WO2023029723A1 - Broadband cognitive radio communication method and system, device, and storage medium - Google Patents

Broadband cognitive radio communication method and system, device, and storage medium Download PDF

Info

Publication number
WO2023029723A1
WO2023029723A1 PCT/CN2022/103360 CN2022103360W WO2023029723A1 WO 2023029723 A1 WO2023029723 A1 WO 2023029723A1 CN 2022103360 W CN2022103360 W CN 2022103360W WO 2023029723 A1 WO2023029723 A1 WO 2023029723A1
Authority
WO
WIPO (PCT)
Prior art keywords
authentication
node
receiving node
encrypted
preset
Prior art date
Application number
PCT/CN2022/103360
Other languages
French (fr)
Chinese (zh)
Inventor
张慧
丁慧霞
段钧宝
曾姝彦
王智慧
陆民
程磊
张庚
吴赛
汪洋
孟萨出拉
潘娟
李艳波
Original Assignee
中国电力科学研究院有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中国电力科学研究院有限公司 filed Critical 中国电力科学研究院有限公司
Publication of WO2023029723A1 publication Critical patent/WO2023029723A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/069Authentication using certificates or pre-shared keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0457Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply dynamic encryption, e.g. stream encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0625Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation with splitting of the data block into left and right halves, e.g. Feistel based algorithms, DES, FEAL, IDEA or KASUMI
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0631Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3297Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W16/00Network planning, e.g. coverage or traffic planning tools; Network deployment, e.g. resource partitioning or cells structures
    • H04W16/14Spectrum sharing arrangements between different networks

Definitions

  • the present application belongs to the technical field of wireless communication, relates to the field of wireless communication security encryption, and in particular relates to a broadband cognitive wireless communication method, system, device and storage medium.
  • the present application provides a broadband cognitive wireless communication method, system, device and storage medium, so as to solve one or more existing technical problems above.
  • the method disclosed in this application can guarantee one or more of node security, connection security, and information transmission security by means of dynamic encryption security.
  • An embodiment of the present application provides a broadband cognitive wireless communication method, including:
  • the authentication initiating node sends an authentication request; outputs the authentication initiating node ID (ID, Identity Document) encrypted by the connection authentication key; obtains the authentication receiving node ID encrypted by the connection authentication key, and parses the encrypted authentication receiving node The node ID obtains the authentication and receives the node authentication result;
  • the authentication receiving node receives the authentication request; outputs the authentication receiving node ID encrypted by the connection authentication key; obtains the authentication initiating node ID encrypted by the connection authentication key, parses the encrypted authentication initiating node ID to obtain the authentication initiating node Certification results;
  • the data information to be transmitted after the authentication initiating node and the authentication receiving node are interactively encrypted
  • connection authentication key is obtained by encrypting the time stamp at the moment when the authentication request is issued, the central frequency point, and the preset channel bandwidth by the first preset master key encryption algorithm.
  • An embodiment of the present application provides a broadband cognitive wireless communication method, including:
  • the authentication initiating node sends an authentication request; the encrypted authentication initiating node ID is output; the encrypted authentication receiving node ID is obtained, and the encrypted authentication receiving node ID is parsed to obtain the authentication receiving node authentication result;
  • the authentication receiving node receives the authentication request; outputs the encrypted authentication receiving node ID; obtains the encrypted authentication initiating node ID, parses the encrypted authentication initiating node ID to obtain the authentication initiating node authentication result;
  • the authentication initiating node and the authentication receiving node exchange the data information to be transmitted after being encrypted by the link information encryption key;
  • the link information encryption key is obtained by encrypting the time stamp, center frequency point, and channel bandwidth at the first preset moment with a second preset master key encryption algorithm.
  • An embodiment of the present application provides a broadband cognitive wireless communication method, including:
  • the encrypted data information to be transmitted is exchanged with the authentication receiving node
  • connection authentication key is obtained by encrypting the time stamp at the moment when the authentication request is issued, the central frequency point, and the preset channel bandwidth by the first preset master key encryption algorithm.
  • An embodiment of the present application provides a broadband cognitive wireless communication method, including:
  • the link information encryption key is obtained by encrypting the time stamp, center frequency point, and channel bandwidth at the first preset moment with a second preset master key encryption algorithm.
  • An embodiment of the present application provides a broadband cognitive wireless communication method, including:
  • the encrypted data information to be transmitted is exchanged with the authentication initiating node
  • connection authentication key is obtained by encrypting the time stamp at the moment when the authentication request is issued, the central frequency point, and the preset channel bandwidth by the first preset master key encryption algorithm.
  • An embodiment of the present application provides a broadband cognitive wireless communication method, including:
  • the link information encryption key is obtained by encrypting the time stamp, center frequency point, and channel bandwidth at the first preset moment with a second preset master key encryption algorithm.
  • An embodiment of the present application provides a broadband cognitive wireless communication system, including:
  • the first sending module is configured to send an authentication request to the authentication receiving node, and output to the authentication receiving node the ID of the initiating node encrypted by the connection authentication key;
  • the authentication result acquisition module is configured to obtain the authentication receiving node ID after the authentication receiving node is encrypted by the connection authentication key, parse the authentication receiving node ID, and obtain the authentication receiving node authentication result;
  • the second sending module is configured to exchange encrypted data information to be transmitted with the authentication receiving node according to the authentication result of the successfully passed authentication receiving node and the obtained authentication result of the successfully passing authentication initiating node; wherein, the connection authentication key It is obtained by encrypting the time stamp at the moment when the authentication request is issued, the center frequency point, and the preset channel bandwidth by the first preset master key encryption algorithm.
  • An embodiment of the present application provides a broadband cognitive wireless communication system, including:
  • the first sending module is configured to send an authentication request to the authentication receiving node, and output the encrypted authentication initiation node ID to the authentication receiving node;
  • the authentication result obtaining module is configured to obtain the authentication receiving node ID encrypted by the authentication receiving node, parse the authentication receiving node ID, and obtain the authentication result of the authentication receiving node;
  • the second sending module is configured to exchange with the authentication receiving node the data information to be transmitted after being encrypted by the link information encryption key according to the authentication result of the successfully passed authentication receiving node and the obtained authentication result of the successfully passing authentication initiating node; wherein , the link information encryption key is obtained by encrypting the time stamp, center frequency point, and channel bandwidth at the first preset moment with a second preset master key encryption algorithm.
  • An embodiment of the present application provides a broadband cognitive wireless communication system, including:
  • An authentication request acquisition module configured to acquire an authentication request from an authentication initiating node
  • the first output module is configured to output the authentication receiving node ID encrypted by the connection authentication key
  • the authentication result obtaining module is configured to obtain the authentication initiation node ID encrypted by the connection authentication key, parse the authentication initiation node ID, and obtain the authentication initiation node authentication result;
  • the second output module is configured to exchange encrypted data information to be transmitted with the authentication initiating node according to the authentication result of the successfully passed authentication initiating node and the obtained authentication result of the successfully passing authentication receiving node; wherein, the connection authentication key It is obtained by encrypting the time stamp at the moment when the authentication request is issued, the center frequency point, and the preset channel bandwidth by the first preset master key encryption algorithm.
  • An embodiment of the present application provides a broadband cognitive wireless communication system, including:
  • An authentication request acquisition module configured to acquire an authentication request from an authentication initiating node
  • the first output module is configured to output the encrypted authentication receiving node ID
  • the authentication result obtaining module is configured to obtain the authentication initiation node ID encrypted by the authentication initiation node, parse the authentication initiation node ID, and obtain the authentication initiation node authentication result;
  • the second output module is configured to interact with the authentication initiating node according to the authentication result of the successfully passed authentication initiating node and the acquired authentication result of the successfully passing authentication receiving node, which is encrypted by the link information encryption key; wherein , the link information encryption key is obtained by encrypting the time stamp, center frequency point, and channel bandwidth at the first preset moment with a second preset master key encryption algorithm.
  • An embodiment of the present application provides an electronic device, including:
  • memory configured to store executable instructions
  • a processor configured to implement the steps of the broadband cognitive wireless communication method when executing the executable instructions stored in the memory.
  • An embodiment of the present application provides a computer-readable storage medium, which stores computer-executable instructions, and the computer-executable instructions are configured to cause a processor to implement the steps of the broadband cognitive wireless communication method above.
  • dynamic authentication and encryption are realized by forming an encryption key by associating time stamps, center frequency points, and channel bandwidth. Changes can greatly reduce the possibility of information brute force cracking, and can improve the security and reliability of information transmission.
  • the associated time stamp, center frequency point, and channel bandwidth are used. These three parameters change randomly and dynamically according to the surrounding environment interference and information transmission requirements, thereby generating a dynamic link information encryption key. , Realize dynamic encrypted transmission of data information, prevent third-party violent cracking and information theft, and improve the security and reliability of information transmission.
  • the access authentication of the dynamic authentication encryption method is realized by using the associated time stamp, center frequency point and channel bandwidth to form an encryption key.
  • the three parameters randomly and dynamically change according to the surrounding environment interference and the change of information transmission requirements, thereby generating a dynamic link information encryption key, and dynamically encrypting and transmitting data information.
  • the dual security means of dynamic encryption can ensure node security and connection Security and Information Transmission Security.
  • FIG. 1 is a schematic diagram of a framework of WAPI security authentication in the related art
  • Fig. 2 is a schematic diagram of the WAPI security authentication process in the related art
  • FIG. 3 is a schematic diagram of the overall flow of IEEE 802.11WPA certification in related technologies
  • FIG. 4 is a schematic diagram of the four-way handshake process of WPA authentication in the related art
  • FIG. 5 is a schematic diagram of an implementation flow of the dynamic authentication and encryption method provided by the embodiment of the present application.
  • FIG. 6 is a schematic flow diagram of another implementation of the dynamic authentication and encryption method provided by the embodiment of the present application.
  • FIG. 7 is a schematic flow diagram of another implementation of the dynamic authentication and encryption method provided by the embodiment of the present application.
  • Figure 8a and Figure 8b are schematic diagrams of an implementation flow of a broadband cognitive wireless communication system using dynamic authentication and encryption technology provided by the embodiment of the present application;
  • FIG. 9 is a schematic flowchart of an implementation of a broadband cognitive wireless communication method provided in an embodiment of the present application.
  • FIG. 10 is a schematic flowchart of another implementation of the broadband cognitive wireless communication method provided by the embodiment of the present application.
  • FIG. 11 is a schematic flowchart of another implementation of the broadband cognitive wireless communication method provided by the embodiment of the present application.
  • FIG. 12 is a schematic flowchart of another implementation of the broadband cognitive wireless communication method provided by the embodiment of the present application.
  • FIG. 13 is a schematic diagram of a hardware composition architecture of a broadband cognitive wireless communication system provided by an embodiment of the present application.
  • Fig. 14 is a schematic diagram of a software composition architecture of the broadband cognitive wireless communication system provided by the embodiment of the present application.
  • the current trusted authentication/encryption technologies including 3GPP and IEEE standards, all use static key encryption, and its air interface is a standard method, relying only on algorithms to ensure the security and integrity of information.
  • attackers can use receivers based on standard air interfaces to intercept and demodulate digital signals. After obtaining encrypted user data, they can obtain communication information through brute force cracking. There are certain risks in security.
  • the front-end of traditional wireless communication systems usually uses fixed filters, and the operating frequency band of the system is limited by the front-end filters. Therefore, fixed-band communication methods are generally used, which cannot support broadband RF signal sensing and interference-triggered frequency hopping.
  • the traditional wireless communication method uses the air interface defined by the standard to transmit data. The third party can intercept and demodulate the digital signal through the standard air interface, obtain the encrypted user data, and obtain the communication information through brute force.
  • Fig. 1 is the frame schematic diagram of WAPI security certification in the related art, referring to Fig. 1, in the structural framework of this related technical scheme, wireless LAN authentication and privacy infrastructure (WAPI, Wireless LAN Authentication and Privacy Infrastructure) is identified by the wireless local area network
  • WAI Wireless LAN Authentication Infrastructure
  • WPI Wireless LAN Privacy Infrastructure
  • WAI is responsible for identifying entities
  • WPI is responsible for data encryption.
  • WAI is based on the elliptic curve algorithm, adopts the public key encryption mechanism, and supports three elliptic curve encryptions of 192, 224, and 256 bits.
  • STA, Station base station
  • AP Access Point
  • the WAI module can be divided into the following three entities by function:
  • Authenticator Entity Generally integrated in the AP, its function is to provide authentication and authentication operations for the STA before the STA accesses the AP for business processing.
  • Authentication Supplicant Entity generally integrated in the STA, its function is to initiate an authentication access request to the AP after receiving the authentication activation message from the AP.
  • Authentication Service Entity Generally integrated in the Authentication Service Unit (ASU, Authentication Service Unit), responsible for providing mutual authentication services (such as certificate management, identity authentication, etc.) for AP and STA.
  • ASU Authentication Service Unit
  • FIG. 2 is a schematic diagram of the WAPI security authentication process in the related art, referring to Figure 2, the STA and the AP complete the certificate authentication process based on their respective certificates, and perform identity recognition and key negotiation; wherein the WAPI authentication workflow is as follows:
  • the STA establishes a connection channel with the AP, and the STA sends an access authentication request;
  • the AP forwards the certificate authentication request to the authentication server (AS, Authentication Service), and the AS issues a digital certificate;
  • the AP and the STA analyze and install the digital certificate issued by the AS respectively; among them, the certificate of the STA is obtained and installed by the user, and the certificate of the AP is installed by the network administrator when the AP connects to the network.
  • the encryption function starts, and the WLAN user accesses the network and starts negotiating the key to carry out data encryption communication.
  • WAPI implements mutual authentication between STA and AP, and only STAs holding legal certificates can access APs holding legal certificates. This ensures that STAs cannot log in to illegal APs, resulting in leakage of sensitive information, and also ensures that STAs holding illegal certificates cannot access APs, resulting in a waste of network resources.
  • WAPI has different degrees of security risks in the stages of identity authentication and key negotiation, making it impossible to fully meet the original design goals of the standard. The analysis statement is as follows:
  • the STA certificate exists on the mobile terminal in plain text, so the loss of the terminal will cause the loss of the user certificate, and WAPI's authentication of the user is completed by verifying the legitimacy of the STA certificate, so the opponent will rely on this loss
  • the certificate initiates an authentication attack.
  • the adversary does not have the private key of the legal certificate holder, cannot complete the key negotiation, and cannot successfully access the wireless network, the illegal access has maliciously occupied the port, bringing potential security risks.
  • FIG. 3 is a schematic diagram of the overall flow of IEEE 802.11WPA authentication in related technologies, see Figure 3, in this related technical solution, the offline IEEE 802.11 Wireless Fidelity Protected Access (WPA, Wireless Fidelity Protected Access) authentication encryption method adopts WPA-PSK (Pre-Shared Key, Pre-Shared Key) (WPA-personal) authentication, using the Temporal Key Integrity Protocol (TKIP, Temporal Key Integrity Protocol), using a static password, and completing the authentication and encryption process through a four-way handshake.
  • WPA-PSK Pre-Shared Key, Pre-Shared Key
  • WPA-personal Wi-personal
  • TKIP Temporal Key Integrity Protocol
  • the overall process is as follows :
  • the wireless AP periodically sends beacon data packets, and the STA updates the wireless network list after receiving them;
  • STA sends open authentication (AUTH, AUTHentication) message to target AP;
  • the AP responds to the AUTH message
  • the target AP sends an association response (Aassociation Response) message to the STA;
  • Extensible Authentication Protocol Over LAN EAPOL, Extensible Authentication Protocol Over LAN
  • the AP negotiates with the STA to calculate a 512-bit pairwise transient key (PTK, Pairwise Transient Key) and a 256-bit group temporary key (GTK, Group Transient Key);
  • PTK Pairwise Transient Key
  • GTK Group Transient Key
  • Fig. 4 is a schematic diagram of the four-way handshake process of WPA authentication in related technologies. As shown in Fig. 4, the four-way handshake authentication process is as follows:
  • the AP transmits the random number A-nonce generated by itself to the STA, and the message integrity check code (MIC, Message Integrity Code) is all 0;
  • the STA After the STA receives the A-nonce, it adds the random number S-nonce generated by itself to generate the PTK, and then generates the MIC, and then the STA sends the S-nonce and the MIC to the AP;
  • the AP After the STA's S-nonce, it generates its own PTK, then generates the MIC, and compares the MIC sent by the STA. Since the MIC is generated by the paired master key (PMK, Pairwise Master Key) and PTK, if If the MIC is incorrect, it means that the PTK or PMK is incorrect, then end this verification, if it is correct, send the STA authentication pass message, and attach the MIC;
  • PMK Pairwise Master Key
  • the AP and the STA mutually confirm whether the other party's PMK is consistent with their own. If they are consistent, the authentication succeeds. If not, the authentication fails. In order to ensure the integrity of the transmission, the MIC check code is used in the handshake process.
  • the four-way handshake process of the above communication system especially the pre-shared key (PSK, Pre-Shared Key) method
  • PSK Pre-Shared Key
  • the method is the dictionary method, that is, use the PSK+Service Set Identifier (SSID, Service Set Identifier) in the dictionary to generate a PMK, and then combine the STA’s Media Access Control (MAC, Media Access Control) address in the handshake packet, the AP’s SSID, A- The nonce and S-nonce calculate the PTK, plus the original message data, calculate the MIC and compare it with the MIC sent by the AP. If they are consistent, the PSK is the key.
  • SSID Service Set Identifier
  • MAC Media Access Control
  • WPA does not have good backward compatibility; using WPA will affect network performance unless hardware that accelerates processing performance is installed; it is designed using foreign standards, foreign chips (Intel, Broadcom, Qualcomm, etc.) and foreign encryption algorithms (AES) , low autonomy and controllability, and there are major safety hazards.
  • the embodiment of the present application provides a dynamic authentication encryption method, the method includes the following steps:
  • Step S501 based on the authentication request, the two nodes to be connected respectively obtain the ID of the other party encrypted by the connection authentication key, and perform connection access authentication based on the obtained ID; wherein, the step of obtaining the connection authentication key includes: obtaining the authentication key
  • Step S502 obtaining a connection access authentication result, and when the connection access authentication result is successfully passed, the encrypted data information to be transmitted is transmitted between the two nodes that have completed the connection access authentication.
  • the center frequency point at the time when the authentication request is sent is the center frequency point with the minimum noise signal strength at the time when the authentication request is sent out.
  • the first preset master key encryption algorithm is SM3, AES or 3DES.
  • SM3 may be selected as the first preset master key encryption algorithm when it is applied to a power business scenario.
  • dynamic authentication and encryption are realized by using the associated time stamp, center frequency point, and channel bandwidth to form an encryption key. Changes and dynamic changes greatly reduce the possibility of information brute force cracking, and can improve the security and reliability of information transmission.
  • the embodiment of the present application provides a dynamic authentication encryption method, the method includes the following steps:
  • Step S601 based on the authentication request, the two nodes to be connected perform connection access authentication.
  • Step S602 obtain the connection access authentication result, when the connection access authentication result is successfully passed, transmit the to-be-transmitted data information encrypted with the link information encryption key between the two nodes that have completed the connection access authentication;
  • the step of obtaining the link information encryption key includes: obtaining three parameters at the first preset moment: time stamp, center frequency point and channel bandwidth, the channel bandwidth is determined according to the data bandwidth of the data information to be transmitted, and the center frequency point It is determined according to the noise signal strength of each frequency point; the second preset master key encryption algorithm is used to encrypt the obtained three parameters to obtain the link information encryption key.
  • the center frequency point at the time when the authentication request is sent is the center frequency point with the minimum noise signal strength at the time when the authentication request is sent out.
  • the first preset moment is the moment when the center frequency point changes during data transmission, or the moment when the channel bandwidth changes during data transmission, or the moment when the center frequency point and channel bandwidth change during data transmission;
  • the center frequency point at the first preset moment is the center frequency point of the minimum noise signal strength at the first preset moment.
  • the second preset master key encryption algorithm is SM3, AES or 3DES.
  • SM3 may be selected as the second preset master key encryption algorithm when it is applied to a power business scenario.
  • the three parameters of associated time stamp, center frequency point and channel bandwidth are used to realize dynamic authentication and encryption.
  • the three parameters change randomly and dynamically according to the surrounding environment interference and information transmission requirements. , so as to generate a dynamic link information encryption key, realize dynamic encrypted transmission of data information, prevent third-party violent cracking and information theft, and improve the security and reliability of information transmission.
  • the embodiment of the present application provides a dynamic authentication encryption method, the method includes the following steps:
  • Step S701 based on the authentication request, the two nodes to be connected respectively obtain the ID of the other party encrypted by the connection authentication key, and perform connection access authentication based on the obtained ID; wherein, the step of obtaining the connection authentication key includes: obtaining the authentication key The three parameters at the moment when the request is sent: time stamp, center frequency point and preset channel bandwidth, and the first preset master key encryption algorithm is used to encrypt the obtained three parameters to obtain the connection authentication key.
  • Step S702 obtain the connection access authentication result, and when the connection access authentication result is successfully passed, transmit the to-be-transmitted data information encrypted with the link information encryption key between the two nodes that have completed the connection access authentication;
  • the step of obtaining the link information encryption key includes: obtaining three parameters at the first preset moment: time stamp, center frequency point and channel bandwidth, the channel bandwidth is determined according to the data bandwidth of the data information to be transmitted, and the center frequency point It is determined according to the noise signal strength of each frequency point; the second preset master key encryption algorithm is used to encrypt the obtained three parameters to obtain the link information encryption key.
  • the center frequency point at the time when the authentication request is sent is the center frequency point with the minimum noise signal strength at the time when the authentication request is sent out;
  • the first preset time point is the time when the center frequency point and/or channel bandwidth changes during data transmission;
  • the center frequency point at the first preset moment is the center frequency point of the minimum noise signal strength at the first preset moment.
  • Both the first preset master key encryption algorithm and the second preset master key encryption algorithm are SM3, AES or 3DES.
  • both the first preset master key encryption algorithm and the second preset master key encryption algorithm can be selected as SM3 when applied to a power business scenario.
  • the first preset moment is the moment when the center frequency point and/or the channel bandwidth change during data transmission; the center frequency point at the first preset moment is the center frequency of the minimum noise signal strength at the first preset moment point.
  • the step of obtaining the first preset moment includes: during data transmission, if it is detected that the noise signal intensity of other center frequency points is smaller than the noise intensity of the currently working center frequency point or the data bandwidth of the transmission data changes , the center frequency point or channel bandwidth will change accordingly, wherein the first preset moment is the moment when the center frequency point and/or channel bandwidth changes.
  • the access authentication of the dynamic authentication encryption method is realized by using the encryption key formed by associating time stamp, center frequency point and channel bandwidth.
  • a parameter changes randomly and dynamically according to the surrounding environment interference and the change of information transmission requirements, thereby generating a dynamic link information encryption key, and dynamically encrypting and transmitting data information.
  • the dual security means of dynamic encryption can ensure node security and connection security. and information transmission security.
  • the embodiment of the present application further provides a dynamic authentication and encryption method, which includes the following steps:
  • Step 1 Obtain the current time stamp, center frequency point and channel bandwidth, and generate a connection authentication key based on the current time stamp, center frequency point, and channel bandwidth; use ID authentication to authenticate the connection and access of the two nodes.
  • step 1 comprises the steps of:
  • Step 1.1 perceive the noise level and possible signal types of each center frequency point, find the center frequency point with the minimum signal strength, and then obtain the time stamp, center frequency point and preset channel bandwidth at the current moment;
  • Step 1.2 When the time stamp, center frequency point and channel bandwidth of the current moment are obtained, the three parameters are encrypted according to the master key encryption algorithm to generate a new connection authentication key;
  • Step 1.3 when node 1 initiates a connection authentication request with node 2, node 1 needs to use the new connection authentication key to encrypt the ID of node 1, and node 2 also needs to use the new connection authentication key to encrypt the ID of node 2 encrypt;
  • step 1.4 node 1 sends its own ID ciphertext to node 2
  • node 2 sends its own ID ciphertext to node 1
  • node 1 and node 2 use the connection authentication key to decrypt the received ID ciphertext, and then Compare the decrypted ID with the stored ID serial number. If the comparison is successful, the connection authentication is successful, and the connection between node 1 and node 2 is successfully established.
  • Step 2 Obtain the current time stamp, center frequency point and channel bandwidth, generate a link information encryption key according to the current time stamp, center frequency point and channel bandwidth, and encrypt and transmit the information.
  • step 2 comprises the steps of:
  • Step 2.1 obtain the noise level and possible signal types of each center frequency point in real time, and judge the signal strength of each center frequency point at time T and the signal strength at the current time. If it is found that the signal strength of other center frequency points is lower than the current The signal strength of the center frequency point, record the center frequency point at time T;
  • the optimal channel bandwidth is adapted according to the type of data to be transmitted and the amount of information. If the type of transmitted data and the amount of information change, immediately switch to a more matching channel bandwidth, and record the channel bandwidth at time T. Obtain the timestamp, center frequency point and channel bandwidth of the current moment;
  • Step 2.3 when each node obtains the timestamp, center frequency point and channel bandwidth of the current moment, it encrypts the three parameters according to the master key encryption algorithm to generate a new link information encryption key;
  • Step 2.4 when node 1 initiates a data transmission request to node 2, node 1 needs to use a new link information encryption key to encrypt and transmit the data;
  • Step 2.5 Node 2 receives the encrypted data and uses the new link information encryption key to decrypt the encrypted data.
  • the master key is used to encrypt, and the encryption algorithm is input to generate a new random Connection authentication key or link information encryption key with time, center frequency, and channel bandwidth dynamically changing; these dimensions are completely random values, depending on the current spectrum sensing and frequency decision (that is, randomness of center frequency, channel bandwidth change), triggering the dynamic change of the connection authentication key or link information encryption key, which may appear at different frequency points at any time, and use different channel bandwidths at any time.
  • the third party cannot even obtain the frequency hopping pattern, and it is almost impossible to obtain the complete Data frame, the data basis for brute force cracking does not exist, brute force cracking loses its usefulness, and security is guaranteed; at the same time, combined with identity authentication and encryption chips, when any two nodes are connected to each other, they first need to pass mutual identity authentication and support dynamic Authentication encryption mechanism.
  • the dynamic authentication and encryption method proposed in the embodiment of the present application can guarantee node security, connection security and information transmission security by means of double security.
  • infrastructure projects such as substation projects, transmission line projects, and cable trench projects require temporary networking during the construction process, and the construction cost of wired private networks is high.
  • on-site networking is limited by factors such as environment, equipment, technology, and cost, and full coverage cannot be achieved with existing networks.
  • problems such as slow speed, high risk, and inability to retain video and inspection location information in the inspection of the freight cableway line of the UHV line project in mountainous areas.
  • the dynamic authentication and encryption method provided in the embodiment of the present application can be applied to an encryption method of a broadband cognitive wireless communication method or system serving as an electric power service.
  • the dynamic authentication and encryption system provided in the embodiment of the present application may be applied to an encryption device of a broadband cognitive wireless communication method or system for power services.
  • the dynamic authentication and encryption technology provided by the embodiment of the present application can be applied to a broadband wireless communication system to enhance transmission reliability of the wireless system.
  • the embodiment of the present application provides a method for implementing a broadband cognitive wireless communication system using dynamic authentication and encryption technology.
  • the method may include the following steps:
  • Step 1 When any two broadband cognitive wireless communication systems (hereinafter referred to as “systems”) are connected, a connection access authentication mechanism is triggered.
  • systems broadband cognitive wireless communication systems
  • step 1 comprises the steps of:
  • Step 1.1 the system spectrum sensing unit perceives the noise level and possible signal types of each center frequency point, finds the center frequency point with the minimum signal strength, and obtains the time stamp through the system clock unit, so as to obtain the time stamp and center frequency at the current moment.
  • Step 1.2 When the time stamp, center frequency point and channel bandwidth of the current moment are obtained, combine the identity authentication encryption chip to encrypt the three parameters according to the master key encryption algorithm to generate a new connection authentication key;
  • Step 1.3 when the system initiates a connection authentication request with any other system, the system needs to use a new connection authentication key to encrypt the ID of the system, and other systems also need to use a new connection authentication key to encrypt its ID encryption;
  • step 1.4 the system sends its own ID ciphertext to other systems, and other systems send their own ID ciphertext to this system.
  • This system and other systems use the connection authentication key to decrypt the received ID ciphertext, and then Compare the ID with the stored ID serial number. If the comparison is successful, the connection authentication is successful, the connection and access of the two systems are successfully established, and the information transmission process of the system is entered.
  • Step 2 The system clock unit starts the frequency sensing process at time T of the recording cycle T.
  • step 2 includes the steps of:
  • step 2.1 when the system transmits a signal, the system clock unit records the time T of the clock period before transmitting the signal, and triggers the spectrum sensing unit of the system to start the frequency sensing process.
  • the frequency sensing process decouples two-way reception, the 0-way receiving unit is configured to receive communication signals with a fixed center frequency and channel bandwidth, and the 1-way receiving unit is driven by the spectrum sensing unit through the digital signal processing baseband module to control the digital signal processing unit.
  • step 2.2 the frequency perception process controls the front-end sliding window filter, and controls the digital signal processing unit to complete the rapid perception of the noise level of each center frequency point and the possible signal type.
  • Step 3 The frequency sensing unit of the system obtains the sensing information and outputs it to the frequency control unit.
  • step 3 includes the steps of:
  • step 3.1 after the digital signal processing unit of the system completes the perception of the noise level and possible signal types of each center frequency point, it will obtain the noise level and possible signal types of each center frequency point at the current T time, and the digital signal processing unit The noise level and possible signal types of each center frequency point at the current moment are driven back to the frequency sensing unit through digital signal processing.
  • Step 3.2 After receiving the sensing information, the frequency sensing unit of the system outputs the noise level and possible signal types of each center frequency point at the current moment to the frequency control unit in real time.
  • Step 4 The frequency decision-making unit of the broadband cognitive wireless communication system starts a spectrum decision-making process at time T of the clock cycle.
  • step 4 includes the steps of:
  • step 4.1 after the spectrum decision-making process receives the obtained data on the noise level of each center frequency point and possible signal types at the current moment, it compares it with the noise power spectral density of the current working channel.
  • Step 4.2 if the noise level of each central frequency point at the current moment and the power spectral density of the possible signal types are higher than the value X of the current working channel, the spectrum decision-making process will return the comparison result to the frequency decision-making unit; if the noise level of each central frequency point at the current moment The power spectral density of the level and possible signal types is lower than the value Y of the current working channel, the spectrum decision process will decide the new working center frequency point and channel bandwidth of the broadband cognitive wireless communication system, and the new center frequency point, channel bandwidth and The time stamp is output to the dynamic authentication encryption unit and the communication management protocol stack unit.
  • Step 5 Trigger the dynamic authentication and encryption unit of the broadband cognitive wireless communication system to start the dynamic authentication and encryption process at time T of the clock cycle.
  • step 5 includes the steps of:
  • Step 5.1 the dynamic authentication and encryption process judges whether the new center frequency point, channel bandwidth and time stamp are received.
  • step 5.2 if the new center frequency point, channel bandwidth and time stamp are not received, the dynamic authentication encryption process returns the result to the dynamic authentication encryption unit; if new center frequency point, channel bandwidth and time stamp are received, the dynamic authentication encryption The process will combine the node's identity authentication encryption chip to perform encryption operations on the three parameters, decide to generate a new link information encryption key, and output the new link information encryption key to the communication management protocol stack unit.
  • Step 6 The clock cycle T triggers the communication management protocol stack unit of the broadband cognitive wireless communication system to start the frequency hopping key preparation process.
  • step 6 includes the steps of:
  • Step 6.1 the frequency hopping key preparation process judges whether the new center frequency point and channel bandwidth information is received.
  • Step 6.2 if no new center frequency point and channel bandwidth information is received, the frequency hopping key preparation process returns the result to the communication management protocol stack unit.
  • Step 6.3 If the new center frequency point and channel bandwidth are received, the frequency hopping key preparation process judges whether a new link information encryption key is received, if not received, the frequency hopping key preparation process returns the result to the communication Management protocol stack unit; if a new link information encryption key is received, the frequency hopping key preparation process encodes and encrypts the new center frequency point and channel bandwidth information, and broadcasts it through the beacon information unit.
  • Step 7 The clock cycle T+1 triggers the communication management protocol stack unit of the broadband cognitive wireless communication system to start the frequency hopping key activation process and establish a new link.
  • step 7 includes the steps of:
  • Step 7.1 the frequency hopping key activation process, activates the new link information encryption key, and activates the new working center frequency point and channel bandwidth of the system.
  • step 7.2 the system establishes a new link according to the new working center frequency and channel bandwidth.
  • Step 8 At clock cycle T+1, the system encrypts and transmits data according to the new link information encryption key.
  • step 8 includes the steps of:
  • Step 8.1 when the system transmits data information, combine the identity authentication encryption chip to encrypt the data according to the new link information encryption key, and then send the encrypted data according to the new link;
  • step 8.2 when any other system receives encrypted data after the link is successfully established, it uses the new link information encryption key to decrypt the data. So far, the broadband cognitive wireless communication system has completed the entire transmission process of data information security and reliability.
  • the existing communication technology cannot provide a broadband wireless communication system that meets the requirements of the electric power industry to use shared spectrum, high reliability, high security, and stable operation.
  • the solution provided by the embodiment of this application is based on time-point broadband unlicensed Real-time dynamic sensing of spectrum and dynamic band bandwidth adjustment, center frequency point of unlicensed spectrum based on time-point dynamic sensing, channel bandwidth determination and frequency hopping, associated time, center frequency point, channel bandwidth, combined with frequency hopping technology, associated identity authentication
  • the dynamic authentication and encryption of the encryption chip is realized.
  • the broadband cognitive wireless communication method is based on the above-mentioned dynamic authentication and encryption method provided by the embodiment of the present application, which can solve the problem that the traditional wireless communication system used in the current electric power industry has poor security and is easily cracked by violence to obtain data information or Illegal access to occupied ports brings potential security risks to technical issues; it utilizes two characteristics of broadband radio frequency signal perception and interference-triggered frequency hopping (for example, it can be obtained through a broadband cognitive wireless communication system applicable to the power industry), Combining the three random parameters of time, center frequency and channel bandwidth to formulate a dynamic authentication encryption mechanism, using the characteristics of the system's own parameters, without the need for a third party to participate in the random number generation process, to achieve a more secure and reliable transmission of power business information.
  • a broadband cognitive wireless communication method provided by an embodiment of the present application includes the following steps:
  • Step S901 sending an authentication request to the authentication receiving node, outputting the authentication initiation node ID encrypted by the connection authentication key to the authentication receiving node; obtaining the authentication receiving node ID encrypted by the connection authentication key on the authentication receiving node, and analyzing the authentication Receiving the node ID to obtain the authentication result of the authentication receiving node; wherein, the connection authentication key is obtained by encrypting the time stamp at the time when the authentication request is issued, the center frequency point, and the preset channel bandwidth by the first preset master key encryption algorithm.
  • Step S902 according to the authentication result of the successfully passed authentication receiving node and the acquired authentication result of the successfully passed authentication initiating node, exchange encrypted data information to be transmitted with the authentication receiving node.
  • the center frequency point at the time when the authentication request is sent is the center frequency point with the minimum noise signal strength at the time when the authentication request is sent out.
  • parsing the authentication receiving node ID to obtain the authentication receiving node authentication result includes: decrypting the encrypted authentication receiving node ID based on the connection authentication key to obtain the original authentication receiving node ID; combining the original authentication receiving node ID with The preset ID serial numbers are compared. If the comparison is successful, the authentication is passed successfully. If the comparison fails, the authentication is not passed successfully.
  • the first preset master key encryption algorithm is SM3, AES or 3DES.
  • dynamic authentication and encryption are realized by forming an encryption key by associating time stamps, center frequency points, and channel bandwidth. Changes can greatly reduce the possibility of information brute force cracking, and can improve the security and reliability of information transmission.
  • an embodiment of the present application provides a broadband cognitive wireless communication method, including the following steps:
  • Step S1001 obtain the authentication request of the authentication initiating node; output the authentication receiving node ID encrypted by the connection authentication key; obtain the authentication initiating node ID of the authentication initiating node encrypted by the connection authentication key, and analyze the authentication initiating node ID, Obtain the authentication result of the authentication initiating node; wherein, the connection authentication key is obtained by encrypting the time stamp at the moment when the authentication request is issued, the center frequency point, and the preset channel bandwidth by the first preset master key encryption algorithm.
  • Step S1002 according to the authentication result of the successfully passed authentication initiating node and the acquired authentication result of the successfully passing authentication receiving node, the encrypted data information to be transmitted is exchanged with the authentication initiating node.
  • parsing the authentication initiation node ID to obtain the authentication initiation node authentication result includes: decrypting the encrypted authentication initiation node ID based on the connection authentication key to obtain the original authentication initiation node ID; combining the original authentication initiation node ID with The preset ID serial numbers are compared. If the comparison is successful, the authentication is passed successfully. If the comparison fails, the authentication is not passed successfully.
  • the center frequency point at the time when the authentication request is sent is the center frequency point with the minimum noise signal strength at the time when the authentication request is sent out.
  • the first preset master key encryption algorithm is SM3, AES or 3DES.
  • dynamic authentication and encryption are realized by forming an encryption key by associating time stamps, center frequency points, and channel bandwidth. Changes can greatly reduce the possibility of information brute force cracking, and can improve the security and reliability of information transmission.
  • a broadband cognitive wireless communication method provided by an embodiment of the present application includes the following steps:
  • Step S1101 sending an authentication request to the authentication receiving node, and outputting the encrypted authentication initiation node ID to the authentication receiving node; obtaining the encrypted authentication receiving node ID of the authentication receiving node, analyzing the authentication receiving node ID, and obtaining the authentication result of the authentication receiving node .
  • Step S1102 according to the authentication result of the successfully passed authentication receiving node and the obtained authentication result of the successfully passed authentication initiating node, exchange with the authentication receiving node the data information to be transmitted encrypted by the link information encryption key; wherein, the link information
  • the encryption key is obtained by encrypting the time stamp, center frequency point and channel bandwidth at the first preset moment with the second preset master key encryption algorithm.
  • the first preset moment is the moment when the central frequency point and/or channel bandwidth changes during data transmission; the center frequency point at the first preset moment is the minimum noise signal strength at the first preset moment center frequency point.
  • the second preset master key encryption algorithm is SM3, AES or 3DES.
  • parsing the authentication receiving node ID to obtain the authentication receiving node authentication result includes: decrypting the encrypted authentication receiving node ID based on the connection authentication key to obtain the original authentication receiving node ID; combining the original authentication receiving node ID with The preset ID serial numbers are compared. If the comparison is successful, the authentication is passed successfully. If the comparison fails, the authentication is not passed successfully.
  • the associated time stamp, center frequency point, and channel bandwidth are used. These three parameters change randomly and dynamically according to the surrounding environment interference and information transmission requirements, thereby generating a dynamic link information encryption key. , Realize dynamic encrypted transmission of data information, prevent third-party violent cracking and information theft, and improve the security and reliability of information transmission.
  • an embodiment of the present application provides a broadband cognitive wireless communication method, including the following steps:
  • Step S1201 obtain the authentication request of the authentication initiating node; output the encrypted authentication receiving node ID; obtain the encrypted authentication initiating node ID of the authentication initiating node, analyze the authentication initiating node ID, and obtain the authentication initiating node authentication result.
  • Step S1202 according to the authentication result of the successfully passed authentication initiating node and the obtained authentication result of the successfully passed authentication receiving node, exchange with the authentication initiating node the data information to be transmitted encrypted by the link information encryption key; wherein, the link information
  • the encryption key is obtained by encrypting the time stamp, center frequency point and channel bandwidth at the first preset moment with the second preset master key encryption algorithm.
  • parsing the authentication initiation node ID to obtain the authentication initiation node authentication result includes: decrypting the encrypted authentication initiation node ID based on the connection authentication key to obtain the original authentication initiation node ID; combining the original authentication initiation node ID with The preset ID serial numbers are compared. If the comparison is successful, the authentication is passed successfully. If the comparison fails, the authentication is not passed successfully.
  • the first preset moment is the moment when the central frequency point and/or channel bandwidth changes during data transmission; the center frequency point at the first preset moment is the minimum noise signal strength at the first preset moment center frequency point.
  • the second preset master key encryption algorithm is SM3, AES or 3DES.
  • the associated time stamp, center frequency point, and channel bandwidth are used. These three parameters change randomly and dynamically according to the surrounding environment interference and information transmission requirements, thereby generating a dynamic link information encryption key. , Realize dynamic encrypted transmission of data information, prevent third-party violent cracking and information theft, and improve the security and reliability of information transmission.
  • an embodiment of the present application provides a broadband cognitive wireless communication device, which includes the following hardware:
  • External antenna 1301 connected to the RF output/input port of the device, configured to receive and transmit RF signals for the system. For example, in steps 6.3 and 8 of the above embodiment shown in Fig. 8a and Fig. 8b, it is configured as signal broadcasting or signal receiving.
  • High linearity power amplifier 1302 a power amplifier with a larger linear range, supporting a higher peak-to-average ratio, for example, in step 8 of the embodiment shown in Fig. 8a and Fig. 8b above, it is configured for the system to transmit data information with a larger transmission range.
  • Software configurable sliding window filter 1303 also known as a software-controlled sliding window filter, the size of the filter frequency band can be configured through software commands, for example, in the first step and the first step of the embodiment shown in Figure 8a and Figure 8b above Step 2, configure to slide each frequency point to perceive the noise level of each frequency point.
  • Transceiver 1304 the receiving and transmitting link of the broadband cognitive wireless communication system, for example, in the first step, the seventh step and the eighth step of the embodiment shown in Fig. 8a and Fig. 8b above, it is configured as link establishment, signal send and receive.
  • Digital signal processing hard-core baseband 1305 a digital baseband using a dedicated digital signal processor, such as the second and third steps in the above-mentioned embodiments shown in FIG. 8a and FIG. 8b.
  • MIPS central processing unit (CPU, Central Processing Unit) 1306 the CPU of the MIPS instruction set, which is embodied in each stage of the system operation of the embodiment shown in the above-mentioned Fig. 8a and Fig. 8b, and processes millions of machine language instructions per second.
  • Identity authentication encryption chip 1307 a chip that implements authentication, identity authentication and encryption in the form of a key, for example, in the first step, the fifth step and the eighth step of the embodiment shown in Figure 8a and Figure 8b above, a new connection is realized Generation of authentication key and link information encryption key, and encryption and decryption of ID and data information with new key.
  • the broadband cognitive wireless communication system is mainly composed of MIPS processor control, broadband radio frequency front-end, hard-core digital signal processing and dynamic authentication encryption module, supports adaptive sensing of working spectrum, and can trigger frequency hopping according to the sensing spectrum mechanism, and finally realize dynamic authentication and encryption according to parameter changes.
  • the front-end adopts a software-controlled sliding window filter, which can support the system to work in a wide frequency band. It adopts the Test-Driven Development (TDD, Test-Driven Development) method and supports 2 ⁇ 2 Multiple-In Multiple-Output (MIMO, Multiple-In Multiple- Out) double sending and double receiving.
  • TDD Test-Driven Development
  • MIMO Multiple-In Multiple-Output
  • the system can also support:
  • the frequency sensing unit of the MIPS processor commands the hard-core digital signal processing unit, controls the front-end sliding window filter, completes the fast sensing of broadband radio frequency signals, obtains the noise intensity and possible signal types of each frequency point at time T, and The noise intensity and possible signal type of the point is input to the frequency control unit.
  • the MIPS processor frequency control unit obtains the noise intensity and possible signal types of each frequency point at time T from the frequency sensing unit, determines and triggers the channel bandwidth and center frequency point of the system at time T+1, and decides whether to jump to a new channel Bandwidth and new center frequency point, and broadcast the new channel bandwidth and new frequency point at T+1 time through beacon encryption, and at the same time input the time stamp, new channel bandwidth and center frequency point information into the dynamic authentication encryption module.
  • the dynamic authentication encryption unit obtains the new channel bandwidth and center frequency point information at T+1 time from the processor frequency control unit, and combines the node's own identity authentication encryption chip to determine and trigger the connection authentication key or link information at T+1 time encryption key.
  • the use of receiving link sensing spectrum will affect the work of the current link; if it does not affect link reception, a separate receiving sensing spectrum is required.
  • the two-way reception of 2 ⁇ 2 MIMO is decoupled in the TDD mode.
  • the MIMO mode is that the two transmission lines send corresponding data, and the two reception lines can receive the two transmission data respectively, so the decoupling Two-way reception will not destroy the normal operation of the receiving link, but will only reduce the receiving effect.
  • the noise spectral density is associated with the frequency domain dimension and time dimension, combined with the comprehensive index of received signal strength, noise floor and SNR index, which can better characterize the frequency domain and time domain characteristics of the target channel; based on time correlation
  • the time-sensitive frequency hopping triggered by the channel comparison decision of the noise spectral density can capture the rapid changes of the time-varying channel in real time, improve the decision-making accuracy of the target channel, accurately track the rapid changes of the time-varying channel, and ensure the stable system performance after frequency hopping. Enhance the stability and reliability of system operation.
  • 3GPP and IEEE use a standard air interface, its physical layer/MAC layer parameters are known, the encryption algorithm adopts a static encryption algorithm, and there are many possibilities of brute force cracking in theory. In fact, with the rapid development of heterogeneous computing technology, the time required for brute force cracking is getting shorter and shorter, and the de facto security is being threatened.
  • the credible authentication and authentication encryption algorithm associated with time, center frequency, channel bandwidth, and identity authentication and encryption chip proposed in the embodiment of this application utilizes the dynamics associated with frequency perception, time, center frequency, and channel bandwidth, and identity authentication and encryption chip
  • the trusted authentication authentication encryption method and its random dynamic change mechanism use time, frequency point, and channel bandwidth as random numbers, combined with identity authentication and encryption chips, and input encryption algorithms to generate new dynamic data with time, center frequency point, and channel bandwidth.
  • Changing authentication and encryption keys, and these dimensions are completely random values, which completely depend on the current spectrum sensing and frequency decision-making, that is, random changes in the center frequency point and channel bandwidth trigger dynamic changes in authentication and encryption keys, and may It appears at different frequency points at any time, and uses different channel bandwidths at any time.
  • the third party cannot even fully obtain the frequency hopping pattern, and almost cannot obtain the complete data frame.
  • the data base for brute force cracking does not exist, and brute force cracking loses its use. , so the security is guaranteed; at the same time, combined with the identity authentication and encryption chip, when any two nodes are interconnected, they can also authenticate each other, and support the dynamic authentication and encryption mechanism.
  • the security authentication and encryption mechanism proposed in the embodiment of this application can guarantee node security, connection security, and information transmission security by means of double security.
  • the network security of broadband cognitive wireless communication is mainly guaranteed by the following two points: 1) the connection authentication key ensures the credibility and security of nodes accessing the network; 2) the link information encryption key ensures the security of information transmission between nodes integrity and integrity of information.
  • the front-end design of the traditional wireless communication system uses a fixed filter, and the operating frequency band of the system depends on the front-end filter. Therefore, a fixed-band communication method is generally used, which cannot support broadband RF signal sensing and interference-triggered frequency hopping.
  • the implementation method of the broadband cognitive wireless communication system proposed by the embodiment of the application is controlled by a MIPS processor, a broadband radio frequency front-end, hard-core digital signal processing, and an identity authentication encryption chip. , supports broadband radio frequency signal perception; adopts anti-interference mode, supports interference-triggered frequency hopping to avoid interference; adopts TDD mode, supports 2 ⁇ 2 MIMO dual transmission and dual reception.
  • a broadband cognitive wireless communication device provided in an embodiment of the present application, which includes the following software implementation units:
  • Spectrum sensing unit 1401 capable of quickly sensing the noise level of each center frequency point in the surrounding environment and the possible signal types, involving the implementation of steps 1.1, 2 and 3 of the embodiment shown in Figure 8a and Figure 8b above process;
  • Frequency control unit 1402 a software module for setting the center frequency and channel bandwidth of the system working channel, involving the third step of the embodiment shown in Figure 8a and Figure 8b above;
  • Frequency decision-making unit 1403 a decision-making software module that determines the optimal center frequency and channel bandwidth according to channel noise, received signal strength, and signal-to-noise ratio, involving the fourth step of the embodiment shown in Figure 8a and Figure 8b above;
  • Dynamic authentication and encryption unit 1404 a control software module that triggers the dynamic authentication and encryption process, involving the fifth step of the embodiment shown in Figure 8a and Figure 8b above;
  • Digital signal processing unit 1405 configured as a processing function for decoding wireless air interface digital signals, involving the second and third steps of the above-mentioned embodiments shown in FIG. 8a and FIG. 8b;
  • System clock unit 1406 a high-precision clock of the system, involving the processes of step 1.1 and step 2.1 of the embodiment shown in Fig. 8a and Fig. 8b above;
  • Beacon information unit 1407 an information unit configured as an information unit for the system to broadcast its identity externally, involving the process of step 6.3 of the embodiment shown in Figure 8a and Figure 8b above;
  • Communication management protocol stack 1408 configured to implement the communication protocols of the physical layer and the MAC layer, involving the processes of steps 5.2, 6 and 7 of the above-mentioned embodiments shown in FIG. 8a and FIG. 8b;
  • Digital signal processing baseband module driver 1409 a hardware module including a digital signal processing unit, related to the 2.1-step process of the embodiment shown in Fig. 8a and Fig. 8b above.
  • the wideband cognitive wireless technology proposed by the embodiment of this application is controlled by a MIPS processor, a broadband radio frequency front-end, hard-core digital signal processing, and a trusted authentication authentication encryption module.
  • Spectrum sensing triggers frequency hopping linkage dynamic trusted authentication authentication encryption technology
  • the communication system implementation device is implemented based on shared spectrum and does not require licensed spectrum, which can meet the long-term technical requirements of high-security systems that are based on unlicensed spectrum and can operate stably and reliably in the power industry.
  • the system adopts a broadband front-end, which can solve the limitations of the 802.11 system operating frequency band of 2.4GHz/5.8GHz and the problem of poor non-line-of-sight broadband transmission; the use of interference-triggered frequency hopping can solve the problem of anti-interference in the stable operation of unlicensed spectrum systems;
  • the dynamic trusted authentication authentication/encryption technology with frequency hopping linkage can eliminate the hidden danger that the static authentication and encryption methods of IEEE and 3GPP systems may be cracked by violence, and the defects of low independent controllability of foreign chips and foreign encryption methods.
  • the system device proposed in the embodiment of this application is based on the shared frequency spectrum of the power business (such as the infrastructure project site), supports non-line-of-sight transmission, can operate reliably, and meets the security requirements for communication networking in various application scenarios of the power business. Broad prospects.
  • the embodiment of this application is realized by chip, which has the advantages of low cost and high throughput.
  • the system supports multiple networking modes such as point-to-point, point-to-multipoint, and ad hoc network, which can solve the problem of no network or network failure in underground cable tunnels, transmission lines, and underground substations. Communication networking problems in special power business scenarios with weak network coverage, opening up the "last mile" data transmission channel.
  • the device provided by the embodiment of the present application is also applicable to various power business application scenarios such as power transmission and transformation projects, such as: "new infrastructure” UHV industry UHV line cableway intelligent inspection, construction and acceptance of new base station projects, underground substations, underground Scenarios such as pipeline robot inspection, underground cable trench engineering, line engineering, and all-weather status inspection of transmission lines.
  • power business application scenarios such as power transmission and transformation projects, such as: "new infrastructure” UHV industry UHV line cableway intelligent inspection, construction and acceptance of new base station projects, underground substations, underground Scenarios such as pipeline robot inspection, underground cable trench engineering, line engineering, and all-weather status inspection of transmission lines.
  • the embodiment of this application discloses a dynamic authentication and encryption system, including:
  • the connection access authentication module is configured to be based on the authentication request, and the two nodes to be connected respectively obtain the ID of the other party after being encrypted by the connection authentication key, and perform connection access authentication based on the obtained ID; wherein, the connection authentication key
  • the obtaining steps include: obtaining the three parameters at the time when the authentication request is issued: time stamp, center frequency point and preset channel bandwidth, using the first preset master key encryption algorithm to encrypt the obtained three parameters, and obtaining the connection authentication key;
  • the encrypted data information transmission module is configured to obtain the connection access authentication result. When the connection access authentication result is successfully passed, the encrypted data information to be transmitted is transmitted between the two nodes that have completed the connection access authentication.
  • the embodiment of this application discloses a dynamic authentication and encryption system, including:
  • connection access authentication module is configured to perform connection access authentication for the two nodes to be connected based on the authentication request;
  • the encrypted data information transmission module is configured to obtain the connection access authentication result.
  • the connection access authentication result When the connection access authentication result is successfully passed, the data information to be transmitted will be encrypted with the link information encryption key.
  • the step of obtaining the link information encryption key includes: obtaining three parameters at the first preset moment: time stamp, center frequency point and channel bandwidth, and the channel bandwidth is based on the data information to be transmitted The data bandwidth is determined; the second preset master key encryption algorithm is used to encrypt the obtained three parameters to obtain the link information encryption key.
  • the embodiment of this application discloses a dynamic authentication and encryption system, including:
  • the connection access authentication module is configured to be based on the authentication request, and the two nodes to be connected respectively obtain the ID of the other party after being encrypted by the connection authentication key, and perform connection access authentication based on the obtained ID; wherein, the connection authentication key
  • the obtaining steps include: obtaining the three parameters at the time when the authentication request is issued: time stamp, center frequency point and preset channel bandwidth, using the first preset master key encryption algorithm to encrypt the obtained three parameters, and obtaining the connection authentication key;
  • the encrypted data information transmission module is configured to obtain the connection access authentication result.
  • the connection access authentication result When the connection access authentication result is successfully passed, the data information to be transmitted will be encrypted with the link information encryption key.
  • the step of obtaining the link information encryption key includes: obtaining three parameters at the first preset moment: time stamp, center frequency point and channel bandwidth, and the channel bandwidth is based on the data information to be transmitted The data bandwidth is determined; the second preset master key encryption algorithm is used to encrypt the obtained three parameters to obtain the link information encryption key.
  • An embodiment of the present application provides a broadband cognitive wireless communication system, including:
  • the first sending module is configured to send an authentication request to the authentication receiving node, and output to the authentication receiving node the ID of the initiating node encrypted by the connection authentication key;
  • the authentication result acquisition module is configured to obtain the authentication receiving node ID after the authentication receiving node is encrypted by the connection authentication key, parse the authentication receiving node ID, and obtain the authentication receiving node authentication result;
  • the second sending module is configured to exchange encrypted data information to be transmitted with the authentication receiving node according to the authentication result of the successfully passed authentication receiving node and the obtained authentication result of the successfully passing authentication initiating node; wherein, the connection authentication key It is obtained by encrypting the time stamp at the moment when the authentication request is issued, the center frequency point, and the preset channel bandwidth by the first preset master key encryption algorithm.
  • An embodiment of the present application provides a broadband cognitive wireless communication system, including:
  • the first sending module is configured to send an authentication request to the authentication receiving node, and output the encrypted authentication initiation node ID to the authentication receiving node;
  • the authentication result obtaining module is configured to obtain the authentication receiving node ID encrypted by the authentication receiving node, parse the authentication receiving node ID, and obtain the authentication result of the authentication receiving node;
  • the second sending module is configured to exchange with the authentication receiving node the data information to be transmitted after being encrypted by the link information encryption key according to the authentication result of the successfully passed authentication receiving node and the obtained authentication result of the successfully passing authentication initiating node; wherein , the link information encryption key is obtained by encrypting the time stamp, center frequency point, and channel bandwidth at the first preset moment with a second preset master key encryption algorithm.
  • An embodiment of the present application provides a broadband cognitive wireless communication system, including:
  • An authentication request acquisition module configured to acquire an authentication request from an authentication initiating node
  • the first output module is configured to output the authentication receiving node ID encrypted by the connection authentication key
  • the authentication result obtaining module is configured to obtain the authentication initiation node ID encrypted by the connection authentication key, parse the authentication initiation node ID, and obtain the authentication initiation node authentication result;
  • the second output module is configured to exchange encrypted data information to be transmitted with the authentication initiating node according to the authentication result of the successfully passed authentication initiating node and the obtained authentication result of the successfully passing authentication receiving node; wherein, the connection authentication key It is obtained by encrypting the time stamp at the moment when the authentication request is issued, the center frequency point, and the preset channel bandwidth by the first preset master key encryption algorithm.
  • An embodiment of the present application provides a broadband cognitive wireless communication system, including:
  • An authentication request acquisition module configured to acquire an authentication request from an authentication initiating node
  • the first output module is configured to output the encrypted authentication receiving node ID
  • the authentication result obtaining module is configured to obtain the authentication initiation node ID encrypted by the authentication initiation node, parse the authentication initiation node ID, and obtain the authentication initiation node authentication result;
  • the second output module is configured to interact with the authentication initiating node according to the authentication result of the successfully passed authentication initiating node and the acquired authentication result of the successfully passing authentication receiving node, which is encrypted by the link information encryption key; wherein , the link information encryption key is obtained by encrypting the time stamp, center frequency point, and channel bandwidth at the first preset moment with a second preset master key encryption algorithm.
  • the embodiments of the present application may be provided as methods, systems, devices, computer-readable storage media or computer program products. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) having computer-usable program code embodied therein.
  • These computer program instructions may also be stored in a computer-readable memory capable of directing a computer or other programmable data processing apparatus to operate in a specific manner, such that the instructions stored in the computer-readable memory produce an article of manufacture comprising instruction means, the instructions
  • the device realizes the function specified in one or more procedures of the flowchart and/or one or more blocks of the block diagram.
  • These computer program instructions can also be loaded onto a computer or other programmable data processing device, causing a series of operational steps to be performed on the computer or other programmable device to produce a computer-implemented process, thereby
  • the instructions provide steps configured to implement the functions specified in the flow diagram procedure or procedures and/or block diagram procedures or blocks.
  • the present application discloses a broadband cognitive wireless communication method, system, device, and computer-readable storage medium.
  • the method includes: based on the authentication request, the two nodes to be connected respectively obtain the other party's encrypted connection authentication key. ID, performing connection access authentication based on the obtained ID; wherein, the step of obtaining the connection authentication key includes: obtaining three parameters at the time when the authentication request is issued: time stamp, center frequency point and preset channel bandwidth, using the first The preset master key encryption algorithm encrypts the obtained three parameters to obtain the connection authentication key; obtains the connection access authentication result.
  • the connection access authentication result is passed successfully, the two The encrypted data information to be transmitted is transmitted between nodes.
  • the method disclosed in this application can guarantee one or more of node security, connection security, and information transmission security by means of dynamic encryption security.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The present application discloses a broadband cognitive radio communication method and system, a device, and a storage medium. The method comprises: on the basis of an authentication request, two nodes to be connected respectively acquire IDs of one another that are encrypted by means of a connection authentication key, and perform connection access authentication on the basis of the acquired IDs, wherein the connection authentication key is obtained by performing, by using a first preset master key encryption algorithm, encryption operation on a timestamp, a center frequency point, and a preset channel bandwidth at a time point when the authentication request is sent; and acquire a connection access authentication result, and when the connection access authentication result indicates success, transmit encrypted data information to be transmitted between the two nodes subjected to the connection access authentication.

Description

宽带认知无线通信方法、***、设备及存储介质Broadband cognitive wireless communication method, system, device and storage medium
相关申请的交叉引用Cross References to Related Applications
本申请基于申请号为202111029106.0、申请日为2021年09月02日的中国专利申请提出,并要求该中国专利申请的优先权,该中国专利申请的全部内容在此引入本申请作为参考。This application is based on a Chinese patent application with application number 202111029106.0 and a filing date of September 2, 2021, and claims the priority of this Chinese patent application. The entire content of this Chinese patent application is hereby incorporated by reference into this application.
技术领域technical field
本申请属于无线通信技术领域,涉及无线通信安全加密领域,特别涉及一种宽带认知无线通信方法、***、设备及存储介质。The present application belongs to the technical field of wireless communication, relates to the field of wireless communication security encryption, and in particular relates to a broadband cognitive wireless communication method, system, device and storage medium.
背景技术Background technique
随着电力行业数字化、智能化的快速发展,亟需具有高安全性的无线通信设备;然而,电力行业没有专用的连续频谱,但又需要实时传输视频、图像类等高带宽业务,要求具备完善的保密性、安全性、可靠性。With the rapid development of digitalization and intelligence in the power industry, wireless communication equipment with high security is urgently needed; however, the power industry does not have a dedicated continuous spectrum, but it needs to transmit high-bandwidth services such as video and images in real time, which requires a complete confidentiality, security, and reliability.
目前,传统的基于第3代移动通信合作计划(3GPP,3rd Generation Partnership Project)和电气与电子工程师协会(IEEE,Institute of Electrical and Electronics Engineers)标准的宽带无线通信***,采用授权专用频谱或共享频谱,支持固定信道带宽,均采用静态密钥加密方式,其空中接口为标准方式,仅仅依靠算法保证信息的安全性和完整性。随着计算能力的飞跃,攻击者可采用基于标准空中接口的接收机,截获并解调数字信号,获得加密后的用户数据后,可以通过暴力破解方式,获得通信信息,安全性存在一定的风险。At present, traditional broadband wireless communication systems based on the standards of the 3rd Generation Partnership Project (3GPP, 3rd Generation Partnership Project) and the Institute of Electrical and Electronics Engineers (IEEE, Institute of Electrical and Electronics Engineers) use authorized dedicated spectrum or shared spectrum , supports fixed channel bandwidth, adopts static key encryption method, and its air interface is a standard method, only relying on algorithms to ensure the security and integrity of information. With the leap in computing power, attackers can use receivers based on standard air interfaces to intercept and demodulate digital signals. After obtaining encrypted user data, they can obtain communication information through brute force cracking. There are certain risks in security. .
现有的动态加密方法不能很好地解决上述采用静态密钥加密方式存在的缺陷,其原因在于:目前已有的动态加密方法中,很多采用产生随机数的方式,将随机数广播,然后收发信机根据随机数制定加密方式,但是这种方法需要专门产生随机数的模块,并且随机数在广播过程中很容易泄露,所以安全性也受到了威胁。Existing dynamic encryption methods cannot well solve the defects of the above-mentioned static key encryption method. The reason is that many of the existing dynamic encryption methods use the method of generating random numbers, broadcasting the random numbers, and then sending and receiving The letter machine formulates an encryption method based on random numbers, but this method requires a special module for generating random numbers, and random numbers are easily leaked during broadcasting, so security is also threatened.
发明内容Contents of the invention
本申请提供一种宽带认知无线通信方法、***、设备及存储介质,以解决上述存在的一个或多个技术问题。本申请公开的方法以动态加密安全手段,可保障节点安全、连接安全和信息传输安全中的一种或多种。The present application provides a broadband cognitive wireless communication method, system, device and storage medium, so as to solve one or more existing technical problems above. The method disclosed in this application can guarantee one or more of node security, connection security, and information transmission security by means of dynamic encryption security.
本申请实施例提供一种宽带认知无线通信方法,包括:An embodiment of the present application provides a broadband cognitive wireless communication method, including:
认证发起节点发出认证请求;输出经连接认证密钥加密处理后的认证发起节点标识(ID,Identity Document);获取经连接认证密钥加密处理后的认证接收节点ID,解析加密处理后的认证接收节点ID获得认证接收节点认证结果;The authentication initiating node sends an authentication request; outputs the authentication initiating node ID (ID, Identity Document) encrypted by the connection authentication key; obtains the authentication receiving node ID encrypted by the connection authentication key, and parses the encrypted authentication receiving node The node ID obtains the authentication and receives the node authentication result;
认证接收节点接收认证请求;输出经连接认证密钥加密处理后的认证接收节点ID;获取经连接认证密钥加密处理后的认证发起节点ID,解析加密处理后的认证发起节点ID获得认证发起节点认证结果;The authentication receiving node receives the authentication request; outputs the authentication receiving node ID encrypted by the connection authentication key; obtains the authentication initiating node ID encrypted by the connection authentication key, parses the encrypted authentication initiating node ID to obtain the authentication initiating node Certification results;
判断认证接收节点认证结果和认证发起节点认证结果均为成功通过时,认证发起节点和认证接收节点交互加密处理后的待传输数据信息;When it is judged that both the authentication result of the authentication receiving node and the authentication result of the authentication initiating node are successfully passed, the data information to be transmitted after the authentication initiating node and the authentication receiving node are interactively encrypted;
其中,所述连接认证密钥由第一预设主密钥加密算法对认证请求发出时刻的时间戳、中心频点和预设信道带宽进行加密运算获得。Wherein, the connection authentication key is obtained by encrypting the time stamp at the moment when the authentication request is issued, the central frequency point, and the preset channel bandwidth by the first preset master key encryption algorithm.
本申请实施例提供一种宽带认知无线通信方法,包括:An embodiment of the present application provides a broadband cognitive wireless communication method, including:
认证发起节点发出认证请求;输出加密处理后的认证发起节点ID;获取加密处理后的认证接收节点ID,解析加密处理后的认证接收节点ID获得认证接收节点认证结果;The authentication initiating node sends an authentication request; the encrypted authentication initiating node ID is output; the encrypted authentication receiving node ID is obtained, and the encrypted authentication receiving node ID is parsed to obtain the authentication receiving node authentication result;
认证接收节点接收认证请求;输出加密处理后的认证接收节点ID;获取加密处理后的认证发起节点ID,解析加密处理后的认证发起节点ID获得认证发起节点认证结果;The authentication receiving node receives the authentication request; outputs the encrypted authentication receiving node ID; obtains the encrypted authentication initiating node ID, parses the encrypted authentication initiating node ID to obtain the authentication initiating node authentication result;
判断认证接收节点认证结果和认证发起节点认证结果均为成功通过时,认证发起节点和认证接收节点交互经链路信息加密密钥加密处理后的待传输数据信息;When it is judged that both the authentication result of the authentication receiving node and the authentication result of the authentication initiating node are successfully passed, the authentication initiating node and the authentication receiving node exchange the data information to be transmitted after being encrypted by the link information encryption key;
其中,所述链路信息加密密钥由第二预设主密钥加密算法对第一预设时刻的时间戳、中心频点和信道带宽进行加密运算获得。Wherein, the link information encryption key is obtained by encrypting the time stamp, center frequency point, and channel bandwidth at the first preset moment with a second preset master key encryption algorithm.
本申请实施例提供一种宽带认知无线通信方法,包括:An embodiment of the present application provides a broadband cognitive wireless communication method, including:
向认证接收节点发出认证请求,向认证接收节点输出经连接认证密钥加密处理后的认证发起节点ID;Send an authentication request to the authentication receiving node, and output the authentication initiation node ID encrypted by the connection authentication key to the authentication receiving node;
获取认证接收节点经连接认证密钥加密处理后的认证接收节点ID,解析认证接收节点ID,获得认证接收节点认证结果;Obtain the authentication receiving node ID encrypted by the connection authentication key, analyze the authentication receiving node ID, and obtain the authentication result of the authentication receiving node;
根据成功通过的认证接收节点认证结果和获取的成功通过的认证发起节点认证结果,与认证接收节点交互加密处理后的待传输数据信息;According to the authentication result of the successfully passed authentication receiving node and the obtained authentication result of the successfully passed authentication initiating node, the encrypted data information to be transmitted is exchanged with the authentication receiving node;
其中,所述连接认证密钥由第一预设主密钥加密算法对认证请求发出时刻的时间戳、中心频点和预设信道带宽进行加密运算获得。Wherein, the connection authentication key is obtained by encrypting the time stamp at the moment when the authentication request is issued, the central frequency point, and the preset channel bandwidth by the first preset master key encryption algorithm.
本申请实施例提供一种宽带认知无线通信方法,包括:An embodiment of the present application provides a broadband cognitive wireless communication method, including:
向认证接收节点发出认证请求,向认证接收节点输出加密处理后的认证发起节点ID;Send an authentication request to the authentication receiving node, and output the encrypted authentication initiation node ID to the authentication receiving node;
获取认证接收节点加密处理后的认证接收节点ID,解析认证接收节点ID,获得认证接收节点认证结果;Obtaining the authentication receiving node ID encrypted by the authentication receiving node, parsing the authentication receiving node ID, and obtaining the authentication result of the authentication receiving node;
根据成功通过的认证接收节点认证结果和获取的成功通过的认证发起节点认证结果,与认证接收节点交互经链路信息加密密钥加密处理后的待传输数据信息;According to the authentication result of the successfully passed authentication receiving node and the obtained authentication result of the successfully passed authentication initiating node, exchange the data information to be transmitted encrypted by the link information encryption key with the authentication receiving node;
其中,所述链路信息加密密钥由第二预设主密钥加密算法对第一预设时刻的时间戳、中心频点和信道带宽进行加密运算获得。Wherein, the link information encryption key is obtained by encrypting the time stamp, center frequency point, and channel bandwidth at the first preset moment with a second preset master key encryption algorithm.
本申请实施例提供一种宽带认知无线通信方法,包括:An embodiment of the present application provides a broadband cognitive wireless communication method, including:
获取认证发起节点的认证请求;Obtain the authentication request of the authentication initiating node;
输出经连接认证密钥加密处理后的认证接收节点ID;Output the authentication receiving node ID encrypted by the connection authentication key;
获取认证发起节点经连接认证密钥加密处理后的认证发起节点ID,解析认证发起节点ID,获得认证发起节点认证结果;Obtain the authentication initiation node ID encrypted by the connection authentication key, analyze the authentication initiation node ID, and obtain the authentication initiation node authentication result;
根据成功通过的认证发起节点认证结果和获取的成功通过的认证接收节点认证结果,与认证发起节点交互加密处理后的待传输数据信息;According to the authentication result of the successfully passed authentication initiating node and the obtained authentication result of the successfully passing authentication receiving node, the encrypted data information to be transmitted is exchanged with the authentication initiating node;
其中,所述连接认证密钥由第一预设主密钥加密算法对认证请求发出时刻的时间戳、中心频点和预设信道带宽进行加密运算获得。Wherein, the connection authentication key is obtained by encrypting the time stamp at the moment when the authentication request is issued, the central frequency point, and the preset channel bandwidth by the first preset master key encryption algorithm.
本申请实施例提供一种宽带认知无线通信方法,包括:An embodiment of the present application provides a broadband cognitive wireless communication method, including:
获取认证发起节点的认证请求;Obtain the authentication request of the authentication initiating node;
输出加密处理后的认证接收节点ID;Output encrypted authentication receiving node ID;
获取认证发起节点加密处理后的认证发起节点ID,解析认证发起节点ID,获得认证发起节点认证结果;Obtain the authentication initiation node ID encrypted by the authentication initiation node, parse the authentication initiation node ID, and obtain the authentication initiation node authentication result;
根据成功通过的认证发起节点认证结果和获取的成功通过的认证接收节点认证结果,与认证发起节点交互经链路信息加密密钥加密处理后的待传输数据信息;According to the authentication result of the successfully passed authentication initiating node and the obtained authentication result of the successfully passed authentication receiving node, exchange the data information to be transmitted encrypted by the link information encryption key with the authentication initiating node;
其中,所述链路信息加密密钥由第二预设主密钥加密算法对第一预设时刻的时间戳、中心频点和信道带宽进行加密运算获得。Wherein, the link information encryption key is obtained by encrypting the time stamp, center frequency point, and channel bandwidth at the first preset moment with a second preset master key encryption algorithm.
本申请实施例提供一种宽带认知无线通信***,包括:An embodiment of the present application provides a broadband cognitive wireless communication system, including:
第一发送模块,配置为向认证接收节点发出认证请求,向认证接收节点输出经连接认证密钥加密处理后的认证发起节点ID;The first sending module is configured to send an authentication request to the authentication receiving node, and output to the authentication receiving node the ID of the initiating node encrypted by the connection authentication key;
认证结果获取模块,配置为获取认证接收节点经连接认证密钥加密处理后的认证接收节点ID,解析认证接收节点ID,获得认证接收节点认证结果;The authentication result acquisition module is configured to obtain the authentication receiving node ID after the authentication receiving node is encrypted by the connection authentication key, parse the authentication receiving node ID, and obtain the authentication receiving node authentication result;
第二发送模块,配置为根据成功通过的认证接收节点认证结果和获取的成功通过的认证发起节点认证结果,与认证接收节点交互加密处理后的待传输数据信息;其中,所述连接认证密钥由第一预设主密钥加密算法对认证请求发出时刻的时间戳、中心频点和预设信道带宽进行加密运算获得。The second sending module is configured to exchange encrypted data information to be transmitted with the authentication receiving node according to the authentication result of the successfully passed authentication receiving node and the obtained authentication result of the successfully passing authentication initiating node; wherein, the connection authentication key It is obtained by encrypting the time stamp at the moment when the authentication request is issued, the center frequency point, and the preset channel bandwidth by the first preset master key encryption algorithm.
本申请实施例提供一种宽带认知无线通信***,包括:An embodiment of the present application provides a broadband cognitive wireless communication system, including:
第一发送模块,配置为向认证接收节点发出认证请求,向认证接收节点输出加密处理后的认证 发起节点ID;The first sending module is configured to send an authentication request to the authentication receiving node, and output the encrypted authentication initiation node ID to the authentication receiving node;
认证结果获取模块,配置为获取认证接收节点加密处理后的认证接收节点ID,解析认证接收节点ID,获得认证接收节点认证结果;The authentication result obtaining module is configured to obtain the authentication receiving node ID encrypted by the authentication receiving node, parse the authentication receiving node ID, and obtain the authentication result of the authentication receiving node;
第二发送模块,配置为根据成功通过的认证接收节点认证结果和获取的成功通过的认证发起节点认证结果,与认证接收节点交互经链路信息加密密钥加密处理后的待传输数据信息;其中,所述链路信息加密密钥由第二预设主密钥加密算法对第一预设时刻的时间戳、中心频点和信道带宽进行加密运算获得。The second sending module is configured to exchange with the authentication receiving node the data information to be transmitted after being encrypted by the link information encryption key according to the authentication result of the successfully passed authentication receiving node and the obtained authentication result of the successfully passing authentication initiating node; wherein , the link information encryption key is obtained by encrypting the time stamp, center frequency point, and channel bandwidth at the first preset moment with a second preset master key encryption algorithm.
本申请实施例提供一种宽带认知无线通信***,包括:An embodiment of the present application provides a broadband cognitive wireless communication system, including:
认证请求获取模块,配置为获取认证发起节点的认证请求;An authentication request acquisition module configured to acquire an authentication request from an authentication initiating node;
第一输出模块,配置为输出经连接认证密钥加密处理后的认证接收节点ID;The first output module is configured to output the authentication receiving node ID encrypted by the connection authentication key;
认证结果获取模块,配置为获取认证发起节点经连接认证密钥加密处理后的认证发起节点ID,解析认证发起节点ID,获得认证发起节点认证结果;The authentication result obtaining module is configured to obtain the authentication initiation node ID encrypted by the connection authentication key, parse the authentication initiation node ID, and obtain the authentication initiation node authentication result;
第二输出模块,配置为根据成功通过的认证发起节点认证结果和获取的成功通过的认证接收节点认证结果,与认证发起节点交互加密处理后的待传输数据信息;其中,所述连接认证密钥由第一预设主密钥加密算法对认证请求发出时刻的时间戳、中心频点和预设信道带宽进行加密运算获得。The second output module is configured to exchange encrypted data information to be transmitted with the authentication initiating node according to the authentication result of the successfully passed authentication initiating node and the obtained authentication result of the successfully passing authentication receiving node; wherein, the connection authentication key It is obtained by encrypting the time stamp at the moment when the authentication request is issued, the center frequency point, and the preset channel bandwidth by the first preset master key encryption algorithm.
本申请实施例提供一种宽带认知无线通信***,包括:An embodiment of the present application provides a broadband cognitive wireless communication system, including:
认证请求获取模块,配置为获取认证发起节点的认证请求;An authentication request acquisition module configured to acquire an authentication request from an authentication initiating node;
第一输出模块,配置为输出加密处理后的认证接收节点ID;The first output module is configured to output the encrypted authentication receiving node ID;
认证结果获取模块,配置为获取认证发起节点加密处理后的认证发起节点ID,解析认证发起节点ID,获得认证发起节点认证结果;The authentication result obtaining module is configured to obtain the authentication initiation node ID encrypted by the authentication initiation node, parse the authentication initiation node ID, and obtain the authentication initiation node authentication result;
第二输出模块,配置为根据成功通过的认证发起节点认证结果和获取的成功通过的认证接收节点认证结果,与认证发起节点交互经链路信息加密密钥加密处理后的待传输数据信息;其中,所述链路信息加密密钥由第二预设主密钥加密算法对第一预设时刻的时间戳、中心频点和信道带宽进行加密运算获得。The second output module is configured to interact with the authentication initiating node according to the authentication result of the successfully passed authentication initiating node and the acquired authentication result of the successfully passing authentication receiving node, which is encrypted by the link information encryption key; wherein , the link information encryption key is obtained by encrypting the time stamp, center frequency point, and channel bandwidth at the first preset moment with a second preset master key encryption algorithm.
本申请实施例提供一种电子设备,包括:An embodiment of the present application provides an electronic device, including:
存储器,配置为存储可执行指令;memory configured to store executable instructions;
处理器,配置为执行所述存储器中存储的可执行指令时,实现上述宽带认知无线通信方法的步骤。A processor configured to implement the steps of the broadband cognitive wireless communication method when executing the executable instructions stored in the memory.
本申请实施例提供一种计算机可读存储介质,存储有计算机可执行指令,所述计算机可执行指令配置为引起处理器执行时,实现上述宽带认知无线通信方法的步骤。An embodiment of the present application provides a computer-readable storage medium, which stores computer-executable instructions, and the computer-executable instructions are configured to cause a processor to implement the steps of the broadband cognitive wireless communication method above.
本申请实施例公开的方法中,采用关联时间戳、中心频点和信道带宽形成加密密钥的方式实现动态认证加密,认证加密密钥随着时间、中心频点、信道带宽的随机改变而动态改变,大大降低信息暴力破解的可能性,能够提升信息传输的安全性和可靠性。In the method disclosed in the embodiment of the present application, dynamic authentication and encryption are realized by forming an encryption key by associating time stamps, center frequency points, and channel bandwidth. Changes can greatly reduce the possibility of information brute force cracking, and can improve the security and reliability of information transmission.
本申请实施例公开的方法中,采用关联时间戳、中心频点和信道带宽,该三个参量根据周围环境干扰情况和信息传输需求的变化随机动态变化,从而产生动态的链路信息加密密钥,实现对数据信息进行动态加密传输,防止第三方暴力破解、窃取信息,能够提升信息传输的安全性和可靠性。In the method disclosed in the embodiment of this application, the associated time stamp, center frequency point, and channel bandwidth are used. These three parameters change randomly and dynamically according to the surrounding environment interference and information transmission requirements, thereby generating a dynamic link information encryption key. , Realize dynamic encrypted transmission of data information, prevent third-party violent cracking and information theft, and improve the security and reliability of information transmission.
在本申请实施例公开的方法中,采用关联时间戳、中心频点和信道带宽形成加密密钥的方式实现动态认证加密方法的接入认证,采用关联时间戳、中心频点和信道带宽,该三个参量根据周围环境干扰情况和信息传输需求的变化随机动态变化,从而产生动态的链路信息加密密钥,对数据信息进行动态加密传输,以动态加密双重安全手段,可保障节点安全、连接安全和信息传输安全。In the method disclosed in the embodiment of this application, the access authentication of the dynamic authentication encryption method is realized by using the associated time stamp, center frequency point and channel bandwidth to form an encryption key. The three parameters randomly and dynamically change according to the surrounding environment interference and the change of information transmission requirements, thereby generating a dynamic link information encryption key, and dynamically encrypting and transmitting data information. The dual security means of dynamic encryption can ensure node security and connection Security and Information Transmission Security.
附图说明Description of drawings
为了更清楚地说明本申请实施例或现有技术中的技术方案,下面对实施例或现有技术描述中所需要使用的附图做简单的介绍;显而易见地,下面描述中的附图是本申请的一些实施例,对于本领域普通技术人员来说,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the technical solutions in the embodiments of the present application or the prior art, the following briefly introduces the drawings that need to be used in the description of the embodiments or the prior art; obviously, the drawings in the following description are For some embodiments of the present application, those skilled in the art can also obtain other drawings based on these drawings without creative effort.
图1是相关技术中WAPI安全认证的框架示意图;FIG. 1 is a schematic diagram of a framework of WAPI security authentication in the related art;
图2是相关技术中WAPI安全认证流程示意图;Fig. 2 is a schematic diagram of the WAPI security authentication process in the related art;
图3是相关技术中IEEE 802.11WPA认证总体流程示意图;Figure 3 is a schematic diagram of the overall flow of IEEE 802.11WPA certification in related technologies;
图4是相关技术中WPA认证四次握手过程示意图;FIG. 4 is a schematic diagram of the four-way handshake process of WPA authentication in the related art;
图5是本申请实施例提供的动态认证加密方法的一种实现流程示意图;FIG. 5 is a schematic diagram of an implementation flow of the dynamic authentication and encryption method provided by the embodiment of the present application;
图6是本申请实施例提供的动态认证加密方法的另一种实现流程示意图;FIG. 6 is a schematic flow diagram of another implementation of the dynamic authentication and encryption method provided by the embodiment of the present application;
图7是本申请实施例提供的动态认证加密方法的再一种实现流程示意图;FIG. 7 is a schematic flow diagram of another implementation of the dynamic authentication and encryption method provided by the embodiment of the present application;
图8a和图8b是本申请实施例提供的采用动态认证加密技术的宽带认知无线通信***的一种实现流程示意图;Figure 8a and Figure 8b are schematic diagrams of an implementation flow of a broadband cognitive wireless communication system using dynamic authentication and encryption technology provided by the embodiment of the present application;
图9是本申请实施例提供的宽带认知无线通信方法的一种实现流程示意图;FIG. 9 is a schematic flowchart of an implementation of a broadband cognitive wireless communication method provided in an embodiment of the present application;
图10是本申请实施例提供的宽带认知无线通信方法的另一种实现流程示意图;FIG. 10 is a schematic flowchart of another implementation of the broadband cognitive wireless communication method provided by the embodiment of the present application;
图11是本申请实施例提供的宽带认知无线通信方法的再一种实现流程示意图;FIG. 11 is a schematic flowchart of another implementation of the broadband cognitive wireless communication method provided by the embodiment of the present application;
图12是本申请实施例提供的宽带认知无线通信方法的又一种实现流程示意图;FIG. 12 is a schematic flowchart of another implementation of the broadband cognitive wireless communication method provided by the embodiment of the present application;
图13是本申请实施例提供的宽带认知无线通信***的一种硬件组成架构示意图;FIG. 13 is a schematic diagram of a hardware composition architecture of a broadband cognitive wireless communication system provided by an embodiment of the present application;
图14是本申请实施例提供的宽带认知无线通信***的一种软件组成架构示意图。Fig. 14 is a schematic diagram of a software composition architecture of the broadband cognitive wireless communication system provided by the embodiment of the present application.
具体实施方式Detailed ways
为了使本技术领域的人员更好地理解本申请方案,下面将结合本申请实施例中的附图,对本申请实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本申请一部分的实施例,而不是全部的实施例。基于本申请中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都应当属于本申请保护的范围。In order to enable those skilled in the art to better understand the solution of the present application, the technical solution in the embodiment of the application will be clearly and completely described below in conjunction with the accompanying drawings in the embodiment of the application. Obviously, the described embodiment is only It is an embodiment of a part of the application, but not all of the embodiments. Based on the embodiments in this application, all other embodiments obtained by persons of ordinary skill in the art without creative efforts shall fall within the scope of protection of this application.
需要说明的是,本申请的说明书和权利要求书及上述附图中的术语“第一”、“第二”等是用于区别类似的对象,而不必用于描述特定的顺序或先后次序。应该理解这样使用的数据在适当情况下可以互换,以便这里描述的本申请的实施例能够以除了在这里图示或描述的那些以外的顺序实施。此外,术语“包括”和“具有”以及他们的任何变形,意图在于覆盖不排他的包含,例如,包含了一系列步骤或单元的过程、方法、***、产品或设备不必限于清楚地列出的那些步骤或单元,而是可包括没有清楚地列出的或对于这些过程、方法、产品或设备固有的其它步骤或单元。It should be noted that the terms "first" and "second" in the description and claims of the present application and the above drawings are used to distinguish similar objects, but not necessarily used to describe a specific sequence or sequence. It is to be understood that the data so used are interchangeable under appropriate circumstances such that the embodiments of the application described herein can be practiced in sequences other than those illustrated or described herein. Furthermore, the terms "comprising" and "having", as well as any variations thereof, are intended to cover a non-exclusive inclusion, for example, a process, method, system, product or device comprising a sequence of steps or elements is not necessarily limited to the expressly listed instead, may include other steps or elements not explicitly listed or inherent to the process, method, product or apparatus.
下面结合附图对本申请实施例进行详细描述:The embodiment of the application is described in detail below in conjunction with the accompanying drawings:
目前的可信鉴权认证/加密技术,包括3GPP和IEEE标准,均采用静态密钥加密方式,其空中接口为标准方式,仅仅依靠算法保证信息的安全性和完整性。随着计算能力的飞跃,攻击者可采用基于标准空中接口的接收机,截获并解调数字信号,获得加密后的用户数据后,可以通过暴力破解方式,获得通信信息,安全性存在一定的风险。传统的无线通信***前端通常采用固定方式的滤波器,***工作频段受限于前端滤波器,因此一般采用固定频段通信方式,无法支持宽带射频信号感知和干扰触发跳频。另外,传统的无线通信方式采用基于标准定义的空中接口方式传送数据,第三方可以通过标准的空中接口截获并解调数字信号,获得加密后的用户数据后,通过暴力破解方式,获得通信信息。The current trusted authentication/encryption technologies, including 3GPP and IEEE standards, all use static key encryption, and its air interface is a standard method, relying only on algorithms to ensure the security and integrity of information. With the leap in computing power, attackers can use receivers based on standard air interfaces to intercept and demodulate digital signals. After obtaining encrypted user data, they can obtain communication information through brute force cracking. There are certain risks in security. . The front-end of traditional wireless communication systems usually uses fixed filters, and the operating frequency band of the system is limited by the front-end filters. Therefore, fixed-band communication methods are generally used, which cannot support broadband RF signal sensing and interference-triggered frequency hopping. In addition, the traditional wireless communication method uses the air interface defined by the standard to transmit data. The third party can intercept and demodulate the digital signal through the standard air interface, obtain the encrypted user data, and obtain the communication information through brute force.
综上,传统的基于3GPP和IEEE的***,无法满足其共享频谱、抗干扰、高安全性、可靠性的需求,而自选频短波无线电台体积大,造价高,提供的吞吐能力不满足电力业务视频等大带宽的传输需求。因此,电力业务需要基于共享频谱的宽带无线***,支持频谱感知、干扰触发跳频、动态可信鉴权认证/加密,以适应电力行业智能化、数字化的发展趋势。To sum up, traditional 3GPP and IEEE-based systems cannot meet their requirements for shared spectrum, anti-interference, high security, and reliability, while self-selected frequency short-wave radio stations are large in size and high in cost, and the throughput capacity provided does not meet the needs of power services. High-bandwidth transmission requirements such as video. Therefore, the power business needs a broadband wireless system based on shared spectrum, which supports spectrum sensing, interference-triggered frequency hopping, and dynamic trusted authentication/encryption to adapt to the development trend of intelligence and digitalization in the power industry.
图1是相关技术中WAPI安全认证的框架示意图,参见图1,在该相关技术方案的结构框架中,无线局域网鉴别和保密基础结构(WAPI,Wireless LAN Authentication and Privacy Infrastructure)是由无线局域网鉴别基础结构(WAI,Wireless LAN Authentication Infrastructure)和无线局域网保密基础结构(WPI,Wireless LAN Privacy Infrastructure)两部分共同构成,WAI负责鉴别实体,WPI负责数据加密。Fig. 1 is the frame schematic diagram of WAPI security certification in the related art, referring to Fig. 1, in the structural framework of this related technical scheme, wireless LAN authentication and privacy infrastructure (WAPI, Wireless LAN Authentication and Privacy Infrastructure) is identified by the wireless local area network The structure (WAI, Wireless LAN Authentication Infrastructure) and the wireless LAN privacy infrastructure (WPI, Wireless LAN Privacy Infrastructure) are composed of two parts. WAI is responsible for identifying entities, and WPI is responsible for data encryption.
WAI基于椭圆曲线算法,采用公钥加密机制,支持192、224、256位的三种椭圆曲线加密。负责通过证书体系完成基站(STA,Station)和接入点(AP,Access Point)的双向认证。WAI模块可按功能区分为以下三大实体:WAI is based on the elliptic curve algorithm, adopts the public key encryption mechanism, and supports three elliptic curve encryptions of 192, 224, and 256 bits. Responsible for completing the two-way authentication between the base station (STA, Station) and the access point (AP, Access Point) through the certificate system. The WAI module can be divided into the following three entities by function:
(1)鉴别器实体(AE,Authenticator Entity):一般集成于AP中,其功能是负责在STA接入AP进行业务处理之前,提供对STA的认证和鉴别操作。(1) Authenticator Entity (AE, Authenticator Entity): Generally integrated in the AP, its function is to provide authentication and authentication operations for the STA before the STA accesses the AP for business processing.
(2)鉴别请求者实体(ASUE,Authentication Supplicant Entity):一般集成于STA中,其功能是负责在收到AP的鉴别激活消息后,向AP发起鉴别接入请求。(2) Authentication Supplicant Entity (ASUE, Authentication Supplicant Entity): generally integrated in the STA, its function is to initiate an authentication access request to the AP after receiving the authentication activation message from the AP.
(3)鉴别服务实体(ASE,Authentication Service Entity):一般集成在鉴别服务单元(ASU, Authentication Service Unit)中,负责为AP和STA提供相互鉴别服务(如证书管理、身份鉴别等)。(3) Authentication Service Entity (ASE, Authentication Service Entity): Generally integrated in the Authentication Service Unit (ASU, Authentication Service Unit), responsible for providing mutual authentication services (such as certificate management, identity authentication, etc.) for AP and STA.
图2是相关技术中WAPI安全认证流程示意图,参见图2,STA和AP基于各自的证书完成证书认证过程,进行身份识别和密钥协商;其中WAPI的认证工作流程如下:Figure 2 is a schematic diagram of the WAPI security authentication process in the related art, referring to Figure 2, the STA and the AP complete the certificate authentication process based on their respective certificates, and perform identity recognition and key negotiation; wherein the WAPI authentication workflow is as follows:
(1)STA与AP建立连接通道,STA发出接入鉴别请求;(1) The STA establishes a connection channel with the AP, and the STA sends an access authentication request;
(2)AP向鉴别服务器(AS,Authentication Service)转发证书鉴别请求,AS下发数字证书;(2) The AP forwards the certificate authentication request to the authentication server (AS, Authentication Service), and the AS issues a digital certificate;
(3)AP和STA分别解析并安装AS下发的数字证书;其中,STA的证书由用户获取并安装,AP的证书由网络管理员在AP入网时安装。(3) The AP and the STA analyze and install the digital certificate issued by the AS respectively; among them, the certificate of the STA is obtained and installed by the user, and the certificate of the AP is installed by the network administrator when the AP connects to the network.
(4)AS的WAPI功能启动,AP和STA分别通过AS完成双向鉴别流程;(4) The WAPI function of the AS is activated, and the AP and the STA complete the two-way authentication process through the AS;
(5)如果鉴别成功,加密功能启动,无线局域网用户接入网络并开始协商密钥后进行数据加密通信。(5) If the authentication is successful, the encryption function starts, and the WLAN user accesses the network and starts negotiating the key to carry out data encryption communication.
基于该现有技术方案可知,WAPI实现了STA和AP的双向认证,只有持有合法证书的STA才能接入持有合法证书的AP。这样就保证了STA不能登录到非法AP而造成敏感信息的泄露的问题,也能保证持非法证书的STA不能接入AP造成网络资源的浪费。但经分析发现,WAPI在身份认证和密钥协商阶段都存在不同程度的安全隐患,使得不能完全达到标准原定的设计目标。分析陈述如下:Based on this prior art solution, it can be known that WAPI implements mutual authentication between STA and AP, and only STAs holding legal certificates can access APs holding legal certificates. This ensures that STAs cannot log in to illegal APs, resulting in leakage of sensitive information, and also ensures that STAs holding illegal certificates cannot access APs, resulting in a waste of network resources. However, after analysis, it is found that WAPI has different degrees of security risks in the stages of identity authentication and key negotiation, making it impossible to fully meet the original design goals of the standard. The analysis statement is as follows:
(1)STA的证书是以明文形式存在移动端,这样终端丢失就会造成用户证书的丢失,而WAPI对用户的认证是通过验证STA证书的合法性完成的,所以敌手就会凭借此丢失的证书发起身份认证攻击。虽然敌手没有合法证书持有者的私钥,无法完成密钥协商,不能成功接入无线网络,但是非法的接入已恶意占用了端口,带来潜在的安全风险。(1) The STA certificate exists on the mobile terminal in plain text, so the loss of the terminal will cause the loss of the user certificate, and WAPI's authentication of the user is completed by verifying the legitimacy of the STA certificate, so the opponent will rely on this loss The certificate initiates an authentication attack. Although the adversary does not have the private key of the legal certificate holder, cannot complete the key negotiation, and cannot successfully access the wireless network, the illegal access has maliciously occupied the port, bringing potential security risks.
(2)WAPI的密钥协商过程需要双方产生随机数进行运算,对***本身来讲需要产生随机数的模块设计,这增加了***数据处理过程。(2) The key negotiation process of WAPI requires both parties to generate random numbers for calculation. For the system itself, the module design for generating random numbers is required, which increases the data processing process of the system.
(3)WAPI会话密钥的参数没能继承身份认证阶段的认证数据,而且密钥协商时没有对会话材料进行认证,容易遭受中间人攻击。在STA和AP之间协商出会话密钥后没有对会话密钥进行确认,以确保双方已经生成相同的配置为数据加密的会话密钥,因此该密钥协商过程是不完善的,这在WAPI的密钥协商过程中是一个弱点。(3) The parameters of the WAPI session key fail to inherit the authentication data in the identity authentication phase, and the session materials are not authenticated during the key negotiation, which is vulnerable to man-in-the-middle attacks. After the session key is negotiated between the STA and the AP, the session key is not confirmed to ensure that both parties have generated the same session key configured for data encryption. Therefore, the key negotiation process is incomplete. This is in WAPI is a weakness in the key agreement process.
图3是相关技术中IEEE 802.11WPA认证总体流程示意图,参见图3,在该相关技术方案中,离线的IEEE 802.11无线局域网保护接入(WPA,Wireless Fidelity Protected Access)认证加密方式,采用WPA-PSK(预共享秘钥,Pre-Shared Key)(WPA-personal)认证,使用临时密钥完整性协议(TKIP,Temporal Key Integrity Protocol),采用静态密码,通过四次握手完成认证加密过程,总体流程如下:Figure 3 is a schematic diagram of the overall flow of IEEE 802.11WPA authentication in related technologies, see Figure 3, in this related technical solution, the offline IEEE 802.11 Wireless Fidelity Protected Access (WPA, Wireless Fidelity Protected Access) authentication encryption method adopts WPA-PSK (Pre-Shared Key, Pre-Shared Key) (WPA-personal) authentication, using the Temporal Key Integrity Protocol (TKIP, Temporal Key Integrity Protocol), using a static password, and completing the authentication and encryption process through a four-way handshake. The overall process is as follows :
(1)无线AP定期发送beacon数据包,STA收到后,更新无线网络列表;(1) The wireless AP periodically sends beacon data packets, and the STA updates the wireless network list after receiving them;
(2)STA向目标AP发送探测请求(Probe Request);(2) STA sends a probe request (Probe Request) to the target AP;
(3)目标AP回应探测响应(Probe Response);(3) The target AP responds with a probe response (Probe Response);
(4)STA向目标AP发送开放式认证(AUTH,AUTHentication)消息;(4) STA sends open authentication (AUTH, AUTHentication) message to target AP;
(5)AP回应AUTH消息;(5) The AP responds to the AUTH message;
(6)STA向目标AP发送关联请求(Association Request)消息;(6) STA sends association request (Association Request) message to target AP;
(7)目标AP向STA发送关联响应(Aassociation Response)消息;(7) The target AP sends an association response (Aassociation Response) message to the STA;
(8)基于局域网的扩展认证协议(EAPOL,Extensible Authentication Protocol Over LAN)四次握手进行认证;(8) Extensible Authentication Protocol Over LAN (EAPOL, Extensible Authentication Protocol Over LAN) four-way handshake for authentication;
(9)四次握手过程中,AP与STA协商计算出512位的成对临时密钥(PTK,Pairwise Transient Key)和256位的组临时密钥(GTK,Group Transient Key);(9) During the four-way handshake, the AP negotiates with the STA to calculate a 512-bit pairwise transient key (PTK, Pairwise Transient Key) and a 256-bit group temporary key (GTK, Group Transient Key);
(10)认证完成,控制端口打开,802.11数据帧正常通过,PTK保护单播数据帧,GTK保护组播数据以及广播数据帧,认证加密过程完成。(10) The authentication is completed, the control port is opened, the 802.11 data frame passes normally, the PTK protects the unicast data frame, the GTK protects the multicast data and the broadcast data frame, and the authentication and encryption process is completed.
图4是相关技术中WPA认证四次握手过程示意图,如图4所示,四次握手认证过程如下:Fig. 4 is a schematic diagram of the four-way handshake process of WPA authentication in related technologies. As shown in Fig. 4, the four-way handshake authentication process is as follows:
(1)AP向STA传送自己生成的随机数A-nonce,信息完整性检查码(MIC,Message Integrity Code)为全0;(1) The AP transmits the random number A-nonce generated by itself to the STA, and the message integrity check code (MIC, Message Integrity Code) is all 0;
(2)STA收到A-nonce后,加上自己生成的随机数S-nonce,生成PTK,然后生成MIC,之后STA把S-nonce与MIC一并传给AP;(2) After the STA receives the A-nonce, it adds the random number S-nonce generated by itself to generate the PTK, and then generates the MIC, and then the STA sends the S-nonce and the MIC to the AP;
(3)AP收到STA的S-nonce后,生成自己的PTK,然后生成MIC,比对STA传来的MIC,由于MIC由成对主密钥(PMK,Pairwise Master Key)与PTK生成,如果MIC不正确,意味着PTK或PMK不正确,则结束本次验证,如果正确,则传给STA身份验证通过报文,并附上MIC;(3) After the AP receives the STA's S-nonce, it generates its own PTK, then generates the MIC, and compares the MIC sent by the STA. Since the MIC is generated by the paired master key (PMK, Pairwise Master Key) and PTK, if If the MIC is incorrect, it means that the PTK or PMK is incorrect, then end this verification, if it is correct, send the STA authentication pass message, and attach the MIC;
(4)确认(3)中消息,附上MIC;(4) Confirm the message in (3) and attach the MIC;
认证过程中,AP和STA相互确认对方的PMK是否与自己的一致,如果一致,认证成功,如不一致,认证失败。为确保传输的完整性,握手过程中使用了MIC检验码。During the authentication process, the AP and the STA mutually confirm whether the other party's PMK is consistent with their own. If they are consistent, the authentication succeeds. If not, the authentication fails. In order to ensure the integrity of the transmission, the MIC check code is used in the handshake process.
基于该现有技术方案可知,以上通信***的四次握手过程,尤其是预共享秘钥(PSK,Pre-Shared Key)方式,由于采用的是静态密码,存在被暴力破解风险,其中一种破解方式为字典方式,即用字典中PSK+服务集标识(SSID,Service Set Identifier)先生成PMK,然后结合握手包中的STA的介质访问控制(MAC,Media Access Control)地址,AP的SSID、A-nonce、S-nonce计算PTK,再加上原始的报文数据,算出MIC并与AP发送的MIC比较,如果一致,那么该PSK即为密钥。另外,WPA没有很好的向后兼容性;利用WPA会影响网络性能,除非安装加快处理性能的硬件;采用国外标准,国外芯片(英特尔、博通、高通等)和国外加密算法(AES)设计的,自主可控性低,存在重大安全隐患。Based on this prior art solution, it can be seen that the four-way handshake process of the above communication system, especially the pre-shared key (PSK, Pre-Shared Key) method, has the risk of being cracked by violence due to the use of static passwords. The method is the dictionary method, that is, use the PSK+Service Set Identifier (SSID, Service Set Identifier) in the dictionary to generate a PMK, and then combine the STA’s Media Access Control (MAC, Media Access Control) address in the handshake packet, the AP’s SSID, A- The nonce and S-nonce calculate the PTK, plus the original message data, calculate the MIC and compare it with the MIC sent by the AP. If they are consistent, the PSK is the key. In addition, WPA does not have good backward compatibility; using WPA will affect network performance unless hardware that accelerates processing performance is installed; it is designed using foreign standards, foreign chips (Intel, Broadcom, Qualcomm, etc.) and foreign encryption algorithms (AES) , low autonomy and controllability, and there are major safety hazards.
基于上述分析研究,本申请后续实施例中提供一些实施例以解决上述现有技术存在问题中的一个或多个。Based on the above analysis and research, some embodiments are provided in the subsequent embodiments of the present application to solve one or more of the above-mentioned existing problems in the prior art.
请参阅图5,本申请实施例提供一种动态认证加密方法,该方法包括以下步骤:Please refer to Figure 5, the embodiment of the present application provides a dynamic authentication encryption method, the method includes the following steps:
步骤S501,基于认证请求,待连接的两个节点分别获取对方经连接认证密钥加密处理后的ID,基于获取的ID进行连接接入认证;其中,连接认证密钥的获取步骤包括:获取认证请求发出时刻的三个参数:时间戳、中心频点和预设信道带宽,采用第一预设主密钥加密算法对获取的三个参数进行加密运算,获得连接认证密钥。Step S501, based on the authentication request, the two nodes to be connected respectively obtain the ID of the other party encrypted by the connection authentication key, and perform connection access authentication based on the obtained ID; wherein, the step of obtaining the connection authentication key includes: obtaining the authentication key The three parameters at the moment when the request is sent: time stamp, center frequency point and preset channel bandwidth, and the first preset master key encryption algorithm is used to encrypt the obtained three parameters to obtain the connection authentication key.
步骤S502,获取连接接入认证结果,当连接接入认证结果为成功通过时,在完成连接接入认证的两个节点间传输加密处理后的待传输数据信息。Step S502, obtaining a connection access authentication result, and when the connection access authentication result is successfully passed, the encrypted data information to be transmitted is transmitted between the two nodes that have completed the connection access authentication.
在一些示例中,认证请求发出时刻的中心频点为认证请求发出时刻的最小噪声信号强度的中心频点。In some examples, the center frequency point at the time when the authentication request is sent is the center frequency point with the minimum noise signal strength at the time when the authentication request is sent out.
在一些示例中,第一预设主密钥加密算法为SM3、AES或3DES。例如,应用于电力业务场景时第一预设主密钥加密算法可以选为SM3。In some examples, the first preset master key encryption algorithm is SM3, AES or 3DES. For example, SM3 may be selected as the first preset master key encryption algorithm when it is applied to a power business scenario.
本申请实施例公开的动态认证加密方法中,采用关联时间戳、中心频点和信道带宽形成加密密钥的方式实现动态认证加密,认证加密密钥随着时间、中心频点、信道带宽的随机改变而动态改变,大大降低信息暴力破解的可能性,能够提升信息传输的安全性和可靠性。In the dynamic authentication and encryption method disclosed in the embodiment of the present application, dynamic authentication and encryption are realized by using the associated time stamp, center frequency point, and channel bandwidth to form an encryption key. Changes and dynamic changes greatly reduce the possibility of information brute force cracking, and can improve the security and reliability of information transmission.
请参阅图6,本申请实施例提供一种动态认证加密方法,该方法包括以下步骤:Please refer to Figure 6, the embodiment of the present application provides a dynamic authentication encryption method, the method includes the following steps:
步骤S601,基于认证请求,待连接的两个节点进行连接接入认证。Step S601, based on the authentication request, the two nodes to be connected perform connection access authentication.
步骤S602,获取连接接入认证结果,当连接接入认证结果为成功通过时,在完成连接接入认证的两个节点间传输采用链路信息加密密钥加密处理后的待传输数据信息;其中,链路信息加密密钥的获取步骤包括:获取第一预设时刻的三个参数:时间戳、中心频点和信道带宽,信道带宽是根据待传输数据信息的数据带宽确定的,中心频点是根据各个频点的噪声信号强度确定的;采用第二预设主密钥加密算法对获取的三个参数进行加密运算,获得链路信息加密密钥。Step S602, obtain the connection access authentication result, when the connection access authentication result is successfully passed, transmit the to-be-transmitted data information encrypted with the link information encryption key between the two nodes that have completed the connection access authentication; , the step of obtaining the link information encryption key includes: obtaining three parameters at the first preset moment: time stamp, center frequency point and channel bandwidth, the channel bandwidth is determined according to the data bandwidth of the data information to be transmitted, and the center frequency point It is determined according to the noise signal strength of each frequency point; the second preset master key encryption algorithm is used to encrypt the obtained three parameters to obtain the link information encryption key.
在一些示例中,认证请求发出时刻的中心频点为认证请求发出时刻的最小噪声信号强度的中心频点。In some examples, the center frequency point at the time when the authentication request is sent is the center frequency point with the minimum noise signal strength at the time when the authentication request is sent out.
在一些示例中,第一预设时刻为数据传输时中心频点发生变化的时刻,或者为数据传输时信道带宽发生变化的时刻,或者为数据传输时中心频点和信道带宽发生变化的时刻;第一预设时刻的中心频点为第一预设时刻的最小噪声信号强度的中心频点。In some examples, the first preset moment is the moment when the center frequency point changes during data transmission, or the moment when the channel bandwidth changes during data transmission, or the moment when the center frequency point and channel bandwidth change during data transmission; The center frequency point at the first preset moment is the center frequency point of the minimum noise signal strength at the first preset moment.
在一些示例中,第二预设主密钥加密算法为SM3、AES或3DES。例如,应用于电力业务场景时第二预设主密钥加密算法可以选为SM3。In some examples, the second preset master key encryption algorithm is SM3, AES or 3DES. For example, SM3 may be selected as the second preset master key encryption algorithm when it is applied to a power business scenario.
本申请实施例公开的动态认证加密方法中,采用关联时间戳、中心频点和信道带宽这三个参量实现动态认证加密,该三个参量根据周围环境干扰情况和信息传输需求的变化随机动态变化,从而产生动态的链路信息加密密钥,实现对数据信息进行动态加密传输,防止第三方暴力破解、窃取信息,能够提升信息传输的安全性和可靠性。In the dynamic authentication and encryption method disclosed in the embodiment of the present application, the three parameters of associated time stamp, center frequency point and channel bandwidth are used to realize dynamic authentication and encryption. The three parameters change randomly and dynamically according to the surrounding environment interference and information transmission requirements. , so as to generate a dynamic link information encryption key, realize dynamic encrypted transmission of data information, prevent third-party violent cracking and information theft, and improve the security and reliability of information transmission.
请参阅图7,本申请实施例提供一种动态认证加密方法,该方法包括以下步骤:Please refer to Figure 7, the embodiment of the present application provides a dynamic authentication encryption method, the method includes the following steps:
步骤S701,基于认证请求,待连接的两个节点分别获取对方经连接认证密钥加密处理后的ID,基于获取的ID进行连接接入认证;其中,连接认证密钥的获取步骤包括:获取认证请求发出时刻的三个参数:时间戳、中心频点和预设信道带宽,采用第一预设主密钥加密算法对获取的三个参数进行加密运算,获得连接认证密钥。Step S701, based on the authentication request, the two nodes to be connected respectively obtain the ID of the other party encrypted by the connection authentication key, and perform connection access authentication based on the obtained ID; wherein, the step of obtaining the connection authentication key includes: obtaining the authentication key The three parameters at the moment when the request is sent: time stamp, center frequency point and preset channel bandwidth, and the first preset master key encryption algorithm is used to encrypt the obtained three parameters to obtain the connection authentication key.
步骤S702,获取连接接入认证结果,当连接接入认证结果为成功通过时,在完成连接接入认证 的两个节点间传输采用链路信息加密密钥加密处理后的待传输数据信息;其中,链路信息加密密钥的获取步骤包括:获取第一预设时刻的三个参数:时间戳、中心频点和信道带宽,信道带宽是根据待传输数据信息的数据带宽确定的,中心频点是根据各个频点的噪声信号强度确定的;采用第二预设主密钥加密算法对获取的三个参数进行加密运算,获得链路信息加密密钥。Step S702, obtain the connection access authentication result, and when the connection access authentication result is successfully passed, transmit the to-be-transmitted data information encrypted with the link information encryption key between the two nodes that have completed the connection access authentication; , the step of obtaining the link information encryption key includes: obtaining three parameters at the first preset moment: time stamp, center frequency point and channel bandwidth, the channel bandwidth is determined according to the data bandwidth of the data information to be transmitted, and the center frequency point It is determined according to the noise signal strength of each frequency point; the second preset master key encryption algorithm is used to encrypt the obtained three parameters to obtain the link information encryption key.
在一些示例中,认证请求发出时刻的中心频点为认证请求发出时刻的最小噪声信号强度的中心频点;第一预设时刻为数据传输时中心频点和/或信道带宽发生变化的时刻;第一预设时刻的中心频点为第一预设时刻的最小噪声信号强度的中心频点。第一预设主密钥加密算法和第二预设主密钥加密算法均为SM3、AES或3DES。例如,应用于电力业务场景时第一预设主密钥加密算法和第二预设主密钥加密算法均可选为SM3。In some examples, the center frequency point at the time when the authentication request is sent is the center frequency point with the minimum noise signal strength at the time when the authentication request is sent out; the first preset time point is the time when the center frequency point and/or channel bandwidth changes during data transmission; The center frequency point at the first preset moment is the center frequency point of the minimum noise signal strength at the first preset moment. Both the first preset master key encryption algorithm and the second preset master key encryption algorithm are SM3, AES or 3DES. For example, both the first preset master key encryption algorithm and the second preset master key encryption algorithm can be selected as SM3 when applied to a power business scenario.
在一些示例中,第一预设时刻为数据传输时中心频点和/或信道带宽发生变化的时刻;第一预设时刻的中心频点为第一预设时刻的最小噪声信号强度的中心频点。在一些示例中,第一预设时刻的获取步骤包括:在传输数据过程中,若监测到其它中心频点的噪声信号强度比当前工作的中心频点噪声强度小或者传输数据的数据带宽发生变化时,中心频点或信道带宽都会相应变化,其中第一预设时刻为中心频点和/或信道带宽发生变化的时刻。In some examples, the first preset moment is the moment when the center frequency point and/or the channel bandwidth change during data transmission; the center frequency point at the first preset moment is the center frequency of the minimum noise signal strength at the first preset moment point. In some examples, the step of obtaining the first preset moment includes: during data transmission, if it is detected that the noise signal intensity of other center frequency points is smaller than the noise intensity of the currently working center frequency point or the data bandwidth of the transmission data changes , the center frequency point or channel bandwidth will change accordingly, wherein the first preset moment is the moment when the center frequency point and/or channel bandwidth changes.
本申请实施例公开的动态认证加密方法中,采用关联时间戳、中心频点和信道带宽形成加密密钥的方式实现动态认证加密方法的接入认证,时间戳、中心频点和信道带宽该三个参量根据周围环境干扰情况和信息传输需求的变化随机动态变化,从而产生动态的链路信息加密密钥,对数据信息进行动态加密传输,以动态加密双重安全手段,可保障节点安全、连接安全和信息传输安全。In the dynamic authentication encryption method disclosed in the embodiment of this application, the access authentication of the dynamic authentication encryption method is realized by using the encryption key formed by associating time stamp, center frequency point and channel bandwidth. A parameter changes randomly and dynamically according to the surrounding environment interference and the change of information transmission requirements, thereby generating a dynamic link information encryption key, and dynamically encrypting and transmitting data information. The dual security means of dynamic encryption can ensure node security and connection security. and information transmission security.
本申请实施例再提供一种动态认证加密方法,该方法包括以下步骤:The embodiment of the present application further provides a dynamic authentication and encryption method, which includes the following steps:
第1步:获取当前时间戳、中心频点和信道带宽,根据当前时间戳、中心频点和信道带宽生成连接认证密钥;采用ID认证方式,对两个节点进行连接接入认证。Step 1: Obtain the current time stamp, center frequency point and channel bandwidth, and generate a connection authentication key based on the current time stamp, center frequency point, and channel bandwidth; use ID authentication to authenticate the connection and access of the two nodes.
在一些实施例中,第1步包含以下步骤:In some embodiments, step 1 comprises the steps of:
第1.1步,感知各中心频点的噪声水平和可能存在的信号类型,找到最小信号强度的中心频点,然后获取到当前时刻的时间戳、中心频点和预设信道带宽;Step 1.1, perceive the noise level and possible signal types of each center frequency point, find the center frequency point with the minimum signal strength, and then obtain the time stamp, center frequency point and preset channel bandwidth at the current moment;
第1.2步,获取到当前时刻的时间戳、中心频点和信道带宽时,根据主密钥加密算法对三个参量进行加密运算,生成新的连接认证密钥;Step 1.2: When the time stamp, center frequency point and channel bandwidth of the current moment are obtained, the three parameters are encrypted according to the master key encryption algorithm to generate a new connection authentication key;
第1.3步,当节点1发起与节点2连接认证请求时,节点1需要采用新的连接认证密钥将节点1的ID进行加密,节点2也需要采用新的连接认证密钥将节点2的ID进行加密;Step 1.3, when node 1 initiates a connection authentication request with node 2, node 1 needs to use the new connection authentication key to encrypt the ID of node 1, and node 2 also needs to use the new connection authentication key to encrypt the ID of node 2 encrypt;
第1.4步,节点1将自己的ID密文发送给节点2,节点2将自己的ID密文发送给节点1,节点1和节点2采用连接认证密钥对接收到的ID密文解密,然后将解密的ID与存储的ID序列号进行比对,若比对成功,则连接认证成功,节点1和节点2连接建立成功。In step 1.4, node 1 sends its own ID ciphertext to node 2, node 2 sends its own ID ciphertext to node 1, node 1 and node 2 use the connection authentication key to decrypt the received ID ciphertext, and then Compare the decrypted ID with the stored ID serial number. If the comparison is successful, the connection authentication is successful, and the connection between node 1 and node 2 is successfully established.
第2步:获取当前时间戳、中心频点和信道带宽,根据当前时间戳、中心频点和信道带宽生成链路信息加密密钥,对信息加密传输。Step 2: Obtain the current time stamp, center frequency point and channel bandwidth, generate a link information encryption key according to the current time stamp, center frequency point and channel bandwidth, and encrypt and transmit the information.
在一些实施例中,第2步包含以下步骤:In some embodiments, step 2 comprises the steps of:
第2.1步,实时获取各中心频点的噪声水平和可能存在的信号类型,判断T时刻各中心频点信号强度与当前时刻信号强度的大小,若发现有其他中心频点的信号强度低于当前中心频点的信号强度,记录T时刻的中心频点;Step 2.1, obtain the noise level and possible signal types of each center frequency point in real time, and judge the signal strength of each center frequency point at time T and the signal strength at the current time. If it is found that the signal strength of other center frequency points is lower than the current The signal strength of the center frequency point, record the center frequency point at time T;
第2.2步,根据传输数据类型和信息量,适配最佳的信道带宽。若传输数据类型和信息量发生变化时,立刻切换更匹配的信道带宽,记录T时刻的信道带宽。获取到当前时刻的时间戳、中心频点和信道带宽;In step 2.2, the optimal channel bandwidth is adapted according to the type of data to be transmitted and the amount of information. If the type of transmitted data and the amount of information change, immediately switch to a more matching channel bandwidth, and record the channel bandwidth at time T. Obtain the timestamp, center frequency point and channel bandwidth of the current moment;
第2.3步,各个节点获取到当前时刻的时间戳、中心频点和信道带宽时,根据主密钥加密算法对三个参量进行加密运算,生成新的链路信息加密密钥;Step 2.3, when each node obtains the timestamp, center frequency point and channel bandwidth of the current moment, it encrypts the three parameters according to the master key encryption algorithm to generate a new link information encryption key;
第2.4步,当节点1向节点2发起数据传输请求时,节点1需要采用新的链路信息加密密钥将数据进行加密传输;Step 2.4, when node 1 initiates a data transmission request to node 2, node 1 needs to use a new link information encryption key to encrypt and transmit the data;
第2.5步:节点2收到加密数据利用新的链路信息加密密钥对加密数据进行解密。Step 2.5: Node 2 receives the encrypted data and uses the new link information encryption key to decrypt the encrypted data.
本申请实施例提供的动态认证加密方法中,根据***自生成的时间戳、中心频点和信道带宽这三个动态参量,结合身份认证加密芯片采用主密钥加密,输入加密算法产生新的随时间、中心频点、信道带宽动态变化的连接认证密钥或链路信息加密密钥;这些维度是完全随机的值,取决于当前的频谱感知和频率决策(即中心频点、信道带宽的随机改变),触发连接认证密钥或链路信息加密密钥的动态改变,可能随时出现在不同的频点,随时使用变化不同的信道带宽,第三方甚至无法获得跳频图案,几乎无法获得完整的数据帧,实施暴力破解的数据基础不存在,暴力破解失去了用武之地, 安全性得到保障;同时结合身份认证加密芯片,任意两节点相互连接时,首先需要经过相互身份认证,并支持满足动态认证加密机制。本申请实施例提出的动态认证加密方法,以双重安全手段,能够保障节点安全、连接安全和信息传输安全。In the dynamic authentication encryption method provided by the embodiment of the present application, according to the three dynamic parameters of the system self-generated time stamp, center frequency point and channel bandwidth, combined with the identity authentication encryption chip, the master key is used to encrypt, and the encryption algorithm is input to generate a new random Connection authentication key or link information encryption key with time, center frequency, and channel bandwidth dynamically changing; these dimensions are completely random values, depending on the current spectrum sensing and frequency decision (that is, randomness of center frequency, channel bandwidth change), triggering the dynamic change of the connection authentication key or link information encryption key, which may appear at different frequency points at any time, and use different channel bandwidths at any time. The third party cannot even obtain the frequency hopping pattern, and it is almost impossible to obtain the complete Data frame, the data basis for brute force cracking does not exist, brute force cracking loses its usefulness, and security is guaranteed; at the same time, combined with identity authentication and encryption chips, when any two nodes are connected to each other, they first need to pass mutual identity authentication and support dynamic Authentication encryption mechanism. The dynamic authentication and encryption method proposed in the embodiment of the present application can guarantee node security, connection security and information transmission security by means of double security.
实际应用中,基建工程现场如变电站工程、输电线路工程、电缆沟工程在建设过程中需要临时性组网,有线专网建设成本高。偏远地区、山区、地下沟道、输电线路等无公网信号或信号覆盖弱的特殊场景,现场组网受限于环境、装备、技术、成本等因素,利用现有网络无法实现全覆盖。另外,山区特高压线路工程货运索道线路巡检存在速度慢、风险大、无法留取视频和巡检位置信息等问题,通过在索道上挂载无线图像传输设备,让设备代替巡检员进行快速巡检。以上电力业务场景都需要一种安全、可靠的宽带认知无线通信***,以解决强干扰环境下安全通信组网问题。In practical applications, infrastructure projects such as substation projects, transmission line projects, and cable trench projects require temporary networking during the construction process, and the construction cost of wired private networks is high. In remote areas, mountainous areas, underground trenches, transmission lines and other special scenarios where there is no public network signal or signal coverage is weak, on-site networking is limited by factors such as environment, equipment, technology, and cost, and full coverage cannot be achieved with existing networks. In addition, there are problems such as slow speed, high risk, and inability to retain video and inspection location information in the inspection of the freight cableway line of the UHV line project in mountainous areas. By mounting wireless image transmission equipment on the cableway, the equipment can replace the inspectors to conduct fast inspections. Inspection. The above power business scenarios all require a safe and reliable broadband cognitive wireless communication system to solve the problem of secure communication networking in strong interference environments.
本申请实施例提供的动态认证加密方法,可以应用于作为电力业务的宽带认知无线通信方法或***的加密方式。本申请实施例提供的动态认证加密***,可以应用于作为电力业务的宽带认知无线通信方法或***的加密装置。本申请实施例提供的动态认证加密技术可应用到宽带无线通信***中,增强无线***的传输可靠性。The dynamic authentication and encryption method provided in the embodiment of the present application can be applied to an encryption method of a broadband cognitive wireless communication method or system serving as an electric power service. The dynamic authentication and encryption system provided in the embodiment of the present application may be applied to an encryption device of a broadband cognitive wireless communication method or system for power services. The dynamic authentication and encryption technology provided by the embodiment of the present application can be applied to a broadband wireless communication system to enhance transmission reliability of the wireless system.
请参阅图8a和图8b,本申请实施例提供一种采用动态认证加密技术的宽带认知无线通信***的实现方法,该方法可以包括以下步骤:Please refer to FIG. 8a and FIG. 8b. The embodiment of the present application provides a method for implementing a broadband cognitive wireless communication system using dynamic authentication and encryption technology. The method may include the following steps:
第1步:任意两个宽带认知无线通信***(以下简称“***”)连接时,触发连接接入认证机制。Step 1: When any two broadband cognitive wireless communication systems (hereinafter referred to as "systems") are connected, a connection access authentication mechanism is triggered.
在一些实施例中,第1步包含以下步骤:In some embodiments, step 1 comprises the steps of:
第1.1步,***频谱感知单元感知各中心频点的噪声水平和可能存在的信号类型,找到最小信号强度的中心频点,通过***时钟单元获取时间戳,从而获取到当前时刻的时间戳、中心频点和预设信道带宽;Step 1.1, the system spectrum sensing unit perceives the noise level and possible signal types of each center frequency point, finds the center frequency point with the minimum signal strength, and obtains the time stamp through the system clock unit, so as to obtain the time stamp and center frequency at the current moment. Frequency point and preset channel bandwidth;
第1.2步,获取到当前时刻的时间戳、中心频点和信道带宽时,结合身份认证加密芯片,根据主密钥加密算法对三个参量进行加密运算,生成新的连接认证密钥;Step 1.2: When the time stamp, center frequency point and channel bandwidth of the current moment are obtained, combine the identity authentication encryption chip to encrypt the three parameters according to the master key encryption algorithm to generate a new connection authentication key;
第1.3步,当本***发起与其他任意***连接认证请求时,本***需要采用新的连接认证密钥将本***的ID进行加密,其他***也需要采用新的连接认证密钥将它的ID加密;Step 1.3, when the system initiates a connection authentication request with any other system, the system needs to use a new connection authentication key to encrypt the ID of the system, and other systems also need to use a new connection authentication key to encrypt its ID encryption;
第1.4步,本***将自己的ID密文发送给其他***,其他***将自己的ID密文发送给本***,本***和其他***采用连接认证密钥将接收到的ID密文解密,然后将ID与存储的ID序列号进行比对,若比对成功,则连接认证成功,两个***连接接入建立成功,进入***的信息传输过程。In step 1.4, the system sends its own ID ciphertext to other systems, and other systems send their own ID ciphertext to this system. This system and other systems use the connection authentication key to decrypt the received ID ciphertext, and then Compare the ID with the stored ID serial number. If the comparison is successful, the connection authentication is successful, the connection and access of the two systems are successfully established, and the information transmission process of the system is entered.
第2步:***时钟单元记录周期T时刻***频谱感知单元启动频率感知进程。Step 2: The system clock unit starts the frequency sensing process at time T of the recording cycle T.
在一些实施例中,第2步包括以下步骤:In some embodiments, step 2 includes the steps of:
第2.1步,当***发射信号时,***时钟单元记录发射信号前时钟周期T时刻,触发***的频谱感知单元启动频率感知进程。频率感知进程解耦双路接收,0路接收单元配置为接收当前固定中心频点和信道带宽的通信信号,1路接收单元由频谱感知单元通过数字信号处理基带模块驱动控制数字信号处理单元。In step 2.1, when the system transmits a signal, the system clock unit records the time T of the clock period before transmitting the signal, and triggers the spectrum sensing unit of the system to start the frequency sensing process. The frequency sensing process decouples two-way reception, the 0-way receiving unit is configured to receive communication signals with a fixed center frequency and channel bandwidth, and the 1-way receiving unit is driven by the spectrum sensing unit through the digital signal processing baseband module to control the digital signal processing unit.
第2.2步,频率感知进程控制前端滑动窗口滤波器,并控制数字信号处理单元完成对各中心频点的噪声水平和可能存在的信号类型的快速感知。In step 2.2, the frequency perception process controls the front-end sliding window filter, and controls the digital signal processing unit to complete the rapid perception of the noise level of each center frequency point and the possible signal type.
第3步:***的频率感知单元获取感知信息并输出到频率控制单元。Step 3: The frequency sensing unit of the system obtains the sensing information and outputs it to the frequency control unit.
在一些实施例中,第3步包括以下步骤:In some embodiments, step 3 includes the steps of:
第3.1步,***的数字信号处理单元完成各中心频点的噪声水平和可能存在的信号类型的感知后,将得到当前T时刻各中心频点的噪声水平和可能存在信号类型,数字信号处理单元将当前时刻各中心频点的噪声水平和可能存在的信号类型通过数字信号处理驱动返回频率感知单元。In step 3.1, after the digital signal processing unit of the system completes the perception of the noise level and possible signal types of each center frequency point, it will obtain the noise level and possible signal types of each center frequency point at the current T time, and the digital signal processing unit The noise level and possible signal types of each center frequency point at the current moment are driven back to the frequency sensing unit through digital signal processing.
第3.2步,***的频率感知单元收到感知信息后,实时将当前时刻各中心频点的噪声水平和可能存在的信号类型结果输出至频率控制单元。Step 3.2: After receiving the sensing information, the frequency sensing unit of the system outputs the noise level and possible signal types of each center frequency point at the current moment to the frequency control unit in real time.
第4步:时钟周期T时刻宽带认知无线通信***的频率决策单元启动频谱决策进程。Step 4: The frequency decision-making unit of the broadband cognitive wireless communication system starts a spectrum decision-making process at time T of the clock cycle.
在一些实施例中,第4步包括以下步骤:In some embodiments, step 4 includes the steps of:
第4.1步,频谱决策进程收到获得的当前时刻各中心频点噪声水平和可能存在信号类型的数据后,与当前工作信道噪声功率谱密度相比较。In step 4.1, after the spectrum decision-making process receives the obtained data on the noise level of each center frequency point and possible signal types at the current moment, it compares it with the noise power spectral density of the current working channel.
第4.2步,如果当前时刻各中心频点噪声水平和可能存在信号类型的功率谱密度高于当前工作信道值X,频谱决策进程将比较结果返回频率决策单元;如果当前时刻各中心频点的噪声水平和可能存在的信号类型功率谱密度低于当前工作信道值Y,频谱决策进程将决策宽带认知无线通信***新的工作中心频点和信道带宽,并将新的中心频点、信道带宽和时间戳输出至动态认证加密单元和通信管理协议栈单元。Step 4.2, if the noise level of each central frequency point at the current moment and the power spectral density of the possible signal types are higher than the value X of the current working channel, the spectrum decision-making process will return the comparison result to the frequency decision-making unit; if the noise level of each central frequency point at the current moment The power spectral density of the level and possible signal types is lower than the value Y of the current working channel, the spectrum decision process will decide the new working center frequency point and channel bandwidth of the broadband cognitive wireless communication system, and the new center frequency point, channel bandwidth and The time stamp is output to the dynamic authentication encryption unit and the communication management protocol stack unit.
第5步:时钟周期T时刻触发宽带认知无线通信***的动态认证加密单元启动动态认证加密进程。Step 5: Trigger the dynamic authentication and encryption unit of the broadband cognitive wireless communication system to start the dynamic authentication and encryption process at time T of the clock cycle.
在一些实施例中,第5步包括以下步骤:In some embodiments, step 5 includes the steps of:
第5.1步,动态认证加密进程判断是否收到新的中心频点、信道带宽和时间戳。Step 5.1, the dynamic authentication and encryption process judges whether the new center frequency point, channel bandwidth and time stamp are received.
第5.2步,如果没有收到新的中心频点、信道带宽和时间戳,动态认证加密进程将结果返回动态认证加密单元;如果收到新的中心频点、信道带宽和时间戳,动态认证加密进程将结合节点的身份认证加密芯片,对三个参量进行加密运算,决策生成新的链路信息加密密钥,并将新的链路信息加密密钥输出至通信管理协议栈单元。In step 5.2, if the new center frequency point, channel bandwidth and time stamp are not received, the dynamic authentication encryption process returns the result to the dynamic authentication encryption unit; if new center frequency point, channel bandwidth and time stamp are received, the dynamic authentication encryption The process will combine the node's identity authentication encryption chip to perform encryption operations on the three parameters, decide to generate a new link information encryption key, and output the new link information encryption key to the communication management protocol stack unit.
第6步:时钟周期T时刻触发宽带认知无线通信***的通信管理协议栈单元启动跳频密钥准备进程。Step 6: The clock cycle T triggers the communication management protocol stack unit of the broadband cognitive wireless communication system to start the frequency hopping key preparation process.
在一些实施例中,第6步包括以下步骤:In some embodiments, step 6 includes the steps of:
第6.1步,跳频密钥准备进程判断是否收到新的中心频点和信道带宽信息。Step 6.1, the frequency hopping key preparation process judges whether the new center frequency point and channel bandwidth information is received.
第6.2步,如果没有收到新的中心频点和信道带宽信息,跳频密钥准备进程将结果返回通信管理协议栈单元。Step 6.2, if no new center frequency point and channel bandwidth information is received, the frequency hopping key preparation process returns the result to the communication management protocol stack unit.
第6.3步:如果收到新的中心频点和信道带宽,跳频密钥准备进程判断是否收到新的链路信息加密密钥,如果没有收到,跳频密钥准备进程将结果返回通信管理协议栈单元;如果收到新的链路信息加密密钥,跳频密钥准备进程将新的中心频点和信道带宽信息编码加密,通过信标信息单元广播。Step 6.3: If the new center frequency point and channel bandwidth are received, the frequency hopping key preparation process judges whether a new link information encryption key is received, if not received, the frequency hopping key preparation process returns the result to the communication Management protocol stack unit; if a new link information encryption key is received, the frequency hopping key preparation process encodes and encrypts the new center frequency point and channel bandwidth information, and broadcasts it through the beacon information unit.
第7步:时钟周期T+1时刻触发宽带认知无线通信***的通信管理协议栈单元启动跳频密钥激活进程,建立新的链路。Step 7: The clock cycle T+1 triggers the communication management protocol stack unit of the broadband cognitive wireless communication system to start the frequency hopping key activation process and establish a new link.
在一些实施例中,第7步包括以下步骤:In some embodiments, step 7 includes the steps of:
第7.1步,跳频密钥激活进程,激活新的链路信息加密密钥,激活***新的工作中心频点、信道带宽。Step 7.1, the frequency hopping key activation process, activates the new link information encryption key, and activates the new working center frequency point and channel bandwidth of the system.
第7.2步,***按照新的工作中心频点和信道带宽建立新的链路。In step 7.2, the system establishes a new link according to the new working center frequency and channel bandwidth.
第8步:时钟周期T+1时刻,***按照新的链路信息加密密钥对数据加密传输。Step 8: At clock cycle T+1, the system encrypts and transmits data according to the new link information encryption key.
在一些实施例中,第8步包括以下步骤:In some embodiments, step 8 includes the steps of:
第8.1步,***发射数据信息时,结合身份认证加密芯片,按照新的链路信息加密密钥对数据进行加密,然后按照新的链路发送加密数据;Step 8.1, when the system transmits data information, combine the identity authentication encryption chip to encrypt the data according to the new link information encryption key, and then send the encrypted data according to the new link;
第8.2步,当链路建立成功后的任意其他***接收到加密数据时,利用新的链路信息加密密钥对数据进行解密。至此,宽带认知无线通信***完成数据信息安全、可靠的整个传输过程。In step 8.2, when any other system receives encrypted data after the link is successfully established, it uses the new link information encryption key to decrypt the data. So far, the broadband cognitive wireless communication system has completed the entire transmission process of data information security and reliability.
现有的通信技术无法提供满足电力行业使用共享频谱、高可靠性、高安全性、稳定运行要求的宽带无线通信***,针对这些问题,本申请实施例提供解决方案是基于时点的宽带非授权频谱的实时动态感知和动态信带带宽调整、基于时点动态感知的非授权频谱中心频点、信道带宽确定和跳频、关联时间、中心频点、信道带宽,结合跳频技术,关联身份认证加密芯片的动态认证加密实现的。The existing communication technology cannot provide a broadband wireless communication system that meets the requirements of the electric power industry to use shared spectrum, high reliability, high security, and stable operation. To address these problems, the solution provided by the embodiment of this application is based on time-point broadband unlicensed Real-time dynamic sensing of spectrum and dynamic band bandwidth adjustment, center frequency point of unlicensed spectrum based on time-point dynamic sensing, channel bandwidth determination and frequency hopping, associated time, center frequency point, channel bandwidth, combined with frequency hopping technology, associated identity authentication The dynamic authentication and encryption of the encryption chip is realized.
本申请实施例的应用中,宽带认知无线通信方法基于本申请实施例提供的上述的动态认证加密方法,能够解决目前电力行业中采用传统无线通信***安全性差,容易被暴力破解获取数据信息或者非法接入占用端口,带来潜在安全风险的技术问题;其利用宽带射频信号感知和干扰触发跳频(示例性的,可以通过适用于电力行业的宽带认知无线通信***获取)两个特点,结合时间、中心频点和信道带宽三个随机参量制定动态认证加密机制,利用***本身参数特点,无需第三方参与随机数产生过程,实现电力业务信息更安全、可靠传输的效果。In the application of the embodiment of the present application, the broadband cognitive wireless communication method is based on the above-mentioned dynamic authentication and encryption method provided by the embodiment of the present application, which can solve the problem that the traditional wireless communication system used in the current electric power industry has poor security and is easily cracked by violence to obtain data information or Illegal access to occupied ports brings potential security risks to technical issues; it utilizes two characteristics of broadband radio frequency signal perception and interference-triggered frequency hopping (for example, it can be obtained through a broadband cognitive wireless communication system applicable to the power industry), Combining the three random parameters of time, center frequency and channel bandwidth to formulate a dynamic authentication encryption mechanism, using the characteristics of the system's own parameters, without the need for a third party to participate in the random number generation process, to achieve a more secure and reliable transmission of power business information.
请参阅图9,本申请实施例提供的一种宽带认知无线通信方法,包括以下步骤:Please refer to FIG. 9, a broadband cognitive wireless communication method provided by an embodiment of the present application includes the following steps:
步骤S901,向认证接收节点发出认证请求,向认证接收节点输出经连接认证密钥加密处理后的认证发起节点ID;获取认证接收节点经连接认证密钥加密处理后的认证接收节点ID,解析认证接收节点ID,获得认证接收节点认证结果;其中,连接认证密钥由第一预设主密钥加密算法对认证请求发出时刻的时间戳、中心频点和预设信道带宽进行加密运算获得。Step S901, sending an authentication request to the authentication receiving node, outputting the authentication initiation node ID encrypted by the connection authentication key to the authentication receiving node; obtaining the authentication receiving node ID encrypted by the connection authentication key on the authentication receiving node, and analyzing the authentication Receiving the node ID to obtain the authentication result of the authentication receiving node; wherein, the connection authentication key is obtained by encrypting the time stamp at the time when the authentication request is issued, the center frequency point, and the preset channel bandwidth by the first preset master key encryption algorithm.
步骤S902,根据成功通过的认证接收节点认证结果和获取的成功通过的认证发起节点认证结果,与认证接收节点交互加密处理后的待传输数据信息。Step S902, according to the authentication result of the successfully passed authentication receiving node and the acquired authentication result of the successfully passed authentication initiating node, exchange encrypted data information to be transmitted with the authentication receiving node.
在一些实施例中,认证请求发出时刻的中心频点为认证请求发出时刻的最小噪声信号强度的中心频点。In some embodiments, the center frequency point at the time when the authentication request is sent is the center frequency point with the minimum noise signal strength at the time when the authentication request is sent out.
在一些实施例中,解析认证接收节点ID,获得认证接收节点认证结果,包括:基于连接认证密钥解密加密处理后的认证接收节点ID,获得原始认证接收节点ID;将原始认证接收节点ID与预设 ID序列号进行对比,对比成功则认证成功通过,对比失败则认证未成功通过。In some embodiments, parsing the authentication receiving node ID to obtain the authentication receiving node authentication result includes: decrypting the encrypted authentication receiving node ID based on the connection authentication key to obtain the original authentication receiving node ID; combining the original authentication receiving node ID with The preset ID serial numbers are compared. If the comparison is successful, the authentication is passed successfully. If the comparison fails, the authentication is not passed successfully.
在一些实施例中,第一预设主密钥加密算法为SM3、AES或3DES。In some embodiments, the first preset master key encryption algorithm is SM3, AES or 3DES.
本申请实施例公开的方法中,采用关联时间戳、中心频点和信道带宽形成加密密钥的方式实现动态认证加密,认证加密密钥随着时间、中心频点、信道带宽的随机改变而动态改变,大大降低信息暴力破解的可能性,能够提升信息传输的安全性和可靠性。In the method disclosed in the embodiment of the present application, dynamic authentication and encryption are realized by forming an encryption key by associating time stamps, center frequency points, and channel bandwidth. Changes can greatly reduce the possibility of information brute force cracking, and can improve the security and reliability of information transmission.
请参阅图10,本申请实施例提供一种宽带认知无线通信方法,包括以下步骤:Please refer to FIG. 10 , an embodiment of the present application provides a broadband cognitive wireless communication method, including the following steps:
步骤S1001,获取认证发起节点的认证请求;输出经连接认证密钥加密处理后的认证接收节点ID;获取认证发起节点经连接认证密钥加密处理后的认证发起节点ID,解析认证发起节点ID,获得认证发起节点认证结果;其中,连接认证密钥由第一预设主密钥加密算法对认证请求发出时刻的时间戳、中心频点和预设信道带宽进行加密运算获得。Step S1001, obtain the authentication request of the authentication initiating node; output the authentication receiving node ID encrypted by the connection authentication key; obtain the authentication initiating node ID of the authentication initiating node encrypted by the connection authentication key, and analyze the authentication initiating node ID, Obtain the authentication result of the authentication initiating node; wherein, the connection authentication key is obtained by encrypting the time stamp at the moment when the authentication request is issued, the center frequency point, and the preset channel bandwidth by the first preset master key encryption algorithm.
步骤S1002,根据成功通过的认证发起节点认证结果和获取的成功通过的认证接收节点认证结果,与认证发起节点交互加密处理后的待传输数据信息。Step S1002, according to the authentication result of the successfully passed authentication initiating node and the acquired authentication result of the successfully passing authentication receiving node, the encrypted data information to be transmitted is exchanged with the authentication initiating node.
在一些实施例中,解析认证发起节点ID,获得认证发起节点认证结果,包括:基于连接认证密钥解密加密处理后的认证发起节点ID,获得原始认证发起节点ID;将原始认证发起节点ID与预设ID序列号进行对比,对比成功则认证成功通过,对比失败则认证未成功通过。In some embodiments, parsing the authentication initiation node ID to obtain the authentication initiation node authentication result includes: decrypting the encrypted authentication initiation node ID based on the connection authentication key to obtain the original authentication initiation node ID; combining the original authentication initiation node ID with The preset ID serial numbers are compared. If the comparison is successful, the authentication is passed successfully. If the comparison fails, the authentication is not passed successfully.
在一些实施例中,认证请求发出时刻的中心频点为认证请求发出时刻的最小噪声信号强度的中心频点。In some embodiments, the center frequency point at the time when the authentication request is sent is the center frequency point with the minimum noise signal strength at the time when the authentication request is sent out.
在一些实施例中,第一预设主密钥加密算法为SM3、AES或3DES。In some embodiments, the first preset master key encryption algorithm is SM3, AES or 3DES.
本申请实施例公开的方法中,采用关联时间戳、中心频点和信道带宽形成加密密钥的方式实现动态认证加密,认证加密密钥随着时间、中心频点、信道带宽的随机改变而动态改变,大大降低信息暴力破解的可能性,能够提升信息传输的安全性和可靠性。In the method disclosed in the embodiment of the present application, dynamic authentication and encryption are realized by forming an encryption key by associating time stamps, center frequency points, and channel bandwidth. Changes can greatly reduce the possibility of information brute force cracking, and can improve the security and reliability of information transmission.
请参阅图11,本申请实施例提供的一种宽带认知无线通信方法,包括以下步骤:Please refer to FIG. 11 , a broadband cognitive wireless communication method provided by an embodiment of the present application includes the following steps:
步骤S1101,向认证接收节点发出认证请求,向认证接收节点输出加密处理后的认证发起节点ID;获取认证接收节点加密处理后的认证接收节点ID,解析认证接收节点ID,获得认证接收节点认证结果。Step S1101, sending an authentication request to the authentication receiving node, and outputting the encrypted authentication initiation node ID to the authentication receiving node; obtaining the encrypted authentication receiving node ID of the authentication receiving node, analyzing the authentication receiving node ID, and obtaining the authentication result of the authentication receiving node .
步骤S1102,根据成功通过的认证接收节点认证结果和获取的成功通过的认证发起节点认证结果,与认证接收节点交互经链路信息加密密钥加密处理后的待传输数据信息;其中,链路信息加密密钥由第二预设主密钥加密算法对第一预设时刻的时间戳、中心频点和信道带宽进行加密运算获得。Step S1102, according to the authentication result of the successfully passed authentication receiving node and the obtained authentication result of the successfully passed authentication initiating node, exchange with the authentication receiving node the data information to be transmitted encrypted by the link information encryption key; wherein, the link information The encryption key is obtained by encrypting the time stamp, center frequency point and channel bandwidth at the first preset moment with the second preset master key encryption algorithm.
在一些实施例中,第一预设时刻为数据传输过程中,中心频点和/或信道带宽发生变化的时刻;第一预设时刻的中心频点为第一预设时刻的最小噪声信号强度的中心频点。In some embodiments, the first preset moment is the moment when the central frequency point and/or channel bandwidth changes during data transmission; the center frequency point at the first preset moment is the minimum noise signal strength at the first preset moment center frequency point.
在一些实施例中,第二预设主密钥加密算法为SM3、AES或3DES。In some embodiments, the second preset master key encryption algorithm is SM3, AES or 3DES.
在一些实施例中,解析认证接收节点ID,获得认证接收节点认证结果,包括:基于连接认证密钥解密加密处理后的认证接收节点ID,获得原始认证接收节点ID;将原始认证接收节点ID与预设ID序列号进行对比,对比成功则认证成功通过,对比失败则认证未成功通过。In some embodiments, parsing the authentication receiving node ID to obtain the authentication receiving node authentication result includes: decrypting the encrypted authentication receiving node ID based on the connection authentication key to obtain the original authentication receiving node ID; combining the original authentication receiving node ID with The preset ID serial numbers are compared. If the comparison is successful, the authentication is passed successfully. If the comparison fails, the authentication is not passed successfully.
本申请实施例公开的方法中,采用关联时间戳、中心频点和信道带宽,该三个参量根据周围环境干扰情况和信息传输需求的变化随机动态变化,从而产生动态的链路信息加密密钥,实现对数据信息进行动态加密传输,防止第三方暴力破解、窃取信息,能够提升信息传输的安全性和可靠性。In the method disclosed in the embodiment of this application, the associated time stamp, center frequency point, and channel bandwidth are used. These three parameters change randomly and dynamically according to the surrounding environment interference and information transmission requirements, thereby generating a dynamic link information encryption key. , Realize dynamic encrypted transmission of data information, prevent third-party violent cracking and information theft, and improve the security and reliability of information transmission.
请参阅图12,本申请实施例提供一种宽带认知无线通信方法,包括以下步骤:Please refer to FIG. 12 , an embodiment of the present application provides a broadband cognitive wireless communication method, including the following steps:
步骤S1201,获取认证发起节点的认证请求;输出加密处理后的认证接收节点ID;获取认证发起节点加密处理后的认证发起节点ID,解析认证发起节点ID,获得认证发起节点认证结果。Step S1201, obtain the authentication request of the authentication initiating node; output the encrypted authentication receiving node ID; obtain the encrypted authentication initiating node ID of the authentication initiating node, analyze the authentication initiating node ID, and obtain the authentication initiating node authentication result.
步骤S1202,根据成功通过的认证发起节点认证结果和获取的成功通过的认证接收节点认证结果,与认证发起节点交互经链路信息加密密钥加密处理后的待传输数据信息;其中,链路信息加密密钥由第二预设主密钥加密算法对第一预设时刻的时间戳、中心频点和信道带宽进行加密运算获得。Step S1202, according to the authentication result of the successfully passed authentication initiating node and the obtained authentication result of the successfully passed authentication receiving node, exchange with the authentication initiating node the data information to be transmitted encrypted by the link information encryption key; wherein, the link information The encryption key is obtained by encrypting the time stamp, center frequency point and channel bandwidth at the first preset moment with the second preset master key encryption algorithm.
在一些实施例中,解析认证发起节点ID,获得认证发起节点认证结果,包括:基于连接认证密钥解密加密处理后的认证发起节点ID,获得原始认证发起节点ID;将原始认证发起节点ID与预设ID序列号进行对比,对比成功则认证成功通过,对比失败则认证未成功通过。In some embodiments, parsing the authentication initiation node ID to obtain the authentication initiation node authentication result includes: decrypting the encrypted authentication initiation node ID based on the connection authentication key to obtain the original authentication initiation node ID; combining the original authentication initiation node ID with The preset ID serial numbers are compared. If the comparison is successful, the authentication is passed successfully. If the comparison fails, the authentication is not passed successfully.
在一些实施例中,第一预设时刻为数据传输过程中,中心频点和/或信道带宽发生变化的时刻;第一预设时刻的中心频点为第一预设时刻的最小噪声信号强度的中心频点。In some embodiments, the first preset moment is the moment when the central frequency point and/or channel bandwidth changes during data transmission; the center frequency point at the first preset moment is the minimum noise signal strength at the first preset moment center frequency point.
在一些实施例中,第二预设主密钥加密算法为SM3、AES或3DES。In some embodiments, the second preset master key encryption algorithm is SM3, AES or 3DES.
本申请实施例公开的方法中,采用关联时间戳、中心频点和信道带宽,该三个参量根据周围环境干扰情况和信息传输需求的变化随机动态变化,从而产生动态的链路信息加密密钥,实现对数据 信息进行动态加密传输,防止第三方暴力破解、窃取信息,能够提升信息传输的安全性和可靠性。In the method disclosed in the embodiment of this application, the associated time stamp, center frequency point, and channel bandwidth are used. These three parameters change randomly and dynamically according to the surrounding environment interference and information transmission requirements, thereby generating a dynamic link information encryption key. , Realize dynamic encrypted transmission of data information, prevent third-party violent cracking and information theft, and improve the security and reliability of information transmission.
请参阅图13,本申请实施例提供一种宽带认知无线通信设备,该设备包括以下硬件:Referring to FIG. 13 , an embodiment of the present application provides a broadband cognitive wireless communication device, which includes the following hardware:
外置天线1301:连接设备射频输出/输入端口,配置为***接收和发射射频信号。例如在上述图8a和图8b所示实施例的第6.3步和第8步,配置为信号广播或信号接收。External antenna 1301: connected to the RF output/input port of the device, configured to receive and transmit RF signals for the system. For example, in steps 6.3 and 8 of the above embodiment shown in Fig. 8a and Fig. 8b, it is configured as signal broadcasting or signal receiving.
高线性度功放1302:线性范围较大的功放,支持较高的峰均比,例如在上述图8a和图8b所示实施例的第8步,配置为***发射较大传输范围的数据信息。High linearity power amplifier 1302: a power amplifier with a larger linear range, supporting a higher peak-to-average ratio, for example, in step 8 of the embodiment shown in Fig. 8a and Fig. 8b above, it is configured for the system to transmit data information with a larger transmission range.
软件可配置式滑动窗口滤波器1303:也称为软件控制式滑动窗口滤波器,可通过软件命令,配置滤波器频段大小,例如在上述图8a和图8b所示实施例的第1.1步和第2步,配置为各频点滑动,以感知各频点的噪声水平。Software configurable sliding window filter 1303: also known as a software-controlled sliding window filter, the size of the filter frequency band can be configured through software commands, for example, in the first step and the first step of the embodiment shown in Figure 8a and Figure 8b above Step 2, configure to slide each frequency point to perceive the noise level of each frequency point.
收发信机1304:宽带认知无线通信***的接收和发送链路,例如在上述图8a和图8b所示实施例的第1步、第7步和第8步,配置为链路建立、信号发送和接收。Transceiver 1304: the receiving and transmitting link of the broadband cognitive wireless communication system, for example, in the first step, the seventh step and the eighth step of the embodiment shown in Fig. 8a and Fig. 8b above, it is configured as link establishment, signal send and receive.
数字信号处理硬核基带1305:使用专用数字信号处理器的数字基带,例如在上述图8a和图8b所示实施例的第2步和第3步。Digital signal processing hard-core baseband 1305: a digital baseband using a dedicated digital signal processor, such as the second and third steps in the above-mentioned embodiments shown in FIG. 8a and FIG. 8b.
MIPS中央处理器(CPU,Central Processing Unit)1306:MIPS指令集的CPU,体现在上述图8a和图8b所示实施例***运行的每个阶段,每秒处理百万级的机器语言指令数。MIPS central processing unit (CPU, Central Processing Unit) 1306: the CPU of the MIPS instruction set, which is embodied in each stage of the system operation of the embodiment shown in the above-mentioned Fig. 8a and Fig. 8b, and processes millions of machine language instructions per second.
身份认证加密芯片1307:以密钥方式实现鉴权、身份认证和加密的芯片,例如在上述图8a和图8b所示实施例的第1步、第5步和第8步,实现新的连接认证密钥和链路信息加密密钥的生成,以及采用新的密钥对ID和数据信息加密和解密。Identity authentication encryption chip 1307: a chip that implements authentication, identity authentication and encryption in the form of a key, for example, in the first step, the fifth step and the eighth step of the embodiment shown in Figure 8a and Figure 8b above, a new connection is realized Generation of authentication key and link information encryption key, and encryption and decryption of ID and data information with new key.
本申请实施例提供的宽带认知无线通信***,主要由MIPS处理器控制、宽带射频前端、硬核数字信号处理和动态认证加密模块构成,支持工作频谱自适应感知,能够根据感知频谱触发跳频机制,最后可根据参量变化实现动态认证加密。前端采用软件控制式滑动窗口滤波器,可以支持***在较宽的频带工作,采用测试驱动开发(TDD,Test-Driven Development)方式,支持2×2多进多出(MIMO,Multiple-In Multiple-Out)双发双收。除支持典型的双向通信能力外,***还可以支持:The broadband cognitive wireless communication system provided by the embodiment of this application is mainly composed of MIPS processor control, broadband radio frequency front-end, hard-core digital signal processing and dynamic authentication encryption module, supports adaptive sensing of working spectrum, and can trigger frequency hopping according to the sensing spectrum mechanism, and finally realize dynamic authentication and encryption according to parameter changes. The front-end adopts a software-controlled sliding window filter, which can support the system to work in a wide frequency band. It adopts the Test-Driven Development (TDD, Test-Driven Development) method and supports 2×2 Multiple-In Multiple-Output (MIMO, Multiple-In Multiple- Out) double sending and double receiving. In addition to supporting typical two-way communication capabilities, the system can also support:
1)宽带射频信号感知1) Broadband RF signal sensing
MIPS处理器频率感知单元指挥硬核数字信号处理单元,控制前端滑动窗口滤波器,完成对宽带射频信号的快速感知,获得T时刻各频点的噪声强度和可能存在的信号类型,并将各频点的噪声强度和可能存在信号类型输入频率控制单元。The frequency sensing unit of the MIPS processor commands the hard-core digital signal processing unit, controls the front-end sliding window filter, completes the fast sensing of broadband radio frequency signals, obtains the noise intensity and possible signal types of each frequency point at time T, and The noise intensity and possible signal type of the point is input to the frequency control unit.
2)干扰触发跳频2) Interference triggers frequency hopping
MIPS处理器频率控制单元从频率感知单元获得T时刻各频点的噪声强度和可能存在的信号类型,决定并触发***T+1时刻的信道带宽、中心频点,决定是否跳转至新的信道带宽和新的中心频点,并将T+1时刻新的信道带宽和新的频点通过信标加密广播,同时将时间戳、新的信道带宽和中心频点信息输入动态认证加密模块。The MIPS processor frequency control unit obtains the noise intensity and possible signal types of each frequency point at time T from the frequency sensing unit, determines and triggers the channel bandwidth and center frequency point of the system at time T+1, and decides whether to jump to a new channel Bandwidth and new center frequency point, and broadcast the new channel bandwidth and new frequency point at T+1 time through beacon encryption, and at the same time input the time stamp, new channel bandwidth and center frequency point information into the dynamic authentication encryption module.
3)跳频联动动态认证加密模块3) Frequency hopping linkage dynamic authentication encryption module
动态认证加密单元从处理器频率控制单元获得T+1时刻新的信道带宽和中心频点信息,结合节点本身的身份认证加密芯片,决定并触发T+1时刻的连接认证密钥或链路信息加密密钥。The dynamic authentication encryption unit obtains the new channel bandwidth and center frequency point information at T+1 time from the processor frequency control unit, and combines the node's own identity authentication encryption chip to determine and trigger the connection authentication key or link information at T+1 time encryption key.
传统的软件无线电实现方式,采用接收链路感知频谱时会影响当前链路的工作;如果不影响链路接收,则需要一路单独的接收感知频谱。为解决该问题,本申请实施例中的TDD方式下2×2MIMO的双路接收解耦,MIMO方式是两路发射各自发送相应的数据,两路接收可以各自接收两路发射数据,因此解耦两路接收,不会破坏接收链路正常工作,只会降低接收效果。In the traditional implementation of software radio, the use of receiving link sensing spectrum will affect the work of the current link; if it does not affect link reception, a separate receiving sensing spectrum is required. In order to solve this problem, in the embodiment of the present application, the two-way reception of 2×2 MIMO is decoupled in the TDD mode. The MIMO mode is that the two transmission lines send corresponding data, and the two reception lines can receive the two transmission data respectively, so the decoupling Two-way reception will not destroy the normal operation of the receiving link, but will only reduce the receiving effect.
传统的接收信号强度、底噪和派生的信躁比(SNR,SIGNAL-NOISE RATIO)信道表征方式,当目标频段存在若干射频信号,但噪声功率谱密度在频率维度分布不均匀,在时间维度分布不均匀时,接收信号强度、底噪和派生的SNR无法完全表征宽带信道的频域和时域特性,对噪声表征存在偏差。本申请实施例中,将噪声谱密度和频域维度、时间维度关联,结合接收信号强度,底噪和SNR指标的综合指标,能够更好表征目标信道频域、时域特性;基于时间关联的噪声谱密度的信道比较决策触发的时间敏感跳频,能够实时捕捉时变信道的快速变化,提高目标信道的决策准确性,准确追踪时变信道的快速变化,确保跳频后的***性能稳定,增强***运行的稳定性,可靠性。Traditional received signal strength, noise floor and derived signal-to-noise ratio (SNR, SIGNAL-NOISE RATIO) channel characterization method, when there are several radio frequency signals in the target frequency band, but the noise power spectral density is unevenly distributed in the frequency dimension and distributed in the time dimension When it is not uniform, the received signal strength, noise floor and derived SNR cannot fully characterize the frequency domain and time domain characteristics of the wideband channel, and there is a deviation in the noise characterization. In the embodiment of the present application, the noise spectral density is associated with the frequency domain dimension and time dimension, combined with the comprehensive index of received signal strength, noise floor and SNR index, which can better characterize the frequency domain and time domain characteristics of the target channel; based on time correlation The time-sensitive frequency hopping triggered by the channel comparison decision of the noise spectral density can capture the rapid changes of the time-varying channel in real time, improve the decision-making accuracy of the target channel, accurately track the rapid changes of the time-varying channel, and ensure the stable system performance after frequency hopping. Enhance the stability and reliability of system operation.
3GPP和IEEE使用标准的空中接口,其物理层/MAC层参数可知,加密算法采用静态加密算法,理论上存在多种暴力破解的可能。现实上随着异构计算技术的突飞猛进发展,暴力破解需要的时间越来越短,事实上的安全性正在受到威胁。本申请实施例提出的与时间、中心频点、信道带宽,身份认证加密芯片关联的可信鉴权认证加密算法,利用频率感知、时间、中心频点和信道带宽,身份认证加密芯片关联的动态可信鉴权认证加密的方法及其随机动态改变的机制,将时间、频点、信道 带宽作为随机数,结合身份认证加密芯片,输入加密算法产生新的随时间、中心频点、信道带宽动态变化的认证加密密钥,而这些维度是完全随机的值,完全取决于当前的频谱感知和频率决策,即中心频点、信道带宽的随机改变,触发认证和加密密钥的动态改变,而且可能随时出现在不同的频点,随时使用变化不同的信道带宽,第三方甚至无法完全获得跳频图案,几乎无法获得完整的数据帧,实施暴力破解的数据基础不存在,暴力破解失去了用武之地,安全性因此得到保障;同时结合身份认证加密芯片,任意两节点互连时,还可相互认证身份,并支持满足动态认证加密机制。本申请实施例提出的安全认证加密机制,以双重安全手段,能够保障节点安全、连接安全和信息传输安全。3GPP and IEEE use a standard air interface, its physical layer/MAC layer parameters are known, the encryption algorithm adopts a static encryption algorithm, and there are many possibilities of brute force cracking in theory. In fact, with the rapid development of heterogeneous computing technology, the time required for brute force cracking is getting shorter and shorter, and the de facto security is being threatened. The credible authentication and authentication encryption algorithm associated with time, center frequency, channel bandwidth, and identity authentication and encryption chip proposed in the embodiment of this application utilizes the dynamics associated with frequency perception, time, center frequency, and channel bandwidth, and identity authentication and encryption chip The trusted authentication authentication encryption method and its random dynamic change mechanism use time, frequency point, and channel bandwidth as random numbers, combined with identity authentication and encryption chips, and input encryption algorithms to generate new dynamic data with time, center frequency point, and channel bandwidth. Changing authentication and encryption keys, and these dimensions are completely random values, which completely depend on the current spectrum sensing and frequency decision-making, that is, random changes in the center frequency point and channel bandwidth trigger dynamic changes in authentication and encryption keys, and may It appears at different frequency points at any time, and uses different channel bandwidths at any time. The third party cannot even fully obtain the frequency hopping pattern, and almost cannot obtain the complete data frame. The data base for brute force cracking does not exist, and brute force cracking loses its use. , so the security is guaranteed; at the same time, combined with the identity authentication and encryption chip, when any two nodes are interconnected, they can also authenticate each other, and support the dynamic authentication and encryption mechanism. The security authentication and encryption mechanism proposed in the embodiment of this application can guarantee node security, connection security, and information transmission security by means of double security.
综上,宽带认知无线通信的网络安全主要由以下两点保证:1)连接认证密钥保证节点接入网络的可信和安全性;2)链路信息加密密钥确保节点间信息传递的安全性和信息完整性。传统的无线通信***的前端设计采用固定方式的滤波器,***工作频段取决于前端滤波器,因此一般采用固定频段通信方式,无法支持宽带射频信号感知和干扰触发跳频。本申请实施例提出的由MIPS处理器控制、宽带射频前端、硬核数字信号处理和身份认证加密芯片协同的宽带认知无线通信***实现方法,基于共享频谱方式,支持不同频段通信;采用宽带前端,支持宽带射频信号感知;采用抗干扰模式,支持干扰触发跳频,避免干扰;采用TDD方式,支持2×2MIMO双发双收。In summary, the network security of broadband cognitive wireless communication is mainly guaranteed by the following two points: 1) the connection authentication key ensures the credibility and security of nodes accessing the network; 2) the link information encryption key ensures the security of information transmission between nodes integrity and integrity of information. The front-end design of the traditional wireless communication system uses a fixed filter, and the operating frequency band of the system depends on the front-end filter. Therefore, a fixed-band communication method is generally used, which cannot support broadband RF signal sensing and interference-triggered frequency hopping. The implementation method of the broadband cognitive wireless communication system proposed by the embodiment of the application is controlled by a MIPS processor, a broadband radio frequency front-end, hard-core digital signal processing, and an identity authentication encryption chip. , supports broadband radio frequency signal perception; adopts anti-interference mode, supports interference-triggered frequency hopping to avoid interference; adopts TDD mode, supports 2×2 MIMO dual transmission and dual reception.
请参阅图14,本申请实施例提供的一种宽带认知无线通信装置,该装置包括以下软件实现单元:Please refer to FIG. 14 , a broadband cognitive wireless communication device provided in an embodiment of the present application, which includes the following software implementation units:
频谱感知单元1401:能够实现周围环境各中心频点的噪声水平和可能存在的信号类型的快速感知,涉及上述图8a和图8b所示实施例的第1.1步、第2步和第3步实现过程;Spectrum sensing unit 1401: capable of quickly sensing the noise level of each center frequency point in the surrounding environment and the possible signal types, involving the implementation of steps 1.1, 2 and 3 of the embodiment shown in Figure 8a and Figure 8b above process;
频率控制单元1402:设置***工作信道中心频率和信道带宽的软件模块,涉及上述图8a和图8b所示实施例的第3步过程;Frequency control unit 1402: a software module for setting the center frequency and channel bandwidth of the system working channel, involving the third step of the embodiment shown in Figure 8a and Figure 8b above;
频率决策单元1403:根据信道噪声、接收信号强度、信噪比,决定最优中心频率和信道带宽的决策软件模块,涉及上述图8a和图8b所示实施例的第4步过程;Frequency decision-making unit 1403: a decision-making software module that determines the optimal center frequency and channel bandwidth according to channel noise, received signal strength, and signal-to-noise ratio, involving the fourth step of the embodiment shown in Figure 8a and Figure 8b above;
动态认证加密单元1404:触发动态认证加密过程的控制软件模块,涉及上述图8a和图8b所示实施例的第5步过程;Dynamic authentication and encryption unit 1404: a control software module that triggers the dynamic authentication and encryption process, involving the fifth step of the embodiment shown in Figure 8a and Figure 8b above;
数字信号处理单元1405:配置为解码无线空中接口数字信号的处理功能,涉及上述图8a和图8b所示实施例的第2步和第3步过程;Digital signal processing unit 1405: configured as a processing function for decoding wireless air interface digital signals, involving the second and third steps of the above-mentioned embodiments shown in FIG. 8a and FIG. 8b;
***时钟单元1406:***的高精度时钟,涉及上述图8a和图8b所示实施例的第1.1步和第2.1步过程;System clock unit 1406: a high-precision clock of the system, involving the processes of step 1.1 and step 2.1 of the embodiment shown in Fig. 8a and Fig. 8b above;
信标信息单元1407:配置为***对外广播其标识的信息单元,涉及上述图8a和图8b所示实施例的第6.3步过程;Beacon information unit 1407: an information unit configured as an information unit for the system to broadcast its identity externally, involving the process of step 6.3 of the embodiment shown in Figure 8a and Figure 8b above;
通信管理协议栈1408:配置为实现物理层和MAC层的通信协议,涉及上述图8a和图8b所示实施例的第5.2步、第6步和第7步过程;Communication management protocol stack 1408: configured to implement the communication protocols of the physical layer and the MAC layer, involving the processes of steps 5.2, 6 and 7 of the above-mentioned embodiments shown in FIG. 8a and FIG. 8b;
数字信号处理基带模块驱动1409:含数字信号处理单元的硬件模块,涉及上述图8a和图8b所示实施例的2.1步过程。Digital signal processing baseband module driver 1409: a hardware module including a digital signal processing unit, related to the 2.1-step process of the embodiment shown in Fig. 8a and Fig. 8b above.
本申请实施例提出的由MIPS处理器控制、宽带射频前端、硬核数字信号处理和可信鉴权认证加密模块协同的频谱感知触发跳频联动动态可信鉴权认证加密技术的宽带认知无线通信***实现装置,基于共享频谱实现,无需授权频谱,可以满足电力行业长期以来基于非授权频谱、能够稳定可靠运行的高安全性***技术需求。该***采用宽带前端,能够解决802.11***工作频段为2.4GHz/5.8GHz的局限性和非视距宽带传输差的问题;采用干扰触发跳频方式,能够解决非授权频谱***稳定运行抗干扰问题;采用跳频联动的动态可信鉴权认证/加密技术,可消除IEEE和3GPP***静态认证加密方式可能被暴力破解的隐患以及国外芯片、国外加密方式的自主可控性低的缺陷。本申请实施例提出的***装置,立足于电力业务(如基建工程现场)基于共享频谱、支持非视距传输,能够可靠运行,满足电力业务各种应用场景对通信组网的安全性要求,应用前景广阔。本申请实施例采用芯片实现,具有成本低、吞吐高的优势,***支持点对点、点对多点、自组网多种组网模式,可以解决地下电缆隧道、输电线路、地下变电站等无网络或网络覆盖弱的特殊电力业务场景的通信组网难题,打通“最后一公里”数据传输通道。本申请实施例提供的装置同时适用于输变电工程等多种电力业务应用场景,如:“新基建”特高压产业特高压线路索道智能巡检、新基站项目施工和验收、地下变电站、地下管道机器人巡检、地下电缆沟工程、线路工程以及输电线路全天候状态检测等场景。The wideband cognitive wireless technology proposed by the embodiment of this application is controlled by a MIPS processor, a broadband radio frequency front-end, hard-core digital signal processing, and a trusted authentication authentication encryption module. Spectrum sensing triggers frequency hopping linkage dynamic trusted authentication authentication encryption technology The communication system implementation device is implemented based on shared spectrum and does not require licensed spectrum, which can meet the long-term technical requirements of high-security systems that are based on unlicensed spectrum and can operate stably and reliably in the power industry. The system adopts a broadband front-end, which can solve the limitations of the 802.11 system operating frequency band of 2.4GHz/5.8GHz and the problem of poor non-line-of-sight broadband transmission; the use of interference-triggered frequency hopping can solve the problem of anti-interference in the stable operation of unlicensed spectrum systems; The dynamic trusted authentication authentication/encryption technology with frequency hopping linkage can eliminate the hidden danger that the static authentication and encryption methods of IEEE and 3GPP systems may be cracked by violence, and the defects of low independent controllability of foreign chips and foreign encryption methods. The system device proposed in the embodiment of this application is based on the shared frequency spectrum of the power business (such as the infrastructure project site), supports non-line-of-sight transmission, can operate reliably, and meets the security requirements for communication networking in various application scenarios of the power business. Broad prospects. The embodiment of this application is realized by chip, which has the advantages of low cost and high throughput. The system supports multiple networking modes such as point-to-point, point-to-multipoint, and ad hoc network, which can solve the problem of no network or network failure in underground cable tunnels, transmission lines, and underground substations. Communication networking problems in special power business scenarios with weak network coverage, opening up the "last mile" data transmission channel. The device provided by the embodiment of the present application is also applicable to various power business application scenarios such as power transmission and transformation projects, such as: "new infrastructure" UHV industry UHV line cableway intelligent inspection, construction and acceptance of new base station projects, underground substations, underground Scenarios such as pipeline robot inspection, underground cable trench engineering, line engineering, and all-weather status inspection of transmission lines.
下述为本申请提供的宽带认知无线通信装置或***的实施例,可以配置为执行本申请方法实施例。对于装置或***实施例中未纰漏的细节,请参照本申请方法对应实施例。The following are embodiments of the broadband cognitive wireless communication device or system provided in the present application, which may be configured to execute the method embodiments of the present application. For details not omitted in the device or system embodiments, please refer to the corresponding embodiments of the method of the present application.
本申请实施例公开一种动态认证加密***,包括:The embodiment of this application discloses a dynamic authentication and encryption system, including:
连接接入认证模块,配置为基于认证请求,待连接的两个节点分别获取对方经连接认证密钥加密处理后的ID,基于获取的ID进行连接接入认证;其中,所述连接认证密钥的获取步骤包括:获取认证请求发出时刻的三个参数:时间戳、中心频点和预设信道带宽,采用第一预设主密钥加密算法对获取的三个参数进行加密运算,获得连接认证密钥;The connection access authentication module is configured to be based on the authentication request, and the two nodes to be connected respectively obtain the ID of the other party after being encrypted by the connection authentication key, and perform connection access authentication based on the obtained ID; wherein, the connection authentication key The obtaining steps include: obtaining the three parameters at the time when the authentication request is issued: time stamp, center frequency point and preset channel bandwidth, using the first preset master key encryption algorithm to encrypt the obtained three parameters, and obtaining the connection authentication key;
加密数据信息传输模块,配置为获取连接接入认证结果,当连接接入认证结果为成功通过时,将加密处理后的待传输数据信息,在完成连接接入认证的两个节点间传输。The encrypted data information transmission module is configured to obtain the connection access authentication result. When the connection access authentication result is successfully passed, the encrypted data information to be transmitted is transmitted between the two nodes that have completed the connection access authentication.
本申请实施例公开一种动态认证加密***,包括:The embodiment of this application discloses a dynamic authentication and encryption system, including:
连接接入认证模块,配置为基于认证请求,待连接的两个节点进行连接接入认证;The connection access authentication module is configured to perform connection access authentication for the two nodes to be connected based on the authentication request;
加密数据信息传输模块,配置为获取连接接入认证结果,当连接接入认证结果为成功通过时,将采用链路信息加密密钥加密处理后的待传输数据信息,在完成连接接入认证的两个节点间传输;其中,所述链路信息加密密钥的获取步骤包括:获取第一预设时刻的三个参数:时间戳、中心频点和信道带宽,信道带宽根据待传输数据信息的数据带宽确定;采用第二预设主密钥加密算法对获取的三个参数进行加密运算,获得链路信息加密密钥。The encrypted data information transmission module is configured to obtain the connection access authentication result. When the connection access authentication result is successfully passed, the data information to be transmitted will be encrypted with the link information encryption key. After the connection access authentication is completed Transmission between two nodes; wherein, the step of obtaining the link information encryption key includes: obtaining three parameters at the first preset moment: time stamp, center frequency point and channel bandwidth, and the channel bandwidth is based on the data information to be transmitted The data bandwidth is determined; the second preset master key encryption algorithm is used to encrypt the obtained three parameters to obtain the link information encryption key.
本申请实施例公开一种动态认证加密***,包括:The embodiment of this application discloses a dynamic authentication and encryption system, including:
连接接入认证模块,配置为基于认证请求,待连接的两个节点分别获取对方经连接认证密钥加密处理后的ID,基于获取的ID进行连接接入认证;其中,所述连接认证密钥的获取步骤包括:获取认证请求发出时刻的三个参数:时间戳、中心频点和预设信道带宽,采用第一预设主密钥加密算法对获取的三个参数进行加密运算,获得连接认证密钥;The connection access authentication module is configured to be based on the authentication request, and the two nodes to be connected respectively obtain the ID of the other party after being encrypted by the connection authentication key, and perform connection access authentication based on the obtained ID; wherein, the connection authentication key The obtaining steps include: obtaining the three parameters at the time when the authentication request is issued: time stamp, center frequency point and preset channel bandwidth, using the first preset master key encryption algorithm to encrypt the obtained three parameters, and obtaining the connection authentication key;
加密数据信息传输模块,配置为获取连接接入认证结果,当连接接入认证结果为成功通过时,将采用链路信息加密密钥加密处理后的待传输数据信息,在完成连接接入认证的两个节点间传输;其中,所述链路信息加密密钥的获取步骤包括:获取第一预设时刻的三个参数:时间戳、中心频点和信道带宽,信道带宽根据待传输数据信息的数据带宽确定;采用第二预设主密钥加密算法对获取的三个参数进行加密运算,获得链路信息加密密钥。The encrypted data information transmission module is configured to obtain the connection access authentication result. When the connection access authentication result is successfully passed, the data information to be transmitted will be encrypted with the link information encryption key. After the connection access authentication is completed Transmission between two nodes; wherein, the step of obtaining the link information encryption key includes: obtaining three parameters at the first preset moment: time stamp, center frequency point and channel bandwidth, and the channel bandwidth is based on the data information to be transmitted The data bandwidth is determined; the second preset master key encryption algorithm is used to encrypt the obtained three parameters to obtain the link information encryption key.
本申请实施例提供一种宽带认知无线通信***,包括:An embodiment of the present application provides a broadband cognitive wireless communication system, including:
第一发送模块,配置为向认证接收节点发出认证请求,向认证接收节点输出经连接认证密钥加密处理后的认证发起节点ID;The first sending module is configured to send an authentication request to the authentication receiving node, and output to the authentication receiving node the ID of the initiating node encrypted by the connection authentication key;
认证结果获取模块,配置为获取认证接收节点经连接认证密钥加密处理后的认证接收节点ID,解析认证接收节点ID,获得认证接收节点认证结果;The authentication result acquisition module is configured to obtain the authentication receiving node ID after the authentication receiving node is encrypted by the connection authentication key, parse the authentication receiving node ID, and obtain the authentication receiving node authentication result;
第二发送模块,配置为根据成功通过的认证接收节点认证结果和获取的成功通过的认证发起节点认证结果,与认证接收节点交互加密处理后的待传输数据信息;其中,所述连接认证密钥由第一预设主密钥加密算法对认证请求发出时刻的时间戳、中心频点和预设信道带宽进行加密运算获得。The second sending module is configured to exchange encrypted data information to be transmitted with the authentication receiving node according to the authentication result of the successfully passed authentication receiving node and the obtained authentication result of the successfully passing authentication initiating node; wherein, the connection authentication key It is obtained by encrypting the time stamp at the moment when the authentication request is issued, the center frequency point, and the preset channel bandwidth by the first preset master key encryption algorithm.
本申请实施例提供一种宽带认知无线通信***,包括:An embodiment of the present application provides a broadband cognitive wireless communication system, including:
第一发送模块,配置为向认证接收节点发出认证请求,向认证接收节点输出加密处理后的认证发起节点ID;The first sending module is configured to send an authentication request to the authentication receiving node, and output the encrypted authentication initiation node ID to the authentication receiving node;
认证结果获取模块,配置为获取认证接收节点加密处理后的认证接收节点ID,解析认证接收节点ID,获得认证接收节点认证结果;The authentication result obtaining module is configured to obtain the authentication receiving node ID encrypted by the authentication receiving node, parse the authentication receiving node ID, and obtain the authentication result of the authentication receiving node;
第二发送模块,配置为根据成功通过的认证接收节点认证结果和获取的成功通过的认证发起节点认证结果,与认证接收节点交互经链路信息加密密钥加密处理后的待传输数据信息;其中,所述链路信息加密密钥由第二预设主密钥加密算法对第一预设时刻的时间戳、中心频点和信道带宽进行加密运算获得。The second sending module is configured to exchange with the authentication receiving node the data information to be transmitted after being encrypted by the link information encryption key according to the authentication result of the successfully passed authentication receiving node and the obtained authentication result of the successfully passing authentication initiating node; wherein , the link information encryption key is obtained by encrypting the time stamp, center frequency point, and channel bandwidth at the first preset moment with a second preset master key encryption algorithm.
本申请实施例提供一种宽带认知无线通信***,包括:An embodiment of the present application provides a broadband cognitive wireless communication system, including:
认证请求获取模块,配置为获取认证发起节点的认证请求;An authentication request acquisition module configured to acquire an authentication request from an authentication initiating node;
第一输出模块,配置为输出经连接认证密钥加密处理后的认证接收节点ID;The first output module is configured to output the authentication receiving node ID encrypted by the connection authentication key;
认证结果获取模块,配置为获取认证发起节点经连接认证密钥加密处理后的认证发起节点ID,解析认证发起节点ID,获得认证发起节点认证结果;The authentication result obtaining module is configured to obtain the authentication initiation node ID encrypted by the connection authentication key, parse the authentication initiation node ID, and obtain the authentication initiation node authentication result;
第二输出模块,配置为根据成功通过的认证发起节点认证结果和获取的成功通过的认证接收节点认证结果,与认证发起节点交互加密处理后的待传输数据信息;其中,所述连接认证密钥由第一预设主密钥加密算法对认证请求发出时刻的时间戳、中心频点和预设信道带宽进行加密运算获得。The second output module is configured to exchange encrypted data information to be transmitted with the authentication initiating node according to the authentication result of the successfully passed authentication initiating node and the obtained authentication result of the successfully passing authentication receiving node; wherein, the connection authentication key It is obtained by encrypting the time stamp at the moment when the authentication request is issued, the center frequency point, and the preset channel bandwidth by the first preset master key encryption algorithm.
本申请实施例提供一种宽带认知无线通信***,包括:An embodiment of the present application provides a broadband cognitive wireless communication system, including:
认证请求获取模块,配置为获取认证发起节点的认证请求;An authentication request acquisition module configured to acquire an authentication request from an authentication initiating node;
第一输出模块,配置为输出加密处理后的认证接收节点ID;The first output module is configured to output the encrypted authentication receiving node ID;
认证结果获取模块,配置为获取认证发起节点加密处理后的认证发起节点ID,解析认证发起节点ID,获得认证发起节点认证结果;The authentication result obtaining module is configured to obtain the authentication initiation node ID encrypted by the authentication initiation node, parse the authentication initiation node ID, and obtain the authentication initiation node authentication result;
第二输出模块,配置为根据成功通过的认证发起节点认证结果和获取的成功通过的认证接收节点认证结果,与认证发起节点交互经链路信息加密密钥加密处理后的待传输数据信息;其中,所述链路信息加密密钥由第二预设主密钥加密算法对第一预设时刻的时间戳、中心频点和信道带宽进行加密运算获得。The second output module is configured to interact with the authentication initiating node according to the authentication result of the successfully passed authentication initiating node and the acquired authentication result of the successfully passing authentication receiving node, which is encrypted by the link information encryption key; wherein , the link information encryption key is obtained by encrypting the time stamp, center frequency point, and channel bandwidth at the first preset moment with a second preset master key encryption algorithm.
本领域内的技术人员应明白,本申请的实施例可提供为方法、***、设备、计算机可读存储介质或计算机程序产品。因此,本申请可采用完全硬件实施例、完全软件实施例、或结合软件和硬件方面的实施例的形式。而且,本申请可采用在一个或多个其中包含有计算机可用程序代码的计算机可用存储介质(包括但不限于磁盘存储器、CD-ROM、光学存储器等)上实施的计算机程序产品的形式。Those skilled in the art should understand that the embodiments of the present application may be provided as methods, systems, devices, computer-readable storage media or computer program products. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) having computer-usable program code embodied therein.
本申请是参照根据本申请实施例的方法、设备(***)、和计算机程序产品的流程图和/或方框图来描述的。应理解可由计算机程序指令实现流程图和/或方框图中的每一流程和/或方框、以及流程图和/或方框图中的流程和/或方框的结合。可提供这些计算机程序指令到通用计算机、专用计算机、嵌入式处理机或其他可编程数据处理设备的处理器以产生一个机器,使得通过计算机或其他可编程数据处理设备的处理器执行的指令产生配置为实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的装置。The present application is described with reference to flowcharts and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the present application. It should be understood that each procedure and/or block in the flowchart and/or block diagram, and a combination of procedures and/or blocks in the flowchart and/or block diagram can be realized by computer program instructions. These computer program instructions may be provided to a general purpose computer, special purpose computer, embedded processor, or processor of other programmable data processing equipment to produce a machine such that instructions executed by the processor of the computer or other programmable data processing equipment produce configurations Means for realizing the functions specified in one or more procedures of the flowchart and/or one or more blocks of the block diagram.
这些计算机程序指令也可存储在能引导计算机或其他可编程数据处理设备以特定方式工作的计算机可读存储器中,使得存储在该计算机可读存储器中的指令产生包括指令装置的制造品,该指令装置实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能。These computer program instructions may also be stored in a computer-readable memory capable of directing a computer or other programmable data processing apparatus to operate in a specific manner, such that the instructions stored in the computer-readable memory produce an article of manufacture comprising instruction means, the instructions The device realizes the function specified in one or more procedures of the flowchart and/or one or more blocks of the block diagram.
这些计算机程序指令也可装载到计算机或其他可编程数据处理设备上,使得在计算机或其他可编程设备上执行一系列操作步骤以产生计算机实现的处理,从而在计算机或其他可编程设备上执行的指令提供配置为实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的步骤。These computer program instructions can also be loaded onto a computer or other programmable data processing device, causing a series of operational steps to be performed on the computer or other programmable device to produce a computer-implemented process, thereby The instructions provide steps configured to implement the functions specified in the flow diagram procedure or procedures and/or block diagram procedures or blocks.
最后应当说明的是:以上实施例仅用以说明本申请的技术方案而非对其限制,尽管参照上述实施例对本申请进行了详细的说明,所属领域的普通技术人员应当理解:依然可以对本申请的具体实施方式进行修改或者等同替换,而未脱离本申请精神和范围的任何修改或者等同替换,其均应涵盖在本申请的权利要求保护范围之内。Finally, it should be noted that: the above embodiments are only used to illustrate the technical solutions of the present application and not to limit them. Although the present application has been described in detail with reference to the above embodiments, those of ordinary skill in the art should understand that: the present application can still be Any modification or equivalent replacement that does not depart from the spirit and scope of the present application shall fall within the protection scope of the claims of the present application.
工业实用性Industrial Applicability
本申请公开了一种宽带认知无线通信方法、***、设备及计算机可读存储介质,所述方法包括:基于认证请求,待连接的两个节点分别获取对方经连接认证密钥加密处理后的ID,基于获取的ID进行连接接入认证;其中,所述连接认证密钥的获取步骤包括:获取认证请求发出时刻的三个参数:时间戳、中心频点和预设信道带宽,采用第一预设主密钥加密算法对获取的三个参数进行加密运算,获得连接认证密钥;获取连接接入认证结果,当连接接入认证结果为成功通过时,在完成连接接入认证的两个节点间传输加密处理后的待传输数据信息。本申请公开的方法以动态加密安全手段,可保障节点安全、连接安全和信息传输安全中的一种或多种。The present application discloses a broadband cognitive wireless communication method, system, device, and computer-readable storage medium. The method includes: based on the authentication request, the two nodes to be connected respectively obtain the other party's encrypted connection authentication key. ID, performing connection access authentication based on the obtained ID; wherein, the step of obtaining the connection authentication key includes: obtaining three parameters at the time when the authentication request is issued: time stamp, center frequency point and preset channel bandwidth, using the first The preset master key encryption algorithm encrypts the obtained three parameters to obtain the connection authentication key; obtains the connection access authentication result. When the connection access authentication result is passed successfully, the two The encrypted data information to be transmitted is transmitted between nodes. The method disclosed in this application can guarantee one or more of node security, connection security, and information transmission security by means of dynamic encryption security.

Claims (43)

  1. 一种宽带认知无线通信方法,包括:A broadband cognitive wireless communication method, comprising:
    认证发起节点发出认证请求;输出经连接认证密钥加密处理后的认证发起节点ID;获取经连接认证密钥加密处理后的认证接收节点ID,解析加密处理后的认证接收节点ID获得认证接收节点认证结果;The authentication initiating node sends an authentication request; outputs the authentication initiating node ID encrypted by the connection authentication key; obtains the authentication receiving node ID encrypted by the connection authentication key, parses the encrypted authentication receiving node ID to obtain the authentication receiving node Certification results;
    认证接收节点接收认证请求;输出经连接认证密钥加密处理后的认证接收节点ID;获取经连接认证密钥加密处理后的认证发起节点ID,解析加密处理后的认证发起节点ID获得认证发起节点认证结果;The authentication receiving node receives the authentication request; outputs the authentication receiving node ID encrypted by the connection authentication key; obtains the authentication initiating node ID encrypted by the connection authentication key, parses the encrypted authentication initiating node ID to obtain the authentication initiating node Certification results;
    判断认证接收节点认证结果和认证发起节点认证结果均为成功通过时,认证发起节点和认证接收节点交互加密处理后的待传输数据信息;When it is judged that both the authentication result of the authentication receiving node and the authentication result of the authentication initiating node are successfully passed, the data information to be transmitted after the authentication initiating node and the authentication receiving node are interactively encrypted;
    其中,所述连接认证密钥由第一预设主密钥加密算法对认证请求发出时刻的时间戳、中心频点和预设信道带宽进行加密运算获得。Wherein, the connection authentication key is obtained by encrypting the time stamp at the moment when the authentication request is issued, the central frequency point, and the preset channel bandwidth by the first preset master key encryption algorithm.
  2. 根据权利要求1所述的方法,所述认证请求发出时刻的中心频点为认证请求发出时刻的最小噪声信号强度的中心频点。According to the method according to claim 1, the center frequency point at the time when the authentication request is sent is the center frequency point with the minimum noise signal strength at the time when the authentication request is sent out.
  3. 根据权利要求1所述的方法,所述解析加密处理后的认证接收节点ID获得认证接收节点认证结果,包括:The method according to claim 1, said analyzing the encrypted authentication receiving node ID to obtain the authentication receiving node authentication result, comprising:
    基于所述连接认证密钥解密所述加密处理后的认证接收节点ID,获得原始认证接收节点ID;将所述原始认证接收节点ID与预设ID序列号进行对比,对比成功则认证成功通过,对比失败则认证未成功通过;Decrypting the encrypted authentication receiving node ID based on the connection authentication key to obtain the original authentication receiving node ID; comparing the original authentication receiving node ID with the preset ID serial number, if the comparison is successful, the authentication is successfully passed, If the comparison fails, the authentication fails;
    所述解析加密处理后的认证发起节点ID获得认证发起节点认证结果,包括:Said analyzing the encrypted authentication initiation node ID to obtain the authentication initiation node authentication result includes:
    基于所述连接认证密钥解密所述加密处理后的认证发起节点ID,获得原始认证发起节点ID;将所述原始认证发起节点ID与预设ID序列号进行对比,对比成功则认证成功通过,对比失败则认证未成功通过。Deciphering the encrypted authentication initiating node ID based on the connection authentication key to obtain the original authentication initiating node ID; comparing the original authentication initiating node ID with a preset ID serial number, if the comparison is successful, the authentication is successfully passed, If the comparison fails, the authentication fails.
  4. 根据权利要求1所述的方法,所述加密处理后的待传输数据信息是由链路信息加密密钥对待传输数据信息进行加密处理获得;The method according to claim 1, wherein the encrypted data information to be transmitted is obtained by encrypting the data information to be transmitted with a link information encryption key;
    所述链路信息加密密钥由第二预设主密钥加密算法对第一预设时刻的时间戳、中心频点和信道带宽进行加密运算获得。The link information encryption key is obtained by encrypting the time stamp, center frequency point and channel bandwidth at the first preset moment with a second preset master key encryption algorithm.
  5. 根据权利要求4所述的方法,所述第一预设时刻为数据传输过程中,中心频点和/或信道带宽发生变化的时刻;The method according to claim 4, the first preset moment is the moment when the central frequency point and/or channel bandwidth changes during the data transmission process;
    所述第一预设时刻的中心频点为第一预设时刻的最小噪声信号强度的中心频点。The center frequency point at the first preset moment is the center frequency point of the minimum noise signal strength at the first preset moment.
  6. 根据权利要求4所述的方法,所述第一预设主密钥加密算法为SM3、AES或3DES;所述第二预设主密钥加密算法为SM3、AES或3DES。The method according to claim 4, wherein the first preset master key encryption algorithm is SM3, AES or 3DES; the second preset master key encryption algorithm is SM3, AES or 3DES.
  7. 一种宽带认知无线通信方法,包括:A broadband cognitive wireless communication method, comprising:
    认证发起节点发出认证请求;输出加密处理后的认证发起节点ID;获取加密处理后的认证接收节点ID,解析加密处理后的认证接收节点ID获得认证接收节点认证结果;The authentication initiating node sends an authentication request; the encrypted authentication initiating node ID is output; the encrypted authentication receiving node ID is obtained, and the encrypted authentication receiving node ID is parsed to obtain the authentication receiving node authentication result;
    认证接收节点接收认证请求;输出加密处理后的认证接收节点ID;获取加密处理后的认证发起节点ID,解析加密处理后的认证发起节点ID获得认证发起节点认证结果;The authentication receiving node receives the authentication request; outputs the encrypted authentication receiving node ID; obtains the encrypted authentication initiating node ID, parses the encrypted authentication initiating node ID to obtain the authentication initiating node authentication result;
    判断认证接收节点认证结果和认证发起节点认证结果均为成功通过时,认证发起节点和认证接收节点交互经链路信息加密密钥加密处理后的待传输数据信息;When it is judged that both the authentication result of the authentication receiving node and the authentication result of the authentication initiating node are successfully passed, the authentication initiating node and the authentication receiving node exchange the data information to be transmitted after being encrypted by the link information encryption key;
    其中,所述链路信息加密密钥由第二预设主密钥加密算法对第一预设时刻的时间戳、中心频点和信道带宽进行加密运算获得。Wherein, the link information encryption key is obtained by encrypting the time stamp, center frequency point, and channel bandwidth at the first preset moment with a second preset master key encryption algorithm.
  8. 根据权利要求7所述的方法,所述第一预设时刻为数据传输过程中,中心频点和/或信道带宽发生变化的时刻;所述第一预设时刻的中心频点为第一预设时刻的最小噪声信号强度的中心频点。According to the method according to claim 7, the first preset moment is the moment when the center frequency point and/or channel bandwidth changes during data transmission; the center frequency point at the first preset moment is the first preset moment Set the center frequency point of the minimum noise signal strength at the moment.
  9. 根据权利要求7所述的方法,所述第二预设主密钥加密算法为SM3、AES或3DES。The method according to claim 7, the second preset master key encryption algorithm is SM3, AES or 3DES.
  10. 一种宽带认知无线通信方法,包括:A broadband cognitive wireless communication method, comprising:
    向认证接收节点发出认证请求,向认证接收节点输出经连接认证密钥加密处理后的认证发起节点ID;Send an authentication request to the authentication receiving node, and output the authentication initiation node ID encrypted by the connection authentication key to the authentication receiving node;
    获取认证接收节点经连接认证密钥加密处理后的认证接收节点ID,解析认证接收节点ID,获得 认证接收节点认证结果;Obtain the authentication receiving node ID after the authentication receiving node is encrypted with the connection authentication key, analyze the authentication receiving node ID, and obtain the authentication result of the authentication receiving node;
    根据成功通过的认证接收节点认证结果和获取的成功通过的认证发起节点认证结果,与认证接收节点交互加密处理后的待传输数据信息;According to the authentication result of the successfully passed authentication receiving node and the obtained authentication result of the successfully passed authentication initiating node, the encrypted data information to be transmitted is exchanged with the authentication receiving node;
    其中,所述连接认证密钥由第一预设主密钥加密算法对认证请求发出时刻的时间戳、中心频点和预设信道带宽进行加密运算获得。Wherein, the connection authentication key is obtained by encrypting the time stamp at the moment when the authentication request is issued, the central frequency point, and the preset channel bandwidth by the first preset master key encryption algorithm.
  11. 根据权利要求10所述的方法,所述认证请求发出时刻的中心频点为认证请求发出时刻的最小噪声信号强度的中心频点。According to the method according to claim 10, the center frequency point at the time when the authentication request is sent is the center frequency point of the minimum noise signal strength at the time when the authentication request is sent out.
  12. 根据权利要求10所述的方法,所述解析认证接收节点ID,获得认证接收节点认证结果,包括:基于所述连接认证密钥解密所述加密处理后的认证接收节点ID,获得原始认证接收节点ID;将所述原始认证接收节点ID与预设ID序列号进行对比,对比成功则认证成功通过,对比失败则认证未成功通过。The method according to claim 10, wherein said parsing the authentication receiving node ID to obtain the authentication result of the authentication receiving node comprises: decrypting the encrypted authentication receiving node ID based on the connection authentication key to obtain the original authentication receiving node ID: comparing the ID of the original authentication receiving node with the preset ID serial number, if the comparison is successful, the authentication is passed successfully; if the comparison fails, the authentication is not passed successfully.
  13. 根据权利要求10所述的方法,所述第一预设主密钥加密算法为SM3、AES或3DES。The method according to claim 10, the first preset master key encryption algorithm is SM3, AES or 3DES.
  14. 一种宽带认知无线通信方法,包括:A broadband cognitive wireless communication method, comprising:
    向认证接收节点发出认证请求,向认证接收节点输出加密处理后的认证发起节点ID;Send an authentication request to the authentication receiving node, and output the encrypted authentication initiation node ID to the authentication receiving node;
    获取认证接收节点加密处理后的认证接收节点ID,解析认证接收节点ID,获得认证接收节点认证结果;Obtaining the authentication receiving node ID encrypted by the authentication receiving node, parsing the authentication receiving node ID, and obtaining the authentication result of the authentication receiving node;
    根据成功通过的认证接收节点认证结果和获取的成功通过的认证发起节点认证结果,与认证接收节点交互经链路信息加密密钥加密处理后的待传输数据信息;According to the authentication result of the successfully passed authentication receiving node and the obtained authentication result of the successfully passed authentication initiating node, exchange the data information to be transmitted encrypted by the link information encryption key with the authentication receiving node;
    其中,所述链路信息加密密钥由第二预设主密钥加密算法对第一预设时刻的时间戳、中心频点和信道带宽进行加密运算获得。Wherein, the link information encryption key is obtained by encrypting the time stamp, center frequency point, and channel bandwidth at the first preset moment with a second preset master key encryption algorithm.
  15. 根据权利要求14所述的方法,所述第一预设时刻为数据传输过程中,中心频点和/或信道带宽发生变化的时刻;所述第一预设时刻的中心频点为第一预设时刻的最小噪声信号强度的中心频点。The method according to claim 14, the first preset moment is the moment when the center frequency point and/or channel bandwidth changes during data transmission; the center frequency point at the first preset moment is the first preset moment Set the center frequency point of the minimum noise signal strength at the moment.
  16. 根据权利要求14所述的方法,所述第二预设主密钥加密算法为SM3、AES或3DES。The method according to claim 14, the second preset master key encryption algorithm is SM3, AES or 3DES.
  17. 根据权利要求14所述的方法,所述解析认证接收节点ID,获得认证接收节点认证结果,包括:解密所述加密处理后的认证接收节点ID,获得原始认证接收节点ID;将所述原始认证接收节点ID与预设ID序列号进行对比,对比成功则认证成功通过,对比失败则认证未成功通过。The method according to claim 14, said parsing the authentication receiving node ID to obtain the authentication result of the authentication receiving node includes: decrypting the encrypted authentication receiving node ID to obtain the original authentication receiving node ID; The receiving node ID is compared with the preset ID serial number. If the comparison is successful, the authentication is passed successfully, and if the comparison fails, the authentication is not passed successfully.
  18. 一种宽带认知无线通信方法,包括:A broadband cognitive wireless communication method, comprising:
    获取认证发起节点的认证请求;Obtain the authentication request of the authentication initiating node;
    输出经连接认证密钥加密处理后的认证接收节点ID;Output the authentication receiving node ID encrypted by the connection authentication key;
    获取认证发起节点经连接认证密钥加密处理后的认证发起节点ID,解析认证发起节点ID,获得认证发起节点认证结果;Obtain the authentication initiation node ID encrypted by the connection authentication key, analyze the authentication initiation node ID, and obtain the authentication initiation node authentication result;
    根据成功通过的认证发起节点认证结果和获取的成功通过的认证接收节点认证结果,与认证发起节点交互加密处理后的待传输数据信息;According to the authentication result of the successfully passed authentication initiating node and the obtained authentication result of the successfully passing authentication receiving node, the encrypted data information to be transmitted is exchanged with the authentication initiating node;
    其中,所述连接认证密钥由第一预设主密钥加密算法对认证请求发出时刻的时间戳、中心频点和预设信道带宽进行加密运算获得。Wherein, the connection authentication key is obtained by encrypting the time stamp at the moment when the authentication request is issued, the central frequency point, and the preset channel bandwidth by the first preset master key encryption algorithm.
  19. 根据权利要求18所述的方法,所述解析认证发起节点ID,获得认证发起节点认证结果,包括:基于所述连接认证密钥解密所述加密处理后的认证发起节点ID,获得原始认证发起节点ID;将所述原始认证发起节点ID与预设ID序列号进行对比,对比成功则认证成功通过,对比失败则认证未成功通过。The method according to claim 18, said parsing the ID of the authentication initiating node to obtain the authentication result of the authentication initiating node comprises: decrypting the encrypted authentication initiating node ID based on the connection authentication key to obtain the original authentication initiating node ID: comparing the ID of the original authentication initiating node with the preset ID serial number, if the comparison is successful, the authentication is passed successfully; if the comparison fails, the authentication is not passed successfully.
  20. 根据权利要求18所述的方法,所述认证请求发出时刻的中心频点为认证请求发出时刻的最小噪声信号强度的中心频点。According to the method according to claim 18, the center frequency point at the time when the authentication request is sent is the center frequency point of the minimum noise signal strength at the time when the authentication request is sent out.
  21. 根据权利要求18所述的方法,所述第一预设主密钥加密算法为SM3、AES或3DES。The method according to claim 18, the first preset master key encryption algorithm is SM3, AES or 3DES.
  22. 一种宽带认知无线通信方法,包括:A broadband cognitive wireless communication method, comprising:
    获取认证发起节点的认证请求;Obtain the authentication request of the authentication initiating node;
    输出加密处理后的认证接收节点ID;Output encrypted authentication receiving node ID;
    获取认证发起节点加密处理后的认证发起节点ID,解析认证发起节点ID,获得认证发起节点认证结果;Obtain the authentication initiation node ID encrypted by the authentication initiation node, parse the authentication initiation node ID, and obtain the authentication initiation node authentication result;
    根据成功通过的认证发起节点认证结果和获取的成功通过的认证接收节点认证结果,与认证发起节点交互经链路信息加密密钥加密处理后的待传输数据信息;According to the authentication result of the successfully passed authentication initiating node and the obtained authentication result of the successfully passed authentication receiving node, exchange the data information to be transmitted encrypted by the link information encryption key with the authentication initiating node;
    其中,所述链路信息加密密钥由第二预设主密钥加密算法对第一预设时刻的时间戳、中心频点 和信道带宽进行加密运算获得。Wherein, the link information encryption key is obtained by encrypting the time stamp, center frequency point, and channel bandwidth at the first preset moment with the second preset master key encryption algorithm.
  23. 根据权利要求22所述的方法,所述解析认证发起节点ID,获得认证发起节点认证结果,包括:解密所述加密处理后的认证发起节点ID,获得原始认证发起节点ID;将所述原始认证发起节点ID与预设ID序列号进行对比,对比成功则认证成功通过,对比失败则认证未成功通过。According to the method according to claim 22, said parsing the authentication initiation node ID to obtain the authentication initiation node authentication result comprises: decrypting the encrypted authentication initiation node ID to obtain the original authentication initiation node ID; The initiating node ID is compared with the preset ID serial number. If the comparison is successful, the authentication is successful, and if the comparison fails, the authentication is not successful.
  24. 根据权利要求22所述的方法,所述第一预设时刻为数据传输过程中,中心频点和/或信道带宽发生变化的时刻;所述第一预设时刻的中心频点为第一预设时刻的最小噪声信号强度的中心频点。According to the method according to claim 22, the first preset moment is the moment when the center frequency point and/or the channel bandwidth changes during data transmission; the center frequency point at the first preset moment is the first preset moment Set the center frequency point of the minimum noise signal strength at the moment.
  25. 根据权利要求22所述的方法,所述第二预设主密钥加密算法为SM3、AES或3DES。The method according to claim 22, the second preset master key encryption algorithm is SM3, AES or 3DES.
  26. 一种宽带认知无线通信***,包括:A broadband cognitive wireless communication system, comprising:
    第一发送模块,配置为向认证接收节点发出认证请求,向认证接收节点输出经连接认证密钥加密处理后的认证发起节点ID;The first sending module is configured to send an authentication request to the authentication receiving node, and output to the authentication receiving node the ID of the initiating node encrypted by the connection authentication key;
    认证结果获取模块,配置为获取认证接收节点经连接认证密钥加密处理后的认证接收节点ID,解析认证接收节点ID,获得认证接收节点认证结果;The authentication result acquisition module is configured to obtain the authentication receiving node ID after the authentication receiving node is encrypted by the connection authentication key, parse the authentication receiving node ID, and obtain the authentication receiving node authentication result;
    第二发送模块,配置为根据成功通过的认证接收节点认证结果和获取的成功通过的认证发起节点认证结果,与认证接收节点交互加密处理后的待传输数据信息;The second sending module is configured to exchange encrypted data information to be transmitted with the authentication receiving node according to the authentication result of the successfully passed authentication receiving node and the obtained authentication result of the successfully passing authentication initiating node;
    其中,所述连接认证密钥由第一预设主密钥加密算法对认证请求发出时刻的时间戳、中心频点和预设信道带宽进行加密运算获得。Wherein, the connection authentication key is obtained by encrypting the time stamp at the moment when the authentication request is issued, the central frequency point, and the preset channel bandwidth by the first preset master key encryption algorithm.
  27. 根据权利要求26所述的***,所述认证请求发出时刻的中心频点为认证请求发出时刻的最小噪声信号强度的中心频点。According to the system according to claim 26, the center frequency point at the time when the authentication request is sent is the center frequency point with the minimum noise signal strength at the time when the authentication request is sent out.
  28. 根据权利要求26所述的***,所述认证结果获取模块,还配置为:基于所述连接认证密钥解密所述加密处理后的认证接收节点ID,获得原始认证接收节点ID;将所述原始认证接收节点ID与预设ID序列号进行对比,对比成功则认证成功通过,对比失败则认证未成功通过。According to the system according to claim 26, the authentication result acquisition module is further configured to: decrypt the encrypted authentication receiving node ID based on the connection authentication key to obtain the original authentication receiving node ID; The authentication receiving node ID is compared with the preset ID serial number. If the comparison is successful, the authentication is passed successfully, and if the comparison fails, the authentication is not passed successfully.
  29. 根据权利要求26所述的***,所述第一预设主密钥加密算法为SM3、AES或3DES。The system according to claim 26, the first preset master key encryption algorithm is SM3, AES or 3DES.
  30. 一种宽带认知无线通信***,包括:A broadband cognitive wireless communication system, comprising:
    第一发送模块,配置为向认证接收节点发出认证请求,向认证接收节点输出加密处理后的认证发起节点ID;The first sending module is configured to send an authentication request to the authentication receiving node, and output the encrypted authentication initiation node ID to the authentication receiving node;
    认证结果获取模块,配置为获取认证接收节点加密处理后的认证接收节点ID,解析认证接收节点ID,获得认证接收节点认证结果;The authentication result obtaining module is configured to obtain the authentication receiving node ID encrypted by the authentication receiving node, parse the authentication receiving node ID, and obtain the authentication result of the authentication receiving node;
    第二发送模块,配置为根据成功通过的认证接收节点认证结果和获取的成功通过的认证发起节点认证结果,与认证接收节点交互经链路信息加密密钥加密处理后的待传输数据信息;The second sending module is configured to exchange with the authentication receiving node the data information to be transmitted encrypted by the link information encryption key according to the authentication result of the successfully passed authentication receiving node and the obtained authentication result of the successfully passed authentication initiating node;
    其中,所述链路信息加密密钥由第二预设主密钥加密算法对第一预设时刻的时间戳、中心频点和信道带宽进行加密运算获得。Wherein, the link information encryption key is obtained by encrypting the time stamp, center frequency point, and channel bandwidth at the first preset moment with a second preset master key encryption algorithm.
  31. 根据权利要求30所述的***,所述第一预设时刻为数据传输过程中,中心频点和/或信道带宽发生变化的时刻;所述第一预设时刻的中心频点为第一预设时刻的最小噪声信号强度的中心频点。According to the system according to claim 30, the first preset moment is the moment when the central frequency point and/or channel bandwidth changes during data transmission; the center frequency point at the first preset moment is the first predetermined moment Set the center frequency point of the minimum noise signal strength at the moment.
  32. 根据权利要求30所述的***,所述认证结果获取模块,还配置为:解密所述加密处理后的认证接收节点ID,获得原始认证接收节点ID;将所述原始认证接收节点ID与预设ID序列号进行对比,对比成功则认证成功通过,对比失败则认证未成功通过。According to the system according to claim 30, the authentication result acquisition module is further configured to: decrypt the encrypted authentication receiving node ID to obtain the original authentication receiving node ID; combine the original authentication receiving node ID with the preset The ID serial numbers are compared. If the comparison is successful, the authentication is passed successfully. If the comparison fails, the authentication is not passed successfully.
  33. 根据权利要求30所述的***,所述第二预设主密钥加密算法为SM3、AES或3DES。The system according to claim 30, the second preset master key encryption algorithm is SM3, AES or 3DES.
  34. 一种宽带认知无线通信***,包括:A broadband cognitive wireless communication system, comprising:
    认证请求获取模块,配置为获取认证发起节点的认证请求;An authentication request acquisition module configured to acquire an authentication request from an authentication initiating node;
    第一输出模块,配置为输出经连接认证密钥加密处理后的认证接收节点ID;The first output module is configured to output the authentication receiving node ID encrypted by the connection authentication key;
    认证结果获取模块,配置为获取认证发起节点经连接认证密钥加密处理后的认证发起节点ID,解析认证发起节点ID,获得认证发起节点认证结果;The authentication result acquisition module is configured to obtain the authentication initiation node ID encrypted by the connection authentication key, parse the authentication initiation node ID, and obtain the authentication initiation node authentication result;
    第二输出模块,配置为根据成功通过的认证发起节点认证结果和获取的成功通过的认证接收节点认证结果,与认证发起节点交互加密处理后的待传输数据信息;The second output module is configured to exchange encrypted data information to be transmitted with the authentication initiating node according to the authentication result of the successfully passed authentication initiating node and the obtained authentication result of the successfully passing authentication receiving node;
    其中,所述连接认证密钥由第一预设主密钥加密算法对认证请求发出时刻的时间戳、中心频点和预设信道带宽进行加密运算获得。Wherein, the connection authentication key is obtained by encrypting the time stamp at the moment when the authentication request is issued, the central frequency point, and the preset channel bandwidth by the first preset master key encryption algorithm.
  35. 根据权利要求34所述的***,所述认证结果获取模块,还配置为:基于所述连接认证密钥解密所述加密处理后的认证发起节点ID,获得原始认证发起节点ID;将所述原始认证发起节点ID与预设ID序列号进行对比,对比成功则认证成功通过,对比失败则认证未成功通过。According to the system according to claim 34, the authentication result acquisition module is further configured to: decrypt the encrypted authentication initiation node ID based on the connection authentication key to obtain the original authentication initiation node ID; The authentication initiating node ID is compared with the preset ID serial number. If the comparison is successful, the authentication is passed successfully, and if the comparison fails, the authentication is not passed successfully.
  36. 根据权利要求34所述的***,所述认证请求发出时刻的中心频点为认证请求发出时刻的最小噪声信号强度的中心频点。According to the system according to claim 34, the center frequency point at the time when the authentication request is sent is the center frequency point with the minimum noise signal strength at the time when the authentication request is sent out.
  37. 根据权利要求34所述的***,所述第一预设主密钥加密算法为SM3、AES或3DES。The system according to claim 34, the first preset master key encryption algorithm is SM3, AES or 3DES.
  38. 一种宽带认知无线通信***,包括:A broadband cognitive wireless communication system, comprising:
    认证请求获取模块,配置为获取认证发起节点的认证请求;An authentication request acquisition module configured to acquire an authentication request from an authentication initiating node;
    第一输出模块,配置为输出加密处理后的认证接收节点ID;The first output module is configured to output the encrypted authentication receiving node ID;
    认证结果获取模块,配置为获取认证发起节点加密处理后的认证发起节点ID,解析认证发起节点ID,获得认证发起节点认证结果;The authentication result obtaining module is configured to obtain the authentication initiation node ID encrypted by the authentication initiation node, parse the authentication initiation node ID, and obtain the authentication initiation node authentication result;
    第二输出模块,配置为根据成功通过的认证发起节点认证结果和获取的成功通过的认证接收节点认证结果,与认证发起节点交互经链路信息加密密钥加密处理后的待传输数据信息;The second output module is configured to interact with the authentication initiating node according to the authentication result of the successfully passed authentication initiating node and the acquired authentication result of the successfully passing authentication receiving node, which has been encrypted by the link information encryption key to transmit data information;
    其中,所述链路信息加密密钥由第二预设主密钥加密算法对第一预设时刻的时间戳、中心频点和信道带宽进行加密运算获得。Wherein, the link information encryption key is obtained by encrypting the time stamp, center frequency point, and channel bandwidth at the first preset moment with a second preset master key encryption algorithm.
  39. 根据权利要求38所述的***,所述认证结果获取模块,还配置为:解密所述加密处理后的认证发起节点ID,获得原始认证发起节点ID;将所述原始认证发起节点ID与预设ID序列号进行对比,对比成功则认证成功通过,对比失败则认证未成功通过。According to the system according to claim 38, the authentication result acquisition module is further configured to: decrypt the encrypted authentication initiation node ID to obtain the original authentication initiation node ID; The ID serial numbers are compared. If the comparison is successful, the authentication is passed successfully. If the comparison fails, the authentication is not passed successfully.
  40. 根据权利要求38所述的***,所述第一预设时刻为数据传输过程中,中心频点和/或信道带宽发生变化的时刻;所述第一预设时刻的中心频点为第一预设时刻的最小噪声信号强度的中心频点。According to the system according to claim 38, the first preset moment is the moment when the central frequency point and/or channel bandwidth changes during data transmission; the center frequency point at the first preset moment is the first predetermined moment Set the center frequency point of the minimum noise signal strength at the moment.
  41. 根据权利要求38所述的***,所述第二预设主密钥加密算法为SM3、AES或3DES。The system according to claim 38, the second preset master key encryption algorithm is SM3, AES or 3DES.
  42. 一种电子设备,包括:An electronic device comprising:
    存储器,配置为存储可执行指令;memory configured to store executable instructions;
    处理器,配置为执行所述存储器中存储的可执行指令时,实现权利要求1至6任一项,或权利要求7至9任一项,或权利要求10至13任一项,或权利要求14至17任一项,或权利要求18至21任一项,或权利要求22至25任一项所述宽带认知无线通信方法的步骤。When the processor is configured to execute the executable instructions stored in the memory, any one of claims 1 to 6, or any one of claims 7 to 9, or any one of claims 10 to 13, or any one of claims The steps of any one of 14 to 17, or any one of claims 18 to 21, or any one of claims 22 to 25, of the broadband cognitive wireless communication method.
  43. 一种计算机可读存储介质,存储有计算机可执行指令,所述计算机可执行指令配置为引起处理器执行时,实现权利要求1至6任一项,或权利要求7至9任一项,或权利要求10至13任一项,或权利要求14至17任一项,或权利要求18至21任一项,或权利要求22至25任一项所述宽带认知无线通信方法的步骤。A computer-readable storage medium storing computer-executable instructions configured to cause a processor to implement any one of claims 1 to 6, or any one of claims 7 to 9, or The steps of any one of claims 10 to 13, or any one of claims 14 to 17, or any one of claims 18 to 21, or any one of claims 22 to 25, of the broadband cognitive wireless communication method.
PCT/CN2022/103360 2021-09-02 2022-07-01 Broadband cognitive radio communication method and system, device, and storage medium WO2023029723A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202111029106.0 2021-09-02
CN202111029106.0A CN113473468B (en) 2021-09-02 2021-09-02 Broadband cognitive wireless communication method and system

Publications (1)

Publication Number Publication Date
WO2023029723A1 true WO2023029723A1 (en) 2023-03-09

Family

ID=77867287

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2022/103360 WO2023029723A1 (en) 2021-09-02 2022-07-01 Broadband cognitive radio communication method and system, device, and storage medium

Country Status (2)

Country Link
CN (1) CN113473468B (en)
WO (1) WO2023029723A1 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113473468B (en) * 2021-09-02 2021-11-23 中国电力科学研究院有限公司 Broadband cognitive wireless communication method and system

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105323754A (en) * 2014-07-29 2016-02-10 北京信威通信技术股份有限公司 Distributed authentication method based on pre-shared key
CN106034028A (en) * 2015-03-17 2016-10-19 阿里巴巴集团控股有限公司 Terminal equipment authentication method, apparatus and system thereof
US20180109521A1 (en) * 2016-10-14 2018-04-19 Industry-Academic Cooperation Foundation Halla University Method of mutual authentication between agent and data manager in u-health environment
WO2018127118A1 (en) * 2017-01-06 2018-07-12 ***通信有限公司研究院 Identity authentication method and device
CN112785734A (en) * 2020-12-29 2021-05-11 瓴盛科技有限公司 Electronic toll collection system and method based on bidirectional authentication
CN113473468A (en) * 2021-09-02 2021-10-01 中国电力科学研究院有限公司 Broadband cognitive wireless communication method and system

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2375005B (en) * 2001-04-23 2003-07-09 Motorola Inc Communication system, communication unit and method for dynamically changing an encryption key
EP2829010B1 (en) * 2012-03-20 2020-11-04 Irdeto B.V. Updating key information
US10348704B2 (en) * 2015-07-30 2019-07-09 Helder Silvestre Paiva Figueira Method for a dynamic perpetual encryption cryptosystem
CN110768787B (en) * 2018-07-27 2022-12-13 ***通信集团吉林有限公司 Data encryption and decryption method and device
CN112511514A (en) * 2020-11-19 2021-03-16 平安普惠企业管理有限公司 HTTP encrypted transmission method and device, computer equipment and storage medium
CN112788036B (en) * 2021-01-13 2022-12-27 中国人民财产保险股份有限公司 Identity verification method and device

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105323754A (en) * 2014-07-29 2016-02-10 北京信威通信技术股份有限公司 Distributed authentication method based on pre-shared key
CN106034028A (en) * 2015-03-17 2016-10-19 阿里巴巴集团控股有限公司 Terminal equipment authentication method, apparatus and system thereof
US20180109521A1 (en) * 2016-10-14 2018-04-19 Industry-Academic Cooperation Foundation Halla University Method of mutual authentication between agent and data manager in u-health environment
WO2018127118A1 (en) * 2017-01-06 2018-07-12 ***通信有限公司研究院 Identity authentication method and device
CN112785734A (en) * 2020-12-29 2021-05-11 瓴盛科技有限公司 Electronic toll collection system and method based on bidirectional authentication
CN113473468A (en) * 2021-09-02 2021-10-01 中国电力科学研究院有限公司 Broadband cognitive wireless communication method and system

Also Published As

Publication number Publication date
CN113473468A (en) 2021-10-01
CN113473468B (en) 2021-11-23

Similar Documents

Publication Publication Date Title
JP6592578B2 (en) Method and apparatus for self-configuring a base station
Kumkar et al. Vulnerabilities of Wireless Security protocols (WEP and WPA2)
US9392453B2 (en) Authentication
Mavridis et al. Real-life paradigms of wireless network security attacks
Noh et al. Secure key exchange scheme for WPA/WPA2-PSK using public key cryptography
WO2023029723A1 (en) Broadband cognitive radio communication method and system, device, and storage medium
Xing et al. Security analysis and authentication improvement for ieee 802.11 i specification
Singh et al. Elliptic curve cryptography based mechanism for secure Wi-Fi connectivity
Barka et al. On the Impact of Security on the Performance of WLANs.
Jindal et al. Comparative Study On IEEE 802.11 Wireless Local Area Network Securities.
Boulmalf et al. Analysis of the effect of security on data and voice traffic in WLAN
Teyou et al. Solving downgrade and dos attack due to the four ways handshake vulnerabilities (WIFI)
Kaur Wireless security issues and their emerging trends
Mehto et al. An enhanced authentication mechanism for IEEE 802.16 (e) mobile WiMAX
Woo et al. A Study of WiMAX Security threats and Their Solution
Murugesan et al. Closed WiFi Hotspot-Truly Hidden Network
Huang et al. WLAN authentication system based on the improved EAP-TLS protocol
Amin et al. SLiFi: Exploiting Visible Light Communication VLC to Authenticate WiFi Access Points
Rekhis et al. WiMAX Security Defined in 802.16 Standards
BANSAL et al. COMPARISON OF VARIOUS WLAN SECURITIES
Singh et al. A Survey of Security Threats and Authentication Schemes in WiMAX
Siddiqui et al. Security analysis of the WiMAX technology in Wireless Mesh networks
Gin The Performance of the IEEE 802.11 i Security Specification on Wireless LANs
Saeed et al. Wimax security analysis
Sun A Study of Wireless Network Security

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 22862864

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE