CN1761187B - Method and system for recognizing ID of communication device - Google Patents
Method and system for recognizing ID of communication device Download PDFInfo
- Publication number
- CN1761187B CN1761187B CN 200510019775 CN200510019775A CN1761187B CN 1761187 B CN1761187 B CN 1761187B CN 200510019775 CN200510019775 CN 200510019775 CN 200510019775 A CN200510019775 A CN 200510019775A CN 1761187 B CN1761187 B CN 1761187B
- Authority
- CN
- China
- Prior art keywords
- signal
- watermark
- sending end
- communication
- signal watermark
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
- 238000004891 communication Methods 0.000 title claims abstract description 80
- 238000000034 method Methods 0.000 title claims abstract description 25
- 238000001228 spectrum Methods 0.000 claims description 14
- 238000013507 mapping Methods 0.000 claims description 6
- 238000001514 detection method Methods 0.000 claims description 4
- 238000005070 sampling Methods 0.000 claims description 4
- 230000003595 spectral effect Effects 0.000 claims 3
- 238000000605 extraction Methods 0.000 abstract description 2
- 230000005540 biological transmission Effects 0.000 description 10
- 238000005516 engineering process Methods 0.000 description 6
- 230000009545 invasion Effects 0.000 description 6
- 238000011161 development Methods 0.000 description 2
- 230000018109 developmental process Effects 0.000 description 2
- 230000011218 segmentation Effects 0.000 description 2
- 241001269238 Data Species 0.000 description 1
- 238000007405 data analysis Methods 0.000 description 1
- 238000000354 decomposition reaction Methods 0.000 description 1
- 230000002950 deficient Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 239000000463 material Substances 0.000 description 1
- 239000000203 mixture Substances 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 238000000926 separation method Methods 0.000 description 1
- 238000013519 translation Methods 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
本发明公开了一种通信设备身份识别方法及其系统。其步骤为:①发送端产生信号水印,用于标识通信设备身份;②发送端将信号水印嵌入到正常通信信号中,并发送给接收端;③接收端接收信号后,从上述通信信号中分离出信号水印;④接收端将信号水印解释并翻译为发送端的身份信息;⑤接收端将信号水印承载的身份信息转换为发送端的通信设备标识。该系统包括用于生成的信号水印的发送端和识别设备身份的接收端;发送端包括信号水印生成模块、信号水印嵌入模块和调制模块;接收端包括解调模块、信号水印提取模块和信号水印解译模块。本发明可以对网络接入设备以及其它无线通信设备进行管理,从而防止网络的非法接入,保证网络安全。
The invention discloses a communication device identification method and a system thereof. The steps are: ①The sending end generates a signal watermark to identify the identity of the communication device; ②The sending end embeds the signal watermark into the normal communication signal and sends it to the receiving end; ③After receiving the signal, the receiving end separates it from the communication signal ④The receiving end interprets and translates the signal watermark into the identity information of the sending end; ⑤The receiving end converts the identity information carried by the signal watermark into the communication device identification of the sending end. The system includes a sending end for generating a signal watermark and a receiving end for identifying device identity; the sending end includes a signal watermark generation module, a signal watermark embedding module and a modulation module; the receiving end includes a demodulation module, a signal watermark extraction module and a signal watermark Interpret the module. The invention can manage network access equipment and other wireless communication equipment, thereby preventing illegal network access and ensuring network security.
Description
Technical field
The invention belongs to communication technical field, particularly access device identification problem in the communication network, promptly a kind of communication equipment personal identification method and system thereof.
Background technology
World today's information technology fast development, human society are just entering an information-intensive society, and The development in society and economy is increasing to the degree of dependence of information resources, information technology and information industry.Information security issue paid more and more attention in the communication network.In the various attack means of harm communication security, the harm maximum that intrusion system is attacked, this class is attacked and is not only stolen confidential material, and all may make the system of being injured be absorbed in collapse at any time.Resist conventional security measures that invasion attacks all data link layer with and the upper strata realize that its core is to utilize cryptographic system that connector's identity is verified.Attack pattern at this safety measure mainly can be divided into: cryptographic attack and leak are attacked.Cryptographic attack is to attack the most frequently used method, the invador monitors by system's service commonly used or to network service and collects number of the account, after finding the effective number of the account on the main frame, just adopt the dictionary method of exhaustion to attack, perhaps obtain the password file, decode user account and password with password conjecture program then by the whole bag of tricks.It is the design leak that utilizes systems management policy or Verification System that leak is attacked, and obtains the operation power higher than lawful authority.Attack though use complicated password and system upgrade can resist invasion to a certain extent, these measures can not fundamentally solve the threat that invasion is attacked.
From the connected mode of communication network, communication network can be divided into wireless network and cable network two classes again.The safety measure of wireless network is transplanted from cable network basically and is come, and does not consider some characteristic of wireless network self.Wireless network is because the opening of its access device, and it is more hidden and dangerous than cable network to make the invasion of wireless network attack, and still, what also do not have that effective safety measure can be perfect at present addresses this problem.Trace it to its cause, present most of authentication system researchs still are confined to data link layer and upper strata thereof, if safety measure is incorporated into the physical layer of access device, just can fundamentally resist the various attack means that present communication network inserts part.
Because physical layer realizes by hardware fully, the hidden danger of having avoided password to be decrypted on the one hand, thus eliminated the leak of software systems on the other hand, have high disguise simultaneously, be difficult for being found by the attacker.But there is not data flow in networked physics layer, and therefore existing digitized authentication system all is inapplicable, needs a cover to be applicable to the safety measure system of physical layer.
Summary of the invention
The purpose of this invention is to provide a kind of communication equipment personal identification method and system thereof, to remedy the defective that the traditional identity authentication techniques are subjected to cryptographic attack and leak attack easily, the present invention has the characteristics of disguised height, good stability and Administrative Security.
A kind of communication equipment personal identification method provided by the invention may further comprise the steps:
(1) transmitting terminal produces the signal watermark, is used to identify the communication equipment identity;
(2) transmitting terminal is embedded into above-mentioned signal watermark in the normal communications signal, and transmission contains the signal of communication of signal watermark to receiving terminal;
(3) after receiving terminal receives the above-mentioned signal of communication that contains the signal watermark, from above-mentioned signal of communication, isolate the signal watermark;
(4) receiving terminal is explained the signal watermark and be translated as the identity information of transmitting terminal;
(5) receiving terminal is converted to the identity information of signal watermark carrying the communication equipment sign of transmitting terminal;
It is characterized in that:
Step (1) is:
(1.1) transmitting terminal utilizes the controlled sinusoidal signal generator of a kind of frequency, determines the frequency of sinusoidal signal according to the identify label of transmitting terminal, and its computing formula is as follows:
f
i=f+Δf=f+h(i)
Wherein, f is a reference frequency, and i is device identification, and h (i) is the mapping function of slave unit sign i to frequency shift (FS) Δ f, and f
Min>0Hz, f
Max≤ 300Hz, f
MinBe f
iMinimum value, f
MaxBe f
iMaximum;
(1.2) sinusoidal signal generator is according to specified frequency f
iProduce sinusoidal signal as the signal watermark, and select energy threshold G, the detection foundation that whether exists as the signal watermark according to the amplitude of this sinusoidal signal;
Step (2) utilizes signal synthesizer that normal communications signal and signal watermark are directly superposeed;
The watermark extracting step is in the step (3):
(3.1) analog signal sampling to receiving is translated into digital signal;
(3.2) sampled data is pressed the time segmentation;
(3.3) each segment data is carried out fast fourier transform and handle, extract f
Min-f
MaxPower spectrum in the zone;
(4.1) detect f
Min-f
MaxPower spectrum maximum in the frequency range;
(4.2) judge that this spectrum value is whether greater than predefined energy threshold G: if this spectrum value less than energy threshold, then can not exist in the assertive signal watermark; If this spectrum value greater than energy threshold G, then selects this spectrum to be worth pairing frequency values f
i
(4.3) utilize formula h (i)=f
i-f, the identity information h (i) of calculating transmitting terminal communication equipment;
Step (5) inquires the identify label of transmitting terminal communication equipment by the h (i) that stores in the identity information database and the corresponding relation between the i.
Realize system for carrying out said process, it is characterized in that: this system comprises the transmitting terminal of the signal watermark that is used to generate and the receiving terminal of identification equipment identity; At transmitting terminal, the signal watermark generation module is used to generate the signal watermark, and the signal watermark that generates is sent to signal watermark merge module; Signal watermark merge module is used for the signal watermark is embedded into normal communications signal, and signal of communication is undertaken sending in the channel after the modulation treatment by modulation module; At receiving terminal, demodulation module is used to restore the original communication signal, and utilizes signal watermark extracting module to isolate the signal watermark, and signal watermark interpretation module judges whether the signal watermark exists, and the identity information that carries in the output signal watermark.
The break traditions thinking set of communications network security measure of the present invention, the communications network security measure is deep into physical layer, proposition utilizes the signal watermark to communicate the method for equipment identities identification, effectively access node and service device are carried out authentication, thereby prevent lawless person's illegal invasion, guarantee the safety of normal data communication.The present invention compares with existing identity identifying technology, mainly contains following three characteristics:
1. disguised high.Traditional identity identifying technology can be found the existence of authentication system easily usually based on cipher mechanism by data analysis.But the signal digital watermark mainly realizes that by hardware non-specialized hardware can not find to exist the signal watermark.Even adopt special hardware that signal is analyzed, add mode if do not understand watermark, also can not find the existence of signal watermark, more impossible it is forged.
2. good stability.Traditional identity identifying technology adopts software to realize, has various software vulnerabilities usually, makes the assailant can walk around cryptosystem system is invaded.But the signal digital watermark adopts hardware to realize that general assailant can not reach this aspect, more impossible this authentication system of walking around.
3. Administrative Security.Signal watermark authentication system is a hardware keys system, and promptly each communication equipment (user) and key are bound, and promptly has only the assailant to obtain device hardware and could obtain key, as long as strengthen just can guaranteeing the management of hardware the safety of key.Even the assailant obtains hardware device, system can delete its feature watermark from database, and does not have influence on other user's proper communication.
One aspect of the present invention can be used for maintaining communications network safety, prevents password or system vulnerability illegal invasion communication network that the lawless people utilization is stolen; Also can be used for the identify label of radio station on the other hand, strengthen monitoring and management Wireless Telecom Equipment.
Description of drawings
Fig. 1 is the schematic flow sheet of the inventive method.
Fig. 2 is the structural representation of system of the present invention.
Embodiment
The present invention is further detailed explanation below in conjunction with accompanying drawing and example.
As shown in Figure 1, the treatment step of the inventive method is:
(1) transmitting terminal produces the signal watermark, is used to identify the communication equipment identity;
The signal watermark is meant the artificial sign that is used for the communication equipment identity that adds in signal of communication, has following several characteristic:
1) carrier of signal watermark is a signal of communication;
2) the signal watermark is artificial the adding;
3) the signal watermark can identify the communication equipment individuality;
4) the signal watermark can not constitute significantly interference to normal communications signal.
In a broad sense, the signal specific that satisfies above condition can be called the signal watermark.Therefore, the signal watermark can have multiple different generating mode, enumerates a kind of simple signal watermark below and generates step:
1) transmitting terminal utilizes the controlled sinusoidal signal generator of a kind of frequency, determines the frequency of sinusoidal signal according to the identify label of transmitting terminal, and its computing formula is as follows:
f
i=f+Δf=f+h(i)
Wherein, f is a reference frequency, and i is device identification, is example with 10 equipment here, therefore establishes i=0,1 ... 9, but device identification also can be the device numbering of other form in actual applications.H (i) is the mapping function of slave unit sign i to frequency shift (FS) Δ f, promptly can specify the correspondent frequency skew for different device identifications, makes h (i)=i here, is the simplest a kind of implementation method.Reference frequency f can set as required, but must guarantee the peak frequency f of signal watermark
MaxLess than lower limit 300 Hz of speech frequency, minimum frequency f
MinGreater than 0Hz.Here establish f=100Hz, so f
iScope be 100Hz-109Hz.
2) sinusoidal signal generator produces sinusoidal signal as the signal watermark according to specified frequency, and selects suitable energy threshold G according to this signal amplitude, the detection foundation that whether exists as the signal watermark.For example establishing signal amplitude is A, and then the energy in this signal one-period is A
2/ 2, so can define G=(A
2/ 4) * and α is as the watermark detection thresholding, and wherein α represents the energy gain coefficient in the communication link;
(2) transmitting terminal is embedded into above-mentioned signal watermark in the normal communications signal, and transmission contains the signal of communication of signal watermark to receiving terminal.
Transmission content and modulation system for different can adopt different watermark embedding methods.Mode of frequency regulation with transferring voice is an example, can directly utilize signal synthesizer that voice signal and signal watermark are directly superposeed.Because the frequency domain scope of voice signal is 300Hz-3400Hz, and the signal watermark is a frequency f
iThe sinusoidal signal of (this example is 100Hz-109Hz), the two separates on frequency domain, so the signal watermark can not influence the normal transmission of voice signal.
(3) after receiving terminal receives the above-mentioned signal of communication that contains the signal watermark, separation signal watermark and signal of communication.
Different watermark embedded modes adopts different watermark extracting modes.For the frequency domain embedded mode that proposes in the step (2), its watermark extracting step is as follows:
1) analog signal that receives is carried out the 8KHz sampling, be translated into digital signal;
2) sampled data is pressed the time segmentation, 8000 sampled datas that are about to each second are as one section;
3) each segment data is carried out fast Fourier transform (FFT) and handle, extracting and specifying frequency domain (is f
Min-f
MaxZone, this example are 100Hz-109Hz) power spectrum located.
Can on frequency domain, isolate signal watermark composition by above-mentioned steps.
(4) receiving terminal is explained the signal watermark and be translated as the identity information of transmitting terminal.
The explanation of the signal watermark in the step (4) and translation process are corresponding with step (1) signal watermark generative process, and for the watermark generating mode of giving an example in the step (1), its decipher step is as follows:
1) detects the power spectrum maximum of specifying in the frequency domain (this example is 100Hz-109Hz);
2) judge that this spectrum value is whether greater than predefined energy threshold G: if this spectrum value less than threshold value, then can not exist in the assertive signal watermark; If this spectrum value more than or equal to threshold value, then selects this spectrum to be worth pairing frequency values f
i
3) according to formula
h(i)=f
i-f
Calculate the communication equipment identity information h (i) of transmitting terminal.
(5) receiving terminal is converted to the identity information mapping of signal watermark carrying the communication equipment sign of transmitting terminal.In the cited in front implementation, the mapping function of employing is as follows:
h(i)=i
Therefore can directly obtain the communication equipment sign of transmitting terminal.But, if the form more complicated of mapping function h (i) just must inquire the identify label of transmitting terminal by identity information database.
Core concept of the present invention is to add the signal watermark in normal communications signal, thereby the communication equipment that sends signal is identified.Wherein, concrete signal watermark can be adopted various ways, promptly can be certain machine made signal, it also can be certain pseudo-random signal, or other any type of signal, as long as can satisfy defined four characteristics in the step (1), just belong to the category of signal watermark.For each signal watermark, corresponding signal watermark generation, embedding, extraction and decomposition method are all arranged, thereby make the concrete application mode of signal watermark have great flexibility.Therefore,, adopt appropriate signals watermark form, can satisfy the requirement of various concrete communication environments according to method provided by the present invention.
As shown in Figure 2, realize that system for carrying out said process comprises transmitting terminal 1 and 2 two subsystems of receiving terminal, wherein transmitting terminal 1 comprises signal watermark generation module 3, signal watermark merge module 4 and modulation module 5; Receiving terminal 2 comprises demodulation module 6, signal watermark extracting module 7, signal watermark interpretation module 8, identity information database 9.By the signal watermark that transmitting terminal adds, receiving terminal can be discerned the concrete identity of transmitting terminal, thereby reaches the purpose of authentication.
At transmitting terminal, signal watermark generation module 3 is used to generate the signal watermark, and the signal watermark that generates is sent to signal watermark merge module 4.Signal watermark merge module 4 is used for the signal watermark is embedded into normal communications signal, carries the signal of communication of signal watermark thereby produce.Signal of communication is undertaken sending in the channel after the modulation treatment by modulation module 5.At receiving terminal, restore the original communication signal by demodulation module 6, and utilize signal watermark extracting module 7 to isolate the signal watermark.Signal watermark interpretation module 8 judges whether the signal watermark exists, if the signal watermark does not exist, then exports predefined " sky " signal; If the signal watermark exists, then the identity information that carries in the output signal watermark.Identity information database is according to the output result of signal watermark interpretation module 8, and Query Database obtains transmitting terminal communication equipment sign.
The modulation module 5 of above-mentioned transmitting terminal and the demodulation module of receiving terminal 6 constitute transmission system.Because communication network may exist multiple propagation medium and modulation system, so transmission system must be decided according to practical situations.For the technical staff who is familiar with the communications field, can determine the constituted mode of transmission system fully according to concrete communication environment.Because transmission system is just as intermediacy, and different transmission systems can not influence the service behaviour of total system, therefore need not limit the constituted mode of transmission system.
What more than provide is a kind of implementation of the present invention under the mode of frequency regulation of transferring voice, and those skilled in the art can adopt other multiple mode to realize the present invention according to above-mentioned principle.Described a kind of generation algorithm of signal watermark in the example,, specifically adopted signal watermarking algorithm difference to some extent, but flow process of the present invention remains unanimity at different communication conditions.
In sum, the present invention is a kind of communication equipment personal identification method based on the signal digital watermark, the system that uses this method to constitute is independent of concrete communication environment, can be according to the specific requirement of the various communications fields, adopt different signal watermarking algorithms, thereby enlarged the range of application of system.According to the proposed method, those skilled in the art can be according to concrete communication environment, structure appropriate signals watermarking algorithm, thereby the communication equipment identification system among the present invention is generalized to the various communications fields, therefore the invention is not restricted to any concrete communications field, but the wide region of principle that meets here to be disclosed and feature.
Claims (1)
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200510019775 CN1761187B (en) | 2005-11-09 | 2005-11-09 | Method and system for recognizing ID of communication device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200510019775 CN1761187B (en) | 2005-11-09 | 2005-11-09 | Method and system for recognizing ID of communication device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1761187A CN1761187A (en) | 2006-04-19 |
| CN1761187B true CN1761187B (en) | 2011-04-20 |
Family
ID=36707147
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 200510019775 Expired - Fee Related CN1761187B (en) | 2005-11-09 | 2005-11-09 | Method and system for recognizing ID of communication device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1761187B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106803042A (en) * | 2015-11-25 | 2017-06-06 | 中国电信股份有限公司 | Data processing method, device and system that identity-based is identified |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1323490A (en) * | 1998-07-14 | 2001-11-21 | 皇家菲利浦电子有限公司 | Use of a watermark for the purpose of copy protection |
| CN1386226A (en) * | 2000-07-11 | 2002-12-18 | 松下电器产业株式会社 | Method and system for controlling content circulation system |
-
2005
- 2005-11-09 CN CN 200510019775 patent/CN1761187B/en not_active Expired - Fee Related
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1323490A (en) * | 1998-07-14 | 2001-11-21 | 皇家菲利浦电子有限公司 | Use of a watermark for the purpose of copy protection |
| CN1386226A (en) * | 2000-07-11 | 2002-12-18 | 松下电器产业株式会社 | Method and system for controlling content circulation system |
Non-Patent Citations (1)
| Title |
|---|
| JP特开2000-20600A 2000.01.21 |
Also Published As
| Publication number | Publication date |
|---|---|
| CN1761187A (en) | 2006-04-19 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105303659B (en) | A kind of gate inhibition's personal identification method and device based on ultrasonic wave | |
| Zhang et al. | Physical-layer authentication for Internet of Things via WFRFT-based Gaussian tag embedding | |
| Wang et al. | Cryptanalysis and improvement on two efficient remote user authentication scheme using smart cards | |
| US20100293376A1 (en) | Method for authenticating a clent mobile terminal with a remote server | |
| CN110677260B (en) | Authentication method, device, electronic equipment and storage medium | |
| US8856900B2 (en) | Method for authorising a connection between a computer terminal and a source server | |
| Li et al. | Protecting the intellectual property of deep neural networks with watermarking: The frequency domain approach | |
| TW200524327A (en) | Orthogonal frequency division multiplexing (OFDM) method and apparatus for protecting and authenticating wirelessly transmitted digital information | |
| CN116828203B (en) | Intelligent encryption protection method for electronic seal | |
| KR20070086656A (en) | Key generation using biometric data and secret extraction code | |
| CN1761187B (en) | Method and system for recognizing ID of communication device | |
| Lei et al. | Physical layer enhanced zero-trust security for wireless industrial internet of things | |
| US20210050024A1 (en) | Watermarking of Synthetic Speech | |
| CN108966232A (en) | Wireless internet of things physical layer hybrid authentication method and system based on service network | |
| CN108882236B (en) | Physical layer signal watermark embedding method based on S transformation | |
| CN116418579A (en) | A power terminal data trusted access authentication method and device | |
| CN108683500A (en) | A kind of WBAN method for secret protection based on the characteristic of channel | |
| CN115694990A (en) | Voice transmission system based on network encryption | |
| Yu et al. | A spectrum watermark embedding and extracting method based on spread spectrum technique | |
| Gera et al. | Securing data using audio steganography for the internet of things | |
| Wang et al. | A Chaos‐Based Encryption Scheme for DCT Precoded OFDM‐Based Visible Light Communication Systems | |
| Li et al. | Digital spread-spectrum watermarking identity authentication technology based on OFDM in satellite-ground communication system | |
| Guo et al. | Anti‐leakage transmission method of high privacy information in electric power communication network based on digital watermarking technology | |
| CN115834246B (en) | Cloud terminal-to-local terminal data transmission safety protection method and system | |
| Yang et al. | Secure transmission technology based on direct modulation with random channel characteristics |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C17 | Cessation of patent right | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20110420 Termination date: 20111109 |