CN113645582A - Logistics privacy protection system based on ciphertext policy attribute-based key encapsulation - Google Patents

Logistics privacy protection system based on ciphertext policy attribute-based key encapsulation Download PDF

Info

Publication number
CN113645582A
CN113645582A CN202110743563.XA CN202110743563A CN113645582A CN 113645582 A CN113645582 A CN 113645582A CN 202110743563 A CN202110743563 A CN 202110743563A CN 113645582 A CN113645582 A CN 113645582A
Authority
CN
China
Prior art keywords
logistics
key
information
module
attribute
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202110743563.XA
Other languages
Chinese (zh)
Other versions
CN113645582B (en
Inventor
洪晟
潘豪文
李世中
漆小静
马杰
方翌佳
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beihang University
Original Assignee
Beihang University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beihang University filed Critical Beihang University
Publication of CN113645582A publication Critical patent/CN113645582A/en
Application granted granted Critical
Publication of CN113645582B publication Critical patent/CN113645582B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/30Services specially adapted for particular environments, situations or purposes
    • H04W4/35Services specially adapted for particular environments, situations or purposes for the management of goods or merchandise
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K7/00Methods or arrangements for sensing record carriers, e.g. for reading patterns
    • G06K7/10Methods or arrangements for sensing record carriers, e.g. for reading patterns by electromagnetic radiation, e.g. optical sensing; by corpuscular radiation
    • G06K7/10544Methods or arrangements for sensing record carriers, e.g. for reading patterns by electromagnetic radiation, e.g. optical sensing; by corpuscular radiation by scanning of the records by radiation in the optical part of the electromagnetic spectrum
    • G06K7/10821Methods or arrangements for sensing record carriers, e.g. for reading patterns by electromagnetic radiation, e.g. optical sensing; by corpuscular radiation by scanning of the records by radiation in the optical part of the electromagnetic spectrum further details of bar or optical code scanning devices
    • G06K7/10861Methods or arrangements for sensing record carriers, e.g. for reading patterns by electromagnetic radiation, e.g. optical sensing; by corpuscular radiation by scanning of the records by radiation in the optical part of the electromagnetic spectrum further details of bar or optical code scanning devices sensing of data fields affixed to objects or articles, e.g. coded labels
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/08Logistics, e.g. warehousing, loading or distribution; Inventory or stock management
    • G06Q10/083Shipping
    • G06Q10/0833Tracking
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • H04W12/033Protecting confidentiality, e.g. by encryption of the user plane, e.g. user's traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/041Key generation or derivation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/043Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
    • H04W12/0431Key distribution or pre-distribution; Key agreement

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Electromagnetism (AREA)
  • Economics (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Human Resources & Organizations (AREA)
  • Artificial Intelligence (AREA)
  • Toxicology (AREA)
  • Development Economics (AREA)
  • General Health & Medical Sciences (AREA)
  • Entrepreneurship & Innovation (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Marketing (AREA)
  • Operations Research (AREA)
  • Quality & Reliability (AREA)
  • Strategic Management (AREA)
  • Tourism & Hospitality (AREA)
  • General Business, Economics & Management (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention relates to a logistics privacy protection system based on ciphertext policy attribute-based key encapsulation, which comprises a trusted key generation mechanism, a logistics company management end server, n handheld mobile devices and user mobile devices, wherein the trusted key generation mechanism is used for generating a ciphertext policy attribute-based key; apps are arranged on the user mobile equipment and the handheld mobile equipment; the n handheld mobile devices are respectively communicated with the logistics company management end server and the trusted key generation mechanism, the user mobile device is respectively communicated with the trusted key generation mechanism and the logistics company management end server, the logistics company management end server is communicated with the trusted key generation mechanism, and the user mobile device is further communicated with the nth handheld mobile device. The system provided by the invention provides a new logistics privacy protection system by combining the CP-ABKE, the identity verification technology and the two-dimension code technology, and designs an attribute-based information access authority control mechanism by combining the hierarchical encryption and the two-dimension code scanning decryption technology, so as to realize the internal user information protection.

Description

Logistics privacy protection system based on ciphertext policy attribute-based key encapsulation
Technical Field
The invention provides a logistics privacy protection system based on Ciphertext Policy Attribute based key Encapsulation (CP-ABKE, Ciphertext Policy-Attribute based key Encapsulation), and belongs to the field of logistics information security.
Background
According to the statistics of the national post and government offices, in 2020, the accumulated business volume of national logistics service enterprises is 833.6 hundred million pieces, and the business volume is increased by 31.2% on year-on-year basis; the business income accumulation is 8795.4 billion yuan, and the business income is increased by 17.3 percent. Wherein, the traffic in the same city is accumulated to 121.7 hundred million pieces, and the traffic is increased by 10.2 percent on the same scale; 693.6 billions of traffic is accumulated and completed in different places, and the traffic is increased by 35.9% on a same scale; the international/hong Autai station traffic accumulatively completes 18.4 hundred million pieces, and the traffic is increased by 27.7 percent on a par. However, in recent years, the event that the logistics company leaks the client information is frequent, and the main reason is that the user privacy protection mechanism is weak, personnel in the logistics company can easily obtain the user privacy, and the private information of the sender and the receiver is clearly written on the logistics list and is easily acquired by lawbreakers, so that the privacy leakage is caused, and the logistics company becomes a target of lawbreaker telecommunication fraud or harassment.
The workflow of the traditional logistics information system is divided into three modules, namely a collecting stage, a transporting stage and a dispatching stage: in the receiving stage, a user fills an electronic receipt, filling information comprises addresses, names, telephones and the like of a sender and a receiver, a logistics company plans a logistics path after receiving the electronic receipt, returns a paper receipt, and attaches the paper receipt to a package and delivers the paper receipt to a logistics delivery center for transportation; after the packages arrive at the logistics sorting center in the transportation stage, the logistics company staff sort the packages through the information on the package surface list and transport the packages to the next station; in the delivery stage, the deliverer contacts the addressee through the addressee information on the bill and delivers the package to the addressee. In the process, the staff in the logistics company can easily acquire the private information of the user, and the private information of the user always exists on the package, so that the privacy of the user is greatly threatened; in the distribution stage, the package is falsely or misled by others, so that the user is directly lost.
Ciphertext Policy Attribute Based Encryption (CP-ABE, Ciphertext Policy Attribute Based Encryption) is an Attribute-Based Encryption technique, and has the following four characteristics: the resource provider only needs to encrypt by using the user attribute, and does not need to pay attention to the number and the identity of members in a group, so that the data encryption overhead is reduced, and the user privacy is protected; secondly, only the group members meeting the requirement of the ciphertext attribute can decrypt the message, thereby ensuring the confidentiality of the data; thirdly, in the ABE mechanism, the user key is related to random polynomial or random number, and the keys of different users cannot be combined, so that collusion attack of the users is prevented; and fourthly, the ABE mechanism supports a flexible access control strategy based on attributes, and/or, not and threshold operation of the attributes can be realized. The characteristics enable the ciphertext policy attribute based encryption (CP-ABE) to be more suitable for being used as an encryption scheme for logistics system privacy protection than the traditional public key encryption technology.
But the cipher text strategy attribute based encryption (CP-ABE) is an encryption algorithm based on bilinear pairwise operation, the algorithm cost is high, and the encryption algorithm is difficult to deploy on mobile equipment.
The digital signature technology is an identity authentication technology based on public key encryption, a signing party uses a private key of the signing party to encrypt information as a signature, other people can use public key decryption information of the signing party to verify the signature, and once the signature is successfully verified, according to the corresponding relation of public key cryptography, the information can be known to be sent by a user who only has the private key but not sent by other users. This technique can be used to solve the problem of person authentication that does not involve privacy during the logistics distribution phase.
Disclosure of Invention
Aiming at the above information security problems of the existing logistics system, the invention provides a logistics privacy protection system based on ciphertext policy attribute based key encapsulation (CP-ABKE). The invention aims to solve the problems of decentralization of user privacy, mask information hiding and character verification in the logistics process by using the technologies of attribute encryption, two-dimensional code secret mask, digital signature and the like. The invention realizes the full-flow protection of the user privacy in the logistics system, and particularly prevents personnel in the logistics company from revealing the user privacy.
In order to achieve the above purposes, the technical scheme adopted by the invention is as follows:
the invention provides a logistics privacy protection system based on ciphertext policy attribute based key encapsulation (CP-ABKE), which comprises: the system comprises a trusted key generation mechanism, a logistics company management end server, n handheld mobile devices and user mobile devices;
the user mobile equipment is used by a sender and a receiver, and app is arranged on the user mobile equipment;
the handheld mobile device is used by logistics workers, the 1 st handheld mobile device is used by courier 1, the 2 nd handheld mobile device is used by courier 2, … …, the n-1 st handheld mobile device is used by courier n-1, the n th handheld mobile device is used by courier n, and the handheld mobile device is provided with an app;
an order initialization module, a retrieval module, a receiving module and a mobile scanning dialing module are arranged in the app; the order initialization module comprises an encryption module and a key encapsulation module; the retrieval module and the receiving module both comprise a decryption module and a key decapsulation module; the order initialization module is deployed on user mobile equipment, and the retrieval module, the receiving module and the mobile scanning dialing module are deployed on n handheld mobile equipment;
the trusted key generation mechanism is provided with an initialization module and a key generation module;
the logistics company management end server is provided with an information processing module, and the information processing module comprises an encryption module and a key packaging module;
the n handheld mobile devices are respectively communicated with a logistics company management end server and a trusted key generation mechanism, the user mobile device is respectively communicated with the trusted key generation mechanism and the logistics company management end server, the logistics company management end server is communicated with the trusted key generation mechanism, and the user mobile device is also communicated with the nth handheld mobile device;
the method comprises the following steps that staff participating in the logistics transportation process register on app of the handheld mobile device, and submit corresponding work attributes to a trusted key generation mechanism to apply for an attribute private key;
the trusted key generation mechanism verifies the working attributes of each worker, after the work attributes are verified, the trusted key generation mechanism is initialized through the initialization module, then an attribute private key corresponding to each worker is generated through the key generation module and is distributed to the handheld mobile equipment of the corresponding worker, the attribute private key is stored in the handheld mobile working equipment of the worker, and the trusted key generation mechanism also manages the attribute private key to prevent the key from being leaked or lost;
the trusted key generation mechanism also generates a corresponding public and private key pair for the workers participating in the logistics transportation process, and the corresponding public and private key pair is arranged in the handheld mobile equipment;
registering the sender and the receiver on the app of the user mobile equipment, generating corresponding public and private key pairs for the sender and the receiver by the aid of a trusted key generation mechanism, and arranging the corresponding public and private key pairs in the user mobile equipment, binding the public and private key pairs issued by the trusted key generation mechanism by the app accounts of the sender and the receiver, and sending self public keys to the sender by the receiver;
the trusted key generation mechanism also issues a corresponding public and private key pair for the logistics company management end server, and the logistics company management end server sends the public key of the logistics company management end server to the sender;
working personnel participating in the logistics transportation process log in the app through the identity attribute and the working attribute, and the app can be logged in only after the working attribute and the identity attribute are successfully verified;
the method comprises the steps that an addresser logs in app on user mobile equipment, logistics information is filled in the user mobile equipment, an order is generated, private information of the addresser and the addressee is encrypted locally by using longitude and latitude coordinates of the addressee, meanwhile, a Hash function and a private key of the addresser and the addresser are used for signing a logistics package, and the encrypted private information, the signature and the logistics information are encrypted by using a public key provided by a logistics company management end server and then packaged and sent to a logistics company management end server;
the logistics company management end server receives an order initiated by a sender (or a user), decrypts the order by using a private key of the logistics company management end server, plans a transportation path through logistics information submitted by the sender (or the user), uses longitude and latitude coordinates of a logistics site on the transportation path as position attributes, uses normal working time of the logistics site as time attributes (working time of the logistics site or working time of workers, such as from 8 o 'clock to 18 o' clock), uses working identity of the logistics workers as authority attributes, performs hierarchical encryption on the logistics information by using the attributes, returns a secret-carrying two-dimensional code sheet (containing information required in the logistics transportation process), and the courier 1 attaches the secret-carrying two-dimensional code sheet on the surface of a logistics package sheet and delivers the secret-carrying two-dimensional code sheet to a logistics delivery center for transportation;
in the logistics sorting stage, the courier 2 uses the 2 nd handheld mobile device to scan the secret-carrying two-dimensional code surface list and uploads the working attributes of the courier to a logistics company management end server;
the logistics company management end server verifies the received working attributes and then sends corresponding ciphertexts for the logistics company management end server (when the working position, the working time and the working identity in the working attributes of the courier 2 correspond to the attributes in the hierarchical encryption, the deciphering is successful, and the logistics company management end server sends the corresponding ciphertexts); after the 2 nd handheld mobile device receives the ciphertext, the courier 2 generates a corresponding key through the attribute private key of the courier 2, decrypts the ciphertext, obtains information of the next station, and sends the goods to the next station;
repeating the operation till the logistics distribution stage;
in the logistics distribution stage, a dispatcher n uses an nth handheld mobile device to scan a secret-carrying two-dimensional code list at a logistics site and uploads the working attribute of the dispatcher n to a logistics company management end server;
the logistics company management end server verifies the received working attribute and then sends a corresponding ciphertext to the logistics company management end server; after the nth handheld mobile device receives the ciphertext, the dispatcher n generates a corresponding key through the attribute private key of the dispatcher n, decrypts the ciphertext to obtain the address of the recipient, when the address of the recipient enters a certain range, the dispatcher n uses the nth handheld mobile device to scan codes again, generates the corresponding key through the attribute private key of the dispatcher n, decrypts the detailed information of the recipient, and sends a short message or makes a call to the mobile device of the user to contact the recipient (user);
in the logistics receiving stage, after a receiver receives goods, a user mobile device is used for scanning the secret-carrying two-dimensional code bill, a private key of the receiver is used for decrypting a digital signature of a sender, and the digital signature of the sender is verified; and the dispatcher n verifies the digital signature of the sender decrypted by the receiver by using the nth handheld mobile device, after the verification is finished, the receiver sends a receiving confirmation message to the logistics company management end server by using the user mobile device, and the transportation process is ended.
On the basis of the above scheme, the working attributes include: working position, working time, working identity, equipment environment and the like; the working time (time attribute) specifically refers to the working time of the staff, such as 8: 00-18: 00 is working time, and uploading is carried out in the working time period; uploading the working position (position attribute) in latitude and longitude, and reserving six significant digits; the working identity (authority attribute) refers to the post of a worker, if the working identity is a sorter, only the next station information can be obtained, and if the working identity is an administrator, more logistics information can be obtained; the identity attribute comprises a job number, a name and the like, and the job number, the name and the like are uploaded in a character string.
On the basis of the scheme, the encryption module and the key encapsulation module operate on user mobile equipment and a logistics company management end server, the decryption module and the key decapsulation module operate on n handheld mobile equipment, the mobile scanning dialing module operates on the nth handheld mobile equipment, and the initialization module and the key generation module operate on a trusted key generation mechanism.
On the basis of the scheme, the key encapsulation module, the key decapsulation module, the encryption module, the decryption module, the initialization module and the key generation module adopt a CP-ABKE algorithm.
On the basis of the above scheme, the key encapsulation module executes the following steps on the user mobile device:
1) packaging the logistics information from which the private information is removed as Section 1;
2) generating a random number HN, encrypting and executing a CP-ABKE algorithm by using longitude and latitude coordinates of a receiver to generate a symmetric key, using the key as an AES key, encrypting the private information of the sender and the receiver, and using the encrypted private information of the sender and the receiver, HN and order ID as a Section 2;
3) calculating Hash (HN) which is equal to RN, encrypting all logistics information by using a private key of a sender to form a digital signature of the sender, and encrypting the RN, the private information, the order ID and the digital signature of the sender by using a public key of a receiver to form Section 3;
and encrypting the Section1, the Section2 and the Section3 by using a public key provided by the logistics company management side server, and sending the encrypted information to the logistics company management side server.
On the basis of the scheme, the private information comprises detailed addresses, telephone numbers, names and the like of the sender and the receiver; the logistics information includes a shipping site, a receiving site, and an order ID with detailed addresses removed.
Based on the scheme, the digital signature algorithm is RSA-1024, and the Hash algorithm is MD 5.
On the basis of the scheme, the secret-carrying two-dimensional code sheet consists of the order ID and the secret-carrying QR code, information on the secret-carrying two-dimensional code sheet can be obtained only when an authorized user scans the secret-carrying two-dimensional code sheet, and even an unauthorized user obtains the secret-carrying two-dimensional code sheet, the unauthorized user cannot obtain the logistics information ciphertext.
On the basis of the scheme, the order ID can be used in place of the secret-carrying QR code when the secret-carrying two-dimensional code surface is stained or cannot be scanned, the secret-carrying QR code contains encrypted private information, digital signatures and the like, logistics information and remark information are obtained after the logistics company management end server is encrypted in a grading mode, the remark information comprises price guarantee information, payment information and the like, and the secret-carrying QR code is encrypted by using a national secret algorithm.
On the basis of the scheme, the logistics company management end server stores the logistics information identification after the hierarchical encryption in the secret-carrying two-dimensional code sheet, and people with different working attributes can scan the same secret-carrying two-dimensional code sheet to obtain different information from the logistics company management end server.
On the basis of the scheme, the attribute private key is used for decrypting information on the secret-carrying two-dimensional code bill.
On the basis of the scheme, the sender encrypts the private information on the user mobile equipment and then sends the encrypted private information to the logistics company management end server, and a worker cannot acquire the private information from the logistics company management end server and can decrypt the private information only by the distributor n at the last section of the transportation stage through the property of the distributor n.
On the basis of the scheme, the specific operation of carrying out hierarchical encryption on the logistics information is as follows: the logistics stations passing through are set as M1, M2.., Mn, and before the logistics package reaches the last station, the encrypted logistics information specifically refers to the longitude and latitude coordinates of the next logistics station, namely the longitude and latitude coordinates of the current station are used for encrypting the information of the next station, so that the condition that the staff of each station can only obtain the information of the next station is ensured.
The system provided by the invention provides a new logistics privacy protection system by combining the CP-ABKE, the identity verification technology and the two-dimension code technology, and designs an attribute-based information access authority control mechanism by combining the hierarchical encryption and the two-dimension code scanning decryption technology, so as to realize the internal user information protection.
The invention has the following advantages and positive effects:
1. in the system, the private information of the user is encrypted through the attribute, and only the staff according with the attribute can decrypt and obtain the information, namely only the last dispatch (dispatcher) can obtain the private information of the user at a specified position within a limited time. Compared with the traditional system in which the logistics company management end can randomly access the private information of the user, the system in which the logistics company management end server cannot acquire the private information of the user eliminates the potential safety hazard that internal personnel of the logistics company reveal the private information of the user in large quantities.
2. The system realizes access control on the courier through multiple attributes, and the courier can log in the app only when the working attribute, the identity attribute and other attributes are verified successfully. Compared with the traditional system which only carries out access control through the password, the system uses multiple attributes to identify the identity of the courier, and solves the problem of data leakage caused by password leakage or imposition of the courier.
3. In the system, logistics information and private information are stored by the secret-carrying two-dimensional code list, and only authorized equipment of an authorized user can scan codes to obtain effective information. Compared with a traditional system in which the plain text surface sheet directly exposes the privacy information of the user, the secret-carrying two-dimensional code surface sheet eliminates the potential safety hazard that the plain text surface sheet reveals the privacy of the user.
4. The system uses a hierarchical encryption technology, and each station can only obtain the information of the next station in the transportation process. Compared with the traditional system in which all transport participants can acquire the transport information, the system greatly reduces the information transfer range in the transport process, and avoids the potential safety hazard of revealing the privacy of users in the transport process.
5. In the distribution process of the system, fine-grained control over the position attribute of the courier is realized by acquiring longitude and latitude coordinates, and the contact way and the detailed address of the receiver are unlocked when the courier enters a certain range of the receiver, so that the transportation problem of the last kilometer is solved.
6. The digital signature is used in the delivery and receiving stages of the system, so that traceability of a package source is realized, the package source is destined for certification, and compared with direct delivery of a traditional system, the system realizes person-to-person verification, solves traceability of goods and verifiability of a receiver under the condition of unknown private information of the receiver, and solves the problem of false sign-off in the traditional logistics system.
The CP-ABKE algorithm is based on bilinear pairwise operation, is a high-level public key algorithm, and is not feasible in brute force cracking.
8. The system is designed based on the existing equipment in the current logistics industry, the transplanting cost is low, and the equipment transformation cost is low.
Drawings
The invention has the following drawings:
FIG. 1 is a schematic flow chart of the system.
Fig. 2 is a schematic diagram of an encryption flow in an order generation stage.
Fig. 3 is a schematic diagram of a process for acquiring an attribute private key by an employee.
FIG. 4 is a diagram illustrating the CP-ABE algorithm encryption and decryption.
FIG. 5 is a flow chart of modules of the transportation process.
Fig. 6 is a schematic diagram of a secret-carrying two-dimensional code surface.
Fig. 7 is a schematic diagram of user information circulation in a conventional logistics system.
Fig. 8 is a schematic diagram of the user information flow of the system.
Fig. 9 is a graph of the overhead of the encryption algorithm of the present system.
FIG. 10 is a graph showing the encryption time test of the present system.
FIG. 11 is a schematic flow chart of the system.
Detailed Description
The present invention is described in further detail below with reference to figures 1-11.
The invention provides a logistics privacy protection system based on ciphertext policy attribute-based key encapsulation, which is described in detail with reference to the accompanying drawings as follows:
as shown in fig. 1, the system is composed of a trusted key generation mechanism, a logistics company management side server, n handheld mobile devices and a user mobile device.
The user mobile equipment is used by a sender and a receiver, and app is arranged on the user mobile equipment;
the handheld mobile device is used by logistics workers, the 1 st handheld mobile device is used by courier 1, the 2 nd handheld mobile device is used by courier 2, … …, the n-1 st handheld mobile device is used by courier n-1, the n th handheld mobile device is used by courier n, and the handheld mobile device is provided with an app;
an order initialization module, a retrieval module, a receiving module and a mobile scanning dialing module are arranged in the app; the order initialization module comprises an encryption module and a key encapsulation module; the retrieval module and the receiving module both comprise a decryption module and a key decapsulation module; the order initialization module is deployed on user mobile equipment, and the retrieval module, the receiving module and the mobile scanning dialing module are deployed on n handheld mobile equipment;
the trusted key generation mechanism is provided with an initialization module and a key generation module;
the logistics company management end server is provided with an information processing module, and the information processing module comprises an encryption module and a key packaging module;
the encryption module and the key encapsulation module run on user mobile equipment and a logistics company management end server, the decryption module and the key decapsulation module run on n handheld mobile equipment, the mobile scanning dialing module runs on the nth handheld mobile equipment, and the initialization module and the key generation module run on a trusted key generation mechanism.
The key encapsulation module, the key decapsulation module, the encryption module, the decryption module, the initialization module and the key generation module adopt a CP-ABKE algorithm.
The n handheld mobile devices are respectively communicated with the logistics company management end server and the trusted key generation mechanism, the user mobile device is respectively communicated with the trusted key generation mechanism and the logistics company management end server, the logistics company management end server is communicated with the trusted key generation mechanism, and the user mobile device is further communicated with the nth handheld mobile device.
The main process is that after a sender (sender) generates an order, the processed order is sent to an administrator (a management end server of a logistics company), the administrator plans a path and returns a QR code secret-carrying surface sheet (a secret-carrying two-dimensional code surface sheet), and the logistics package starts to be transported; each level of couriers needs to apply for an attribute private key to a trusted key generation mechanism in advance, and the trusted key generation mechanism distributes a corresponding attribute private key to the couriers according to the received work attributes; after receiving the logistics package, the courier scans a QR code secret-carrying surface sheet on the surface of the logistics package, verifies the working attribute of the courier to the administrator, after the verification is completed, the administrator sends a corresponding ciphertext to the courier, and the courier decrypts the ciphertext through an attribute private key to complete the transportation; and the last-stop distributor (distributor) decrypts the specific information of the receiver (receiver) through the attribute private key, and completes distribution after verification with the receiver.
As shown in fig. 11, the specific process is as follows:
the method comprises the following steps: the logistics company staff submits working attributes such as working position, working time, working identity, equipment environment and the like to the trusted key generation mechanism to apply for the attribute private key; after the credible key generation mechanism verifies the authenticity of the work attribute submitted by the worker, a KeyGen algorithm in the CP-ABKE encryption algorithm is used for generating a corresponding attribute private key for the worker, and the attribute private key is sent to the worker, and the attribute private key is stored in the handheld mobile equipment used by the worker. When the staff of the logistics company register, the trusted key generation mechanism generates a corresponding public and private key pair for each staff and is arranged in the handheld mobile equipment of the logistics staff. The trusted key generation mechanism should be responsible for managing the attribute private key to prevent the key from being leaked or lost.
Registering the sender and the receiver on the app of the user mobile equipment, generating corresponding public and private key pairs for the sender and the receiver by the aid of a trusted key generation mechanism, and arranging the corresponding public and private key pairs in the user mobile equipment, binding the public and private key pairs issued by the trusted key generation mechanism by the app accounts of the sender and the receiver, and sending self public keys to the sender by the receiver;
the trusted key generation mechanism also issues a corresponding public and private key pair for the logistics company management end server, and the logistics company management end server sends the public key of the logistics company management end server to the sender;
working personnel participating in the logistics transportation process log in the app through the identity attribute and the working attribute, and the app can be logged in only after the working attribute and the identity attribute are successfully verified; the operational attributes include: working position, working time, working identity, equipment environment and the like; the working time (time attribute) specifically refers to the working time of the staff, such as 8: 00-18: 00 is working time, and uploading is carried out in the working time period; uploading the working position (position attribute) in latitude and longitude, and reserving six significant digits; the working identity (authority attribute) refers to the post of a worker, if the working identity is a sorter, only the next station information can be obtained, and if the working identity is an administrator, more logistics information can be obtained; the identity attribute comprises a job number, a name and the like, and the job number, the name and the like are uploaded in a character string.
Step two: the sender fills in logistics information on the user mobile equipment, and a key encapsulation module built in the user mobile equipment executes the following steps:
1) packaging the logistics information from which the private information is removed as Section 1;
2) generating a random number HN, encrypting and executing a CP-ABKE algorithm by using longitude and latitude coordinates of a receiver to generate a symmetric key, using the key as an AES key, encrypting the private information of the sender and the receiver, and using the encrypted private information of the sender and the receiver, HN and order ID as a Section 2;
3) calculating Hash (HN) which is equal to RN, encrypting all logistics information by using a private key of a sender to form a digital signature of the sender, and encrypting the RN, the private information, the order ID and the digital signature of the sender by using a public key of a receiver to form Section 3;
encrypting the Section1, the Section2 and the Section3 by using the public key of the logistics company management side server, and sending the encrypted information to the logistics company management side server;
step three: after receiving order information submitted by a user, the logistics company management end server decrypts the order information by using a private key of the logistics company management end server, plans a logistics transportation path according to the logistics information in Section1, after the path planning is completed, hierarchically encrypts logistics site information by using attributes (position attribute, time attribute and authority attribute) of logistics sites on the path, and after the encryption is completed, encodes the encrypted information by using a QR code to form a secret-carrying two-dimensional code surface list and returns the secret-carrying two-dimensional code surface list to a goods receiving person (courier 1). And (3) a carrier (courier 1) attaches the two-dimension code carrying surfaces to the surface of the goods individually and sends the two-dimension code carrying surfaces to a logistics delivery center for transportation.
Step four: after receiving the goods, the staff of the logistics sorting center uses handheld equipment to scan the secret-carrying two-dimensional code surface list and uploads the working attributes of the staff to a management end server of a logistics company; the logistics company management end server verifies the received attribute and then sends a corresponding ciphertext to the logistics company management end server; after receiving the ciphertext, the employee generates a corresponding key through the attribute private key of the employee, decrypts the ciphertext, obtains information of the next station, and sends the goods to the next station.
Step five: after receiving the goods, a deliverer of the logistics receiving center scans the secret-carrying two-dimensional code surface list and uploads the working attribute of the deliverer to a management end server of a logistics company; after the attribute is verified by the logistics company management end server, the encrypted private information ciphertext of the user is sent to the dispatcher, the dispatcher generates a corresponding key through a private key of the attribute of the dispatcher, the private information of the user is decrypted, and the user telephone is dialed to complete the dispatch.
Step six: after receiving the goods, the receiver scans the secret-carrying two-dimensional code bill, decrypts the Section3 encrypted by the sender by using a private key of the receiver, and verifies the digital signature of the sender; the dispatcher can compare the HN in Section2 with the RN decrypted by the receiver so as to verify the identity of the receiver; and finishing the whole transportation stage after the verification is successful.
Through the steps, only the user and the final section of the deliverer can obtain the privacy information of the user, so that the decentralization of the privacy information of the user in the logistics transportation process is realized; access control in the logistics transportation process is realized through the hierarchical encryption of the logistics sites; the hiding of the menu information is realized by storing the information in the secret two-dimensional code, and the figure identity verification in the receiving stage is realized by the digital signature; the problem that user privacy is revealed in the logistics process is solved from multiple dimensions.
In the second step, the private information comprises detailed addresses, telephone numbers and names of the sender and the receiver, the logistics information comprises a delivery site, a receiving site and an order ID without the detailed addresses, the digital signature algorithm is RSA-1024, and the Hash algorithm is MD 5.
In the third step, the operation of the logistics company for encrypting the logistics information is specifically as follows: the logistics stations passing through are M1, M2.., Mn, and before the logistics packages reach the last station, the encrypted logistics information (M1, M2.., Mn-1) specifically refers to the longitude and latitude coordinates of the next logistics station, namely the information of the next station is encrypted by using the longitude and latitude coordinates of the current station, so that the staff of each station can only obtain the information of the next station. The generated secret-carrying two-dimensional code can obtain effective information only when being scanned by authorized equipment of a logistics company.
In the fifth step, the information uploaded by the logistics receiving center deliverer after scanning the secret-carrying two-dimensional code comprises: working attributes of the user and secret-carrying two-dimensional code information; the logistics company management end server needs to verify the authenticity of the attribute of the employee and send encrypted user private information to the employee; when the dispatcher enters the designated receiving point within 1000m of radius (namely, two decimal places are reserved in longitude and latitude (xxx.xx, xxx.xx)), and the longitude and latitude attributes and the time attributes used when the dispatcher encrypts are consistent, the dispatcher can scan the codes to dial the phone of the receiver and obtain the detailed address to finish dispatching.
Sender order processing algorithms as shown in fig. 2, where the sender needs to fill in the address, name and phone of the sender and receiver, the algorithms classify the information into three categories: logistics information, final delivery information and user receiving information, wherein the logistics information is provided for the logistics company and is used for providing express delivery service with the position accurate to the streetThe order is selected by the sender to be completed when the order is created, and user sensitive information is not included. The hierarchical address information is divided into provincial, city, county and street according to the regional division. Contains sender hierarchical address information (AddSen) and recipient hierarchical address information (AddRec). The final dispatch information is provided to the courier (dispatcher) in the last link to complete the last kilometer of dispatch service, and includes the original address information filled by the user, i.e., the complete specific address (DetAddSen) of the sender and the complete specific address (DetAddRec) of the recipient, the logistics number (IDOrder), the telephone numbers of the sender (PhoSen) and the recipient (PhoRec), and the verification code HN for verifying the identity of the recipient. And finally, the sending information uses the longitude and latitude coordinates of the receiver to encrypt the attribute. The user receiving information is used for confirming the receiving and specifying the logistics information and is provided for the receiver. Specifically including the sender's name (NamSen), the receiver's name (NamRec), the sender's phone (PhoSen), the receiver's phone (PhoRec), the authentication code, and the original address information. The user receipt information is encrypted using the public key (PUBRec) of the recipient and decrypted only by the recipient. PRIuserRepresenting the private key, PUB, of the useruserRepresenting the user public key. The method comprises the following specific steps: the sender first generates a random number IDOrderI.e. the unique logistics number of the express delivery, represents the unique identification of the goods. At the same time, another random number RN is generated and HN ═ hash (RN) is calculated. Then, the sender encrypts all private information through the private key of the sender to obtain the electronic signature of the senderSen. The sender classifies and packages the information and adds the classified address informationSen、AddRecAnd IDOrderStored in Section1(ii) a Specific address information PhoSen、PhoRec、IDOrderAnd HN in Section2Performing the following steps; finally all private information and signature are transmittedSen、IDOrderAnd RN is stored in Section3Among them.
The flow of the express staff obtaining the Attribute private key is shown in fig. 3, and the express staff submits a work Attribute (Attribute) to the trusted key generation mechanism, wherein the work Attribute includes a work position, work time, a work identity, an equipment environment and the like; after the credible key generation mechanism verifies the authenticity of the attribute, the corresponding attribute private key SK is generated through Keygen (Attribute) and returned to express employees.
The specific encryption and decryption process of the CP-ABE algorithm is shown in fig. 4, in the example, the public key PK and the encryption attribute S ═ { BUAA, HD, Beijing } are used to encrypt the plaintext M ═ HelloBUAA, and the ciphertext C is obtained after encryption; when in decryption, if the decryption attribute S 'contains the encryption attribute S, the decryption can be successful, and if the decryption attribute S' does not meet the encryption attribute S, the decryption cannot be performed.
The CP-ABKE algorithm is used in the system to complete key agreement, namely, an empty message is encrypted through the CP-ABE algorithm according to the encryption attribute to generate a ciphertext M, the M is subjected to Hash to obtain a key K, the key K is used as an AES key to encrypt information, after a receiver receives the ciphertext, the empty message is subjected to decryption algorithm through the attribute S and the private key SK to generate a message M ', if the decryption attribute is matched with the encryption attribute, the M' is subjected to Hash to generate a corresponding key K, and the key is used for AES decryption.
As shown in fig. 5, the flow chart of each module in the transportation process is that the order initialization module is deployed in the user mobile device and is responsible for generating an order ciphertext, the order initialization module inputs the order information plaintext and outputs the order information ciphertext, and the order information is sent to the management server of the logistics company after passing through the initialization module. The encryption module is arranged at a logistics company management end server and is mainly responsible for encrypting logistics information, the encryption module inputs the logistics information such as order distribution paths, station number and the like and outputs a logistics information ciphertext encrypted by hierarchical attributes. The retrieval module is deployed on courier mobile equipment and is mainly responsible for decrypting the logistics information ciphertext by using a courier attribute private key, the retrieval module inputs the logistics information ciphertext and outputs the decrypted logistics information plaintext. The receiving module is deployed on courier mobile equipment and is mainly responsible for receiving the packages, the last section of logistics information ciphertext is input into the receiving module, and the output is a delivery target.
The secret-carrying two-dimensional code surface sheet in the system is shown in fig. 6 and mainly comprises an order ID and a secret-carrying QR code, wherein the order ID can be used for replacing the secret-carrying QR code when the secret-carrying two-dimensional code is stained or cannot be scanned, and the contents of the secret-carrying QR code comprise logistics information such as a transportation path, distribution information and the like; private information such as user detailed address, user telephone, user name, etc.; the price information, payment information and other remark information are encrypted by using a secret QR code through a national secret algorithm, and information can be acquired only when equipment with authority scans.
The current logistics system user information circulation situation is as shown in fig. 7, after the user private information is uploaded to the logistics company management end, the logistics company manager can easily obtain the user private information, the participants in the transportation process can also obtain the user private information, the user private information leakage ways are numerous, and hidden dangers are great.
A schematic diagram of a user private information circulation situation in the system is shown in fig. 8, the user information is divided into private information and logistics information, the private information is locally encrypted by using recipient attributes, the logistics information is encrypted by using a public key of a logistics company management server, and the logistics company management server can only acquire the logistics information and cannot acquire the user private information. Only the last distributor who accords with the encryption attribute can decrypt the private information of the user through the attribute private key, so that the risk of revealing the private information of the user is greatly reduced, and the hidden danger that the privacy of the user is revealed by personnel in the logistics company is eliminated.
The CP-ABKE encryption algorithm overhead of the system is shown in FIG. 9, which is a time cost for testing CP-ABKE encryption and decryption and a key generation function by using different attribute sets, a key generation module is a module with the largest overhead, and part of calculation overhead is borne by a trusted key generation mechanism, so that the calculation pressure of a mobile device and a logistics company management end server is greatly reduced, when 10 attributes are used for CP-ABKE encryption and decryption, the encryption and decryption time is less than 1s, wherein the CP-ABKE encryption operation time consumption executed by the logistics company management end server is less than 1s, and the CP-ABKE decryption operation time consumption executed by the mobile device is less than 0.3 s.
FIG. 10 is a graph for simulating the encryption and decryption time overhead in the logistics transportation process of the system, and the abscissa represents the number of trials, wherein the encryption and decryption of CP-ABKE and the encryption of AES occupy most of the time overhead. While the time overhead of AES decryption and MD5 is smaller. Under the normal use condition, the use attribute is about 5, the encryption time is about 0.25s, the decryption time is about 0.06s, and the use requirement in the normal logistics transportation process can be met.
Table 1 shows a security comparison table of the system and a conventional system, which compares advantages and disadvantages of the system and the conventional system in terms of whether the system can resist attack modes such as eavesdropping attack, content leakage attack, masquerading attack, collusion attack and the like, and security targets such as data confidentiality, data integrity, non-repudiation, traceability and access control from logistics processes such as a single information mode and an encrypted data mode, and shows that the system realizes protection of private information in a full flow, can resist various attacks, and is high in security.
Table 1 shows the safety comparison table between the system and the conventional system
Figure BDA0003142136970000171
Those not described in detail in this specification are within the skill of the art.

Claims (10)

1. A logistics privacy protection system based on ciphertext policy attribute-based key encapsulation is characterized by comprising: the system comprises a trusted key generation mechanism, a logistics company management end server, n handheld mobile devices and user mobile devices;
the user mobile equipment is used by a sender and a receiver, and app is arranged on the user mobile equipment;
the handheld mobile device is used by logistics workers, the 1 st handheld mobile device is used by courier 1, the 2 nd handheld mobile device is used by courier 2, … …, the n-1 st handheld mobile device is used by courier n-1, the n th handheld mobile device is used by courier n, and the handheld mobile device is provided with an app;
an order initialization module, a retrieval module, a receiving module and a mobile scanning dialing module are arranged in the app; the order initialization module comprises an encryption module and a key encapsulation module; the retrieval module and the receiving module both comprise a decryption module and a key decapsulation module; the order initialization module is deployed on user mobile equipment, and the retrieval module, the receiving module and the mobile scanning dialing module are deployed on n handheld mobile equipment;
the trusted key generation mechanism is provided with an initialization module and a key generation module;
the logistics company management end server is provided with an information processing module, and the information processing module comprises an encryption module and a key packaging module;
the n handheld mobile devices are respectively communicated with a logistics company management end server and a trusted key generation mechanism, the user mobile device is respectively communicated with the trusted key generation mechanism and the logistics company management end server, the logistics company management end server is communicated with the trusted key generation mechanism, and the user mobile device is also communicated with the nth handheld mobile device;
the method comprises the following steps that staff participating in the logistics transportation process register on app of the handheld mobile device, and submit corresponding work attributes to a trusted key generation mechanism to apply for an attribute private key;
the trusted key generation mechanism verifies the working attributes of each worker, after the work attributes are verified, the trusted key generation mechanism is initialized through the initialization module, then the key generation module generates attribute private keys corresponding to each worker, and the attribute private keys are distributed to handheld mobile equipment of the corresponding workers;
the trusted key generation mechanism also generates a corresponding public and private key pair for the workers participating in the logistics transportation process, and the corresponding public and private key pair is arranged in the handheld mobile equipment;
registering the sender and the receiver on the app of the user mobile equipment, generating corresponding public and private key pairs for the sender and the receiver by the aid of a trusted key generation mechanism, and arranging the corresponding public and private key pairs in the user mobile equipment, binding the public and private key pairs issued by the trusted key generation mechanism by the app accounts of the sender and the receiver, and sending self public keys to the sender by the receiver;
the trusted key generation mechanism also issues a corresponding public and private key pair for the logistics company management end server, and the logistics company management end server sends the public key of the logistics company management end server to the sender;
working personnel participating in the logistics transportation process log in the app through the identity attribute and the working attribute, and the app can be logged in only after the working attribute and the identity attribute are successfully verified;
the method comprises the steps that an addresser logs in app on user mobile equipment, logistics information is filled in the user mobile equipment, an order is generated, private information of the addresser and the addressee is encrypted locally by using longitude and latitude coordinates of the addressee, meanwhile, a Hash function and a private key of the addresser and the addresser are used for signing a logistics package, and the encrypted private information, the signature and the logistics information are encrypted by using a public key provided by a logistics company management end server and then packaged and sent to a logistics company management end server;
the logistics company management end server receives an order initiated by a sender, decrypts the order by using a private key of the logistics company management end server after receiving the order, plans a transportation path through logistics information submitted by the sender, takes longitude and latitude coordinates of a logistics site on the transportation path as position attributes, takes normal working time of the logistics site as time attributes, takes working identity of logistics workers as authority attributes, performs hierarchical encryption on the logistics information by using the attributes, returns a secret two-dimensional code carrying surface sheet, and a courier 1 attaches the secret two-dimensional code carrying surface sheet to the surface of a logistics package and delivers the secret two-dimensional code carrying surface sheet to a logistics delivery center to start transportation;
in the logistics sorting stage, the courier 2 uses the 2 nd handheld mobile device to scan the secret-carrying two-dimensional code surface list and uploads the working attributes of the courier to a logistics company management end server;
the logistics company management end server verifies the received working attribute and then sends a corresponding ciphertext to the logistics company management end server; after the 2 nd handheld mobile device receives the ciphertext, the courier 2 generates a corresponding key through the attribute private key of the courier 2, decrypts the ciphertext, obtains information of the next station, and sends the goods to the next station;
repeating the operation till the logistics distribution stage;
in the logistics distribution stage, a dispatcher n uses an nth handheld mobile device to scan a secret-carrying two-dimensional code list at a logistics site and uploads the working attribute of the dispatcher n to a logistics company management end server;
the logistics company management end server verifies the received working attribute and then sends a corresponding ciphertext to the logistics company management end server; after the nth handheld mobile device receives the ciphertext, the dispatcher n generates a corresponding key through the attribute private key of the dispatcher n, decrypts the ciphertext to obtain the address of the recipient, when the address of the recipient enters a certain range, the dispatcher n uses the nth handheld mobile device to scan codes again, generates the corresponding key through the attribute private key of the dispatcher n, decrypts the detailed information of the recipient, and sends a short message or makes a call to the mobile device of the user to contact the recipient;
in the logistics receiving stage, after a receiver receives goods, a user mobile device is used for scanning the secret-carrying two-dimensional code bill, a private key of the receiver is used for decrypting a digital signature of a sender, and the digital signature of the sender is verified; and the dispatcher n verifies the digital signature of the sender decrypted by the receiver by using the nth handheld mobile device, after the verification is finished, the receiver sends a receiving confirmation message to the logistics company management end server by using the user mobile device, and the transportation process is ended.
2. The system of claim 1, wherein the working attributes comprise: working position, working time, working identity and equipment environment; the working time refers to the working time of workers and is uploaded in working time periods; uploading the working position by latitude and longitude, and reserving six effective digits; the working identity refers to the position of a worker; the identity attribute comprises a job number and a name, and the job number and the name are uploaded in character strings.
3. The system according to claim 1, wherein the encryption module and the key encapsulation module run on a user mobile device and a logistics company management server, the decryption module and the key decapsulation module run on n handheld mobile devices, the mobile scanning dialing module runs on an nth handheld mobile device, and the initialization module and the key generation module run on a trusted key generation mechanism.
4. The system according to claim 3, wherein the key encapsulation module, the key decapsulation module, the encryption module, the decryption module, the initialization module, and the key generation module use a CP-ABKE algorithm.
5. The system according to claim 3, wherein the key encapsulation module executes the following steps on the user mobile device:
1) packaging the logistics information from which the private information is removed as Section 1;
2) generating a random number HN, encrypting and executing a CP-ABKE algorithm by using longitude and latitude coordinates of a receiver to generate a symmetric key, using the key as an AES key, encrypting the private information of the sender and the receiver, and using the encrypted private information of the sender and the receiver, HN and order ID as a Section 2;
3) calculating Hash (HN) which is RN, encrypting all logistics information by using a private key of a sender to form a digital signature of the sender, and encrypting the RN, the private information, the order ID and the digital signature of the sender by using a public key of a receiver to form Section 3;
section1, Section2 and Section3 are encrypted using a public key provided by the logistics company management side server and transmitted to the logistics company management side server.
6. The logistics privacy protection system based on ciphertext policy attribute-based key encapsulation as claimed in claim 5, wherein the private information comprises detailed addresses, phone numbers and names of sender and recipient; the logistics information includes a shipping site, a receiving site, and an order ID with detailed addresses removed.
7. The logistics privacy protection system based on ciphertext policy attribute-based key encapsulation as claimed in claim 5, wherein the digital signature algorithm is RSA-1024 and the Hash algorithm is MD 5.
8. The logistics privacy protection system based on ciphertext policy attribute-based key encapsulation as claimed in claim 1, wherein the password-loaded two-dimensional code sheet consists of an order ID and a password-loaded QR code, information on the password-loaded two-dimensional code sheet can only be obtained when an authorized user scans the password-loaded two-dimensional code sheet, and even if an unauthorized user obtains the password-loaded two-dimensional code sheet, the logistics information ciphertext cannot be obtained.
9. The logistics privacy protection system based on ciphertext policy attribute-based key encapsulation as claimed in claim 8, wherein the order ID can be used in place of the secret-carrying QR code when the secret-carrying two-dimensional code surface is singly contaminated or cannot be scanned, the secret-carrying QR code includes encrypted private information and digital signature, logistics information and remark information after hierarchical encryption by the logistics company management side server, the remark information includes price guarantee information and payment information, and the secret-carrying QR code is encrypted by using a national secret algorithm.
10. The logistics privacy protection system based on ciphertext policy attribute-based key encapsulation as claimed in claim 1, wherein the specific operation of performing hierarchical encryption on logistics information is: let the logistics stations that pass through be M1, M2.., Mn, and before the logistics package reaches the last station, the encrypted logistics information specifically refers to the longitude and latitude coordinates of the next logistics station.
CN202110743563.XA 2021-06-03 2021-06-30 Logistics privacy protection system based on ciphertext policy attribute base key encapsulation Active CN113645582B (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202110620217 2021-06-03
CN2021106202172 2021-06-03

Publications (2)

Publication Number Publication Date
CN113645582A true CN113645582A (en) 2021-11-12
CN113645582B CN113645582B (en) 2023-05-12

Family

ID=78416557

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110743563.XA Active CN113645582B (en) 2021-06-03 2021-06-30 Logistics privacy protection system based on ciphertext policy attribute base key encapsulation

Country Status (1)

Country Link
CN (1) CN113645582B (en)

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103177220A (en) * 2013-04-12 2013-06-26 成都市易恒信科技有限公司 Personal information encryption method in logistics system based on two-dimensional codes
CN103401676A (en) * 2013-07-16 2013-11-20 中国人民解放军海军工程大学 Two-dimensional barcode-based logistics industry personal information privacy protection system and method
CN105719120A (en) * 2016-04-25 2016-06-29 成都蓉科联创科技有限责任公司 Method for encrypting privacy information on express waybills
CN106060016A (en) * 2016-05-19 2016-10-26 上海大学 Encryption logistic system
WO2017050163A1 (en) * 2015-09-23 2017-03-30 阿里巴巴集团控股有限公司 Logistic information processing method and device
CN107104969A (en) * 2017-04-27 2017-08-29 山西大学 The method that the individual privacy information in express delivery is protected with dynamic encryption mechanism
CN108573361A (en) * 2017-03-11 2018-09-25 唐亚洲 A kind of logistics system and implementation method of electronic management
WO2018232956A1 (en) * 2017-06-23 2018-12-27 深圳市盛路物联通讯技术有限公司 Logistics information processing method and system
CN110390207A (en) * 2019-06-26 2019-10-29 江苏大学 A kind of shopping online personal information method for secret protection and send method with charge free

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103177220A (en) * 2013-04-12 2013-06-26 成都市易恒信科技有限公司 Personal information encryption method in logistics system based on two-dimensional codes
CN103401676A (en) * 2013-07-16 2013-11-20 中国人民解放军海军工程大学 Two-dimensional barcode-based logistics industry personal information privacy protection system and method
WO2017050163A1 (en) * 2015-09-23 2017-03-30 阿里巴巴集团控股有限公司 Logistic information processing method and device
CN105719120A (en) * 2016-04-25 2016-06-29 成都蓉科联创科技有限责任公司 Method for encrypting privacy information on express waybills
CN106060016A (en) * 2016-05-19 2016-10-26 上海大学 Encryption logistic system
CN108573361A (en) * 2017-03-11 2018-09-25 唐亚洲 A kind of logistics system and implementation method of electronic management
CN107104969A (en) * 2017-04-27 2017-08-29 山西大学 The method that the individual privacy information in express delivery is protected with dynamic encryption mechanism
WO2018232956A1 (en) * 2017-06-23 2018-12-27 深圳市盛路物联通讯技术有限公司 Logistics information processing method and system
CN110390207A (en) * 2019-06-26 2019-10-29 江苏大学 A kind of shopping online personal information method for secret protection and send method with charge free

Also Published As

Publication number Publication date
CN113645582B (en) 2023-05-12

Similar Documents

Publication Publication Date Title
CN104933371B (en) Logistics personal information intimacy protection system based on multi-layer security Quick Response Code
CN105719120B (en) A method of encryption express delivery list privacy information
CN105554032B (en) A kind of identity real name verification method and verification system for posting part based on express delivery
US8499156B2 (en) Method for implementing encryption and transmission of information and system thereof
CN101720071B (en) Short message two-stage encryption transmission and secure storage method based on safety SIM card
CN100374971C (en) Securing access to an application service based on a proximity token
CN105354693A (en) Logistics industry-oriented system and method for cascade protection of user privacy information
CN105656920B (en) A kind of encryption and decryption method and system for posting number of packages evidence based on express delivery
CN106453268A (en) Method for realizing express privacy protection in the logistics process
CN101207482A (en) System and method for implementation of single login
CN101388776B (en) Ciphering and deciphering method and device for printed written files
US20110093713A1 (en) Signature method and device
CN107437105B (en) Multi-role full-scene NFC and QR code safe express delivery system and use method
CN1451213A (en) Systems and methods for authenticating an electronic message
CN106161444A (en) Secure storage method of data and subscriber equipment
CN103973714A (en) E-mail account generating method and system
CN108710931B (en) Mailing address information privacy protection method based on two-dimensional code
CN107229879A (en) Electronics confirmation request automatic generation method and system based on safe Quick Response Code
CN105490814B (en) A kind of ticketing service real name identification method and system based on three-dimension code
CN1829150B (en) Gateway identification device and method based on CPK
US20050289060A1 (en) Secure method of consulting article delivery receipts
CN113645582B (en) Logistics privacy protection system based on ciphertext policy attribute base key encapsulation
CN111080185A (en) Privacy protection express delivery and pickup system and method based on intelligent contract
CN1783777B (en) Enciphering method and system for fixing communication safety and data and fixing terminal weight discriminating method
CN103986724B (en) Email real name identification method and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant