A data communication method and system

By employing master-slave 4G link hot standby switching, dual source channel encryption, and a multi-level caching and reporting mechanism for blind spots, the problems of unreliable, insecure, and easily lost public network transmission in low-altitude aircraft monitoring scenarios have been solved, achieving seamless and traceable data transmission and security throughout the entire process.

CN122247765APending Publication Date: 2026-06-19SHAANXI NAVI INFORMATION TECH

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
SHAANXI NAVI INFORMATION TECH
Filing Date
2026-05-21
Publication Date
2026-06-19

AI Technical Summary

Technical Problem

In the scenario of monitoring low-altitude aircraft, public network transmission is unreliable, insecure, and prone to data loss. Existing communication links have slow switching speeds, which cannot meet real-time requirements, and lack an end-to-end two-way authentication security system, resulting in the loss of regulatory data and security risks.

Method used

By employing master-slave 4G link hot standby switching, dual source channel encryption, and a multi-level caching and reporting mechanism for blind spots, predictive switching of link quality, two-way authentication encryption, and multi-level data caching are achieved to ensure the continuity and security of data transmission.

Benefits of technology

It enables seamless traceability of monitoring data throughout the entire flight process of low-altitude aircraft, reduces link switching latency, enhances the security and integrity of data transmission, and prevents permanent data loss.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN122247765A_ABST
    Figure CN122247765A_ABST
Patent Text Reader

Abstract

This invention relates to the field of data communication technology and discloses a data communication method and system. The method includes: calculating the average RSRP of the primary 4G link over multiple consecutive periods; when the average RSRP is lower than the link switching threshold, switching the service route to the secondary 4G link in a hot standby state, and determining the secondary 4G link as a valid 4G link; triggering the airborne monitoring equipment and the remote monitoring platform to perform bidirectional authentication and generate a session key based on the valid 4G link; using the session key to perform SM4 source encryption on the monitoring data, adding a UTC timestamp, and performing channel encryption to obtain a double-encrypted message; transmitting the double-encrypted message to the secure access gateway of the remote monitoring platform; and having the secure access gateway of the remote monitoring platform perform channel decryption on the double-encrypted message to obtain a source-encrypted data packet, which is then forwarded to the remote monitoring platform. This method achieves seamless traceability of monitoring data throughout the entire flight process of a low-altitude aircraft.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This invention relates to the field of data communication technology, and in particular to a data communication method and system. Background Technology

[0002] With the rapid development of the low-altitude economy, the application scenarios of low-altitude aircraft such as drones are becoming increasingly widespread. The popularization of low-altitude aircraft has also brought challenges to safety supervision. Traditional supervision methods are difficult to effectively and in real time monitor and manage low-altitude aircraft.

[0003] In low-altitude aircraft surveillance applications, the mainstream solution is for surveillance equipment to interact with remote surveillance platforms via public mobile communication networks. However, drone flight areas often have 4G signal blind spots or weak signal areas. Existing primary / backup communication link switching mechanisms are mostly triggered by heartbeat timeouts, resulting in slow switching speeds that cannot meet the high real-time requirements of drone surveillance. This can lead to the loss of a large amount of surveillance data during high-speed flight. Furthermore, public network transmission faces risks such as eavesdropping, man-in-the-middle attacks, and data tampering. Existing solutions often use simple application-layer encryption and lack an end-to-end bidirectional authentication security system from the link layer to the application layer. During communication interruptions, locally cached data is often simply retransmitted after recovery, lacking priority scheduling and integrity guarantees. There is a risk of permanent loss of cached data due to power failure, making it difficult to meet the stringent requirement of full traceability of surveillance data. Summary of the Invention

[0004] This invention provides a data communication method and system. This invention effectively solves the technical problems of unreliable and insecure public network transmission and easy data loss in the monitoring scenario of low-altitude aircraft, and realizes seamless traceability of monitoring data throughout the entire flight process of low-altitude aircraft.

[0005] In a first aspect, the present invention provides a data communication method, the data communication method comprising: Calculate the average RSRP of the primary 4G link over multiple consecutive periods. When the average RSRP is lower than the link switching threshold, switch the service route to the secondary 4G link that is in hot standby state, and determine the secondary 4G link as a valid 4G link. Based on the effective 4G link, the airborne monitoring equipment and the remote monitoring platform perform two-way authentication and generate a session key. The monitoring data is then encrypted using SM4 source encryption and appended with a UTC timestamp to obtain a source encrypted data packet. The source encrypted data packet is encapsulated into a double-encrypted message and transmitted to the secure access gateway of the remote monitoring platform through the valid 4G link. The double-encrypted message is then decrypted to obtain the source encrypted data packet, which is then forwarded to the remote monitoring platform.

[0006] In conjunction with the first aspect, in a first implementation of the first aspect of the present invention, the step of calculating the average RSRP of the primary 4G link over multiple consecutive periods, and when the average RSRP is lower than the link switching threshold, switching the service route to the secondary 4G link in a hot standby state, and determining the secondary 4G link as a valid 4G link, includes: The RSRP of the main 4G link is sampled continuously for multiple periods to obtain the first RSRP of the main 4G link, and the average RSRP of the main 4G link is calculated based on the first RSRP. When the average RSRP is lower than the link handover threshold and the second RSRP of the 4G link is higher than the takeover quality threshold, the service route is redirected to the 4G link in hot standby state at the operating system routing layer, and the 4G link is determined to be a valid 4G link.

[0007] In conjunction with the first aspect, in a second implementation of the first aspect of the present invention, after switching the service route to the secondary 4G link which is in a hot standby state, the third RSRP of the primary 4G link is continuously sampled; When the third RSRP is higher than the back-switch quality threshold, the service route is back-switched from the 4G link interface to the main 4G link, and the main 4G link is determined to be a valid 4G link, wherein the back-switch quality threshold is higher than the link switching threshold.

[0008] In conjunction with the first aspect, in the third implementation of the first aspect of the present invention, the step of triggering bidirectional authentication between the airborne monitoring equipment and the remote monitoring platform based on the effective 4G link and generating a session key, and using the session key to perform SM4 source encryption on the monitoring data and append a UTC timestamp to obtain a source-encrypted data packet, includes: Based on the effective 4G link, the airborne monitoring equipment and the remote monitoring platform are triggered to perform two-way authentication, and a session key is generated after the two-way authentication is successful. The monitoring data is encrypted using the session key using SM4 source encryption to obtain application layer ciphertext, and SM3 hash calculation is performed on the application layer ciphertext to obtain a first hash check value. The application layer ciphertext, the first hash check value, and the UTC timestamp are packaged and encapsulated to obtain the source encrypted data packet.

[0009] In conjunction with the first aspect, in the fourth implementation of the first aspect of the present invention, the step of triggering two-way authentication between the airborne monitoring equipment and the remote monitoring platform based on the effective 4G link, and generating a session key after successful two-way authentication, includes: Based on the effective 4G link triggering the TLS handshake, the airborne monitoring equipment sends the SM2 device certificate to the remote monitoring platform. The remote monitoring platform verifies the legitimacy of the SM2 device certificate using a pre-set CA root certificate public key. At the same time, the remote monitoring platform sends the SM2 platform certificate to the airborne monitoring equipment. The airborne monitoring equipment verifies the legitimacy of the SM2 platform certificate using a pre-set CA root certificate public key, thus obtaining a two-way authentication result. After the two-way authentication result confirms the legitimacy of both parties' identities, the airborne monitoring equipment and the remote monitoring platform execute the SM2 key negotiation algorithm to obtain the session key.

[0010] In conjunction with the first aspect, in the fifth implementation of the first aspect of the present invention, the step of encapsulating the source encrypted data packet into a double-encrypted message and transmitting it through the effective 4G link to the secure access gateway of the remote monitoring platform, and performing channel decryption on the double-encrypted message to obtain the source encrypted data packet and forwarding it to the remote monitoring platform, includes: Based on the effective 4G link, an IPSec VPN encrypted tunnel is negotiated and established between the airborne monitoring equipment and the secure access gateway of the remote monitoring platform using the IKEv2 protocol. The source encrypted data packet is encapsulated into an IPSec ESP message according to the IPSec VPN encrypted tunnel, and the payload field of the IPSec ESP message is encrypted using the SM4-CBC mode to obtain a double-encrypted message. The double-encrypted message is transmitted to the secure access gateway of the remote monitoring platform through the effective 4G link. The secure access gateway performs channel decryption on the double-encrypted message in SM4-CBC mode to obtain the source encrypted data packet. The secure access gateway of the remote monitoring platform forwards the encrypted data packet from the information source to the remote monitoring platform.

[0011] In conjunction with the first aspect, in the sixth implementation of the first aspect of the present invention, based on the effective 4G link, an IPSec VPN encrypted tunnel is negotiated and established between the airborne monitoring equipment and the secure access gateway of the remote monitoring platform using the IKEv2 protocol. The source encrypted data packet is encapsulated into an IPSec ESP message according to the IPSec VPN encrypted tunnel, and channel encryption is performed on the payload field of the IPSec ESP message in SM4-CBC mode to obtain a double-encrypted message, including: Based on the effective 4G link, a security association negotiation is performed between the airborne monitoring equipment and the secure access gateway of the remote monitoring platform using the IKEv2 protocol. During the negotiation process, UDP encapsulation is enabled to support NAT traversal, resulting in an IPSec VPN encrypted tunnel. Based on the IPSec VPN encrypted tunnel, the source encrypted data packet is encapsulated into an IPSec ESP message, and the payload field of the IPSec ESP message is encrypted using SM4-CBC mode to obtain a double-encrypted message.

[0012] In conjunction with the first aspect, in the seventh implementation of the first aspect of the present invention, after the source encrypted data packet is transmitted to the remote monitoring platform through the effective 4G link, an SM3 hash check is performed on the application layer ciphertext in the source encrypted data packet to obtain a second hash check value, and the second hash check value is compared with the first hash check value carried in the source encrypted data packet to verify the integrity of the source encrypted data packet; after the integrity verification is passed, the application layer ciphertext is decrypted using the session key to obtain the plaintext monitoring data.

[0013] In conjunction with the first aspect, in the eighth implementation of the first aspect of the present invention, when both the primary 4G link and the secondary 4G link meet the blind zone judgment condition, the regulatory data is appended with a data type mark and written into the SRAM cache, and the regulatory data in the SRAM cache is snapshotted to the eMMC. After communication is restored, the monitoring data is read from the SRAM cache or the eMMC in the order of priority of key alarm data over regular status data, and then supplemented by reporting to the remote monitoring platform in ascending order of the UTC timestamp.

[0014] In a second aspect, the present invention provides a data communication system, the data communication system comprising: The routing switching module is used to calculate the average RSRP of the primary 4G link over multiple consecutive periods. When the average RSRP is lower than the link switching threshold, the service route is switched to the secondary 4G link that is in hot standby state, and the secondary 4G link is determined to be a valid 4G link. The source encryption module is used to trigger the airborne monitoring equipment and the remote monitoring platform to perform two-way authentication based on the effective 4G link and generate a session key. The session key is used to perform SM4 source encryption on the monitoring data and add a UTC timestamp to obtain a source encrypted data packet. The data transmission module is used to encapsulate the source encrypted data packet into a double-encrypted message and transmit it to the secure access gateway of the remote monitoring platform through the effective 4G link, and to perform channel decryption on the double-encrypted message to obtain the source encrypted data packet and forward it to the remote monitoring platform.

[0015] The technical solution provided by this invention effectively solves the technical problems of unreliable, insecure, and easily lost public network transmission in low-altitude aircraft monitoring scenarios through the synergistic effect of three core mechanisms: master-slave 4G link hot standby switching, dual source channel encryption, and multi-level buffering and supplementary reporting in blind zones. Regarding link reliability, by performing multi-period moving average calculation on the RSRP of the master 4G link and setting an asymmetric back-switch threshold, the link switching trigger logic is shifted from passively sensing link failure to actively predicting degradation. Combined with the design of the slave 4G link always maintaining a hot standby state, service routing redirection can be completed without re-handshaking, significantly reducing link switching latency and effectively ensuring the continuity of uplink transmission of monitoring data. Regarding data security, SM2 digital certificate two-way authentication ensures the trustworthiness of both communicating parties. SM4 algorithm is used to perform application-layer source encryption on business data, with an additional SM3 hash checksum. Then, IPSec VPN encryption tunnel performs transport-layer channel encryption, forming a dual-layer independent encryption protection structure of "ciphertext within ciphertext." Even if one layer of encryption is compromised, the other layer remains independently effective, fundamentally eliminating the risks of eavesdropping, tampering, and forgery during public network transmission. Regarding data integrity, a two-level storage mechanism—prioritizing the writing of blind-zone monitoring data to SRAM and taking snapshots to eMMC at preset intervals—effectively prevents the permanent loss of cached data due to unexpected power outages. After communication is restored, an ordered reporting strategy prioritizing key alarm data and ascending UTC timestamps enables the remote monitoring platform to accurately insert the reported data into the corresponding time sequence of historical monitoring data streams, achieving seamless traceability of monitoring data throughout the entire flight process of low-altitude aircraft.

[0016] Other features and advantages of the invention will be set forth in the description which follows, and will be apparent in part from the description, or may be learned by practicing the invention. The objects and other advantages of the invention are realized and obtained in accordance with the structures particularly pointed out in the description, claims and drawings.

[0017] To make the above-mentioned objects, features and advantages of the present invention more apparent and understandable, preferred embodiments are described below in detail with reference to the accompanying drawings. Attached Figure Description

[0018] Figure 1 This is a schematic diagram of one embodiment of the data communication method in this invention; Figure 2 This is a schematic diagram of the process for determining a valid 4G link in an embodiment of the present invention; Figure 3 This is a schematic diagram of the SM4 source data encryption process in an embodiment of the present invention; Figure 4 This is a schematic diagram illustrating the process of transmitting data to a remote monitoring platform in an embodiment of the present invention; Figure 5This is a schematic diagram of one embodiment of the data communication system in this invention. Detailed Implementation

[0019] To make the objectives, technical solutions, and advantages of the embodiments of the present invention clearer, the technical solutions of the present invention will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are only some embodiments of the present invention, not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those skilled in the art without creative effort are within the scope of protection of the present invention.

[0020] The terms "comprising" and "having," and any variations thereof, used in the embodiments of this invention are intended to cover non-exclusive inclusion. For example, a process, method, system, product, or device that includes a series of steps or units is not limited to the steps or units listed, but may optionally include other steps or units not listed, or may optionally include other steps or units inherent to these processes, methods, products, or devices.

[0021] To facilitate understanding of this embodiment, a data communication method disclosed in this invention will first be described in detail. For example... Figure 1 As shown, this method includes the following steps: 101. Calculate the average RSRP of the primary 4G link over multiple consecutive periods. When the average RSRP is lower than the link switching threshold, switch the service route to the secondary 4G link that is in hot standby state and determine the secondary 4G link as a valid 4G link. 102. Based on a valid 4G link, trigger the airborne monitoring equipment and the remote monitoring platform to perform two-way authentication and generate a session key. Use the session key to perform SM4 source encryption on the monitoring data and add a UTC timestamp to obtain a source encrypted data packet. 103. Encapsulate the encrypted data packet from the source into a double-encrypted message and transmit it through a valid 4G link to the secure access gateway of the remote monitoring platform. Then, perform channel decryption on the double-encrypted message to obtain the encrypted data packet from the source and forward it to the remote monitoring platform.

[0022] In one specific embodiment, such as Figure 2 The process of executing step 101 may specifically include the following steps: 1011. Perform continuous multi-cycle sampling of the RSRP of the main 4G link to obtain the first RSRP of the main 4G link, and calculate the average RSRP of the main 4G link based on the first RSRP. 1012. When the average RSRP is lower than the link handover threshold and the second RSRP of the 4G link is higher than the takeover quality threshold, the service route is redirected to the 4G link in hot standby state at the operating system routing layer, and the 4G link is determined to be a valid 4G link.

[0023] Specifically, after the airborne monitoring equipment completes the network registration of the primary and secondary 4G communication modules, the primary 4G link is set as the default bearer link, and the secondary 4G link is set as a hot standby link. The secondary 4G link does not carry the current service data stream, but it always maintains an online registration status and a communication readiness state ready to take over at any time, avoiding the need to re-execute network registration and session establishment during link switching, thus reducing link migration latency. The link monitoring unit continuously collects the reference signal received power (RSRP) of the primary 4G link at a preset sampling period of 100 milliseconds, with three consecutive sampling periods forming a continuous judgment window with a total duration of 300 milliseconds. The RSRP value of the primary 4G link is read once at each sampling moment, and the results of three consecutive samplings are written to the sliding buffer to obtain the first RSRP sequence of the primary 4G link. To mitigate the interference of transient fading, short-term obstruction, and flight attitude fluctuations on single-point measurement results, the average RSRP of the primary 4G link is calculated based on the first RSRP obtained from continuous sampling. When the average RSRP is lower than the link handover threshold, it indicates that the primary 4G link has entered a continuous degradation zone, and the link handover threshold is set to -110 dBm. Simultaneously, the second RSRP of the secondary 4G link at the current moment is detected, and the second RSRP is compared with the takeover quality threshold, which is set to -105 dBm. When the second RSRP of the secondary 4G link is higher than -105 dBm, it is determined that the secondary 4G link has sufficient takeover capability. When both of the above conditions are met, the switching control unit modifies the default route exit at the operating system routing layer, redirecting the data transmission path originally bound to the primary 4G communication module to the network interface corresponding to the secondary 4G communication module. This ensures that all real-time monitoring data, alarm data, location data, and control interaction data are now transmitted via the secondary 4G link. Simultaneously, the secondary 4G link is marked as a valid 4G link in the link status table, and the primary 4G link is switched to recovery monitoring state to continue sampling and determining whether the primary 4G link is ready for a switchback. Since the secondary 4G link is already in a hot standby state before the switch, there is no need to re-initiate the complete connection establishment process during service migration. After the routing layer completes the redirection, it can directly use the secondary 4G link to forward service data in subsequent transmission cycles, thus keeping link migration latency at a low level. During the switching operation, a single-active bearer mechanism is maintained, meaning that only one 4G link is allowed to handle service data transmission at any given time, avoiding out-of-order delivery, duplicate reception, or state conflicts at the receiving end caused by concurrent transmission of the same service stream by two links.

[0024] In one specific embodiment, after switching the service route to the secondary 4G link which is in hot standby state, the third RSRP of the primary 4G link is continuously sampled; When the third RSRP is higher than the back-switch quality threshold, the service route will be switched back from the 4G link interface to the main 4G link, and the main 4G link will be determined as a valid 4G link, where the back-switch quality threshold is higher than the link switching threshold.

[0025] Specifically, after the service routing has switched from the primary 4G link to the secondary 4G link in a hot standby state, the primary 4G link enters the recovery determination state, and the reference signal received power of the primary 4G link continues to be sampled at a fixed period of 100 milliseconds to ensure consistency between the monitoring mechanisms before and after, and to avoid drift in the recovery determination standard due to changes in sampling granularity. The signal strength of the primary 4G link obtained from continuous sampling is the third RSRP. The third RSRP reflects whether the primary 4G link has recovered from a weak coverage area to a stable communication area after exiting the current service bearer. To prevent the service back-switching from being triggered immediately after a short-term rebound of the primary 4G link, the recovery determination requires the third RSRP to be continuously and stably higher than the back-switching quality threshold and maintained for a preset duration of 1 second. Since the sampling period is 100 milliseconds, this means that 10 consecutive sampling results must meet the back-switching conditions before the primary 4G link is considered to have recovered from sporadic fluctuations to a sustainable bearer state. The back-switch quality threshold is set to -100 dBm, while the link handover threshold is set to -110 dBm, thus forming a 10 dBm asymmetric hysteresis band. This means that the primary 4G link is only allowed to take over services again when the signal quality is significantly higher than the critical area that previously triggered the handover. This avoids the ping-pong effect of repeatedly triggering "handover-back-handover" when the primary 4G link fluctuates around -110 dBm. When the link monitoring unit detects that the third RSRP is higher than -100 dBm for one consecutive second, the back-switch evaluation process is triggered. At this time, the handover control unit makes a comprehensive judgment based on the current carrying status of the secondary 4G link. It confirms that although the secondary 4G link is carrying services, it does not show a significant quality advantage over the primary 4G link, thus ensuring that the back-switch action is necessary rather than mechanically executed. After meeting the above conditions, the operating system routing layer performs a reverse redirection of the service egress, switching the data transmission path originally bound to the secondary 4G link interface back to the primary 4G link interface. This allows real-time monitoring data, status reporting data, alarm data, and control interaction data to be transmitted again via the primary 4G link, and simultaneously updates the link state table, marking the primary 4G link as a valid 4G link, while restoring the secondary 4G link to a hot standby state. Since both the secondary and primary 4G links consistently execute a single-active bearer mechanism throughout the process, allowing only one link to handle service data transmission tasks at any given time, the issue of simultaneous transmission of the same service flow by both links during the backswitching process is avoided, thus preventing remote end reception order disorder, packet duplication, and state conflicts. Furthermore, the backswitching action is completed by the operating system routing layer, without requiring additional data session reconstruction, thus maintaining the same fast migration characteristics as the forward handover, making the service layer essentially unaware of changes in the bearer link.

[0026] In one specific embodiment, such as Figure 3 The process of executing step 102 may specifically include the following steps: 1021. Based on a valid 4G link, trigger the airborne monitoring equipment and the remote monitoring platform to perform two-way authentication, and generate a session key after the two-way authentication is successful; 1022. Perform SM4 source encryption on the regulatory data using the session key to obtain application layer ciphertext, and perform SM3 hash calculation on the application layer ciphertext to obtain the first hash check value; 1023. Package and encapsulate the application layer ciphertext, the first hash check value, and the UTC timestamp to obtain the source encrypted data packet.

[0027] Specifically, once the primary or secondary 4G link has been determined to be a valid 4G link through link quality assessment, the airborne monitoring equipment initiates an authentication process using this valid 4G link as a secure session channel. This triggers the transmission security initialization process, where the communication security control unit invokes the TLS handshake procedure. The airborne monitoring equipment first sends its SM2 device certificate to the remote monitoring platform. Upon receiving the SM2 device certificate, the remote monitoring platform verifies its legitimacy using a pre-set CA root certificate public key. This verification includes checking the trustworthiness of the certificate issuance chain, the matching of certificate identifiers, the validity period of the certificate, and the completeness of the certificate. After completing device-side authentication on the remote monitoring platform, the platform returns the SM2 platform certificate to the airborne monitoring equipment. The airborne monitoring equipment then verifies the SM2 platform certificate using the same pre-set CA root certificate public key, completing the two-way confirmation of identity. Only after both the airborne surveillance equipment and the remote surveillance platform have confirmed the other party's legitimacy will the SM2 key negotiation algorithm be executed to negotiate and derive a session key specific to this communication session. This session key is not a static key that remains unchanged over a long period, but rather a temporary symmetric key bound to the current authentication process. It is used for application-layer encryption of the surveillance data, thereby avoiding the security risks associated with reusing the same key over a long period and supporting secure communication continuity during link switching, base station switching, or session updates. The airborne surveillance equipment sends the surveillance data to be reported into the application-layer security processing flow. This surveillance data includes latitude, longitude, altitude, speed, and azimuth data collected by the positioning module, pitch, roll, and yaw angle data collected by the attitude sensor, and relative ground height data collected by the altimeter module. The communication security control unit calls the SM4 algorithm to perform source encryption processing on the surveillance data using the session key, obtaining application-layer ciphertext. Source encryption occurs at the application layer, protecting the confidentiality of business data before it enters the public network transmission path. Even if subsequent messages are intercepted during transmission over the public network, the original regulatory data content cannot be recovered without the session key. To ensure the integrity of the application-layer ciphertext during transmission, an SM3 hash calculation is performed on the ciphertext to obtain a first hash check value. This first hash check value characterizes the digest features of the current application-layer ciphertext; any byte alteration will cause a change in the first hash check value. After receiving data, the remote monitoring platform recalculates the hash result using the same algorithm and performs a consistency check to determine whether the data has been tampered with during transmission.The encapsulation unit packages the application layer ciphertext, the first hash checksum, and the UTC timestamp into a unified format source encrypted data packet. The UTC timestamp uses millisecond-level precision to record the precise moment this regulatory data was actually generated on the airborne monitoring equipment side. Under normal communication conditions, the remote monitoring platform uses the UTC timestamp to reconstruct the true generation order of the regulatory data, avoiding timing misjudgments based solely on the receiving order. When both the primary and secondary 4G links simultaneously enter a communication dead zone and trigger local buffering, and subsequently resume communication and perform historical data supplementation, the remote monitoring platform inserts the supplementary data into the historical monitoring data stream in the correct timing order based on the UTC timestamp, thereby maintaining the temporal continuity of service information such as trajectory, attitude, and alarms. During encapsulation, the packet header includes a data type identifier, a length field, and a session identifier field, enabling the remote monitoring platform to first extract the application layer ciphertext upon receipt, then read the first hash checksum and the UTC timestamp, and perform integrity verification and subsequent decryption processing in a predetermined order.

[0028] In one specific embodiment, the process of triggering two-way authentication between the airborne monitoring equipment and the remote monitoring platform based on a valid 4G link, and generating a session key after successful two-way authentication, can specifically include the following steps: Based on a valid 4G link triggering a TLS handshake, the airborne monitoring equipment sends the SM2 device certificate to the remote monitoring platform. The remote monitoring platform verifies the legitimacy of the SM2 device certificate using a pre-set CA root certificate public key. At the same time, the remote monitoring platform sends the SM2 platform certificate to the airborne monitoring equipment. The airborne monitoring equipment verifies the legitimacy of the SM2 platform certificate using a pre-set CA root certificate public key, thus obtaining a two-way authentication result. After the two-way authentication results confirm the legitimacy of both parties, the airborne monitoring equipment and the remote monitoring platform execute the SM2 key negotiation algorithm to obtain the session key.

[0029] Specifically, once the primary or secondary 4G link has completed link quality assessment and been confirmed as a valid 4G link, the airborne monitoring equipment uses this valid 4G link as a secure access channel to initiate a TLS handshake process with the remote monitoring platform. At this point, an underlying TCP connection is established, and immediately after connection establishment, the certificate exchange and identity verification phase begins. The airborne monitoring equipment sends an SM2 device certificate to the remote monitoring platform in the handshake message. Upon receiving the SM2 device certificate, the remote monitoring platform invokes the certificate verification module to perform a validity verification of the SM2 device certificate using a pre-configured CA root certificate public key. This validity verification includes verifying the trustworthiness of the certificate issuance chain, the completeness of the certificate content, the matching of the certificate identifier, and the validity of the certificate. Correspondingly, the remote monitoring platform sends an SM2 platform certificate to the airborne monitoring equipment. Upon receiving the SM2 platform certificate, the airborne monitoring equipment performs the same validity verification on the SM2 platform certificate using a locally pre-configured CA root certificate public key, thus independently confirming the identity of the other end at both ends of the communication. The authentication result is considered successful only when both the airborne monitoring equipment and the remote monitoring platform verify the SM2 platform certificate. This prevents unauthorized devices from impersonating and accessing the platform, and also prevents man-in-the-middle attacks launched by forging platform identities. After confirming the legitimacy of both parties through two-way authentication, the airborne monitoring equipment and the remote monitoring platform execute the SM2 key negotiation algorithm to generate a session key specific to this communication session. This session key is a symmetric encryption key used for SM4 source encryption of the monitoring data. Separating the authentication and session key generation phases allows the SM2 certificate to handle identity verification, while the session key handles the encryption of subsequent large volumes of business data, thus balancing identity authentication and data processing efficiency. The session key is bound to the current session and supports a dynamic, periodic update mechanism. Even if the session key of a particular communication session is leaked, the plaintext content of previous sessions cannot be deduced, meeting forward security requirements. Meanwhile, through UDP encapsulation, NAT traversal, and tunnel state maintenance mechanisms, the session persistence capability can be improved in scenarios where IP addresses change dynamically due to 4G network base station switching, reducing the probability of renegotiation triggered by frequent base station switching, thereby reducing the probability of communication interruption.

[0030] In one specific embodiment, such as Figure 4 The process of executing step 103 can specifically include the following steps: 1031. Based on an effective 4G link, an IPSec VPN encrypted tunnel is negotiated and established between the airborne monitoring equipment and the secure access gateway of the remote monitoring platform using the IKEv2 protocol. The source encrypted data packets are encapsulated into IPSec ESP messages according to the IPSec VPN encrypted tunnel and channel encryption is performed in SM4-CBC mode to obtain double-encrypted messages. 1032. The double-encrypted message is transmitted to the secure access gateway of the remote monitoring platform through an effective 4G link. The secure access gateway performs channel decryption on the double-encrypted message in SM4-CBC mode to obtain the source encrypted data packet. 1033. The secure access gateway of the remote monitoring platform forwards the encrypted data packet of the information source to the remote monitoring platform.

[0031] Specifically, the tunnel control unit initiates an IKEv2 negotiation process with the secure access gateway on the remote monitoring platform side through the currently valid 4G link to establish a transport-layer-oriented IPSec VPN encrypted tunnel. Since the airborne monitoring equipment is in a 4G public network access environment, the public network address is dynamically allocated and may change during base station handover. Therefore, UDP encapsulation is enabled during the IKEv2 negotiation phase to support NAT traversal, ensuring the tunnel can be successfully established and maintain connectivity even under dynamic address and public network translation environments. After the security association negotiation is completed, a corresponding set of IPSec security parameters is generated between the airborne monitoring equipment and the secure access gateway, forming a VPN encrypted tunnel for carrying service data. The source encrypted data packet is used as the payload to be transmitted, encapsulated into an IPSec ESP message, and the payload field of the IPSec ESP message is subjected to channel encryption processing in SM4-CBC mode to obtain a double-encrypted message. The dual encryption consists of an inner layer of SM4 source encryption based on a session key for the regulatory data, and an outer layer of SM4-CBC channel encryption based on a VPN tunnel for the ESP payload. These two layers operate at different security boundaries: the inner layer protects the service content itself, while the outer layer protects the message payload during public network transmission. Therefore, even if the outer tunnel is detected, the attacker only obtains the application-layer ciphertext that has already undergone source encryption, forming a layered security protection structure. The airborne regulatory equipment sends the dual-encrypted messages to the secure access gateway on the remote regulatory platform via a valid 4G link. The secure access gateway, acting as the endpoint of the VPN tunnel, verifies and decapsulates the received ESP messages based on existing security associations, and performs channel decryption on the dual-encrypted messages in SM4-CBC mode, thereby recovering the inner source-encrypted data packet. The secure access gateway here is only responsible for tunnel decryption and message restoration at the public network transport layer. It does not directly perform plaintext recovery processing on the application layer ciphertext. Therefore, the data recovered at the secure access gateway remains in the source encryption state, thus separating "public network transmission protection" from "business plaintext access permissions." This prevents network access layer nodes from directly accessing the plaintext of regulatory data and improves the access control strength within the system. After channel decryption, the secure access gateway forwards the recovered source encryption data packet to the remote monitoring platform. During this transmission, the data objects sent include the application layer ciphertext, the first hash checksum, and the UTC timestamp. Therefore, after receiving the source encryption data packet, the remote monitoring platform maintains the consistency of the time sequence of the regulatory data based on the UTC timestamp. At the same time, it uses the first hash checksum to verify the integrity of the application layer ciphertext. Only after the integrity verification is passed does it call the session key to perform application layer decryption to restore the original regulatory data content.To ensure transmission continuity during link switching scenarios, the IPSec VPN tunnel establishment and maintenance process is linked to the status of the valid 4G link. When the primary or secondary 4G link undergoes a bearer switch, the new valid 4G link needs to continue to support the tunnel connectivity status, thereby ensuring the stability of the transmission path for double-encrypted messages. At the same time, the tunnel management unit outputs the connectivity status flag of the current IPSec VPN tunnel.

[0032] In one specific embodiment, the execution steps, based on a valid 4G link, involve negotiating and establishing an IPSec VPN encrypted tunnel between the airborne monitoring equipment and the secure access gateway of the remote monitoring platform using the IKEv2 protocol. The process of encapsulating source encrypted data packets into IPSec ESP messages and performing channel encryption in SM4-CBC mode to obtain double-encrypted messages can specifically include the following steps: Based on a valid 4G link, a security association negotiation is performed between the airborne monitoring equipment and the secure access gateway of the remote monitoring platform using the IKEv2 protocol. During the negotiation process, UDP encapsulation is enabled to support NAT traversal, resulting in an IPSec VPN encrypted tunnel. Based on the IPSec VPN encrypted tunnel, the source encrypted data packet is encapsulated into an IPSec ESP message, and the payload field of the IPSec ESP message is encrypted using SM4-CBC mode to obtain a double-encrypted message.

[0033] Specifically, the airborne surveillance equipment uses a valid 4G link as the public network bearer path and initiates a security association negotiation process based on the IKEv2 protocol with the secure access gateway on the remote surveillance platform side. At the start of the negotiation, the airborne surveillance equipment first sends an initialization request message to the secure access gateway to declare the security parameter combinations supported by the device. In subsequent negotiation messages, it further confirms the set of algorithms used for IPSec tunnel protection, with the channel encryption algorithm selected as SM4-CBC mode. Since the airborne surveillance equipment uses a dynamic IP address allocation mechanism when accessing the 4G public network, and there are situations such as base station switching, address drift, and changes in public network address mapping during flight, if the tunnel is still established using a fixed address direct connection method, it is easy to cause security association failure or tunnel establishment failure. Therefore, a UDP encapsulation mechanism is simultaneously enabled during the security association negotiation process to support NAT traversal, so that the IKEv2 negotiation message and subsequent IPSec service message can be transmitted stably in the public network address translation environment, thereby obtaining a sustainable IPSec VPN encrypted tunnel. After tunnel establishment, the source encrypted data packet is sent as the inner payload to the network layer encapsulation process. The source encrypted data packet contains application layer ciphertext, a first hash checksum, and a UTC timestamp. The source encrypted data packet is encapsulated into an IPSec ESP packet, and the payload field of the IPSec ESP packet is subjected to channel encryption processing in SM4-CBC mode, resulting in a double-encrypted packet. The double encryption consists of an inner layer of source encryption oriented towards the service content and an outer layer of channel encryption oriented towards the public network transmission path. The two layers of protection are independent of each other and have different boundaries of action. Therefore, even if the public network transmission layer is intercepted, external attackers can only obtain the ciphertext payload that has already undergone application layer encryption processing. Even if attackers attempt to analyze the application layer ciphertext, they still need to break through the outer protection of the IPSec tunnel first, significantly improving security redundancy. When encrypting the ESP payload field, the SM4-CBC mode incorporates the encryption result of the previous packet into the calculation process of the next packet, thereby improving the association protection capability between adjacent data blocks, reducing the risk of direct exposure of repeated plaintext patterns, and enabling the transmission of double-encrypted messages in the 4G public network environment to have higher confidentiality and anti-analysis capabilities.

[0034] In one specific embodiment, after the source encrypted data packet is transmitted to the remote monitoring platform through a valid 4G link, the remote monitoring platform extracts the application layer ciphertext and the first hash check value from the source encrypted data packet, and performs SM3 hash calculation on the application layer ciphertext to obtain the second hash check value. The second hash check value is compared with the first hash check value to verify the integrity of the encrypted data packet from the source. After the integrity verification is passed, the application layer ciphertext is decrypted using the session key to obtain the plaintext of the regulatory data.

[0035] Specifically, after the encrypted data packet from the source has been transmitted to the remote monitoring platform via a valid 4G link, the data parsing unit of the remote monitoring platform extracts the application layer ciphertext, the first hash checksum, and the corresponding UTC timestamp from the received encrypted data packet. It then performs SM3 hash calculation based on the application layer ciphertext to obtain the second hash checksum. The second hash checksum is compared bit-by-bit with the first hash checksum. If they match, it is determined that the application layer ciphertext has not been tampered with, truncated, spliced, or subjected to bit errors during transmission. After the integrity verification passes, the session key negotiated with the airborne monitoring equipment during the two-way authentication phase is invoked based on the current security session identifier to perform SM4 decryption processing on the application layer ciphertext, obtaining the plaintext monitoring data. The plaintext monitoring data includes business fields such as latitude and longitude, altitude, speed, azimuth, pitch, roll, yaw, and relative ground altitude. The session key, as a symmetric key dedicated to the current communication session, is only used for application layer data recovery during the current valid session. After receiving the plaintext regulatory data, the remote monitoring platform sends the plaintext regulatory data to the trajectory reconstruction, attitude analysis, alarm identification, and regulatory evidence storage processing stages. If the second hash check value is inconsistent with the first hash check value, it indicates that there is a risk of content change in the encrypted data packet of the source during public network transmission, tunnel forwarding, or platform reception. At this time, the data verification is determined to be unsuccessful, and the corresponding plaintext regulatory data is refused to be written into the formal regulatory database. At the same time, the abnormal session identifier, UTC timestamp, and reception time information are recorded.

[0036] In one specific embodiment, when both the primary 4G link and the secondary 4G link meet the blind zone judgment condition, the regulatory data is appended with a data type tag and written into the SRAM cache, and the regulatory data in the SRAM cache is snapshotted to the eMMC. After communication is restored, regulatory data is read from the SRAM cache or eMMC in the order of priority for critical alarm data over regular status data, and supplementary reporting is performed to the remote monitoring platform in ascending order of UTC timestamp.

[0037] Specifically, when the link monitoring unit detects that both the primary and secondary 4G links simultaneously become unavailable, a local blind zone caching mechanism is activated. The blind zone determination conditions are set up with two parallel triggering logics: first, the reference signal received power of both the primary and secondary 4G links remains below -100 dBm; second, the system sends three consecutive connection requests to the remote monitoring platform, each with a timeout exceeding 3 seconds without receiving a response confirmation. If either of these conditions is met, the airborne monitoring equipment is determined to have entered a communication blind zone. In this case, newly generated monitoring data is no longer attempted to be uploaded in real time. Instead, the cache control unit first adds a data type tag and a UTC timestamp to each piece of monitoring data before writing it to the SRAM cache. The data type tag is used to distinguish between critical alarm data and routine status data. SRAM has a higher write response speed, can adapt to the continuous generation requirements of high-frequency monitoring data during flight, and reduces the risk of data loss caused by storage write delays during blind zones. Meanwhile, to prevent the complete loss of cached content due to the volatile nature of SRAM during abnormal power outages, a periodic persistence mechanism is initiated. This mechanism synchronizes the monitoring data in the SRAM cache to the eMMC in a snapshot manner, with the snapshot period set to 10 seconds and the eMMC capacity set to 32 GB. Setting the snapshot period to 10 seconds avoids excessive wear and tear on the eMMC caused by frequent writes at the second level, and compresses the data loss window that was not synchronized in time during an unexpected power outage into the most recent 10 seconds, balancing storage lifespan and data security. When the communication dead zone lasts for a long time and the SRAM cache reaches its capacity limit, subsequent newly added monitoring data continues to be written directly to the eMMC to support continuous dead zone data retention for up to 72 hours. Once communication conditions are restored, the restoration conditions are reconfirmed to be met, i.e., the RSRP of the main 4G link or any of the secondary 4G links has recovered to above -100 dBm, and the encrypted transmission channel has been restored. Then, the supplementary reporting process begins. During the supplementary reporting phase, priority is given to sending newly generated real-time monitoring data to avoid historical supplementary reports crowding out real-time reporting bandwidth. On this basis, an independent supplementary reporting thread reads the monitoring data cached during the blind spot from the SRAM buffer or eMMC and schedules it according to the order of priority of key alarm data over regular status data. That is, data records of high-priority events such as loss of control, boundary crossing, collision risk, and power anomaly are sent before regular status records such as position, speed, and attitude. Within the same priority, the data is arranged in ascending order of UTC timestamp, with earlier generated data being reported first and later generated data being reported later. This allows the remote monitoring platform to accurately insert the supplementary reporting data into the corresponding time position of the historical monitoring data stream based on the UTC timestamp at the receiving end, restoring the complete flight trajectory and event evolution process.To avoid link congestion caused by the centralized back transmission of historical cached data when communication is restored, the supplementary reporting thread adopts a controllable rate output method, with the supplementary reporting rate set at 40 reports / second. This completes the clearing of blind zone data within a reasonable time without significantly preempting the bandwidth required for real-time monitoring data.

[0038] The data communication method in the embodiments of the present invention has been described above. The data communication system in the embodiments of the present invention is described below. Please refer to [link / reference]. Figure 5 One embodiment of the data communication system in this invention includes: The routing switching module 501 is used to calculate the average RSRP of the primary 4G link over multiple consecutive periods. When the average RSRP is lower than the link switching threshold, the service route is switched to the secondary 4G link that is in hot standby state, and the secondary 4G link is determined to be a valid 4G link. The source encryption module 502 is used to trigger the airborne monitoring equipment and the remote monitoring platform to perform two-way authentication based on a valid 4G link and generate a session key. The session key is used to perform SM4 source encryption on the monitoring data and add a UTC timestamp to obtain a source encrypted data packet. The data transmission module 503 is used to encapsulate the source encrypted data packet into a double-encrypted message and transmit it to the secure access gateway of the remote monitoring platform through a valid 4G link, and to perform channel decryption on the double-encrypted message to obtain the source encrypted data packet and forward it to the remote monitoring platform.

[0039] Those skilled in the art will clearly understand that, for the sake of convenience and brevity, the specific working processes of the systems and units described above can be referred to the corresponding processes in the foregoing method embodiments, and will not be repeated here.

[0040] If the integrated unit is implemented as a software functional unit and sold or used as an independent product, it can be stored in a computer-readable storage medium. Based on this understanding, the technical solution of the present invention, in essence, or the part that contributes to the prior art, or all or part of the technical solution, can be embodied in the form of a software product. This computer software product is stored in a storage medium and includes several instructions to cause a computer device (which may be a personal computer, server, or network device, etc.) to execute all or part of the steps of the methods described in the various embodiments of the present invention. The aforementioned storage medium includes various media capable of storing program code, such as USB flash drives, portable hard drives, read-only memory (ROM), random access memory (RAM), magnetic disks, or optical disks.

[0041] The above-described embodiments are only used to illustrate the technical solutions of the present invention, and are not intended to limit it. Although the present invention has been described in detail with reference to the foregoing embodiments, those skilled in the art should understand that modifications can still be made to the technical solutions described in the foregoing embodiments, or equivalent substitutions can be made to some of the technical features. Such modifications or substitutions do not cause the essence of the corresponding technical solutions to deviate from the spirit and scope of the technical solutions of the embodiments of the present invention.

Claims

1. A data communication method, characterized in that, include: Calculate the average RSRP of the primary 4G link over multiple consecutive periods. When the average RSRP is lower than the link switching threshold, switch the service route to the secondary 4G link that is in hot standby state, and determine the secondary 4G link as a valid 4G link. Based on the effective 4G link, the airborne monitoring equipment and the remote monitoring platform perform two-way authentication and generate a session key. The monitoring data is then encrypted using SM4 source encryption and appended with a UTC timestamp to obtain a source encrypted data packet. The source encrypted data packet is encapsulated into a double-encrypted message and transmitted to the secure access gateway of the remote monitoring platform through the valid 4G link. The double-encrypted message is then decrypted to obtain the source encrypted data packet, which is then forwarded to the remote monitoring platform.

2. The data communication method according to claim 1, characterized in that, The calculation of the average RSRP of the primary 4G link over multiple consecutive periods, and the switching of service routing to a secondary 4G link in a hot standby state when the average RSRP is lower than the link switching threshold, and the determination of the secondary 4G link as a valid 4G link, includes: The RSRP of the main 4G link is sampled continuously for multiple periods to obtain the first RSRP of the main 4G link, and the average RSRP of the main 4G link is calculated based on the first RSRP. When the average RSRP is lower than the link handover threshold and the second RSRP of the 4G link is higher than the takeover quality threshold, the service route is redirected to the 4G link in hot standby state at the operating system routing layer, and the 4G link is determined to be a valid 4G link.

3. The data communication method according to claim 2, characterized in that, After switching the service route to the secondary 4G link which is in hot standby mode, the third RSRP of the primary 4G link is continuously sampled; When the third RSRP is higher than the back-switch quality threshold, the service route is back-switched from the 4G link interface to the main 4G link, and the main 4G link is determined to be a valid 4G link, wherein the back-switch quality threshold is higher than the link switching threshold.

4. The data communication method according to claim 1, characterized in that, The process involves triggering bidirectional authentication between the airborne surveillance equipment and the remote surveillance platform based on the valid 4G link, generating a session key, and then using the session key to perform SM4 source encryption on the surveillance data and append a UTC timestamp to obtain a source-encrypted data packet, including: Based on the effective 4G link, the airborne monitoring equipment and the remote monitoring platform are triggered to perform two-way authentication, and a session key is generated after the two-way authentication is successful. The monitoring data is encrypted using the session key using SM4 source encryption to obtain application layer ciphertext, and SM3 hash calculation is performed on the application layer ciphertext to obtain a first hash check value. The application layer ciphertext, the first hash check value, and the UTC timestamp are packaged and encapsulated to obtain the source encrypted data packet.

5. The data communication method according to claim 4, characterized in that, The process of triggering two-way authentication between the airborne monitoring equipment and the remote monitoring platform based on the valid 4G link, and generating a session key after successful two-way authentication, includes: Based on the effective 4G link triggering the TLS handshake, the airborne monitoring equipment sends the SM2 device certificate to the remote monitoring platform. The remote monitoring platform verifies the legitimacy of the SM2 device certificate using a pre-set CA root certificate public key. At the same time, the remote monitoring platform sends the SM2 platform certificate to the airborne monitoring equipment. The airborne monitoring equipment verifies the legitimacy of the SM2 platform certificate using a pre-set CA root certificate public key, thus obtaining a two-way authentication result. After the two-way authentication result confirms the legitimacy of both parties' identities, the airborne monitoring equipment and the remote monitoring platform execute the SM2 key negotiation algorithm to obtain the session key.

6. The data communication method according to claim 1, characterized in that, The step of encapsulating the source encrypted data packet into a double-encrypted message and transmitting it through the valid 4G link to the secure access gateway of the remote monitoring platform, and performing channel decryption on the double-encrypted message to obtain the source encrypted data packet and forwarding it to the remote monitoring platform, includes: Based on the effective 4G link, an IPSec VPN encrypted tunnel is negotiated and established between the airborne monitoring equipment and the secure access gateway of the remote monitoring platform using the IKEv2 protocol. The source encrypted data packet is encapsulated into an IPSec ESP message according to the IPSec VPN encrypted tunnel, and the payload field of the IPSec ESP message is encrypted using the SM4-CBC mode to obtain a double-encrypted message. The double-encrypted message is transmitted to the secure access gateway of the remote monitoring platform through the effective 4G link. The secure access gateway performs channel decryption on the double-encrypted message in SM4-CBC mode to obtain the source encrypted data packet. The secure access gateway of the remote monitoring platform forwards the encrypted data packet from the information source to the remote monitoring platform.

7. The data communication method according to claim 6, characterized in that, Based on the effective 4G link, an IPSec VPN encrypted tunnel is negotiated and established between the airborne monitoring equipment and the secure access gateway of the remote monitoring platform using the IKEv2 protocol. The source encrypted data packets are encapsulated into IPSec ESP messages according to the IPSec VPN encrypted tunnel, and the payload field of the IPSec ESP messages is encrypted using SM4-CBC mode to obtain a double-encrypted message, including: Based on the effective 4G link, a security association negotiation is performed between the airborne monitoring equipment and the secure access gateway of the remote monitoring platform using the IKEv2 protocol. During the negotiation process, UDP encapsulation is enabled to support NAT traversal, resulting in an IPSec VPN encrypted tunnel. Based on the IPSec VPN encrypted tunnel, the source encrypted data packet is encapsulated into an IPSec ESP message, and the payload field of the IPSec ESP message is encrypted using SM4-CBC mode to obtain a double-encrypted message.

8. The data communication method according to claim 7, characterized in that, After transmitting the source encrypted data packet to the remote monitoring platform via the effective 4G link, an SM3 hash calculation is performed on the application layer ciphertext in the source encrypted data packet to obtain a second hash check value. The second hash check value is then compared with the first hash check value carried in the source encrypted data packet to verify the integrity of the source encrypted data packet. After the integrity verification is successful, the application layer ciphertext is decrypted using the session key to obtain the plaintext monitoring data.

9. The data communication method according to claim 8, characterized in that, When both the primary 4G link and the secondary 4G link meet the blind zone judgment condition, the regulatory data is written to the SRAM cache after being marked with a data type tag, and the regulatory data in the SRAM cache is snapshotted to the eMMC. After communication is restored, the monitoring data is read from the SRAM cache or the eMMC in the order of priority of key alarm data over regular status data, and then supplemented by reporting to the remote monitoring platform in ascending order of the UTC timestamp.

10. A data communication system, characterized in that, A method for performing the data communication method as described in any one of claims 1-9, comprising: The routing switching module is used to calculate the average RSRP of the primary 4G link over multiple consecutive periods. When the average RSRP is lower than the link switching threshold, the service route is switched to the secondary 4G link that is in hot standby state, and the secondary 4G link is determined to be a valid 4G link. The source encryption module is used to trigger the airborne monitoring equipment and the remote monitoring platform to perform two-way authentication based on the effective 4G link and generate a session key. The session key is used to perform SM4 source encryption on the monitoring data and add a UTC timestamp to obtain a source encrypted data packet. The data transmission module is used to encapsulate the source encrypted data packet into a double-encrypted message and transmit it to the secure access gateway of the remote monitoring platform through the effective 4G link, and to perform channel decryption on the double-encrypted message to obtain the source encrypted data packet and forward it to the remote monitoring platform.