CN112541186A - Password out-of-control resisting system and method based on motion state perception - Google Patents

Abstract

Translated fromChinese

本发明提供了一种基于运动状态感知的密码抗失控系统，包括搭载在机载/弹载平台上的加密设备，所述加密设备由加密设备主机与保护介质组成，所述加密设备主机包括控制单元、加速度传感器、非易失存储单元以及易失存储单元；保护介质，用于存放存储保护信息；非易失存储单元，用于存储受保护密码关键数据；易失存储单元，用于存储明态密码关键数据；加速度传感器，用于采集运动状态；控制单元，用于受保护密码关键数据解密并存入易失存储单元；根据运动状态运行密码指令及销毁明态密码关键数据。本发明的方案中非易失存储器只存储受保护密码关键数据，便于设备日常安全管理；加密设备通过传感器，自动感知武器平台任务阶段切换情况，自动销毁内部明态密码关键数据。

The present invention provides a cryptographic anti-runaway system based on motion state perception, including an encryption device mounted on an airborne/bomb-borne platform, the encryption device is composed of an encryption device host and a protection medium, and the encryption device host includes a control unit, acceleration sensor, non-volatile storage unit and volatile storage unit; protection medium for storing storage protection information; non-volatile storage unit for storing protected password key data; volatile storage unit for storing state password key data; acceleration sensor for collecting motion state; control unit for decrypting protected password key data and storing it in a volatile storage unit; running cryptographic commands and destroying clear state password key data according to the motion state. In the solution of the present invention, the non-volatile memory only stores the protected key data of the password, which is convenient for the daily security management of the equipment;

Description

Password out-of-control resisting system and method based on motion state perception

Technical Field

The invention relates to the field of passwords, in particular to a password runaway-resistant system and method based on motion state perception.

Background

Encryption equipment deployed in a weapon platform usually solidifies explicit cipher key data PCS such as application keys, application algorithms, algorithm parameters and the like in a nonvolatile storage unit of a cipher machine, and is used for providing encryption protection for information such as communication command or information reconnaissance of the weapon platform, and the weapon platform has the conditions of being trapped and captured by tricks or not exploding missiles, particularly airborne and missile-borne encryption equipment.

The requirements of the current system for the encryption device are as follows:

1) the encryption device can provide encryption service in the task execution process of the weapon platform;

2) after the weapon platform is out of control, the PCS (personal communications system) of the key data of the plain-state password in the encryption equipment can not be acquired by an opponent.

After the weapon platform is out of control, on one hand, the weapon platform is separated from a wireless communication coverage range designed by the system or cannot normally communicate due to electromagnetic interference, and the like, and the password system cannot remotely destroy the clear password key data PCS of the encryption equipment on line by using a wireless communication means; on the other hand, the weapon platform may be in a power-off state after being out of control, the encryption device cannot work, the weapon platform cannot be judged to be in the out-of-control state, and the clear-state password key data PCS of the nonvolatile storage unit cannot be destroyed.

Disclosure of Invention

Aiming at the problems in the prior art, the password runaway-resistant system and method based on motion state perception, which are suitable for airborne and missile-borne platforms, are provided, and are still suitable for encryption equipment of a weapon platform, wherein the task process sequentially comprises a static preparation stage, a dynamic execution stage and a static ending stage.

The technical scheme adopted by the invention is as follows: a password anti-runaway system based on motion state perception comprises encryption equipment carried on an airborne/missile-borne platform, wherein the encryption equipment consists of an encryption equipment host and a protection medium, and the encryption equipment host comprises a control unit, an acceleration sensor, a nonvolatile storage unit and a volatile storage unit; the protection medium is used for storing storage protection information; the nonvolatile storage unit is used for storing key data of the protected password; the volatile storage unit is used for storing key data of the plain state password; the acceleration sensor is used for acquiring a motion state; the control unit is used for decrypting the key data of the protected password and storing the decrypted key data into the volatile storage unit; and operating the password instruction according to the motion state and destroying the key data of the plain password.

Further, the control unit generates a data stream through a hash function by using the storage protection information, decrypts the protected password key data through an exclusive-or mode, acquires the clear password key data, and destroys the storage protection information.

Further, the control unit detects the motion state and the relative position change of the airborne/missile-borne platform in real time through the acceleration sensor, and if the relative position change of the equipment is detected to exceed a set threshold value, the equipment is in a task execution stage and runs a password instruction; the acceleration sensor detects that the airborne/missile-borne platform is in a static state, if the static state holding time exceeds a set threshold value, the encryption equipment judges that the task is finished, and key data of the plain-state password stored in the volatile storage unit are destroyed.

Further, the key data of the plain-state password stored in the volatile storage unit is automatically destroyed when the encryption equipment is powered off.

The invention also provides a password anti-runaway method based on motion state perception, in a task preparation stage of the airborne/missile-borne platform, storage protection information is loaded into encryption equipment, the encryption equipment decrypts the protected password key data CCS and then loads the decrypted data into a volatile storage unit to operate, encryption protection is provided for the communication service of the airborne/missile-borne platform in a task execution stage, and when the encryption equipment detects that the airborne/missile-borne platform is converted from the flight state in the task execution stage to the static state at the end of the task, the clear password key data of the volatile storage unit in the equipment is destroyed.

Further, the specific process of the password runaway prevention method is as follows:

step 1, an encryption device reads storage protection information in a protection medium;

step 2, the encryption equipment decrypts the key data of the protected password by using the storage protection information to obtain the key data of the plain password;

step 3, loading the key data of the plain password into a volatile storage space of the equipment, and destroying the storage protection information at the same time;

step 4, the encryption equipment runs a password instruction; by detecting the motion state and the relative position change of the airborne/missile-borne platform, if the relative position change of the equipment is detected to exceed a set threshold value, the encryption equipment judges that the equipment is in a task execution stage;

step 5, the encryption equipment detects that the airborne/missile-borne platform is in a static state, if the static state holding time exceeds a set threshold value, the encryption equipment judges that the airborne/missile-borne platform is in a task ending stage, and key data of the plain-state password stored in the encryption equipment are destroyed;

furthermore, an acceleration sensor is adopted to detect the motion state of the airborne/missile-borne platform, so that the task stage is judged.

Further, the decryption process of step 2 is: and generating a data stream by using the storage protection information through a hash function, decrypting the key data of the protected password in an exclusive OR mode to obtain the key data of the plain password, and destroying the storage protection information.

Compared with the prior art, the beneficial effects of adopting the technical scheme are as follows:

1) the nonvolatile memory in the encryption equipment only stores the key data CCS of the protected password and does not store the key data PCS of the plain password, so that the daily safety management of the equipment is facilitated;

2) the encryption equipment automatically senses the switching condition of the weapon platform at the task stage through a sensor and automatically destroys the key data PCS of the internal plain-state password; if the encryption equipment is powered off, the clear-state password key data PCS stored in the volatile memory is automatically destroyed, and the risk of password key data leakage caused by the fact that online management cannot be conducted after the encryption equipment is out of control is avoided.

Drawings

Fig. 1 is a schematic diagram of a cryptosystem for resisting runaway based on motion state perception, which is provided by the invention.

Fig. 2 is a flow chart of a password runaway prevention method based on motion state perception, which is provided by the invention.

FIG. 3 is a diagram illustrating encryption of cryptographic resources according to an embodiment of the invention.

Detailed Description

The invention is further described below with reference to the accompanying drawings.

The problems to be solved by the invention are as follows: how the encryption equipment utilizes the task characteristics of the weapon platform to sense the change of the motion state, and automatically destroys all the internal clear-state password key data PCS to resist the safety risk caused by the out-of-control equipment.

Example 1

As shown in fig. 1, the invention provides a password runaway prevention system based on motion state sensing, which comprises an encryption device carried on an airborne/missile-borne platform, wherein the encryption device is composed of an encryption device host and a protection medium, and the encryption device host comprises a control unit, an acceleration sensor, a nonvolatile storage unit and a volatile storage unit; the protection medium is used for storing storage protection information; the nonvolatile storage unit is used for storing key data of the protected password; the protection medium stores storage protection information; the volatile storage unit is used for storing key data of the plain state password; the acceleration sensor is used for acquiring a motion state; the control unit is used for decrypting the key data of the protected password and storing the decrypted key data into the volatile storage unit; and operating the password instruction according to the motion state and destroying the key data of the plain password. Before the encryption equipment works, the storage protection information SK in the protection medium must be read, and then the encryption equipment can normally work and provide encryption service.

As shown in fig. 3, the protected cipher key data stored in the nonvolatile memory unit is the result of xor protection on the plain cipher key data by using the data stream generated by the hash function using the storage protection information.

During decryption, the control unit generates data stream through a hash function by using the storage protection information, decrypts the protected password key data through an exclusive-or mode, acquires the clear password key data, and destroys the storage protection information.

The control unit detects the motion state and the relative position change of the airborne/missile-borne platform in real time through the acceleration sensor, and if the relative position change of the equipment is detected to exceed a set threshold value, the equipment is in a task execution stage and runs a password instruction; the acceleration sensor detects that the airborne/missile-borne platform is in a static state, if the static state holding time exceeds a set threshold value, the encryption equipment judges that the task is finished, and key data of the plain-state password stored in the volatile storage unit are destroyed.

If the encryption equipment is powered off, the clear-state password key data PCS stored in the volatile memory is automatically destroyed, and the risk of password key data leakage caused by the fact that online management cannot be conducted after the encryption equipment is out of control is avoided.

Example 2

As shown in fig. 2, the invention further provides a password runaway prevention method based on motion state perception, in a task preparation stage of an airborne/missile-borne platform, storage protection information is loaded into an encryption device, the encryption device decrypts critical data CCS of a protected password and loads the decrypted data CCS into a volatile storage unit to operate, encryption protection is provided for communication services of the airborne/missile-borne platform in a task execution stage, and when the encryption device detects that the airborne/missile-borne platform is converted from a flight state in the task execution stage to a static state at the end of a task, clear password critical data of the volatile storage unit in the device are destroyed. In this embodiment, an acceleration sensor is used to detect the motion state of the airborne/missile-borne platform, so as to determine the task stage.

Specifically, the password runaway prevention method comprises the following specific processes:

step 1, an encryption device reads storage protection information in a protection medium;

step 2, the encryption equipment decrypts the key data of the protected password by using the storage protection information to obtain the key data of the plain password;

step 3, loading the key data of the plain password into a volatile storage space of the equipment, and destroying the storage protection information at the same time;

step 4, the encryption equipment runs a password instruction; by detecting the motion state and the relative position change of the airborne/missile-borne platform, if the relative position change of the equipment is detected to exceed a set threshold value, the encryption equipment judges that the equipment is in a task execution stage;

step 5, the encryption equipment detects that the airborne/missile-borne platform is in a static state, if the static state holding time exceeds a set threshold value, the encryption equipment judges that the platform is in a task ending stage (including normal ending and abnormal ending), and key data of the internal stored plain-state password are destroyed;

the decryption process of the step 2 is as follows: and generating a data stream by using the storage protection information through a hash function, decrypting the key data of the protected password in an exclusive OR mode to obtain the key data of the plain password, and destroying the storage protection information.

The technical scheme adopted by the invention has the beneficial effects that:

1) the nonvolatile memory in the encryption equipment only stores the key data CCS of the protected password and does not store the key data PCS of the plain password, so that the daily safety management of the equipment is facilitated;

2) the encryption equipment automatically senses the switching condition of the weapon platform at the task stage through a sensor and automatically destroys the key data PCS of the internal plain-state password; if the encryption equipment is powered off, the clear-state password key data PCS stored in the volatile memory is automatically destroyed, and the risk of password key data leakage caused by the fact that online management cannot be conducted after the encryption equipment is out of control is avoided.

The invention is not limited to the foregoing embodiments. The invention extends to any novel feature or any novel combination of features disclosed in this specification and any novel method or process steps or any novel combination of features disclosed. Those skilled in the art to which the invention pertains will appreciate that insubstantial changes or modifications can be made without departing from the spirit of the invention as defined by the appended claims.

All of the features disclosed in this specification, or all of the steps in any method or process so disclosed, may be combined in any combination, except combinations of features and/or steps that are mutually exclusive.

Claims (8)

Translated fromChinese

1.一种基于运动状态感知的密码抗失控系统，其特征在于，包括搭载在机载/弹载平台上的加密设备，所述加密设备由加密设备主机与保护介质组成，所述加密设备主机包括控制单元、加速度传感器、非易失存储单元以及易失存储单元；保护介质，用于存放存储保护信息；非易失存储单元，用于存储受保护密码关键数据；易失存储单元，用于存储明态密码关键数据；加速度传感器，用于采集运动状态；控制单元，用于受保护密码关键数据解密并存入易失存储单元；根据运动状态运行密码指令及销毁明态密码关键数据。1. a cryptographic anti-out-of-control system based on motion state perception, is characterized in that, comprises the encryption device carried on the airborne/bomb-borne platform, and described encryption device is made up of encryption device host and protection medium, and described encryption device host Including a control unit, an acceleration sensor, a non-volatile storage unit and a volatile storage unit; a protection medium for storing storage protection information; a non-volatile storage unit for storing protected password key data; a volatile storage unit for It stores the key data of clear-state password; the acceleration sensor is used to collect the movement state; the control unit is used to decrypt the key data of the protected password and store it in the volatile storage unit; according to the movement state, run the password command and destroy the key data of the clear-state password.2.根据权利要求1所述的基于运动状态感知的密码抗失控系统，其特征在于，所述控制单元利用存储保护信息，通过散列函数产生数据流，再通过异或方式对受保护密码关键数据解密，获取明态密码关键数据，同时销毁存储保护信息。2. the cryptographic anti-out-of-control system based on motion state perception according to claim 1, is characterized in that, described control unit utilizes storage protection information, generates data stream by hash function, and then key to protected cryptogram by XOR mode Data decryption, obtaining the key data of the clear-state password, and destroying the storage protection information at the same time.3.根据权利要求2所述的基于运动状态感知的密码抗失控系统，其特征在于，控制单元通过加速度传感器实时检测机载/弹载平台运动状态和相对位置变化，若检测到设备相对位置变化超过设定阈值，则表示已处于任务执行阶段，运行密码指令；通过加速度传感器检测到机载/弹载平台处于静止状态，若静止状态保持时间超过设定阈值，则加密设备判定任务结束，销毁易失存储单元存储的明态密码关键数据。3. the cryptographic anti-out-of-control system based on motion state perception according to claim 2, is characterized in that, control unit detects airborne/bomb-borne platform motion state and relative position change in real time by acceleration sensor, if the relative position change of equipment is detected If it exceeds the set threshold, it means that it is already in the task execution stage, and the password command is executed; the acceleration sensor detects that the airborne/missile-borne platform is in a stationary state, if the stationary state remains longer than the set threshold, the encryption device determines that the task is over and destroys it. Clear-state cryptographic key data stored in volatile memory cells.4.根据权利要求3所述的基于运动状态感知的密码抗失控系统，其特征在于，所述易失存储单元中存储的明态密码关键数据在加密设备断电时自动销毁。4 . The cryptographic anti-runaway system based on motion state perception according to claim 3 , wherein the clear-state cryptographic key data stored in the volatile storage unit is automatically destroyed when the encryption device is powered off. 5 .5.一种基于运动状态感知的密码抗失控方法，其特征在于，在机载/弹载平台任务准备阶段，将存储保护信息加载到加密设备中，加密设备将受保护密码关键数据CCS解密后，加载到易失存储单元运行，为任务执行阶段的机载/弹载平台通信业务提供加密保护，加密设备检测到机载/弹载平台从任务执行阶段的飞行状态转为任务结束的静止状态时，销毁设备内部易失存储单元的明态密码关键数据。5. A cryptographic anti-runaway method based on motion state perception is characterized in that, in the airborne/missile platform task preparation stage, the storage protection information is loaded into the encryption device, and the encryption device decrypts the protected password key data CCS after the decryption. , loaded into the volatile storage unit for operation, to provide encryption protection for the airborne/missile-borne platform communication services in the mission execution phase. When the key data of the clear-state password in the volatile storage unit inside the device is destroyed.6.根据权利要求5所述的基于运动状态感知的密码抗失控方法，其特征在于，所述密码抗失控方法的具体过程为：6. The cryptographic anti-runaway method based on motion state perception according to claim 5, wherein the specific process of the cryptographic anti-runaway method is:步骤1、加密设备读取保护介质中的存储保护信息；Step 1, the encryption device reads the storage protection information in the protection medium;步骤2、加密设备利用存储保护信息，对受保护密码关键数据解密，获取明态密码关键数据；Step 2, the encryption device decrypts the protected password key data by using the storage protection information, and obtains the clear-state password key data;步骤3、将明态密码关键数据加载到设备易失存储空间，同时销毁存储保护信息；Step 3. Load the clear-state password key data into the volatile storage space of the device, and destroy the storage protection information at the same time;步骤4、加密设备运行密码指令；通过检测机载/弹载平台运动状态和相对位置变化，若检测到设备相对位置变化超过设定阈值，则加密设备判定已处于任务执行阶段；Step 4, the encryption device runs the password command; by detecting the movement state and relative position change of the airborne/missile-borne platform, if it is detected that the relative position change of the device exceeds the set threshold, the encryption device determines that it has been in the task execution stage;步骤5、加密设备检测到机载/弹载平台处于静止状态，若静止状态保持时间超过设定阈值，则加密设备判定处于任务结束阶段，销毁内部存储的明态密码关键数据。Step 5. The encryption device detects that the airborne/missile-borne platform is in a stationary state. If the stationary state remains for longer than the set threshold, the encryption device determines that it is at the end of the task, and destroys the key data of the clear-state password stored internally.7.根据权利要求5或6所述的基于运动状态感知的密码抗失控方法，其特征在于，采用加速度传感器检测机载/弹载平台运动状态，从而判断所处任务阶段。7. The cryptographic anti-out-of-control method based on motion state perception according to claim 5 or 6, characterized in that, an acceleration sensor is used to detect the motion state of the airborne/missile-borne platform, thereby judging the task stage.8.根据权利要求7所述的基于运动状态感知的密码抗失控方法，其特征在于，所述步骤2的解密过程为：利用存储保护信息，通过散列函数产生数据流，再通过异或方式对受保护密码关键数据解密，获取明态密码关键数据，同时销毁存储保护信息。8. the cryptographic anti-out-of-control method based on motion state perception according to claim 7, is characterized in that, the decryption process of described step 2 is: utilize storage protection information, generate data stream by hash function, then by XOR mode Decrypt the key data of the protected password, obtain the key data of the password in the clear state, and destroy the storage protection information at the same time.

Images