a system for data acquisition interaction of a terminal device, the system comprising:

the sending module 1001 is configured to encrypt the identity identification information and the identity key information of the terminal, and generate an identity information ciphertext; generating a confusion character string, and adding the confusion character string to the identity information ciphertext; the identity information ciphertext added with the confusion character string is sent to a receiving module; after the identity identification information and the identity key information pass through verification, encrypting the data file through a sending module to generate an encrypted file; generating a data file signature through a sending module; the encrypted file and the data file signature are sent to a receiving module through a sending module;

Preferably, the sending module 1001 is configured to generate an obfuscated character string, and add the obfuscated character string to the identity information ciphertext, and is further configured to:

Preferably, after the identity identification information and the identity key information pass verification, the data file is encrypted through the sending module to generate an encrypted file; generating a data file signature by the transmission module 1001 includes:

The receiving module 1002 is configured to delete an confusion string in the identity information ciphertext of the received confusion string, decrypt the identity information ciphertext, and obtain decrypted identity identification information and identity key information; verifying the identity identification information and the identity key information;

decrypting the encrypted file through the receiving module, obtaining the decrypted data file, authenticating the signature of the data file, and confirming the integrity of the data file.

Preferably, the receiving module 1002 is configured to delete the confusion string in the identity information ciphertext of the received confusion string, decrypt the identity information ciphertext, and obtain decrypted identity identification information and identity key information; verifying the identity identification information and the identity key information and further used for:

Preferably, the receiving module 1002 is configured to decrypt the encrypted file, obtain the decrypted data file, authenticate the signature of the data file, and further be configured to:

The system for terminal equipment data acquisition interaction provided by the embodiment of the invention corresponds to the method for terminal equipment data acquisition interaction provided by the embodiment of the invention, and is not described herein.

It will be appreciated by those skilled in the art that embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein. The scheme in the embodiment of the invention can be realized by adopting various computer languages, such as object-oriented programming language Java, an transliteration script language JavaScript and the like.

The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

While preferred embodiments of the present invention have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. It is therefore intended that the following claims be interpreted as including the preferred embodiments and all such alterations and modifications as fall within the scope of the invention.

It will be apparent to those skilled in the art that various modifications and variations can be made to the present invention without departing from the spirit or scope of the invention. Thus, it is intended that the present invention also include such modifications and alterations insofar as they come within the scope of the appended claims or the equivalents thereof.

The invention has been described with reference to a few embodiments. However, as is well known to those skilled in the art, other embodiments than the above disclosed invention are equally possible within the scope of the invention, as defined by the appended patent claims.

Generally, all terms used in the claims are to be interpreted according to their ordinary meaning in the technical field, unless explicitly defined otherwise therein. All references to "a// the [ means, component, etc ]" are to be interpreted openly as referring to at least one instance of means, component, etc., unless explicitly stated otherwise. The steps of any method disclosed herein do not have to be performed in the exact order disclosed, unless explicitly stated.

Claims

1. A method for terminal device data acquisition interactions, the method comprising:

2. The method of claim 1, the identity information comprising a terminal identity ID; the identity key information comprises an identity key and a key validity period;

3. The method of claim 2, the generating and adding the obfuscated character string to the identity information ciphertext, comprising:

4. The method according to claim 3, wherein the receiving module deletes the confusion character string in the identity information ciphertext of the received confusion character string, decrypts the identity information ciphertext, and obtains decrypted identity identification information and identity key information; verifying the identity identification information and the identity key information, including:

5. The method according to claim 1, wherein after the identity information and the identity key information pass verification, the sending module encrypts the data file to generate an encrypted file; generating, by the sending module, a data file signature, comprising:

6. The method according to claim 5, wherein decrypting the encrypted file by the receiving module, obtaining the decrypted data file and authenticating the data file signature, comprises:

7. A system for terminal device data acquisition interactions, the system comprising:

8. The system of claim 7, the identity information comprising a terminal identity ID; the identity key information comprises an identity key and a key validity period;

9. The system of claim 8, the transmitting module to generate a confusion string and to add the confusion string to the identity information ciphertext, further to:

10. The system of claim 9, wherein the receiving module is configured to delete a confusion string in the identity information ciphertext of the received confusion string, decrypt the identity information ciphertext, and obtain decrypted identity identification information and identity key information; the identity identification information and the identity key information are verified and are also used for:

11. The system of claim 7, wherein after the identity information and the identity key information pass verification, the sending module encrypts the data file to generate an encrypted file; generating, by the sending module, a data file signature, comprising:

12. The system of claim 11, the receiving module to decrypt an encrypted file, obtain a decrypted data file, and authenticate the data file signature, further to: