CN112468304A - Data encryption method and device, computer equipment and storage medium - Google Patents

Data encryption method and device, computer equipment and storage medium Download PDF

Info

Publication number
CN112468304A
CN112468304A CN202011356213.XA CN202011356213A CN112468304A CN 112468304 A CN112468304 A CN 112468304A CN 202011356213 A CN202011356213 A CN 202011356213A CN 112468304 A CN112468304 A CN 112468304A
Authority
CN
China
Prior art keywords
vehicle
ciphertext
data
signature
mounted terminal
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202011356213.XA
Other languages
Chinese (zh)
Other versions
CN112468304B (en
Inventor
袁爱钧
谷国栋
程子清
熊俊杰
李奎
张磊
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hunan Saiji Smart City Construction Management Co ltd
Original Assignee
Hunan Saiji Smart City Construction Management Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hunan Saiji Smart City Construction Management Co ltd filed Critical Hunan Saiji Smart City Construction Management Co ltd
Priority to CN202011356213.XA priority Critical patent/CN112468304B/en
Publication of CN112468304A publication Critical patent/CN112468304A/en
Application granted granted Critical
Publication of CN112468304B publication Critical patent/CN112468304B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • H04L9/3255Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using group based signatures, e.g. ring or threshold signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/84Vehicles

Abstract

The invention relates to a data encryption method, a data encryption device, computer equipment and a storage medium, wherein the method comprises the steps of obtaining data to be transmitted to obtain initial data; performing group signature encryption on the initial data to obtain a ciphertext; and sending the ciphertext to the other vehicle-mounted terminal, and decrypting the ciphertext by the other vehicle-mounted terminal. According to the invention, the public key of the group where the vehicle is located is obtained, the public key of the group is utilized to carry out group signature encryption on the data to be sent, the data receiver can only know that the data is signed and sent by one member of the group consisting of a plurality of publishers, if a false message is sent, the server can trace back the publisher, only the vehicle-mounted terminal completes data encryption, and the participation of roadside units is not needed, so that the user data privacy in the intelligent traffic is protected, and the data security in the intelligent traffic is improved.

Description

Data encryption method and device, computer equipment and storage medium
Technical Field
The present invention relates to data processing methods, and more particularly, to a data encryption method, apparatus, computer device, and storage medium.
Background
The smart traffic is the main embodiment of smart city construction in the urban traffic field, and is also the specific application of the internet of things technology in the aspect of modern urban traffic. In intelligent traffic, data interaction is carried out among vehicles and between the vehicles and a traffic real-time management department through a vehicle-mounted wireless network, so that real-time road condition information broadcasting including traffic control, road construction, traffic jam, traffic accidents, traffic weather and the like is realized. The construction and implementation of the smart traffic are beneficial to enhancing the traffic management level of the urban traffic management department, relieving traffic congestion, improving urban commuting efficiency, maintaining urban traffic order and improving convenience of driving and riding urban public traffic of citizens.
The real-time distribution of road condition and public traffic information is transmitted in real time, in the practice of intelligent traffic, the data transmission depends on the arrangement of a vehicle-mounted terminal and a roadside unit, wherein the vehicle-mounted terminal is arranged on each vehicle and used for recording and transmitting the state information of the vehicle and other real-time road condition information, and the roadside unit is used for managing and collecting the vehicle information of the road section which is governed by the roadside unit, preprocessing the data information and transmitting the data information to an information center. However, in reality, the wide deployment of the roadside units brings high construction cost overhead, and how to realize a safe intelligent traffic system without participation of the roadside units is a significant problem in the construction and development process of intelligent cities.
In addition, data is at risk of leakage and repudiation in the transmission process, on one hand, an attacker may intercept data from a channel, the data, especially the data from the vehicle-mounted terminal, often contains privacy information of a user, and the leakage of the data may cause loss to the user. On the other hand, if someone uploads false data maliciously, the false data may cause confusion to urban traffic and easily cause users to lose trust in the system. Traditional data encryption and digital signature technologies can be tried to achieve confidentiality and non-repudiation of data, but due to the fact that authority distinction exists among different entities in intelligent traffic, existing encryption and digital signature algorithms are difficult to directly apply to intelligent traffic scenes.
Therefore, it is necessary to design a new method for protecting the privacy of the user data in the smart traffic and improving the data security in the smart traffic.
Disclosure of Invention
The invention aims to overcome the defects of the prior art and provides a data encryption method, a data encryption device, a computer device and a storage medium.
In order to achieve the purpose, the invention adopts the following technical scheme: a data encryption method comprising:
acquiring data to be transmitted to obtain initial data;
performing group signature encryption on the initial data to obtain a ciphertext;
and sending the ciphertext to another vehicle-mounted terminal, and decrypting the ciphertext by the other vehicle-mounted terminal.
The further technical scheme is as follows: before obtaining the data to be transmitted to obtain the initial data, the method further includes:
acquiring a public parameter and a system master key;
when a vehicle registers, a digital certificate is created and the server is requested for authorization.
The further technical scheme is as follows: when the vehicle is registered, a digital certificate is created, and the server is requested to authorize, including:
when a vehicle is registered, creating a digital certificate of the vehicle;
and calculating a verification parameter and a digital signature of the verification parameter, and sending the verification parameter and the digital signature of the verification parameter to a server so that the server performs vehicle authorization according to the verification parameter and the digital signature of the verification parameter.
The further technical scheme is as follows: before obtaining the data to be transmitted to obtain the initial data, the method further includes:
and acquiring a public key of a group where the vehicle is located.
The further technical scheme is as follows: the group signature encryption of the initial data to obtain a ciphertext includes:
selecting a first random number and a second random number, calculating a session key according to the second random number, and calculating a signcryption ciphertext according to the first random number;
selecting a third random number, and calculating a first component of a signature of the signature cipher text according to the third random number;
selecting a fourth random number, a fifth random number, a sixth random number and a seventh random number, and calculating a second component of the signature of the signcrypt ciphertext according to the fourth random number, the fifth random number, the sixth random number, the seventh random number and the first component of the signature of the signcrypt ciphertext;
calculating the signature of the signcryption ciphertext;
and performing group signature encryption on the initial data by adopting a symmetric encryption algorithm according to the signature of the signed cipher text and the group of the vehicles to obtain the cipher text.
The further technical scheme is as follows: the sending of the ciphertext to another vehicle-mounted terminal, and the decryption of the ciphertext by the another vehicle-mounted terminal, include:
and sending the ciphertext to another vehicle-mounted terminal, decrypting the ciphertext by the other vehicle-mounted terminal and verifying the authenticity of the signature, sending the ciphertext to the server by the other vehicle-mounted terminal when the signature is forged, and tracing the identity information of the vehicle-mounted terminal sending the ciphertext by the server.
The further technical scheme is as follows: the sending of the ciphertext to another vehicle-mounted terminal, the decryption of the ciphertext and the verification of the authenticity of the signature by the other vehicle-mounted terminal, when the signature is forged, the sending of the ciphertext to a server by the other vehicle-mounted terminal, and the tracing of the identity information of the vehicle-mounted terminal sending the ciphertext by the server comprises the following steps:
when the signature is counterfeit, the server calculates
Figure BDA0002802645470000031
And checking for the presence
Figure BDA0002802645470000032
Figure BDA0002802645470000033
Wherein, T1、T2A first component of a signature of the signcryption ciphertext, wherein alpha is a system secret value, beta is a system public parameter component, n is an integer, AiAn intermediate value calculated for the server; if it is not
Figure BDA0002802645470000034
Figure BDA0002802645470000035
Presence, server looks for A in a specified listiAnd obtaining the identity information of the vehicle-mounted terminal for sending the ciphertext according to the corresponding identity information.
The present invention also provides a data encryption apparatus, comprising:
the data acquisition unit is used for acquiring data to be transmitted so as to obtain initial data;
the encryption unit is used for carrying out group signature encryption on the initial data to obtain a ciphertext;
and the transmitting unit is used for transmitting the ciphertext to the other vehicle-mounted terminal and decrypting the ciphertext by the other vehicle-mounted terminal.
The invention also provides computer equipment which comprises a memory and a processor, wherein the memory is stored with a computer program, and the processor realizes the method when executing the computer program.
The invention also provides a storage medium storing a computer program which, when executed by a processor, is operable to carry out the method as described above.
Compared with the prior art, the invention has the beneficial effects that: according to the invention, the public key of the group where the vehicle is located is obtained, the public key of the group is utilized to carry out group signature encryption on the data to be sent, the data receiver can only know that the data is signed and sent by one member of the group consisting of a plurality of publishers, if a false message is sent, the server can trace back the publisher, only the vehicle-mounted terminal completes data encryption, and the participation of roadside units is not needed, so that the user data privacy in the intelligent traffic is protected, and the data security in the intelligent traffic is improved.
The invention is further described below with reference to the accompanying drawings and specific embodiments.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 is a schematic view of an application scenario of a data encryption method according to an embodiment of the present invention;
fig. 2 is a schematic flow chart of a data encryption method according to an embodiment of the present invention;
fig. 3 is a sub-flow diagram of a data encryption method according to an embodiment of the present invention;
fig. 4 is a schematic flowchart of a data encryption method according to another embodiment of the present invention;
FIG. 5 is a sub-flowchart of a data encryption method according to another embodiment of the present invention;
FIG. 6 is a schematic block diagram of a data encryption apparatus provided by an embodiment of the present invention;
fig. 7 is a schematic block diagram of an encryption unit of the data encryption apparatus provided by the embodiment of the present invention;
fig. 8 is a schematic block diagram of a data encryption apparatus according to another embodiment of the present invention;
fig. 9 is a schematic block diagram of a certificate creation unit of a data encryption apparatus according to another embodiment of the present invention;
FIG. 10 is a schematic block diagram of a computer device provided by an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
It will be understood that the terms "comprises" and/or "comprising," when used in this specification and the appended claims, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof.
It is also to be understood that the terminology used in the description of the invention herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. As used in the specification of the present invention and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise.
It should be further understood that the term "and/or" as used in this specification and the appended claims refers to and includes any and all possible combinations of one or more of the associated listed items.
Referring to fig. 1 and fig. 2, fig. 1 is a schematic view illustrating an application scenario of a data encryption method according to an embodiment of the present invention. Fig. 2 is a schematic flow chart of a data encryption method according to an embodiment of the present invention. The data encryption method is applied to the vehicle-mounted terminal, the vehicle-mounted terminal and the server carry out data interaction, the server carries out registration and authorization registration on the vehicle-mounted terminal, after authorization, the vehicle-mounted terminal in a group where the vehicle is located calculates a group public key so that the vehicles in the group adopt the group public key to carry out encryption of sending data, other vehicle-mounted terminals carry out decryption verification after receiving the ciphertext, when a false message is found, information is uploaded to the server for the server to send the identity information of the vehicle-mounted terminal of the false message, the participation of a roadside unit is not needed, and huge capital expenditure caused by wide deployment of the roadside unit in practice is reduced; the group signature is encrypted in such a way that the data receiver can only know that the data was signed and sent by a member of a group of several publishers, and cannot tell who the person is, but if the publisher sends a false message, the server will be able to keep track of the publisher.
In order to solve the security problems of easy data leakage, easy tampering and easy repudiation in the intelligent traffic, the embodiment provides a data confidentiality and verification mechanism in the intelligent traffic, which can protect the privacy of user data in the intelligent traffic and ensure that any data receiver can verify whether the data is true or not.
The system comprises a vehicle-mounted terminal and a server, wherein the vehicle-mounted terminal is embedded in a mobile vehicle, can be used as a data sender, namely a vehicle owner for sending a latest road condition message, or automatically recording and transmitting information such as a current vehicle speed, a current direction and a current road section, and can also be used as a message receiver, namely a receiver for subscribing real-time road condition data sent by other vehicles; the server is a reliable and trusted authority for verifying the identity of the user and for performing the vehicle user registration at an initial stage.
Fig. 2 is a schematic flow chart of a data encryption method according to an embodiment of the present invention. As shown in fig. 2, the method includes the following steps S110 to S140.
And S110, acquiring a public key of the group where the vehicle is located.
In this embodiment, the public key of the group refers to a key used for encrypting the group signature when the vehicle-mounted terminal in the group needs to transmit a message.
Wherein, the public key of the group of the vehicles
Figure BDA0002802645470000051
Wherein g is a random number selected by the server,
Figure BDA0002802645470000061
a private key of a group where vehicles are located; n is an integer.
And S120, acquiring the data to be transmitted to obtain initial data.
In this embodiment, the initial data refers to data that the vehicle-mounted terminal needs to send to vehicle-mounted terminals of other vehicles in the group.
And S130, performing group signature encryption on the initial data to obtain a ciphertext.
In the present embodiment, the ciphertext refers to content formed by encrypting the initial data by the group signature.
In an embodiment, referring to fig. 3, the step S130 may include steps S131 to S135.
S131, selecting a first random number and a second random number, calculating a session key according to the second random number, and calculating a signcryption ciphertext according to the first random number.
In the present embodiment, the signcryption refers to data formed by the in-vehicle terminal and related to the group public key.
Specifically, the in-vehicle terminal ViFirstly, select any
Figure BDA0002802645470000062
Subsequently calculating a session key
Figure BDA0002802645470000063
Figure BDA0002802645470000064
Wherein
Figure BDA0002802645470000065
Is a one-way hash function. Computing
Figure BDA0002802645470000066
And is provided with C1=(b1,b2). Wherein r is1,r2Is two random values, where r1Is a first random number, r2Is a second random number; k is a radical of3Is a system security parameter; g is a random number selected by the server; b1,b2Is signed ciphertext C1The two components of (a) and (b),
Figure BDA00028026454700000610
is a group public key.
S132, selecting a third random number, and calculating a first component of the signature cipher text according to the third random number.
In this embodiment, the first component of the signature of the signcryption ciphertext refers to the component used for signing the signcryption ciphertext.
Specifically, the in-vehicle terminal ViSelecting an arbitrary
Figure BDA0002802645470000067
Calculating T1=Aiβi εmod n,T2G ε mod n, and
Figure BDA0002802645470000068
epsilon is vehicle terminal ViSelecting a third random number; t is1,T2,T3A component that is a digital signature σ, i.e., a first component of a signature that signcryptes a ciphertext; a. theiIs a vehicle-mounted terminal ViOne of the components of the digital certificate; beta is aiIs a vehicle-mounted terminal ViApplying for registered verification parameters from a server; e.g. of the typeiIs a vehicle-mounted terminal ViAnother component of the digital certificate; h is a random number selected by the server; n is an integer.
S133, selecting a fourth random number, a fifth random number, a sixth random number and a seventh random number, and calculating a second component of the signature of the signcrypt ciphertext according to the fourth random number, the fifth random number, the sixth random number, the seventh random number and the first component of the signature of the signcrypt ciphertext.
In this embodiment, the second component of the signature of the signcryption ciphertext refers to the component used for signing the signcryption ciphertext.
Selecting four random numbers
Figure BDA0002802645470000069
Figure BDA0002802645470000071
Subsequent calculation
Figure BDA0002802645470000072
Figure BDA0002802645470000073
Figure BDA0002802645470000079
And
Figure BDA0002802645470000074
wherein r is4Is a fourth random number; r is5Is a fifth random number; r is6Is a sixth random number; r is7Is a seventh random number; k is a radical of1、k2Two system security parameters; lambda [ alpha ]1,λ2,λ3,λ4An exponent defining an integer range Λ, K; a is a random number selected by a server, and beta is a common parameter component of the system; n is an integer; h is a random number selected by the server; g is a random number selected by the server.
And S134, calculating the signature of the signcryption ciphertext.
Specifically, c ═ H (g | | H | | | β | | | a | | a' | | T | is calculated1||T2||T3||μ1||μ2||μ3||μ4||M||C1) Where M is the initial data. Subsequent calculation
Figure BDA0002802645470000075
v3=r6-ceiEpsilon and v4=r7C ε, output about (M, C)1) Is (c, T)1,T2,T3,v1,v2,v3,v4). Wherein, mu1,μ2,μ3,μ4A component that is a digital signature σ; v. of1,v2,v3,v4Is a vehicle-mounted terminal ViFour random values selected; c1Is a vehicle-mounted terminal ViGenerating one of the signed cipher texts; a, a', g, hSelecting a random number for the server; beta is a common parameter component of the system; c is an initial vector; alpha is alphaiIs a vehicle-mounted terminal ViSelecting a second secret value; epsilon is a random value selected by the vehicle-mounted terminal.
And S135, performing group signature encryption on the initial data according to the signature of the signature-encryption ciphertext and the group of the vehicle to obtain the ciphertext.
Specifically, a symmetric encryption algorithm E is selected, and C is calculated2=Ed(σ||M||G1) Where d is used as the key of the symmetric encryption algorithm. C2Is a vehicle-mounted terminal ViGenerating another signcryption ciphertext; sigma is a digital signature, namely a signature of a signcryption ciphertext; g1The terminal is a subgroup where the vehicle terminal is located, namely the vehicle group. The ciphertext is (C)1,C2)。
And S140, sending the ciphertext to another vehicle-mounted terminal, and decrypting the ciphertext by the other vehicle-mounted terminal.
When the ciphertext (C)1,C2) Message quilt group G1Of any other vehicle-mounted terminal Vj,j≠iAfter receiving. Vehicle terminal Vj,j≠iThe de-signcryption is initiated to recover the data and verify that the signature on the data is authentic and valid. The whole decryption process is as follows:
Vjfirstly, the session key is calculated and recovered
Figure BDA0002802645470000076
Wherein, b2,b1Is signed ciphertext C1Two components of (a); setting the decryption algorithm in the symmetric encryption algorithm as omega, and calculating omega by using the session key dd(C2)=M||σ||G1And further obtaining M.
Test C ═ H (g | | H | | | β | | | M | | C1||a||a′||T1||T2||T3||μ′1||μ′2||μ′3||μ′4) Is established, wherein
Figure BDA0002802645470000077
Figure BDA0002802645470000078
If yes, the signature passes the verification, and the message M is true and reliable; wherein, mu'1,μ′2,μ′3,μ′4Is a verification parameter used for signature verification.
In this embodiment, the ciphertext is sent to another vehicle-mounted terminal, the ciphertext is decrypted by the another vehicle-mounted terminal, the authenticity of the signature is verified, when the signature is forged, the another vehicle-mounted terminal sends the ciphertext to the server, and the server traces the vehicle-mounted terminal identity information which sends the ciphertext.
When the signature is counterfeit, the server calculates
Figure BDA0002802645470000081
And checking for the presence
Figure BDA0002802645470000082
Figure BDA0002802645470000083
Wherein, T1、T2A first component of a signature of the signcryption ciphertext, wherein alpha is a system secret value, beta is a system public parameter component, n is an integer, AiAn intermediate value calculated for the server; if it is not
Figure BDA0002802645470000084
Figure BDA0002802645470000085
Presence, server looks for A in a specified listiAnd obtaining the identity information of the vehicle-mounted terminal for sending the ciphertext according to the corresponding identity information.
Specifically, when group G1The malicious user can be misled to other users when signing and sending false messages. To solve this problem, this embodiment proposes a tracing mechanism, i.e. the server can calculate the ID of the malicious user recovered by a part of the false ciphertexti. The specific process is as follows:
computing recovery
Figure BDA0002802645470000086
And checking for the presence
Figure BDA0002802645470000087
If it is not
Figure BDA0002802645470000088
If so, the server looks up the corresponding (A) in the listi,IDi) Can trace out the identity ID of the malicious useri. The server will keep in its own memory a list that is used for registration (a)i,IDi) So as to trace the identity of the vehicle-mounted terminal which maliciously sends the false information.
The embodiment meets the dual requirements of confidentiality and verifiability of user data in the practical scene of intelligent traffic, namely, people without data access authority cannot view the data, and people with access authority can prove that the received data is authentic and credible; the participation of roadside units is not needed, and the huge capital expenditure caused by the wide deployment of the roadside units in practice is reduced; the group signature mode is adopted, so that a data receiver can only know that data is signed and sent by one member in a group consisting of a plurality of publishers, and cannot determine who the member is. However, if the publisher sends a false message, the management center will be able to trace the publisher; the method has the advantages of low communication bandwidth requirement, low computing resource overhead and good performance in practical application and deployment.
According to the data encryption method, the public key of the group where the vehicle is located is obtained, the public key of the group is utilized to carry out group signature encryption on data to be sent, a data receiver can only know that the data is signed and sent by one member of the group consisting of a plurality of publishers, if a false message is sent, the server can trace the publisher, only the vehicle-mounted terminal completes data encryption, the roadside unit does not need to participate, user data privacy in intelligent traffic is protected, and data security in the intelligent traffic is improved.
Fig. 4 is a flowchart illustrating a data encryption method according to another embodiment of the present invention. As shown in fig. 4, the data encryption method of the present embodiment includes steps S210 to S260. Steps S230 to S260 are similar to steps S110 to S140 in the above embodiments, and are not described herein again. The added steps S210 to S220 in the present embodiment will be described in detail below.
And S210, acquiring the public parameters and the system master key.
In this embodiment, the common parameter refers to a common parameter of a system configured by the server and the in-vehicle terminal; the system master key refers to a key of the entire system. The public parameter and the system master key constitute a system parameter.
Specifically, step 1.1: let k1,k2,k3To set an exponent λ defining an integer range Λ, K as three system safety parameters1,λ2,λ3,λ4So that it satisfies λ1>(λ2+k2)k1+2,λ2>4k3,λ3>(λ4+k2)k1+2,λ4>λ1+2, two integer range values are defined:
Figure BDA0002802645470000091
Figure BDA0002802645470000092
the server randomly selects two lengths k3And p ═ 2p '+ 1, q ═ 2 q' +1, and the integer n ═ pq are calculated. The server then selects any four random numbers a, g ', g, h from the cyclic group of order n and an arbitrary random number α from the cyclic group of order p ' q '; alpha is belonged to Zp′q;a,a′,g,h∈ZnAnd α ∈ Zp′q′And calculating β ═ gα(mod n), α is the system secret value, and p, q are also prime numbers.
The server takes the MSK (p ', q', alpha) as a master key, and the MSK is also a system master private key; and publishes the public parameter MPK ═ of (n, a, a', β, g, h) of the system; MPK is the system master public key.
And S220, when the vehicle is registered, creating a digital certificate and requesting the server for authorization.
In this embodiment, the digital certificate is a certification document that is issued by the server to the vehicle when the vehicle is registered.
In an embodiment, referring to fig. 5, the step S220 may include steps S221 to S222.
S221, when the vehicle is registered, a digital certificate of the vehicle is created.
In this embodiment, each new vehicle needs to register and enter the system before participating in data publishing and data sharing in the system. This step describes the process of registration of a user's vehicle into the system, assuming that the user is deployed with an ID numberiThe vehicle-mounted terminal of the user is Vi,ViOptionally take alphaiAs its private key, an own digital certificate is created (A)i,ei)。
Specifically, the in-vehicle terminal ViFrom
Figure BDA0002802645470000101
Zhong randomly takes alpha'iOptionally taking r' epsilon [0, n ∈2]Calculating
Figure BDA0002802645470000102
Figure BDA0002802645470000103
And D is1And sending the data to a server. D1Refers to a vehicle-mounted terminal ViApplying for verification parameters of the certificate to a server; alpha's'iIs a vehicle-mounted terminal ViSelecting a second secret value; r' is the vehicle terminal ViA random number is selected.
The server first checks D1Whether or not E is satisfied, and as feedback, selecting any one
Figure BDA0002802645470000104
And will (x)i,yi) Send to the vehicle terminal Vi。xi,yiThe feedback random number chosen for the server, QR (n) is a mathematical symbolic representation, meaning D1Elements in quadratic residue groups of order n, i.e. the server first checks D1Whether n is an element in the quadratic residue group of the order.
Vehicle terminal ViComputing private keys
Figure BDA0002802645470000105
Computing
Figure BDA0002802645470000106
And sent to the server, where D2The discrete logarithm of (a) is required to be within a range of Λ, D2Is a vehicle-mounted terminal ViThe server applies for authentication parameters of the certificate, and, in addition, for certifying the vehicle-mounted terminal ViPrivate key of its own alphaiIs indeed composed of1,xi,yiCorrectly calculated, ViSelecting any and proper u, v and w and sending the u, v and w to a server, wherein:
Figure BDA0002802645470000107
Figure BDA0002802645470000108
and is
Figure BDA0002802645470000109
u, V, w are vehicle terminals ViThree random numbers are selected.
Server check D2Whether e is QR (n) or not, if so, selecting any eiE.g. K and calculate
Figure BDA00028026454700001010
The server then sends the digital certificate (A)i,ei) Is sent to Vi。Ai,eiTwo components of a digital certificate for the ith vehicle.
Vehicle terminal ViAuthentication
Figure BDA00028026454700001011
The server will (A)i,IDi) Record to list L. So far, the server completes the pairing ViRegistration of (2). List L is a list of recorded vehicle certificates
S222, calculating a verification parameter and a digital signature of the verification parameter, and sending the verification parameter and the digital signature of the verification parameter to a server so that the server performs vehicle authorization according to the verification parameter and the digital signature of the verification parameter.
In the present embodiment, when the in-vehicle terminal V is usediAfter paying, the server passes through the vehicle-mounted terminal ViThe following interaction is carried out, thereby realizing the interaction towards the vehicle-mounted terminal ViAuthorization for the in-vehicle terminal ViAdding subgroup G1And can obtain service.
Specifically, the in-vehicle terminal ViComputing
Figure BDA00028026454700001012
And generates a correlation value with respect to betaiDigital signature siThen will (beta)i,si) And sending the data to a server. Beta is aiIs a vehicle-mounted terminal ViAuthentication parameters registered with the server.
Upon receiving (beta)i,si) After that, the server verifies siThe validity of (2). If s isiIs indeed related to betaiIs calculated from the valid signature of
Figure BDA00028026454700001013
And further calculates the subgroup G1Internal key
Figure BDA00028026454700001014
Where H (-) is a one-way hash function, c is an initial vector, and N represents the subgroup G1The number of the middle elements is simply expressed as i epsilon [1, N ∈]。
Server-oriented group G1Each of which isTerminal mounted on vehicle { Vi}i∈{1,N}Sending a set of elements (sk)i,c,βiS') wherein
Figure BDA0002802645470000111
s' is about (sk)i,c,βi) H' is a new one-way hash function.
Group G1Each vehicle-mounted terminal in (1) first verifies whether the signature s' is valid. If valid, calculate
Figure BDA0002802645470000112
Figure BDA0002802645470000113
And further calculates and recovers
Figure BDA0002802645470000114
Subsequently, group G1The on-board unit in (1) can calculate G1Of (2) a public key
Figure BDA0002802645470000115
δiFor each vehicle terminal ViFor group G1The contribution parameter of (1); skiIs subgroup G1Medium vehicle mounted terminal ViThe private key of (1).
Fig. 6 is a schematic block diagram of a data encryption apparatus 300 according to an embodiment of the present invention. As shown in fig. 6, the present invention also provides a data encryption apparatus 300 corresponding to the above data encryption method. The data encryption device 300 includes a unit for executing the above-described data encryption method, and the device may be configured in a server. Specifically, referring to fig. 6, the data encryption apparatus 300 includes a data obtaining unit 304, an encryption unit 305, and a sending unit 306.
A data obtaining unit 304, configured to obtain data to be transmitted to obtain initial data; an encryption unit 305, configured to perform group signature encryption on the initial data to obtain a ciphertext; and a sending unit 306, configured to send the ciphertext to another vehicle-mounted terminal, where the another vehicle-mounted terminal decrypts the ciphertext.
In one embodiment, the data encryption apparatus 300 further comprises:
a public key obtaining unit 303, configured to obtain a public key of a group in which the vehicle is located.
In an embodiment, as shown in fig. 7, the encryption unit 305 includes a first computation subunit 3051, a second computation subunit 3052, a third computation subunit 3053, a fourth computation subunit 3054 and a group signature encryption subunit 3055.
The first calculation subunit 3051 is configured to select a first random number and a second random number, calculate a session key according to the second random number, and calculate a signcryption ciphertext according to the first random number; the second calculation subunit 3052, configured to select a third random number, and calculate, according to the third random number, a first component of a signature of the signcryption ciphertext; the third calculation subunit 3053, configured to select a fourth random number, a fifth random number, a sixth random number, and a seventh random number, and calculate, according to the fourth random number, the fifth random number, the sixth random number, the seventh random number, and the first component of the signature of the signcrypt ciphertext, the second component of the signature of the signcrypt ciphertext; the fourth calculation subunit 3054, configured to calculate a signature of the signcryption ciphertext; and the group signature encryption subunit 3055 is configured to perform group signature encryption on the initial data according to the signature of the signcryption and a symmetric encryption algorithm adopted by a group in which the vehicle is located, so as to obtain a ciphertext.
In an embodiment, the sending unit 306 is configured to send the ciphertext to another vehicle-mounted terminal, the another vehicle-mounted terminal decrypts the ciphertext and verifies authenticity of the signature, when the signature is counterfeit, the another vehicle-mounted terminal sends the ciphertext to the server, and the server traces the vehicle-mounted terminal identity information that sent the ciphertext.
Specifically, when the signature is counterfeit, the server calculates
Figure BDA0002802645470000121
And checking for the presence
Figure BDA0002802645470000122
Figure BDA0002802645470000123
Wherein, T1、T2A first component of a signature of the signcryption ciphertext, wherein alpha is a system secret value, beta is a system public parameter component, n is an integer, AiAn intermediate value calculated for the server; if it is not
Figure BDA0002802645470000124
Figure BDA0002802645470000125
Presence, server looks for A in a specified listiAnd obtaining the identity information of the vehicle-mounted terminal for sending the ciphertext according to the corresponding identity information.
Fig. 8 is a schematic block diagram of a data encryption apparatus 300 according to another embodiment of the present invention. As shown in fig. 8, the data encryption apparatus 300 of the present embodiment is the above-described embodiment, to which a parameter acquisition unit 301 and a certificate creation unit 302 are added.
A parameter obtaining unit 301, configured to obtain a public parameter and a system master key; a certificate creation unit 302 for creating a digital certificate when the vehicle is registered, and requesting the server for authorization.
In an embodiment, as shown in fig. 9, the certificate creation unit 302 includes a registration subunit 3021 and an authorization processing subunit 3022.
A registration subunit 3021 configured to create a digital certificate of a vehicle when the vehicle is registered; an authorization processing subunit 3022, configured to calculate a verification parameter and a digital signature of the verification parameter, and send the verification parameter and the digital signature of the verification parameter to a server, so that the server performs vehicle authorization according to the verification parameter and the digital signature of the verification parameter.
It should be noted that, as can be clearly understood by those skilled in the art, the specific implementation processes of the data encryption device 300 and each unit may refer to the corresponding descriptions in the foregoing method embodiments, and for convenience and brevity of description, no further description is provided herein.
The data encryption apparatus 300 may be implemented in the form of a computer program that can be run on a computer device as shown in fig. 10.
Referring to fig. 10, fig. 10 is a schematic block diagram of a computer device according to an embodiment of the present application. The computer device 500 may be a terminal.
Referring to fig. 10, the computer device 500 includes a processor 502, memory, and a network interface 505 connected by a system bus 501, where the memory may include a non-volatile storage medium 503 and an internal memory 504.
The non-volatile storage medium 503 may store an operating system 5031 and a computer program 5032. The computer programs 5032 include program instructions that, when executed, cause the processor 502 to perform a data encryption method.
The processor 502 is used to provide computing and control capabilities to support the operation of the overall computer device 500.
The internal memory 504 provides an environment for the operation of the computer program 5032 in the non-volatile storage medium 503, and when the computer program 5032 is executed by the processor 502, the processor 502 can be caused to execute a data encryption method.
The network interface 505 is used for network communication with other devices. Those skilled in the art will appreciate that the configuration shown in fig. 10 is a block diagram of only a portion of the configuration relevant to the present teachings and is not intended to limit the computing device 500 to which the present teachings may be applied, and that a particular computing device 500 may include more or less components than those shown, or may combine certain components, or have a different arrangement of components.
Wherein the processor 502 is configured to run the computer program 5032 stored in the memory to implement the following steps:
acquiring data to be transmitted to obtain initial data; performing group signature encryption on the initial data to obtain a ciphertext; and sending the ciphertext to another vehicle-mounted terminal, and decrypting the ciphertext by the other vehicle-mounted terminal.
In an embodiment, before implementing the step of obtaining the data to be transmitted to obtain the initial data, the processor 502 further implements the following steps:
acquiring a public parameter and a system master key; when a vehicle registers, a digital certificate is created and the server is requested for authorization.
In an embodiment, when the processor 502 implements the steps of creating the digital certificate and requesting the server to perform the authorization step when the vehicle performs registration, the following steps are specifically implemented:
when a vehicle is registered, creating a digital certificate of the vehicle; and calculating a verification parameter and a digital signature of the verification parameter, and sending the verification parameter and the digital signature of the verification parameter to a server so that the server performs vehicle authorization according to the verification parameter and the digital signature of the verification parameter.
In an embodiment, before implementing the step of obtaining the data to be transmitted to obtain the initial data, the processor 502 further implements the following steps:
and acquiring a public key of a group where the vehicle is located.
In an embodiment, when implementing the step of performing group signature encryption on the initial data to obtain a ciphertext, the processor 502 specifically implements the following steps:
selecting a first random number and a second random number, calculating a session key according to the second random number, and calculating a signcryption ciphertext according to the first random number; selecting a third random number, and calculating a first component of a signature of the signature cipher text according to the third random number; selecting a fourth random number, a fifth random number, a sixth random number and a seventh random number, and calculating a second component of the signature of the signcrypt ciphertext according to the fourth random number, the fifth random number, the sixth random number, the seventh random number and the first component of the signature of the signcrypt ciphertext; calculating the signature of the signcryption ciphertext; and performing group signature encryption on the initial data by adopting a symmetric encryption algorithm according to the signature of the signed cipher text and the group of the vehicles to obtain the cipher text.
In an embodiment, when the processor 502 implements the step of sending the ciphertext to another vehicle-mounted terminal and the other vehicle-mounted terminal performs the step of decrypting the ciphertext, the following steps are specifically implemented:
and sending the ciphertext to another vehicle-mounted terminal, decrypting the ciphertext by the other vehicle-mounted terminal and verifying the authenticity of the signature, sending the ciphertext to the server by the other vehicle-mounted terminal when the signature is forged, and tracing the identity information of the vehicle-mounted terminal sending the ciphertext by the server.
In an embodiment, the processor 502 specifically implements the following steps when the step of sending the ciphertext to another vehicle-mounted terminal, the other vehicle-mounted terminal decrypts the ciphertext and verifies the authenticity of the signature, when the signature is forged, the other vehicle-mounted terminal sends the ciphertext to the server, and the server traces the vehicle-mounted terminal identity information of the ciphertext is sent:
when the signature is counterfeit, the server calculates
Figure BDA0002802645470000141
And checking for the presence
Figure BDA0002802645470000142
Figure BDA0002802645470000143
Wherein, T1、T2A first component of a signature of the signcryption ciphertext, wherein alpha is a system secret value, beta is a system public parameter component, n is an integer, AiAn intermediate value calculated for the server; if it is not
Figure BDA0002802645470000144
Figure BDA0002802645470000145
Presence, server looks for A in a specified listiAnd obtaining the identity information of the vehicle-mounted terminal for sending the ciphertext according to the corresponding identity information.
It should be understood that in the embodiment of the present Application, the Processor 502 may be a Central Processing Unit (CPU), and the Processor 502 may also be other general-purpose processors, Digital Signal Processors (DSPs), Application Specific Integrated Circuits (ASICs), Field Programmable Gate Arrays (FPGAs) or other Programmable logic devices, discrete Gate or transistor logic devices, discrete hardware components, and the like. Wherein a general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
It will be understood by those skilled in the art that all or part of the flow of the method implementing the above embodiments may be implemented by a computer program instructing associated hardware. The computer program includes program instructions, and the computer program may be stored in a storage medium, which is a computer-readable storage medium. The program instructions are executed by at least one processor in the computer system to implement the flow steps of the embodiments of the method described above.
Accordingly, the present invention also provides a storage medium. The storage medium may be a computer-readable storage medium. The storage medium stores a computer program, wherein the computer program, when executed by a processor, causes the processor to perform the steps of:
acquiring data to be transmitted to obtain initial data; performing group signature encryption on the initial data to obtain a ciphertext; and sending the ciphertext to another vehicle-mounted terminal, and decrypting the ciphertext by the other vehicle-mounted terminal.
In an embodiment, before the step of obtaining the data to be transmitted to obtain the initial data is implemented by the processor by executing the computer program, the following steps are further implemented:
acquiring a public parameter and a system master key; when a vehicle registers, a digital certificate is created and the server is requested for authorization.
In an embodiment, when the processor executes the computer program to realize that the digital certificate is created when the vehicle is registered and the server is requested to perform the authorization step, the following steps are specifically realized:
when a vehicle is registered, creating a digital certificate of the vehicle; and calculating a verification parameter and a digital signature of the verification parameter, and sending the verification parameter and the digital signature of the verification parameter to a server so that the server performs vehicle authorization according to the verification parameter and the digital signature of the verification parameter.
In an embodiment, before the step of obtaining the data to be transmitted to obtain the initial data is implemented by the processor by executing the computer program, the following steps are further implemented:
and acquiring a public key of a group where the vehicle is located.
In an embodiment, when the processor executes the computer program to implement the step of performing group signature encryption on the initial data to obtain a ciphertext, the following steps are specifically implemented:
selecting a first random number and a second random number, calculating a session key according to the second random number, and calculating a signcryption ciphertext according to the first random number; selecting a third random number, and calculating a first component of a signature of the signature cipher text according to the third random number; selecting a fourth random number, a fifth random number, a sixth random number and a seventh random number, and calculating a second component of the signature of the signcrypt ciphertext according to the fourth random number, the fifth random number, the sixth random number, the seventh random number and the first component of the signature of the signcrypt ciphertext; calculating the signature of the signcryption ciphertext; and performing group signature encryption on the initial data by adopting a symmetric encryption algorithm according to the signature of the signed cipher text and the group of the vehicles to obtain the cipher text.
In an embodiment, when the processor executes the computer program to implement the sending of the ciphertext to another vehicle-mounted terminal, and the other vehicle-mounted terminal performs the ciphertext decryption step, the following steps are specifically implemented:
and sending the ciphertext to another vehicle-mounted terminal, decrypting the ciphertext by the other vehicle-mounted terminal and verifying the authenticity of the signature, sending the ciphertext to the server by the other vehicle-mounted terminal when the signature is forged, and tracing the identity information of the vehicle-mounted terminal sending the ciphertext by the server.
In an embodiment, the processor implements the sending of the ciphertext to another vehicle-mounted terminal by executing the computer program, the other vehicle-mounted terminal decrypts the ciphertext and verifies the authenticity of the signature, when the signature is counterfeit, the other vehicle-mounted terminal sends the ciphertext to the server, and the server traces the vehicle-mounted terminal identity information sending the ciphertext, and the following steps are specifically implemented:
when the signature is counterfeit, the server calculates
Figure BDA0002802645470000161
And checking for the presence
Figure BDA0002802645470000162
Figure BDA0002802645470000163
Wherein, T1、T2A first component of a signature of the signcryption ciphertext, wherein alpha is a system secret value, beta is a system public parameter component, n is an integer, AiAn intermediate value calculated for the server; if it is not
Figure BDA0002802645470000164
Figure BDA0002802645470000165
Presence, server looks for A in a specified listiAnd obtaining the identity information of the vehicle-mounted terminal for sending the ciphertext according to the corresponding identity information.
The storage medium may be a usb disk, a removable hard disk, a Read-Only Memory (ROM), a magnetic disk, or an optical disk, which can store various computer readable storage media.
Those of ordinary skill in the art will appreciate that the elements and algorithm steps of the examples described in connection with the embodiments disclosed herein may be embodied in electronic hardware, computer software, or combinations of both, and that the components and steps of the examples have been described in a functional general in the foregoing description for the purpose of illustrating clearly the interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
In the embodiments provided in the present invention, it should be understood that the disclosed apparatus and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative. For example, the division of each unit is only one logic function division, and there may be another division manner in actual implementation. For example, various elements or components may be combined or may be integrated into another system, or some features may be omitted, or not implemented.
The steps in the method of the embodiment of the invention can be sequentially adjusted, combined and deleted according to actual needs. The units in the device of the embodiment of the invention can be merged, divided and deleted according to actual needs. In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a storage medium. Based on such understanding, the technical solution of the present invention essentially or partially contributes to the prior art, or all or part of the technical solution can be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a terminal, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention.
While the invention has been described with reference to specific embodiments, the invention is not limited thereto, and various equivalent modifications and substitutions can be easily made by those skilled in the art within the technical scope of the invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.

Claims (10)

1. A data encryption method, comprising:
acquiring data to be transmitted to obtain initial data;
performing group signature encryption on the initial data to obtain a ciphertext;
and sending the ciphertext to another vehicle-mounted terminal, and decrypting the ciphertext by the other vehicle-mounted terminal.
2. The data encryption method according to claim 1, wherein before obtaining the data to be transmitted to obtain the initial data, further comprising:
acquiring a public parameter and a system master key;
when a vehicle registers, a digital certificate is created and the server is requested for authorization.
3. The data encryption method according to claim 2, wherein the creating a digital certificate and requesting a server for authorization when a vehicle is registered, comprises:
when a vehicle is registered, creating a digital certificate of the vehicle;
and calculating a verification parameter and a digital signature of the verification parameter, and sending the verification parameter and the digital signature of the verification parameter to a server so that the server performs vehicle authorization according to the verification parameter and the digital signature of the verification parameter.
4. The data encryption method according to claim 1, wherein before obtaining the data to be transmitted to obtain the initial data, further comprising:
and acquiring a public key of a group where the vehicle is located.
5. The data encryption method of claim 4, wherein the group signature encrypting the initial data to obtain a ciphertext comprises:
selecting a first random number and a second random number, calculating a session key according to the second random number, and calculating a signcryption ciphertext according to the first random number;
selecting a third random number, and calculating a first component of a signature of the signature cipher text according to the third random number;
selecting a fourth random number, a fifth random number, a sixth random number and a seventh random number, and calculating a second component of the signature of the signcrypt ciphertext according to the fourth random number, the fifth random number, the sixth random number, the seventh random number and the first component of the signature of the signcrypt ciphertext;
calculating the signature of the signcryption ciphertext;
and performing group signature encryption on the initial data by adopting a symmetric encryption algorithm according to the signature of the signed cipher text and the group of the vehicles to obtain the cipher text.
6. The data encryption method according to claim 1, wherein the sending of the ciphertext to another vehicle-mounted terminal, and the decryption of the ciphertext by the other vehicle-mounted terminal comprises:
and sending the ciphertext to another vehicle-mounted terminal, decrypting the ciphertext by the other vehicle-mounted terminal and verifying the authenticity of the signature, sending the ciphertext to the server by the other vehicle-mounted terminal when the signature is forged, and tracing the identity information of the vehicle-mounted terminal sending the ciphertext by the server.
7. The data encryption method according to claim 6, wherein the sending of the ciphertext to another vehicle-mounted terminal, the decryption of the ciphertext by the another vehicle-mounted terminal and the verification of the authenticity of the signature, and when the signature is counterfeit, the sending of the ciphertext to the server by the another vehicle-mounted terminal, and the tracing of the identity information of the vehicle-mounted terminal sending the ciphertext by the server comprises:
when the signature is counterfeit, the server calculates
Figure FDA0002802645460000024
And it is examined thatAbsence or presence of
Figure FDA0002802645460000021
Figure FDA0002802645460000022
Wherein, T1、T2A first component of a signature of the signcryption ciphertext, wherein alpha is a system secret value, beta is a system public parameter component, n is an integer, AiAn intermediate value calculated for the server; if it is not
Figure FDA0002802645460000023
Figure FDA0002802645460000025
Presence, server looks for A in a specified listiAnd obtaining the identity information of the vehicle-mounted terminal for sending the ciphertext according to the corresponding identity information.
8. A data encryption apparatus, comprising:
the data acquisition unit is used for acquiring data to be transmitted so as to obtain initial data;
the encryption unit is used for carrying out group signature encryption on the initial data to obtain a ciphertext;
and the transmitting unit is used for transmitting the ciphertext to the other vehicle-mounted terminal and decrypting the ciphertext by the other vehicle-mounted terminal.
9. A computer device, characterized in that the computer device comprises a memory, on which a computer program is stored, and a processor, which when executing the computer program implements the method according to any of claims 1 to 7.
10. A storage medium, characterized in that the storage medium stores a computer program which, when executed by a processor, implements the method according to any one of claims 1 to 7.
CN202011356213.XA 2020-11-27 2020-11-27 Data encryption method, device, computer equipment and storage medium Active CN112468304B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011356213.XA CN112468304B (en) 2020-11-27 2020-11-27 Data encryption method, device, computer equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011356213.XA CN112468304B (en) 2020-11-27 2020-11-27 Data encryption method, device, computer equipment and storage medium

Publications (2)

Publication Number Publication Date
CN112468304A true CN112468304A (en) 2021-03-09
CN112468304B CN112468304B (en) 2024-05-03

Family

ID=74809773

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011356213.XA Active CN112468304B (en) 2020-11-27 2020-11-27 Data encryption method, device, computer equipment and storage medium

Country Status (1)

Country Link
CN (1) CN112468304B (en)

Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2006324929A (en) * 2005-05-18 2006-11-30 Toshiba Corp System, apparatus and program for authenticating anonymity
CN103929745A (en) * 2014-04-16 2014-07-16 东北大学 Wireless MESH network access authentication system and method based on privacy protection
CN105847235A (en) * 2016-03-14 2016-08-10 安徽大学 Identity based efficient anonymous batch authentication method in IOV (Internet of Vehicles) environment
US20170104589A1 (en) * 2015-10-13 2017-04-13 TrustPoint Innovation Technologies, Ltd. System and Method for Digital Key Sharing for Access Control
CN109005035A (en) * 2018-07-12 2018-12-14 同济大学 Verifying communication system and method are signed and issued in a kind of connection vehicle remote anonymity of net
WO2019001061A1 (en) * 2017-06-26 2019-01-03 深圳市文鼎创数据科技有限公司 Payment verification method and system, and mobile device and security authentication device
CN109412816A (en) * 2018-12-20 2019-03-01 东北大学 A kind of vehicle-mounted net anonymous communication system and method based on ring signatures
CN109600233A (en) * 2019-01-15 2019-04-09 西安电子科技大学 Group ranking mark based on SM2 Digital Signature Algorithm signs and issues method
CN109687976A (en) * 2019-01-07 2019-04-26 西安邮电大学 Fleet's establishment and management method and system based on block chain and PKI authentication mechanism
WO2019091289A1 (en) * 2017-11-10 2019-05-16 腾讯科技(深圳)有限公司 Method for generating signature, electronic device, and storage medium
CN110166228A (en) * 2019-03-29 2019-08-23 南通大学 Based on the method for secret protection that no certificate ring label are close in vehicular ad hoc network
CN111915298A (en) * 2019-03-26 2020-11-10 创新先进技术有限公司 Method and device for generating and verifying linkable ring signature in block chain

Patent Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2006324929A (en) * 2005-05-18 2006-11-30 Toshiba Corp System, apparatus and program for authenticating anonymity
CN103929745A (en) * 2014-04-16 2014-07-16 东北大学 Wireless MESH network access authentication system and method based on privacy protection
US20170104589A1 (en) * 2015-10-13 2017-04-13 TrustPoint Innovation Technologies, Ltd. System and Method for Digital Key Sharing for Access Control
CN105847235A (en) * 2016-03-14 2016-08-10 安徽大学 Identity based efficient anonymous batch authentication method in IOV (Internet of Vehicles) environment
WO2019001061A1 (en) * 2017-06-26 2019-01-03 深圳市文鼎创数据科技有限公司 Payment verification method and system, and mobile device and security authentication device
WO2019091289A1 (en) * 2017-11-10 2019-05-16 腾讯科技(深圳)有限公司 Method for generating signature, electronic device, and storage medium
CN109005035A (en) * 2018-07-12 2018-12-14 同济大学 Verifying communication system and method are signed and issued in a kind of connection vehicle remote anonymity of net
CN109412816A (en) * 2018-12-20 2019-03-01 东北大学 A kind of vehicle-mounted net anonymous communication system and method based on ring signatures
CN109687976A (en) * 2019-01-07 2019-04-26 西安邮电大学 Fleet's establishment and management method and system based on block chain and PKI authentication mechanism
CN109600233A (en) * 2019-01-15 2019-04-09 西安电子科技大学 Group ranking mark based on SM2 Digital Signature Algorithm signs and issues method
CN111915298A (en) * 2019-03-26 2020-11-10 创新先进技术有限公司 Method and device for generating and verifying linkable ring signature in block chain
CN110166228A (en) * 2019-03-29 2019-08-23 南通大学 Based on the method for secret protection that no certificate ring label are close in vehicular ad hoc network

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
岳笑含;惠明亨;王溪波;: "基于群签名的前向安全VANET匿名认证协议", 计算机科学, no. 2 *

Also Published As

Publication number Publication date
CN112468304B (en) 2024-05-03

Similar Documents

Publication Publication Date Title
CN111684760B (en) Cryptographic method and system for managing digital certificates
Cui et al. Edge computing in VANETs-an efficient and privacy-preserving cooperative downloading scheme
Vijayakumar et al. Computationally efficient privacy preserving anonymous mutual and batch authentication schemes for vehicular ad hoc networks
Bagga et al. Blockchain-based batch authentication protocol for Internet of Vehicles
Azees et al. EAAP: Efficient anonymous authentication with conditional privacy-preserving scheme for vehicular ad hoc networks
CN109067801B (en) Identity authentication method, identity authentication device and computer readable medium
Tzeng et al. Enhancing security and privacy for identity-based batch verification scheme in VANETs
CN109005542B (en) 5G Internet of vehicles rapid message authentication method based on reputation system
CN111372248A (en) Efficient anonymous identity authentication method in Internet of vehicles environment
CN108322486B (en) Authentication method for multi-server architecture under Internet of vehicles cloud environment
CN111464980A (en) Electronic evidence obtaining device and method based on block chain in Internet of vehicles environment
Kang et al. Highly efficient randomized authentication in VANETs
CN109362062B (en) ID-based group signature-based VANETs anonymous authentication system and method
CN108768652A (en) It is a kind of can the attack of anti-quantum alliance's block chain bottom encryption method
CN111684764A (en) Cryptographic method and system for digital certificate revocation using blind activation codes
CN110830245B (en) Anti-quantum-computation distributed Internet of vehicles method and system based on identity secret sharing and implicit certificate
CN109284623B (en) Management method of crowd sensing task based on user privacy protection
CN110022542A (en) A kind of anonymous authentication method of the modified based on condition secret protection
CN114286332B (en) Dynamic efficient vehicle-mounted cloud management method with privacy protection function
CN113761582A (en) Group signature based method and system for protecting privacy of block chain transaction under supervision
CN112437108A (en) Decentralized identity authentication device and method for privacy protection of Internet of vehicles
CN111212400A (en) Anti-quantum computing internet-of-vehicle system based on secret sharing and mobile terminal and authentication method thereof
Ogundoyin An Efficient, Secure and Conditional Privacy-Preserving Authentication Scheme for Vehicular Ad-hoc Networks.
CN110493748B (en) Fog-based road condition detection and authentication method
CN108965313B (en) Vehicle violation information publishing method, system and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant