[go: up one dir, main page]

CN111601288A - A Safe and Efficient Agricultural Environment Data Communication Method - Google Patents

A Safe and Efficient Agricultural Environment Data Communication Method Download PDF

Info

Publication number
CN111601288A
CN111601288A CN202010619955.0A CN202010619955A CN111601288A CN 111601288 A CN111601288 A CN 111601288A CN 202010619955 A CN202010619955 A CN 202010619955A CN 111601288 A CN111601288 A CN 111601288A
Authority
CN
China
Prior art keywords
data
message authentication
authentication code
server
regional
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202010619955.0A
Other languages
Chinese (zh)
Other versions
CN111601288B (en
Inventor
郭江鸿
曾镜源
杨洲
许良政
武坚强
李富
温新胜
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Jiaying University
Original Assignee
Jiaying University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Jiaying University filed Critical Jiaying University
Priority to CN202010619955.0A priority Critical patent/CN111601288B/en
Publication of CN111601288A publication Critical patent/CN111601288A/en
Application granted granted Critical
Publication of CN111601288B publication Critical patent/CN111601288B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/70Services for machine-to-machine communication [M2M] or machine type communication [MTC]
    • GPHYSICS
    • G08SIGNALLING
    • G08CTRANSMISSION SYSTEMS FOR MEASURED VALUES, CONTROL OR SIMILAR SIGNALS
    • G08C17/00Arrangements for transmitting signals characterised by the use of a wireless electrical link
    • G08C17/02Arrangements for transmitting signals characterised by the use of a wireless electrical link using a radio link
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/10Integrity
    • H04W12/106Packet or message integrity

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Storage Device Security (AREA)

Abstract

本发明公开了一种安全高效的农业环境数据通信方法,涉及农业数据通信,解决现有通信方式可靠性低、安全性差的技术问题,本发明包括区域数据中心获取不同采集终端采集的现场数据;区域数据中心对现场数据加密得到加密数据,计算当前的消息认证码,封装数据并发送到服务器;服务器对封装数据计算新的消息认证码并与封装数据内的消息认证码比对,比对通过则对封装数据内的加密数据解密得到测项数据,否则丢弃封装数据,服务器对消息认证码进行顺序计算进行数据真实性回溯。本发明通过对数据加密以及比对发送消息和接收消息的认证码,可以提高通信的可靠性、安全性。

Figure 202010619955

The invention discloses a safe and efficient agricultural environment data communication method, relates to agricultural data communication, and solves the technical problems of low reliability and poor security of the existing communication mode. The regional data center encrypts the on-site data to obtain encrypted data, calculates the current message authentication code, encapsulates the data and sends it to the server; the server calculates a new message authentication code for the encapsulated data and compares it with the message authentication code in the encapsulated data, and the comparison passes Then decrypt the encrypted data in the encapsulated data to obtain the measurement item data, otherwise discard the encapsulated data, and the server sequentially calculates the message authentication code to perform data authenticity backtracking. The present invention can improve the reliability and security of communication by encrypting the data and comparing the authentication codes for sending and receiving messages.

Figure 202010619955

Description

一种安全高效的农业环境数据通信方法A Safe and Efficient Agricultural Environment Data Communication Method

技术领域technical field

本发明涉及农业数据通信,更具体地说,它涉及一种安全高效的农业环境数据通信方法。The present invention relates to agricultural data communication, more particularly, to a safe and efficient agricultural environment data communication method.

背景技术Background technique

目前的农业数据传输大多是基于zigbee或LoRa等方式将现场采集的数据传输到区域处理模块,再通过WLAN或4G通信等技术与服务器进行数据传输。在偏远地区及4G信号弱的地区,无线信号较弱,特别当传输含较多数据的长报文时,通信质量进一步下降;其次,现有的农业数据传输大多采用明文传输,也没有提供可以验证数据可靠性与完整性的方法,数据安全性差。Most of the current agricultural data transmission is based on zigbee or LoRa and other methods to transmit the data collected on site to the regional processing module, and then transmit the data to the server through technologies such as WLAN or 4G communication. In remote areas and areas with weak 4G signals, the wireless signal is weak, especially when long messages with more data are transmitted, the communication quality is further degraded; secondly, most of the existing agricultural data transmission uses plaintext transmission, and there is no available The method of verifying the reliability and integrity of data has poor data security.

发明内容SUMMARY OF THE INVENTION

本发明要解决的技术问题是针对现有技术的上述不足,本发明的目的是提供一种安全高效的农业环境数据通信方法。The technical problem to be solved by the present invention is aimed at the above-mentioned deficiencies of the prior art, and the purpose of the present invention is to provide a safe and efficient agricultural environment data communication method.

本发明的技术方案是:一种安全高效的农业环境数据通信方法,包括:The technical scheme of the present invention is: a safe and efficient agricultural environment data communication method, comprising:

区域数据中心获取不同采集终端采集的现场数据;The regional data center obtains on-site data collected by different collection terminals;

所述区域数据中心根据测项掩码对所述现场数据排序并加密得到加密数据,计算当前的消息认证码并加入到第一认证链中,对设备ID、时间戳、数据编号、所述加密数据、当前的消息认证码封装得到封装数据并发送到服务器;The regional data center sorts and encrypts the on-site data according to the measurement item mask to obtain encrypted data, calculates the current message authentication code and adds it to the first authentication chain, and encrypts the device ID, timestamp, data number, and encrypted data. The data and the current message authentication code are encapsulated to obtain the encapsulated data and sent to the server;

所述服务器对所述封装数据计算新的消息认证码,若新的消息认证码与所述封装数据内的消息认证码一致,则将新的消息认证码加入到第二认证链中,对所述封装数据内的加密数据解密得到测项数据;否则丢弃所述封装数据;The server calculates a new message authentication code for the encapsulated data, and if the new message authentication code is consistent with the message authentication code in the encapsulated data, the new message authentication code is added to the second authentication chain, and the new message authentication code is added to the second authentication chain. Decrypt the encrypted data in the encapsulated data to obtain the measurement item data; otherwise, discard the encapsulated data;

所述服务器对所述第二认证链中的消息认证码进行顺序计算以对所述区域数据中心发送的所有历史数据进行数据真实性回溯。The server sequentially calculates the message authentication codes in the second authentication chain to perform data authenticity backtracking on all historical data sent by the regional data center.

作为进一步地改进,所述区域数据中心与服务器预协商数据测项、对应掩码及秘密信息,所述区域数据中心和服务器根据所述数据测项、对应掩码及秘密信息计算得到通信密钥及所述测项掩码。As a further improvement, the regional data center and the server pre-negotiate data measurement items, corresponding masks and secret information, and the regional data center and the server calculate and obtain the communication key according to the data measurement items, corresponding masks and secret information and the item mask.

进一步地,所述区域数据中心根据所述通信密钥对排序的现场数据加密得到所述加密数据。Further, the regional data center encrypts the sorted on-site data according to the communication key to obtain the encrypted data.

进一步地,所述数据测项包括任务要求的所有参数及顺序。Further, the data measurement items include all parameters and sequences required by the task.

进一步地,所述区域数据中心根据所述设备ID、时间戳、数据编号、加密数据、通信密钥及上一次的消息认证码计算当前的消息认证码。Further, the regional data center calculates the current message authentication code according to the device ID, time stamp, data number, encrypted data, communication key and the last message authentication code.

进一步地,所述服务器提取所述封装数据内的设备ID、时间戳、数据编号、加密数据、消息认证码,并根据所述设备ID、时间戳、数据编号、加密数据及上一次的消息认证码计算所述新的消息认证码。Further, the server extracts the device ID, time stamp, data number, encrypted data, and message authentication code in the encapsulated data, and authenticates the device according to the device ID, time stamp, data number, encrypted data and the last message. code to calculate the new message authentication code.

进一步地,所述区域数据中心通过Zigbee或LoRa模块获取所述采集终端采集的现场数据。Further, the regional data center obtains the field data collected by the collection terminal through a Zigbee or LoRa module.

进一步地,所述区域数据中心通过WALN或4G或5G网络将所述封装数据发送到所述服务器。Further, the regional data center sends the packaged data to the server through a WALN or 4G or 5G network.

进一步地,所述第一认证链、第二认证链均为单向哈希链。Further, the first authentication chain and the second authentication chain are both one-way hash chains.

有益效果beneficial effect

本发明与现有技术相比,具有的优点为:本发明提供一种安全高效的农业环境数据通信方法,用很短的报文提供较多的现场数据,有效地提高了无线传输可靠性,节省了传输能耗与通信成本;同时,结合单向哈希链,为每个区域数据中心上传的历史数据生成一条可进行完整性、真实性验证的消息验证码链,有效提高了数据传输的安全性,提供了有效的数据真实性回溯方法。Compared with the prior art, the present invention has the following advantages: the present invention provides a safe and efficient agricultural environment data communication method, provides more field data with a very short message, effectively improves the reliability of wireless transmission, It saves transmission energy consumption and communication costs; at the same time, combined with the one-way hash chain, a message verification code chain that can be verified for integrity and authenticity is generated for the historical data uploaded by each regional data center, which effectively improves the efficiency of data transmission. Security, providing an effective data authenticity backtracking method.

附图说明Description of drawings

图1为本发明的结构示意图;Fig. 1 is the structural representation of the present invention;

图2为本发明的区域数据中心预处理流程图;Fig. 2 is the preprocessing flow chart of the regional data center of the present invention;

图3为本发明的区域数据中心数据处理流程图;Fig. 3 is the data processing flow chart of the regional data center of the present invention;

图4为本发明的服务器数据处理流程图;Fig. 4 is the server data processing flow chart of the present invention;

图5为本发明的区域数据中心数据封装格式示意图。FIG. 5 is a schematic diagram of a data encapsulation format of a regional data center according to the present invention.

具体实施方式Detailed ways

下面结合附图中的具体实施例对本发明做进一步的说明。The present invention will be further described below with reference to the specific embodiments in the accompanying drawings.

参阅图1-5,一种安全高效的农业环境数据通信方法,包括:Referring to Figure 1-5, a safe and efficient agricultural environment data communication method includes:

区域数据中心获取不同采集终端采集的现场数据;采集终端进行周期性数据采集,区域数据中心通过Zigbee或LoRa模块获取采集终端采集的现场数据;The regional data center obtains the field data collected by different collection terminals; the collection terminal performs periodic data collection, and the regional data center obtains the field data collected by the collection terminal through the Zigbee or LoRa module;

区域数据中心根据测项掩码对现场数据排序并加密得到加密数据,计算当前的消息认证码并加入到第一认证链中,对设备ID、时间戳、数据编号、加密数据、当前的消息认证码封装得到封装数据并发送到服务器;区域数据中心与服务器预协商数据测项、对应掩码及秘密信息,区域数据中心和服务器根据数据测项、对应掩码及秘密信息计算得到通信密钥及测项掩码;区域数据中心根据通信密钥对排序的现场数据加密得到加密数据;数据测项包括任务要求的所有参数及顺序;区域数据中心根据设备ID、时间戳、数据编号、加密数据、通信密钥及上一次的消息认证码计算当前的消息认证码,第一次的消息认证码为初始设定消息认证码;The regional data center sorts and encrypts the field data according to the measurement item mask to obtain encrypted data, calculates the current message authentication code and adds it to the first authentication chain, and authenticates the device ID, timestamp, data number, encrypted data, and current message. code encapsulation to obtain encapsulated data and send it to the server; the regional data center and the server pre-negotiate data measurement items, corresponding masks and secret information, and the regional data center and the server calculate and obtain the communication key and secret information according to the data measurement items, corresponding masks and secret information. Mask of measurement items; the regional data center encrypts the on-site data sorted according to the communication key pair to obtain encrypted data; the data measurement items include all parameters and sequences required by the task; The communication key and the last message authentication code calculate the current message authentication code, and the first message authentication code is the initial setting message authentication code;

如图2所示,区域数据中心预处理中生成通信密钥的方式如下:devId为区域数据中心的设备ID,服务器为该区域数据中心预设的秘密信息为Msec,秘密信息同时存放在区域数据中心及服务器;H(M)表示如通过SHA或MD5等密码学方法对消息M进行计算,区域数据中心与服务器按同样的方式计算通信密钥key=H(devId+Msec),并在区域数据中心和服务器本地存储设备ID、秘密信息及通信密钥;区域数据中心利用通信密钥key对采集的数据进行加密S=Ekey(M),表示用通信密钥key对明文M进行加密,得到密文S;服务器根据区域数据中心上传数据中的设备ID对应的通信密钥key进行解密M=Dkey(S),表示用通信密钥key对密文S进行解密得到明文M;As shown in Figure 2, the method of generating the communication key in the preprocessing of the regional data center is as follows: devId is the device ID of the regional data center, the secret information preset by the server for the regional data center is Msec, and the secret information is stored in the regional data center at the same time. Center and server; H(M) means that the message M is calculated by cryptographic methods such as SHA or MD5. The regional data center and the server calculate the communication key key=H(devId+Msec) in the same way, and in the regional data The center and the server locally store the device ID, secret information and communication key; the regional data center uses the communication key key to encrypt the collected data S=E key (M), which means that the plaintext M is encrypted with the communication key key to obtain Ciphertext S; the server decrypts M=D key (S) according to the communication key key corresponding to the device ID in the data uploaded by the regional data center, indicating that the ciphertext S is decrypted with the communication key key to obtain plaintext M;

如图3所示,区域数据中心的数据处理流程为:1)区域数据中心周期性采集多个采集终端的现场数据;2)根据测项掩码中值为1的位对应的测项依次存放对应的现场数据到字节数组B中;3)利用通信密钥和AES对称加密算法对测项掩码及现场数据进行加密,得到与明文等长的密文;4)根据设备ID、时间戳、数据编号、加密数据、通信密钥及上一次的消息认证码,计算得到当前的消息认证码并加入到第一认证链中;As shown in Figure 3, the data processing flow of the regional data center is: 1) the regional data center periodically collects on-site data of multiple collection terminals; 2) according to the measurement items corresponding to the bit value of 1 in the measurement item mask, the measurement items are stored in sequence The corresponding field data is stored in the byte array B; 3) Encrypt the measurement item mask and field data using the communication key and the AES symmetric encryption algorithm to obtain a ciphertext of the same length as the plaintext; 4) According to the device ID, timestamp , data number, encrypted data, communication key and last message authentication code, calculate the current message authentication code and add it to the first authentication chain;

服务器对封装数据计算新的消息认证码,若新的消息认证码与封装数据内的消息认证码一致,则将新的消息认证码加入到第二认证链中,对封装数据内的加密数据解密得到测项数据;否则丢弃封装数据;服务器提取封装数据内的设备ID、时间戳、数据编号、加密数据、消息认证码,并根据设备ID、时间戳、数据编号、加密数据及上一次的消息认证码计算新的消息认证码;The server calculates a new message authentication code for the encapsulated data. If the new message authentication code is consistent with the message authentication code in the encapsulated data, the new message authentication code is added to the second authentication chain to decrypt the encrypted data in the encapsulated data. Obtain the measurement item data; otherwise, discard the encapsulated data; the server extracts the device ID, timestamp, data number, encrypted data, and message authentication code in the encapsulated data, and based on the device ID, timestamp, data number, encrypted data and the last message The authentication code calculates the new message authentication code;

如图4所示,服务器数据处理流程的步骤为:1)服务器接收来自区域数据中心的封装数据;2)服务器提取封装数据中的设备ID、时间戳、数据编号、加密数据及消息认证码MAC;3)服务器根据设备ID查找对应的通信密钥key以及该区域数据中心上一条发送的封装数据的消息验证码MAClast;4)服务器根据设备ID、时间戳、数据编号、加密数据以及消息验证码MAClast重新计算当前封装数据新的消息认证码MAC1,新的消息认证码MAC1与当前封装数据中的消息认证码MAC进行比对;5)若MAC1与MAC不一致,则丢弃所接收的封装数据并返回错误代码;若MAC1与MAC一致则转步骤6);6)服务器发送回应消息到区域数据中心,同时,服务器将封装数据中的设备ID、时间戳、数据编号、加密数据及消息认证码MAC保存在本地;7)服务器使用对应的通信密钥key对加密数据进行解密,并按照测项掩码中值为1的位依次解析得到测项数据,保存解析后的测项数据;As shown in Figure 4, the steps of the server data processing flow are: 1) the server receives the encapsulated data from the regional data center; 2) the server extracts the device ID, time stamp, data number, encrypted data and message authentication code MAC in the encapsulated data 3) server searches corresponding communication key key according to equipment ID and the message verification code MAC last of the packaged data sent by the regional data center; 4) server checks according to equipment ID, time stamp, data number, encrypted data and message code MAC last to recalculate the new message authentication code MAC1 of the current encapsulated data, and compare the new message authentication code MAC1 with the message authentication code MAC in the current encapsulated data; 5) If MAC1 and MAC are inconsistent, discard the received encapsulated data And return an error code; if MAC1 is consistent with MAC, go to step 6); 6) The server sends a response message to the regional data center, at the same time, the server will encapsulate the device ID, timestamp, data number, encrypted data and message authentication code in the data The MAC is stored locally; 7) the server decrypts the encrypted data using the corresponding communication key key, and parses the measured item data in turn according to the bit whose value is 1 in the measured item mask, and saves the parsed measured item data;

服务器对第二认证链中的消息认证码进行顺序计算以对区域数据中心发送的所有历史数据进行数据真实性回溯。The server sequentially calculates the message authentication codes in the second authentication chain to perform data authenticity backtracking on all historical data sent by the regional data center.

区域数据中心通过WALN或4G或5G网络将封装数据发送到服务器。Regional data centers send packaged data to servers via WALN or 4G or 5G networks.

区域数据中心生成测项掩码的方法举例如下:设共有32类现场参数,而实际要求对其中前24项参数进行检测,则初始测项掩码为一个值为0的32比特的二进制串0X00000000,根据检测要求将前24个比特置1,即二进制串0XFFFFFF00得到对应的测项掩码。An example of the method for generating a measurement item mask by a regional data center is as follows: Suppose there are 32 types of field parameters, and the first 24 parameters are actually required to be detected, then the initial measurement item mask is a 32-bit binary string 0X00000000 with a value of 0 , set the first 24 bits to 1 according to the detection requirements, that is, the binary string 0XFFFFFF00 obtains the corresponding measurement item mask.

区域数据中心规定的数据封装格式如图5所示,其中,MASK表示测项掩码,MAC为消息验证码,每个置1的掩码位对应一个4Byte的浮点数,则数据部分长度为4到128Byte。由封装格式可知,本发明提出的通信协议中,176个字节可包含32个现场参数、设备ID、时间戳、数据编号及消息验证码,是一种非常高效的数据通信协议。The data encapsulation format specified by the regional data center is shown in Figure 5, where MASK represents the mask of the measurement item, MAC is the message verification code, each mask bit set to 1 corresponds to a 4Byte floating point number, and the length of the data part is 4 to 128Byte. It can be known from the encapsulation format that in the communication protocol proposed by the present invention, 176 bytes can contain 32 field parameters, device ID, time stamp, data number and message verification code, which is a very efficient data communication protocol.

区域数据中心通过设备ID、服务器预设的秘密信息及单向函数密码学方法生成通信密钥key,进行数据加密处理Ekey{掩码+现场数据};Ekey{M}表示用通信密钥key及对称加密算法E对消息M进行加密。The regional data center generates the communication key key through the device ID, the secret information preset by the server, and the one-way function cryptography method, and performs data encryption processing E key {mask + field data}; E key {M} indicates that the communication key is used The key and the symmetric encryption algorithm E encrypt the message M.

通过区域数据中心计算当前消息对应的消息认证码,应当可以对设备IDdevId、时间戳time、数据编号dataId、上一次数据的消息认证码MAClast信息进行检验,当前消息认证码MAC生成的具体方法举例如下:生成消息认证码MAC的密码学方法是SHA,SHA(M)表示用SHA计算数据M的摘要;“+”表示数据连接运算;消息认证码计算如下:By calculating the message authentication code corresponding to the current message through the regional data center, it should be possible to check the device IDdevId, timestamp time, data number dataId, and the message authentication code MAC last information of the last data. The specific method for generating the current message authentication code MAC is given as an example. As follows: The cryptographic method for generating the message authentication code MAC is SHA, and SHA(M) indicates that the digest of the data M is calculated by SHA; "+" indicates the data connection operation; the message authentication code is calculated as follows:

MAC=SHA(devId+time+dataId+Ekey{掩码+现场数据}+key+MAClast)。MAC=SHA(devId+time+dataId+E key {mask+field data}+key+MAC last ).

服务器验证当前接收封装数据真实性的方法是:服务器利用与设备IDdevId匹配的预设秘密信息及相同的密码学方法计算并存储该设备对应的通信密钥key,服务器提取当前接收封装数据中的设备IDdevId、时间戳time、数据编号dataId、加密数据Ekey{掩码+现场数据}以及该设备上一次发送消息中的消息认证码MAClast,采用与区域数据中心相同的密码学方法SHA128进行摘要计算;如计算结果与接收数据中的消息认证码相同,则认为当前消息是真实有效的。The method for the server to verify the authenticity of the currently received package data is as follows: the server uses the preset secret information matching the device IDdevId and the same cryptographic method to calculate and store the communication key key corresponding to the device, and the server extracts the device in the currently received package data. IDdevId, timestamp time, data ID dataId, encrypted data E key {mask + field data} and the message authentication code MAC last in the last message sent by the device, using the same cryptographic method SHA128 as the regional data center for digest calculation ; If the calculation result is the same as the message authentication code in the received data, the current message is considered to be real and valid.

区域数据中心保存第一认证链,服务器保存第二认证链,第一认证链、第二认证链均为单向哈希链。The regional data center stores the first authentication chain, the server stores the second authentication chain, and both the first authentication chain and the second authentication chain are one-way hash chains.

区域数据中心所有发送的历史数据中的消息认证码构成第二认证链,服务器从第一条历史数据开始,重新计算数据的消息认证码并与历史数据中的消息认证码比对,如果所有历史数据中任一条数据有任何改动,都不能完成完整的认证链的计算,因此能够提供历史数据真实性回溯的有效验证;真实性回溯算法简要描述如下:The message authentication code in all the historical data sent by the regional data center constitutes the second authentication chain. The server starts from the first historical data, recalculates the message authentication code of the data and compares it with the message authentication code in the historical data. Any changes to any data in the data cannot complete the calculation of the complete authentication chain, so it can provide effective verification of the authenticity of historical data. The authenticity of the backtracking algorithm is briefly described as follows:

预处理:如需验证某个区域数据中心上传数据的真实性与完整性,则服务器先在本地数据库中查询所有该区域数据中心对应的原始记录集及该区域数据中心对应的通信密钥key,每条记录都包含设备ID、时间戳、数据编号、原始加密数据及消息认证码;Preprocessing: To verify the authenticity and integrity of data uploaded by a regional data center, the server will first query the local database for all the original record sets corresponding to the regional data center and the communication key corresponding to the regional data center. Each record contains device ID, timestamp, data number, original encrypted data and message authentication code;

输入:某个区域数据中心对应的原始记录集及对应的通信密钥keyInput: the original record set corresponding to a regional data center and the corresponding communication key key

输出:验证结果(True/False)及错误记录信息;Output: verification result (True/False) and error record information;

Step1:服务器初始化上一个消息认证码MAClast为空;初始化验证结果为True,错误记录为空;Step1: The server initializes the last message authentication code MAC last to be empty; the initialization verification result is True, and the error record is empty;

Step2:对原始记录集中所有数据记录做以下处理:Step2: Do the following for all data records in the original record set:

1)提取数据记录中的设备IDdevId、时间戳time、数据编号dataId、加密数据Ekey以及消息认证码MAC;1) Extract the device IDdevId, timestamp time, data number dataId, encrypted data E key and message authentication code MAC in the data record;

2)根据通信密钥key及提取的数据进行消息认证码计算:2) Calculate the message authentication code according to the communication key key and the extracted data:

MAC1=SHA(devId+time+dataId+Ekey+key+MAClast);MAC1=SHA(devId+time+dataId+E key +key+MAC last );

3)若MAC1与MAC不一致,则验证结果为False,错误记录为当前记录,跳出循环;3) If the MAC1 is inconsistent with the MAC, the verification result is False, the error record is the current record, and the loop is jumped out;

4)若MAC1与MAC一致,则MAClast=MAC,进行下一条数据记录验证;4) If MAC1 is consistent with MAC, then MAC last = MAC, and verify the next data record;

Step3:输出验证结果及错误记录。Step3: Output verification results and error records.

由此实现对区域数据中心发送的所有历史数据进行数据真实性回溯。In this way, the data authenticity backtracking of all historical data sent by the regional data center is realized.

一种安全高效的农业环境数据通信系统,包括服务器、至少一个与服务器网络连接的区域数据中心,各区域数据中心分别信号连接有多个用于采集不同现场数据的采集终端;A safe and efficient agricultural environment data communication system, comprising a server, at least one regional data center connected with the server network, and each regional data center is respectively connected with a plurality of acquisition terminals for collecting different field data;

区域数据中心用于通过采集终端获取不同的现场数据;根据上述的方法得到封装数据并发送到服务器;The regional data center is used to obtain different on-site data through the acquisition terminal; according to the above method, the packaged data is obtained and sent to the server;

服务器用于根据上述的方法对封装数据内的加密数据解密得到测项数据;以及对区域数据中心发送的所有历史数据进行数据真实性回溯。The server is used for decrypting the encrypted data in the encapsulated data to obtain the measurement item data according to the above method; and performing data authenticity backtracking on all the historical data sent by the regional data center.

区域数据中心通过Zigbee或LoRa模块无线连接采集终端,区域数据中心通过WALN或4G或5G网络连接服务器。The regional data center is wirelessly connected to the acquisition terminal through Zigbee or LoRa module, and the regional data center is connected to the server through WALN or 4G or 5G network.

本发明用很短的报文提供较多的现场数据,有效地提高了无线传输可靠性,节省了传输能耗与通信成本;同时,结合单向哈希链,为每个区域数据中心上传的历史数据生成一条可进行完整性、真实性验证的消息验证码链,有效提高了数据传输的安全性,提供了有效的数据真实性回溯方法。The invention provides more on-site data with very short messages, effectively improves the reliability of wireless transmission, and saves transmission energy consumption and communication costs; The historical data generates a message verification code chain that can be verified for integrity and authenticity, which effectively improves the security of data transmission and provides an effective data authenticity backtracking method.

以上仅是本发明的优选实施方式,应当指出对于本领域的技术人员来说,在不脱离本发明结构的前提下,还可以作出若干变形和改进,这些都不会影响本发明实施的效果和专利的实用性。The above are only the preferred embodiments of the present invention, and it should be pointed out that for those skilled in the art, without departing from the structure of the present invention, several modifications and improvements can be made, which will not affect the effect and effect of the present invention. Utility of Patents.

Claims (9)

1.一种安全高效的农业环境数据通信方法,其特征在于,包括:1. a safe and efficient agricultural environment data communication method, is characterized in that, comprises: 区域数据中心获取不同采集终端采集的现场数据;The regional data center obtains on-site data collected by different collection terminals; 所述区域数据中心根据测项掩码对所述现场数据排序并加密得到加密数据,计算当前的消息认证码并加入到第一认证链中,对设备ID、时间戳、数据编号、所述加密数据、当前的消息认证码封装得到封装数据并发送到服务器;The regional data center sorts and encrypts the on-site data according to the measurement item mask to obtain encrypted data, calculates the current message authentication code and adds it to the first authentication chain, and encrypts the device ID, timestamp, data number, and encrypted data. The data and the current message authentication code are encapsulated to obtain the encapsulated data and sent to the server; 所述服务器对所述封装数据计算新的消息认证码,若新的消息认证码与所述封装数据内的消息认证码一致,则将新的消息认证码加入到第二认证链中,对所述封装数据内的加密数据解密得到测项数据;否则丢弃所述封装数据;The server calculates a new message authentication code for the encapsulated data, and if the new message authentication code is consistent with the message authentication code in the encapsulated data, the new message authentication code is added to the second authentication chain, and the new message authentication code is added to the second authentication chain. Decrypt the encrypted data in the encapsulated data to obtain the measurement item data; otherwise, discard the encapsulated data; 所述服务器对所述第二认证链中的消息认证码进行顺序计算以对所述区域数据中心发送的所有历史数据进行数据真实性回溯。The server sequentially calculates the message authentication codes in the second authentication chain to perform data authenticity backtracking on all historical data sent by the regional data center. 2.根据权利要求1所述的一种安全高效的农业环境数据通信方法,其特征在于,所述区域数据中心与服务器预协商数据测项、对应掩码及秘密信息,所述区域数据中心和服务器根据所述数据测项、对应掩码及秘密信息计算得到通信密钥及所述测项掩码。2. A safe and efficient agricultural environment data communication method according to claim 1, wherein the regional data center and the server pre-negotiate data measurement items, corresponding masks and secret information, the regional data center and the server The server calculates and obtains the communication key and the mask of the measurement item according to the data measurement item, the corresponding mask and the secret information. 3.根据权利要求2所述的一种安全高效的农业环境数据通信方法,其特征在于,所述区域数据中心根据所述通信密钥对排序的现场数据加密得到所述加密数据。3 . The safe and efficient agricultural environment data communication method according to claim 2 , wherein the encrypted data is obtained by the regional data center encrypting the sorted field data according to the communication key. 4 . 4.根据权利要求2所述的一种安全高效的农业环境数据通信方法,其特征在于,所述数据测项包括任务要求的所有参数及顺序。4 . A safe and efficient agricultural environment data communication method according to claim 2 , wherein the data measurement items include all parameters and sequences required by the task. 5 . 5.根据权利要求2所述的一种安全高效的农业环境数据通信方法,其特征在于,所述区域数据中心根据所述设备ID、时间戳、数据编号、加密数据、通信密钥及上一次的消息认证码计算当前的消息认证码。5. A safe and efficient agricultural environment data communication method according to claim 2, wherein the regional data center is based on the device ID, time stamp, data number, encrypted data, communication key and last time The message authentication code of the current message authentication code is calculated. 6.根据权利要求2所述的一种安全高效的农业环境数据通信方法,其特征在于,所述服务器提取所述封装数据内的设备ID、时间戳、数据编号、加密数据、消息认证码,并根据所述设备ID、时间戳、数据编号、加密数据及上一次的消息认证码计算所述新的消息认证码。6. A safe and efficient agricultural environment data communication method according to claim 2, wherein the server extracts the device ID, time stamp, data number, encrypted data, message authentication code in the encapsulated data, And calculate the new message authentication code according to the device ID, time stamp, data number, encrypted data and the last message authentication code. 7.根据权利要求1所述的一种安全高效的农业环境数据通信方法,其特征在于,所述区域数据中心通过Zigbee或LoRa模块获取所述采集终端采集的现场数据。7 . A safe and efficient agricultural environment data communication method according to claim 1 , wherein the regional data center obtains the field data collected by the collection terminal through a Zigbee or LoRa module. 8 . 8.根据权利要求1所述的一种安全高效的农业环境数据通信方法,其特征在于,所述区域数据中心通过WALN或4G或5G网络将所述封装数据发送到所述服务器。8 . The safe and efficient agricultural environment data communication method according to claim 1 , wherein the regional data center sends the packaged data to the server through a WALN or 4G or 5G network. 9 . 9.根据权利要求1所述的一种安全高效的农业环境数据通信方法,其特征在于,所述第一认证链、第二认证链均为单向哈希链。9 . The safe and efficient agricultural environment data communication method according to claim 1 , wherein the first authentication chain and the second authentication chain are both one-way hash chains. 10 .
CN202010619955.0A 2020-06-30 2020-06-30 A safe and efficient agricultural environment data communication method Active CN111601288B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010619955.0A CN111601288B (en) 2020-06-30 2020-06-30 A safe and efficient agricultural environment data communication method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010619955.0A CN111601288B (en) 2020-06-30 2020-06-30 A safe and efficient agricultural environment data communication method

Publications (2)

Publication Number Publication Date
CN111601288A true CN111601288A (en) 2020-08-28
CN111601288B CN111601288B (en) 2023-05-02

Family

ID=72191778

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010619955.0A Active CN111601288B (en) 2020-06-30 2020-06-30 A safe and efficient agricultural environment data communication method

Country Status (1)

Country Link
CN (1) CN111601288B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114938268A (en) * 2022-03-14 2022-08-23 贵州全安密灵科技有限公司 Communication method and detonator
CN115766271A (en) * 2022-11-30 2023-03-07 武汉船舶通信研究所(中国船舶重工集团公司第七二二研究所) A network isolation device based on backward hash chain source authentication
CN116455599A (en) * 2023-03-02 2023-07-18 广州正虹环境科技有限公司 Data transmission method and system applied to catering equipment and electronic equipment

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2000222360A (en) * 1999-02-01 2000-08-11 Matsushita Electric Ind Co Ltd Authentication method, authentication system and authentication processing program recording medium
US20050091545A1 (en) * 2002-03-04 2005-04-28 Andrea Soppera Lightweight authentication of information
US20060205388A1 (en) * 2005-02-04 2006-09-14 James Semple Secure bootstrapping for wireless communications
WO2017006773A1 (en) * 2015-07-07 2017-01-12 ソニー株式会社 Receiver, transmitter, information processing device, and data processing method
CN106411525A (en) * 2016-09-23 2017-02-15 浙江神州量子网络科技有限公司 Message authentication method and system
CN107480559A (en) * 2017-08-25 2017-12-15 北京中星仝创科技有限公司 Safe storage system and method for a kind of block chain from chain data

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2000222360A (en) * 1999-02-01 2000-08-11 Matsushita Electric Ind Co Ltd Authentication method, authentication system and authentication processing program recording medium
US20050091545A1 (en) * 2002-03-04 2005-04-28 Andrea Soppera Lightweight authentication of information
US20060205388A1 (en) * 2005-02-04 2006-09-14 James Semple Secure bootstrapping for wireless communications
WO2017006773A1 (en) * 2015-07-07 2017-01-12 ソニー株式会社 Receiver, transmitter, information processing device, and data processing method
CN106411525A (en) * 2016-09-23 2017-02-15 浙江神州量子网络科技有限公司 Message authentication method and system
CN107480559A (en) * 2017-08-25 2017-12-15 北京中星仝创科技有限公司 Safe storage system and method for a kind of block chain from chain data

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
朱鹏飞;于华章;陆舟;: "物联网信息完整性保护方案" *
李勇;: "消息认证码的原理与实现" *

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114938268A (en) * 2022-03-14 2022-08-23 贵州全安密灵科技有限公司 Communication method and detonator
CN115766271A (en) * 2022-11-30 2023-03-07 武汉船舶通信研究所(中国船舶重工集团公司第七二二研究所) A network isolation device based on backward hash chain source authentication
CN116455599A (en) * 2023-03-02 2023-07-18 广州正虹环境科技有限公司 Data transmission method and system applied to catering equipment and electronic equipment

Also Published As

Publication number Publication date
CN111601288B (en) 2023-05-02

Similar Documents

Publication Publication Date Title
US5568554A (en) Method for improving the processing and storage performance of digital signature schemes
CN110572828B (en) Internet of Things security authentication method, system and terminal based on national secret algorithm
CN113691380B (en) Multidimensional private data aggregation method in smart power grid
CN111601288B (en) A safe and efficient agricultural environment data communication method
CN103795529A (en) Wireless sensor network data safety infusion method based secret key vectors
CN113312608B (en) A time stamp-based power metering terminal identity authentication method and system
CN116707908B (en) A kind of intelligent encryption method and system of message
CN103746962B (en) GOOSE electric real-time message encryption and decryption method
CN104735654A (en) Private data fusing method capable of detecting data integrity
CN106453391A (en) Long repeating data encryption and transmission method and system
CN114745689B (en) A wireless sensor network multi-period data fusion method and system
CN107231628B (en) A secure data fusion method suitable for multiple application scenarios
CN112039654A (en) Electric meter data security acquisition method for resisting man-in-the-middle attack
CN112491833B (en) Data security transmission method for central monitoring system of wind turbine generator
CN111934437B (en) A big data transmission method for active distribution network based on behavior marking and lightweight encryption
CN120389912A (en) A smart water meter data security transmission method and system based on NB-IoT and quantum random number generator
CN116346474B (en) Virtual power plant-oriented distributed energy source safety access method and system
CN119094103A (en) A full-quantity identification resolution method and device based on blockchain and secure multi-party computing
CN118944880A (en) A dynamic security enhancement method for multi-heterogeneous data in a new energy centralized control system
CN118921227A (en) Equipment identity dynamic authentication method based on Kerberos protocol
CN104735652A (en) Chaotic encryption method suitable for wireless sensor network
CN109698743A (en) A kind of block cipher encrypted cipher text data reconstruction method based on message filling loophole
CN112202709B (en) Security management system and method for full scene networking equipment
CN116707934A (en) A data encryption transmission method based on wireless sensor network
Yacoab et al. Secured Data Aggregation Using Fibonacci Numbers and Unicode Symbols for Wsn

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant