技术领域technical field
本发明涉及通信领域,尤其涉及一种无线通信基站及其数据发送方法、终端及其数据接收方法。The present invention relates to the communication field, in particular to a wireless communication base station and a data sending method thereof, a terminal and a data receiving method thereof.
背景技术Background technique
随着无线通信技术的高速发展,及大量的智能手机终端的出现带给人们对于移动高速互联网的需求,长期演进技术(Long Term Evolution,LTE)作为第四代移动通讯技术因其更快速的移动宽带连接速度越来越受到全球运营商和移动客户的欢迎和应用普及。移动宽带连接无处不在,随之而来的是基站的安全性受到了更多的威胁,在无线通信基站领域,尤其对于飞蜂窝(Femtocell)这样的家庭级基站产品。与传统运营商设备不同的是,Femtocell是一个客户端设备,最终会放置在用户的家中,运营商无法控制用户对其拆解或者改装等操作,这就加大了Femtocell设备本身的被攻击风险。With the rapid development of wireless communication technology and the emergence of a large number of smart phone terminals, people's demand for mobile high-speed Internet, long-term evolution technology (Long Term Evolution, LTE) Broadband connection speeds are becoming more popular and popular among operators and mobile customers around the world. Mobile broadband connections are ubiquitous, followed by more threats to the security of base stations. In the field of wireless communication base stations, especially for home-level base station products such as femtocells. Different from traditional operator equipment, Femtocell is a client device that will eventually be placed in the user's home. Operators cannot control users' operations such as dismantling or refitting it, which increases the risk of Femtocell equipment being attacked .
Femtocell基站是有保留传输串口的,串口作为一种单板硬件更底层的端口而存在,同时串口传输的数据是直接明文传输的,没有经过加密处理。基站串口传出数据是跟基站内部相关信息相关的,甚至可以通过串口登陆基站的内核Linux系统,如果被非法采集利用,就会存在极大的安全漏洞。例如,使用一个显示终端例如个人计算机(personal computer,PC)连接串口后,就能直接得到此串口传输数据,输入一些常用命令,即可以获取及修改基站内部信息等,安全性风险很大。The femtocell base station has a reserved transmission serial port, which exists as a lower-level port of the single-board hardware. At the same time, the data transmitted by the serial port is directly transmitted in plain text without encryption. The data transmitted from the serial port of the base station is related to the relevant information inside the base station, and even the kernel Linux system of the base station can be logged in through the serial port. If it is illegally collected and used, there will be a huge security hole. For example, after using a display terminal such as a personal computer (PC) to connect to the serial port, you can directly obtain the data transmitted by the serial port, and enter some common commands to obtain and modify the internal information of the base station, etc., which poses a high security risk.
发明内容Contents of the invention
本发明要解决的主要技术问题是,提供一种无线通信基站及其数据发送方法、终端及其数据接收方法,解决现有技术中存在的串口数据在无线通信基站与终端之间传输过程中的安全问题和缺陷。The main technical problem to be solved by the present invention is to provide a wireless communication base station and its data sending method, a terminal and its data receiving method, and solve the problems existing in the prior art during the transmission of serial port data between the wireless communication base station and the terminal. Security Issues and Defects.
为解决上述技术问题,本发明提供一种无线通信基站数据发送方法,包括:对满足预设的传输条件的串口数据进行缓存,串口数据为由中央处理器发出且要经串口传出的数据;对缓存后的串口数据进行加密;将加密后的串口数据经串口传出。In order to solve the above-mentioned technical problems, the present invention provides a wireless communication base station data transmission method, including: caching the serial port data that meets the preset transmission conditions, the serial port data is the data sent by the central processing unit and to be transmitted through the serial port; Encrypt the cached serial port data; transmit the encrypted serial port data through the serial port.
在本发明的一种实施例中,对串口数据进行缓存包括将串口数据切分后分块进行缓存。In an embodiment of the present invention, caching the serial port data includes dividing the serial port data into blocks for caching.
在本发明的一种实施例中,切分串口数据的方法包括以下方式中的任意一种:每隔一定的时间间隔对串口数据进行切分;每隔一定的数据长度对串口数据进行切分。In one embodiment of the present invention, the method for segmenting serial port data includes any one of the following methods: segmenting serial port data at regular intervals; segmenting serial port data at regular data lengths .
在本发明的一种实施例中,对串口数据进行加密包括:获取加密密钥,并通过加密密钥对分块缓存的串口数据分块进行加密。In an embodiment of the present invention, encrypting the serial port data includes: obtaining an encryption key, and using the encryption key to encrypt blocks of the serial port data cached in blocks.
在本发明的一种实施例中,加密密钥为非对称加密算法的公钥。In one embodiment of the present invention, the encryption key is a public key of an asymmetric encryption algorithm.
在本发明的一种实施例中,对满足预设的传输条件的串口进行缓存包括:判断串口数据是否满足预设的传输条件,对满足所述预设的传输条件的串口数据分块进行缓存;预设的传输条件为:中央处理器有串口数据传出,同时串口线已连接且两端已上电。In an embodiment of the present invention, caching the serial ports that meet the preset transmission conditions includes: judging whether the serial port data meets the preset transmission conditions, and buffering the serial port data that meets the preset transmission conditions in blocks ;The preset transmission conditions are: the central processing unit has serial port data transmission, and the serial port cable is connected and both ends are powered on.
本发明提供一种终端数据接收方法,包括:接收加密后的串口数据,串口数据为由中央处理器发出且要经串口传出的数据;对加密后的串口数据进行解密。The invention provides a terminal data receiving method, comprising: receiving encrypted serial port data, which is sent by a central processing unit and to be transmitted through the serial port; and decrypting the encrypted serial port data.
在本发明的一种实施例中,对加密后的串口数据进行解密包括:获取解密密钥,当接收到分块加密后的串口数据时,通过解密密钥对串口数据分块进行解密;对串口数据分块进行解密后,还包括将分块解密后的串口数据进行合并。In an embodiment of the present invention, decrypting the encrypted serial port data includes: obtaining a decryption key, and when receiving the block-encrypted serial port data, decrypting the serial port data block by the decryption key; After the serial port data is decrypted in blocks, it also includes merging the decrypted serial port data in blocks.
在本发明的一种实施例中,解密密钥为非对称加密算法的私钥。In an embodiment of the present invention, the decryption key is a private key of an asymmetric encryption algorithm.
本发明提供一种无线通信基站,包括:缓存模块,缓存模块用于对满足预设的传输条件的串口数据进行缓存,串口数据为由中央处理器发出需经串口传出的数据;加密模块,加密模块用于对缓存后的串口数据进行加密;发送模块,所述发送模块用于将加密后的串口数据经串口传出。The present invention provides a wireless communication base station, comprising: a cache module, which is used to cache serial port data that meets preset transmission conditions, and the serial port data is data sent by a central processing unit and needs to be transmitted through the serial port; an encryption module, The encryption module is used to encrypt the cached serial port data; the sending module is used to transmit the encrypted serial port data through the serial port.
在本发明的一种实施例中,加密模块包括第一密钥获取子模块和加密子模块,第一密钥获取子模块用于获取加密密钥,加密子模块用于当缓存模块分块缓存串口数据时,通过加密密钥对串口数据分块进行加密。In one embodiment of the present invention, the encryption module includes a first key acquisition submodule and an encryption submodule, the first key acquisition submodule is used to obtain the encryption key, and the encryption submodule is used to cache For serial port data, the serial port data blocks are encrypted by the encryption key.
在本发明的一种实施例中,缓存模块包括判断子模块和缓存子模块,判断子模块用于判断串口数据是否满足预设的传输条件,缓存子模块用于对满足预设的传输条件的串口数据分块进行缓存;预设的传输条件为:中央处理器有串口数据传出,同时串口线已连接且两端已上电。In one embodiment of the present invention, the cache module includes a judging submodule and a caching submodule, the judging submodule is used to judge whether the serial port data meets the preset transmission conditions, and the caching submodule is used to check whether the serial port data meets the preset transmission conditions The serial port data is cached in blocks; the preset transmission conditions are: the central processor has serial port data to be transmitted, and the serial port cable is connected and both ends are powered on.
本发明提供一种终端,其特征在于,包括:接收模块,接收模块用于接收加密后的串口数据;解密模块,解密模块用于对加密后的串口数据进行解密。The present invention provides a terminal, which is characterized in that it includes: a receiving module for receiving encrypted serial port data; and a decryption module for decrypting the encrypted serial port data.
在本发明的一种实施例中,解密模块包括第二密钥获取子模块和解密子模块,第二密钥获取子模块用于获取解密密钥,解密子模块用于当接收模块接收到分块加密后的所述串口数据时,通过解密密钥对串口数据分块进行解密;终端还包括处理模块,处理模块用于将分块解密后的串口数据进行合并。In an embodiment of the present invention, the decryption module includes a second key acquisition submodule and a decryption submodule, the second key acquisition submodule is used to obtain the decryption key, and the decryption submodule is used to When the encrypted serial port data is encrypted, the serial port data is decrypted by the decryption key; the terminal also includes a processing module, and the processing module is used to combine the decrypted serial port data by block.
本发明的有益效果是:本发明提供一种无线通信基站及其数据发送方法、终端及其数据接收方法,在传输前对通信基站串口数据进行加密,终端接收到加密后的串口数据后再对其进行解密,达到了通信基站串口数据传输更安全更稳定的效果,提高了串口数据传输的安全性,避免了因基站串口暴露而产生的风险漏洞。The beneficial effects of the present invention are: the present invention provides a wireless communication base station and its data sending method, a terminal and its data receiving method, encrypts the serial port data of the communication base station before transmission, and encrypts the serial port data after the terminal receives the encrypted serial port data Its decryption achieves the effect of safer and more stable serial port data transmission of communication base stations, improves the security of serial port data transmission, and avoids risk loopholes caused by base station serial port exposure.
附图说明Description of drawings
图1为本发明实施例一的无线通信基站数据发送方法流程图;FIG. 1 is a flowchart of a method for transmitting data from a wireless communication base station according to Embodiment 1 of the present invention;
图2为本发明实施例二的无线通信基站数据接收方法流程图;FIG. 2 is a flowchart of a data receiving method of a wireless communication base station according to Embodiment 2 of the present invention;
图3为本发明实施例三的无线通信基站示意图;FIG. 3 is a schematic diagram of a wireless communication base station in Embodiment 3 of the present invention;
图4为本发明实施例三中缓存模块示意图;FIG. 4 is a schematic diagram of a cache module in Embodiment 3 of the present invention;
图5为本发明实施例三中加密模块示意图;5 is a schematic diagram of an encryption module in Embodiment 3 of the present invention;
图6为本发明实施例四中终端示意图;FIG. 6 is a schematic diagram of a terminal in Embodiment 4 of the present invention;
图7为本发明实施例四中另一终端示意图。FIG. 7 is a schematic diagram of another terminal in Embodiment 4 of the present invention.
具体实施方式detailed description
下面通过具体实施方式结合附图对本发明作进一步详细说明。The present invention will be further described in detail below through specific embodiments in conjunction with the accompanying drawings.
实施例一:Embodiment one:
本实施例提供一种无线通信基站数据发送方法,请参考图1,具体包括如下几个步骤:This embodiment provides a wireless communication base station data transmission method, please refer to Figure 1, which specifically includes the following steps:
步骤S101:对满足预设的传输条件的串口数据进行缓存,所述串口数据为由中央处理器发出且要经串口传出的数据;Step S101: Buffer the serial port data that meets the preset transmission conditions, the serial port data is sent by the central processing unit and is to be transmitted through the serial port;
对串口数据进行加密前,需要对满足预设的传输条件的串口数据进行缓存,串口数据为由中央处理器发出且要经串口传出的数据;预设的传输条件为:中央处理器有串口数据传出,同时串口线已连接且两端已上电;具体为实时监测基站单板中央处理器(Central Processing Unit,CPU)是否向外发出串口数据,若监测到基站单板CPU向外发出了串口数据,并且此时基站串口数据线已连接且两端都已上电,就认为基站单板CPU发出的串口数据要经串口传出,此时缓存该串口数据。Before encrypting the serial port data, it is necessary to cache the serial port data that meets the preset transmission conditions. The serial port data is the data sent by the central processor and to be transmitted through the serial port; the preset transmission conditions are: the central processor has a serial port The data is sent out, while the serial port cable is connected and both ends are powered on; specifically, it is to monitor in real time whether the central processing unit (CPU) of the base station board sends out serial port data, and if it is detected that the CPU of the base station board sends out If the serial port data is received, and the base station serial port data cable is connected and both ends are powered on, it is considered that the serial port data sent by the base station single board CPU will be sent out through the serial port, and the serial port data is buffered at this time.
缓存串口数据时,可以将串口数据切分后分块进行缓存,其具体的切分方法可以为根据时间每隔一定的时间间隔对该串口数据进行切分,优选的,为免缓存空间占用过大或者大量串口数据的加密处理影响效率,可以每秒对串口数据进行一次切分,也可以根据数据长度每隔一定的数据长度对该串口数据进行切分。缓存串口数据时,对应的,对分块后的串口数据分块进行缓存,优选的,对按每秒切分的串口数据分块进行缓存,上述缓存都为临时缓存。应当理解的是,切分方式并不仅限于上述两种切分方式。When caching the serial port data, the serial port data can be segmented and cached in blocks. The specific segmentation method can be to segment the serial port data at regular time intervals according to the time. Preferably, in order to avoid excessive buffer space occupation The encryption processing of large or large serial port data affects the efficiency. The serial port data can be segmented once per second, or the serial port data can be segmented every certain data length according to the data length. When caching the serial port data, correspondingly, the block-based serial port data blocks are cached, preferably, the serial port data blocks divided by each second are cached, and the above-mentioned caches are all temporary caches. It should be understood that the segmentation manner is not limited to the above two segmentation manners.
步骤S102:对缓存后的串口数据进行加密;Step S102: Encrypt the cached serial port data;
缓存了将要传出的串口数据后,对该串口数据进行加密,对应于前述串口数据的缓存方式,加密串口数据时对分块缓存的串口数据分块进行加密,可以对每隔一定的时间间隔分块隔缓存的串口数据进行加密,与可以对每隔一定的数据长度分块缓存的串口数据进行加密。对串口数据进行加密包括获取加密密钥,并通过加密密钥对分块缓存的串口数据分块进行加密。加密的方式可以是采用非对称加密算法进行加密,获取的加密密钥即为非对称加密算法的公钥;本实施例结合串口数据速率较小的特点,最大传输速率在100KBps左右,优选的使用更安全的非对称加密算法,RSA算法,通过公钥加密、私钥解密,相比对称加密算法更安全,更难破解;另外由于串口数据本身数据量小的特点,采用非对称加密算法与采用对称加密算法两者相比,实现加密和解密的效率相差无几。具体为获取非对称算法RSA的公钥并储存,利用该公钥对串口数据进行加密,加密时可以对每秒的缓存数据进行加密,加密完成后,将加密后的串口数据经串口传出。应当理解的是,加密方式并不仅限于上述加密方式。After caching the serial port data that will be sent out, encrypt the serial port data, corresponding to the aforementioned serial port data caching method, when encrypting serial port data, encrypt the serial port data in block cache, which can be encrypted every certain time interval The serial port data cached at intervals of blocks is encrypted, and the serial port data cached in blocks every certain data length can be encrypted. Encrypting the serial port data includes obtaining an encryption key, and encrypting the blocks of the serial port data cached by the block by using the encryption key. The encryption method can be to use an asymmetric encryption algorithm to encrypt, and the encryption key obtained is the public key of the asymmetric encryption algorithm; this embodiment combines the characteristics that the data rate of the serial port is relatively small, and the maximum transmission rate is about 100KBps, preferably using The more secure asymmetric encryption algorithm, RSA algorithm, uses public key encryption and private key decryption, which is safer and more difficult to crack than symmetric encryption algorithms; Compared with the two symmetric encryption algorithms, the efficiency of encryption and decryption is almost the same. Specifically, to obtain and store the public key of the asymmetric algorithm RSA, and use the public key to encrypt the serial port data. When encrypting, the cached data per second can be encrypted. After the encryption is completed, the encrypted serial port data will be sent out through the serial port. It should be understood that the encryption method is not limited to the above encryption method.
需要注意的是,本实施例中的公钥由RSA算法公私钥值生成小工具产生,其负责根据RSA算法随机生成一对公私钥对,公钥用于加密串口数据,私钥用于解密加密后的串口数据。It should be noted that the public key in this embodiment is generated by the RSA algorithm public and private key value generation gadget, which is responsible for randomly generating a pair of public and private key pairs according to the RSA algorithm. The public key is used to encrypt serial port data, and the private key is used to decrypt encrypted data. After the serial port data.
另外,为了避免加密密钥无效或丢失的情况,优选的可以定期更新加密密钥,可以是定期手动更换该加密密钥,也可以设置定时器,使其自动定时更新。In addition, in order to avoid the situation that the encryption key is invalid or lost, it is preferable to update the encryption key regularly, which can be manually replaced regularly, or a timer can be set to automatically update regularly.
步骤S103:将加密后的串口数据经串口传出;Step S103: Send the encrypted serial port data through the serial port;
加密后的串口数据经串口传出,具体为通过串口线向外传出。The encrypted serial port data is sent out through the serial port, specifically through the serial port line.
采用本实施例中的无线通信基站数据发送方法,从根本上保证基站串口数据在传输过程中的安全性,串口数据在向外传出前已经经过公钥值加密,即使非法侵入者可以获取基站的串口数据,但因为没有可以解密的私钥值,也不能获取任何基站内部相关的信息。The data transmission method of the wireless communication base station in this embodiment fundamentally guarantees the security of the serial port data of the base station in the transmission process. data, but because there is no private key value that can be decrypted, any information related to the base station cannot be obtained.
实施例二:Embodiment two:
本实施例提供一种终端数据接收方法,请参考图2,具体包括如下几个步骤:This embodiment provides a terminal data receiving method, please refer to FIG. 2, which specifically includes the following steps:
步骤S201:接收加密后的串口数据,所述串口数据为由中央处理器发出且要经串口传出的数据;Step S201: receiving encrypted serial port data, the serial port data is sent by the central processing unit and will be transmitted through the serial port;
接收加密后的串口数据具体为接收经串口传出的分块加密后的串口数据。Receiving the encrypted serial port data is specifically receiving block-encrypted serial port data transmitted through the serial port.
步骤S202:对加密后的串口数据进行解密;Step S202: Decrypt the encrypted serial port data;
对加密后的串口数据进行解密包括获取解密所需的解密密钥,通过解密密钥分块对串口数据进行解密,所述解密密钥与加密密钥相对应;对应于实施例一,本实施例优选的采用非对称加密算法RSA算法进行解密,具体为获取非对称算法RSA的私钥并储存,然后通过该私钥对加密后的串口数据分块进行解密。将串口数据分块解密后,还包括将分块解密后的串口数据进行合并,并且将合并后的串口数据显示在终端上。Decrypting the encrypted serial port data includes obtaining the decryption key required for decryption, and decrypting the serial port data in blocks through the decryption key. The decryption key corresponds to the encryption key; corresponding to Embodiment 1, this implementation For example, the asymmetric encryption algorithm RSA algorithm is preferably used for decryption, specifically, the private key of the asymmetric algorithm RSA is obtained and stored, and then the encrypted serial port data blocks are decrypted by the private key. After decrypting the serial port data in blocks, it also includes merging the decrypted serial port data in blocks, and displaying the merged serial port data on the terminal.
需要注意的是,本实施例中的私钥由RSA算法公私钥值生成小工具产生,其负责根据RSA算法随机生成一对公私钥对,公钥用于加密串口数据,私钥用于解密加密后的串口数据。It should be noted that the private key in this embodiment is generated by the RSA algorithm public and private key value generation gadget, which is responsible for randomly generating a pair of public and private key pairs according to the RSA algorithm. The public key is used to encrypt serial port data, and the private key is used to decrypt encrypted data. After the serial port data.
另外,为了避免加密密钥无效或丢失的情况,相应的随着定期更新加密密钥,也需要定期更新解密密钥,同样可以是定期手动更换该解密密钥,也可以设置定时器,使其自动定时更新。In addition, in order to avoid the invalidation or loss of the encryption key, the decryption key needs to be updated regularly as the encryption key is updated accordingly. The decryption key can also be replaced manually on a regular basis, or a timer can be set to make it Automatic timing update.
特别需要注意的是,使用过程中需要特别注意私钥的存放,防止出现泄密事故。In particular, it is necessary to pay special attention to the storage of the private key during use to prevent leakage accidents.
采用本实施例中的终端数据接收方法,从根本上保证基站串口数据在传输到终端的过程中的安全性,串口数据在传输前已经经过公钥值加密,即使非法侵入者可以获取基站的串口数据,但因为没有可以解密的私钥值,也不能获取任何基站内部相关的信息。Adopting the terminal data receiving method in this embodiment fundamentally guarantees the security of the serial port data of the base station during transmission to the terminal. data, but because there is no private key value that can be decrypted, any information related to the base station cannot be obtained.
实施例三:Embodiment three:
本实施例提供一种无线通信基站,请参考图3,具体包括如下模块:缓存模块301和加密模块302和发送模块303。This embodiment provides a wireless communication base station, please refer to FIG. 3 , which specifically includes the following modules: a cache module 301 , an encryption module 302 and a sending module 303 .
缓存模块301用于对满足预设的传输条件的串口数据进行缓存,该串口数据为由中央处理器发出需经串口传出的数据,预设的传输条件为:中央处理器有串口数据传出,同时串口线已连接且两端已上电;请参见图4,缓存模块301还包括判断子模块3011和缓存子模块3012,判断子模块3011用于判断串口数据是否满足所述预设的传输条件,缓存子模块3012用于对满足所述预设的传输条件的串口数据进行缓存。具体为判断子模块3011实时监测基站单板中央处理器是否向外发出串口数据,若监测到基站单板CPU向外发出了串口数据,并且此时基站串口数据线已连接且两端都已上电,就认为基站单板CPU发出的串口数据要经串口传出。关联判断子模块3011和缓存子模块3012,当判断子模块3011检测到基站单板CPU发出的串口数据要经串口传出时,通知缓存子模块3012缓存该串口数据。The cache module 301 is used to cache the serial port data that meets the preset transmission conditions. The serial port data is sent by the central processing unit to transmit data through the serial port. The preset transmission condition is: the central processing unit has serial port data to transmit , while the serial cable is connected and both ends are powered on; please refer to Figure 4, the cache module 301 also includes a judging submodule 3011 and a caching submodule 3012, the judging submodule 3011 is used to judge whether the serial port data meets the preset transmission conditions, the caching submodule 3012 is used to cache the serial port data meeting the preset transmission conditions. Specifically, it is to determine whether the sub-module 3011 monitors in real time whether the CPU of the base station single board sends out serial port data. If it detects that the CPU of the base station single board sends out serial port It is considered that the serial port data sent by the CPU of the base station single board should be sent out through the serial port. Associating the judging submodule 3011 with the cache submodule 3012, when the judging submodule 3011 detects that the serial port data sent by the CPU of the base station single board is to be transmitted through the serial port, it notifies the caching submodule 3012 to cache the serial port data.
缓存串口数据时,可以将串口数据切分后分块进行缓存,其具体的切分方法可以为根据时间每隔一定的时间间隔对该串口数据进行切分,优选的,为免缓存空间占用过大或者大量串口数据的加密处理影响效率,可以每秒对串口数据进行一次切分,也可以根据数据长度每隔一定的数据长度对该串口数据进行切分。缓存串口数据时,对应的,缓存子模块3012对切分后的串口数据分块进行缓存,优选的,对按每秒切分的串口数据分块进行缓存,上述缓存都为临时缓存。应当理解的是,切分方式并不仅限于上述两种切分方式。When caching the serial port data, the serial port data can be segmented and cached in blocks. The specific segmentation method can be to segment the serial port data at regular time intervals according to the time. Preferably, in order to avoid excessive buffer space occupation The encryption processing of large or large serial port data affects the efficiency. The serial port data can be segmented once per second, or the serial port data can be segmented every certain data length according to the data length. When caching serial port data, correspondingly, the cache sub-module 3012 caches the segmented serial port data blocks, preferably, caches the serial port data blocks segmented per second, and the above caches are all temporary caches. It should be understood that the segmentation manner is not limited to the above two segmentation manners.
加密模块302用于对缓存后的串口数据分块进行加密,对应于前述串口数据的缓存方式,加密串口数据时对分块缓存的串口数据分块进行加密,可以对每隔一定的时间间隔分块缓存的串口数据进行加密,与可以对每隔一定的数据长度分块缓存的串口数据进行加密。请参见图5,加密模块302包括第一密钥获取子模块3021和加密子模块3022,第一密钥获取子模块3021用于获取加密密钥,加密子模块3022用于通过第一密钥获取子模块3021获取的加密密钥对串口数据分块进行加密;对缓存后的串口数据分块进行加密具体为缓存子模块3012分块缓存了将要传出的串口数据后,通知加密子模块3022对该串口数据分块进行加密。加密子模块3022对串口数据进行加密的方式可以是采用非对称加密算法加密,通过加密密钥对串口数据进行加密,该加密密钥即为非对称加密算法的公钥;本实施例结合串口数据速率较小的特点,最大传输速率在100KBps左右,优选的使用更安全的非对称加密算法,RSA算法,通过公钥加密、私钥解密,相比对称加密算法更安全,更难破解;另外由于串口数据本身数据量小的特点,采用非对称加密算法与采用对称加密算法两者相比,实现加密和解密的效率相差无几。具体为,第一密钥获取子模块3021获取非对称加密算法RSA中用于加密的公钥并储存,加密子模块3022利用该公钥对串口数据进行加密,加密时优选的对按每秒缓存的串口数据分块进行加密,加密完成后,将加密后的串口数据经串口传出。应当理解的是,加密方式并不仅限于上述加密方式。The encryption module 302 is used for encrypting the serial port data blocks after buffering, corresponding to the cache mode of the aforementioned serial port data, when encrypting the serial port data, the serial port data blocks of the block buffering are encrypted, and can be divided into blocks at regular time intervals. The serial port data in the block cache is encrypted, and the serial port data in the block buffer every certain data length can be encrypted. Please refer to Fig. 5, the encryption module 302 includes a first key acquisition submodule 3021 and an encryption submodule 3022, the first key acquisition submodule 3021 is used to acquire an encryption key, and the encryption submodule 3022 is used to acquire The encryption key that submodule 3021 obtains encrypts the serial port data block; the serial port data block after buffering is encrypted specifically after the cache submodule 3012 block buffers the serial port data to be sent out, and then notifies the encryption submodule 3022 to The serial port data is encrypted in blocks. Encryption sub-module 3022 encrypts the serial port data by using an asymmetric encryption algorithm to encrypt the serial port data through an encryption key, which is the public key of the asymmetric encryption algorithm; this embodiment combines the serial port data The rate is small, the maximum transmission rate is about 100KBps, and the more secure asymmetric encryption algorithm, RSA algorithm, is preferred to use public key encryption and private key decryption, which is safer and harder to crack than symmetric encryption algorithms; in addition, due to Due to the small data volume of the serial port data, the efficiency of encryption and decryption is almost the same when using an asymmetric encryption algorithm and using a symmetric encryption algorithm. Specifically, the first key acquisition sub-module 3021 acquires and stores the public key used for encryption in the asymmetric encryption algorithm RSA, and the encryption sub-module 3022 uses the public key to encrypt the serial port data. The serial data of the serial port is encrypted in blocks. After the encryption is completed, the encrypted serial data is sent out through the serial port. It should be understood that the encryption method is not limited to the above encryption method.
需要注意的是,本实施例中的公钥由RSA算法公私钥值生成小工具产生,其负责根据RSA算法随机生成一对公私钥对,将公钥导入加密模块,私钥导入解密模块,公钥用于加密串口数据,私钥用于解密加密后的串口数据,在对串口数据进行加密前,需初始化加密模块中的公钥和解密模块中的私钥。It should be noted that the public key in this embodiment is generated by the RSA algorithm public-private key value generation gadget, which is responsible for randomly generating a pair of public-private key pairs according to the RSA algorithm, importing the public key into the encryption module, and importing the private key into the decryption module. The key is used to encrypt the serial port data, and the private key is used to decrypt the encrypted serial port data. Before encrypting the serial port data, the public key in the encryption module and the private key in the decryption module need to be initialized.
另外,为了避免加密密钥无效或丢失的情况,优选的可以定期更新加密密钥,可以是定期手动更换该加密密钥,也可以设置定时器,使其自动定时更新。In addition, in order to avoid the situation that the encryption key is invalid or lost, it is preferable to update the encryption key regularly, which can be manually replaced regularly, or a timer can be set to automatically update regularly.
发送模块303用于将加密后的串口数据经串口传出,具体为发送模块303将加密后的串口数据通过串口线向外传出。The sending module 303 is used to send the encrypted serial port data out through the serial port, specifically, the sending module 303 sends the encrypted serial port data out through the serial port line.
采用本实施例中的无线通信基站,从根本上保证基站串口数据在传输过程中的安全性,串口数据在传输前已经经过公钥值加密,即使非法侵入者可以获取基站的串口数据,但因为没有可以解密的私钥值,也不能获取任何基站内部相关的信息。The use of the wireless communication base station in this embodiment fundamentally guarantees the security of the base station’s serial port data during transmission. The serial port data has been encrypted with a public key value before transmission. There is no private key value that can be decrypted, nor can any relevant information inside the base station be obtained.
实施例四:Embodiment four:
本实施例提供一种终端,请参考图6,具体包括接收模块601和解密模块602。This embodiment provides a terminal, please refer to FIG. 6 , which specifically includes a receiving module 601 and a decryption module 602 .
接收模块601用于接收加密后的串口数据,所述串口数据为由中央处理器发出且要经串口传出的数据;具体为接收经串口传出的加密后的串口数据。The receiving module 601 is used to receive encrypted serial port data, which is sent by the central processing unit and to be sent out through the serial port; specifically, it is to receive encrypted serial port data sent out through the serial port.
解密模块602用于对加密后的串口数据进行解密,请参见图7,解密模块602包括第二密钥获取子模块6021和解密子模块6022,第二密钥获取子模块6021用于对加密后的串口数据进行解密前获取解密所需的解密密钥,所述解密密钥与加密密钥相对应,对应于实施例一,本实施例优选的采用非对称加密算法RSA进行解密,具体为第二密钥获取子模块6021获取非对称加密算法RSA的私钥并储存,然后解密子模块6022通过该私钥对分块加密后的串口数据分块进行解密。本实施例提供的终端,还包括处理模块603,处理模块603用于将分块解密后的串口数据进行合并,合并后将串口数据正常显示在终端。The decryption module 602 is used to decrypt the encrypted serial port data. Please refer to FIG. Obtain the decryption key required for decryption before the serial port data is decrypted. The decryption key corresponds to the encryption key, corresponding to Embodiment 1. In this embodiment, the asymmetric encryption algorithm RSA is preferably used for decryption. Specifically, the first The second key acquisition sub-module 6021 obtains and stores the private key of the asymmetric encryption algorithm RSA, and then the decryption sub-module 6022 uses the private key to decrypt the block-encrypted serial port data block. The terminal provided in this embodiment further includes a processing module 603, and the processing module 603 is used to combine the decrypted serial port data by blocks, and display the serial port data normally on the terminal after the combination.
需要注意的是,本实施例中的私钥由RSA算法公私钥值生成小工具产生,其负责根据RSA算法随机生成一对公私钥对,公钥用于加密串口数据,私钥用于解密加密后的串口数据。It should be noted that the private key in this embodiment is generated by the RSA algorithm public and private key value generation gadget, which is responsible for randomly generating a pair of public and private key pairs according to the RSA algorithm. The public key is used to encrypt serial port data, and the private key is used to decrypt encrypted data. After the serial port data.
另外,为了避免加密密钥无效或丢失的情况,相应的随着定期更新加密密钥,也需要定期更新解密密钥,同样可以是定期手动更换该解密密钥,也可以设置定时器,使其自动定时更新。In addition, in order to avoid the invalidation or loss of the encryption key, the decryption key needs to be updated regularly as the encryption key is updated accordingly. The decryption key can also be replaced manually on a regular basis, or a timer can be set to make it Automatic timing update.
特别需要注意的是,使用过程中需要特别注意私钥的存放,防止出现泄密事故。In particular, it is necessary to pay special attention to the storage of the private key during use to prevent leakage accidents.
采用本实施例中的终端,从根本上保证基站串口数据在传输到终端时的安全性,串口数据在传输前已经经过公钥值加密,即使非法侵入者可以获取基站的串口数据,但因为没有可以解密的私钥值,也不能获取任何基站内部相关的信息。Using the terminal in this embodiment fundamentally guarantees the security of the serial port data of the base station when it is transmitted to the terminal. The serial port data has been encrypted with a public key value before transmission. The private key value that can be decrypted cannot obtain any relevant information inside the base station.
以上内容是结合具体的实施方式对本发明所作的进一步详细说明,不能认定本发明的具体实施只局限于这些说明。对于本发明所属技术领域的普通技术人员来说,在不脱离本发明构思的前提下,还可以做出若干简单推演或替换,都应当视为属于本发明的保护范围。The above content is a further detailed description of the present invention in conjunction with specific embodiments, and it cannot be assumed that the specific implementation of the present invention is limited to these descriptions. For those of ordinary skill in the technical field of the present invention, without departing from the concept of the present invention, some simple deduction or replacement can be made, which should be regarded as belonging to the protection scope of the present invention.
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510653899.1ACN106572061A (en) | 2015-10-10 | 2015-10-10 | Wireless communication base station and data sending method thereof, and terminal and data reception thereof |
| PCT/CN2016/073851WO2016184183A1 (en) | 2015-10-10 | 2016-02-16 | Wireless communication base station, data transmission and reception method, terminal and storage medium |
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510653899.1ACN106572061A (en) | 2015-10-10 | 2015-10-10 | Wireless communication base station and data sending method thereof, and terminal and data reception thereof |
| Publication Number | Publication Date |
|---|---|
| CN106572061Atrue CN106572061A (en) | 2017-04-19 |
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510653899.1APendingCN106572061A (en) | 2015-10-10 | 2015-10-10 | Wireless communication base station and data sending method thereof, and terminal and data reception thereof |
| Country | Link |
|---|---|
| CN (1) | CN106572061A (en) |
| WO (1) | WO2016184183A1 (en) |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110851472B (en)* | 2019-11-19 | 2025-01-24 | 深圳前海微众银行股份有限公司 | Sample matching method, device and readable storage medium |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1541016A (en)* | 2003-10-24 | 2004-10-27 | 海信集团有限公司 | Method of encrypting mobile terminals |
| EP2056542A1 (en)* | 2007-10-29 | 2009-05-06 | Panasonic Corporation | Transmission power mask for fast access requests |
| CN101877849A (en)* | 2009-04-28 | 2010-11-03 | 福建星网锐捷通讯股份有限公司 | Communication method between wireless module and external equipment |
| CN102036232A (en)* | 2010-12-17 | 2011-04-27 | 中兴通讯股份有限公司 | Method and device for transmitting and receiving base station data |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100464337C (en)* | 2006-09-05 | 2009-02-25 | 北京飞天诚信科技有限公司 | Method and device for secure communication between USB device and host |
| CN101442739B (en)* | 2007-11-20 | 2011-01-19 | 展讯通信(上海)有限公司 | Method for protecting AT instruction |
| CN101494684A (en)* | 2008-01-24 | 2009-07-29 | 北京汉潮大成科技孵化器有限公司 | Mobile phone data backup device capable of communicating with serial encipher mobile phone |
| US9160974B2 (en)* | 2009-08-26 | 2015-10-13 | Sling Media, Inc. | Systems and methods for transcoding and place shifting media content |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1541016A (en)* | 2003-10-24 | 2004-10-27 | 海信集团有限公司 | Method of encrypting mobile terminals |
| EP2056542A1 (en)* | 2007-10-29 | 2009-05-06 | Panasonic Corporation | Transmission power mask for fast access requests |
| CN101877849A (en)* | 2009-04-28 | 2010-11-03 | 福建星网锐捷通讯股份有限公司 | Communication method between wireless module and external equipment |
| CN102036232A (en)* | 2010-12-17 | 2011-04-27 | 中兴通讯股份有限公司 | Method and device for transmitting and receiving base station data |
| Title |
|---|
| 张青凤等: "《信息存储安全理论与应用》", 30 September 2012* |
| Publication number | Publication date |
|---|---|
| WO2016184183A1 (en) | 2016-11-24 |
| Publication | Publication Date | Title |
|---|---|---|
| EP3565210B1 (en) | Method, relevant device and system for processing network key | |
| TW201330577A (en) | Data protection system and method based on cloud storage | |
| CN105634737B (en) | Data transmission method, terminal and system | |
| CN102158385B (en) | Data information transmission device and method applied to mobile terminal | |
| CN104319874A (en) | On-line monitoring system and method for status of power transmission line of intelligent power grid | |
| CN109194701B (en) | Data processing method and device | |
| CN109104273B (en) | Message processing method and receiving server | |
| CN102571321A (en) | Data encryption transmission method and device | |
| CN105141984A (en) | Network video obtaining system and network video obtaining method | |
| CN103166757A (en) | Method and system capable of dynamically protecting user private data | |
| CN106341815B (en) | A wireless connection method, terminal and AP | |
| CN107579903B (en) | Picture message secure transmission method and system based on mobile device | |
| JP2018523360A (en) | Method and system for secure SMS communication | |
| CN103327485A (en) | Method and system for wirelessly transmitting content | |
| CN108156604B (en) | Group calling encryption transmission method and device of cluster system, cluster terminal and system | |
| WO2017004828A1 (en) | Method and device for upgrading cryptographic algorithm | |
| CN110572825A (en) | A wearable device authentication device and authentication encryption method | |
| CN107529159B (en) | Access layer encryption, decryption and integrity protection method and device for broadband cluster downlink shared channel and security implementation method | |
| CN106572061A (en) | Wireless communication base station and data sending method thereof, and terminal and data reception thereof | |
| CN109257630B (en) | Data transmission system, method, device and storage medium in video-on-demand | |
| CN105827601A (en) | Data encryption application method and system of mobile device | |
| CN111314287A (en) | A public key encryption communication method and device | |
| CN110855628A (en) | Data transmission method and system | |
| CN116033418A (en) | Wireless communication encryption method and system applied to fire-fighting Internet of things | |
| CN103986640A (en) | Instant messaging method and system capable of guaranteeing safety of user communication content |
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | Application publication date:20170419 | |
| RJ01 | Rejection of invention patent application after publication |