[go: up one dir, main page]

CN118916902B - Road parking identification method and system of integrated encryption chip PDA (personal digital Assistant) equipment - Google Patents

Road parking identification method and system of integrated encryption chip PDA (personal digital Assistant) equipment Download PDF

Info

Publication number
CN118916902B
CN118916902B CN202411391928.7A CN202411391928A CN118916902B CN 118916902 B CN118916902 B CN 118916902B CN 202411391928 A CN202411391928 A CN 202411391928A CN 118916902 B CN118916902 B CN 118916902B
Authority
CN
China
Prior art keywords
data
identification
encryption
integrated
road parking
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202411391928.7A
Other languages
Chinese (zh)
Other versions
CN118916902A (en
Inventor
叶绍枫
张屏翀
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nanjing Smart Parking Co ltd
Original Assignee
Nanjing Smart Parking Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nanjing Smart Parking Co ltd filed Critical Nanjing Smart Parking Co ltd
Priority to CN202411391928.7A priority Critical patent/CN118916902B/en
Publication of CN118916902A publication Critical patent/CN118916902A/en
Application granted granted Critical
Publication of CN118916902B publication Critical patent/CN118916902B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/53Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6209Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Storage Device Security (AREA)

Abstract

本发明公开了一种集成加密芯片PDA设备的道路停车识别方法及其系统,在对道路停车位置的图像的第一识别数据进行加密操作,形成第二识别数据,道路停车识别数据处理工作在虚拟缓存容器内运行,并通过集成加密芯片接收用以执行加密操作的请求并进行解密对比;对第二识别数据解密对比后进行停车识别权限分配,其加密传输无需另外的软件来进行实现,可直接在识别的同时完成加密、分级和安全的数据识别上传等操作,同时通过容器技术,对加密芯片的处理能力进行放大,让业务程序及其算法的所有逻辑代码都在受保护的安全容器中运行,实现算法及其代码以及可执行模块的安全,保障数据安全和资金安全。

The present invention discloses a road parking identification method and system of an integrated encryption chip PDA device. The method performs an encryption operation on first identification data of an image of a road parking position to form second identification data. The road parking identification data processing work is run in a virtual cache container, and a request for performing an encryption operation is received through an integrated encryption chip and decrypted and compared. After decrypting and comparing the second identification data, parking identification authority is allocated. The encryption transmission does not require additional software to implement, and encryption, classification, and secure data identification upload and other operations can be completed directly during identification. At the same time, the processing capacity of the encryption chip is amplified through container technology, so that all logic codes of a business program and its algorithm are run in a protected secure container, thereby implementing the security of the algorithm and its code as well as executable modules, and ensuring data security and financial security.

Description

Road parking identification method and system of integrated encryption chip PDA (personal digital Assistant) equipment
Technical Field
The invention relates to the technical field of encrypted data processing, in particular to a road parking identification method and a road parking identification system for integrated encryption chip PDA equipment.
Background
In the existing road parking management service, the vehicle in-out berth depends on a high-level license plate recognition camera or an administrator holds the PDA device to photograph and recognize the license plate, and the PDA device can directly correlate and recognize related information such as the license plate and the owner information of the vehicle in the photographing and recognizing process to form a parking recognition record of a user and perform subsequent operations such as operation. However, the front end and the rear end of the road parking handheld PDA device at the present stage do not carry out data encryption transmission, particularly in the process of detecting, identifying and matching the parking spaces, the PDA device often directly transmits collected and identified image information to corresponding road parking management service, and the encryption transmission is realized based on software, so that the leakage of user information can be caused, the data safety of information transmission is not guaranteed, the possibility of being cracked exists, and unnecessary fund risks are brought to users. Therefore, we propose a road parking identification method and system of integrated encryption chip PDA equipment.
Disclosure of Invention
The present invention has been made in view of the above-described problems in the conventional apparatus for road parking identification.
Therefore, one of the purposes of the present invention is to provide a road parking identification method and system for integrated encryption chip PDA devices, which implements high security parking identification by integrating a national encryption chip 7 on a PDA hardware motherboard, improves data transmission mode, amplifies the processing capacity of the encryption chip by container technology, makes all logic codes of a service program and its algorithm run in a protected security container, implements the security of the algorithm and its code and executable module, and further encrypts a software system and data transmission from a hardware layer, guaranteeing data security and fund security.
In order to solve the technical problems, the invention provides the following technical scheme:
in one aspect, the present invention provides a road parking identification method for an integrated encryption chip PDA device, including:
The detection and recognition of the road parking space are completed after the image of the road parking position is acquired, analyzed and processed by the PDA equipment, and first recognition data are formed,
The PDA equipment generates a virtual cache container for encryption by an integrated encryption chip, and the integrated encryption chip responds to the first identification data and carries out encryption operation on the first identification data based on the virtual cache container to form second identification data;
the main control chip receives the second identification data, the road parking identification data processing work operates in the virtual cache container, and the request for executing encryption operation is received through the integrated encryption chip and decryption comparison is carried out;
The second identification data are decrypted and compared, parking identification permission distribution is carried out, preset data are searched according to access permission levels, a policy library is distributed, a data classification policy matched with the access permission levels is obtained, the data classification policy is used for representing data content which is safely accessed by the encrypted second identification data and corresponds to the access permission levels, the data content which is safely accessed in the second identification data is subjected to the data classification policy, and interaction list information of the second identification data file is generated according to the data content which is safely accessed and the data classification policy;
And identifying the safely accessed data content in the second identification data according to the interaction list information and uploading the safely accessed data content to a road parking cloud management system.
In a preferred embodiment of the present invention, when the parking identification authority is allocated after the second identification data is decrypted and compared, the method further includes:
The virtual buffer container integrated with encryption chip adopts isolation measure to the outside and determines the inside as credible authentication, and performs image data encryption processing to ensure the information security of the road parking identification service, and
And executing the password operation requested by the road parking identification PDA device system by the integrated encryption chip, responding to and determining that the identity information of the road parking identification PDA device system is matched with the key of the virtual cache container, and executing the password operation requested by the road parking identification PDA device system based on the key information stored in the virtual cache container.
In a preferred embodiment of the present invention, the integrated encryption chip generates a virtual buffer container for encryption, and generates a virtual buffer container for encryption in the embedded road parking identification PDA device system by using a key of the integrated encryption chip based on container technology, so that the road parking identification data processing work of the road parking identification PDA device system runs in the virtual buffer container, specifically as follows:
firstly, a developer needs to pack an application program of a road parking identification PDA equipment system and a dependency term thereof into a mirror image, the mirror image is completed through Dockerfile text files, dockerfile is a text file containing instructions and is used for constructing a Docker mirror image;
pushing the mirror image to a Docker warehouse after the construction of the mirror image is completed, and completing the mirror image through a Docker client;
container running-pulling mirror image from the Docker repository through Docker commands and running virtual cache containers.
The invention is a preferable scheme, wherein the integrated encryption chip receives a request for executing encryption operation and executes decryption comparison, the integrated encryption chip receives a random code generated by a main control chip and a plaintext sent by the main control chip, encrypts the plaintext through an encryption algorithm to generate ciphertext and returns to generate decryption ciphertext for comparison, and the method comprises the following specific steps:
generating a random code by a main control chip;
The main control chip sends a plaintext to the encryption chip;
The integrated encryption chip encrypts the plaintext through an encryption algorithm to generate a ciphertext, and the encryption chip returns the ciphertext to the main control chip;
The main control chip decrypts the ciphertext to generate a decryption value;
The main control chip compares the decryption value with the previous plaintext, if the comparison value is consistent, the authentication is passed, the authentication is not passed to reach a preset threshold value, and then whether the operation is a malicious request operation is judged, wherein the malicious request operation is more than the continuous authentication failure times or the key mismatch times;
When the operation is determined to be a malicious request operation, the integrated encryption chip clears the identity information and the key information from the virtual cache container;
the encryption algorithm adopts a block cipher algorithm of SM7, the block length is 128 bits, the key length is 128 bits, and the integrated encryption chip adopts an EEPROM memory.
The integrated encryption chip trusted authentication, specifically, a virtual cache container in the integrated encryption chip writes the encryption key into the integrated encryption chip of the virtual cache container to be encrypted through a kernel-level signature CA verification technology, a token is added, a LUKS key slot is bound with the integrated encryption chip, the token stores the encryption key written into the integrated encryption chip and the LUKS key slot associated with the encryption key, the encryption key is stored in the integrated encryption chip, and signature authentication is carried out through the encryption key when the virtual cache container is started;
If the unsigned process or the process with inconsistent signature, namely the fake process cannot run, the trusted authentication is judged to be not passed, and if the virtual cache container passes through the kernel-level signature CA verification technology, the signature authentication is carried out on the system application in the container, so that the unsigned process or the process with inconsistent signature, namely the fake process cannot run.
The method comprises the steps that a virtual cache container of an integrated encryption chip takes isolation measures to the outside, wherein the isolation measures are used for configuring a white list of a scene of the integrated encryption chip, and particularly, based on the fact that the virtual cache container matches and is configured as the white list for identity information, key information and associated scene information, a white list scene associated with programs and files is formed through white list setting, operation outside the scene is forbidden, file protection is carried out at the same time, even if the authority of a system administrator is strictly limited, the file protection is designed according to the principle of minimizing authority, encryption authentication is carried out on data read-write, modification and storage in the virtual cache container, and files specified by allowing a specified road parking identification service application program to read-write are limited, so that the information security of the files in the road parking identification service is ensured.
The invention is used as a preferable scheme, which further comprises the steps of identifying a PDA device user, specifically acquiring biological verification information of the user, carrying out matching verification on the biological verification information through a preset user authority library, generating a user verification result, wherein the user verification result comprises the user authority level of the user, assigning an access authority level to the minimum value of the user authority level and the PDA device authority level, generating device identification information, and matching corresponding whitelist scenes according to the device identification information.
The invention is a preferable scheme, wherein a data grading strategy matched with the access authority level is obtained, wherein analysis of the grading strategy is carried out by constructing a grading model for analysis and matching processing, and the method comprises the following steps:
;
Wherein, Is thatStatus-ranking assessment values of the individual ranking policy task data,Is a preset parameter and is used for distributing the grading value in the interval of (0-1),Is the firstThe number of items of the individual hierarchical policy task data,Is thatThe attribute value of the hierarchical policy task data state,Is thatThe weights of the hierarchical policy task data, weight assignments from the sensitivity, importance and value of the data,For analysis in stagesThe security access data, namely the hierarchical policy task data,Judging the first under the state evaluation standard cloud for analyzing and grading strategyAnd the hierarchical policy task data.
The first identification data is encrypted, wherein the first identification data comprises vehicle identification information, vehicle home owner information, vehicle stay time and place information, vehicle payment information and vehicle parking space identification information;
The requested cryptographic operation includes one of an encryption operation, a decryption operation, a signature authentication operation, an external quarantine operation, or a file guard operation.
In one aspect, a road parking identification system of integrated encryption chip PDA equipment is provided, the system is an embedded road parking identification PDA equipment system, the road parking identification PDA equipment system comprises an integrated encryption chip unit and a main control chip unit, wherein the integrated encryption chip unit comprises a cache container generation module, a data receiving module, a data encryption module, a signature authentication module and an execution module;
The system comprises a cache container generation module, a data processing module and a data processing module, wherein the cache container generation module is used for generating a virtual cache container for encryption in an embedded road parking identification PDA equipment system by using a key of an integrated encryption chip unit based on a container technology, so that road parking identification data processing work of the road parking identification PDA equipment system operates in the virtual cache container;
The data receiving module is used for responding to the first identification data, carrying out encryption operation on the first identification data based on the virtual cache container to form second identification data, and receiving a random code generated by the main control chip unit and a plaintext sent by the main control chip unit to the integrated encryption chip unit by the integrated encryption chip unit;
The data encryption module is used for receiving a request for executing encryption operation by the integrated encryption chip unit and carrying out decryption comparison, wherein the integrated encryption chip unit receives a random code generated by the main control chip unit and a plaintext sent by the main control chip unit to the integrated encryption chip unit, and then encrypts the plaintext through an encryption algorithm to generate ciphertext and returns to generate decryption ciphertext for comparison;
The signature authentication module is used for taking isolation measures to the outside by the virtual cache container of the integrated encryption chip unit, determining the inside as trusted authentication, and carrying out data encryption processing to ensure the information security of the road parking identification service;
An execution module for responding to and determining that the road parking identification PDA equipment system identity information is matched with the key of the virtual cache container allowed to request the password operation, and executing the password operation requested by the road parking identification PDA equipment system by the integrated encryption chip based on the key information stored in the virtual cache container;
The main control chip unit comprises an image acquisition processing module, a parking identification authority distribution module, a data uploading module and a biological verification module;
The image acquisition processing module is used for acquiring, analyzing and processing the image of the road parking position through the PDA equipment, then completing detection and identification of the road parking space, and forming first identification data
The parking identification authority allocation module is used for carrying out parking identification authority allocation after decryption and comparison on the second identification data, searching preset data according to access authority levels and allocating a strategy library, and obtaining a data classification strategy matched with the access authority levels, wherein the data classification strategy is used for characterizing data content which is safely accessed by the encrypted second identification data and corresponds to the access authority levels, and the data content which is safely accessed in the second identification data is subjected to data classification strategy, and interactive list information of the second identification data file is generated according to the data classification strategy and the data content which is safely accessed;
The data uploading module is used for identifying the safely accessed data content in the second identification data according to the interaction list information and uploading the safely accessed data content to the road parking cloud management system;
The biological verification module is used for carrying out matching verification on the biological verification information through a preset user authority library to generate a user verification result, wherein the user verification result comprises the user authority level of the user, the minimum value of the user authority level and the PDA equipment authority level is taken to assign an access authority level, equipment identification information is generated, and the corresponding white list scene is matched according to the equipment identification information.
The invention has the beneficial effects that the encryption chip of the national security 7 is integrated on the PDA hardware main board, the data transmission mode is optimized, the encrypted data is encrypted for the first time, then the parking identification authority is distributed, the encrypted data is matched with a proper grading strategy to upload the data content which is correspondingly and safely accessed, the encryption transmission of the data is realized without additional software, the operations of encryption, grading, safe data identification uploading and the like can be directly completed at the same time of identification, the processing capacity of the encryption chip is amplified through the container technology, all logic codes of a service program and an algorithm thereof are operated in a protected safe container, the safety of the algorithm, the code and an executable module is realized, and further, the software system and the data transmission are encrypted from a hardware layer, and the data safety and fund safety are ensured.
In summary, the PDA device integrated with the SM7 encryption chip of the present invention enhances the ID, the key and the algorithm of the encryption chip of the module through the encryption chip, and realizes the security of the algorithm, the code and the executable module thereof through the computing capability of the CPU of the main control chip and through the container technology, thereby preventing the copying board, the decompilation and the hacking, and also preventing the computing, the alteration and the hacking attack, and guaranteeing the data security and the fund security.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings that are needed in the description of the embodiments will be briefly described below, it being obvious that the drawings in the following description are only some embodiments of the present invention, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art. Wherein:
FIG. 1 is a flow chart of the method of the present invention;
FIG. 2 is a schematic diagram of the modular construction of the system of the present invention;
FIG. 3 is a flow chart of the integrated encryption chip of the present invention receiving a request to perform an encryption operation and performing decryption comparison.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention more clear, the technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings of the embodiments of the present invention. It will be apparent that the described embodiments are some, but not all, embodiments of the invention. All other embodiments, which are obtained by a person skilled in the art based on the described embodiments of the invention, fall within the scope of protection of the invention.
Referring to fig. 1 and 3, in one embodiment of the present invention, a road parking identification method for an integrated encryption chip PDA device is provided, which includes the following steps:
The detection and recognition of the road parking space are completed after the image of the road parking position is acquired, analyzed and processed by the PDA equipment, and first recognition data are formed,
The PDA equipment generates a virtual cache container for encryption by an integrated encryption chip, and the integrated encryption chip responds to the first identification data and encrypts the first identification data based on the virtual cache container to form second identification data;
The main control chip receives the second identification data, the road parking identification data processing work operates in the virtual cache container, and the request for executing encryption operation is received through the integrated encryption chip and decryption comparison is carried out;
The method comprises the steps of carrying out decryption comparison on second identification data, carrying out parking identification authority allocation, searching preset data according to access authority levels, allocating a strategy library, obtaining a data grading strategy matched with the access authority levels, wherein the data grading strategy is used for representing data content which is safely accessed by encrypted second identification data and corresponds to the access authority levels, the data content which is safely accessed in the second identification data is responded according to the data grading strategy, and interactive list information of a second identification data file is generated according to the data grading strategy, and after the data grading strategy matched with the access authority levels is obtained, analysis of the grading strategy is carried out by constructing a grading model, wherein the analysis and the matching processing are specifically as follows:
;
Wherein, Is thatStatus-ranking assessment values of the individual ranking policy task data,Is a preset parameter and is used for distributing the grading value in the interval of (0-1),Is the firstThe number of items of the individual hierarchical policy task data,Is thatThe attribute value of the hierarchical policy task data state,Is thatThe weights of the hierarchical policy task data, weight assignments from the sensitivity, importance and value of the data,For analysis in stagesThe security access data, namely the hierarchical policy task data,Judging the first under the state evaluation standard cloud for analyzing and grading strategyThe individual hierarchical policy task data;
and identifying the safely accessed data content in the second identification data according to the interaction list information and uploading the data content to the road parking cloud management system.
As shown in fig. 3, the integrated encryption chip of the present embodiment receives a request for performing an encryption operation and performs decryption comparison, specifically as follows:
generating a random code by a main control chip;
The main control chip sends a plaintext to the encryption chip;
The integrated encryption chip encrypts the plaintext through an encryption algorithm to generate a ciphertext, and the encryption chip returns the ciphertext to the main control chip;
The main control chip decrypts the ciphertext to generate a decryption value;
The main control chip compares the decryption value with the previous plaintext, if the comparison value is consistent, the authentication is passed, the authentication is not passed to reach a preset threshold value, and then whether the operation is malicious request operation is judged, wherein the malicious request operation is more than the continuous authentication failure times or the key mismatch times;
When it is determined that the operation is a malicious request, the identity information and the key information are cleared from the virtual cache container by the integrated encryption chip.
The key of the integrated encryption chip is used for generating a virtual cache container used for encryption in the system, a traffic system for road parking identification runs in the container, running data is road parking encryption content information, the road parking encryption content information is stored in the virtual cache container, meanwhile, the virtual cache container is isolated from the outside and is determined to be credible for authentication, and data encryption processing is carried out to ensure the information security of the traffic system for road parking identification, and the traffic system is prevented from being shoveled and reversely analyzed.
The embodiment uses a key of an integrated encryption chip to generate a virtual cache container for encryption in an embedded road parking identification PDA equipment system based on a container technology, and the virtual cache container is specifically as follows:
Firstly, a developer needs to pack an application program of a road parking identification PDA equipment system and a dependency term thereof into a mirror image, the mirror image is completed through Dockerfile text files, dockerfile is a text file containing instructions and is used for constructing a Docker mirror image;
pushing the mirror image to a Docker warehouse after the construction of the mirror image is completed, and completing the mirror image through a Docker client;
container running-pulling mirror image from the Docker repository through Docker commands and running virtual cache containers.
Further, the encrypted virtual cache container is encrypted by a key of an encryption chip when a traffic system for identifying road parking is started, so that a container is generated, a traffic program runs in the container, traffic data is stored in the container, the container is isolated from outside, and program files and data files in the container cannot be contacted outside the container. The executable file entity is not contacted, and the reverse analysis is not performed naturally, and the container key is derived from the encryption chip, so that copying and copying are not performed.
The encryption algorithm of this embodiment adopts the block cipher algorithm of the national cipher SM7, the block length is 128 bits, the key length is 128 bits, and the integrated encryption chip adopts the EEPROM memory.
In this embodiment, preferably, the trust authentication of the integrated encryption chip, specifically, the virtual cache container in the integrated encryption chip writes the encryption key into the integrated encryption chip of the virtual cache container to be encrypted through the kernel-level signature CA verification technology, and adds a token, binds the LUKS key slot with the integrated encryption chip, and performs signature authentication through the encryption key when the virtual cache container is started by writing the encryption key into the integrated encryption chip and the LUKS key slot associated with the integrated encryption chip;
in addition, if the unsigned process or the process with inconsistent signature, namely the fake process cannot run, the trusted authentication is judged to be failed, and if the virtual cache container passes through the kernel-level signature CA verification technology, the signature authentication is carried out on the system application in the container, so that the unsigned process or the process with inconsistent signature, namely the fake process cannot run.
The virtual cache container of the integrated encryption chip adopts isolation measures to the outside, wherein the isolation measures are configured for a scene white list of the integrated encryption chip, the identity information, the key information and the associated scene information are matched and configured as a white list based on the virtual cache container, a white list mechanism can be used for limiting a test account number of a key of the integrated encryption chip, a control function online range of a user, limiting access rights of the user and the like, the white list scene of program and file association is formed through white list setting, operation outside the scene is forbidden to run, file protection is carried out at the same time, even if the rights of a system administrator are the same, the file protection is strictly limited, and encryption authentication is carried out on data read-write, modification and storage in the virtual cache container according to a minimized right principle, so that files specified by allowing a specified road parking identification service application program to read-write are limited, and file information security is ensured in a road parking identification service.
The method comprises the steps of identifying a PDA device user, specifically obtaining biological verification information of the user, carrying out matching verification on the biological verification information through a preset user authority library, generating a user verification result, wherein the user verification result comprises user authority levels of the user, assigning access authority levels to minimum values of the user authority levels and the PDA device authority levels, generating device identification information, and matching corresponding white list scenes according to the device identification information.
The embodiment specifically performs encryption operation on the first identification data, wherein the encryption operation comprises vehicle identification information, vehicle home owner information, vehicle stay time place information, vehicle payment information and vehicle parking space identification information;
the requested cryptographic operation includes one of an encryption operation, a decryption operation, a signature authentication operation, an external quarantine operation, or a file guard operation.
Based on the above, in this embodiment, the encryption chip of Guoque 7 is integrated on the hardware motherboard of the PDA, and the data transmission mode is improved, and the processing capability of the encryption chip is amplified by the container technology, so that all logic codes of the service program and the algorithm thereof are operated in the protected security container, thereby realizing the security of the algorithm and the code and executable module thereof, further encrypting the software system and the data transmission from the hardware layer, and guaranteeing the data security and the fund security.
Referring to fig. 2, in an embodiment of the present invention, a road parking identification system of an integrated encryption chip PDA device is provided, wherein the system is an embedded road parking identification PDA device system, and the road parking identification PDA device system includes an integrated encryption chip unit and a main control chip unit;
The buffer container generating module is used for generating a virtual buffer container for encryption in the embedded road parking identification PDA equipment system by using a key of the integrated encryption chip unit based on a container technology, so that the road parking identification data processing work of the road parking identification PDA equipment system runs in the virtual buffer container;
the data receiving module is used for responding to the first identification data, carrying out encryption operation on the first identification data based on the virtual cache container to form second identification data, and receiving a random code generated by the main control chip unit by the integrated encryption chip unit and a plaintext sent by the main control chip unit to the integrated encryption chip unit;
The integrated encryption chip unit receives a request for executing encryption operation and performs decryption comparison, wherein the integrated encryption chip unit receives a random code generated by the main control chip unit and a plaintext sent by the main control chip unit to the integrated encryption chip unit, encrypts the plaintext through an encryption algorithm to generate ciphertext, and returns the ciphertext to generate decryption ciphertext for comparison;
The signature authentication module is used for taking isolation measures to the outside by the virtual cache container of the integrated encryption chip unit, determining the inside as trusted authentication, and carrying out data encryption processing to ensure the information security of the road parking identification service;
The execution module is used for responding to and determining that the identity information of the road parking identification PDA equipment system is matched with the key of the virtual cache container allowed to request the password operation, and the integrated encryption chip executes the password operation requested by the road parking identification PDA equipment system based on the key information stored in the virtual cache container;
the main control chip unit comprises an image acquisition processing module, a parking identification authority allocation module, a data uploading module and a biological verification module;
The image acquisition processing module is used for acquiring, analyzing and processing the image of the road parking position through the PDA equipment, then completing detection and identification of the road parking space, and forming first identification data
The parking identification authority distribution module is used for carrying out parking identification authority distribution after decrypting and comparing the second identification data, searching preset data according to the access authority level, distributing a strategy library, obtaining a data classification strategy matched with the access authority level, wherein the data classification strategy is used for characterizing the data content which is safely accessed by the encrypted second identification data and corresponds to the access authority level, and generating interactive list information of the second identification data file according to the data classification strategy and the data content which is safely accessed in the second identification data according to the data classification strategy;
The data uploading module is used for identifying the safely accessed data content in the second identification data according to the interaction list information and uploading the safely accessed data content to the road parking cloud management system;
the biological verification module is used for carrying out matching verification on biological verification information through a preset user authority library to generate a user verification result, wherein the user verification result comprises user authority levels of users, the minimum value of the user authority levels and the PDA equipment authority levels is taken to assign access authority levels, equipment identification information is generated, and corresponding whitelist scenes are matched according to the equipment identification information.
In summary, the PDA device integrated with the national security SM7 encryption chip of the invention can directly complete operations such as encryption, classification, safe data identification uploading and the like while identifying by the aid of the ID, the secret key and the algorithm of the encryption chip enhancement module during road parking identification, by encrypting the first identification data by means of the operation capability of the CPU of the main control chip, then carrying out parking identification authority allocation on the encrypted data, and uploading data content corresponding to safe access by matching with a proper classification strategy.
In the above embodiments, it may be implemented in whole or in part by software, hardware, firmware, or any combination thereof. When implemented in software, may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When the computer program instructions are loaded and executed on a computer, the processes or functions in accordance with the present application are fully or partially produced. The computer may be a general purpose computer, a special purpose computer, a computer network, or other programmable apparatus. Computer instructions may be stored in a computer-readable storage medium or transmitted from one computer-readable storage medium to another.
In the description of the present specification, a description referring to terms "one embodiment," "some embodiments," "examples," "specific examples," or "some examples," etc., means that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the present application. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples. Furthermore, the different embodiments or examples described in this specification and the features of the different embodiments or examples may be combined and combined by those skilled in the art without contradiction.
Furthermore, the terms "first," "second," and the like, are used for descriptive purposes only and are not to be construed as indicating or implying a relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defining "a first" or "a second" may explicitly or implicitly include at least one such feature. In the description of the present application, the meaning of "a plurality" is two or more, unless explicitly defined otherwise.
Any process or method description in a flowchart or otherwise described herein may be understood as representing modules, segments, or portions of code which include one or more executable instructions for implementing specific logical functions or steps of the process. And the scope of the preferred embodiments of the present application includes additional implementations in which functions may be performed in a substantially simultaneous manner or in an opposite order from that shown or discussed, including in accordance with the functions that are involved.
Logic and/or steps represented in the flowcharts or otherwise described herein, e.g., a ordered listing of executable instructions for implementing logical functions, can be embodied in any computer-readable medium for use by or in connection with an instruction execution system, apparatus, or device, such as a computer-based system, processor-containing system, or other system that can fetch the instructions from the instruction execution system, apparatus, or device and execute the instructions.
It is to be understood that portions of the present application may be implemented in hardware, software, firmware, or a combination thereof. In the above-described embodiments, the various steps or methods may be implemented in software or firmware stored in a memory and executed by a suitable instruction execution system. All or part of the steps of the methods of the embodiments described above may be performed by a program that, when executed, comprises one or a combination of the steps of the method embodiments, instructs the associated hardware to perform the method.
In addition, each functional unit in the embodiments of the present application may be integrated in one processing module, or each unit may exist alone physically, or two or more units may be integrated in one module. The integrated modules may be implemented in hardware or in software functional modules. The integrated modules described above, if implemented in the form of software functional modules and sold or used as a stand-alone product, may also be stored in a computer-readable storage medium. The storage medium may be a read-only memory, a magnetic or optical disk, or the like.
The foregoing is merely illustrative of the present application, and the present application is not limited thereto, and any person skilled in the art will readily recognize that various modifications and substitutions are possible within the scope of the present application. Therefore, the protection scope of the application is subject to the protection scope of the claims.

Claims (9)

1. A road parking identification method of an integrated encryption chip PDA device, comprising:
The detection and recognition of the road parking space are completed after the image of the road parking position is acquired, analyzed and processed by the PDA equipment, and first recognition data are formed,
The PDA equipment generates a virtual cache container for encryption by an integrated encryption chip, and the integrated encryption chip responds to the first identification data and carries out encryption operation on the first identification data based on the virtual cache container to form second identification data;
the main control chip receives the second identification data, the road parking identification data processing work operates in the virtual cache container, and the request for executing encryption operation is received through the integrated encryption chip and decryption comparison is carried out;
And decrypting and comparing the second identification data, then carrying out parking identification authority allocation, searching preset data according to the access authority level, and allocating a strategy library to obtain a data grading strategy matched with the access authority level, wherein the analysis of the grading strategy carries out analysis and matching processing by constructing a grading model, and the method comprises the following specific steps of: ;
Wherein, Is thatStatus-ranking assessment values of the individual ranking policy task data,Is a preset parameter and is used for distributing the grading value in the interval of (0-1),Is the firstThe number of items of the individual hierarchical policy task data,Is thatThe attribute value of the hierarchical policy task data state,Is thatThe weights of the hierarchical policy task data, weight assignments from the sensitivity, importance and value of the data,For analysis in stagesThe security access data, namely the hierarchical policy task data,Judging the first under the state evaluation standard cloud for analyzing and grading strategyTask data;
The data classification strategy is used for representing the data content which is accessed safely by the encrypted second identification data and corresponds to the access authority level, extracting the data content which is accessed safely in the second identification data according to the data classification strategy, responding to the data content which is accessed safely and generating interaction list information of the second identification data file according to the data classification strategy;
And identifying the safely accessed data content in the second identification data according to the interaction list information and uploading the safely accessed data content to a road parking cloud management system.
2. The method for identifying road parking of integrated encryption chip PDA device according to claim 1, further comprising, when the second identification data is decrypted and compared and then parking identification authority is assigned:
The virtual buffer container integrated with encryption chip adopts isolation measure to the outside and determines the inside as credible authentication, and performs image data encryption processing to ensure the information security of the road parking identification service, and
And executing the password operation requested by the road parking identification PDA device system by the integrated encryption chip, responding to and determining that the identity information of the road parking identification PDA device system is matched with the key of the virtual cache container, and executing the password operation requested by the road parking identification PDA device system based on the key information stored in the virtual cache container.
3. The method for recognizing road parking of integrated encryption chip PDA device according to claim 1, wherein the integrated encryption chip generates a virtual buffer container for encryption, and generates a virtual buffer container for encryption in the embedded road parking recognition PDA device system using the key of the integrated encryption chip based on the container technology, so that the road parking recognition data processing of the road parking recognition PDA device system operates in the virtual buffer container, specifically as follows:
firstly, a developer needs to pack an application program of a road parking identification PDA equipment system and a dependency term thereof into a mirror image, the mirror image is completed through Dockerfile text files, dockerfile is a text file containing instructions and is used for constructing a Docker mirror image;
pushing the mirror image to a Docker warehouse after the construction of the mirror image is completed, and completing the mirror image through a Docker client;
container running-pulling mirror image from the Docker repository through Docker commands and running virtual cache containers.
4. The method for recognizing road parking of integrated encryption chip PDA device according to claim 1, wherein the integrated encryption chip receives a request for executing encryption operation and executes decryption comparison, the integrated encryption chip receives a random code generated by a main control chip and a plaintext transmitted by the main control chip, encrypts the plaintext by an encryption algorithm to generate ciphertext and returns the generated decrypted ciphertext for comparison, and the method is as follows:
generating a random code by a main control chip;
The main control chip sends a plaintext to the encryption chip;
The integrated encryption chip encrypts the plaintext through an encryption algorithm to generate a ciphertext, and the encryption chip returns the ciphertext to the main control chip;
The main control chip decrypts the ciphertext to generate a decryption value;
The main control chip compares the decryption value with the previous plaintext, if the comparison value is consistent, the authentication is passed, the authentication is not passed to reach a preset threshold value, and then whether the operation is a malicious request operation is judged, wherein the malicious request operation is more than the continuous authentication failure times or the key mismatch times;
when the operation is determined to be a malicious request operation, the integrated encryption chip clears the identity information and the key information from the virtual cache container;
the encryption algorithm adopts a block cipher algorithm of SM7, the block length is 128 bits, the key length is 128 bits, and the integrated encryption chip adopts an EEPROM memory.
5. A method for road parking identification of an integrated cryptographic chip PDA device as in claim 2 wherein said integrated cryptographic chip trustworthiness authenticates,
The method comprises the steps that a virtual cache container in an integrated encryption chip writes an encryption key into the integrated encryption chip of the virtual cache container to be encrypted through a kernel-level signature (CA) verification technology, a token is added, a LUKS key slot is bound with the integrated encryption chip, the token stores the encryption key written into the integrated encryption chip and the LUKS key slot associated with the encryption key, the encryption key is stored in the integrated encryption chip, and signature authentication is carried out through the encryption key when the virtual cache container is started;
If the unsigned process or the process with inconsistent signature, namely the fake process cannot run, the trusted authentication is judged to be failed.
6. The road parking identification method of the integrated encryption chip PDA device as set forth in claim 2, wherein the virtual cache container of the integrated encryption chip takes isolation measures to the outside, wherein the isolation measures are scene white list configuration of the integrated encryption chip, in particular, identity information, key information and associated scene information are matched and configured into a white list based on the virtual cache container, a program and file associated white list scene is formed through white list setting, operation outside the scene is forbidden, and file protection is performed at the same time;
The file protection is designed according to the principle of minimized authority, and performs encryption authentication on data read-write, modification and storage in the virtual cache container, so as to limit the permission of a specified road parking identification service application program to read and write the specified file.
7. The method for identifying road parking of PDA device integrated with encryption chip as set forth in claim 6, further comprising identifying a PDA device user, specifically obtaining biometric information of the user, performing matching verification on the biometric information through a preset user authority library, generating a user verification result, wherein the user verification result comprises a user authority level of the user, assigning an access authority level to a minimum value of the user authority level and the PDA device authority level, generating device identification information, and matching corresponding whitelist scenes according to the device identification information.
8. The method for identifying road parking of integrated cryptographic chip PDA device as set forth in claim 1, wherein encrypting said first identification data comprises vehicle identification information, vehicle home owner information, vehicle stay time location information, vehicle payment information, and vehicle parking space identification information;
The requested cryptographic operation includes one of an encryption operation, a decryption operation, a signature authentication operation, an external quarantine operation, or a file guard operation.
9. A system of a road parking identification method applied to the integrated encryption chip PDA device as set forth in claim 7, characterized in that the system is an embedded road parking identification PDA device system, the road parking identification PDA device system comprises an integrated encryption chip unit and a main control chip unit, the integrated encryption chip unit comprises a cache container generation module, a data receiving module, a data encryption module, a signature authentication module and an execution module;
The system comprises a cache container generation module, a data processing module and a data processing module, wherein the cache container generation module is used for generating a virtual cache container for encryption in an embedded road parking identification PDA equipment system by using a key of an integrated encryption chip unit based on a container technology, so that road parking identification data processing work of the road parking identification PDA equipment system operates in the virtual cache container;
The data receiving module is used for responding to the first identification data, carrying out encryption operation on the first identification data based on the virtual cache container to form second identification data, and receiving a random code generated by the main control chip unit and a plaintext sent by the main control chip unit to the integrated encryption chip unit by the integrated encryption chip unit;
The data encryption module is used for receiving a request for executing encryption operation by the integrated encryption chip unit and carrying out decryption comparison, wherein the integrated encryption chip unit receives a random code generated by the main control chip unit and a plaintext sent by the main control chip unit to the integrated encryption chip unit, and then encrypts the plaintext through an encryption algorithm to generate ciphertext and returns to generate decryption ciphertext for comparison;
The signature authentication module is used for taking isolation measures to the outside by the virtual cache container of the integrated encryption chip unit, determining the inside as trusted authentication, and carrying out data encryption processing to ensure the information security of the road parking identification service;
An execution module for responding to and determining that the road parking identification PDA equipment system identity information is matched with the key of the virtual cache container allowed to request the password operation, and executing the password operation requested by the road parking identification PDA equipment system by the integrated encryption chip based on the key information stored in the virtual cache container;
The main control chip unit comprises an image acquisition processing module, a parking identification authority distribution module, a data uploading module and a biological verification module;
The image acquisition processing module is used for acquiring, analyzing and processing the image of the road parking position through the PDA equipment, then completing detection and identification of the road parking space, and forming first identification data
The parking identification authority allocation module is used for carrying out parking identification authority allocation after decryption and comparison on the second identification data, searching preset data according to access authority levels and allocating a strategy library, and obtaining a data classification strategy matched with the access authority levels, wherein the data classification strategy is used for characterizing data content which is safely accessed by the encrypted second identification data and corresponds to the access authority levels, and the data content which is safely accessed in the second identification data is subjected to data classification strategy, and interactive list information of the second identification data file is generated according to the data classification strategy and the data content which is safely accessed;
The data uploading module is used for identifying the safely accessed data content in the second identification data according to the interaction list information and uploading the safely accessed data content to the road parking cloud management system;
The biological verification module is used for carrying out matching verification on the biological verification information through a preset user authority library to generate a user verification result, wherein the user verification result comprises the user authority level of the user, the minimum value of the user authority level and the PDA equipment authority level is taken to assign an access authority level, equipment identification information is generated, and the corresponding white list scene is matched according to the equipment identification information.
CN202411391928.7A 2024-10-08 2024-10-08 Road parking identification method and system of integrated encryption chip PDA (personal digital Assistant) equipment Active CN118916902B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202411391928.7A CN118916902B (en) 2024-10-08 2024-10-08 Road parking identification method and system of integrated encryption chip PDA (personal digital Assistant) equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202411391928.7A CN118916902B (en) 2024-10-08 2024-10-08 Road parking identification method and system of integrated encryption chip PDA (personal digital Assistant) equipment

Publications (2)

Publication Number Publication Date
CN118916902A CN118916902A (en) 2024-11-08
CN118916902B true CN118916902B (en) 2025-02-07

Family

ID=93299536

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202411391928.7A Active CN118916902B (en) 2024-10-08 2024-10-08 Road parking identification method and system of integrated encryption chip PDA (personal digital Assistant) equipment

Country Status (1)

Country Link
CN (1) CN118916902B (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102792547A (en) * 2010-02-18 2012-11-21 特拉华大学 Aggregation server for grid-integrated vehicles
CN106130737A (en) * 2016-07-07 2016-11-16 吴本刚 A kind of road congestion information data sharing method

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111223195A (en) * 2020-01-16 2020-06-02 弘道(深圳)物联科技有限公司 City level wisdom parking system platform
CN115103456B (en) * 2022-04-28 2023-08-18 成都交投智慧停车产业发展有限公司 PDA intelligent docking method and intelligent docking system

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102792547A (en) * 2010-02-18 2012-11-21 特拉华大学 Aggregation server for grid-integrated vehicles
CN106130737A (en) * 2016-07-07 2016-11-16 吴本刚 A kind of road congestion information data sharing method

Also Published As

Publication number Publication date
CN118916902A (en) 2024-11-08

Similar Documents

Publication Publication Date Title
US11947688B2 (en) Secure computing system
EP3887979B1 (en) Personalized and cryptographically secure access control in operating systems
US10162975B2 (en) Secure computing system
US20050060561A1 (en) Protection of data
US11962694B2 (en) Key pair generation based on environmental factors
CN101329658B (en) Encryption and decryption method, and PLC system using the same
US20030041250A1 (en) Privacy of data on a computer platform
US20050060568A1 (en) Controlling access to data
JPH1185622A (en) Protection memory for core data secret item
JP2009521033A (en) How to authenticate a computer system application
JP2003345654A (en) Data protection system
Liu et al. $ LiveForen $: Ensuring Live Forensic Integrity in the Cloud
CN118916902B (en) Road parking identification method and system of integrated encryption chip PDA (personal digital Assistant) equipment
Dan et al. Toward an AI chatbot-driven advanced digital locker
KR100523843B1 (en) Apparatus for ACL-based control mechanism for access control in DRM client software
Toll et al. The Caernarvon secure embedded operating system
Philip et al. Security impact of trusted execution environment in rich execution environment based systems
CN114329564B (en) Method for processing privatized format files, electronic equipment and medium
CN117786667B (en) Process authority management method, system and storage medium for controllable computation
Karger et al. Designing a Secure Smart Card Operating System
Fouladi et al. Vulnerability Analysis of a Commercial. NET Smart Card
KR20230045279A (en) Docker image authentication apparatus and method using homomoriphic encryption
CN118965437A (en) Data processing method and data processing device
CN117828580A (en) Application program authentication method and device
CN120354442A (en) Access control based on classification of altered data

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant