CN109450621B - Information verification method and device of equipment - Google Patents
Information verification method and device of equipment Download PDFInfo
- Publication number
- CN109450621B CN109450621B CN201811188526.1A CN201811188526A CN109450621B CN 109450621 B CN109450621 B CN 109450621B CN 201811188526 A CN201811188526 A CN 201811188526A CN 109450621 B CN109450621 B CN 109450621B
- Authority
- CN
- China
- Prior art keywords
- cluster
- signature
- information
- verification
- management platform
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0891—Revocation or update of secret information, e.g. encryption key update or rekeying
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Power Engineering (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses an information verification method and device of equipment, which comprises the following steps: decrypting the encrypted update information according to the received key sent by each device in the cluster to obtain information to be updated; performing identity authentication on each device in the cluster, and generating a cluster certificate according to the key pair and the information to be updated; signing the cluster certificate to obtain a cluster signature, and sending the cluster signature to a verification server so that the verification server performs signature verification on the cluster signature to obtain a signature verification result; when the received signature verification result is successful verification, storage and updating are carried out according to the information to be updated, the technical problem that the equipment updating efficiency is low in the prior art can be effectively solved by adopting cluster signatures, the information verification efficiency can be effectively improved, the equipment information transmission efficiency and safety are improved, and information is prevented from being tampered.
Description
Technical Field
The present invention relates to the field of communications technologies, and in particular, to an information checking method and apparatus for a device.
Background
In recent years, the development of computer network technology and communication technology has driven the rapid development of group communication technology, application systems based on the group communication technology are emerging continuously, and a group cipher protocol oriented to participation of multiple parties is naturally a technical guarantee of group communication. The authentication is one of the important subjects of the cryptology research, mainly realized by a digital signature technology, and with the wide extension of the common use requirements, the traditional digital signature system facing two parties is expanding towards the group signature system facing multiple parties.
For example, wearable smart devices are widely used in data monitoring fields such as military defense, environmental monitoring, medical health, industry and high-risk fields. The application value and the scientific research value of the method are highly concerned by countries in the world. For example, the portable monitoring device for patients with severe mental disorder can effectively perform service management work for patients with severe mental disorder, prevent accidents caused by illness, and establish a social service management mechanism for patients with severe mental disorder. However, in the prior art, the information verification of the portable device usually adopts a personal digital signature, which has the problem of low patient information updating efficiency, and a discussion needs to be made on how to update the patient information to the supervision platform regularly and effectively.
Disclosure of Invention
Embodiments of the present invention provide an information verification method and apparatus for a device, which can effectively solve the technical problem of low update efficiency in the prior art, and complete information verification by verifying one or several cluster signatures, so as to effectively improve the efficiency of information verification, improve the efficiency of device information transmission, improve the security of information, and prevent information from being tampered.
An embodiment of the present invention provides an information checking method for a device, including:
decrypting the encrypted update information according to the received key sent by each device in the cluster to obtain information to be updated;
performing identity authentication on each device in the cluster, and generating a cluster certificate according to the key pair and the information to be updated;
signing the cluster certificate to obtain a cluster signature, and sending the cluster signature to a verification server so that the verification server performs signature verification on the cluster signature to obtain a signature verification result;
and when the received signature verification result is successful, storing and updating according to the information to be updated.
As an improvement of the above scheme, the decrypting the received key pair sent by each device in the cluster and the encrypted update information to obtain the information to be updated includes:
the authentication server generates a key pair according to preset parameters, and sends the parameters and the key pair to each device in the cluster; wherein the key pair comprises a public key and a private key;
each device in the cluster encrypts the current update information according to the received key pair to obtain encrypted update information, and sends the encrypted update information and the key pair to a management platform;
and the management platform decrypts the encrypted updating information according to the received key pair to obtain the information to be updated.
As an improvement of the above scheme, the public key in the key pair is Y ═ n, a0Y, g, h) and the private key is S ═ (p ', q', x);
wherein, Y is a public key, and S is a private key; p 'and q' are lpPrime number of bits,/pConverting p into binary length; p and q are prime numbers, p is 2p '+1, and q is 2q' + 1; let n be pq, a, a0, g, h be the square residue of p and q modulo n, and be denoted as a, a0,g,h∈QRn,QRnForming a group by the modular multiplication of the square residue of the whole p and q modulo nThe cyclic group of (3); y is set to y-gxmodn; x is the private key secret value.
As an improvement of the above scheme, the performing identity authentication on each device in the cluster, and generating a cluster certificate according to the key pair and the information to be updated includes:
the authentication server sets a certificate interval in advance;
each device in the cluster calculates according to the generated first secret value and the random number to obtain a first check ciphertext, and sends the first check ciphertext to the management platform; the first secret value and the random number are generated after each device in the cluster joins the network;
the management platform verifies the received first check ciphertext;
when the management platform verifies that the first check ciphertext is a subset of the cyclic group, returning two randomly generated secret value parameters to each device in the group;
each device in the cluster obtains a second check ciphertext according to the received secret value parameter and sends the second check ciphertext to the management platform;
the management platform verifies the received second check ciphertext;
when the management platform verifies that the second check ciphertext is the subset of the cyclic group, generating a cluster certificate according to a preset prime number, the key pair and the information to be updated, and sending the cluster certificate to each device in the cluster;
and when the formula is established, the cluster certificate is successfully verified, and the identity verification of each device in the cluster is completed.
As an improvement of the scheme, the certificate interval isWherein λ is1、λ2、γ1And gamma2Is an integer, and λ1>ε(λ2+k)+2,λ2>4lp,γ1>ε(γ2+k)+2,γ2>λ1+2, k are parameters used to define the key pair complexity;
the first check ciphertext isWherein, C1For the first check-up ciphertext, xiIs the secret valuer is the random integer and r is in the range of 0, n2];
The second check-up text isWherein, C2For the second check-up ciphertext, xiIs a second secret value, andαi、βiis the secret value parameter, and
the cluster certificate is [ A ]i,ei](ii) a Wherein A isiFor the purpose of the cluster certificate parameter in question,eiis a prime number, and ei∈Γ;
As an improvement of the above scheme, the signing the cluster certificate to obtain a cluster signature and sending the cluster signature to a verification server, so that the verification server performs signature verification on the cluster signature to obtain a signature verification result, including:
when the management platform detects that the identity verification of the cluster certificate is successful, calculating according to the public key to obtain a signature factor and a signature verification factor;
signing the cluster certificate according to the signature factor and the signature verification factor to obtain a first hash value and a cluster signature;
and sending the first hash value, the signature verification factor and the cluster signature to the verification server, and sending a signature verification request.
As an improvement of the above, the method further comprises:
Wherein the content of the first and second substances,is a random number, U, of the management platform1、U2、U3Is a signature factor;
Wherein d1, d2, d3 and d4 are signature check factors; r is1、r2、r3、r4Is a parameter of the signature check factor and is defined as
The first hash value is c ═ H (g, H, y, a)0,a,U1,U2,U3,d1,d2,d3,d4,m);
Wherein c is a first hash value, H is a hash function, and m is a parameter corresponding to the content of the information to be updated;
the cluster signature is (c, U)1,U2,U3,s1,s2,s3,s4);
As an improvement of the above, the method further comprises:
in response to a signature verification request sent by the management platform, the verification server verifies the received cluster signature;
calculating the cluster signature according to the received signature check factor to obtain a second hash value; wherein the second hash value is
Wherein c' is the second hash value;
obtaining a signature verification result and returning the signature verification result to the management platform by judging whether the second hash value meets a preset condition; wherein the conditions are
As an improvement of the above scheme, when the received signature verification result is that verification is successful, performing storage update according to the information to be updated includes:
when the second hash value is detected to meet the condition, judging that the cluster signature verification is successful, obtaining a first signature verification result and returning the first signature verification result to the management platform, wherein the management platform performs storage updating according to the information to be updated;
and when the second hash value is detected not to meet the condition, the cluster signature verification is unsuccessful, a second signature verification result is obtained and returned to the management platform, and the management platform receives the key pairs and the encrypted update information sent by each device in the cluster again.
Another embodiment of the present invention correspondingly provides an information checking apparatus for a device, including:
the information acquisition module is used for decrypting the encrypted update information according to the received key sent by each device in the cluster to obtain the information to be updated;
the identity authentication module is used for performing identity authentication on each device in the cluster and generating a cluster certificate according to the key pair and the information to be updated;
the signature module is used for signing the cluster certificate to obtain a cluster signature and sending the cluster signature to a verification server so that the verification server can carry out signature verification on the cluster signature to obtain a signature verification result;
and the updating module is used for storing and updating according to the information to be updated when the received signature verification result is successful.
Compared with the prior art, the information verification method of the equipment disclosed by the embodiment of the invention has the advantages that the information to be updated and the signature thereof are obtained by decrypting the encrypted information and the key pair sent by each equipment in the cluster according to the received key pair; wherein, the key pair comprises a public key and a private key, the encrypted information is encrypted updated information and encrypted updated information signature, the identity of each device in the cluster is verified, a cluster certificate is generated according to the information to be updated, the cluster certificate is signed to obtain a cluster signature, the cluster signature is sent to a verification server, so that the verification server performs signature verification on the cluster signature to obtain a signature verification result, when the received signature verification result is successful, the information signature to be updated is decrypted and stored for updating, the technical problem of low updating efficiency in the prior art can be effectively solved by adopting the cluster signature, the information verification can be completed by verifying one or a plurality of signature clusters, thereby effectively improving the efficiency of signature verification and improving the efficiency of device information transmission, and the safety of the information is improved, and the information is prevented from being tampered.
Drawings
Fig. 1 is a schematic flowchart of an information verification method of a device according to an embodiment of the present invention;
fig. 2 is a schematic diagram of an information updating process of an intelligent portable device according to an embodiment of the present invention;
fig. 3 is a schematic structural diagram of an information checking apparatus of a device according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Referring to fig. 1, which is a schematic flow chart of an information verification method for a device according to an embodiment of the present invention, the method includes:
and S11, decrypting the encrypted update information according to the received key sent by each device in the cluster to obtain the information to be updated.
Preferably, the verification server generates a key pair according to preset parameters, and sends the parameters and the key pair to each device in the cluster; wherein the key pair comprises a public key and a private key.
Here, the device includes, but is not limited to, any mobile electronic product, such as a smart phone, a PDA, etc., which may employ any operating system, such as an android operating system, an iOS operating system, etc.
Preferably, the public key in the key pair is Y ═ (n, a)0Y, g, h) and the private key is S ═ (p ', q', x);
wherein, Y is a public key, and S is a private key; p 'and q' are lpPrime number of bits,/pConverting p into binary length; p and q are prime numbers, p is 2p '+1, and q is 2q' + 1; let n be pq, a, a0, g, h be the square residue of p and q modulo n, and be denoted as a, a0,g,h∈QRn,QRnForming a group by the modular multiplication of the square residue of the whole p and q modulo nThe cyclic group of (3); y is set to y-gxmodn; x is the private key secret value.
It will be appreciated that the parameters preset by the authentication server are used to generate the corresponding key pair.
Preferably, each device in the cluster encrypts the current update information according to the received key pair to obtain encrypted update information, and sends the encrypted update information and the key pair to a management platform.
The parameters p, q, p 'and q' of the key pair are used for encryption and decryption operation of the key, and information is encrypted to prevent information from being tampered in transmission.
It should be noted that, each device in the cluster sets an initial parameter in advance according to the authentication server, so that each device in the cluster has the capability of signing information, and can calculate update information of the current time period, so as to obtain a new key pair of each device in the cluster.
Preferably, the management platform decrypts the encrypted update information according to the received key pair to obtain the information to be updated.
And S12, performing identity authentication on each device in the cluster, and generating a cluster certificate according to the key pair and the information to be updated.
Specifically, step S12 includes:
the authentication server sets a certificate interval in advance;
each device in the cluster calculates according to the generated first secret value and the random number to obtain a first check ciphertext, and sends the first check ciphertext to the management platform; the first secret value and the random number are generated after each device in the cluster joins the network;
the management platform verifies the received first check ciphertext;
when the management platform verifies that the first check ciphertext is a subset of the cyclic group, returning two randomly generated secret value parameters to each device in the group;
each device in the cluster obtains a second check ciphertext according to the received secret value parameter and sends the second check ciphertext to the management platform;
the management platform verifies the received second check ciphertext;
when the management platform verifies that the second check ciphertext is the subset of the cyclic group, generating a cluster certificate according to a preset prime number, the key pair and the information to be updated, and sending the cluster certificate to each device in the cluster;
and when the formula is established, the cluster certificate is successfully verified, and the identity verification of each device in the cluster is completed.
Preferably, the certificate interval isWherein λ is1、λ2、γ1And gamma2Is an integer, and λ1>ε(λ2+k)+2,λ2>4lp,γ1>ε(γ2+k)+2,γ2>λ1+2, k are parameters used to define the key pair complexity.
Preferably, the first check-up secret isWherein, C1For the first check-up ciphertext, xiIs the secret valuer is the random integer and r is in the range of 0, n2]。
Preferably, the second check-up secret isWherein, C2For the second check-up ciphertext, xiIs a second secret value, andαi、βiis the secret value parameter, and
it is understood that p ', q' in the private key are used to detect the check ciphertext C in step S121、C2Accuracy of a, a0G, h belong to the square remainder of p, q modulo n, thus a, a0The power of p 'and q' of g and h is 1.
Preferably, the cluster certificate is [ A ]i,ei](ii) a Wherein A isiFor the purpose of the cluster certificate parameter in question,eiis a prime number, and ei∈Γ。
In an alternative embodiment, when the cluster certificate check formula is not satisfied, the authentication of each device in the cluster fails, and the management platform disconnects the device.
S13, signing the cluster certificate to obtain a cluster signature, and sending the cluster signature to a verification server so that the verification server can perform signature verification on the cluster signature to obtain a signature verification result.
Specifically, step S13 includes:
when the management platform detects that the identity verification of the cluster certificate is successful, calculating according to the public key to obtain a signature factor and a signature verification factor;
signing the cluster certificate according to the signature factor and the signature verification factor to obtain a first hash value and a cluster signature;
and sending the first hash value, the signature verification factor and the cluster signature to the verification server, and sending a signature verification request.
Wherein the content of the first and second substances,is a random number, U, of the management platform1、U2、U3Is a signature factor.
Wherein d1, d2, d3 and d4 are signature check factors; r is1、r2、r3、r4Is a parameter of the signature check factor and is defined as
Preferably, the first hash value is c ═ H (g, H, y, a)0,a,U1,U2,U3,d1,d2,d3,d4,m);
Wherein c is a first hash value, H is a hash function, and m is a parameter corresponding to the content of the information to be updated.
It can be understood that the signature method is to add the content of the information to be updated to the corresponding parameter for hash operation.
Preferably, the cluster is signed with (c, U)1,U2,U3,s1,s2,s3,s4);
It is understood that a, a in the public key used in the signature0And g, signing the parameters and calculating the corresponding hash value. In this embodiment, the public key is required to be used to sign the information, so as to prevent information tampering.
Preferably, step S13 further includes:
in response to a signature verification request sent by the management platform, the verification server verifies the received cluster signature;
calculating the cluster signature according to the received signature check factor to obtain a second hash value; wherein the second hash value is
c' is the second hash value;
obtaining a signature verification result and returning the signature verification result to the management platform by judging whether the second hash value meets a preset condition; the condition is that
And S14, when the received signature verification result is verification success, storing and updating according to the information to be updated.
Specifically, when it is detected that the second hash value meets the condition, it is determined that the cluster signature verification is successful, a first signature verification result is obtained and returned to the management platform, and the management platform performs storage updating according to the information to be updated.
Here, the successful verification means that the information sent by the node is confirmed to be safe and has not been tampered. And the verification server returns the signature safety information to the management platform, and each equipment node in the cluster passes the signature verification and updates the information of the next step. It should be noted that, in the scheme, the group signature is adopted to verify whether all information of the cluster is safe, and signature verification does not need to be performed one by one, so that the information updating efficiency of the equipment can be effectively improved.
It can be understood that, after the encrypted information is transmitted to the management platform, the management platform decrypts the encrypted update information, segments out the signature field, and forwards the signature field to the verification module for verification, and if the verification is successful, the field is directly used for updating if the update field of the decrypted information is safe.
In an optional embodiment, when it is detected that the second hash value does not satisfy the condition, the cluster signature verification is unsuccessful, a second signature verification result is obtained and returned to the management platform, and the management platform receives the key pair and the encrypted update information sent by each device in the cluster again.
In this embodiment, the information to be updated is obtained by decrypting the received key pair sent by each device in the cluster and the encrypted update information, the identity of each device in the cluster is verified, a cluster certificate is generated according to the key pair and the information to be updated, the cluster certificate is signed to obtain a cluster signature, the cluster signature is sent to the verification server, so that the verification server performs signature verification on the cluster signature to obtain a signature verification result, when the received signature verification result is successful, storage and update are performed according to the information to be updated, the technical problem of low update efficiency in the prior art can be effectively solved, information verification can be completed by verifying one or a plurality of cluster signatures, and therefore, the signature verification efficiency can be effectively improved, and the device information transmission efficiency can be improved, and the safety of the information is improved, and the information is prevented from being tampered.
In another preferred embodiment, on the basis of the above embodiment, the information verification method of the device is applied to information updating of an intelligent portable device.
Wherein, the intelligent portable device can be a portable monitoring device worn by a mental disorder patient.
Fig. 2 is a schematic diagram of an information updating process of an intelligent portable device according to an embodiment of the present invention.
In step S11, the server sets initial information for each portable device in the cluster.
Wherein, the initial information is a calculation parameter; according to the calculation parameters, the server calculates a key pair and sends the key pair to each portable device in the cluster; the key pair includes a public key and a private key.
It should be noted that the public key in the key pair is system-public, each portable device node in the cluster has the public key, and the private key is only stored by the device node corresponding to the private key.
Further, each portable device in the cluster encrypts the current update information of each portable device in the cluster with the key.
Preferably, a plurality of portable devices in the cluster simultaneously request system periodic information transmissions.
Wherein the transmission information includes encrypted update information.
Preferably, the server agrees to transmit the request.
In an alternative embodiment, when the server grants the transfer request, the portable device wants the management platform to send the transfer information.
Further, the management platform receives the transmission information, and decrypts the transmission information according to the public key to obtain the information to be updated.
In an alternative embodiment, when the server does not agree with the transmission request, then a plurality of portable devices in the cluster again simultaneously request system cycle information transmission.
In step S12, each device in the cluster is authenticated, and when the device authentication succeeds, the management platform generates a cluster certificate for each device in the cluster.
In step S13, the management platform calculates the signature and integrates it, and sends it to the server.
And the management platform performs signature calculation on the cluster certificate according to the public key to obtain a hash value and a cluster signature corresponding to the cluster certificate. Note that the hash value corresponding to the cluster certificate is used for verifying the cluster signature.
Preferably, the server verifies the cluster signature successfully.
It should be noted that, in response to the signature verification request sent by the management platform, the verification server verifies the received cluster signature, and performs hash calculation on the cluster signature to obtain a hash value for verification. And comparing the hash value for verification with the hash value corresponding to the cluster certificate to obtain a signature verification result.
Further, when the hash value used for verification is completely consistent with the hash value corresponding to the cluster certificate, the cluster signature verification is successful, and the information is not tampered; and when the hash value used for verification is inconsistent with the hash value corresponding to the cluster certificate, the verification of the cluster signature fails.
In step S14, when the server verifies the cluster signature successfully, the management platform accepts the updated information.
It should be noted that, in the scheme, the group signature is adopted to verify whether all information of the cluster is safe, and signature verification does not need to be performed one by one, so that the information updating efficiency of the equipment can be effectively improved.
In an alternative embodiment, each portable device in the cluster resends the transmission to the management platform when the verification of the cluster signature by the server is unsuccessful.
In this embodiment, initial information is set for each portable device in the cluster through the server, a plurality of portable devices in the cluster simultaneously request system periodic information transmission, whether the server agrees with the transmission request is judged, if yes, the portable devices want the management platform to send transmission information, the management platform calculates signatures and integrates the signatures, and sends the signatures to the server, whether the server succeeds in verifying the cluster signatures is judged, and when the server succeeds in verifying the cluster signatures, the management platform receives updated information. The intelligent portable device verifies the identity information of each device in the cluster through the cluster signature, the technical problem of low updating efficiency in the prior art can be effectively solved, information verification can be completed through verifying one or a plurality of cluster signatures, therefore, the efficiency of information verification can be effectively improved, the efficiency of device information transmission is improved, the safety of information is improved, information is prevented from being tampered, on the other hand, the computational complexity is greatly reduced, the requirement on computer hardware is reduced, and the method is more favorable for commercialization.
Referring to fig. 3, which is a schematic structural diagram of an information checking apparatus of a device according to an embodiment of the present invention, including:
the information acquisition module 1 is used for decrypting the encrypted update information and the received key sent by each device in the cluster to obtain the information to be updated;
the identity authentication module 2 is used for performing identity authentication on each device in the cluster and generating a cluster certificate according to the key pair and the information to be updated;
the signature module 3 is used for signing the cluster certificate to obtain a cluster signature and sending the cluster signature to a verification server so that the verification server can carry out signature verification on the cluster signature to obtain a signature verification result;
and the updating module 4 is used for storing and updating according to the information to be updated when the received signature verification result is successful.
In an alternative embodiment, the information obtaining module 1 includes:
the key pair generation unit is used for generating a key pair according to preset parameters by the verification server and sending the parameters and the key pair to each device in the cluster; wherein the key pair comprises a public key and a private key;
the information encryption unit is used for encrypting the current update information of each device in the cluster according to the received key pair to obtain the encrypted update information and sending the encrypted update information and the key pair to a management platform;
and the information decryption unit is used for decrypting the encrypted updating information by the management platform according to the received key pair to obtain the information to be updated.
Preferably, the key pair generation unit includes:
a key pair setting unit for setting a public key of the key pair to (n, a)0Y, g, h) and the private key is S ═ (p ', q', x);
wherein, Y is a public key, and S is a private key; p 'and q' are lpPrime number of bits,/pConverting p into binary length; p and q are prime numbers, p is 2p '+1, and q is 2q' + 1; let n be pq, a, a0, g, h be the square residue of p and q modulo n, and be denoted as a, a0,g,h∈QRn,QRnThe square residue of the whole p and q modulo n is subjected to the modular multiplication operationFormation of groupsThe cyclic group of (3); y is set to y-gxmodn; x is the key secret value.
In an alternative embodiment, the identity verification module 2 comprises:
a setting unit configured to set a certificate interval in advance by the authentication server;
the first check ciphertext acquisition unit is used for calculating each device in the cluster according to the generated first secret value and the random number to obtain a first check ciphertext and sending the first check ciphertext to the management platform; the first secret value and the random number are generated after each device in the cluster joins the network;
the first check ciphertext verification unit is used for verifying the received first check ciphertext by the management platform;
the verification unit is used for returning two randomly generated secret value parameters to each device in the cluster when the management platform verifies that the first check ciphertext is the subset of the cyclic group;
the second check ciphertext acquisition unit is used for obtaining a second check ciphertext by each device in the cluster according to the received secret value parameter and sending the second check ciphertext to the management platform;
the second check ciphertext verification unit is used for verifying the received second check ciphertext by the management platform;
the cluster certificate generating unit is used for generating a cluster certificate according to a preset prime number, the key pair and the information to be updated when the management platform verifies that the second check-up ciphertext is the subset of the cyclic group, and sending the cluster certificate to each device in the cluster;
and the cluster certificate verification unit is used for verifying each device in the cluster by adopting a preset formula according to the received cluster certificate, and when the formula is established, the cluster certificate is successfully verified to finish the identity verification of each device in the cluster.
Preferably, the setting unit includes:
a certificate interval setting unit for setting the certificate interval asWherein λ is1、λ2、γ1And gamma2Is an integer, and λ1>ε(λ2+k)+2,λ2>4lp,γ1>ε(γ2+k)+2,γ2>λ1+2, k are parameters used to define the key pair complexity.
Preferably, the first check ciphertext obtaining unit includes:
a first check ciphertext setting unit for setting the first check ciphertext asWherein, C1For the first check-up ciphertext, xiIs the first secret valuer is the random integer and r is in the range of 0, n2]。
Preferably, the second check ciphertext obtaining unit includes:
a second check-up cipher setting unit for setting the second check-up cipher asWherein, C2For the second check-up ciphertext, xiIs a second secret value, andαi、βiis the secret value parameter, and
preferably, the cluster certificate generation unit includes:
a cluster certificate setting unit for setting the cluster certificate as [ A ]i,ei](ii) a Wherein A isiFor the purpose of the cluster certificate parameter in question,eiis a prime number, and ei∈Γ。
Preferably, the cluster certificate checking unit includes:
In an alternative embodiment, the signature module 3 comprises:
the computing unit is used for computing according to the public key to obtain a signature factor and a signature verification factor when the management platform detects that the identity verification of the cluster certificate is successful;
the signature unit is used for signing the cluster certificate according to the signature factor and the signature verification factor to obtain a first hash value and a cluster signature;
and the request unit is used for sending the first hash value, the signature verification factor and the cluster signature to the verification server and sending a signature verification request.
Preferably, the calculation unit includes:
Wherein the content of the first and second substances,is a random number, U, of the management platform1、U2、U3Is a signature factor;
Wherein d1, d2, d3 and d4 are signature check factors; r is1、r2、r3、r4Is a parameter of the signature check factor and is defined as
Preferably, the signature unit comprises:
a first hash value calculation unit for calculating a first hash value of c ═ H (g, H, y, a)0,a,U1,U2,U3,d1,d2,d3,d4,m);
Wherein c is a first hash value, H is a hash function, and m is a parameter corresponding to the content of the information to be updated;
a cluster signature calculation unit for cluster signature of (c, U)1,U2,U3,s1,s2,s3,s4);
In an alternative embodiment, the signature module 3 further comprises:
the response unit is used for responding to the signature verification request sent by the management platform, and the verification server verifies the received cluster signature;
the hash value calculation unit is used for calculating the cluster signature according to the received signature verification factor to obtain a second hash value; wherein the second hash value is
c' is the second hash value;
a judging unit, configured to obtain a signature check by judging whether the second hash value satisfies a preset conditionChecking the result and returning the result to the management platform; the condition is that
Preferably, the updating module 4 comprises:
the updating unit is used for judging that the cluster signature verification is successful when the second hash value is detected to meet the condition, obtaining a first signature verification result and returning the first signature verification result to the management platform, and the management platform performs storage updating according to the information to be updated;
and the signature verification failure unit is used for obtaining a second signature verification result and returning the second signature verification result to the management platform when the cluster signature verification is unsuccessful when the second hash value is detected not to meet the condition, and the management platform receives the key pairs and the encrypted update information sent by each device in the cluster again.
It should be noted that the above-described device embodiments are merely illustrative, where the units described as separate parts may or may not be physically separate, and the parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on multiple network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment. In addition, in the drawings of the embodiment of the apparatus provided by the present invention, the connection relationship between the modules indicates that there is a communication connection between them, and may be specifically implemented as one or more communication buses or signal lines. One of ordinary skill in the art can understand and implement it without inventive effort.
While the foregoing is directed to the preferred embodiment of the present invention, it will be understood by those skilled in the art that various changes and modifications may be made without departing from the spirit and scope of the invention.
Claims (9)
1. An information verification method of a device, comprising:
decrypting the encrypted updating information according to the received key pair sent by each device in the cluster to obtain the information to be updated;
performing identity authentication on each device in the cluster, and generating a cluster certificate according to the key pair and the information to be updated;
signing the cluster certificate to obtain a cluster signature, and sending the cluster signature to a verification server so that the verification server performs signature verification on the cluster signature to obtain a signature verification result;
when the received signature verification result is successful, storing and updating according to the information to be updated;
wherein, the performing identity authentication on each device in the cluster and generating a cluster certificate according to the key pair and the information to be updated includes:
the authentication server sets a certificate interval in advance;
each device in the cluster calculates according to the generated first secret value and the random number to obtain a first check ciphertext, and sends the first check ciphertext to the management platform; the first secret value and the random number are generated after each device in the cluster joins the network;
the management platform verifies the received first check ciphertext;
when the management platform verifies that the first check ciphertext is a subset of a cyclic group, two randomly generated secret value parameters are returned to each device in the group;
each device in the cluster obtains a second check ciphertext according to the received secret value parameter and sends the second check ciphertext to the management platform;
the management platform verifies the received second check ciphertext;
when the management platform verifies that the second check ciphertext is a subset of a cyclic group, generating a cluster certificate according to a preset prime number, the key pair and the information to be updated, and sending the cluster certificate to each device in the cluster;
and when the formula is established, the cluster certificate is successfully verified, and the identity verification of each device in the cluster is completed.
2. The method for verifying information of devices according to claim 1, wherein the decrypting the encrypted update information according to the received key pair sent by each device in the cluster to obtain the information to be updated includes:
the authentication server generates a key pair according to preset parameters, and sends the parameters and the key pair to each device in the cluster; wherein the key pair comprises a public key and a private key;
each device in the cluster encrypts the current update information according to the received key pair to obtain encrypted update information, and sends the encrypted update information and the key pair to a management platform;
and the management platform decrypts the encrypted updating information according to the received key pair to obtain the information to be updated.
3. The information verification method of the device according to claim 2, wherein a public key in the key pair is Y ═ (n, a)0Y, g, h) and the private key is S ═ (p ', q', x);
wherein, Y is a public key, and S is a private key; p 'and q' are lpPrime number of bits,/pConverting p into binary length; p and q are prime numbers, p is 2p '+1, and q is 2q' + 1; let n be pq, a, a0, g, h be the square residue of p and q modulo n, and be denoted as a, a0,g,h∈QRn,QRnForming a group by the modular multiplication of the square residue of the whole p and q modulo nThe cyclic group of (3); y is set to y-gxmod n; x is the private key secret value.
4. An information correction device as claimed in claim 3A verification method, characterized in that said certificate interval isWherein λ is1、λ2、γ1And gamma2Is an integer, and λ1>ε(λ2+k)+2,λ2>4lp,γ1>ε(γ2+k)+2,γ2>λ1+2, k are parameters used to define the key pair complexity;
the first check ciphertext isWherein, C1For the first check-up ciphertext, xiIs the first secret valuer is the random integer and r is in the range of 0, n2];
The second check-up text isWherein, C2For the second check-up ciphertext, xiIs a second secret value, andαi、βiis the secret value parameter, and
the cluster certificate is [ A ]i,ei](ii) a Wherein A isiFor the purpose of the cluster certificate parameter in question,eiis a prime number, and ei∈Γ;
5. The method for verifying information of a device according to claim 4, wherein the signing the cluster certificate to obtain a cluster signature and sending the cluster signature to a verification server, so that the verification server performs signature verification on the cluster signature to obtain a signature verification result, includes:
when the management platform detects that the identity verification of the cluster certificate is successful, calculating according to the public key to obtain a signature factor and a signature verification factor;
signing the cluster certificate according to the signature factor and the signature verification factor to obtain a first hash value and a cluster signature;
and sending the first hash value, the signature verification factor and the cluster signature to the verification server, and sending a signature verification request.
6. The information verification method of an apparatus according to claim 5, wherein the method further comprises:
Wherein the content of the first and second substances,is a random number, U, of the management platform1、U2、U3Is a signature factor;
Wherein d1, d2, d3 and d4 are signature check factors; r is1、r2、r3、r4Is a parameter of the signature check factor and is defined as
The first hash value is c ═ H (g, H, y, a)0,a,U1,U2,U3,d1,d2,d3,d4,m);
Wherein c is a first hash value, H is a hash function, and m is a parameter corresponding to the content of the information to be updated;
the cluster signature is (c, U)1,U2,U3,s1,s2,s3,s4);
7. The information verification method of an apparatus according to claim 6, wherein the method further comprises:
in response to a signature verification request sent by the management platform, the verification server verifies the received cluster signature;
calculating the cluster signature according to the received signature check factor to obtain a second hash value; wherein the second hash value is
Wherein c' is the second hash value;
8. The information verification method of the device according to claim 7, wherein when the received signature verification result is a verification success, performing storage update according to the information to be updated includes:
when the second hash value is detected to meet the condition, judging that the cluster signature verification is successful, obtaining a first signature verification result and returning the first signature verification result to the management platform, wherein the management platform performs storage updating according to the information to be updated;
and when the second hash value is detected not to meet the condition, the cluster signature verification is unsuccessful, a second signature verification result is obtained and returned to the management platform, and the management platform receives the key pairs and the encrypted update information sent by each device in the cluster again.
9. An information verification apparatus of a device, comprising:
the information acquisition module is used for decrypting the encrypted update information according to the received key pair sent by each device in the cluster to obtain the information to be updated;
the identity authentication module is used for performing identity authentication on each device in the cluster and generating a cluster certificate according to the key pair and the information to be updated;
the signature module is used for signing the cluster certificate to obtain a cluster signature and sending the cluster signature to a verification server so that the verification server can carry out signature verification on the cluster signature to obtain a signature verification result;
the updating module is used for storing and updating according to the information to be updated when the received signature verification result is successful;
wherein the identity verification module comprises:
a setting unit configured to set a certificate interval in advance by the authentication server;
the first check ciphertext acquisition unit is used for calculating each device in the cluster according to the generated first secret value and the random number to obtain a first check ciphertext and sending the first check ciphertext to the management platform; the first secret value and the random number are generated after each device in the cluster joins the network;
the first check ciphertext verification unit is used for verifying the received first check ciphertext by the management platform;
the verification unit is used for returning two randomly generated secret value parameters to each device in the cluster when the management platform verifies that the first check ciphertext is a subset of a cyclic group;
the second check ciphertext acquisition unit is used for obtaining a second check ciphertext by each device in the cluster according to the received secret value parameter and sending the second check ciphertext to the management platform;
the second check ciphertext verification unit is used for verifying the received second check ciphertext by the management platform;
the cluster certificate generating unit is used for generating a cluster certificate according to a preset prime number, the key pair and the information to be updated when the management platform verifies that the second check-up ciphertext is the subset of the cyclic group, and sending the cluster certificate to each device in the cluster;
and the cluster certificate verification unit is used for verifying each device in the cluster by adopting a preset formula according to the received cluster certificate, and when the formula is established, the cluster certificate is successfully verified to finish the identity verification of each device in the cluster.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811188526.1A CN109450621B (en) | 2018-10-12 | 2018-10-12 | Information verification method and device of equipment |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811188526.1A CN109450621B (en) | 2018-10-12 | 2018-10-12 | Information verification method and device of equipment |
Publications (2)
Publication Number | Publication Date |
---|---|
CN109450621A CN109450621A (en) | 2019-03-08 |
CN109450621B true CN109450621B (en) | 2021-06-18 |
Family
ID=65544833
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811188526.1A Active CN109450621B (en) | 2018-10-12 | 2018-10-12 | Information verification method and device of equipment |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109450621B (en) |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101699893A (en) * | 2009-11-10 | 2010-04-28 | 广州杰赛科技股份有限公司 | Method and device for changing states of authentication service entities of certificate server cluster |
CN104539428A (en) * | 2014-12-30 | 2015-04-22 | 成都三零瑞通移动通信有限公司 | Dynamic restructuring method in cluster encryption communication |
CN105162772A (en) * | 2015-08-04 | 2015-12-16 | 三星电子(中国)研发中心 | IoT equipment authentication and key agreement method and device |
CN106487743A (en) * | 2015-08-25 | 2017-03-08 | 阿里巴巴集团控股有限公司 | Method and apparatus for supporting multi-user's cluster authentication |
CN106559224A (en) * | 2017-01-19 | 2017-04-05 | 河海大学 | It is a kind of that encryption system and method are persistently leaked based on the anti-of certificate |
CN108270573A (en) * | 2018-01-12 | 2018-07-10 | 西安电子科技大学 | The method for secret protection of pilotless automobile |
CN108574699A (en) * | 2018-07-20 | 2018-09-25 | 广东工业大学 | A kind of communication connecting method, system and internet of things equipment system and storage medium |
-
2018
- 2018-10-12 CN CN201811188526.1A patent/CN109450621B/en active Active
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101699893A (en) * | 2009-11-10 | 2010-04-28 | 广州杰赛科技股份有限公司 | Method and device for changing states of authentication service entities of certificate server cluster |
CN104539428A (en) * | 2014-12-30 | 2015-04-22 | 成都三零瑞通移动通信有限公司 | Dynamic restructuring method in cluster encryption communication |
CN105162772A (en) * | 2015-08-04 | 2015-12-16 | 三星电子(中国)研发中心 | IoT equipment authentication and key agreement method and device |
CN106487743A (en) * | 2015-08-25 | 2017-03-08 | 阿里巴巴集团控股有限公司 | Method and apparatus for supporting multi-user's cluster authentication |
CN106559224A (en) * | 2017-01-19 | 2017-04-05 | 河海大学 | It is a kind of that encryption system and method are persistently leaked based on the anti-of certificate |
CN108270573A (en) * | 2018-01-12 | 2018-07-10 | 西安电子科技大学 | The method for secret protection of pilotless automobile |
CN108574699A (en) * | 2018-07-20 | 2018-09-25 | 广东工业大学 | A kind of communication connecting method, system and internet of things equipment system and storage medium |
Non-Patent Citations (2)
Title |
---|
"基于TePA的并行密钥隔离机制研究";林凡等;《通信技术》;20180910;第51卷(第9期);第2182-2188页 * |
"基于证书签名体制的群签名方案研究";杨峰;《中国优秀硕士学位论文全文数据库信息科技辑》;20180115;第I136-82页 * |
Also Published As
Publication number | Publication date |
---|---|
CN109450621A (en) | 2019-03-08 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN112822014B (en) | Data processing method and device, electronic equipment and storage medium | |
CN109584978B (en) | Information processing method and system based on signature aggregation medical health monitoring network model | |
CN110290108B (en) | Data processing method, system and related equipment in block chain network | |
CN101931529B (en) | Data encryption method, data decryption method and nodes | |
US11223486B2 (en) | Digital signature method, device, and system | |
CN110971411B (en) | SM2 homomorphic signature method for encrypting private key by multiplying based on SOTP technology | |
CN108650080B (en) | A kind of tagged keys management method and system | |
CN111416715B (en) | Quantum secret communication identity authentication system and method based on secret sharing | |
CN111404664B (en) | Quantum secret communication identity authentication system and method based on secret sharing and multiple mobile devices | |
US20220021526A1 (en) | Certificateless public key encryption using pairings | |
CN110969431A (en) | Safe trusteeship method, equipment and system of block chain digital currency private key | |
CN109040060B (en) | Terminal matching method and system and computer equipment | |
CN103905384A (en) | Embedded inter-terminal session handshake realization method based on security digital certificate | |
CN114826656A (en) | Trusted data link transmission method and system | |
CN111416712B (en) | Quantum secret communication identity authentication system and method based on multiple mobile devices | |
CN103634788A (en) | Certificateless multi-proxy signcryption method with forward secrecy | |
CN109951292A (en) | The SM9 digital signature simplified separates interaction generation method and system | |
CN112529573A (en) | Combined block chain threshold signature method and system | |
CN1260664C (en) | Method for exchanging pins between users' computers | |
CN103618593A (en) | Enhanced sensor safe attachment and key management method in body area network | |
CN110740034B (en) | Method and system for generating QKD network authentication key based on alliance chain | |
CN110048852B (en) | Quantum communication service station digital signcryption method and system based on asymmetric key pool | |
CN109450621B (en) | Information verification method and device of equipment | |
CN115776375A (en) | Face information identification encryption authentication and data security transmission method based on Shamir threshold | |
CN104868994A (en) | Collaboration secret key management method, device and system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |