[go: up one dir, main page]

CN114513781B - Identity authentication method and data encryption and decryption method for air traffic control intelligent station - Google Patents

Identity authentication method and data encryption and decryption method for air traffic control intelligent station Download PDF

Info

Publication number
CN114513781B
CN114513781B CN202210129639.4A CN202210129639A CN114513781B CN 114513781 B CN114513781 B CN 114513781B CN 202210129639 A CN202210129639 A CN 202210129639A CN 114513781 B CN114513781 B CN 114513781B
Authority
CN
China
Prior art keywords
intelligent station
data
background server
ciphertext
key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202210129639.4A
Other languages
Chinese (zh)
Other versions
CN114513781A (en
Inventor
张颖
王岩磊
刘亮
邹斌斌
张建杰
任航
潘旋
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
EASTERN CHINA AIR TRAFFIC MANAGEMENT BUREAU CAAC
Qingdao Civil Aviation Atc Industry Development Co ltd
Original Assignee
EASTERN CHINA AIR TRAFFIC MANAGEMENT BUREAU CAAC
Qingdao Civil Aviation Atc Industry Development Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by EASTERN CHINA AIR TRAFFIC MANAGEMENT BUREAU CAAC, Qingdao Civil Aviation Atc Industry Development Co ltd filed Critical EASTERN CHINA AIR TRAFFIC MANAGEMENT BUREAU CAAC
Priority to CN202210129639.4A priority Critical patent/CN114513781B/en
Publication of CN114513781A publication Critical patent/CN114513781A/en
Application granted granted Critical
Publication of CN114513781B publication Critical patent/CN114513781B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/043Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
    • H04W12/0431Key distribution or pre-distribution; Key agreement
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/085Secret sharing or secret splitting, e.g. threshold schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/041Key generation or derivation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y04INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
    • Y04SSYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
    • Y04S40/00Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
    • Y04S40/20Information technology specific aspects, e.g. CAD, simulation, modelling, system security

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention belongs to the technical field of data encryption, and discloses an identity authentication method and a data encryption and decryption method for an air traffic control intelligent station. The method comprises the steps of carrying out application-level source encryption on relevant real-time data of air management equipment at a source, realizing end-to-end confidentiality protection of the relevant real-time data on a full link, completing session key distribution and identity authentication on an unsafe channel, and enabling communication data to exist in a ciphertext form in the whole transmission process through session encryption. The identity authentication method comprises intelligent station terminal acquisition equipment, an intelligent station background server and a KDC key distribution center; before each communication, the intelligent station side acquisition equipment and the intelligent station background server carry out identity verification and key distribution through a KDC key distribution center. The data encryption and decryption method comprises the steps that data information from the intelligent station terminal acquisition equipment to the intelligent station background server is encrypted and decrypted; the intelligent station background server encrypts and decrypts the data message from the intelligent station terminal side acquisition equipment.

Description

Identity authentication method and data encryption and decryption method for air traffic control intelligent station
Technical Field
The invention belongs to the technical field of data encryption, and particularly relates to an identity authentication method and a data encryption and decryption method of an air management intelligent station.
Background
The new application, the new technology and the introduction of a new air interface in the 5G network ensure the openness and the flexibility of the network, and enlarge the attack surface of the network at the same time, and the integrity of the information needs the communication system to ensure that the information is not tampered or replaced in the transmission process. Man-in-the-middle (MAN IN THE MIDDLE, MITM) attacks are a common way of breaking the integrity of information by secretly controlling the communication channel between two legitimate communicating parties, intercepting, modifying and replacing communication messages that are more likely to be attacked by MITM due to the broadcast nature of wireless communications. The separation of the user plane and the control plane is an important feature of the 5G core network, which makes the user plane more flexible and lays a foundation for reducing time delay and edge calculation. The addition of relay nodes and edge nodes presents a significant challenge to the integrity of the information as each node can be targeted for MITM attacker attacks. In the core network, an attacker can manipulate the network configuration data using network vulnerabilities, thereby affecting the integrity of the information. At the edge node, an attacker can deploy his own gateway device through a fake mobile edge computing (mobile edge computing, MEC) gateway, resulting in the same effect as man-in-the-middle attacks.
The strong and flexible technical characteristics of the 5G network can relieve the transmission pressure of large data traffic of the intelligent station, but the existing security protection technology of the 5G network is based on the encryption technology of the link layer, such as IPsec/TSL and the like, the data encryption technology belongs to the encryption mode of the link level, a few papers are used recently to realize the attack of the encryption mode, and the protection security problem of the link level is endless. Encryption of data in 5G networks is confidentiality protected at the link level, providing only point-to-point security protection. If the communication link is attacked by the man-in-the-middle, after the relevant data packet of key negotiation and authentication is intercepted, an attacker can steal, tamper and the like the communication data.
The intelligent station for air traffic control is professional software for guiding the outer station, shelter and machine room to realize remote real-time monitoring, intelligent troubleshooting, operation maintenance and visual analysis. Through technologies such as the Internet, operation and maintenance personnel are assisted to master on-site dynamics at the first time, and intelligent operation and maintenance are realized. The air traffic control operation maintenance efficiency is effectively improved, and the intelligent operation and maintenance management capability is improved. The intelligent station system adopts a distributed architecture, and data acquisition equipment is arranged at the far-end station side to transmit data such as the monitoring of the movable ring and the air management equipment on the station to a central background server for centralized processing.
Because the confidentiality requirement of the air-traffic intelligent station data is high, the transmission mode of renting or self-building point-to-point special lines or bare optical fibers is mostly adopted at present, but the transmission mode has a plurality of problems, such as high cost of a special link of a remote station, single link mode, lack of effective air-traffic link backup, high damage risk of the special communication line, long recovery time and the like.
Disclosure of Invention
Aiming at the defects existing in the prior art, the technical problem to be solved by the invention is to carry out application-level source encryption on the related real-time data of the air management device at the source, realize the end-to-end confidentiality protection of the related real-time data on the whole link, finish the session key distribution and the identity authentication on the unsafe channel, and enable the communication data to exist in the form of ciphertext in the whole transmission process through session encryption.
The present application provides an identity authentication method for intelligent station of air traffic control,
The intelligent station terminal side acquisition equipment, the intelligent station background server and the KDC secret key distribution center are included;
before each communication, the intelligent station side acquisition equipment and the intelligent station background server carry out identity verification and key distribution through a KDC key distribution center.
The identity authentication method of the intelligent air management station comprises the following steps:
S100, the intelligent station side acquisition equipment sends a unique number of the intelligent station side acquisition equipment and a unique number of a background server of the intelligent station to a KDC secret key distribution center;
S110, after receiving the request, the KDC secret key distribution center randomly generates a session key K S,C, then respectively generates notes T C and T S, and finally sends a note T S to the intelligent station side acquisition equipment;
Generating a bill T C according to formula 1;
T C=E(KC,(IDS,KS,C)) formula 1;
generating a bill T S according to formula 2;
T S=E(KS,(IDC,KS,C,TC)) formula 2;
s120, after receiving the bill T S, the intelligent station side acquisition equipment decrypts by using K S to obtain session keys K S,C and T C, encrypts the current time stamp T S and the data check sum ChS by using the session keys to generate an authentication factor A, and sends the authentication factor A and the authentication factor T C to the intelligent station background server;
generating an authentication factor A according to a formula 3;
a=e (K S,C, (TS, chS)) equation 3;
S130, after receiving a bill T C and an authentication factor A, the intelligent station background server decrypts T C by using K C to obtain a session key K S,C, then decrypts the authentication factor A by using K S,C to obtain a time stamp T S and a data check sum ChS, and if the time stamp T S is within 3 minutes above and below the current time and appears for the first time, checking whether the data check sum ChS is correct or not, and if both pass, entering the next step;
And S140, the intelligent station background server encrypts the received time stamp T S by using the session key K S,C after increasing 1, and sends the encrypted time stamp T S to the intelligent station side acquisition equipment to finish bidirectional authentication.
The identity authentication method of the intelligent station,
ID X: the unique names of the intelligent station terminal side acquisition equipment or the intelligent station background server are respectively represented;
The K S: the key is pre-shared between the KDC key distribution center and the intelligent station side acquisition equipment;
The K C: the key is pre-shared between the KDC key distribution center and the intelligent station background server;
the T S: the KDC key distribution center encrypts bill information by using a K S key;
The T C: the KDC key distribution center encrypts bill information by using a K C key;
the K S,C: the intelligent station terminal side acquisition equipment communicates session keys with the intelligent station background server.
The identity authentication method of the intelligent station,
The intelligent station terminal side acquisition equipment performs identity verification and key distribution and comprises the following steps:
S200, checking whether a KDC secret key distribution center address and a background server address of the intelligent station in configuration information set by an administrator can be connected, if so, prompting that the configuration information is wrong, ending the total flow, and if so, continuing the next step;
s210, connecting a KDC secret key distribution center and sending two parts of contents to the KDC secret key distribution center, wherein one part is a unique number identifier of the intelligent station terminal side acquisition equipment, and the other part is a server number identifier consisting of an IP address and a connection port number of a background server of the intelligent station;
S220, receiving data sent by the KDC key distribution center and checking whether the data is bill information, if not, indicating that errors occur when the KDC key distribution center generates bills, prompting error information and ending the total flow, and if the data is determined to be bill information, performing the next step;
S230, decrypting the bill of the current equipment in the received data by using the pre-shared key to obtain a session key and identification information, if the identification information is inconsistent with the current network equipment, prompting error information and returning to the step S210, re-applying for the bill to the KDC, and if the identification information is correct, continuing the next step;
S240, encrypting the current time stamp and a random check value by using the session key, connecting the authentication factor with a background server of the intelligent station, and sending the other bill together with the authentication factor to the background server of the intelligent station;
S250, checking data returned by the intelligent station background server, returning to the step S210 if the data is error information, otherwise decrypting ciphertext data transmitted by the server by using a session key, completing bidirectional identity authentication if the plaintext is the timestamp value sent in the step S230 and is self-increased by 1, and returning to the step S210 to carry out identity authentication and key distribution again if authentication fails.
The identity authentication method of the intelligent station,
The intelligent station background server performs identity verification and key distribution and comprises the following steps:
S300, starting bill receiving service and monitoring a Socket port;
S310, receiving a connection request of network equipment and receiving bill information and an authentication factor;
S320, decrypting the bill information by using the pre-shared key to obtain a session key and network equipment identification information, if the identification information is inconsistent with the network equipment operated by the current encryption agent, sending error information to the exchange end and preparing to re-receive the bill, and if the identification information is correct, continuing the next step;
S330, decrypting the authentication factor by using the session key to obtain a time stamp and a random number, if the time stamp is within 3 minutes above and below the current time and appears for the first time, checking whether the check value format is correct, if both cannot pass, sending error information to an SDN switch end and returning to the step S310, preparing to re-receive the bill, and if both can pass, entering the next step;
S340, the correct time stamp is independently encrypted by the session key after being added with 1, and then the encrypted time stamp is sent to the intelligent station side acquisition equipment for completing bidirectional identity authentication.
The application also provides a data encryption and decryption method, which is used for carrying out encryption and decryption communication after the identity authentication and key distribution of the identity authentication method of the air management intelligent station mentioned in the foregoing, and comprises the following steps:
the intelligent station terminal side acquisition equipment encrypts and decrypts the data message from the intelligent station terminal side acquisition equipment to the intelligent station background server;
the intelligent station background server encrypts and decrypts the data message from the intelligent station terminal side acquisition equipment.
The data encryption and decryption method described above,
The data message encryption and decryption from the intelligent station terminal side acquisition equipment to the intelligent station background server comprises the following steps:
S400, a source encryption program on the intelligent station side acquisition equipment carries out source encryption on the application layer original data SM 0, and then calculates an HMAC authentication code of a ciphertext to be added at the back to form a ciphertext SM e1;
generating ciphertext SM e1 according to equation 4;
SM e1=E(EKs,c,SM0)||HMAC(MKs,c,E(EKs,c,SM0)) formula 4;
S410, encrypting the ciphertext SM e1 at a transmission layer through TLS, and sending the ciphertext SM e2 to the intermediate device;
generating ciphertext SM e2 according to equation 5;
SM e2=E(EKs,md,SMe1) equation 5;
S420, after receiving the ciphertext SM e2, the intermediate device decrypts the ciphertext SM e1 by using the TLS key EK s,md negotiated with the intelligent station end side acquisition device, and encrypts the TLS key EK c,md negotiated with the intelligent station background server by using the intermediate device And sending the data to a background server of the intelligent station;
generating ciphertext SM e1 according to formula 6;
SM e1=D(EKs,md,SMe2) equation 6;
generating ciphertext according to equation 7
S430, the encryption and decryption agent receives the ciphertextThen, decrypting the message into SM e1 by using the TLS key, if the message SM e1 is successfully verified by using the HMAC message authentication code, decrypting the message into plaintext SM 0 by using the source encryption key, and discarding the message if the verification fails;
generating ciphertext SM e1 according to equation 8;
Generating a plaintext SM 0 according to equation 9;
SM 0=D(EKs,c,SMe1) equation 9.
The data encryption and decryption method described above,
The data message encryption and decryption from the intelligent station background server to the intelligent station terminal side acquisition equipment comprises the following steps:
S500, an encryption and decryption program on a background server of the intelligent station carries out source encryption on the original data RM 0 of the application layer, calculates an HMAC authentication code of the ciphertext and attaches the HMAC authentication code to the tail part to form the ciphertext RM e1;
generating ciphertext RM e1 according to equation 10;
RM e1=E(EKs,c,RM0)||HMAC(MKs,c,E(EKs,c,RM0)) formula 10;
S510, the RM e1 encrypts in a transmission layer through TLS, and then sends a ciphertext RM e2 to the intermediate device; generating ciphertext RM e2 according to equation 11;
RM e2=E(EKc,md,RMe1) equation 11;
S520, after the intermediate device receives the ciphertext RM e2, decrypting the ciphertext RM e1 by using the TLS key EK c,md negotiated with the intelligent station background server, encrypting the RM e1 by using the TLS key EK s,md negotiated with the intelligent station side acquisition device And sending the data to intelligent station terminal side acquisition equipment;
Generating ciphertext RM e1 according to equation 12;
RM e1=D(EKc,md,RMe2) equation 12;
ciphertext generation according to equation 13
S530, receiving ciphertext by encryption and decryption programs on intelligent station side acquisition equipmentThen, decrypting the original data into RM e1 by using the TLS key, and decrypting the original data into plaintext RM 0 by using the source encryption key;
Generating RM e1 according to equation 14;
generating RM 0 according to equation 15;
RM 0=D(EKs,c,RMe1) equation 15.
The data encryption and decryption method described above,
The MK s,c: a key between s and c to calculate a message authentication code;
The EK s,c: a symmetric encryption key between s and c;
The SM 0: the station side collects the original information (plain text) from the equipment;
a source encrypted message (ciphertext) of the SM e1:SM0;
TLS encrypted message (ciphertext) of the SM e2:SMe1;
the RM 0: original message (plaintext) from background server;
a source encrypted message (ciphertext) of the RM e1:RM0;
The TLS of the RM e2:RMe1 encrypts the message (ciphertext).
The data encryption and decryption method described above,
The intermediate device is any one of gateway related devices in the 5G wireless open network or transmission devices of user interfaces in the 5G core network or an attacker initiating man-in-the-middle attack.
The invention is to instruct the air traffic control intelligent station system to carry out application-level source encryption on relevant real-time data of air traffic control equipment at the source under a high-speed and open 5G network transmission link, so as to realize the end-to-end confidentiality protection of the relevant real-time data on the whole link, and the method can carry out integrity check and replay attack resistance on the transmission data through a relevant algorithm of cryptography, so as to realize whether the data can be actively perceived to be tampered or replayed, finally, the method can realize that session key distribution and identity authentication can be completed on an unsafe channel, and the communication data is in ciphertext form in the whole transmission process through session encryption, and can judge whether the data is tampered or replayed through an authentication mechanism calculation result after the data is decrypted into plaintext, thereby effectively improving the transmission security of the air traffic control equipment data in the 5G network.
Drawings
FIG. 1 is a schematic diagram of a KDC key distribution center authentication process according to the present invention;
FIG. 2 is a schematic diagram of the authentication and key distribution process performed by the intelligent station side acquisition device according to the present invention;
FIG. 3 is a schematic diagram of the authentication and key distribution process performed by the intelligent station background server of the present invention;
Fig. 4 is a schematic diagram of a data message encryption and decryption process between the intelligent station terminal side acquisition device and the intelligent station background server according to the present invention.
Detailed Description
The present application will be described in further detail with reference to the drawings and examples, in order to make the objects, technical solutions and advantages of the present application more apparent. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the application.
An identity authentication method for an air management intelligent station, as shown in figure 1,
The intelligent station terminal side acquisition device comprises intelligent station terminal side acquisition equipment 1, an intelligent station background server 2 and a KDC key distribution center 3; before each communication between the intelligent station side acquisition device 1 and the intelligent station background server 2, both communication parties perform identity verification and key distribution through the KDC key distribution center 3. And finally, carrying out encrypted communication by using the distributed key.
The identity authentication method uses a key distribution center (Key Distribution Center, KDC) to perform identity authentication and session key distribution on both communication parties. The following is a symbol definition used to describe the authentication process:
ID X: the unique names of the intelligent station terminal side acquisition equipment or the intelligent station background server are respectively represented;
The K S: the key is pre-shared between the KDC key distribution center and the intelligent station side acquisition equipment;
The K C: the key is pre-shared between the KDC key distribution center and the intelligent station background server;
the T S: the KDC key distribution center encrypts bill information by using a K S key;
The T C: the KDC key distribution center encrypts bill information by using a K C key;
the K S,C: the intelligent station terminal side acquisition equipment communicates session keys with the intelligent station background server.
Further, as shown in fig. 1, the identity authentication method of the intelligent station comprises the following steps: s100, the intelligent station side acquisition equipment sends a unique number of the intelligent station side acquisition equipment and a unique number of a background server of the intelligent station to a KDC secret key distribution center;
S110, after receiving the request, the KDC secret key distribution center randomly generates a session key K S,C, then respectively generates notes T C and T S, and finally sends a note T S to the intelligent station side acquisition equipment;
Generating a bill T C according to formula 1;
t C=E(KC,(IDS,TS,C)) formula 1;
generating a bill T S according to formula 2;
T S=E(KS,(IDC,KS,C,TC)) formula 2;
s120, after receiving the bill T S, the intelligent station side acquisition equipment decrypts by using K S to obtain session keys K S,C and T C, encrypts the current time stamp T S and the data check sum ChS by using the session keys to generate an authentication factor A, and sends the authentication factor A and the authentication factor T C to the intelligent station background server;
generating an authentication factor A according to a formula 3;
A=e (K S,C,(TS, chS)) formula 3;
S130, after receiving a bill T C and an authentication factor A, the intelligent station background server decrypts T C by using K C to obtain a session key K S,C, then decrypts the authentication factor A by using K S,C to obtain a time stamp T S and data check sum ChS, if the time stamp TS is within 3 minutes above and below the current time and appears for the first time, checking whether the data check sum ChS is correct, and if the data check sum ChS is passing, entering the next step;
and S140, the intelligent station background server encrypts the received time stamp TS by using the session key K S,C after the received time stamp TS is increased by 1, and sends the encrypted time stamp TS to the intelligent station side acquisition equipment to finish bidirectional authentication.
It can be seen that in the identity authentication and key distribution process of the identity authentication method, any communication data packet is encrypted by the pre-shared key, and the pre-shared key is only held by authorized network equipment, so that an unauthorized user cannot know the communication content even if the unauthorized user obtains all communication data in the process; moreover, the intelligent station terminal side acquisition device 1 introduces a time stamp TS into the authentication factor A sent by the intelligent station background server 2, the intelligent station background server 2 needs to be compared with the current time in verification, and the time stamp can pass verification only when the time stamp appears for the first time. In this way, an attacker cannot impersonate the acquisition device for access by replaying the authentication factor; after receiving the authentication factor a, the intelligent station background server 2 decrypts the timestamp TS with the session key K S,C, and then needs to encrypt the timestamp TS with K S,C alone and send the encrypted timestamp TS back to the intelligent station terminal acquisition device 1 to complete the bidirectional authentication.
Further, as shown in fig. 2, the identity authentication method of the intelligent station for air management,
The intelligent station terminal side acquisition equipment performs identity verification and key distribution and comprises the following steps:
S200, checking whether a KDC secret key distribution center address and a background server address of the intelligent station in configuration information set by an administrator can be connected, if so, prompting that the configuration information is wrong, ending the total flow, and if so, continuing the next step;
s210, connecting a KDC secret key distribution center and sending two parts of contents to the KDC secret key distribution center, wherein one part is a unique number identifier of the intelligent station terminal side acquisition equipment, and the other part is a server number identifier consisting of an IP address and a connection port number of a background server of the intelligent station;
S220, receiving data sent by the KDC key distribution center and checking whether the data is bill information, if not, indicating that errors occur when the KDC key distribution center generates bills, prompting error information and ending the total flow, and if the data is determined to be bill information, performing the next step;
S230, decrypting the bill of the current equipment in the received data by using the pre-shared key to obtain a session key and identification information, if the identification information is inconsistent with the current network equipment, prompting error information and returning to the step S210, re-applying for the bill to the KDC, and if the identification information is correct, continuing the next step;
S240, encrypting the current time stamp and a random check value by using the session key, connecting the authentication factor with a background server of the intelligent station, and sending the other bill together with the authentication factor to the background server of the intelligent station;
S250, checking data returned by the intelligent station background server, returning to the step S210 if the data is error information, otherwise decrypting ciphertext data transmitted by the server by using a session key, completing bidirectional identity authentication if the plaintext is the timestamp value sent in the step S230 and is self-increased by 1, and returning to the step S210 to carry out identity authentication and key distribution again if authentication fails.
Further, as shown in fig. 3, the identity authentication method of the air management intelligent station, the intelligent station background server performs identity authentication and key distribution, and the method comprises the following steps:
S300, starting bill receiving service and monitoring a Socket port;
S310, receiving a connection request of network equipment and receiving bill information and an authentication factor;
S320, decrypting the bill information by using the pre-shared key to obtain a session key and network equipment identification information, if the identification information is inconsistent with the network equipment operated by the current encryption agent, sending error information to the exchange end and preparing to re-receive the bill, and if the identification information is correct, continuing the next step;
S330, decrypting the authentication factor by using the session key to obtain a time stamp and a random number, if the time stamp is within 3 minutes above and below the current time and appears for the first time, checking whether the check value format is correct, if both cannot pass, sending error information to an SDN switch end and returning to the step S310, preparing to re-receive the bill, and if both can pass, entering the next step;
S340, the correct time stamp is independently encrypted by the session key after being added with 1, and then the encrypted time stamp is sent to the intelligent station side acquisition equipment for completing bidirectional identity authentication.
As shown in fig. 4, the data encryption and decryption method is used for encrypting and decrypting the identity authentication and key distribution of the air management intelligent station, and the data encryption and decryption method comprises the following steps:
the intelligent station terminal side acquisition equipment encrypts and decrypts the data message from the intelligent station terminal side acquisition equipment to the intelligent station background server;
the intelligent station background server encrypts and decrypts the data message from the intelligent station terminal side acquisition equipment.
The method adopts a mode of encrypting communication data at the source to ensure that the data exists in a ciphertext mode in the whole communication process, and provides end-to-end data protection capability for both communication parties. Taking a 5G network to open TLS secure transmission mode as an example, the following is a symbol definition used to describe encryption and decryption processes:
The MK s,c: a key between s and c to calculate a message authentication code;
The EK s,c: a symmetric encryption key between s and c;
The SM 0: the station side collects the original information (plain text) from the equipment;
a source encrypted message (ciphertext) of the SM e1:SM0;
TLS encrypted message (ciphertext) of the SM e2:SMe1;
the RM 0: original message (plaintext) from background server;
a source encrypted message (ciphertext) of the RM e1:RM0;
The TLS of the RM e2:RMe1 encrypts the message (ciphertext).
Further, as shown in fig. 4, the data encryption and decryption method,
The data message encryption and decryption from the intelligent station terminal side acquisition equipment to the intelligent station background server comprises the following steps:
S400, a source encryption program on the intelligent station side acquisition equipment carries out source encryption on the application layer original data SM 0, and then calculates an HMAC authentication code of a ciphertext to be added at the back to form a ciphertext SM e1;
generating ciphertext SM e1 according to equation 4;
SM e1=E(EKs,c,SM0)||HMAC(MKs,c,E(EKs,c,SM0)) formula 4;
S410, encrypting the ciphertext SM e1 at a transmission layer through TLS, and sending the ciphertext SM e2 to the intermediate device;
generating ciphertext SM e2 according to equation 5;
SM e2=E(EKs,md,SMe1) equation 5;
S420, after receiving the ciphertext SM e2, the intermediate device decrypts the ciphertext SM e1 by using the TLS key EK s,md negotiated with the intelligent station end side acquisition device, and encrypts the TLS key EK c,md negotiated with the intelligent station background server by using the intermediate device And sending the data to a background server of the intelligent station;
generating ciphertext SM e1 according to formula 6;
SMe 1=D(EKs,md,SMe2) equation 6;
generating ciphertext according to equation 7
S430, the encryption and decryption agent receives the ciphertextThen, decrypting the message into SM e1 by using the TLS key, if the message SM e1 is successfully verified by using the HMAC message authentication code, decrypting the message into plaintext SM 0 by using the source encryption key, and discarding the message if the verification fails;
generating ciphertext SM e1 according to equation 8;
Generating a plaintext SM 0 according to equation 9;
SM 0=D(EKs,c,SMe1) equation 9.
Further, as shown in fig. 4, the data encryption and decryption method,
The data message encryption and decryption from the intelligent station background server to the intelligent station terminal side acquisition equipment comprises the following steps:
S500, an encryption and decryption program on a background server of the intelligent station carries out source encryption on the original data RM 0 of the application layer, calculates an HMAC authentication code of the ciphertext and attaches the HMAC authentication code to the tail part to form the ciphertext RM e1;
generating ciphertext RM e1 according to equation 10;
RM e1=E(EKs,c,RM0)||HMAC(MKs,c,E(EKs,c,RM0)) formula 10;
S510, the RM e1 encrypts in a transmission layer through TLS, and then sends a ciphertext RM e2 to the intermediate device; generating ciphertext RM e2 according to equation 11;
RM e2=E(EKc,md,RMe1) equation 11;
S520, after the intermediate device receives the ciphertext RM e2, decrypting the ciphertext RM e1 by using the TLS key EK c,md negotiated with the intelligent station background server, encrypting the RM e1 by using the TLS key EK s,md negotiated with the intelligent station side acquisition device And sending the data to intelligent station terminal side acquisition equipment;
Generating ciphertext RM e1 according to equation 12;
RM e1=D(EKc,md,RMe2) equation 12;
ciphertext generation according to equation 13
S530, receiving ciphertext by encryption and decryption programs on intelligent station side acquisition equipmentThen, decrypting the original data into RM e1 by using the TLS key, and decrypting the original data into plaintext RM 0 by using the source encryption key;
Generating RM e1 according to equation 14;
generating RM 0 according to equation 15;
RM 0=D(EKs,c,RMe1) equation 15.
Further, as shown in fig. 4, the intermediate device is in a dashed box, where the intermediate device in the dashed box is any one of a gateway related device in the 5G wireless open network or a transmission device of a user plane in the 5G core network or an attacker initiating man-in-the-middle attack.
As shown in fig. 4, because the message SM 0、RM0 sent by the intelligent station side acquisition device or the intelligent station background server is subjected to the source encryption processing before TLS encryption, during the communication process between the intelligent station side acquisition device or the intelligent station background server, the message is in the form of ciphertext, and even if there is a middleware or man-in-the-middle attack, the middleware can only take the ciphertext SM e1、RMe1 after source encryption, and because only the intelligent station side acquisition device or the intelligent station background server holds the encryption key EK s,c, the middleware cannot decrypt the plaintext. And if the communication message is tampered by an intermediate third party, the receiving end can perceive the security problem on the link because the authentication of the message authentication code cannot be passed after the receiving end reaches the message.
The invention has been described above by way of example with reference to the accompanying drawings, it being apparent that the invention is not limited to the embodiments described above. Various modifications or variations of the present invention may be made by those skilled in the art without departing from the technical spirit of the present invention, and such modifications or variations are, of course, within the scope of the present invention.

Claims (7)

1. An identity authentication method of an air management intelligent station is characterized in that:
the intelligent station terminal side acquisition device comprises intelligent station terminal side acquisition equipment (1), an intelligent station background server (2) and a KDC secret key distribution center (3);
Before each communication, the intelligent station side acquisition equipment (1) and the intelligent station background server (2) carry out identity verification and key distribution through a KDC key distribution center (3);
The method comprises the following steps:
S100, the intelligent station side acquisition equipment sends a unique number of the intelligent station side acquisition equipment and a unique number of a background server of the intelligent station to a KDC secret key distribution center;
S110, after receiving the request, the KDC secret key distribution center randomly generates a session key K S,C, then respectively generates notes T C and T S, and finally sends a note T S to the intelligent station side acquisition equipment;
k S is a pre-shared secret key between the KDC secret key distribution center and the intelligent station side acquisition equipment;
K C is a pre-shared key between the KDC key distribution center and the intelligent station background server;
ID S is the unique name of the intelligent station terminal side acquisition equipment;
ID C is the unique name of the intelligent station background server;
Generating a bill T C according to formula 1;
t C=E(KC,(IDS,KS,C)) formula 1;
generating a bill T S according to formula 2;
T S=E(KS,(IDC,KS,C,TC)) formula 2;
S120, after receiving the bill T S, the intelligent station side acquisition equipment decrypts by using K S to obtain session keys K S,C and T C, encrypts the current time stamp TS and data check and ChS by using the session keys to generate an authentication factor A, and sends the authentication factor A and T C to the intelligent station background server;
generating an authentication factor A according to a formula 3;
A=e (K S,C, (TS, chS)) equation 3;
S130, after receiving a bill T C and an authentication factor A, the intelligent station background server decrypts T C by using K C to obtain a session key K S,C, then decrypts the authentication factor A by using K S,C to obtain a time stamp TS and a data check sum ChS, and if the time stamp TS is within 3 minutes above and below the current time and appears for the first time, checking whether the data check sum ChS is correct, and if the data check sum ChS is passing through, entering the next step;
And S140, the intelligent station background server encrypts the received time stamp TS by using the session key K S,C after the received time stamp TS is increased by 1, and sends the encrypted time stamp TS to the intelligent station side acquisition equipment to finish bidirectional authentication.
2. The identity authentication method of the air management intelligent station according to claim 1, wherein:
the intelligent station terminal side acquisition equipment performs identity verification and key distribution and comprises the following steps:
S200, checking whether a KDC secret key distribution center address and a background server address of the intelligent station in configuration information set by an administrator can be connected, if so, prompting that the configuration information is wrong, ending the total flow, and if so, continuing the next step;
s210, connecting a KDC secret key distribution center and sending two parts of contents to the KDC secret key distribution center, wherein one part is a unique number identifier of the intelligent station terminal side acquisition equipment, and the other part is a server number identifier consisting of an IP address and a connection port number of a background server of the intelligent station;
S220, receiving data sent by the KDC key distribution center and checking whether the data is bill information, if not, indicating that errors occur when the KDC key distribution center generates bills, prompting error information and ending the total flow, and if the data is determined to be bill information, performing the next step;
S230, decrypting the bill of the current equipment in the received data by using the pre-shared key to obtain a session key and identification information, if the identification information is inconsistent with the current network equipment, prompting error information and returning to the step S210, re-applying for the bill to the KDC, and if the identification information is correct, continuing the next step;
S240, encrypting the current time stamp and a random check value by using the session key, connecting the authentication factor with a background server of the intelligent station, and sending the other bill together with the authentication factor to the background server of the intelligent station;
S250, checking data returned by the intelligent station background server, returning to the step S210 if the data is error information, otherwise decrypting ciphertext data transmitted by the server by using a session key, completing bidirectional identity authentication if the plaintext is the timestamp value sent in the step S230 and is self-increased by 1, and returning to the step S210 to carry out identity authentication and key distribution again if authentication fails.
3. The identity authentication method of the air management intelligent station according to claim 2, wherein:
the intelligent station background server performs identity verification and key distribution and comprises the following steps:
S300, starting bill receiving service and monitoring a Socket port;
S310, receiving a connection request of network equipment and receiving bill information and an authentication factor;
S320, decrypting the bill information by using the pre-shared key to obtain a session key and network equipment identification information, if the identification information is inconsistent with the network equipment operated by the current encryption agent, sending error information to the exchange end and preparing to re-receive the bill, and if the identification information is correct, continuing the next step;
S330, decrypting the authentication factor by using the session key to obtain a time stamp and a random number, if the time stamp is within 3 minutes above and below the current time and appears for the first time, checking whether the check value format is correct, if both cannot pass, sending error information to an SDN switch end and returning to the step S310, preparing to re-receive the bill, and if both can pass, entering the next step;
S340, the correct time stamp is independently encrypted by the session key after being added with 1, and then the encrypted time stamp is sent to the intelligent station side acquisition equipment for completing bidirectional identity authentication.
4. A data encryption and decryption method is characterized in that: an identity authentication method for the air management intelligent station according to any one of claims 1-3, which is used for encrypting and decrypting communication after passing through identity authentication and key distribution, the data encryption and decryption method comprises the following steps:
the intelligent station terminal side acquisition equipment encrypts and decrypts the data message from the intelligent station terminal side acquisition equipment to the intelligent station background server;
the data message encryption and decryption from the intelligent station terminal side acquisition equipment to the intelligent station background server comprises the following steps:
s400, a source encryption program on the intelligent station terminal acquisition equipment carries out source encryption on the application layer original data SM 0, then an HMAC authentication code of a ciphertext is calculated and is added to the ciphertext SM e1;EKs,c to form a symmetric encryption key between the intelligent station terminal acquisition equipment and the intelligent station background server; MK s,c is a key for calculating a message authentication code between the intelligent station end side acquisition equipment and the intelligent station background server;
generating ciphertext SM e1 according to equation 4;
SM e1=E(EKs,c,SM0)||HMAC(MKs,c,E(EKs,c,SM0)) formula 4;
S410, encrypting the ciphertext SM e1 at a transmission layer through TLS, and sending the ciphertext SM e2 to the intermediate device;
generating ciphertext SM e2 according to equation 5;
SM e2=E(EKs,md,SMe1) equation 5;
S420, after receiving the ciphertext SM e2, the intermediate device decrypts the ciphertext SM e1 by using the TLS key EK s,md negotiated with the intelligent station end side acquisition device, and encrypts the TLS key EK c,md negotiated with the intelligent station background server by using the intermediate device And sending the data to a background server of the intelligent station;
generating ciphertext SM e1 according to formula 6;
SM e1=D(EKs,md,SMe2) equation 6;
generating ciphertext according to equation 7
S430, the encryption and decryption agent receives the ciphertextThen, decrypting the message into SM e1 by using the TLS key, if the message SM e1 is successfully verified by using the HMAC message authentication code, decrypting the message into plaintext SM 0 by using the source encryption key, and discarding the message if the verification fails;
generating ciphertext SM e1 according to equation 8;
Generating a plaintext SM 0 according to equation 9;
SM 0=D(EKs,c,SMe1) equation 9;
the intelligent station background server encrypts and decrypts the data message from the intelligent station terminal side acquisition equipment.
5. The method for encrypting and decrypting data according to claim 4, wherein:
The data message encryption and decryption from the intelligent station background server to the intelligent station terminal side acquisition equipment comprises the following steps:
S500, an encryption and decryption program on a background server of the intelligent station carries out source encryption on the original data RM 0 of the application layer, calculates an HMAC authentication code of the ciphertext and attaches the HMAC authentication code to the tail part to form the ciphertext RM e1;
generating ciphertext RM e1 according to equation 10;
RM e1=E(EKs,c,RM0)||HMAC(MKs,c,E(EKs,c,RM0)) formula 10;
S510, the RM e1 encrypts in a transmission layer through TLS, and then sends a ciphertext RM e2 to the intermediate device; generating ciphertext RM e2 according to equation 11;
RM e2=E(EKc,md,RMe1) equation 11;
S520, after the intermediate device receives the ciphertext RM e2, decrypting the ciphertext RM e1 by using the TLS key EK c,md negotiated with the intelligent station background server, encrypting the RM e1 by using the TLS key EK s,md negotiated with the intelligent station side acquisition device And sending the data to intelligent station terminal side acquisition equipment;
Generating ciphertext RM e1 according to equation 12;
RM e1=D(EKc,md,RMe2) equation 12;
ciphertext generation according to equation 13
S530, receiving ciphertext by encryption and decryption programs on intelligent station side acquisition equipmentThen, decrypting the original data into RM e1 by using the TLS key, and decrypting the original data into plaintext RM 0 by using the source encryption key;
Generating RM e1 according to equation 14;
generating RM 0 according to equation 15;
RM 0=D(EKs,c,RMe1) equation 15.
6. The method for encrypting and decrypting data according to claim 5, wherein:
The MK s,c: a key between s and c to calculate a message authentication code;
The EK s,c: a symmetric encryption key between s and c;
the SM 0: the station side collects the original information of the equipment;
a source encrypted message of the SM e1:SM0;
TLS encrypted message of the SM e2:SMe1;
The RM 0: the original information of the background server;
A source encrypted message of the RM e1:RM0;
TLS encrypted message of the RM e2:RMe1.
7. The method for encrypting and decrypting data according to claim 6, wherein:
the intermediate device is any one of gateway related devices in the 5G wireless open network or transmission devices of user interfaces in the 5G core network or an attacker initiating man-in-the-middle attack.
CN202210129639.4A 2022-02-11 2022-02-11 Identity authentication method and data encryption and decryption method for air traffic control intelligent station Active CN114513781B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210129639.4A CN114513781B (en) 2022-02-11 2022-02-11 Identity authentication method and data encryption and decryption method for air traffic control intelligent station

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210129639.4A CN114513781B (en) 2022-02-11 2022-02-11 Identity authentication method and data encryption and decryption method for air traffic control intelligent station

Publications (2)

Publication Number Publication Date
CN114513781A CN114513781A (en) 2022-05-17
CN114513781B true CN114513781B (en) 2024-08-06

Family

ID=81552510

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210129639.4A Active CN114513781B (en) 2022-02-11 2022-02-11 Identity authentication method and data encryption and decryption method for air traffic control intelligent station

Country Status (1)

Country Link
CN (1) CN114513781B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115190481B (en) * 2022-06-01 2024-11-26 统信软件技术有限公司 Data encryption method and device, device access authentication method, device and system

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101005359A (en) * 2006-01-18 2007-07-25 华为技术有限公司 Method and device for realizing safety communication between terminal devices
CN113612600A (en) * 2021-06-30 2021-11-05 中国航空工业集团公司西安航空计算技术研究所 High-efficiency airborne electronic publishing method

Family Cites Families (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6978021B1 (en) * 2000-09-18 2005-12-20 Navteq North America, Llc Encryption method for distribution of data
FR2825209A1 (en) * 2001-05-23 2002-11-29 Thomson Licensing Sa DEVICES AND METHOD FOR SECURING AND IDENTIFYING MESSAGES
US20080072303A1 (en) * 2006-09-14 2008-03-20 Schlumberger Technology Corporation Method and system for one time password based authentication and integrated remote access
CN101420687B (en) * 2007-10-24 2010-07-14 中兴通讯股份有限公司 Identity verification method based on mobile terminal payment
US8667269B2 (en) * 2010-04-02 2014-03-04 Suridx, Inc. Efficient, secure, cloud-based identity services
US8811616B2 (en) * 2010-04-12 2014-08-19 Flight Focus Pte. Ltd. Secure aircraft data channel communication for aircraft operations
CN103780618B (en) * 2014-01-22 2016-11-09 西南交通大学 A Cross-Heterogeneous Domain Identity Authentication and Session Key Agreement Method Based on Access Authorization Ticket
US9955199B2 (en) * 2015-07-23 2018-04-24 Panasonic Avionics Corporation Transfer of consumable data to vehicles
CN107317674B (en) * 2016-04-27 2021-08-31 华为技术有限公司 Key distribution, authentication method, device and system
CN109728901B (en) * 2017-10-31 2022-04-08 中国电信股份有限公司 Digital signature authentication method, device and system
CN109842442B (en) * 2017-11-26 2020-07-28 成都零光量子科技有限公司 Quantum key service method taking airport as regional center
CN109787761B (en) * 2019-02-20 2021-06-29 金陵科技学院 A device authentication and key distribution system and method based on a physical unclonable function
FR3094110B1 (en) * 2019-03-21 2021-11-05 Thales Sa DISTRIBUTED REGISTERS FOR THE MANAGEMENT OF THE AERONAUTICAL DATA LIFE CYCLE
CN110690959B (en) * 2019-08-26 2022-02-25 西安电子科技大学 A cloud platform-based method for processing unmanned aerial vehicle security and certifiable information communication
CN110808829B (en) * 2019-09-27 2023-04-18 国电南瑞科技股份有限公司 SSH authentication method based on key distribution center
CN111885602B (en) * 2020-07-27 2021-04-27 西南交通大学 A batch handover authentication and key agreement method for heterogeneous networks
CN113037477A (en) * 2021-03-08 2021-06-25 北京工业大学 Kerberos security enhancement method based on Intel SGX
CN113727296B (en) * 2021-07-29 2024-01-23 杭州师范大学 Anonymous privacy protection authentication protocol method based on wireless sensor system in intelligent medical treatment

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101005359A (en) * 2006-01-18 2007-07-25 华为技术有限公司 Method and device for realizing safety communication between terminal devices
CN113612600A (en) * 2021-06-30 2021-11-05 中国航空工业集团公司西安航空计算技术研究所 High-efficiency airborne electronic publishing method

Also Published As

Publication number Publication date
CN114513781A (en) 2022-05-17

Similar Documents

Publication Publication Date Title
EP2437531B1 (en) Security service control method and wireless local area network terminal
CN108683501B (en) Multiple identity authentication system and method with timestamp as random number based on quantum communication network
CN106878016A (en) Data is activation, method of reseptance and device
CN108400867A (en) A kind of authentication method based on public encryption system
CN101420686B (en) Implementation method of secure communication in industrial wireless network based on key
KR20120105507A (en) Method and system for establishing secure connection between user terminals
CN102256249A (en) Identity authentication method and equipment applied to wireless network
CN114826659B (en) Encryption communication method and system
CN114024698A (en) A security interaction method and system for power distribution Internet of things business based on national secret algorithm
CN114386020B (en) Quantum-safe fast secondary identity authentication method and system
CN111147257A (en) Identity authentication and information confidentiality method, monitoring center and remote terminal unit
CN113572788A (en) BACnet/IP Protocol Device Authentication Security Method
CN114513781B (en) Identity authentication method and data encryption and decryption method for air traffic control intelligent station
CN119906995A (en) A scalable authentication key negotiation method for drone IoT
CN112039663B (en) Data transmission method and system
CN112054905B (en) Secure communication method and system of mobile terminal
CN111404659B (en) Privacy protection communication method, server and communication system based on chaotic system
CN113472539A (en) Method for carrying out national encryption by using RDMA R _ Key
CN116582277B (en) Identity authentication method based on BACnet/IP protocol
CN112020037A (en) A domestic communication encryption method suitable for rail transit
CN114928503B (en) Method for realizing secure channel and data transmission method
JP4976794B2 (en) Station service system and security communication method
CN118174902B (en) Distributed device authentication method and system based on pre-embedded secure asymmetric key
CN113612755B (en) Method and system for checking power control instruction execution
CN118157859B (en) Equipment safety communication method and equipment based on national secret safety chip

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant