[go: up one dir, main page]

CN116366289B - Safety supervision method and device for remote sensing data of unmanned aerial vehicle - Google Patents

Safety supervision method and device for remote sensing data of unmanned aerial vehicle Download PDF

Info

Publication number
CN116366289B
CN116366289B CN202310162354.5A CN202310162354A CN116366289B CN 116366289 B CN116366289 B CN 116366289B CN 202310162354 A CN202310162354 A CN 202310162354A CN 116366289 B CN116366289 B CN 116366289B
Authority
CN
China
Prior art keywords
data
ciphertext
remote sensing
key
private key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202310162354.5A
Other languages
Chinese (zh)
Other versions
CN116366289A (en
Inventor
刘正军
陈一铭
张赓
李永荣
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chinese Academy of Surveying and Mapping
Original Assignee
Chinese Academy of Surveying and Mapping
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chinese Academy of Surveying and Mapping filed Critical Chinese Academy of Surveying and Mapping
Priority to CN202310162354.5A priority Critical patent/CN116366289B/en
Publication of CN116366289A publication Critical patent/CN116366289A/en
Application granted granted Critical
Publication of CN116366289B publication Critical patent/CN116366289B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04QSELECTING
    • H04Q9/00Arrangements in telecontrol or telemetry systems for selectively calling a substation from a main station, in which substation desired apparatus is selected for applying a control signal thereto or for obtaining measured values therefrom
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02PCLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
    • Y02P90/00Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
    • Y02P90/02Total factory control, e.g. smart factories, flexible manufacturing systems [FMS] or integrated manufacturing systems [IMS]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Selective Calling Equipment (AREA)

Abstract

本申请涉及一种无人机遥感数据的安全监管方法、装置、计算机设备、存储介质和计算机程序产品。方法应用于数据采集端,方法包括:基于第一公钥对采集的遥感数据进行加密处理,得到第一数据密文;基于第二公钥对第一私钥进行加密处理,得到密钥密文;将包含第一数据密文和密钥密文的传输数据发送至数据处理端,以使数据处理端基于第二私钥对传输数据中的密钥密文进行解密处理,得到第一私钥,并基于第一私钥对传输数据中的第一数据密文进行解密处理,得到遥感数据。本方案提高了遥感数据的安全性。

The present application relates to a method, device, computer equipment, storage medium and computer program product for the security supervision of unmanned aerial vehicle remote sensing data. The method is applied to the data acquisition end, and the method includes: encrypting the collected remote sensing data based on the first public key to obtain the first data ciphertext; encrypting the first private key based on the second public key to obtain the key ciphertext; sending the transmission data containing the first data ciphertext and the key ciphertext to the data processing end, so that the data processing end decrypts the key ciphertext in the transmission data based on the second private key to obtain the first private key, and decrypts the first data ciphertext in the transmission data based on the first private key to obtain the remote sensing data. This scheme improves the security of remote sensing data.

Description

无人机遥感数据的安全监管方法及装置Safety supervision method and device for unmanned aerial vehicle remote sensing data

技术领域Technical Field

本申请涉及数据传输技术领域,特别是涉及一种无人机遥感数据的安全监管方法及装置。The present application relates to the technical field of data transmission, and in particular to a method and device for securely monitoring remote sensing data of unmanned aerial vehicles.

背景技术Background technique

目前,在无人机遥感数据的数据传输过程中,数据采集端直接将采集到的无人机遥感数据传输到数据处理端。其中,无人机遥感数据是未经数据采集端处理过的原始数据。At present, in the data transmission process of UAV remote sensing data, the data collection end directly transmits the collected UAV remote sensing data to the data processing end. Among them, the UAV remote sensing data is the original data that has not been processed by the data collection end.

因此,任意数据处理端都可以获取数据采集端采集的无人机遥感数据,进而导致遥感数据容易泄露,降低了无人机遥感数据的安全性。Therefore, any data processing end can obtain the UAV remote sensing data collected by the data collection end, which makes the remote sensing data easy to leak and reduces the security of the UAV remote sensing data.

发明内容Summary of the invention

基于此,有必要针对上述技术问题,提供一种能够提高无人机遥感数据的安全性的无人机遥感数据的安全监管方法、装置、计算机设备、计算机可读存储介质和计算机程序产品。Based on this, it is necessary to provide a method, device, computer equipment, computer-readable storage medium and computer program product for security supervision of drone remote sensing data that can improve the security of drone remote sensing data in response to the above-mentioned technical problems.

第一方面,本申请提供了一种无人机遥感数据的安全监管方法。所述方法应用于数据采集端,所述方法包括:In a first aspect, the present application provides a method for the security supervision of drone remote sensing data. The method is applied to a data collection end, and the method includes:

基于第一公钥对采集的遥感数据进行加密处理,得到第一数据密文;Encrypting the collected remote sensing data based on the first public key to obtain a first data ciphertext;

基于第二公钥对第一私钥进行加密处理,得到密钥密文;Encrypting the first private key based on the second public key to obtain a key ciphertext;

将包含所述第一数据密文和所述密钥密文的传输数据发送至数据处理端,以使所述数据处理端基于第二私钥对所述传输数据中的密钥密文进行解密处理,得到所述第一私钥,并基于所述第一私钥对所述传输数据中的第一数据密文进行解密处理,得到所述遥感数据。The transmission data including the first data ciphertext and the key ciphertext is sent to the data processing end, so that the data processing end decrypts the key ciphertext in the transmission data based on the second private key to obtain the first private key, and decrypts the first data ciphertext in the transmission data based on the first private key to obtain the remote sensing data.

在其中一个实施例中,所述基于第一公钥对采集的遥感数据进行加密处理之前,还包括:In one embodiment, before encrypting the collected remote sensing data based on the first public key, the method further includes:

获取所述遥感数据的数据起始采集时间;Obtaining the data collection start time of the remote sensing data;

在所述数据起始采集时间早于预设的数字证书的有效截止时间的情况下,采集所述遥感数据。In the case where the data collection start time is earlier than the preset validity expiration time of the digital certificate, the remote sensing data is collected.

在其中一个实施例中,所述基于第一公钥对采集的遥感数据进行加密处理,得到第一数据密文包括:In one embodiment, encrypting the collected remote sensing data based on the first public key to obtain the first data ciphertext includes:

向密码平台发送身份认证请求,以使所述密码平台响应于所述身份认证请求,将基于预设的数字证书确定的数字签名返回至所述数据采集端;Sending an identity authentication request to the cryptographic platform, so that the cryptographic platform responds to the identity authentication request and returns a digital signature determined based on a preset digital certificate to the data acquisition end;

将所述数字签名发送至所述数据处理端;所述数字签名用于指示所述数据处理端基于所述数字签名进行验签处理,得到验签结果,并将所述验签结果返回至所述数据采集端;The digital signature is sent to the data processing end; the digital signature is used to instruct the data processing end to perform signature verification based on the digital signature, obtain a signature verification result, and return the signature verification result to the data collection end;

在所述验签结果表示验证成功的情况下,基于第一公钥对采集的遥感数据进行加密处理,得到第一数据密文。When the signature verification result indicates that the verification is successful, the collected remote sensing data is encrypted based on the first public key to obtain a first data ciphertext.

第二方面,本申请提供了一种无人机遥感数据的安全监管方法。所述方法应用于数据处理端,所述方法包括:In a second aspect, the present application provides a method for the security supervision of drone remote sensing data. The method is applied to a data processing end, and the method includes:

接收数据采集端发送的包含第一数据密文和密钥密文的传输数据;所述第一数据密文是所述数据采集端基于第一公钥对采集的遥感数据进行加密处理得到的;所述密钥密文是所述数据采集端基于第二公钥对第一私钥进行加密处理得到的;Receive transmission data including a first data ciphertext and a key ciphertext sent by a data acquisition terminal; the first data ciphertext is obtained by the data acquisition terminal encrypting the collected remote sensing data based on the first public key; the key ciphertext is obtained by the data acquisition terminal encrypting the first private key based on the second public key;

基于第二私钥对所述传输数据中的密钥密文进行解密处理,得到所述第一私钥;Decrypting the key ciphertext in the transmission data based on the second private key to obtain the first private key;

基于所述第一私钥对所述传输数据中的第一数据密文进行解密处理,得到所述遥感数据。The first data ciphertext in the transmission data is decrypted based on the first private key to obtain the remote sensing data.

在其中一个实施例中,所述接收数据采集端发送的包含第一数据密文和密钥密文的传输数据之前,还包括:In one embodiment, before receiving the transmission data including the first data ciphertext and the key ciphertext sent by the data acquisition terminal, the method further includes:

接收所述数据采集端发送的数字签名;所述数字签名是所述密码平台响应于所述数据采集端发送的身份认证请求,基于预设的数字证书确定的,并由所述密码平台发送至所述数据处理端的;Receiving a digital signature sent by the data acquisition terminal; the digital signature is determined by the cryptographic platform in response to an identity authentication request sent by the data acquisition terminal, based on a preset digital certificate, and sent by the cryptographic platform to the data processing terminal;

基于所述数字签名进行验签处理,得到验签结果,并将所述验签结果返回至所述数据采集端;所述验签结果用于在所述验签结果表示验证成功的情况下,指示所述数据采集端基于第一公钥对采集的所述遥感数据进行加密处理,得到第一数据密文。A signature verification process is performed based on the digital signature to obtain a signature verification result, and the signature verification result is returned to the data acquisition end; the signature verification result is used to instruct the data acquisition end to encrypt the collected remote sensing data based on the first public key to obtain a first data ciphertext when the signature verification result indicates that the verification is successful.

在其中一个实施例中,所述基于第二私钥对所述传输数据中的密钥密文进行解密处理,得到所述第一私钥之前,还包括:In one embodiment, before decrypting the key ciphertext in the transmission data based on the second private key to obtain the first private key, the method further includes:

基于所述遥感数据的数据起始采集时间,查询晚于所述数据起始采集时间的预设的数字证书的有效截止时间,得到目标有效截止时间;Based on the data start collection time of the remote sensing data, querying the effective expiration time of the preset digital certificate later than the data start collection time to obtain the target effective expiration time;

根据所述目标有效截止时间和所述数据采集端的设备标识,确定所述第二私钥。The second private key is determined according to the target effective deadline and the device identification of the data acquisition terminal.

在其中一个实施例中,所述传输数据还包括包含所述数据采集端的设备标识和所述遥感数据的数据起始采集时间的第二数据密文、以及包含所述设备标识和所述数据起始采集时间的验证明文;所述基于所述第一私钥对所述传输数据中的第一数据密文进行解密处理包括:In one embodiment, the transmission data further includes a second data ciphertext including a device identification of the data acquisition terminal and a data acquisition start time of the remote sensing data, and a verification plaintext including the device identification and the data acquisition start time; the decrypting the first data ciphertext in the transmission data based on the first private key includes:

在所述验证明文中的设备标识与所述第二数据密文包含的设备标识一致、且所述验证明文中的数据起始采集时间与所述第二数据密文包含的数据起始采集时间一致的情况下,基于所述第一私钥对所述传输数据中的第一数据密文进行解密处理。When the device identifier in the verification plaintext is consistent with the device identifier included in the second data ciphertext, and the data collection start time in the verification plaintext is consistent with the data collection start time included in the second data ciphertext, the first data ciphertext in the transmission data is decrypted based on the first private key.

第三方面,本申请还提供了一种无人机遥感数据的安全监管系统。无人机遥感数据的安全监管系统包括数据采集端以及数据处理端,其中:In a third aspect, the present application also provides a safety supervision system for drone remote sensing data. The safety supervision system for drone remote sensing data includes a data collection end and a data processing end, wherein:

所述数据采集端,用于基于第一公钥对采集的遥感数据进行加密处理,得到第一数据密文;基于第二公钥对第一私钥进行加密处理,得到密钥密文;将包含所述第一数据密文和所述密钥密文的传输数据发送至所述数据处理端;The data acquisition end is used to encrypt the collected remote sensing data based on the first public key to obtain a first data ciphertext; encrypt the first private key based on the second public key to obtain a key ciphertext; and send the transmission data including the first data ciphertext and the key ciphertext to the data processing end;

所述数据处理端,用于基于第二私钥对所述传输数据中的密钥密文进行解密处理,得到所述第一私钥;基于所述第一私钥对所述传输数据中的第一数据密文进行解密处理,得到所述遥感数据。The data processing end is used to decrypt the key ciphertext in the transmission data based on the second private key to obtain the first private key; and decrypt the first data ciphertext in the transmission data based on the first private key to obtain the remote sensing data.

在其中一个实施例中,所述数据处理端包括数据接收端和内网密码机;所述数据处理端,基于第二私钥对所述传输数据中的密钥密文进行解密处理,得到所述第一私钥;基于所述第一私钥对所述传输数据中的第一数据密文进行解密处理,得到所述遥感数据,包括:In one embodiment, the data processing end includes a data receiving end and an intranet cipher machine; the data processing end decrypts the key ciphertext in the transmission data based on the second private key to obtain the first private key; and decrypts the first data ciphertext in the transmission data based on the first private key to obtain the remote sensing data, including:

所述数据接收端,用于接收所述数据采集端发送的所述传输数据,并将所述传输数据发送至所述内网密码机;The data receiving end is used to receive the transmission data sent by the data acquisition end, and send the transmission data to the intranet cipher machine;

所述内网密码机,用于基于第二私钥对所述传输数据中的密钥密文进行解密处理,得到所述第一私钥;基于所述第一私钥对所述传输数据中的第一数据密文进行解密处理,得到所述遥感数据。The intranet cipher machine is used to decrypt the key ciphertext in the transmission data based on the second private key to obtain the first private key; and to decrypt the first data ciphertext in the transmission data based on the first private key to obtain the remote sensing data.

第四方面,本申请还提供了一种无人机遥感数据的安全监管装置。应用于数据采集端,所述装置包括:In a fourth aspect, the present application also provides a safety monitoring device for drone remote sensing data. Applied to a data collection end, the device comprises:

第一加密模块,用于基于第一公钥对采集的遥感数据进行加密处理,得到第一数据密文;A first encryption module, used for encrypting the collected remote sensing data based on a first public key to obtain a first data ciphertext;

第二加密模块,用于基于第二公钥对第一私钥进行加密处理,得到密钥密文;A second encryption module, used to encrypt the first private key based on the second public key to obtain a key ciphertext;

发送模块,用于将包含所述第一数据密文和所述密钥密文的传输数据发送至数据处理端,以使所述数据处理端基于第二私钥对所述传输数据中的密钥密文进行解密处理,得到所述第一私钥,并基于所述第一私钥对所述传输数据中的第一数据密文进行解密处理,得到所述遥感数据。A sending module is used to send the transmission data including the first data ciphertext and the key ciphertext to a data processing end, so that the data processing end decrypts the key ciphertext in the transmission data based on the second private key to obtain the first private key, and decrypts the first data ciphertext in the transmission data based on the first private key to obtain the remote sensing data.

在其中一个实施例中,所述无人机遥感数据的安全监管装置还包括:In one embodiment, the safety monitoring device for the drone remote sensing data further includes:

获取模块,用于获取所述遥感数据的数据起始采集时间;An acquisition module, used for acquiring the data collection start time of the remote sensing data;

采集模块,用于在所述数据起始采集时间早于预设的数字证书的有效截止时间的情况下,采集所述遥感数据。The acquisition module is used to acquire the remote sensing data when the data acquisition start time is earlier than the effective expiration time of the preset digital certificate.

在其中一个实施例中,所述第一加密模块具体用于:In one embodiment, the first encryption module is specifically used for:

向密码平台发送身份认证请求,以使所述密码平台响应于所述身份认证请求,将基于预设的数字证书确定的数字签名返回至所述数据采集端;Sending an identity authentication request to the cryptographic platform, so that the cryptographic platform responds to the identity authentication request and returns a digital signature determined based on a preset digital certificate to the data acquisition end;

将所述数字签名发送至所述数据处理端;所述数字签名用于指示所述数据处理端基于所述数字签名进行验签处理,得到验签结果,并将所述验签结果返回至所述数据采集端;The digital signature is sent to the data processing end; the digital signature is used to instruct the data processing end to perform signature verification based on the digital signature, obtain a signature verification result, and return the signature verification result to the data collection end;

在所述验签结果表示验证成功的情况下,基于第一公钥对采集的遥感数据进行加密处理,得到第一数据密文。When the signature verification result indicates that the verification is successful, the collected remote sensing data is encrypted based on the first public key to obtain a first data ciphertext.

第五方面,本申请还提供了一种无人机遥感数据的安全监管装置。所述装置应用于数据处理端,所述装置包括:In a fifth aspect, the present application also provides a safety monitoring device for drone remote sensing data. The device is applied to a data processing end, and the device includes:

第一接收模块,用于接收数据采集端发送的包含第一数据密文和密钥密文的传输数据;所述第一数据密文是所述数据采集端基于第一公钥对采集的遥感数据进行加密处理得到的;所述密钥密文是所述数据采集端基于第二公钥对第一私钥进行加密处理得到的;A first receiving module is used to receive transmission data including a first data ciphertext and a key ciphertext sent by a data acquisition terminal; the first data ciphertext is obtained by the data acquisition terminal encrypting the collected remote sensing data based on the first public key; the key ciphertext is obtained by the data acquisition terminal encrypting the first private key based on the second public key;

第一解密模块,用于基于第二私钥对所述传输数据中的密钥密文进行解密处理,得到所述第一私钥;A first decryption module, used to decrypt the key ciphertext in the transmission data based on the second private key to obtain the first private key;

第二解密模块,用于基于所述第一私钥对所述传输数据中的第一数据密文进行解密处理,得到所述遥感数据。The second decryption module is used to decrypt the first data ciphertext in the transmission data based on the first private key to obtain the remote sensing data.

在其中一个实施例中,所述无人机遥感数据的安全监管装置还包括:In one embodiment, the safety monitoring device for the drone remote sensing data further includes:

第二接收模块,用于接收所述数据采集端发送的数字签名;所述数字签名是密码平台响应于所述数据采集端发送的身份认证请求,基于预设的数字证书确定的,并由所述密码平台发送至所述数据处理端的;A second receiving module is used to receive a digital signature sent by the data acquisition terminal; the digital signature is determined by the cryptographic platform in response to the identity authentication request sent by the data acquisition terminal based on a preset digital certificate, and sent by the cryptographic platform to the data processing terminal;

验签模块,用于基于所述数字签名进行验签处理,得到验签结果,并将所述验签结果返回至所述数据采集端;所述验签结果用于在所述验签结果表示验证成功的情况下,指示所述数据采集端基于第一公钥对采集的所述遥感数据进行加密处理,得到第一数据密文。The signature verification module is used to perform signature verification based on the digital signature, obtain a signature verification result, and return the signature verification result to the data acquisition end; the signature verification result is used to instruct the data acquisition end to encrypt the collected remote sensing data based on the first public key to obtain a first data ciphertext when the signature verification result indicates that the verification is successful.

在其中一个实施例中,所述无人机遥感数据的安全监管装置还包括:In one embodiment, the safety monitoring device for the drone remote sensing data further includes:

查询模块,用于基于所述遥感数据的数据起始采集时间,查询晚于所述数据起始采集时间的预设的数字证书的有效截止时间,得到目标有效截止时间;A query module, configured to query the effective expiration time of a preset digital certificate later than the data start collection time based on the data start collection time of the remote sensing data, and obtain a target effective expiration time;

确定模块,用于根据所述目标有效截止时间和所述数据采集端的设备标识,确定所述第二私钥。A determination module is used to determine the second private key according to the target effective deadline and the device identification of the data acquisition terminal.

在其中一个实施例中,所述传输数据还包括包含所述数据采集端的设备标识和所述遥感数据的数据起始采集时间的第二数据密文、以及包含所述设备标识和所述数据起始采集时间的验证明文;所述第二解密模块具体用于:In one embodiment, the transmission data further includes a second data ciphertext including a device identification of the data acquisition terminal and a data acquisition start time of the remote sensing data, and a verification plaintext including the device identification and the data acquisition start time; the second decryption module is specifically used for:

在所述验证明文中的设备标识与所述第二数据密文包含的设备标识一致、且所述验证明文中的数据起始采集时间与所述第二数据密文包含的数据起始采集时间一致的情况下,基于所述第一私钥对所述传输数据中的第一数据密文进行解密处理。When the device identifier in the verification plaintext is consistent with the device identifier included in the second data ciphertext, and the data collection start time in the verification plaintext is consistent with the data collection start time included in the second data ciphertext, the first data ciphertext in the transmission data is decrypted based on the first private key.

第六方面,本申请还提供了一种计算机设备。所述计算机设备包括存储器和处理器,所述存储器存储有计算机程序,所述处理器执行所述计算机程序时实现以第一方面或者第二方面所述的步骤。In a sixth aspect, the present application further provides a computer device, wherein the computer device comprises a memory and a processor, wherein the memory stores a computer program, and when the processor executes the computer program, the steps described in the first aspect or the second aspect are implemented.

第七方面,本申请还提供了一种计算机可读存储介质。所述计算机可读存储介质,其上存储有计算机程序,所述计算机程序被处理器执行时实现以第一方面或者第二方面或者第三方面所述的步骤。In a seventh aspect, the present application further provides a computer-readable storage medium, wherein a computer program is stored thereon, and when the computer program is executed by a processor, the steps described in the first aspect, the second aspect, or the third aspect are implemented.

第八方面,本申请还提供了一种计算机程序产品。所述计算机程序产品,包括计算机程序,该计算机程序被处理器执行时实现以第一方面或者第二方面所述的步骤。In an eighth aspect, the present application further provides a computer program product, wherein the computer program product comprises a computer program, and when the computer program is executed by a processor, the steps described in the first aspect or the second aspect are implemented.

上述无人机遥感数据的安全监管方法、装置、计算机设备、存储介质和计算机程序产品,应用于数据采集端,通过基于第一公钥对采集的遥感数据进行加密处理,得到第一数据密文;基于第二公钥对第一私钥进行加密处理,得到密钥密文;将包含第一数据密文和密钥密文的传输数据发送至数据处理端,以使数据处理端基于第二私钥对传输数据中的密钥密文进行解密处理,得到第一私钥,并基于第一私钥对传输数据中的第一数据密文进行解密处理,得到遥感数据。上述方案中,传输数据是经数据采集端进行加密处理后的密文,所以,只有数据处理端用正确的解密密钥来对传输数据进行解密,数据处理端才能获取传输数据中的遥感数据,进而减少了遥感数据的泄露情况,实现遥感数据的安全性的提高。The above-mentioned method, device, computer equipment, storage medium and computer program product for the security supervision of remote sensing data of unmanned aerial vehicles are applied to the data acquisition end, and the collected remote sensing data is encrypted based on the first public key to obtain the first data ciphertext; the first private key is encrypted based on the second public key to obtain the key ciphertext; the transmission data containing the first data ciphertext and the key ciphertext is sent to the data processing end, so that the data processing end decrypts the key ciphertext in the transmission data based on the second private key to obtain the first private key, and decrypts the first data ciphertext in the transmission data based on the first private key to obtain the remote sensing data. In the above scheme, the transmission data is the ciphertext encrypted by the data acquisition end, so only when the data processing end uses the correct decryption key to decrypt the transmission data can the data processing end obtain the remote sensing data in the transmission data, thereby reducing the leakage of remote sensing data and improving the security of remote sensing data.

附图说明BRIEF DESCRIPTION OF THE DRAWINGS

图1为一个实施例中无人机遥感数据的安全监管方法的应用环境图;FIG1 is a diagram of an application environment of a method for safely supervising remote sensing data of a drone in one embodiment;

图2为一个实施例中无人机遥感数据的安全监管方法的流程示意图;FIG2 is a schematic diagram of a flow chart of a method for safely supervising remote sensing data of a drone in one embodiment;

图3为另一个实施例中无人机遥感数据的安全监管方法的流程示意图;FIG3 is a schematic diagram of a flow chart of a method for safely supervising remote sensing data of a drone in another embodiment;

图4为一个实施例中无人机遥感数据的安全监管方法的信令图;FIG4 is a signaling diagram of a method for safely supervising remote sensing data of a drone in one embodiment;

图5为一个实施例中无人机遥感数据的安全监管装置的结构框图;FIG5 is a block diagram of a safety monitoring device for drone remote sensing data in one embodiment;

图6为另一个实施例中无人机遥感数据的安全监管装置的结构框图;FIG6 is a block diagram of a safety monitoring device for remote sensing data of a drone in another embodiment;

图7为一个实施例中计算机设备的内部结构图。FIG. 7 is a diagram showing the internal structure of a computer device in one embodiment.

具体实施方式Detailed ways

为了使本申请的目的、技术方案及优点更加清楚明白,以下结合附图及实施例,对本申请进行进一步详细说明。应当理解,此处描述的具体实施例仅仅用以解释本申请,并不用于限定本申请。In order to make the purpose, technical solution and advantages of the present application more clearly understood, the present application is further described in detail below in conjunction with the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are only used to explain the present application and are not used to limit the present application.

本申请实施例提供的无人机遥感数据的安全监管方法,可以应用于如图1所示的应用环境中。其中,如图1所示的无人机遥感数据的安全监管系统包括数据采集端102以及数据处理端104,数据采集端102、以及数据处理端104之间通过通信连接。在一个实施例中,无人机遥感数据的安全监管系统还包括密码平台,数据采集端102、密码平台以及数据处理端104两两之间通过通信连接。在一个实施例中,数据采集端102可以是无人机设备。在一个实施例中,数据处理端104包括数据接收端和内网密码机。The method for security supervision of UAV remote sensing data provided in the embodiment of the present application can be applied in the application environment as shown in Figure 1. Among them, the security supervision system for UAV remote sensing data as shown in Figure 1 includes a data acquisition terminal 102 and a data processing terminal 104, and the data acquisition terminal 102 and the data processing terminal 104 are connected by communication. In one embodiment, the security supervision system for UAV remote sensing data also includes a cryptographic platform, and the data acquisition terminal 102, the cryptographic platform and the data processing terminal 104 are connected by communication. In one embodiment, the data acquisition terminal 102 can be a UAV device. In one embodiment, the data processing terminal 104 includes a data receiving terminal and an intranet cryptographic machine.

数据采集端102采集遥感数据,并基于第一公钥对采集的遥感数据进行加密处理,得到第一数据密文。其中,第一公钥是数据采集端102产生的公钥,用于对数据采集端102采集的遥感数据进行加密。数据采集端102基于第二公钥对第一私钥进行加密处理,得到密钥密文。在一个实施例中,第一公钥是非对称密钥,具体的,第一公钥可以是SM2的公钥。数据采集端102将包含第一数据密文和密钥密文的传输数据发送至数据处理端104。数据处理端104接收数据采集端102发送的包含第一数据密文和密钥密文的传输数据,并基于第二私钥对传输数据中的密钥密文进行解密处理,得到第一私钥。其中,第二私钥与第二公钥是一对数据密钥对。数据处理端104基于第一私钥对传输数据中的第一数据密文进行解密处理,得到遥感数据。其中,第一私钥与第一公钥是一对密钥加密密钥对。The data acquisition terminal 102 acquires remote sensing data, and encrypts the acquired remote sensing data based on the first public key to obtain a first data ciphertext. The first public key is a public key generated by the data acquisition terminal 102, and is used to encrypt the remote sensing data acquired by the data acquisition terminal 102. The data acquisition terminal 102 encrypts the first private key based on the second public key to obtain a key ciphertext. In one embodiment, the first public key is an asymmetric key, and specifically, the first public key can be the public key of SM2. The data acquisition terminal 102 sends the transmission data including the first data ciphertext and the key ciphertext to the data processing terminal 104. The data processing terminal 104 receives the transmission data including the first data ciphertext and the key ciphertext sent by the data acquisition terminal 102, and decrypts the key ciphertext in the transmission data based on the second private key to obtain the first private key. The second private key and the second public key are a pair of data key pairs. The data processing terminal 104 decrypts the first data ciphertext in the transmission data based on the first private key to obtain remote sensing data. The first private key and the first public key are a key encryption key pair.

在一个实施例中,如图2所示,提供了一种无人机遥感数据的安全监管方法,以该方法应用于图1中的无人机遥感数据的安全监管系统为例进行说明,无人机遥感数据的安全监管方法应用于数据采集端102,方法包括:In one embodiment, as shown in FIG. 2 , a method for safely supervising remote sensing data of a drone is provided. The method is applied to the safety supervision system for remote sensing data of a drone in FIG. 1 as an example for explanation. The method for safely supervising remote sensing data of a drone is applied to a data collection terminal 102. The method includes:

步骤202,基于第一公钥对采集的遥感数据进行加密处理,得到第一数据密文。Step 202: encrypt the collected remote sensing data based on the first public key to obtain a first data ciphertext.

本申请实施例中,数据采集端102基于第一公钥对采集的遥感数据进行加密处理,得到第一数据密文。其中,第一公钥用于对采集的遥感数据进行加密处理,是数据采集端102的公钥。在一个实施例中,第一公钥是对称密钥,具体的,第一公钥是SM4。In the embodiment of the present application, the data acquisition terminal 102 encrypts the collected remote sensing data based on the first public key to obtain the first data ciphertext. The first public key is used to encrypt the collected remote sensing data and is the public key of the data acquisition terminal 102. In one embodiment, the first public key is a symmetric key, and specifically, the first public key is SM4.

步骤204,基于第二公钥对第一私钥进行加密处理,得到密钥密文。Step 204: encrypt the first private key based on the second public key to obtain a key ciphertext.

本申请实施例中,数据采集端102基于第二公钥对第一私钥进行加密处理,得到密钥密文。其中,第二公钥是密码平台产生并发送至数据采集端102的密钥,或者,是通过数字证书形式离线导入的密钥,用于对第一公钥进行加密,即密钥加密密钥中的公钥。在一个实施例中,第二公钥是非对称密钥,具体的,第二公钥可以是SM2的公钥。在一个实施例中,第一私钥和第一公钥是同一个对称密钥,具体的,第一私钥和第一公钥可以是SM4。In an embodiment of the present application, the data acquisition terminal 102 encrypts the first private key based on the second public key to obtain a key ciphertext. The second public key is a key generated by the cryptographic platform and sent to the data acquisition terminal 102, or a key imported offline in the form of a digital certificate, which is used to encrypt the first public key, that is, the public key in the key encryption key. In one embodiment, the second public key is an asymmetric key. Specifically, the second public key can be the public key of SM2. In one embodiment, the first private key and the first public key are the same symmetric key. Specifically, the first private key and the first public key can be SM4.

步骤206,将包含第一数据密文和密钥密文的传输数据发送至数据处理端,以使数据处理端基于第二私钥对传输数据中的密钥密文进行解密处理,得到第一私钥,并基于第一私钥对传输数据中的第一数据密文进行解密处理,得到遥感数据。Step 206, sending the transmission data including the first data ciphertext and the key ciphertext to the data processing end, so that the data processing end decrypts the key ciphertext in the transmission data based on the second private key to obtain the first private key, and decrypts the first data ciphertext in the transmission data based on the first private key to obtain the remote sensing data.

其中,第二私钥预先存储在数据处理端104。在一个实施例中,数据处理端104包括数据接收端和内网密码机,第二私钥预先存储在内网密码机中。本申请实施例中,数据采集端102将包含第一数据密文和密钥密文的传输数据发送至数据处理端104,以使数据处理端104基于第二私钥对传输数据中的密钥密文进行解密处理,得到第一私钥,并基于第一私钥对传输数据中的第一数据密文进行解密处理,得到遥感数据。数据采集端102将包含第一数据密文和密钥密文的传输数据发送至数据处理端104。在一个实施例中,传输数据还包含验证明文,其中,验证明文包含数据采集端102的设备标识、以及遥感数据的数据起始采集时间,验证明文用于验证传输数据的真实性。Among them, the second private key is pre-stored in the data processing terminal 104. In one embodiment, the data processing terminal 104 includes a data receiving terminal and an intranet cipher machine, and the second private key is pre-stored in the intranet cipher machine. In the embodiment of the present application, the data acquisition terminal 102 sends the transmission data containing the first data ciphertext and the key ciphertext to the data processing terminal 104, so that the data processing terminal 104 decrypts the key ciphertext in the transmission data based on the second private key to obtain the first private key, and decrypts the first data ciphertext in the transmission data based on the first private key to obtain remote sensing data. The data acquisition terminal 102 sends the transmission data containing the first data ciphertext and the key ciphertext to the data processing terminal 104. In one embodiment, the transmission data also includes a verification plaintext, wherein the verification plaintext includes the device identification of the data acquisition terminal 102 and the data start collection time of the remote sensing data, and the verification plaintext is used to verify the authenticity of the transmission data.

上述无人机遥感数据的安全监管方法中,传输数据是经数据采集端进行加密处理后的密文,所以,只有数据处理端用正确的解密密钥来对传输数据进行解密,数据处理端才能获取传输数据中的遥感数据,进而减少了遥感数据的泄露情况,实现遥感数据的安全性的提高。In the above-mentioned security supervision method of UAV remote sensing data, the transmission data is a ciphertext encrypted by the data acquisition end. Therefore, only when the data processing end uses the correct decryption key to decrypt the transmission data can the data processing end obtain the remote sensing data in the transmission data, thereby reducing the leakage of remote sensing data and improving the security of remote sensing data.

在一个实施例中,基于第一公钥对采集的遥感数据进行加密处理之前,还包括:In one embodiment, before encrypting the collected remote sensing data based on the first public key, the method further includes:

获取遥感数据的数据起始采集时间;在数据起始采集时间早于预设的数字证书的有效截止时间的情况下,采集遥感数据。The data collection start time of the remote sensing data is obtained; when the data collection start time is earlier than the effective expiration time of the preset digital certificate, the remote sensing data is collected.

本申请实施例中,数据采集端102获取遥感数据的数据起始采集时间。数据采集端102比较数据起始采集时间与预设的数据证书的有效截止时间的早晚。其中,数字证书是密码平台产生并颁发给数据采集端102的证书,用于证明数据采集端102的身份。在数据起始采集时间早于预设的数字证书的有效截止时间的情况下,数据采集端102采集遥感数据。在数据起始采集时间晚于预设的数字证书的有效截止时间的情况下,数据采集端102禁止执行数据采集操作。具体的,在数据起始采集时间晚于预设的数字证书的有效截止时间的情况下,数据采集端102无法起飞,或者数据采集端102无法进入数据采集模式。In an embodiment of the present application, the data acquisition terminal 102 obtains the data start acquisition time of the remote sensing data. The data acquisition terminal 102 compares the data start acquisition time with the effective expiration time of the preset data certificate. Among them, the digital certificate is a certificate generated by the cryptographic platform and issued to the data acquisition terminal 102, which is used to prove the identity of the data acquisition terminal 102. In the case where the data start acquisition time is earlier than the effective expiration time of the preset digital certificate, the data acquisition terminal 102 collects remote sensing data. In the case where the data start acquisition time is later than the effective expiration time of the preset digital certificate, the data acquisition terminal 102 is prohibited from performing data acquisition operations. Specifically, in the case where the data start acquisition time is later than the effective expiration time of the preset digital certificate, the data acquisition terminal 102 cannot take off, or the data acquisition terminal 102 cannot enter the data acquisition mode.

本实施例中,在采集遥感数据之前,数据采集端102先判断数据起始采集时间与预设的数字证书的有效截止时间的早晚。只有在数据起始采集时间早于有效截止时间时,数据采集端102才能进行遥感数据的采集。因此,基于合法的数据采集端102进行遥感数据的采集,可以提高遥感数据的安全性、与可靠性。In this embodiment, before collecting remote sensing data, the data collection terminal 102 first determines whether the data collection start time is earlier than the effective expiration time of the preset digital certificate. Only when the data collection start time is earlier than the effective expiration time, the data collection terminal 102 can collect remote sensing data. Therefore, collecting remote sensing data based on the legitimate data collection terminal 102 can improve the security and reliability of remote sensing data.

在一个实施例中,基于第一公钥对采集的遥感数据进行加密处理,得到第一数据密文包括:In one embodiment, the collected remote sensing data is encrypted based on the first public key to obtain the first data ciphertext including:

向密码平台发送身份认证请求,以使密码平台响应于身份认证请求,将基于预设的数字证书确定的数字签名返回至数据采集端;将数字签名发送至数据处理端;在验签结果表示验证成功的情况下,基于第一公钥对采集的遥感数据进行加密处理,得到第一数据密文。An identity authentication request is sent to the cryptographic platform so that the cryptographic platform responds to the identity authentication request and returns a digital signature determined based on a preset digital certificate to the data acquisition end; the digital signature is sent to the data processing end; when the signature verification result indicates that the verification is successful, the collected remote sensing data is encrypted based on the first public key to obtain a first data ciphertext.

其中,数字签名用于指示数据处理端基于数字签名进行验签处理,得到验签结果,并将验签结果返回至数据采集端。The digital signature is used to instruct the data processing end to perform signature verification based on the digital signature, obtain the signature verification result, and return the signature verification result to the data collection end.

本申请实施例中,数据采集端102向密码平台发送身份认证请求,以使密码平台响应于身份认证请求,密码平台将基于预设的数字证书确定的数字签名返回至数据采集端102。数据采集端102将数字签名发送至数据处理端104。数据处理端104基于数字签名进行验签处理,得到验签结果,并将验签结果返回至数据采集端102。在验签结果表示验证成功的情况下,终端基于第一公钥对采集的遥感数据进行加密处理,得到第一数据密文。In the embodiment of the present application, the data acquisition terminal 102 sends an identity authentication request to the cryptographic platform, so that the cryptographic platform responds to the identity authentication request, and the cryptographic platform returns a digital signature determined based on a preset digital certificate to the data acquisition terminal 102. The data acquisition terminal 102 sends the digital signature to the data processing terminal 104. The data processing terminal 104 performs a signature verification process based on the digital signature, obtains a signature verification result, and returns the signature verification result to the data acquisition terminal 102. When the signature verification result indicates that the verification is successful, the terminal encrypts the collected remote sensing data based on the first public key to obtain a first data ciphertext.

本实施例中,数据采集端102在对遥感数据进行加密处理之前,先进行身份认证,并且只有在身份认证成功的情况下,数据采集端102才对遥感数据进行加密处理。因此,基于身份认证成功的数据采集端对遥感数据进行加密,可以提高遥感数据的安全性、与可靠性。In this embodiment, the data acquisition terminal 102 performs identity authentication before encrypting the remote sensing data, and only when the identity authentication is successful, the data acquisition terminal 102 encrypts the remote sensing data. Therefore, the data acquisition terminal 102 encrypts the remote sensing data based on the successful identity authentication, which can improve the security and reliability of the remote sensing data.

在一个实施例中,如图3所示,提供了一种无人机遥感数据的安全监管方法,以该方法应用于图1中的无人机遥感数据的安全监管系统为例进行说明,无人机遥感数据的安全监管方法应用于数据处理端104,方法包括:In one embodiment, as shown in FIG. 3 , a method for secure supervision of remote sensing data of a drone is provided. The method is applied to the secure supervision system of remote sensing data of a drone in FIG. 1 as an example for explanation. The method for secure supervision of remote sensing data of a drone is applied to a data processing terminal 104. The method includes:

步骤302,接收数据采集端发送的包含第一数据密文和密钥密文的传输数据。Step 302: Receive transmission data including first data ciphertext and key ciphertext sent by a data acquisition terminal.

其中,第一数据密文是数据采集端基于第一公钥对采集的遥感数据进行加密处理得到的;密钥密文是数据采集端基于第二公钥对第一私钥进行加密处理得到的。The first data ciphertext is obtained by encrypting the collected remote sensing data by the data collection end based on the first public key; the key ciphertext is obtained by encrypting the first private key by the data collection end based on the second public key.

本申请实施例中,数据处理端104接收数据采集端102发送的包含第一数据密文和密钥密文的传输数据。在一个实施例中,传输数据还包含验证明文、以及第二数据密文。其中,数据处理端104包括数据接收端和内网密码机。具体的,数据接收端接收数据采集端102发送的包含第一数据密文和密钥密文的传输数据,并将该传输数据发送至内网密码机。In an embodiment of the present application, the data processing end 104 receives the transmission data including the first data ciphertext and the key ciphertext sent by the data acquisition end 102. In one embodiment, the transmission data also includes a verification plaintext and a second data ciphertext. Among them, the data processing end 104 includes a data receiving end and an intranet cipher machine. Specifically, the data receiving end receives the transmission data including the first data ciphertext and the key ciphertext sent by the data acquisition end 102, and sends the transmission data to the intranet cipher machine.

步骤304,基于第二私钥对传输数据中的密钥密文进行解密处理,得到第一私钥。Step 304: decrypt the key ciphertext in the transmission data based on the second private key to obtain the first private key.

其中,第二私钥预先存储在数据处理端104。在一个实施例中,数据处理端104包括数据接收端和内网密码机,第二私钥预先存储在内网密码机中。The second private key is pre-stored in the data processing terminal 104. In one embodiment, the data processing terminal 104 includes a data receiving terminal and an intranet cipher machine, and the second private key is pre-stored in the intranet cipher machine.

本申请实施例中,数据处理端104基于第二私钥对传输数据中的密钥密文进行解密处理,得到第一私钥。具体的,内网密码机基于第二私钥对传输数据中的密钥密文进行解密处理,得到第一私钥。在一个实施例中,若对第二数据密文进行加密的加密密钥是第二公钥,则数据采集端102基于第二公钥对第一私钥、数据采集端102的设备标识、以及遥感数据的数据起始采集时间同时进行加密,得到目标密钥密文。可以理解,在对第二数据密文进行加密的加密密钥是第二公钥的情况下,实际上密钥密文与第二数据密文都是指目标密钥密文。若对第二数据密文进行加密的加密密钥是第二公钥,则数据处理端104(中的内网密码机)基于第二私钥对传输数据中的密钥密文(即目标密钥密文)进行解密处理,得到第一私钥、数据采集端102的设备标识、以及遥感数据的数据起始采集时间。其中,数据采集端102的设备标识是数据采集端102中具有终身唯一性、不可更改、抗抵赖、只读特性的识别码,如密码芯片的ID。遥感数据的数据起始采集时间是数据采集端102开始采集遥感数据的时间字符串。在一个实施例中,遥感数据的数据起始采集时间的格式可以是YYYY:M1M1:DD:HH:M2M2:SS(即年:月:日:小时:分钟:秒)。In the embodiment of the present application, the data processing end 104 decrypts the key ciphertext in the transmission data based on the second private key to obtain the first private key. Specifically, the intranet cipher machine decrypts the key ciphertext in the transmission data based on the second private key to obtain the first private key. In one embodiment, if the encryption key for encrypting the second data ciphertext is the second public key, the data acquisition end 102 simultaneously encrypts the first private key, the device identification of the data acquisition end 102, and the data start acquisition time of the remote sensing data based on the second public key to obtain the target key ciphertext. It can be understood that in the case where the encryption key for encrypting the second data ciphertext is the second public key, the key ciphertext and the second data ciphertext actually refer to the target key ciphertext. If the encryption key for encrypting the second data ciphertext is the second public key, the data processing end 104 (the intranet cipher machine in) decrypts the key ciphertext (i.e., the target key ciphertext) in the transmission data based on the second private key to obtain the first private key, the device identification of the data acquisition end 102, and the data start acquisition time of the remote sensing data. The device identification of the data acquisition terminal 102 is an identification code in the data acquisition terminal 102 that is lifelong unique, unchangeable, non-repudiation, and read-only, such as the ID of a cryptographic chip. The data start acquisition time of the remote sensing data is a time string when the data acquisition terminal 102 starts to acquire remote sensing data. In one embodiment, the format of the data start acquisition time of the remote sensing data can be YYYY: M1M1 : DD:HH: M2M2 : SS (i.e., year:month:day:hour:minute:second).

步骤306,基于第一私钥对传输数据中的第一数据密文进行解密处理,得到遥感数据。Step 306: decrypt the first data ciphertext in the transmission data based on the first private key to obtain remote sensing data.

本申请实施例中,数据处理端104基于第一私钥对传输数据中的第一数据密文进行解密处理,得到遥感数据。具体的,内网密码机基于第一私钥对传输数据中的第一数据密文进行解密处理,得到遥感数据。In the embodiment of the present application, the data processing terminal 104 decrypts the first data ciphertext in the transmission data based on the first private key to obtain the remote sensing data. Specifically, the intranet cipher machine decrypts the first data ciphertext in the transmission data based on the first private key to obtain the remote sensing data.

在一个实施例中,若对第二数据密文进行加密的加密密钥是第一公钥,则数据采集端102基于第一公钥对遥感数据、数据采集端102的设备标识、以及遥感数据的数据起始采集时间同时进行加密处理,得到目标数据密文,此时,第一数据密文与第二数据密文都是指目标数据密文,则数据处理端104(中的内网密码机)基于第一私钥对传输数据中的第一数据密文(即目标数据密文)进行解密处理,得到遥感数据、数据采集端102的设备标识、以及遥感数据的数据起始采集时间。可以理解,数据处理端104可以基于解密处理得到的数据采集端102的设备标识、遥感数据的数据起始采集时间和验证明文,来验证遥感数据的真实性。In one embodiment, if the encryption key used to encrypt the second data ciphertext is the first public key, the data acquisition terminal 102 simultaneously encrypts the remote sensing data, the device identification of the data acquisition terminal 102, and the data start collection time of the remote sensing data based on the first public key to obtain the target data ciphertext. At this time, the first data ciphertext and the second data ciphertext both refer to the target data ciphertext. The data processing terminal 104 (the intranet cipher machine in the data processing terminal) decrypts the first data ciphertext (i.e., the target data ciphertext) in the transmission data based on the first private key to obtain the remote sensing data, the device identification of the data acquisition terminal 102, and the data start collection time of the remote sensing data. It can be understood that the data processing terminal 104 can verify the authenticity of the remote sensing data based on the device identification of the data acquisition terminal 102, the data start collection time of the remote sensing data, and the verification plaintext obtained by the decryption process.

在另一个实施例中,若对第二数据密文进行加密的加密密钥是第一公钥,则数据采集端102基于第一公钥对遥感数据进行加密处理,得到第一数据密文。若对第二数据密文进行加密的加密密钥是第一公钥,则数据采集端102基于第一公钥对数据采集端102的设备标识、以及遥感数据的数据起始采集时间进行加密处理,得到第二数据密文。此时,第一数据密文与第二数据密文并不相等。在这种情况下,数据处理端104(中的内网密码机)可以先对第一数据密文进行解密,也可以先对第二数据密文进行解密。优选地,数据处理端104(中的内网密码机)可以先对第二数据密文进行解密。In another embodiment, if the encryption key used to encrypt the second data ciphertext is the first public key, the data acquisition terminal 102 encrypts the remote sensing data based on the first public key to obtain the first data ciphertext. If the encryption key used to encrypt the second data ciphertext is the first public key, the data acquisition terminal 102 encrypts the device identification of the data acquisition terminal 102 and the data start acquisition time of the remote sensing data based on the first public key to obtain the second data ciphertext. At this time, the first data ciphertext is not equal to the second data ciphertext. In this case, the data processing terminal 104 (the intranet cipher machine) can first decrypt the first data ciphertext, or first decrypt the second data ciphertext. Preferably, the data processing terminal 104 (the intranet cipher machine) can first decrypt the second data ciphertext.

上述方案中,传输数据是经数据采集端进行加密处理后的密文,所以,只有数据处理端用正确的解密密钥来对传输数据进行解密,数据处理端才能获取传输数据中的遥感数据,进而减少了遥感数据的泄露情况,实现遥感数据的安全性的提高。In the above scheme, the transmission data is the ciphertext encrypted by the data acquisition end. Therefore, only when the data processing end uses the correct decryption key to decrypt the transmission data can the data processing end obtain the remote sensing data in the transmission data, thereby reducing the leakage of remote sensing data and improving the security of remote sensing data.

在一个实施例中,接收数据采集端发送的包含第一数据密文和密钥密文的传输数据之前,还包括:In one embodiment, before receiving the transmission data including the first data ciphertext and the key ciphertext sent by the data acquisition end, the method further includes:

接收数据采集端发送的数字签名;基于数字签名进行验签处理,得到验签结果,并将验签结果返回至数据采集端。Receive the digital signature sent by the data collection end; perform signature verification based on the digital signature, obtain the signature verification result, and return the signature verification result to the data collection end.

其中,数字签名是密码平台响应于数据采集端发送的身份认证请求,基于预设的数字证书确定的,并由密码平台发送至数据处理端的。验签结果用于在验签结果表示验证成功的情况下,指示数据采集端基于第一公钥对采集的遥感数据进行加密处理,得到第一数据密文。The digital signature is determined by the cryptographic platform in response to the identity authentication request sent by the data acquisition end based on the preset digital certificate and sent by the cryptographic platform to the data processing end. The signature verification result is used to instruct the data acquisition end to encrypt the collected remote sensing data based on the first public key to obtain the first data ciphertext when the signature verification result indicates that the verification is successful.

本申请实施例中,数据处理端104接收数据采集端102发送的数字签名。数据处理端104基于数字签名进行验签处理,得到验签结果,并将验签结果返回至数据采集端102。其中,数字签名是密码平台基于密码平台的公钥对数字证书进行加密的结果。In the embodiment of the present application, the data processing terminal 104 receives the digital signature sent by the data collection terminal 102. The data processing terminal 104 performs signature verification based on the digital signature, obtains the signature verification result, and returns the signature verification result to the data collection terminal 102. The digital signature is the result of the cryptographic platform encrypting the digital certificate based on the public key of the cryptographic platform.

本实施例中,数据处理端104基于数字签名进行验签处理,并向数据采集端102返回验签结果。因此,为后续数据采集端102只有在验签结果表示验证成功时才执行步骤202提供前提。In this embodiment, the data processing end 104 performs signature verification based on the digital signature and returns the signature verification result to the data collection end 102. Therefore, it provides a premise for the subsequent data collection end 102 to execute step 202 only when the signature verification result indicates that the verification is successful.

在一个实施例中,基于第二私钥对传输数据中的密钥密文进行解密处理,得到第一私钥之前,还包括:In one embodiment, before decrypting the key ciphertext in the transmission data based on the second private key to obtain the first private key, the method further includes:

基于遥感数据的数据起始采集时间,查询晚于数据起始采集时间的预设的数字证书的有效截止时间,得到目标有效截止时间;根据目标有效截止时间和数据采集端的设备标识,确定第二私钥。Based on the data start collection time of the remote sensing data, the effective deadline of the preset digital certificate that is later than the data start collection time is queried to obtain the target effective deadline; according to the target effective deadline and the device identification of the data collection terminal, the second private key is determined.

本申请实施例中,数据处理端104(中的内网密码机)基于数据起始采集时间,查询晚于该数据起始采集时间的预设的数字证书的有效截止时间,得到目标有效截止时间。数据处理端104(中的内网密码机)基于目标有效截止时间、设备标识、以及预设的目标有效截止时间、设备标识与第二私钥的对应关系,确定目标有效截止时间和设备标识对应的第二私钥。In the embodiment of the present application, the data processing terminal 104 (the intranet cryptographic machine therein) queries the effective expiration time of the preset digital certificate later than the data start collection time based on the data start collection time to obtain the target effective expiration time. The data processing terminal 104 (the intranet cryptographic machine therein) determines the second private key corresponding to the target effective expiration time and the device identifier based on the target effective expiration time, the device identifier, and the preset corresponding relationship between the target effective expiration time, the device identifier, and the second private key.

本实施例中,数据处理端104通过数据起始采集时间、查询得到目标有效截止时间,并基于目标有效截止时间和设备标识,确定第二私钥,从而为后续数据处理端104基于第二私钥对密钥密文进行解密提供前提。In this embodiment, the data processing end 104 obtains the target effective deadline through querying the data start collection time, and determines the second private key based on the target effective deadline and the device identification, thereby providing a prerequisite for the subsequent data processing end 104 to decrypt the key ciphertext based on the second private key.

在一个实施例中,传输数据还包括包含数据采集端的设备标识和遥感数据的数据起始采集时间的第二数据密文、以及包含设备标识和数据起始采集时间的验证明文;基于第一私钥对传输数据中的第一数据密文进行解密处理包括:In one embodiment, the transmission data further includes a second data ciphertext including a device identification of the data collection terminal and a data collection start time of the remote sensing data, and a verification plaintext including the device identification and the data collection start time; decrypting the first data ciphertext in the transmission data based on the first private key includes:

在验证明文中的设备标识与第二数据密文包含的设备标识一致、且验证明文中的数据起始采集时间与第二数据密文包含的数据起始采集时间一致的情况下,基于第一私钥对传输数据中的第一数据密文进行解密处理。When the device identifier in the verification plaintext is consistent with the device identifier included in the second data ciphertext, and the data start collection time in the verification plaintext is consistent with the data start collection time included in the second data ciphertext, the first data ciphertext in the transmission data is decrypted based on the first private key.

本申请实施例中,若对第二数据密文进行加密的加密密钥是第二公钥,则数据处理端104(中的内网密码机)基于第二私钥对传输数据中的第二数据密文(即目标密钥密文)进行解密处理,得到第一私钥、数据采集端102的设备标识、以及遥感数据的数据起始采集时间。数据处理端104(中的内网密码机)比对传输数据中的验证明文包括的设备标识与解密得到的设备标识,以及比对传输数据中的验证明文包括的数据起始采集时间与解密得到的数据起始采集时间。在验证明文包括的设备标识与解密得到的设备标识一致、且验证明文包括的数据起始采集时间与解密得到的数据起始采集时间一致的情况下,数据处理端104执行步骤306。In the embodiment of the present application, if the encryption key used to encrypt the second data ciphertext is the second public key, the data processing terminal 104 (the intranet cipher machine therein) decrypts the second data ciphertext (i.e., the target key ciphertext) in the transmission data based on the second private key to obtain the first private key, the device identification of the data acquisition terminal 102, and the data start acquisition time of the remote sensing data. The data processing terminal 104 (the intranet cipher machine therein) compares the device identification included in the verification plaintext in the transmission data with the device identification obtained by decryption, and compares the data start acquisition time included in the verification plaintext in the transmission data with the data start acquisition time obtained by decryption. When the device identification included in the verification plaintext is consistent with the device identification obtained by decryption, and the data start acquisition time included in the verification plaintext is consistent with the data start acquisition time obtained by decryption, the data processing terminal 104 executes step 306.

若对第二数据密文进行加密的加密密钥是第一公钥、且第一数据密文与第二数据密文并不相等,则数据处理端104(中的内网密码机)基于第一私钥对第二数据密文先进行解密处理,得到数据采集端102的设备标识、以及遥感数据的数据起始采集时间。并且,在验证明文中的设备标识与第二数据密文包含的设备标识一致、且验证明文中的数据起始采集时间与第二数据密文包含的数据起始采集时间一致的情况下,数据处理端104(中的内网密码机)再基于第一私钥对传输数据中的第一数据密文进行解密处理,得到遥感数据。If the encryption key used to encrypt the second data ciphertext is the first public key, and the first data ciphertext is not equal to the second data ciphertext, the data processing terminal 104 (the intranet cipher machine therein) first decrypts the second data ciphertext based on the first private key to obtain the device identification of the data collection terminal 102 and the data start collection time of the remote sensing data. Furthermore, when the device identification in the verification plaintext is consistent with the device identification included in the second data ciphertext, and the data start collection time in the verification plaintext is consistent with the data start collection time included in the second data ciphertext, the data processing terminal 104 (the intranet cipher machine therein) decrypts the first data ciphertext in the transmission data based on the first private key to obtain the remote sensing data.

本实施例中,数据处理端104可以通过比对传输数据中明文与对传输数据进行解密得到的解密结果,来验证传输数据的真实性,避免由被恶意篡改的传输数据带来的安全隐患。In this embodiment, the data processing end 104 can verify the authenticity of the transmission data by comparing the plain text in the transmission data with the decryption result obtained by decrypting the transmission data, thereby avoiding security risks caused by maliciously tampered transmission data.

在一个实施例中,如图4所示,提供了一种访问的认证方法,该方法可应用于图1中的访问的认证系统,访问的认证方法包括以下步骤:In one embodiment, as shown in FIG4 , an access authentication method is provided, which can be applied to the access authentication system in FIG1 . The access authentication method includes the following steps:

步骤402,数据采集端102获取数据起始采集时间,并在数据起始采集时间早于预设的数字证书的有效截止时间的情况下,采集遥感数据。In step 402, the data collection terminal 102 obtains the data collection start time, and collects remote sensing data when the data collection start time is earlier than the preset effective expiration time of the digital certificate.

步骤404,数据采集端102向密码平台发送身份认证请求。Step 404: the data collection terminal 102 sends an identity authentication request to the password platform.

步骤406,密码平台响应于身份认证请求,基于预设的数字证书,确定数字签名,并将数字签名返回至数据采集端102。Step 406 , the cryptographic platform responds to the identity authentication request, determines the digital signature based on the preset digital certificate, and returns the digital signature to the data collection terminal 102 .

步骤408,数据采集端102将数字签名发送至数据处理端104。Step 408 , the data collection end 102 sends the digital signature to the data processing end 104 .

步骤410,数据处理端104基于数字签名进行验签处理,得到验签结果,并将验签结果返回至数据采集端102。In step 410 , the data processing end 104 performs signature verification based on the digital signature, obtains a signature verification result, and returns the signature verification result to the data collection end 102 .

步骤412,在验签结果表示验证成功的情况下,数据采集端102基于第一公钥对采集的遥感数据进行加密处理,得到第一数据密文。Step 412: When the signature verification result indicates that the verification is successful, the data collection terminal 102 encrypts the collected remote sensing data based on the first public key to obtain a first data ciphertext.

步骤414,数据采集端102基于第二公钥对第一私钥、数据采集端102的设备标识、以及遥感数据的数据起始采集时间进行加密处理,得到密钥密文。Step 414: the data collection terminal 102 encrypts the first private key, the device identification of the data collection terminal 102, and the data collection start time of the remote sensing data based on the second public key to obtain a key ciphertext.

步骤416,数据采集端102将包含第一数据密文、密钥密文以及验证明文的传输数据发送至数据处理端104。其中,验证明文包括数据采集端102的设备标识、以及遥感数据的数据起始采集时间。In step 416, the data collection terminal 102 sends the transmission data including the first data ciphertext, the key ciphertext and the verification plaintext to the data processing terminal 104. The verification plaintext includes the device identification of the data collection terminal 102 and the data collection start time of the remote sensing data.

步骤418,数据处理端104基于第二私钥对传输数据中的密钥密文进行解密处理,得到第一私钥、数据采集端102的设备标识、以及遥感数据的数据起始采集时间。Step 418: the data processing end 104 decrypts the key ciphertext in the transmission data based on the second private key to obtain the first private key, the device identification of the data collection end 102, and the data collection start time of the remote sensing data.

步骤420,在明文中的设备标识与步骤418解密得到的设备标识一致、且明文中的数据起始采集时间与步骤418解密得到的数据起始采集时间一致的情况下,数据处理端104基于第一私钥对传输数据中的第一数据密文进行解密处理,得到遥感数据。In step 420, when the device identifier in the plain text is consistent with the device identifier decrypted in step 418, and the data collection start time in the plain text is consistent with the data collection start time decrypted in step 418, the data processing terminal 104 decrypts the first data ciphertext in the transmission data based on the first private key to obtain remote sensing data.

应该理解的是,虽然如上所述的各实施例所涉及的流程图中的各个步骤按照箭头的指示依次显示,但是这些步骤并不是必然按照箭头指示的顺序依次执行。除非本文中有明确的说明,这些步骤的执行并没有严格的顺序限制,这些步骤可以以其它的顺序执行。而且,如上所述的各实施例所涉及的流程图中的至少一部分步骤可以包括多个步骤或者多个阶段,这些步骤或者阶段并不必然是在同一时刻执行完成,而是可以在不同的时刻执行,这些步骤或者阶段的执行顺序也不必然是依次进行,而是可以与其它步骤或者其它步骤中的步骤或者阶段的至少一部分轮流或者交替地执行。It should be understood that, although the various steps in the flowcharts involved in the above-mentioned embodiments are displayed in sequence according to the indication of the arrows, these steps are not necessarily executed in sequence according to the order indicated by the arrows. Unless there is a clear explanation in this article, the execution of these steps does not have a strict order restriction, and these steps can be executed in other orders. Moreover, at least a part of the steps in the flowcharts involved in the above-mentioned embodiments can include multiple steps or multiple stages, and these steps or stages are not necessarily executed at the same time, but can be executed at different times, and the execution order of these steps or stages is not necessarily carried out in sequence, but can be executed in turn or alternately with other steps or at least a part of the steps or stages in other steps.

基于同样的发明构思,本申请实施例还提供了一种用于实现上述所涉及的无人机遥感数据的安全监管方法的无人机遥感数据的安全监管系统。该系统所提供的解决问题的实现方案与上述方法中所记载的实现方案相似,故下面所提供的一个或多个无人机遥感数据的安全监管系统实施例中的具体限定可以参见上文中对于无人机遥感数据的安全监管方法的限定,在此不再赘述。Based on the same inventive concept, the embodiment of the present application also provides a safety supervision system for drone remote sensing data for implementing the safety supervision method for drone remote sensing data involved above. The implementation scheme for solving the problem provided by the system is similar to the implementation scheme recorded in the above method, so the specific limitations in the embodiments of the safety supervision system for drone remote sensing data provided below can refer to the limitations of the safety supervision method for drone remote sensing data above, and will not be repeated here.

在一个实施例中,如图1所示,提供了一种无人机遥感数据的安全监管系统,无人机遥感数据的安全监管系统包括数据采集端102以及数据处理端104,其中:In one embodiment, as shown in FIG. 1 , a safety supervision system for remote sensing data of an unmanned aerial vehicle is provided. The safety supervision system for remote sensing data of an unmanned aerial vehicle includes a data collection terminal 102 and a data processing terminal 104, wherein:

数据采集端102,用于基于第一公钥对采集的遥感数据进行加密处理,得到第一数据密文;基于第二公钥对第一私钥进行加密处理,得到密钥密文;将包含第一数据密文和密钥密文的传输数据发送至数据处理端104;The data acquisition terminal 102 is used to encrypt the collected remote sensing data based on the first public key to obtain the first data ciphertext; encrypt the first private key based on the second public key to obtain the key ciphertext; and send the transmission data including the first data ciphertext and the key ciphertext to the data processing terminal 104;

数据处理端104,用于基于第二私钥对传输数据中的密钥密文进行解密处理,得到第一私钥;基于第一私钥对传输数据中的第一数据密文进行解密处理,得到遥感数据。The data processing terminal 104 is used to decrypt the key ciphertext in the transmission data based on the second private key to obtain the first private key; and decrypt the first data ciphertext in the transmission data based on the first private key to obtain remote sensing data.

在一个实施例中,数据处理端包括数据接收端和内网密码机;数据处理端,基于第二私钥对传输数据中的密钥密文进行解密处理,得到第一私钥;基于第一私钥对传输数据中的第一数据密文进行解密处理,得到遥感数据,包括:In one embodiment, the data processing end includes a data receiving end and an intranet cipher machine; the data processing end decrypts the key ciphertext in the transmission data based on the second private key to obtain the first private key; decrypts the first data ciphertext in the transmission data based on the first private key to obtain the remote sensing data, including:

数据接收端,用于接收数据采集端发送的传输数据,并将传输数据发送至内网密码机;The data receiving end is used to receive the transmission data sent by the data acquisition end and send the transmission data to the intranet cipher machine;

内网密码机,用于基于第二私钥对传输数据中的密钥密文进行解密处理,得到第一私钥;基于第一私钥对传输数据中的第一数据密文进行解密处理,得到遥感数据。The intranet cipher machine is used to decrypt the key ciphertext in the transmission data based on the second private key to obtain the first private key; and decrypt the first data ciphertext in the transmission data based on the first private key to obtain remote sensing data.

在一个实施例中,基于第一公钥对采集的遥感数据进行加密处理之前,还包括:In one embodiment, before encrypting the collected remote sensing data based on the first public key, the method further includes:

获取遥感数据的数据起始采集时间;Get the start time of remote sensing data collection;

在数据起始采集时间早于预设的数字证书的有效截止时间的情况下,采集遥感数据。When the data collection start time is earlier than the preset effective deadline of the digital certificate, remote sensing data is collected.

在一个实施例中,基于第一公钥对采集的遥感数据进行加密处理,得到第一数据密文包括:In one embodiment, the collected remote sensing data is encrypted based on the first public key to obtain the first data ciphertext including:

向密码平台发送身份认证请求,以使密码平台响应于身份认证请求,将基于预设的数字证书确定的数字签名返回至数据采集端;Sending an identity authentication request to the cryptographic platform, so that the cryptographic platform responds to the identity authentication request and returns a digital signature determined based on a preset digital certificate to the data collection end;

将数字签名发送至数据处理端;数字签名用于指示数据处理端基于数字签名进行验签处理,得到验签结果,并将验签结果返回至数据采集端;The digital signature is sent to the data processing end; the digital signature is used to instruct the data processing end to perform signature verification based on the digital signature, obtain the signature verification result, and return the signature verification result to the data collection end;

在验签结果表示验证成功的情况下,基于第一公钥对采集的遥感数据进行加密处理,得到第一数据密文。When the signature verification result indicates that the verification is successful, the collected remote sensing data is encrypted based on the first public key to obtain a first data ciphertext.

在一个实施例中,接收数据采集端发送的包含第一数据密文和密钥密文的传输数据之前,还包括:In one embodiment, before receiving the transmission data including the first data ciphertext and the key ciphertext sent by the data acquisition end, the method further includes:

接收数据采集端发送的数字签名;数字签名是密码平台响应于数据采集端发送的身份认证请求,基于预设的数字证书确定的,并由密码平台发送至数据处理端的;Receive the digital signature sent by the data collection end; the digital signature is determined by the cryptographic platform in response to the identity authentication request sent by the data collection end, based on the preset digital certificate, and sent by the cryptographic platform to the data processing end;

基于数字签名进行验签处理,得到验签结果,并将验签结果返回至数据采集端;验签结果用于在验签结果表示验证成功的情况下,指示数据采集端基于第一公钥对采集的遥感数据进行加密处理,得到第一数据密文。A signature verification process is performed based on the digital signature to obtain a signature verification result, and the signature verification result is returned to the data acquisition end; the signature verification result is used to instruct the data acquisition end to encrypt the collected remote sensing data based on the first public key to obtain a first data ciphertext when the signature verification result indicates that the verification is successful.

在一个实施例中,基于第二私钥对传输数据中的密钥密文进行解密处理,得到第一私钥之前,还包括:In one embodiment, before decrypting the key ciphertext in the transmission data based on the second private key to obtain the first private key, the method further includes:

基于遥感数据的数据起始采集时间,查询晚于数据起始采集时间的预设的数字证书的有效截止时间,得到目标有效截止时间;Based on the data start collection time of the remote sensing data, query the effective expiration time of the preset digital certificate later than the data start collection time to obtain the target effective expiration time;

根据目标有效截止时间和数据采集端的设备标识,确定第二私钥。The second private key is determined according to the target effective deadline and the device identification of the data collection terminal.

在一个实施例中,传输数据还包括包含数据采集端的设备标识和遥感数据的数据起始采集时间的第二数据密文、以及包含设备标识和数据起始采集时间的验证明文;基于第一私钥对传输数据中的第一数据密文进行解密处理包括:In one embodiment, the transmission data further includes a second data ciphertext including a device identification of the data collection terminal and a data collection start time of the remote sensing data, and a verification plaintext including the device identification and the data collection start time; decrypting the first data ciphertext in the transmission data based on the first private key includes:

在验证明文中的设备标识与第二数据密文包含的设备标识一致、且验证明文中的数据起始采集时间与第二数据密文包含的数据起始采集时间一致的情况下,基于第一私钥对传输数据中的第一数据密文进行解密处理。When the device identifier in the verification plaintext is consistent with the device identifier included in the second data ciphertext, and the data start collection time in the verification plaintext is consistent with the data start collection time included in the second data ciphertext, the first data ciphertext in the transmission data is decrypted based on the first private key.

基于同样的发明构思,本申请实施例还提供了一种用于实现上述所涉及的无人机遥感数据的安全监管方法的无人机遥感数据的安全监管装置。该装置所提供的解决问题的实现方案与上述方法中所记载的实现方案相似,故下面所提供的一个或多个无人机遥感数据的安全监管装置实施例中的具体限定可以参见上文中对于无人机遥感数据的安全监管方法的限定,在此不再赘述。Based on the same inventive concept, the embodiment of the present application also provides a safety supervision device for drone remote sensing data for implementing the safety supervision method for drone remote sensing data involved above. The implementation scheme for solving the problem provided by the device is similar to the implementation scheme recorded in the above method, so the specific limitations in the embodiments of one or more safety supervision devices for drone remote sensing data provided below can refer to the limitations of the safety supervision method for drone remote sensing data above, and will not be repeated here.

在一个实施例中,如图5所示,提供了一种无人机遥感数据的安全监管装置,装置应用于数据采集端,装置包括:In one embodiment, as shown in FIG5 , a safety monitoring device for remote sensing data of an unmanned aerial vehicle is provided. The device is applied to a data collection end, and the device includes:

第一加密模块502,用于基于第一公钥对采集的遥感数据进行加密处理,得到第一数据密文;A first encryption module 502, used to encrypt the collected remote sensing data based on a first public key to obtain a first data ciphertext;

第二加密模块504,用于基于第二公钥对第一私钥进行加密处理,得到密钥密文;The second encryption module 504 is used to encrypt the first private key based on the second public key to obtain a key ciphertext;

发送模块506,用于将包含第一数据密文和密钥密文的传输数据发送至数据处理端,以使数据处理端基于第二私钥对传输数据中的密钥密文进行解密处理,得到第一私钥,并基于第一私钥对传输数据中的第一数据密文进行解密处理,得到遥感数据。The sending module 506 is used to send the transmission data including the first data ciphertext and the key ciphertext to the data processing end, so that the data processing end decrypts the key ciphertext in the transmission data based on the second private key to obtain the first private key, and decrypts the first data ciphertext in the transmission data based on the first private key to obtain remote sensing data.

在一个实施例中,无人机遥感数据的安全监管装置还包括:In one embodiment, the safety monitoring device for drone remote sensing data further includes:

获取模块,用于获取遥感数据的数据起始采集时间;An acquisition module is used to obtain the start time of data collection of remote sensing data;

采集模块,用于在数据起始采集时间早于预设的数字证书的有效截止时间的情况下,采集遥感数据。The acquisition module is used to acquire remote sensing data when the data acquisition start time is earlier than the effective expiration time of the preset digital certificate.

在一个实施例中,第一加密模块502具体用于:In one embodiment, the first encryption module 502 is specifically used for:

向密码平台发送身份认证请求,以使密码平台响应于身份认证请求,将基于预设的数字证书确定的数字签名返回至数据采集端;Sending an identity authentication request to the cryptographic platform, so that the cryptographic platform responds to the identity authentication request and returns a digital signature determined based on a preset digital certificate to the data collection end;

将数字签名发送至数据处理端;数字签名用于指示数据处理端基于数字签名进行验签处理,得到验签结果,并将验签结果返回至数据采集端;The digital signature is sent to the data processing end; the digital signature is used to instruct the data processing end to perform signature verification based on the digital signature, obtain the signature verification result, and return the signature verification result to the data collection end;

在验签结果表示验证成功的情况下,基于第一公钥对采集的遥感数据进行加密处理,得到第一数据密文。When the signature verification result indicates that the verification is successful, the collected remote sensing data is encrypted based on the first public key to obtain a first data ciphertext.

在一个实施例中,如图6所示,提供了一种无人机遥感数据的安全监管装置,装置应用于数据处理端,装置包括:In one embodiment, as shown in FIG6 , a security monitoring device for remote sensing data of a drone is provided, the device is applied to a data processing end, and the device includes:

第一接收模块602,用于接收数据采集端发送的包含第一数据密文和密钥密文的传输数据;第一数据密文是数据采集端基于第一公钥对采集的遥感数据进行加密处理得到的;密钥密文是数据采集端基于第二公钥对第一私钥进行加密处理得到的;The first receiving module 602 is used to receive transmission data including a first data ciphertext and a key ciphertext sent by the data acquisition end; the first data ciphertext is obtained by the data acquisition end encrypting the collected remote sensing data based on the first public key; the key ciphertext is obtained by the data acquisition end encrypting the first private key based on the second public key;

第一解密模块604,用于基于第二私钥对传输数据中的密钥密文进行解密处理,得到第一私钥;A first decryption module 604, configured to decrypt the key ciphertext in the transmission data based on the second private key to obtain the first private key;

第二解密模块606,用于基于第一私钥对传输数据中的第一数据密文进行解密处理,得到遥感数据。The second decryption module 606 is used to decrypt the first data ciphertext in the transmission data based on the first private key to obtain remote sensing data.

在一个实施例中,无人机遥感数据的安全监管装置还包括:In one embodiment, the safety monitoring device for drone remote sensing data further includes:

第二接收模块,用于接收数据采集端发送的数字签名;数字签名是密码平台响应于数据采集端发送的身份认证请求,基于预设的数字证书确定的,并由密码平台发送至数据处理端的;The second receiving module is used to receive the digital signature sent by the data acquisition end; the digital signature is determined by the cryptographic platform in response to the identity authentication request sent by the data acquisition end based on a preset digital certificate, and sent by the cryptographic platform to the data processing end;

验签模块,用于基于数字签名进行验签处理,得到验签结果,并将验签结果返回至数据采集端;验签结果用于在验签结果表示验证成功的情况下,指示数据采集端基于第一公钥对采集的遥感数据进行加密处理,得到第一数据密文。The signature verification module is used to perform signature verification based on the digital signature, obtain the signature verification result, and return the signature verification result to the data acquisition end; the signature verification result is used to instruct the data acquisition end to encrypt the collected remote sensing data based on the first public key to obtain the first data ciphertext when the signature verification result indicates that the verification is successful.

在一个实施例中,无人机遥感数据的安全监管装置还包括:In one embodiment, the safety monitoring device for drone remote sensing data further includes:

查询模块,用于基于遥感数据的数据起始采集时间,查询晚于数据起始采集时间的预设的数字证书的有效截止时间,得到目标有效截止时间;A query module, for querying the effective expiration time of a preset digital certificate later than the data start collection time based on the data start collection time of the remote sensing data, and obtaining a target effective expiration time;

确定模块,用于根据目标有效截止时间和数据采集端的设备标识,确定第二私钥。The determination module is used to determine the second private key according to the target effective deadline and the device identification of the data collection terminal.

在一个实施例中,传输数据还包括包含数据采集端的设备标识和遥感数据的数据起始采集时间的第二数据密文、以及包含设备标识和数据起始采集时间的验证明文;第二解密模块606具体用于:In one embodiment, the transmission data also includes a second data ciphertext including a device identification of the data acquisition terminal and a data start acquisition time of the remote sensing data, and a verification plaintext including a device identification and a data start acquisition time; the second decryption module 606 is specifically used for:

在验证明文中的设备标识与第二数据密文包含的设备标识一致、且验证明文中的数据起始采集时间与第二数据密文包含的数据起始采集时间一致的情况下,基于第一私钥对传输数据中的第一数据密文进行解密处理。When the device identifier in the verification plaintext is consistent with the device identifier included in the second data ciphertext, and the data start collection time in the verification plaintext is consistent with the data start collection time included in the second data ciphertext, the first data ciphertext in the transmission data is decrypted based on the first private key.

上述无人机遥感数据的安全监管装置中的各个模块可全部或部分通过软件、硬件及其组合来实现。上述各模块可以硬件形式内嵌于或独立于计算机设备中的处理器中,也可以以软件形式存储于计算机设备中的存储器中,以便于处理器调用执行以上各个模块对应的操作。Each module in the above-mentioned safety supervision device for remote sensing data of unmanned aerial vehicles can be implemented in whole or in part by software, hardware and their combination. Each of the above-mentioned modules can be embedded in or independent of the processor in the computer device in the form of hardware, or can be stored in the memory of the computer device in the form of software, so that the processor can call and execute the operations corresponding to each of the above modules.

在一个实施例中,提供了一种计算机设备,该计算机设备可以是终端,其内部结构图可以如图7所示。该计算机设备包括处理器、存储器、输入/输出接口、通信接口、显示单元和输入装置。其中,处理器、存储器和输入/输出接口通过系统总线连接,通信接口、显示单元和输入装置通过输入/输出接口连接到系统总线。其中,该计算机设备的处理器用于提供计算和控制能力。该计算机设备的存储器包括非易失性存储介质和内存储器。该非易失性存储介质存储有操作系统和计算机程序。该内存储器为非易失性存储介质中的操作系统和计算机程序的运行提供环境。该计算机设备的输入/输出接口用于处理器与外部设备之间交换信息。该计算机设备的通信接口用于与外部的终端进行有线或无线方式的通信,无线方式可通过WIFI、移动蜂窝网络、NFC(近场通信)或其他技术实现。该计算机程序被处理器执行时以实现一种无人机遥感数据的安全监管方法。该计算机设备的显示单元用于形成视觉可见的画面,可以是显示屏、投影装置或虚拟现实成像装置。显示屏可以是液晶显示屏或者电子墨水显示屏,该计算机设备的输入装置可以是显示屏上覆盖的触摸层,也可以是计算机设备外壳上设置的按键、轨迹球或触控板,还可以是外接的键盘、触控板或鼠标等。In one embodiment, a computer device is provided, which may be a terminal, and its internal structure diagram may be shown in FIG7. The computer device includes a processor, a memory, an input/output interface, a communication interface, a display unit, and an input device. The processor, the memory, and the input/output interface are connected via a system bus, and the communication interface, the display unit, and the input device are connected to the system bus via the input/output interface. The processor of the computer device is used to provide computing and control capabilities. The memory of the computer device includes a non-volatile storage medium and an internal memory. The non-volatile storage medium stores an operating system and a computer program. The internal memory provides an environment for the operation of the operating system and the computer program in the non-volatile storage medium. The input/output interface of the computer device is used to exchange information between the processor and an external device. The communication interface of the computer device is used to communicate with an external terminal in a wired or wireless manner, and the wireless manner may be implemented through WIFI, a mobile cellular network, NFC (near field communication) or other technologies. When the computer program is executed by the processor, a method for safely supervising remote sensing data of a drone is implemented. The display unit of the computer device is used to form a visually visible picture, which may be a display screen, a projection device, or a virtual reality imaging device. The display screen can be a liquid crystal display screen or an electronic ink display screen, and the input device of the computer device can be a touch layer covering the display screen, or a button, trackball or touchpad set on the computer device shell, or an external keyboard, touchpad or mouse.

本领域技术人员可以理解,图7中示出的结构,仅仅是与本申请方案相关的部分结构的框图,并不构成对本申请方案所应用于其上的计算机设备的限定,具体的计算机设备可以包括比图中所示更多或更少的部件,或者组合某些部件,或者具有不同的部件布置。Those skilled in the art will understand that the structure shown in FIG. 7 is merely a block diagram of a partial structure related to the solution of the present application, and does not constitute a limitation on the computer device to which the solution of the present application is applied. The specific computer device may include more or fewer components than shown in the figure, or combine certain components, or have a different arrangement of components.

在一个实施例中,提供了一种计算机设备,包括存储器和处理器,存储器中存储有计算机程序,该处理器执行计算机程序时实现上述各方法实施例中的步骤。In one embodiment, a computer device is provided, including a memory and a processor, wherein a computer program is stored in the memory, and the processor implements the steps in the above-mentioned method embodiments when executing the computer program.

在一个实施例中,提供了一种计算机可读存储介质,其上存储有计算机程序,该计算机程序被处理器执行时实现上述各方法实施例中的步骤。In one embodiment, a computer-readable storage medium is provided, on which a computer program is stored. When the computer program is executed by a processor, the steps in the above-mentioned method embodiments are implemented.

在一个实施例中,提供了一种计算机程序产品,包括计算机程序,该计算机程序被处理器执行时实现上述各方法实施例中的步骤。In one embodiment, a computer program product is provided, including a computer program, which implements the steps in the above method embodiments when executed by a processor.

需要说明的是,本申请所涉及的用户信息(包括但不限于用户设备信息、用户个人信息等)和数据(包括但不限于用于分析的数据、存储的数据、展示的数据等),均为经用户授权或者经过各方充分授权的信息和数据,且相关数据的收集、使用和处理需要遵守相关国家和地区的相关法律法规和标准。It should be noted that the user information (including but not limited to user device information, user personal information, etc.) and data (including but not limited to data used for analysis, stored data, displayed data, etc.) involved in this application are all information and data authorized by the user or fully authorized by all parties, and the collection, use and processing of relevant data must comply with relevant laws, regulations and standards of relevant countries and regions.

本领域普通技术人员可以理解实现上述实施例方法中的全部或部分流程,是可以通过计算机程序来指令相关的硬件来完成,所述的计算机程序可存储于一非易失性计算机可读取存储介质中,该计算机程序在执行时,可包括如上述各方法的实施例的流程。其中,本申请所提供的各实施例中所使用的对存储器、数据库或其它介质的任何引用,均可包括非易失性和易失性存储器中的至少一种。非易失性存储器可包括只读存储器(Read-OnlyMemory,ROM)、磁带、软盘、闪存、光存储器、高密度嵌入式非易失性存储器、阻变存储器(ReRAM)、磁变存储器(Magnetoresistive Random Access Memory,MRAM)、铁电存储器(Ferroelectric Random Access Memory,FRAM)、相变存储器(Phase Change Memory,PCM)、石墨烯存储器等。易失性存储器可包括随机存取存储器(Random Access Memory,RAM)或外部高速缓冲存储器等。作为说明而非局限,RAM可以是多种形式,比如静态随机存取存储器(Static Random Access Memory,SRAM)或动态随机存取存储器(Dynamic RandomAccess Memory,DRAM)等。本申请所提供的各实施例中所涉及的数据库可包括关系型数据库和非关系型数据库中至少一种。非关系型数据库可包括基于区块链的分布式数据库等,不限于此。本申请所提供的各实施例中所涉及的处理器可为通用处理器、中央处理器、图形处理器、数字信号处理器、可编程逻辑器、基于量子计算的数据处理逻辑器等,不限于此。Those of ordinary skill in the art can understand that all or part of the processes in the above-mentioned embodiment methods can be completed by instructing the relevant hardware through a computer program, and the computer program can be stored in a non-volatile computer-readable storage medium. When the computer program is executed, it can include the processes of the embodiments of the above-mentioned methods. Among them, any reference to the memory, database or other medium used in the embodiments provided in the present application can include at least one of non-volatile and volatile memory. Non-volatile memory can include read-only memory (ROM), magnetic tape, floppy disk, flash memory, optical memory, high-density embedded non-volatile memory, resistive random access memory (ReRAM), magnetoresistive random access memory (MRAM), ferroelectric random access memory (FRAM), phase change memory (PCM), graphene memory, etc. Volatile memory can include random access memory (RAM) or external cache memory, etc. As an illustration and not limitation, RAM can be in various forms, such as static random access memory (SRAM) or dynamic random access memory (DRAM). The database involved in each embodiment provided in this application may include at least one of a relational database and a non-relational database. Non-relational databases may include distributed databases based on blockchains, etc., but are not limited to this. The processor involved in each embodiment provided in this application may be a general-purpose processor, a central processing unit, a graphics processor, a digital signal processor, a programmable logic device, a data processing logic device based on quantum computing, etc., but are not limited to this.

以上实施例的各技术特征可以进行任意的组合,为使描述简洁,未对上述实施例中的各个技术特征所有可能的组合都进行描述,然而,只要这些技术特征的组合不存在矛盾,都应当认为是本说明书记载的范围。The technical features of the above embodiments may be arbitrarily combined. To make the description concise, not all possible combinations of the technical features in the above embodiments are described. However, as long as there is no contradiction in the combination of these technical features, they should be considered to be within the scope of this specification.

以上所述实施例仅表达了本申请的几种实施方式,其描述较为具体和详细,但并不能因此而理解为对本申请专利范围的限制。应当指出的是,对于本领域的普通技术人员来说,在不脱离本申请构思的前提下,还可以做出若干变形和改进,这些都属于本申请的保护范围。因此,本申请的保护范围应以所附权利要求为准。The above-described embodiments only express several implementation methods of the present application, and the descriptions thereof are relatively specific and detailed, but they cannot be understood as limiting the scope of the present application. It should be pointed out that, for a person of ordinary skill in the art, several variations and improvements can be made without departing from the concept of the present application, and these all belong to the protection scope of the present application. Therefore, the protection scope of the present application shall be subject to the attached claims.

Claims (10)

1.一种无人机遥感数据的安全监管方法,其特征在于,所述方法应用于数据采集端,所述方法包括:1. A method for safety supervision of unmanned aerial vehicle remote sensing data, characterized in that the method is applied to a data collection end, and the method comprises: 向密码平台发送身份认证请求,以使所述密码平台响应于所述身份认证请求,将基于预设的数字证书确定的数字签名返回至所述数据采集端;Sending an identity authentication request to the cryptographic platform, so that the cryptographic platform responds to the identity authentication request and returns a digital signature determined based on a preset digital certificate to the data acquisition end; 将所述数字签名发送至数据处理端;所述数字签名用于指示所述数据处理端基于所述数字签名进行验签处理,得到验签结果,并将所述验签结果返回至所述数据采集端;The digital signature is sent to the data processing end; the digital signature is used to instruct the data processing end to perform signature verification based on the digital signature, obtain a signature verification result, and return the signature verification result to the data collection end; 在所述验签结果表示验证成功的情况下,基于第一公钥对采集的遥感数据进行加密处理,得到第一数据密文;When the signature verification result indicates that the verification is successful, encrypting the collected remote sensing data based on the first public key to obtain a first data ciphertext; 基于第二公钥对第一私钥进行加密处理,得到密钥密文;Encrypting the first private key based on the second public key to obtain a key ciphertext; 将包含所述第一数据密文和所述密钥密文的传输数据发送至数据处理端,以使所述数据处理端基于所述遥感数据的数据起始采集时间,查询晚于所述数据起始采集时间的预设的数字证书的有效截止时间,得到目标有效截止时间,根据所述目标有效截止时间和所述数据采集端的设备标识,确定第二私钥,基于所述第二私钥对所述传输数据中的密钥密文进行解密处理,得到所述第一私钥,并基于所述第一私钥对所述传输数据中的第一数据密文进行解密处理,得到所述遥感数据;Sending the transmission data including the first data ciphertext and the key ciphertext to the data processing end, so that the data processing end queries the effective expiration time of the preset digital certificate that is later than the data start collection time of the remote sensing data based on the data start collection time of the remote sensing data, obtains the target effective expiration time, determines the second private key according to the target effective expiration time and the device identification of the data collection end, decrypts the key ciphertext in the transmission data based on the second private key to obtain the first private key, and decrypts the first data ciphertext in the transmission data based on the first private key to obtain the remote sensing data; 其中,所述设备标识为所述数据采集端的密码芯片ID。The device identifier is the password chip ID of the data acquisition terminal. 2.根据权利要求1所述的方法,其特征在于,所述基于第一公钥对采集的遥感数据进行加密处理之前,还包括:2. The method according to claim 1, characterized in that before encrypting the collected remote sensing data based on the first public key, it also includes: 获取所述遥感数据的数据起始采集时间;Obtaining the data collection start time of the remote sensing data; 在所述数据起始采集时间早于预设的数字证书的有效截止时间的情况下,采集所述遥感数据。In the case where the data collection start time is earlier than the preset validity expiration time of the digital certificate, the remote sensing data is collected. 3.一种无人机遥感数据的安全监管方法,其特征在于,所述方法应用于数据处理端,所述方法包括:3. A method for security supervision of drone remote sensing data, characterized in that the method is applied to a data processing end, and the method comprises: 接收数据采集端发送的数字签名;所述数字签名是密码平台响应于所述数据采集端发送的身份认证请求,基于预设的数字证书确定的,并由所述密码平台发送至所述数据采集端的;Receiving a digital signature sent by the data collection terminal; the digital signature is determined by the cryptographic platform in response to the identity authentication request sent by the data collection terminal, based on a preset digital certificate, and sent by the cryptographic platform to the data collection terminal; 基于所述数字签名进行验签处理,得到验签结果,并将所述验签结果返回至所述数据采集端;所述验签结果用于在所述验签结果表示验证成功的情况下,指示所述数据采集端基于第一公钥对采集的所述遥感数据进行加密处理,得到第一数据密文;Performing a signature verification process based on the digital signature to obtain a signature verification result, and returning the signature verification result to the data acquisition end; the signature verification result is used to instruct the data acquisition end to perform encryption processing on the collected remote sensing data based on the first public key to obtain a first data ciphertext when the signature verification result indicates that the verification is successful; 接收数据采集端发送的包含第一数据密文和密钥密文的传输数据;所述第一数据密文是所述数据采集端基于第一公钥对采集的遥感数据进行加密处理得到的;所述密钥密文是所述数据采集端基于第二公钥对第一私钥进行加密处理得到的;Receive transmission data including a first data ciphertext and a key ciphertext sent by a data acquisition terminal; the first data ciphertext is obtained by the data acquisition terminal encrypting the collected remote sensing data based on the first public key; the key ciphertext is obtained by the data acquisition terminal encrypting the first private key based on the second public key; 基于所述遥感数据的数据起始采集时间,查询晚于所述数据起始采集时间的预设的数字证书的有效截止时间,得到目标有效截止时间;Based on the data start collection time of the remote sensing data, querying the effective expiration time of the preset digital certificate later than the data start collection time to obtain the target effective expiration time; 根据所述目标有效截止时间和所述数据采集端的设备标识,确定第二私钥,其中,所述设备标识为所述数据采集端的密码芯片ID;Determine a second private key according to the target effective expiration time and the device identification of the data acquisition terminal, wherein the device identification is the password chip ID of the data acquisition terminal; 基于第二私钥对所述传输数据中的密钥密文进行解密处理,得到所述第一私钥;Decrypting the key ciphertext in the transmission data based on the second private key to obtain the first private key; 基于所述第一私钥对所述传输数据中的第一数据密文进行解密处理,得到所述遥感数据。The first data ciphertext in the transmission data is decrypted based on the first private key to obtain the remote sensing data. 4.根据权利要求3所述的方法,其特征在于,所述传输数据还包括包含所述数据采集端的设备标识和所述遥感数据的数据起始采集时间的第二数据密文、以及包含所述设备标识和所述数据起始采集时间的验证明文;所述基于所述第一私钥对所述传输数据中的第一数据密文进行解密处理包括:4. The method according to claim 3 is characterized in that the transmission data further includes a second data ciphertext including a device identification of the data acquisition terminal and a data acquisition start time of the remote sensing data, and a verification plaintext including the device identification and the data acquisition start time; the decrypting the first data ciphertext in the transmission data based on the first private key includes: 在所述验证明文中的设备标识与所述第二数据密文包含的设备标识一致、且所述验证明文中的数据起始采集时间与所述第二数据密文包含的数据起始采集时间一致的情况下,基于所述第一私钥对所述传输数据中的第一数据密文进行解密处理。When the device identifier in the verification plaintext is consistent with the device identifier included in the second data ciphertext, and the data collection start time in the verification plaintext is consistent with the data collection start time included in the second data ciphertext, the first data ciphertext in the transmission data is decrypted based on the first private key. 5.一种无人机遥感数据的安全监管系统,其特征在于,所述系统包括数据采集端以及数据处理端,其中:5. A safety supervision system for unmanned aerial vehicle remote sensing data, characterized in that the system includes a data acquisition end and a data processing end, wherein: 所述数据采集端,用于向密码平台发送身份认证请求,以使所述密码平台响应于所述身份认证请求,将基于预设的数字证书确定的数字签名返回至所述数据采集端,并将所述数字签名发送至所述数据处理端;The data collection end is used to send an identity authentication request to the cryptographic platform, so that the cryptographic platform responds to the identity authentication request, returns a digital signature determined based on a preset digital certificate to the data collection end, and sends the digital signature to the data processing end; 所述数据处理端,用于基于所述数字签名进行验签处理,得到验签结果,并将所述验签结果返回至所述数据采集端;The data processing end is used to perform signature verification based on the digital signature, obtain a signature verification result, and return the signature verification result to the data collection end; 所述数据采集端,还用于在所述验签结果表示验证成功的情况下,基于第一公钥对采集的遥感数据进行加密处理,得到第一数据密文;基于第二公钥对第一私钥进行加密处理,得到密钥密文;将包含所述第一数据密文和所述密钥密文的传输数据发送至所述数据处理端;The data acquisition end is further used to, when the signature verification result indicates that the verification is successful, encrypt the collected remote sensing data based on the first public key to obtain a first data ciphertext; encrypt the first private key based on the second public key to obtain a key ciphertext; and send the transmission data including the first data ciphertext and the key ciphertext to the data processing end; 所述数据处理端,还用于基于所述遥感数据的数据起始采集时间,查询晚于所述数据起始采集时间的预设的数字证书的有效截止时间,得到目标有效截止时间;根据所述目标有效截止时间和所述数据采集端的设备标识,确定第二私钥;基于第二私钥对所述传输数据中的密钥密文进行解密处理,得到所述第一私钥;基于所述第一私钥对所述传输数据中的第一数据密文进行解密处理,得到所述遥感数据;The data processing end is further used to query the effective expiration time of the preset digital certificate later than the data start collection time of the remote sensing data based on the data start collection time of the remote sensing data, and obtain the target effective expiration time; determine the second private key according to the target effective expiration time and the device identification of the data collection end; decrypt the key ciphertext in the transmission data based on the second private key to obtain the first private key; decrypt the first data ciphertext in the transmission data based on the first private key to obtain the remote sensing data; 其中,所述设备标识为所述数据采集端的密码芯片ID。The device identifier is the password chip ID of the data acquisition terminal. 6.根据权利要求5所述的系统,其特征在于,所述数据处理端包括数据接收端和内网密码机;所述数据处理端,基于第二私钥对所述传输数据中的密钥密文进行解密处理,得到所述第一私钥;基于所述第一私钥对所述传输数据中的第一数据密文进行解密处理,得到所述遥感数据,包括:6. The system according to claim 5, characterized in that the data processing end includes a data receiving end and an intranet cipher machine; the data processing end decrypts the key ciphertext in the transmission data based on the second private key to obtain the first private key; and decrypts the first data ciphertext in the transmission data based on the first private key to obtain the remote sensing data, including: 所述数据接收端,用于接收所述数据采集端发送的所述传输数据,并将所述传输数据发送至所述内网密码机;The data receiving end is used to receive the transmission data sent by the data acquisition end, and send the transmission data to the intranet cipher machine; 所述内网密码机,用于基于第二私钥对所述传输数据中的密钥密文进行解密处理,得到所述第一私钥;基于所述第一私钥对所述传输数据中的第一数据密文进行解密处理,得到所述遥感数据。The intranet cipher machine is used to decrypt the key ciphertext in the transmission data based on the second private key to obtain the first private key; and to decrypt the first data ciphertext in the transmission data based on the first private key to obtain the remote sensing data. 7.一种无人机遥感数据的安全监管装置,其特征在于,所述装置应用于数据采集端,所述装置包括:7. A safety monitoring device for drone remote sensing data, characterized in that the device is applied to a data collection end, and the device comprises: 第一加密模块,用于向密码平台发送身份认证请求,以使所述密码平台响应于所述身份认证请求,将基于预设的数字证书确定的数字签名返回至所述数据采集端;将所述数字签名发送至数据处理端;所述数字签名用于指示所述数据处理端基于所述数字签名进行验签处理,得到验签结果,并将所述验签结果返回至所述数据采集端;在所述验签结果表示验证成功的情况下,基于第一公钥对采集的遥感数据进行加密处理,得到第一数据密文;A first encryption module is used to send an identity authentication request to the cryptographic platform, so that the cryptographic platform responds to the identity authentication request and returns a digital signature determined based on a preset digital certificate to the data acquisition end; the digital signature is sent to the data processing end; the digital signature is used to instruct the data processing end to perform a signature verification process based on the digital signature, obtain a signature verification result, and return the signature verification result to the data acquisition end; when the signature verification result indicates that the verification is successful, the collected remote sensing data is encrypted based on the first public key to obtain a first data ciphertext; 第二加密模块,用于基于第二公钥对第一私钥进行加密处理,得到密钥密文;A second encryption module, used to encrypt the first private key based on the second public key to obtain a key ciphertext; 发送模块,用于将包含所述第一数据密文和所述密钥密文的传输数据发送至数据处理端,以使所述数据处理端基于所述遥感数据的数据起始采集时间,查询晚于所述数据起始采集时间的预设的数字证书的有效截止时间,得到目标有效截止时间,根据所述目标有效截止时间和所述数据采集端的设备标识,确定第二私钥,基于第二私钥对所述传输数据中的密钥密文进行解密处理,得到所述第一私钥,并基于所述第一私钥对所述传输数据中的第一数据密文进行解密处理,得到所述遥感数据;A sending module, used for sending the transmission data including the first data ciphertext and the key ciphertext to a data processing end, so that the data processing end queries the effective expiration time of a preset digital certificate later than the data start collection time based on the data start collection time of the remote sensing data, obtains a target effective expiration time, determines a second private key according to the target effective expiration time and the device identification of the data collection end, decrypts the key ciphertext in the transmission data based on the second private key to obtain the first private key, and decrypts the first data ciphertext in the transmission data based on the first private key to obtain the remote sensing data; 其中,所述设备标识为所述数据采集端的密码芯片ID。The device identifier is the password chip ID of the data acquisition terminal. 8.根据权利要求7所述的装置,其特征在于,所述装置还包括:8. The device according to claim 7, characterized in that the device further comprises: 获取模块,用于获取遥感数据的数据起始采集时间;An acquisition module is used to obtain the start time of data collection of remote sensing data; 采集模块,用于在数据起始采集时间早于预设的数字证书的有效截止时间的情况下,采集遥感数据。The acquisition module is used to acquire remote sensing data when the data acquisition start time is earlier than the effective expiration time of the preset digital certificate. 9.一种无人机遥感数据的安全监管装置,其特征在于,所述装置应用于数据处理端,所述装置包括:9. A safety monitoring device for drone remote sensing data, characterized in that the device is applied to a data processing end, and the device comprises: 第二接收模块,用于接收数据采集端发送的数字签名;数字签名是密码平台响应于数据采集端发送的身份认证请求,基于预设的数字证书确定的,并由密码平台发送至数据采集端的;A second receiving module is used to receive a digital signature sent by the data collection terminal; the digital signature is determined by the cryptographic platform in response to the identity authentication request sent by the data collection terminal based on a preset digital certificate and sent by the cryptographic platform to the data collection terminal; 验签模块,用于基于数字签名进行验签处理,得到验签结果,并将验签结果返回至数据采集端;验签结果用于在验签结果表示验证成功的情况下,指示数据采集端基于第一公钥对采集的遥感数据进行加密处理,得到第一数据密文;The signature verification module is used to perform signature verification based on the digital signature, obtain a signature verification result, and return the signature verification result to the data acquisition end; the signature verification result is used to instruct the data acquisition end to encrypt the collected remote sensing data based on the first public key to obtain a first data ciphertext when the signature verification result indicates that the verification is successful; 第一接收模块,用于接收数据采集端发送的包含第一数据密文和密钥密文的传输数据;第一数据密文是数据采集端基于第一公钥对采集的遥感数据进行加密处理得到的;密钥密文是数据采集端基于第二公钥对第一私钥进行加密处理得到的;The first receiving module is used to receive transmission data including a first data ciphertext and a key ciphertext sent by the data acquisition end; the first data ciphertext is obtained by the data acquisition end encrypting the collected remote sensing data based on the first public key; the key ciphertext is obtained by the data acquisition end encrypting the first private key based on the second public key; 查询模块,用于基于遥感数据的数据起始采集时间,查询晚于数据起始采集时间的预设的数字证书的有效截止时间,得到目标有效截止时间;A query module, for querying the effective expiration time of a preset digital certificate later than the data start collection time based on the data start collection time of the remote sensing data, and obtaining a target effective expiration time; 确定模块,用于根据目标有效截止时间和数据采集端的设备标识,确定第二私钥,其中,所述设备标识为所述数据采集端的密码芯片ID;A determination module, used to determine the second private key according to the target effective deadline and the device identification of the data acquisition terminal, wherein the device identification is the password chip ID of the data acquisition terminal; 第一解密模块,用于基于第二私钥对传输数据中的密钥密文进行解密处理,得到第一私钥;A first decryption module, used to decrypt the key ciphertext in the transmission data based on the second private key to obtain the first private key; 第二解密模块,用于基于第一私钥对传输数据中的第一数据密文进行解密处理,得到遥感数据。The second decryption module is used to decrypt the first data ciphertext in the transmission data based on the first private key to obtain remote sensing data. 10.根据权利要求9所述的装置,其特征在于,传输数据还包括包含数据采集端的设备标识和遥感数据的数据起始采集时间的第二数据密文、以及包含设备标识和数据起始采集时间的验证明文;所述第二解密模块具体用于:10. The device according to claim 9, characterized in that the transmission data further includes a second data ciphertext including a device identification of the data acquisition terminal and a data acquisition start time of the remote sensing data, and a verification plaintext including the device identification and the data acquisition start time; the second decryption module is specifically used for: 在验证明文中的设备标识与第二数据密文包含的设备标识一致、且验证明文中的数据起始采集时间与第二数据密文包含的数据起始采集时间一致的情况下,基于第一私钥对传输数据中的第一数据密文进行解密处理。When the device identifier in the verification plaintext is consistent with the device identifier included in the second data ciphertext, and the data start collection time in the verification plaintext is consistent with the data start collection time included in the second data ciphertext, the first data ciphertext in the transmission data is decrypted based on the first private key.
CN202310162354.5A 2023-02-24 2023-02-24 Safety supervision method and device for remote sensing data of unmanned aerial vehicle Active CN116366289B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310162354.5A CN116366289B (en) 2023-02-24 2023-02-24 Safety supervision method and device for remote sensing data of unmanned aerial vehicle

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310162354.5A CN116366289B (en) 2023-02-24 2023-02-24 Safety supervision method and device for remote sensing data of unmanned aerial vehicle

Publications (2)

Publication Number Publication Date
CN116366289A CN116366289A (en) 2023-06-30
CN116366289B true CN116366289B (en) 2024-07-19

Family

ID=86932201

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310162354.5A Active CN116366289B (en) 2023-02-24 2023-02-24 Safety supervision method and device for remote sensing data of unmanned aerial vehicle

Country Status (1)

Country Link
CN (1) CN116366289B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117014223B (en) * 2023-09-06 2024-02-27 深圳龙电华鑫控股集团股份有限公司 Concentrator, data transmission method and device thereof and storage medium

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103414563A (en) * 2013-08-05 2013-11-27 南京瑞组信息技术有限公司 Validity time management method of CPK identification, secret key pair and certificate
CN108055236A (en) * 2017-11-03 2018-05-18 深圳市轱辘车联数据技术有限公司 A kind of data processing method, mobile unit and electronic equipment

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20010056541A1 (en) * 2000-05-11 2001-12-27 Natsume Matsuzaki File management apparatus
US7181762B2 (en) * 2001-01-17 2007-02-20 Arcot Systems, Inc. Apparatus for pre-authentication of users using one-time passwords
CN106506161B (en) * 2016-10-31 2023-08-15 宇龙计算机通信科技(深圳)有限公司 Privacy protection method and privacy protection device in vehicle communication
CN107896223A (en) * 2017-12-04 2018-04-10 山东渔翁信息技术股份有限公司 A kind of data processing method and system, data collecting system and data receiving system
US11290258B2 (en) * 2019-02-22 2022-03-29 Panasonic Avionics Corporation Hybrid cryptographic system and method for encrypting data for common fleet of vehicles
WO2022060288A2 (en) * 2020-09-15 2022-03-24 华为技术有限公司 Method for secure communication between unmanned aerial vehicle and remote controller, and related apparatus
CN113806772A (en) * 2021-09-03 2021-12-17 武汉虹旭信息技术有限责任公司 Information encryption transmission method and device based on block chain

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103414563A (en) * 2013-08-05 2013-11-27 南京瑞组信息技术有限公司 Validity time management method of CPK identification, secret key pair and certificate
CN108055236A (en) * 2017-11-03 2018-05-18 深圳市轱辘车联数据技术有限公司 A kind of data processing method, mobile unit and electronic equipment

Also Published As

Publication number Publication date
CN116366289A (en) 2023-06-30

Similar Documents

Publication Publication Date Title
CN110519260B (en) Information processing method and information processing device
CN102138300B (en) Message authentication code pre-computation with applications to secure memory
AU2013101034B4 (en) Registration and authentication of computing devices using a digital skeleton key
CN110460439A (en) Information transferring method, device, client, server-side and storage medium
US20150143107A1 (en) Data security tools for shared data
CN103440436A (en) Digital rights management system and methods for accessing content from an intelligent storag
CN106055936A (en) Method and device for encryption/decryption of executable program data package
CN116232639B (en) Data transmission method, device, computer equipment and storage medium
CN117155549A (en) Key distribution method, key distribution device, computer equipment and storage medium
CN116684102A (en) Message transmission method, message verification method, device, equipment, medium and product
CN114499875A (en) Service data processing method and device, computer equipment and storage medium
CN110659506A (en) Replay protection of memory based on key refresh
CN108199847A (en) Security processing method, computer equipment and storage medium
CN110011959B (en) Data storage method, data query method and system
US20170200020A1 (en) Data management system, program recording medium, communication terminal, and data management server
CN116366289B (en) Safety supervision method and device for remote sensing data of unmanned aerial vehicle
CN116094764B (en) Power grid data storage method, device and equipment of power monitoring system
CN114238886B (en) Power grid PMU identity authentication method, device, computer equipment and medium based on IBE
CN111125734A (en) Data processing method and system
CN115952519A (en) Block chain data processing method and device, electronic equipment and storage medium
CN119072898A (en) Blockchain data processing method, platform, system, device and electronic device
CN116011042A (en) Data storage method, device, system, computer equipment and storage medium
CN116112268B (en) Data processing method, device, computer equipment and storage medium
CN115941199B (en) Identity information verification method, apparatus, device, storage medium and program product
WO2024120039A1 (en) Data processing method and device, vehicle, and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant