CN-122027284-A - Data security transmission and remote configuration method and system of communication terminal

Abstract

The invention discloses a data security transmission and remote configuration method and system of a communication terminal, which relate to the technical field of data encryption transmission, and the method comprises the steps that a vehicle-mounted terminal acquires original plaintext data, initial ciphertext data is obtained through local encryption, transmission ciphertext data is generated through encryption of a preset algorithm, a security node set is identified and screened from global nodes of the internet of vehicles, accurate judgment and classification of node security are achieved, abnormal nodes are effectively removed to dynamically replace invalid nodes according to screening results, effective transmission nodes are determined, an encryption transmission link is built by integrating the effective nodes and the transmission ciphertext data to complete security transmission, the data anti-attack capability under a scene of the internet of vehicles is improved, and the characteristics of strong mobility and dynamic change of a topological structure of the nodes of the internet of vehicles are effectively adapted.

Inventors

• ZHOU XIANGDONG
• HE LIHUA
• ZHOU CHEN

Assignees

• 江苏罗思韦尔电气有限公司

Dates

Publication Date

20260512

Application Date

20260212

Claims (10)

1. 1. A method for secure transmission and remote configuration of data for a communication terminal, the method comprising: Acquiring original plaintext data of a vehicle-mounted terminal, and encrypting the original plaintext data to obtain initial ciphertext data; encrypting the initial ciphertext data through a preset encryption algorithm to obtain transmission ciphertext data; The method comprises the steps of obtaining a global node set of the Internet of vehicles, marking a safety node set in a safety state, and screening the safety node set to output a screening result, wherein the screening result comprises a reliable network node set and a random data set; And dynamically replacing the failure node according to the screening result to output an effective transmission node, and integrating the encrypted transmission link according to the effective transmission node and the transmission ciphertext data to finish data security transmission.
2. 2. The method for securely transmitting and remotely configuring data in a communication terminal according to claim 1, wherein encrypting the original plaintext data to obtain initial ciphertext data comprises: three independent encryption keys are selected as a first key, a second key and a third key; performing encryption operation on the target ciphertext through the first key to obtain a first intermediate result; Taking the third secret key as a bottom secret key, and executing decryption operation on the first intermediate result by using the bottom secret key to obtain a second intermediate result; And executing encryption operation on the second intermediate result through a combined key to obtain initial ciphertext data, wherein the combined key is obtained through calculation of the first key and the second key.
3. 3. The method for securely transmitting and remotely configuring data of a communication terminal according to claim 1, wherein encrypting the initial ciphertext data by a predetermined encryption algorithm to obtain the transmitted ciphertext data comprises: Invoking an RSA encryption algorithm to generate an asymmetric key, wherein the asymmetric key comprises a public key and a private key; And carrying out encryption operation on the first key, the second key, the third key, the bottom key and the combined key through the public key to obtain a key set, and splicing the key set and the initial ciphertext data according to a fixed format to obtain the transmission ciphertext data.
4. 4. The method for securely transmitting and remotely configuring data of a communication terminal according to claim 1, wherein the step of screening the set of security nodes to output a screening result comprises: Dividing the global node set into functional nodes, wherein the functional nodes comprise three types of nodes, namely a data release node, a data transmission participation node and a platform basic functional node; constructing a detection result matrix according to the functional nodes, and recording detection results of 4 dimensions; marking a unique security state for each node according to a preset judging rule and a detection result, generating structured data containing a node ID, a node type and the security state, and forming a security node set; acquiring information data characteristics of the Internet of vehicles, and generating a random data set according to the information data characteristics of the Internet of vehicles, wherein the information data characteristics of the Internet of vehicles comprise data transmission rate, data packet integrity and node response time; extracting operation characteristic data of all nodes in the safety node set, and aligning the operation characteristic data with the information data characteristics of the Internet of vehicles; obtaining an anomaly factor by calculating the local reachable density of each node and comparing the density distribution of the neighborhood nodes; judging the abnormal factors and the abnormal threshold values to obtain judging results, removing abnormal nodes according to the judging results, and reserving normal nodes to form a reliable network node set.
5. 5. The method for securely transmitting and remotely configuring data in a communication terminal according to claim 1, wherein the securely transmitting data is accomplished according to an efficient transmission node and a transmission ciphertext data integration encryption transmission link, comprising: Setting a time threshold for completing data transmission according to a transmission test result of the random data set and the file volume of the transmission ciphertext data; Selecting a transmission node with the minimum transmission delay from the reliable network node set as an optimal transmission node, and starting transmission of the transmission ciphertext data; Monitoring the transmission time of the optimal transmission node in real time, and judging with a time threshold value to obtain an effective transmission node; And safely transmitting the transmission ciphertext data to a receiving end according to an effective transmission node by using an Internet of vehicles transmission protocol, and executing decryption output and restoration of original plaintext data and a data transmission safety report by using the receiving end, wherein the data transmission safety report comprises the times of attack and the transmission success rate.
6. 6. A system for secure transmission and remote configuration of data for a communication terminal, the system comprising: The primary encryption module is used for acquiring original plaintext data of the vehicle-mounted terminal, and encrypting the original plaintext data to obtain initial ciphertext data; the secondary encryption module is used for encrypting the initial ciphertext data through a preset encryption algorithm to obtain transmission ciphertext data; The screening module is used for acquiring the global node set of the Internet of vehicles, marking the safety node set in a safety state, and screening the safety node set to output a screening result, wherein the screening result comprises a reliable network node set and a random data set; And the safe transmission module is used for dynamically replacing the failure node according to the screening result to output an effective transmission node, and integrating the encrypted transmission link according to the effective transmission node and the transmission ciphertext data to complete the safe data transmission.
7. 7. The system for secure transmission and remote configuration of data of a communication terminal according to claim 6, wherein the primary encryption module comprises a first encryption module, a decryption module, and a second encryption module, wherein: The first encryption module is used for selecting three independent encryption keys as a first key, a second key and a third key, and performing encryption operation on the target ciphertext through the first key to obtain a first intermediate result; The first encryption module is used for taking the third secret key as a bottom secret key, and performing decryption operation on the first intermediate result by using the bottom secret key to obtain a second intermediate result; The second encryption module is used for executing encryption operation on the second intermediate result through a combined key to obtain initial ciphertext data, and the combined key is obtained through calculation of the first key and the second key.
8. 8. The system for secure transmission and remote configuration of data of a communication terminal according to claim 6, wherein the secondary encryption module comprises a generation module and a concatenation module, wherein: The generation module is used for calling an RSA encryption algorithm to generate an asymmetric key, wherein the asymmetric key comprises a public key and a private key; and the splicing module is used for carrying out encryption operation on the first key, the second key, the third key, the bottom key and the combined key through the public key to obtain a key set, and splicing the key set and the initial ciphertext data according to a fixed format to obtain the transmission ciphertext data.
9. 9. The system for secure transmission and remote configuration of data of a communication terminal according to claim 6, wherein the screening module comprises a dividing module, a constructing module, a marking module, an obtaining module, an extracting module, a calculating module, and a rejecting module, wherein: the partition module is used for dividing the global node set into functional nodes, wherein the functional nodes comprise three types of nodes, namely a data release node, a data transmission participation node and a platform basic functional node; The construction module is used for constructing a detection result matrix according to the functional nodes to record detection results of 4 dimensions; The marking module is used for marking a unique security state for each node according to a preset judging rule and a detection result, generating structured data containing a node ID, a node type and a security state, and forming a security node set; The system comprises an acquisition module, a data processing module and a data processing module, wherein the acquisition module is used for acquiring the information data characteristics of the internet of vehicles and generating a random data set according to the information data characteristics of the internet of vehicles, wherein the information data characteristics of the internet of vehicles comprise data transmission rate, data packet integrity and node response time; The extraction module is used for extracting the operation characteristic data of all nodes in the safety node set and aligning the operation characteristic data with the information data characteristics of the Internet of vehicles; the computing module is used for obtaining an abnormal factor by computing the local reachable density of each node and comparing the density distribution of the neighborhood nodes; the rejecting module is used for judging the abnormal factors and the abnormal threshold values to obtain judging results, rejecting abnormal nodes according to the judging results, and reserving the normal nodes to form a reliable network node set.
10. 10. The system for secure transmission and remote configuration of data of a communication terminal according to claim 6, wherein the module secure transmission module comprises a threshold setting module, a selecting module, a judging module, and a transmitting module, wherein: The threshold setting module is used for setting a time threshold for finishing data transmission according to a transmission test result of the random data set and the file volume of the transmission ciphertext data; the selecting module is used for selecting a transmission node with the smallest transmission delay from the reliable network node set as an optimal transmission node and starting the transmission of the transmission ciphertext data; the judging module is used for monitoring the transmission time of the optimal transmission node in real time and judging the transmission time with a time threshold value to obtain an effective transmission node; The transmission module is used for safely transmitting the transmission ciphertext data to the receiving end according to the effective transmission node and the Internet of vehicles transmission protocol, and executing decryption output and restoring the original plaintext data and the data transmission safety report through the receiving end, wherein the data transmission safety report comprises the times of attack and the transmission success rate.

Description

Data security transmission and remote configuration method and system of communication terminal Technical Field The invention belongs to the technical field of data encryption transmission, and particularly relates to a data security transmission and remote configuration method and system of a communication terminal. Background The intelligent network-connected vehicle data security transmission system is mainly used for guaranteeing communication security among a vehicle-mounted terminal, a vehicle networking platform and a cloud end, and is capable of preventing vehicle operation data, position information and control instructions from being stolen or tampered through technologies such as multi-stage encryption, identity authentication and security node selection, is a core base stone for intelligent network-connected vehicle development, can prevent sensitive data such as a vehicle track and biological characteristics from being leaked, protects user privacy from abuse, and is capable of simultaneously resisting remote attack and data tampering of hackers, avoiding hijacking of vehicle control rights and guaranteeing vehicle driving safety. As the safety precondition of functions such as OTA upgrading and remote diagnosis, the intelligent network system can ensure accurate transmission of instructions and data, support continuous optimization of vehicles, improve the operation and maintenance efficiency and the system reliability of the vehicles, reduce the safety risk and support stable operation of intelligent network-connected vehicles. In the prior art, abnormal data is high in omission ratio, so that the abnormal data is unrecognized in the transmission process, the data integrity is affected, the data transmission attack rate is high, and the conventional encryption mechanism and transmission node management have loopholes, so that the data is easy to steal, tamper or attack, therefore, a method is needed to reduce misjudgment on the security of the node and improve the anti-attack capability of the data. Disclosure of Invention The invention aims to solve the problems of loopholes and misjudgment on node security in the traditional encryption mechanism and transmission node management, and provides a data security transmission and remote configuration method and system of a communication terminal. In a first aspect of the present invention, a method for secure data transmission and remote configuration of a communication terminal is first provided, where the method includes: Acquiring original plaintext data of a vehicle-mounted terminal, and encrypting the original plaintext data to obtain initial ciphertext data; encrypting the initial ciphertext data through a preset encryption algorithm to obtain transmission ciphertext data; The method comprises the steps of obtaining a global node set of the Internet of vehicles, marking a safety node set in a safety state, and screening the safety node set to output a screening result, wherein the screening result comprises a reliable network node set and a random data set; And dynamically replacing the failure node according to the screening result to output an effective transmission node, and integrating the encrypted transmission link according to the effective transmission node and the transmission ciphertext data to finish data security transmission. Optionally, encrypting the original plaintext data to obtain initial ciphertext data, including: three independent encryption keys are selected as a first key, a second key and a third key; performing encryption operation on the target ciphertext through the first key to obtain a first intermediate result; Taking the third secret key as a bottom secret key, and executing decryption operation on the first intermediate result by using the bottom secret key to obtain a second intermediate result; And executing encryption operation on the second intermediate result through a combined key to obtain initial ciphertext data, wherein the combined key is obtained through calculation of the first key and the second key. Optionally, encrypting the initial ciphertext data by a preset encryption algorithm to obtain the transmitted ciphertext data, including: Invoking an RSA encryption algorithm to generate an asymmetric key, wherein the asymmetric key comprises a public key and a private key; And carrying out encryption operation on the first key, the second key, the third key, the bottom key and the combined key through the public key to obtain a key set, and splicing the key set and the initial ciphertext data according to a fixed format to obtain the transmission ciphertext data. Optionally, screening the security node set to output a screening result includes: Dividing the global node set into functional nodes, wherein the functional nodes comprise three types of nodes, namely a data release node, a data transmission participation node and a platform basic functional node; constructing a detection result matrix acc