Search

CN-122027159-A - Multimode communication hardware encryption system based on natural disaster prevention and control scene

CN122027159ACN 122027159 ACN122027159 ACN 122027159ACN-122027159-A

Abstract

The invention discloses a multimode communication hardware encryption system based on a natural disaster prevention and control scene, which relates to the field of multimode communication hardware encryption, and comprises a terminal configuration module, a trust domain construction module, a first key pair loading module, a second key pair generating module, a double signature generating module and a signature transmission module, wherein the terminal configuration module is used for predefining N disaster monitoring terminals, the trust domain construction module is used for constructing a local trust domain, the first key pair loading module is used for loading a network domain key pair bound with the local trust domain, the second key pair generating module is used for generating a device key pair, the double signature generating module is used for generating an authorized signature and a device signature, and the package transmission module is used for packaging a monitoring data packet to be transmitted and sending the monitoring data packet to a receiving end.

Inventors

  • ZHU YUN
  • KE WEI
  • WANG WENHUI

Assignees

  • 数盾信息科技股份有限公司

Dates

Publication Date
20260512
Application Date
20260415

Claims (8)

  1. 1. The utility model provides a multimode communication hardware encryption system based on under natural disaster prevention and cure scene, its characterized in that, the system is carried out by the hardware encryption module that deploys in disaster monitoring terminal, the hardware encryption module includes: the terminal configuration module is used for predefining N disaster monitoring terminals and configuring terminal identifiers in a system deployment stage; the trust domain construction module is used for constructing a local trust domain based on the predefined N disaster monitoring terminals and the terminal identifiers thereof; The disaster monitoring system comprises a first key pair loading module, a second key pair loading module and a second key pair loading module, wherein the first key pair loading module is used for loading a network domain key pair bound with a local trust domain for a disaster monitoring terminal, and the network domain key pair comprises a network domain private key and a network domain public key; the system comprises a first key pair generation module, a second key pair generation module and a disaster monitoring terminal, wherein the first key pair generation module is used for generating a device key pair for the disaster monitoring terminal based on an elliptic curve encryption algorithm, and the device key pair comprises a device private key and a device public key; the double signature generation module is used for acquiring monitoring data to be transmitted, which are acquired by the disaster monitoring terminal, and generating an authorized signature and an equipment signature for the monitoring data to be transmitted; and the packaging transmission module is used for packaging the monitoring data, the authorized signature, the equipment signature and the corresponding terminal identifier into a monitoring data packet to be transmitted and sending the monitoring data packet to a receiving end.
  2. 2. The multimode communication hardware encryption system based on natural disaster prevention and control scene as set forth in claim 1, wherein the trust domain construction module construction step includes: S2-1, acquiring equipment attribute information of each disaster monitoring terminal; S2-2, classifying disaster monitoring terminals with the same type of equipment attribute information into the same local trust domain based on predefined equipment attribute information classification rules.
  3. 3. The multimode communication hardware encryption system based on natural disaster prevention scenario of claim 1, wherein the generating step of the second key pair generating module comprises: s4-1, loading a parameter set consistent with an elliptic curve encryption algorithm adopted by the network domain key pair, wherein the parameter set comprises an elliptic curve equation, curve order parameters and base point coordinates defined in a finite prime number domain; s4-2, determining a device private key in a numerical interval defined by the curve order parameter based on the disaster monitoring terminal identifier; s4-3, taking the equipment private key and the base point coordinates as input, and executing scalar point multiplication operation in a coordinate space defined by the elliptic curve equation to generate a corresponding equipment public key.
  4. 4. The multimode communication hardware encryption system based on natural disaster prevention and control scene as set forth in claim 1, wherein the step of generating the double signature generating module comprises: S5-1, performing hash operation on the monitoring data to be transmitted to generate a data abstract; s5-2, carrying out elliptic curve digital signature on the data abstract based on the network domain private key to generate an authorized signature; s5-3, constructing a composite byte string according to the authorization signature; S5-4, executing elliptic curve digital signature on the composite byte string based on the equipment private key to generate equipment signature.
  5. 5. The multimode communication hardware encryption system based on natural disaster prevention and cure scenario of claim 4, wherein performing a hash operation on the monitored data to be transmitted generates a data digest, comprising: s5-1-1, splicing the monitoring data to be transmitted, the corresponding terminal identifier and the acquisition time stamp of the monitoring data to be transmitted to form a plaintext to be hashed; S5-1-2, performing one-way hash operation on the plaintext to be hashed, and outputting a byte string with a fixed length; s5-1-3, taking the byte string with the fixed length as the data abstract.
  6. 6. The multimode communication hardware encryption system of claim 5, wherein generating an authorization signature by elliptic curve digital signature of the data digest based on the network domain private key comprises: s5-2-1, loading the network domain private key from the hardware encryption module; S5-2-2, calling an elliptic curve encryption algorithm, and generating a digital signature byte string by taking the network domain private key and the data abstract as inputs; s5-2-3, encoding the digital signature byte string into a byte sequence with a preset format, and taking the byte sequence as the authorization signature.
  7. 7. The multimode communication hardware encryption system based on natural disaster prevention scenario of claim 6, wherein constructing a composite byte string from the authorization signature comprises: S5-3-1, acquiring a time stamp of the authorization signature when generating as an authorization time stamp; s5-3-2, generating a first disturbance symbol, a second disturbance symbol and a third disturbance symbol according to the authorized time stamp; S5-3-3, respectively attaching the first disturbance symbol, the second disturbance symbol and the third disturbance symbol to the tail ends of the data abstract, the authorized signature and the authorized timestamp to generate a disturbance code, a disturbance signature and a disturbance timestamp; S5-3-4, splicing the disturbance code, the disturbance signature and the disturbance time stamp into a compound byte string.
  8. 8. The multimode communication hardware encryption system of claim 7, wherein generating the first perturbator, the second perturbator and the third perturbator according to the authorized time stamp comprises: S5-4-1, converting the authorized time stamp into a 14-bit standardized time string; s5-4-2, extracting the last digit of the time character string as a seed digit; S5-4-3, based on the seed number, repeatedly filling to generate an extended number sequence with the length of 15 bits; S5-4-4, equally dividing the spread digital sequence into three subsequences; s5-4-5, calculating floating point weight of each digit by adopting minimum-maximum normalization for each subsequence; S5-4-6, carrying out weighted summation on each subsequence based on the floating point weight to obtain a sequence disturbance value; S5-4-7, normalizing disturbance values of each sequence to be respectively used as the first disturbance symbol, the second disturbance symbol and the third disturbance symbol.

Description

Multimode communication hardware encryption system based on natural disaster prevention and control scene Technical Field The invention relates to the field of multimode communication hardware encryption, in particular to a multimode communication hardware encryption system based on a natural disaster prevention and control scene. Background In a natural disaster prevention and control scene, a disaster monitoring terminal needs to report monitoring data continuously through a multimode communication link, but a field deployment environment enables the terminal to be subject to physical capture or communication monitoring, the conventional encryption method usually only signs original monitoring data once, the identity and acquisition time of the terminal are not bound with data content to generate a summary, dynamic variables strongly associated with reporting time are not introduced in the signing process, so that an attacker can intercept historical effective data packets and replay at key time to forge a normal state, even if part of schemes adopt time stamps to prevent replay, the time information of the time information is only added as a plaintext field and does not participate in signature operation, the time information still can be stripped and replaced, and a differential signature mechanism for reporting the same data (such as periodic heartbeat) for the same terminal for a plurality of times cannot be ensured. Disclosure of Invention Aiming at the defects of the prior art, the invention provides a multimode communication hardware encryption system based on a natural disaster prevention and control scene, and solves the technical problems in the background art by introducing a double encryption strategy of network domain signature and terminal signature. In order to achieve the above purpose, the invention is realized by the following technical scheme: A multimode communication hardware encryption system based on a natural disaster prevention and control scene, the system is executed by a hardware encryption module deployed at a disaster monitoring terminal, the hardware encryption module comprises: the terminal configuration module is used for predefining N disaster monitoring terminals and configuring terminal identifiers in a system deployment stage; the trust domain construction module is used for constructing a local trust domain based on the predefined N disaster monitoring terminals and the terminal identifiers thereof; The disaster monitoring system comprises a first key pair loading module, a second key pair loading module and a second key pair loading module, wherein the first key pair loading module is used for loading a network domain key pair bound with a local trust domain for a disaster monitoring terminal, and the network domain key pair comprises a network domain private key and a network domain public key; the system comprises a first key pair generation module, a second key pair generation module and a disaster monitoring terminal, wherein the first key pair generation module is used for generating a device key pair for the disaster monitoring terminal based on an elliptic curve encryption algorithm, and the device key pair comprises a device private key and a device public key; the double signature generation module is used for acquiring monitoring data to be transmitted, which are acquired by the disaster monitoring terminal, and generating an authorized signature and an equipment signature for the monitoring data to be transmitted; and the packaging transmission module is used for packaging the monitoring data, the authorized signature, the equipment signature and the corresponding terminal identifier into a monitoring data packet to be transmitted and sending the monitoring data packet to a receiving end. In some specific embodiments, the step of constructing the trust domain construction module includes: S2-1, acquiring equipment attribute information of each disaster monitoring terminal; S2-2, classifying disaster monitoring terminals with the same type of equipment attribute information into the same local trust domain based on predefined equipment attribute information classification rules. In some specific embodiments, the generating step of the second key pair generating module includes: s4-1, loading a parameter set consistent with an elliptic curve encryption algorithm adopted by the network domain key pair, wherein the parameter set comprises an elliptic curve equation, curve order parameters and base point coordinates defined in a finite prime number domain; s4-2, determining a device private key in a numerical interval defined by the curve order parameter based on the disaster monitoring terminal identifier; s4-3, taking the equipment private key and the base point coordinates as input, and executing scalar point multiplication operation in a coordinate space defined by the elliptic curve equation to generate a corresponding equipment public key. In some specifi