CN103680111A - Method and system capable of verifying intelligent sensing terminal data aggregation - Google Patents

Method and system capable of verifying intelligent sensing terminal data aggregation Download PDF

Info

Publication number
CN103680111A
CN103680111A CN201410010601.0A CN201410010601A CN103680111A CN 103680111 A CN103680111 A CN 103680111A CN 201410010601 A CN201410010601 A CN 201410010601A CN 103680111 A CN103680111 A CN 103680111A
Authority
CN
China
Prior art keywords
data
terminal
random number
intellisense
data gathering
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201410010601.0A
Other languages
Chinese (zh)
Other versions
CN103680111B (en
Inventor
李龙海
黄诚强
付少锋
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xidian University
Original Assignee
Xidian University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xidian University filed Critical Xidian University
Priority to CN201410010601.0A priority Critical patent/CN103680111B/en
Publication of CN103680111A publication Critical patent/CN103680111A/en
Application granted granted Critical
Publication of CN103680111B publication Critical patent/CN103680111B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Storage Device Security (AREA)

Abstract

The invention discloses a method and a system capable of verifying intelligent sensing terminal data aggregation. The method comprises the following steps of firstly, generating and publishing global parameters by a network data aggregation server, collecting and generating registration information and encrypted spare data item sets of all the intelligent sensing terminals, and distributing the registration information and the encrypted spare data item sets to different data aggregation nodes; secondly, verifying the intelligent sensing terminals through the data aggregation nodes and alternately finishing a data aggregation process; finally, finishing verification on the correctness and the integrity of data statistic and a network data collecting process by using all the data published in the whole network data collecting process. The method is mainly characterized in that the data submitted by the intelligent sensing terminals in the data collecting process has the characteristics of privacy safety, statistic simplicity and verifiability.

Description

Can verify Intellisense terminal data method for congregating and system
Technical field
Briefly, the present invention relates to computer information safety technique field, and relate to particularly a kind of Intellisense terminal data method for congregating and system thereof with features such as verifiabilities.
Background technology
At present, data gathering system is conventionally by the aggregation server that is positioned at center, and a plurality of aggregation nodes and a plurality of terminal formation that are distributed to various places.Terminal gather after data at the scene, through simple, process, data are passed through wired, or the wireless mode such as WIFI, bluetooth, ZigBee is submitted to nearest aggregation node, aggregation node generates the data report of encrypting, then by computer network, sends these reports to aggregation server.After accumulation process finishes, aggregation server is added up, is analyzed all field data reports that collect, and announces statistics.Terminal can be wire communication terminal, as common PC, may be mobile terminal more, as smart mobile phone, PDA, panel computer, notebook computer etc.By configuring different sensing modules, terminal can gather polytype field data, comprises COMMUNICATION NETWORK PERFORMANCES parameter, environment temperature at the scene, air quality, traffic, free market commodity price etc.Therefore terminal data lens system can be applied under several scenes, and the statistic analysis result of aggregate data is held macroscopical situation to decision maker strong help is provided.
Compare with traditional lens system based on wireless sensor network (WSN:Wireless Sensor Network), the sensing node of terminal data lens system has intelligent and movability, can carry out pre-service to data, and can in moving process, gather more data, do not worry power issue yet, can also utilize in addition the existing mobile terminal that has been distributed to various places, without the extra sensing node of disposing.But in large-scale distributed data acquisition, adopt terminal also can bring new security threat.First be privacy concern.Participate in the terminal of data acquisition, as mobile phone etc., be accompanied by often that its user moves, so these terminals are when submitting image data to, also exposed its user's the privacy informations such as identity, position, mechanics.Next is data integrity issues, and because terminal is not subject to the control of central server, some malicious nodes can pretend to be legal terminal repeatedly to send data, to affect the integrality of statistics.Data also may revised by the via node of malice in central server transport process.In addition, carry out the server of data statistics and also may distort statistics, make the be uncertain about authenticity of statistics of the final user of data.
, in prior art, exist when hiding individual terminal and submitting data to for this reason, still can obtain the statistics of aggregate data, and the integrality of this result does not rely on lens system and the method for the honesty of data gathering server.
Summary of the invention
Intellisense terminal data lens system described in the invention can be protected the privacy of perception terminal; when hiding individual terminal submission data; still can obtain the statistics of aggregate data; and the integrality of this result does not rely on the honesty of data gathering server, any third party can verify according to public data the authenticity of statistics.Each data intelligence perception terminal can also verify whether the data of oneself are counted final statistics, and this feature has increased the transparency of accumulation process, has strengthened the confidence of domestic consumer's participation data gathering.
The problem to be solved in the present invention is to provide a kind of new intelligent terminal network data method for congregating and related system thereof, makes this Intellisense terminal data method for congregating and system thereof have personal secrets, can verify etc. that network data assembles required important advantage in application.
Important component part and main flow process involved in the data gathering process of above-mentioned Intellisense terminal data lens system are described in detail as follows:
Preferably, the formation of data gathering system is: Intellisense terminal data lens system is by the data gathering server that is positioned at center, a plurality of data gathering nodes, and the Intellisense terminal that is distributed to various places forms.After Intellisense terminal collection site data, through simple, process, data are passed through wired, or the wireless mode such as wIFI, bluetooth, zigBee is submitted to nearest data gathering node, data gathering node generates enciphered data report, then by computer network, sends these data reports to data gathering server.After accumulation process finishes, data gathering server is added up, is analyzed all field datas of collecting, and announces statistics.The client of data gathering system is query and statistical analysis result and raw data from data gathering server.
The function of each chief component in this system is described below.
Preferably, data gathering server comprises:
Bulletin unit: bulletin unit is for each participant broadcast to system, and leaving data on bulletin unit in can be inquired about at any time by anyone.Data gathering server can only append new message at bulletin unit messaging list afterbody, and each message attached the digital signature of data gathering server, to prevent that assailant from distorting with server, denies.
Registering unit: each intelligent terminal that participates in data gathering before accumulation process starts, first utilize under line and the mode combining online to data gathering server registration.Each terminal T igenerate a pair of public private key pair (v i, x i), and by PKI y iassumed name as oneself sends to data gathering server, private key x iby terminal oneself is secret, preserve.T ito utilize x ithe data report that oneself is submitted to carries out digital signature, to guarantee the reliability of Data Source.After the legitimacy of this terminal of server authentication, by its PKI y ibe saved in legal Intellisense terminal assumed name list T_List.
Initialization unit: the alternative collection of data items of being responsible for generating common parameter, secret random number, encryption.After the alternative collection of data items of encrypting generates, secret random number can abandon.After initialization procedure finishes, common parameter is appended to the afterbody of bulletin unit messaging list.
Data gathering unit: (1) removes by the alternative collection of data items of encrypting the background data base that a plurality of subsets are input to respectively each data gathering node.(2) the authentication information list T_List of all legal Intellisense terminals is input to the background data base of each data gathering node.(3) from each data gathering node, collect data.
Data statistics release unit: carry out data statistics according to the enciphered data report that in network, all data intelligence perception terminals are submitted to, provide statistical conclusions according to data statistics result.Meanwhile, utilize the data report that BBS (Bulletin Board System) system is submitted all data intelligence perception terminals to announce, so that client's inquiry and checking statistics.
Preferably, data gathering node comprises:
The function that data gathering node will complete comprises: the alternative collection of data items that (1) safe storage is encrypted.(2) legitimacy of Intellisense terminal is verified.Taking precautions against some malice terminals pretends to be legal terminal repeatedly to participate in data gathering process to destroy the integrality of assembling result.(3) receive the data of Intellisense terminal, translated into corresponding enciphered data report.(4) utilize the enciphered data report that interactive mode generates to terminal proof to encapsulate truly the data that terminal is submitted to.
Preferably, Intellisense terminal comprises:
Intellisense terminal is obtained field data and is generated the data options of being approved by data gathering node accordingly by sensing module.When moving in the transmission range of certain data gathering node, data options is sent to this node, the validity of the enciphered data report simultaneously generating with interactive mode checking node.Last Intellisense terminal is utilized the private key x of oneself ifor final definite enciphered data report generation digital signature.
According to a further aspect in the invention, a kind of method that provides network data to assemble, described method comprises following process: basic data gathering process was comprised of initial phase, endpoint registration stage, data gathering stage and statistics stage.(1), at initial phase, data gathering server is responsible for generating the alternative collection of data items of common parameter, secret random number, encryption.After the alternative collection of data items of encrypting generates, secret random number can abandon.After initialization procedure finishes, common parameter is appended to the afterbody of bulletin unit messaging list, for other participants, downloads.The alternative collection of data items of encrypting is removed the background data base that a plurality of subsets are input to respectively each data gathering node.At each data gathering node of this stage, need to generate the public private key pair (Y for authenticating of oneself i, X i).The PKI Y of all legal data gathering nodes iform list N_List, and N_List is appended to the bulletin unit of data gathering server.(2) at registration phase, each intelligent terminal that participates in data gathering before the gathering stage starts first to data gathering server registration.Each terminal T igenerate a pair of public private key pair (y i, x i), PKI y ias Intellisense terminal assumed name, be saved in terminal authentication information list T_List.Private key x iby terminal oneself, be responsible for secret preservation.(3), in the data gathering stage, first Intellisense terminal carries out interactive authentication with the nearest data gathering node of distance oneself, then the data of collection in worksite is sent to this data gathering node.This node receives after the data of terminal, is translated into corresponding enciphered data report.Terminal can be verified with interactive mode the validity of the enciphered data report that this node generates.The last data report form generating of data gathering node is 4 tuples (Intellisense terminal assumed name, encrypted data item, the signature of Intellisense terminal, the signatures of data gathering node).Active data report finally sends to data gathering server by computer network, by server, they is published to bulletin unit.(4) in the data statistics stage, all data report counting statistics results that data gathering server by utilizing was collected.Other participants can not have under the condition of decruption key the integrality with verification msg according to the simple algorithm counting statistics of the data report utilization result on bulletin unit yet.
According to a preferred embodiment of the invention, the method for described network data gathering further comprises:
Initial phase
The groundwork in data gathering procedure initialization stage is by data gathering server, to be responsible for generating the alternative collection of data items of common parameter, secret random number, encryption.The PKI PK of tentation data aggregation server vAall participants of data gathering system by reliable mode, have been distributed to.With PKI PK vAcorresponding private key SK vAby a plurality of child servers, utilize threshold secret sharing scheme jointly to hold.The initial work that data gathering server specifically will complete is as follows.
Generate common parameter
Data gathering server is responsible for generating following common parameter:
1. generate two large prime number p, q, meet 2q=p-1, and group
Figure BDA0000454933380000061
upper discrete logarithm problem is difficult to resolve.That is, generate two large prime number p, q, meet 2q=p-1, and require according to the group of p formation on discrete logarithm problem difficulty hypothesis set up, thereby guarantee that the data item of encrypting is not cracked.
2. exist
Figure BDA0000454933380000063
, in choose at random q rank element g, h, and establish and generated by g
Figure BDA0000454933380000064
cyclic subgroup be G.Nobody because being the child servers of a plurality of data gathering servers, g and h jointly chooses at random, so under discrete logarithm problem difficulty hypothesis, can know that h is about the discrete logarithm of g.
3. secure Hash function H 1: { 0,1} *→ Z q, when it will be used to generate the alternative data item of encryption, construct non-interactive zero-knowledge proof.
4. the terminal of supposition participation data gathering has at most n (reality is less than or equal to n certainly), and data gathering server needs to determine in advance number N=ε n of the alternative data item of encryption, and wherein ε >=2 are a safety coefficient.The number that each Intellisense terminal on average can be arranged alternative data item is ε, wherein only has one as valid option, and other option can be used for the confidence level of check data aggregation node by Intellisense terminal.ε is larger, and the terminal that participates in checking work is more, and the cheating of data gathering node is more easily tested out.Obviously, ε is larger, and the expense of system is also larger, so will between security and efficiency, do a balance during actual deployment.Suggestion ε gets 5 or 10.
The above-mentioned common parameter that data gathering server generates, comprises p, q, g, h, n, N, hash function H 1descriptor, alternative collection of data items { C 1, C 2..., C m, before data gathering starts, all to be published to bulletin unit, and enclose the digital signature of data gathering server.Any participant can obtain these common parameters, and utilizes PKI PK vAthe authority of checking public information.
In addition, the normal operation of system must suppose that parameter N and m satisfy condition:
Figure BDA0000454933380000075
wherein
Figure BDA0000454933380000076
with
Figure BDA0000454933380000077
represent respectively get whole and take off whole.
Generate the alternative collection of data items of encrypting
Suppose that alternative collection of data items is { C 1, C 2..., C m, and parameter N and m satisfy condition
Figure BDA0000454933380000078
if
Figure BDA0000454933380000079
before the data gathering stage starts, the following mode of each participant utilization of data gathering server is combined the alternative collection of data items that generates N encryption.
From integer set [0,1 ..., 2 e] in get 2m group (every group N-1) random number:
{k 1,1,k 1,2,...,k 1,N-1},{k 2,1,k 2,2,...,k 2,N-1},...,{k m,1,k m,2,...,k m,N-1},
{t 1,1,t 1,2,...,t 1,N-1}{t 2,1,t 2,2,...,t 2,N-1},...,{t m,1,t m,2,...,t m,N-1}
Then calculate:
k i , N = ( 0 - Σ j = 1 N - 1 k i , j ) mod 2 e ( i = 1,2 , · · · , m )
t i , N = ( 0 - Σ j = 1 N - 1 t i , j ) mod 2 e ( i = 1,2 , · · · , m )
Based on above result, calculate again:
k j = Σ i = 1 m 2 e ( i - 1 ) k i , j ( j = 1,2 , · · · , N )
t j = Σ i = 1 m 2 e ( i - 1 ) t i , j ( j = 1,2 , · · · , N )
{ the k that easily proof generates according to the method described above 1, k 2..., k n, { t 1, t 2..., t nmust meet:
( Σ j = 1 N k j ) mod 2 e = 0 , ( Σ j = 1 N t j ) mod 2 e = 0
{ k 1, k 2..., k n, { t 1, t 2..., t nin generating the alternative collection of data items process of encryption, as secret value secured fashion, preserve.
2. data gathering server calculates:
W j = g k j h t j , j = 1,2 , . . . , N
Be easy to proof { W 1, W 2..., W nmeet:
Π j = 1 N W j = Π j = 1 N g k j h t j = 1
Can be by { W 1, W 2..., W nregard as about secret random number { k 1, k 2..., k n, { t 1, t 2..., t nsafety certificate (Commitment).Can not betray the pot to the roses any information of random number of safety certificate, and under discrete logarithm problem difficulty hypothesis, once announce safety certificate, data gathering server cannot adopt one group of different random numbers k ' 1, k ' 2..., k ' n, t ' 1, t ' 2..., t ' nfor the production of alternative collection of data items.
3. data gathering server generates and encrypts alternative collection of data items:
v j , 0 = k j , P j , 0 = NIZK { t j | h t j = W j g - v j , 0 }
v j,i=k j+2 e(i-1)
Figure BDA0000454933380000085
i=1,2,…,m,
j=1,2,…,N
P in above formula j, i=NIZK{t j| A (t j) represent about secret value t jnon-interactive zero-knowledge proof.Pass through P j,i, data gathering server can be at the value of betraying the pot to the roses t not jprerequisite under, prove to meet and assert A (t j) set up, thereby do not revealing k jprerequisite under prove v j, ibuilding method protocol compliant regulation.Construct this non-interactive zero-knowledge proof and will use hash function H 1: { 0,1} *→ Z q.
{ (v j, 0, P j, 0), (v j, 1, P j, 1) ..., (v j, m, P j, m) forming the alternative groups of data items of an encryption, total N of such alternate item group, forms the alternative collection of data items of encrypting: { (v j, 0, P j, 0), (v j, 1, P j, 1) ..., (v j,m, P j,m) (j=1,2 ..., N).When submitting data to, if Intellisense terminal is selected C i, by data gathering node by option (v j,i, P j,i) report to data gathering server.And (v j, 0, P j, 0) comparatively special, will be used to Validation of Data.
4. data gathering server can be encrypted alternative data item { (v by the N of above-mentioned generation j, 0, P j,,0), (v j, 1, P j, 1) ..., (v j,m, P j, m) (j=1,2 ..., N) be divided into a plurality of subsets (according to data gathering interstitial content), and with secured fashion, import in the background data base of a plurality of data gathering nodes respectively.
5. data gathering server is by { k 1, k 2..., k n, { t 1, t 2..., t netc. secret value delete, by { W 1, W 2..., W nbe published on bulletin unit and enclose oneself digital signature.Any participant can be by checking whether set up the whether protocol compliant requirement of the alternative collection of data items of encryption that check data aggregation server generates.
Registration phase
At registration phase, each intelligent terminal that participates in data gathering before the gathering stage starts, first utilize under line and the mode combining online to data gathering server registration.Concrete register method is:
1. the supvr of data gathering server utilizes the legitimacy of mode under line (Offline) checking intelligent terminal, for example, check terminal possessor's I.D. or the product IDs of terminal.Check unsuccessfully, stop immediately registration process.
2. each terminal T igenerate a pair of public private key pair (y i, x i).The public key signature algorithm adopting can be any safe algorithm that is proved to be, as RSA Algorithm, DSA algorithm etc.Which class algorithm data gathering server and intelligent terminal both sides to adopting arrange in advance.
3. terminal T iby PKI y isend to data gathering server.For proving this terminal, hold and PKI y icorresponding private key, server generates a random number r, and usings r||timestamp as challenge message m, and wherein timestamp represents timestamp.Server makes terminal generate the digital signature sig (m) about m, then the validity of check signature sig (m).Check unsuccessfully, stop immediately registration process, otherwise proceed next step.
4. pass through after check PKI y ithe assumed name that is used as this intelligent terminal is saved in the authentication information list AC_List of data gathering server.Private key x iby terminal oneself, be responsible for secret preservation.
5. the list of public keys N_List of all legal back end is downloaded in the storer of intelligent terminal.Registration process finishes.
In above-mentioned registration process, only have data gathering server to know assumed name y iwith the corresponding relation of physical end ID, and cannot obtain this corresponding relation for the user of data gathering node, data gathering system.Therefore, provide certain terminal user's privacy protecting here.
The data gathering stage
In the data gathering stage, first Intellisense terminal carries out interactive authentication with the nearest data gathering node of distance oneself, then the data of collection in worksite is sent to this data gathering node.Data gathering node sends these data to data gathering server by computer network again.The concrete course of work is as follows.
1. after data perception intelligent terminal reaches within the scope of the efficient communication of certain data gathering node, first complete interactive authentication with this node.Because terminal is held the list of public keys N_List of all legal data gathering nodes, so can utilize " addressing inquires to-response " method to authenticate legal data gathering node.On the other hand, because data gathering node can obtain from data gathering server the list T_List of legal terminal, so can utilize " addressing inquires to-response " method to authenticate legal data perception intelligent terminal.
2. after interactive authentication passes through, data gathering node sends all alternative data item expressly to intelligent terminal, is about to set { C 1, C 2..., C msend to terminal.
Terminal according to field measurement data from { C 1, C 2..., C min select corresponding option (to be assumed to C i), and the selection of oneself is sent to data gathering node.
4. data gathering node is from alternative the collection of data items { (v of encryption j, 0, P j, 0), (v j, 1, P j, 1) ..., (v j,m, P j, m) (j=1,2 ..., appoint in N) and get an option group { (v k, 0, P j, 0), (v j, 1, P j, 1) ..., (v j,m, P j,m), then will with C icorresponding (v j,i, P j, i) as the final alternative data item of encryption generating.
Data gathering node is by v j, icorresponding binary string is divided into m part from low level to a high position, and each part comprises e bit (most significant digit part comprises bit number and may be greater than e), then with m partial binary, concatenates into m corresponding tens digit (d 1, d 2..., d m).
Data gathering node is by option (v j,i, P j, i), (d 1, d 2..., d m) and oneself digital signature S nsend to terminal.
5. after terminal checking node digital signature validity, there are two kinds of selections: " re-entering " and " submission ".
If selected " submission ", terminal is utilized the private key x of oneself ito the data { (v that will submit to j,i, P j,i), (d 1, d 2..., d m) generating digital signature S t, S then will sign tsend to data gathering node.Data gathering node generates final data report Report={y i, (v j,i, P j, i), (d 1, d 2..., d m), S n, S t, y wherein iit is the assumed name of terminal.Data gathering node sends to data gathering server by data report, and returns success message to terminal.After submitting to successfully, the report of Intellisense terminal save data, and leave.
If terminal is selected " re-entering ", data gathering node starts the encrypted data item { (v that " data report validation verification " flow process (finishing its detailed process below) verification msg aggregation node generates j,i, P j,i), (d 1, d 2..., d m) the data C to submission that should terminal whether really i.After being verified, return the 3rd step, terminal resubmits data, and node regenerates corresponding encrypted data item.
6. after the data gathering phase finishes, each data gathering node will own remaining standby alternative collection of data items { (v j, 0, P j, 0), (v j, 1, P j, 1) ..., (v j,m, P j,m) (v j, 0, P j, 0) part sends to data gathering server, and be labeled as " calcellation ".
Through above 6 steps, the data report of each Intellisense terminal has been submitted to the bulletin unit of the standby devices of data gathering clothes with the form of encrypting, and anyone can inquire about.
Above the idiographic flow of " data report validation verification " of the 5th step as follows:
(1) after data gathering node receives the terminal request of " re-entering ", data gathering node is by (v j,0, P j, 0) and v j, 0m corresponding decimal number d ' 1, d ' 2..., d ' msend to terminal.
(2) Intellisense terminal is verified then and there: for two groups of numeral { d 1, d 2..., d mand d ' 1, d ' 2..., d ' m, except d i-d ' i=1, other a m-1 numeral all equates.If do not met, illustrate that data gathering node is in cheating.
(3) P of Intellisense terminal checking node output j, 0, P j, iand the digital signature S of data gathering node nwhether effective.If invalid, terminal stops submitting data to this node, and can retain relevant evidence and think that data gathering server complains this node later.
(4) if data item (v j,i, P j,i) be used to do validation verification, this data item is equivalent to be cancelled.Data gathering node is only by (v i, 0, P j, 0) be submitted to data gathering server.
The data statistics stage
After data gathering process finishes, the information on data gathering server announcement unit is locked.First data gathering server checks in the data report list on bulletin unit whether comprise N item, if be less than N, some preliminary data item loss is described.After the preliminary data item polishing of losing, anyone can be according to the information counting statistics result on bulletin unit.
If the item set of announcing on bulletin unit is combined into { (v 1, P 1), (v 2, P 2) ..., (v n, P n), each v im the tens digit that (1≤i≤N) is corresponding is { d i, 1, d i, 2..., d i,m.
So, option C jthe statistics R that (1≤j≤m) is final jfor
R i = ( Σ i = 1 N d i , j ) mod 2 e ( 1 ≤ j ≤ m )
By simple modulo addition, can obtain statistics.And the validity of each data report can be passed through zero-knowledge proof P iand the validity of correlated digital signature is tested.
Principle from statistic algorithm is as follows: according to the process that generates the preliminary data option set of encrypting, can find out the data options v of each encryption j(1≤j≤N), if be not marked as calcellation, can be expressed as
Figure BDA0000454933380000134
form, b wherein j∈ 1,2 ..., m}; If be marked as calcellation, can be expressed as v j=k jform.B jvalue depend on the actual selection of corresponding Intellisense terminal.If Intellisense terminal has been selected alternate item C i, b j=i.
Further, k jcan be expressed as form.Therefore, with v jm corresponding tens digit d j,i(i=1,2 ..., m) can be expressed as k i, j+ b i, jform.B wherein i,j value 0 or 1, if 1, be expressed as and select alternative data item C i.If b j=i, b i,j=1, and b k,j=0 (k ≠ i).At v jduring for calcellation, b i, j(i=1,2 ..., m) all equal 0, do not select any alternative data item.
According to the process that generates the set of standby suggestion option, known
Figure BDA0000454933380000132
therefore,
R i = ( Σ j = 1 N d j , i ) mod 2 e = [ Σ j = 1 N ( k i , j + b i , j ) ] mod 2 e = Σ j = 1 N b i , j mod 2 e
Be R ifor alternate item C inumber of support.
Data gathering method according to the present invention has the following advantages compared with the conventional method:
Statistics is simple
One of advantage of designed data gathering system is that statistics is simple.This feature is mainly reflected in following two aspects.
1. from statistical.After data gathering process finishes, any system user can be according to the public information counting statistics result on data gathering server announcement unit.Whole statistic processes does not need to trust and rely on any statistics center, has therefore greatly increased the transparency of data gathering.
2. statistic algorithm is simple.In statistic processes, only need to use very simple modulo addition.The computer program of realizing statistic algorithm also will be easily understood very much, without the software that relies on security expert's realization of minority, therefore further increase the confidence level of statistics.
Verifiability
According to designed data gathering method, almost at whole data gathering process links, all there is verifiability, observer or participant can check this link whether to have cheating.The verifiability of this reinforcement guaranteed data gathering result integrality and credibility.
1. the checking of pair alternative collection of data items generative process
In the generative process of alternative collection of data items, can announce disclosed random commitment value (W on unit by check 1, W 2..., W nwhether meet:
Π j = 1 N W j = Π j = 1 N g k j h t j = 1
Verify the secret random value { k that generates alternative collection of data items 1, k 2..., k n, { t 1, t 2..., t nwhether meet following condition:
( Σ i = 1 N k i ) mod 2 e = 0 , ( Σ i = 1 N t i ) mod 2 e = 0 .
Above-mentioned two conditions are the keys that realize from statistics.In addition, under discrete logarithm problem difficulty hypothesis, once announce safety certificate { W 1, W 2..., W n, data gathering server cannot adopt a different set of random number k ' 1, k ' 2..., k ' n, t ' 1, t ' 2..., t ' nfor generation of alternative collection of data items, therefore taken precautions against the cheating of data gathering server in suggestion collection stage and the alternative data item of data gathering node conspiracy modification.
2. alternative data item verification of correctness
Any participant can be by check zero-knowledge proof P j, ithe data item v that generates of validation verification data gathering server j,icorrectness, verify v j, iwhether the middle alternate item with cipher mode encapsulation belongs to the alternate item set { C of appointment 1, C 2..., G m, and only encapsulated one of them alternate item.
3. data gathering node honesty checking
In aggregate data submission process, if participate in the intelligent terminal of data gathering, selected alternate item C i, a corresponding alternate item C of data report possibility that dishonest data gathering node generates k(k ≠ i), has so just run counter to the wish of Intellisense terminal.
System adopts following verification method to take precautions against above-mentioned cheating: Intellisense terminal is selected an alternate item C first at random i, data gathering node will with C icorresponding enciphered data report (comprises { d 1, d 2..., d mand (v j,i, P j, i)) output, and enclosed the signature of oneself.If terminal is abandoned afterwards " confirming to submit to ", node is by (v j, 0, P j, 0) and v j, 0m corresponding decimal number d ' 1, d ' 2..., d ' moutput.By contrasting two groups of numerals and check P j, iand P j, 0validity, just can check the whether real and C of the data report of node output icorresponding.At this, start to generate after report, node cannot determine that Intellisense terminal selects " confirming to submit to " still " to abandon ", once guess wrong, node cannot be denied, because node has been exported the digital signature of oneself.Therefore for the checking of single Intellisense terminal, the node successful probability of practising fraud only has 1/2.If there be f Intellisense terminal to do check, node can be practised fraud successful probability for (1/2) f.The process being generated from alternative collection of data items, number N=ε n of standby alternative data item, ε gets 5 or 10.Therefore each Intellisense terminal on average can be used 5 or 10 standby suggestion options, on average has 4 or 9 checking machine meetings.During large-scale data is assembled, as long as there is fraction Intellisense terminal to do check to the honesty of node, the probability that node can successfully be practised fraud is very little.
4. Intellisense terminal legality checking
Anyone can be according to disclosed Information Authentication on data gathering server: only have through the terminal in the legal Intellisense terminal assumed name list T_List of authentication and submitted data report to, each data report has attached and assumed name y imatch digital signature.。
5. whether the data report of Intellisense terminal checking oneself is counted net result
After completing suggestion submission, Intellisense terminal can obtain the data of data gathering server announcement unit output.Intellisense terminal can check whether the data report of oneself appears in the data report list of announcing on bulletin unit.If no, can be to the complaint of data gathering server, the evidence (signature that has data gathering data gathering node in data report) that data gathering server is preserved according to terminal finds cheating node.
Personal secrets
Personal secrets in data gathering process refer to except terminal user oneself, and assailant cannot determine actual which the alternative data item of having submitted to of this terminal.Set data gathering system is protected terminal privacy from following several aspects:
1. the data report that is published to data gathering server announcement unit has all adopted encrypted form.(data item form is v j=k j+ 2 e (bj-1), k wherein jcan be regarded as encryption key), the reliability prove P of data item jcan not expose alternate item information (this is to be guaranteed by the characteristic of zero-knowledge proof), therefore except data gathering server, (know k yet i), anyone cannot judge by the data report of announcing on bulletin unit the data of the actual submission of Intellisense terminal.
2. although data gathering node is known data options v jthe alternate item of middle encryption, but they only know the assumed name of Intellisense terminal, can not be by data options v jget up with the true identity information association of Intellisense terminal.
It should be noted that structure and/or material that these accompanying drawings are intended to the general characteristic of describing method, use in certain exemplary embodiments, and the description being intended to providing supplements below.Yet these accompanying drawings are not pro rata, and neither accurately reflect fine structure or the Performance Characteristics of the embodiment providing arbitrarily, and also should not be construed as by illustrative embodiments comprised numerical range or attribute are defined or limited.In each accompanying drawing, use same or identical Reference numeral to be intended to indication and have same or identical element or feature.
Accompanying drawing explanation
Generally described the present invention, referring now to accompanying drawing, it is scale according to the rules, wherein:
Fig. 1 is the structural representation of Intellisense terminal data lens system according to the preferred embodiment of the present invention;
Fig. 2 is the structural representation of data gathering server according to the preferred embodiment of the present invention;
Fig. 3 utilizes network data lens system to carry out the process flow diagram of the method for data gathering according to the preferred embodiment of the present invention;
Fig. 4 is that the network data lens system of utilizing of another preferred implementation according to the present invention is carried out the process flow diagram of the method for data gathering; And
Fig. 5 be according to the present invention again the network data lens system of utilizing of a preferred implementation carry out the process flow diagram of the method for data gathering.
Embodiment
Although illustrative embodiments can be carried out various modifications and be adopted alternative form, its embodiment provides in the accompanying drawings as embodiment, and will be described in detail here.Yet, should be understood that, illustrative embodiments should be defined as to particular forms disclosed, on the contrary, illustrative embodiments is intended to contain and falls into right and will remove all modifications, equivalent and the substitute in scope.In the description of whole accompanying drawing, identical Reference numeral represents identical element.
Below in conjunction with the drawings and specific embodiments, the network data accumulation process on a large scale of take is once example, and network data lens system and correlation technique thereof described in the invention are described further.
Fig. 1 is the structural representation of Intellisense terminal data lens system according to the preferred embodiment of the present invention.As shown in Figure 1, Intellisense terminal data lens system 100 comprises: client terminal 101, data gathering server 102, a plurality of data gathering node 103 (103a, 103b,, 103n) with a plurality of Intellisense terminal (104a, 104b, 104c, 104d, 104e and 104f).Preferably, client terminal 101 can be any type device that can move and store various application, for example personal digital assistant (PDA), smart mobile phone, flat computer, wireless telephone, mobile computing device, camera, video recorder, audio/video player, positioning equipment (for example, GPS (GPS) equipment), game station, wireless device or various other similar equipment or its combination.
Preferably, data gathering server 102 is any computer equipments that can realize data gathering, can be independent server or the cluster server of a plurality of server composition.Data gathering server 102 comprises: bulletin unit, registering unit, initialization unit, data gathering unit and data statistics unit, wherein will be described in detail below the concrete function of unit.Preferably, a plurality of data gathering node 103 (103a, 103b, each 103n) is suitable for utilizing the log-on message of a plurality of Intellisense terminals of storing in network data aggregation server to authenticate corresponding Intellisense terminal, Intellisense terminal by authentication is determined the data that are associated with described Intellisense terminal in the alternative data item of encrypting, described data gathering nodes records four-tuple < Intellisense terminal assumed name, encrypted data item, the signature of Intellisense terminal, the signature > of data gathering node, as data report, submit to data gathering server.Preferably, each in a plurality of data gathering nodes all meets the data of collecting from least one Intellisense terminal.As shown in Figure 1, data gathering node 103a is connected with 104b with Intellisense terminal 104a, is responsible for collecting the data from Intellisense terminal 104a and 104b.Data gathering node 103b is connected with Intellisense terminal 104c, is responsible for collecting the data from Intellisense terminal 104c.Data gathering node 103n is connected with 104f with Intellisense terminal 104d, 104e, is responsible for collecting the data from Intellisense terminal 104d, 104e and 104f.The Intellisense terminal that each data gathering node is responsible for respectively it to connect separately authenticates.
Preferably, each in a plurality of Intellisense terminals (104a, 104b, 104c, 104d, 104e and 104f) is suitable for determining in the alternative data item of encrypting the data that are associated with described Intellisense terminal.Described a plurality of Intellisense terminal can be that geographically disperse or geographically contiguous.Preferably, Intellisense terminal can be various types of sensors, such as sound transducer, humidity sensor, temperature sensor, pressure transducer etc.Preferably, Intellisense terminal can be various service terminals, for example ATM automatic cash dispenser, ATM ATM (automatic teller machine), ATM automatic teller machine.Preferably, Intellisense terminal can be any type device that can move and store various application, for example personal digital assistant (PDA), smart mobile phone, flat computer, wireless telephone, mobile computing device, camera, video recorder, audio/video player, positioning equipment (for example, GPS (GPS) equipment), game station, wireless device or various other similar equipment or its combination.
Preferably, data gathering server is responsible for the corresponding relation (for example annexation) between service data aggregation node and Intellisense terminal, and above-mentioned relation is stored in corresponding storage unit.When Intellisense terminal is switched to another data gathering node, rolls off the production line or when new Intellisense terminal is reached the standard grade, data gathering server is responsible for the corresponding relation between distribution, modification, record data aggregation node and Intellisense terminal when Intellisense terminal from a data aggregation node.
Fig. 2 is the structural representation of data gathering server according to the preferred embodiment of the present invention.Preferably, data gathering server 102 comprises: bulletin unit, registering unit, initialization unit, data gathering unit and data statistics unit.
Preferably, registering unit is for before network data accumulation process starts, and utilizes under line and the mode that combines is online registered each Intellisense terminal.Preferably, can utilize online mode by internet, each Intellisense terminal to be registered.Or, can by under line in appointed place the mode of written signature log-in protocol register.After registration step, be that each Intellisense terminal generates public, private key pair, using PKI as the assumed name of himself and send to data gathering server, and preserve private key in the storage unit of himself.Preferably, described assumed name refers to the another name of Intellisense terminal.Preferably, described Intellisense terminal is carried out digital signature by the data report that utilizes private key to submit to himself, to guarantee that data are not tampered.Described in data gathering server authentication, after the legitimacy of Intellisense terminal, the PKI of described Intellisense terminal is saved in legal assumed name list.Preferably, by described digital signature, prevent that data gathering node and data gathering server from distorting data.
Preferably, initialization unit is used for generating common parameter, and chooses random number according to common parameter, thereby calculates and generate secret random number according to random number.Preferably, initialization unit calculates according to described common parameter and secret random number the safety certificate being associated with secret random number.Preferably, initialization unit generates according to described common parameter, secret random number and the safety certificate that is associated with secret random number the alternative collection of data items of encrypting;
Preferably, data gathering unit is for being input to the alternative collection of data items of described encryption in the background data base of each data gathering node of network.Preferably, data gathering unit is input to the list of the authentication information of all legal Intellisense terminals the background data base of each data gathering node;
Preferably, data statistics unit is for the four-tuple < Intellisense terminal assumed name of the Intellisense terminal collected according to network, encrypted data item, the signature of Intellisense terminal, the signature > of data gathering node carries out data statistics, according to described data statistics specified data, assembles result.The Fig. 1 of take describes as example, the four-tuple of Intellisense terminal 104a can be the PKI of < Intellisense terminal 104a, the data item of encrypting, the signature of Intellisense terminal 104a, the signature > of data gathering node 103a.Wherein, the data item of encryption is the actual valid data that data gathering system will be collected, the data that Intellisense terminals such as the network bandwidth, junctor usage, node load can be collected.
In addition, data gathering node, utilize the log-on message of a plurality of Intellisense terminals of storing in network data aggregation server to authenticate corresponding Intellisense terminal, Intellisense terminal by authentication is determined the data that are associated with described Intellisense terminal in the alternative data item of encrypting, described data gathering nodes records four-tuple < Intellisense terminal assumed name, encrypted data item, the signature of Intellisense terminal, the signature > of data gathering node, submits to data gathering server as data report.Data intelligence perception terminal is determined the data that are associated with described Intellisense terminal for the alternative data item encrypting.
Fig. 3 utilizes network data lens system to carry out the process flow diagram of the method for data gathering according to the preferred embodiment of the present invention.As shown in Figure 3, described method comprises following four-stage:
1. initial phase:
At the initial phase of data gathering process, first establish data gathering server, by this data gathering server, be responsible for generating afterwards the alternative collection of data items of common parameter, secret random number, encryption.The PKI PK of tentation data aggregation server herein vAall participants of data gathering system by reliable mode, have been distributed to.With PKI PK vAcorresponding private key SK vAby a plurality of child servers, utilize threshold secret sharing scheme jointly to hold.Data gathering server specifically completes following initial work.
1.1. generate common parameter
Data gathering server generates following common parameter:
1) generate two large prime number p, q, meet 2q=p-1, and group
Figure BDA0000454933380000211
upper discrete logarithm problem is difficult to solve.That is, two large prime number p, q, meet 2q=p-1, and require the group that forms according to p
Figure BDA0000454933380000212
on discrete logarithm problem difficulty hypothesis set up, thereby guarantee that the data item of encrypting is not cracked.
2) exist
Figure BDA0000454933380000213
in choose at random q rank element g, h, and establish and generated by g
Figure BDA0000454933380000214
cyclic subgroup be G, guarantee that nobody can know that h is about the discrete logarithm of g simultaneously.
3) secure Hash function H 1: { 0,1} *→ z q, when it will be used to generate the alternative data item of encryption, construct non-interactive zero-knowledge proof.
4) terminal of supposition participation data gathering has at most n (reality is less than or equal to n certainly), and data gathering server needs to determine in advance number N=ε n of the alternative data item of encryption, and wherein ε >2 is a safety coefficient.
The above-mentioned common parameter that data gathering server generates, comprises p, q, g, h, n, N, hash function H 1descriptor, alternative collection of data items { C 1, C 2..., C m, before starting, data gathering is all published to bulletin unit, and the digital signature of enclosing data gathering server.
In addition, the normal operation of system must suppose that parameter N and m satisfy condition: wherein
Figure BDA0000454933380000224
with represent respectively get whole and take off whole.
1.2. generate the alternative collection of data items of encrypting:
Suppose that alternative collection of data items is { C 1, C 2..., C m, and parameter N and m satisfy condition if
Figure BDA0000454933380000227
before the data gathering stage starts, the following mode of each participant utilization of data gathering server is combined the alternative collection of data items that generates N encryption.
1) from integer set [0,1 ..., 2 e] in get 2m group (every group N-1) random number:
{k 1,1,k 1,2,...,k 1,N-1},{k 2,1,k 2,2,...,k 2,N-1},...,{k m,1,k m,2,...,k m,N-1},
{t 1,1,t 1,2,...,t 1,N-1},{t 2,1,t 2,2,...,t 2,N-1},…,{t m,1,t m,2,...,t m,N-1}
Then calculate:
k i , N = ( 0 - &Sigma; j = 1 N - 1 k i , j ) mod 2 e ( i = 1,2 , &CenterDot; &CenterDot; &CenterDot; , m )
t i , N = ( 0 - &Sigma; j = 1 N - 1 t i , j ) mod 2 e ( i = 1,2 , &CenterDot; &CenterDot; &CenterDot; , m )
Based on above result, calculate again:
k j = &Sigma; i = 1 m 2 e ( i - 1 ) k i , j ( j = 1,2 , &CenterDot; &CenterDot; &CenterDot; , N )
t j = &Sigma; i = 1 m 2 e ( i - 1 ) t i , j ( j = 1,2 , &CenterDot; &CenterDot; &CenterDot; , N )
{ the k that easily proof generates according to the method described above 1, k 2..., k n, { t 1, t 2..., t nmust meet:
( &Sigma; j = 1 N k j ) mod 2 e = 0 , ( &Sigma; j = 1 N t j ) mod 2 e = 0
{ k 1, k 2..., k n, { t 1, t 2..., t nin generating the alternative collection of data items process of encryption, as secret value secured fashion, preserve.
2) data gathering server calculates:
W j = g k j h t j , j = 1,2 , . . . , N
Be easy to proof { W 1, W 2..., W nmeet:
&Pi; j = 1 N W j = &Pi; j = 1 N g k j h t j = 1
Can be by { W 1, W 2..., W nregard as about secret random number { k 1, k 2..., k n, { t 1, t 2..., t nsafety certificate (Commitment).
3) data gathering server generates and encrypts alternative collection of data items:
v j , 0 = k j , P j , 0 = NIZK { t j | h t j = W j g - v j , 0 }
Figure BDA0000454933380000236
i=1,2,…,m,
j=1,2,…,N
P in above formula j, i=NIZK{t j| A (t j) represent about secret value t jnon-interactive zero-knowledge proof.Pass through P j, i, data gathering server can be at the value of betraying the pot to the roses t not jprerequisite under, prove to meet and assert A (t j) set up, thereby do not revealing k jprerequisite under prove v j, ibuilding method protocol compliant regulation.Construct this non-interactive zero-knowledge proof and will use hash function H 1: { 0,1} *→ z q.
{ (v j, 0p j, 0), (v j, 1, P j, 1) ..., (v j, mp j, m) forming the alternative groups of data items of an encryption, total N of such alternate item group, forms the alternative collection of data items of encrypting: { (v j, 0, P j, 0), (v j, ip j, 1) ..., (y j, m, P j, m) (j=1,2 ..., N).When submitting data to, if Intellisense terminal is selected C i, by data gathering node by option (v j, i, P j, i) report to data gathering server.And (v j, 0, P j, 0) comparatively special, will be used to Validation of Data.
4) data gathering server is encrypted alternative data item { (v by the N of above-mentioned generation j, 0, P j, 0), (v j, 1, P j, 1) ..., (P j, m, P j, m) (j=1,2 ..., N) be divided into a plurality of subsets (according to data gathering interstitial content), and with secured fashion, import in the background data base of a plurality of data gathering nodes respectively.
5) data gathering server is by { k 1, k 2..., t n, { t 1, t 2..., t netc. secret value delete, by { W 1, W 2..., W nbe published on bulletin unit and enclose oneself digital signature.Any participant can be by checking
Figure BDA0000454933380000241
whether set up the whether protocol compliant requirement of the alternative collection of data items of encryption that check data aggregation server generates.
2. registration phase:
At registration phase, each intelligent terminal that participates in data gathering before the gathering stage starts, first utilize under line and the mode combining online to data gathering server registration.Concrete register method is:
2.1. the supvr of data gathering server utilizes mode under line (Offline), and the product IDs of check terminal is verified the legitimacy of intelligent terminal.Check unsuccessfully, stop immediately registration process.
2.2. each terminal T iadopt the RSA Algorithm of appointing in advance with data gathering server to generate a pair of public private key pair (y i, x i).
2.3. terminal T iby PKI y isend to data gathering server.For proving this terminal, hold and PKI y icorresponding private key, server generates a random number r, and usings r||timestamp as challenge message m, and wherein timestamp represents timestamp.Server makes terminal generate the digital signature sig (m) about m, then the validity of check signature sig (m).Check unsuccessfully, stop immediately registration process, otherwise proceed next step.
2.4. pass through after check PKI y ithe assumed name that is used as this intelligent terminal is saved in the authentication information list AC_List of data gathering server.Private key x iby terminal is secret, preserve.
2.5. the list of public keys N_List of all legal back end is downloaded in the storer of intelligent terminal.Registration process finishes.
3. data gathering stage:
In the data gathering stage, first Intellisense terminal carries out interactive authentication with the nearest data gathering node of distance oneself, then the data of collection in worksite is sent to this data gathering node.Data gathering node sends these data to data gathering server by computer network again.The concrete course of work is as follows.
3.1. after data perception intelligent terminal reaches within the scope of the efficient communication of certain data gathering node, first complete interactive authentication with this node.Because terminal is held the list of public keys N_List of all legal data gathering nodes, so can utilize " addressing inquires to-response " method to authenticate legal data gathering node.On the other hand, because data gathering node can obtain from data gathering server the list T_List of legal terminal, so can utilize " addressing inquires to-response " method to authenticate legal data perception intelligent terminal.
3.2. after interactive authentication passes through, data gathering node sends all alternative data item expressly to intelligent terminal, is about to set { C 1, C 2..., C msend to terminal.
3.3. terminal according to field measurement data from { C 1, C 2..., C min select corresponding option (to be assumed to C i), and the selection of oneself is sent to data gathering node.
3.4. data gathering node is from alternative the collection of data items { (v of encryption j, 0, P j, 0), (v j, 1, P j, 1) ..., (v j,m, P j,m) (j=1,2 ..., appoint in N) and get an option group { (v j, 0, P j, 0), (v j, 1, P j, 1) ..., (v j,m, P j,m), then will with C icorresponding (v j,i, P j, i) as the final alternative data item of encryption generating.
Data gathering node is by v j, icorresponding binary string is divided into m part from low level to a high position, and each part comprises e bit (most significant digit part comprises bit number and may be greater than e), then with m partial binary, concatenates into m corresponding tens digit (d 1, d 2..., d m).
Data gathering node is by option (v j,i, P j,i), (d 1, d 2..., d m) and oneself digital signature S nsend to terminal.
3.5. after terminal checking node digital signature validity, there are two kinds of selections: " re-entering " and " submission ".
If selected " submission ", terminal is utilized the private key x of oneself ito the data { (v that will submit to j,i, P j, i), (d 1, d 2..., d m) generating digital signature S t, S then will sign tsend to data gathering node.Data gathering node generates final data report Report={y i, (v j,i, P j, i), (d 1, d 2..., d m), S n, S t, y wherein iit is the assumed name of terminal.Data gathering node sends to data gathering server by data report, and returns success message to terminal.After submitting to successfully, the report of Intellisense terminal save data, and leave.
If terminal is selected " re-entering ", data gathering node starts the encrypted data item { (v that " data report validation verification " flow process (finishing its detailed process below) verification msg aggregation node generates j,i, P j, i), (d 1, d 2..., d m) the data C to submission that should terminal whether really i.After being verified, return the 3.3rd step, terminal resubmits data, and node regenerates corresponding encrypted data item.
3.6. after the data gathering phase finishes, each data gathering node will own remaining standby alternative collection of data items { (v j, 0, P j, 0), (v j,i, P j, 1) ..., (v j,m, P j,m) (v j, 0, P j, 0) part sends to data gathering server, and be labeled as " calcellation ".
Through above 6 steps, the data report of each Intellisense terminal has been submitted to the bulletin unit of data gathering server with the form of encrypting, and anyone can inquire about.
Above the idiographic flow of " data report validation verification " of the 5th step as follows:
(1) data gathering node receives after the terminal request of " re-entering ", and data gathering node is by (v j, 0, P j, 0) and v j, 0m corresponding decimal number d ' 1, d ' 2..., d ' msend to terminal.
(2) Intellisense terminal is verified then and there: for two groups of numeral { d 1, d 2..., d mand d ' 1, d ' 2..., d ' m, except d i-d ' i=1, other a m-1 numeral all equates.If do not met, illustrate that data gathering node is in cheating.
(3) P of Intellisense terminal checking node output j, 0, P j,iand the digital signature S of data gathering node nwhether effective.If invalid, terminal stops submitting data to this node, and can retain relevant evidence and think that data gathering server complains this node later.
(4) if data item (v j,j, P j,i) be used to do validation verification, this data item is equivalent to be cancelled.Data gathering node is only by (v j, 0, P j, 0) be submitted to data gathering server.
4. data statistics stage:
After data gathering process finishes, the information on data gathering server announcement unit is locked.First data gathering server checks in the data report list on bulletin unit whether comprise N item, if be less than N, some preliminary data item loss is described.After the preliminary data item polishing of losing, anyone can be according to the information counting statistics result on bulletin unit.Circular is as follows.
If the item set of announcing on bulletin unit is combined into { (v 1, P 1), (v 2, P 2) ..., (v n, P n), each v im the tens digit that (1≤i≤N) is corresponding is { d i, 1, d i, 2..., d i, m.
So, option C jthe statistics R that (1≤j≤m) is final jfor
R j = ( &Sigma; i = 1 N d i , j ) mod 2 e ( 1 &le; j &le; m )
By simple modulo addition, can obtain statistics.And the validity of each data report can be passed through zero-knowledge proof P ivalidity and the validity of digital signature test.
Fig. 4 is that the network data lens system of utilizing of another preferred implementation according to the present invention is carried out the process flow diagram of the method for data gathering.Described method is from step 401, and data gathering starts as starting point.Then proceed to step 402, first Intellisense terminal carries out interactive authentication with the nearest data gathering node of distance oneself, then the data of collection in worksite is sent to this data gathering node.Data gathering node sends these data to data gathering server by computer network again.After data perception intelligent terminal reaches within the scope of the efficient communication of certain data gathering node, first complete interactive authentication with this node.Because terminal is held the list of public keys N_List of all legal data gathering nodes, so can utilize " addressing inquires to-response " method to authenticate legal data gathering node.On the other hand, because data gathering node can obtain from data gathering server the list T_List of legal terminal, so can utilize " addressing inquires to-response " method to authenticate legal data perception intelligent terminal.
In step 403, judge whether to pass through interactive authentication.When not by interactive authentication, proceed to step 412, process finishes.When by interactive authentication, carry out step 404, data gathering node sends all alternative data item expressly to intelligent terminal, is about to set { C 1, C 2..., C msend to terminal.
Terminal according to field measurement data from { C 1, C 2..., C min select corresponding option (to be assumed to C i), and the selection of oneself is sent to data gathering node.
Alternative the collection of data items { (v of data gathering node from encrypting j, 0, P j, 0), (v j, 1, P j, 1) ..., (v j,m, P j,m) (j=1,2 ..., appoint in N) and get an option group { (v j, 0, Pj , 0), (v j.1, P j, 1) ..., (v j,m, P j,m), then will with C icorresponding (v j,i, P j, i) as the final alternative data item of encryption generating.
Data gathering node is by v j,icorresponding binary string is divided into m part from low level to a high position, and each part comprises e bit (most significant digit part comprises bit number and may be greater than e), then with m partial binary, concatenates into m corresponding tens digit (d 1, d 2..., d m).Data gathering node is by option (v j,i, P j, i), (d 1, d 2..., d m) and oneself digital signature S nsend to terminal.
In step 405, the report of aggregation node generated data.
In step 406, after terminal checking node digital signature validity, select: " re-entering " and " pinch friendship ".
If selected " submission ", carry out step 407, terminal is utilized the private key x of oneself ito the data { (v that will submit to j,j, P j, i), (d 1, d 2..., d m) generating digital signature S t, S then will sign tsend to data gathering node.In step 408, data gathering node generates final data report Report={y i, (v j,i, P j, i), (d 1, d 1..., d m), S n, S t, y wherein iit is the assumed name of terminal.Data gathering node sends to data gathering server by data report, and returns success message to terminal.After submitting to successfully, the report of Intellisense terminal save data, and leave.
If select " re-entering " in step 406, carry out step 409, require data gathering and announce evidence.Step 410, data gathering node starts " data report validation verification " flow process and (finishes the encrypted data item { (v that its detailed process two verification msg aggregation nodes generate below j,i, P j, i), (d 1, d 2..., d m) the data C to submission that should terminal whether really i.In step 411, determine whether by checking, if not by checking, carry out step 412, process finishes; If by checking, turn back to step 404, terminal resubmits data, and node regenerates corresponding encrypted data item.
Preferably, at step 412 place, after the data gathering phase finishes, each data gathering node will own remaining standby alternative collection of data items { (v j, 0, P j, 0), (v j, 1, P j, 1) ..., (v j,m, P j,m) (v j, 0, P j, 0) part sends to data gathering server, and be labeled as " calcellation ".
Through step, the data report of each Intellisense terminal has been submitted to the bulletin unit of data gathering server with the form of encrypting, and anyone can inquire about.
Preferably, the idiographic flow of " data report validation verification " is above as follows:
(1) data gathering node receives after the terminal request of " re-entering ", and data gathering node is by (v j, 0, P j, 0) and v j, 0m corresponding decimal number d ' 1, d ' 2..., d ' msend to terminal.
(2) Intellisense terminal is verified then and there: for two groups of numeral { d 1, d 2..., d mand d ' 1, d ' 2..., d ' m, except d i-d ' i=1, other a m-1 numeral all equates.If do not met, illustrate that data gathering node is in cheating.
(3) P of Intellisense terminal checking node output j, 0, P j,iand the digital signature S of data gathering node nwhether effective.If invalid, terminal stops submitting data to this node, and can retain relevant evidence and think that data gathering server complains this node later.
(4) if data item (v j,i, P j, i) be used to do validation verification, this data item is equivalent to be cancelled.Data gathering node is only by (v j, 0, P j, 0) be submitted to data gathering server.
Fig. 5 be according to the present invention again the network data lens system of utilizing of a preferred implementation carry out the process flow diagram of the method for data gathering.Method 500 is applicable to comprise the system of network data aggregation server, a plurality of network data aggregation node and a plurality of Intellisense terminals.Method 500 is from step 501, before network data accumulation process starts, the mode of utilizing under line and combining is online registered each the Intellisense terminal in a plurality of Intellisense terminals, for each Intellisense terminal generates public, private key pair, using PKI as the assumed name of himself and send to data gathering server, and preserve private key in the storage unit of himself, wherein said Intellisense terminal will utilize private key to carry out digital signature to the data report of its submission, to guarantee that data are not tampered, described in data gathering server authentication after the legitimacy of Intellisense terminal, the PKI of described Intellisense terminal is saved in legal assumed name list.
In step 502, to a plurality of Intellisense terminal broadcasts in network data lens system, to start network data accumulation process, the digital signature of the subsidiary described network data aggregation server of described message, to prevent assailant's distorting described message.
In step 503, utilize the initialization unit of network data aggregation server to generate common parameter.
In step 504, according to common parameter, choose random number, and calculate and generate secret random number according to random number.
In step 505, according to described common parameter and secret random number, calculate the safety certificate being associated with secret random number.
In step 506, according to described common parameter, secret random number and the safety certificate that is associated with secret random number, generate the alternative collection of data items of encrypting.
In step 507, the data gathering unit of network data aggregation server is input to the alternative collection of data items of described encryption in the background data base of each data gathering node in network, the list of the authentication information of all legal Intellisense terminals is input to the background data base of each data gathering node.
In step 508, the log-on message that each in described a plurality of data gathering node is utilized a plurality of Intellisense terminals of storing in network data aggregation server authenticates each in a plurality of Intellisense terminals, Intellisense terminal intelligent perception terminal by authentication is determined the data that are associated with described Intellisense terminal in the alternative data item of encrypting, described data gathering nodes records four-tuple < Intellisense terminal assumed name, encrypted data item, the signature of Intellisense terminal, the signature > of data gathering node, as data report, submit to data gathering server.
In step 509, the data statistics unit of network data aggregation server is according to the four-tuple < Intellisense terminal assumed name of the Intellisense terminal of collecting in network, encrypted data item, the signature of Intellisense terminal, the signature > of data gathering node carries out data statistics, according to described data statistics specified data, assembles result.
In step 510, established data is assembled to result and utilize BBS (Bulletin Board System) mode to announce, and inquiry and the checking of described established data being assembled to result is provided.
Yet, it should be noted in the discussion above that all these terms and the similar term that are associated with suitable physical quantity are only the labels easily that is applied to this tittle.Unless specifically stated otherwise, or obviously obtain from discuss, term such as " processing ", " calculating ", " estimation ", " determining ", " demonstration " etc., relate to action and the processing of computer system or similar electronic computing device, the data that are expressed as physical quantity, amount of electrons in the RS of computer system are handled and to be converted to other similar data that are expressed as physical quantity in the such information-storing device of computer system memory or register or other, transmission or display device.
Also it should be noted that, the software of illustrative embodiments is realized aspect and on the program recorded medium of some forms, is encoded typically, or realizes on the transmission medium of some types.Computer-readable medium can be magnetic (for example, floppy disk or hard disk drive) or light (for example, compact disk ROM (read-only memory), or " CD ROM "), and can be read-only or random-access.Similarly, transmission medium can be twisted-pair feeder, concentric cable, optical fiber or other suitable transmission medium well known in the art.Illustrative embodiments is not limited to these aspects that any appointment realizes.

Claims (10)

1. utilize network data lens system to carry out a method for network data gathering, described system comprises network data aggregation server, a plurality of network data aggregation node and a plurality of Intellisense terminal, it is characterized in that described method comprises:
Before network data accumulation process starts, utilize under line mode and/or online mode to register each the Intellisense terminal in a plurality of Intellisense terminals, for each Intellisense terminal generates public, private key pair, using PKI as the assumed name of himself and send to data gathering server, and preserve private key in the storage unit of Intellisense terminal self, wherein said Intellisense terminal will utilize private key to carry out digital signature to the data report of its submission, to guarantee that data are not tampered, described in data gathering server authentication after the legitimacy of Intellisense terminal, the PKI of described Intellisense terminal is saved in legal assumed name list,
To a plurality of Intellisense terminal broadcasts in network data lens system, to start network data accumulation process, the digital signature of the subsidiary described network data aggregation server of described message, to prevent assailant's distorting described message;
Utilize the initialization unit of network data aggregation server to generate common parameter,
According to common parameter, choose random number, and calculate and generate secret random number according to random number;
According to described common parameter and secret random number, calculate the safety certificate being associated with secret random number;
According to described common parameter, secret random number and the safety certificate that is associated with secret random number, generate the set of the alternative data item of encrypting;
The data gathering unit of network data aggregation server is input to the alternative collection of data items of described encryption in the background data base of each data gathering node in network, the list of the authentication information of all legal Intellisense terminals is input to the background data base of each data gathering node;
The log-on message that each in described a plurality of data gathering node is utilized a plurality of Intellisense terminals of storing in network data aggregation server authenticates each in a plurality of Intellisense terminals, Intellisense terminal by authentication is determined the data that are associated with described Intellisense terminal in the alternative data item of encrypting, described data gathering nodes records four-tuple < Intellisense terminal assumed name, encrypted data item, the signature of Intellisense terminal, the signature > of data gathering node, using described quaternary ancestral as data report, submit to data gathering server,
The data statistics unit of network data aggregation server is according to the four-tuple < Intellisense terminal assumed name of the Intellisense terminal of collecting in network, encrypted data item, the signature of Intellisense terminal, the signature > of data gathering node carries out data statistics, according to described data statistics specified data, assembles result; And established data is assembled to result and utilize BBS (Bulletin Board System) mode to announce, and provide inquiry and the checking of described established data being assembled to result.
2. method according to claim 1, is characterized in that:
Described common parameter comprises following part: 1) two large prime number p, q, meet 2q=p-1, and require the group that forms according to p
Figure FDA0000454933370000021
on discrete logarithm problem difficulty hypothesis set up, thereby guarantee that the alternative data item of encrypting is not cracked; 2) exist
Figure FDA0000454933370000022
in the q rank element g, the h that choose at random: by g, generated cyclic subgroup G; 3) the maximum possible value n of Intellisense terminal, alternative data item number N=ε n of encryption, wherein ε>=2 are safety coefficient; 4) secure Hash function H 1: { 0,1} *→ z q, while being used to generate the alternative data item of encrypting, construct non-interactive zero-knowledge proof; With 5) set of the alternative data item of encrypting is { C 1, C 2..., C m, m is the number of the alternative data item of encryption;
Wherein parameter q, m and N satisfy condition: wherein
Figure FDA0000454933370000025
with
Figure FDA0000454933370000026
represent respectively get whole and take off whole;
From set [0,1 ..., 2 e] in choose random number, wherein
Figure FDA0000454933370000036
3. method according to claim 1, is characterized in that:
Described Intellisense terminal is in sensor, point-of-sale terminal, personal digital assistant, smart mobile phone, flat computer and wireless telephone.
4. method according to claim 1, the set that wherein generates the alternative data item of encrypting specifically comprises:
1) according to common parameter, choose random number, and comprise according to random number calculating generation secret random number:
From integer set [0,1 ..., 2 e] in get 2m group, every group of N-1 random number wherein:
{k 1,1,k 1,2,...,k 1,N-1},{k 2,1,k 2,2,,..,k 2,N-1},...,{k m,1,k m,2,...,k m,N-1},
{t 1,1,t 1,2,...,t 1,N-1},{t 2,1,t 2,2,...,t 2,N-1},...,{t m,1,t m,2,...,t m,N-1}
Wherein k and t represent random number;
Then calculate:
k i , N = ( 0 - &Sigma; j = 1 N - 1 k i , j ) mod 2 e ( i = 1,2 , &CenterDot; &CenterDot; &CenterDot; , m )
t i , N = ( 0 - &Sigma; j = 1 N - 1 t i , j ) mod 2 e ( i = 1,2 , &CenterDot; &CenterDot; &CenterDot; , m )
Based on above result, calculate again:
k j = &Sigma; i = 1 m 2 e ( i - 1 ) k i , j ( j = 1,2 , &CenterDot; &CenterDot; &CenterDot; , N )
t j = &Sigma; i = 1 m 2 e ( i - 1 ) t i , j ( j = 1,2 , &CenterDot; &CenterDot; &CenterDot; , N )
{ the k generating according to the method described above 1, k 2..., k n, { t 1, t 2..., t nmeet:
( &Sigma; j = 1 N k j ) mod 2 e = 0 , ( &Sigma; j = 1 N t j ) mod 2 e = 0
In the process of the set of the alternative data item of generate encrypting with secured fashion by { k 1, k 2..., k n, { t 1, t 2..., t nas secret random number, preserve;
2) according to described common parameter and secret random number, calculating the safety certificate being associated with secret random number comprises:
Calculate:
W j = g k j h t j , j = 1,2 , . . . , N
{ W wherein 1, W 2..., W nmeet:
&Pi; j = 1 N W j = &Pi; j = 1 N g k j h t j = 1
By { W 1, W 2..., W nfor about secret random number { k 1, k 2..., k n, { t 1, t 2..., t nsafety certificate; Can not betray the pot to the roses any information of random number of safety certificate, once announce safety certificate, assailant cannot adopt different secret random number to produce the alternative data item of encryption;
3) set that generates the alternative data item of encrypting according to described common parameter, secret random number and the safety certificate that is associated with secret random number comprises:
v j , 0 = k j , P j , 0 = NIZK { t j | h t j = W j g - v j , 0 }
v j,i=k j+2 e(i-1)
Figure FDA0000454933370000044
i=1,2,…,m,
j=1,2,…,N
The small set { (v more than generating j, 0, P j, 0), (v j, 1, P j, 1) ..., (v j, m, P j,m) forming the alternative data item of encrypting, the total N of alternative data item of described encryption is individual: { (v j, 0, P j, 0), (v j, 1, P j, 1) ..., (v j, m, P j, m) (j=1,2 ..., N), it forms the set of the alternative data item of encrypting.
5. method according to claim 4, is characterized in that:
Can carry out validation verification to the alternative data item of encrypting, detailed process is as follows:
1) when determining the alternative data item of the encryption being associated with described Intellisense terminal, if Intellisense terminal has been selected " the alternative data item C of encryption i", data gathering node will with C ialternative data item { the d of corresponding encryption 1, d 2..., d mand (v j,i, P j, i) export, and enclose the digital signature of Intellisense terminal:
2) when Intellisense terminal is selected to confirm, if selected " reselecting " option, data gathering node is by (v j, 0, P j, 0) and v j, 0m corresponding decimal number d ' 1, d ' 2..., d ' moutput, and reselect;
3) Intellisense terminal can be verified in real time: for two groups of numeral { d 1, d 2..., d mand d ' 1, d ' 2..., d ' m, except d i-d ' i=1, other a m-1 numeral all equates; If do not meet, illustrate that the encrypted data item of data gathering node exists mistake;
4), after the alternative data item of having selected to encrypt, Intellisense terminal can also be verified the P of output j, 0, P j,iand whether the digital signature of data gathering node is effective; If invalid, terminal reports that to data gathering server the alternative data item of the encryption of this data gathering node exists mistake;
5) if the alternative data item subitem (v encrypting j,i, P j, i) be used as validation verification, the alternative data item of the encryption of its correspondence is equivalent to be cancelled; Data gathering node is only by (v j, 0, P j, 0) be submitted to data gathering server.
6. a network data lens system, described system comprises network data aggregation server, a plurality of network data aggregation node and a plurality of Intellisense terminal, it is characterized in that,
Described network data aggregation server comprises:
Bulletin unit, to a plurality of Intellisense terminal broadcasts in network data lens system, to start network data accumulation process, the digital signature of the subsidiary described network data aggregation server of described message, to prevent assailant's distorting described message; And, established data is assembled to result and utilize BBS (Bulletin Board System) mode to announce, and inquiry and the checking of described established data being assembled to result is provided;
Registering unit, before network data accumulation process starts, utilize under line mode and/or online mode to register each Intellisense terminal, for each Intellisense terminal generates public, private key pair, using PKI as the assumed name of himself and send to data gathering server, and preserve private key in the storage unit of Intellisense terminal self, wherein said Intellisense terminal will utilize private key to carry out digital signature to the data report of its submission, to guarantee that data are not tampered, described in data gathering server authentication after the legitimacy of Intellisense terminal, the PKI of described Intellisense terminal is saved in legal assumed name list,
Initialization unit, generates common parameter, according to common parameter, chooses random number, and calculates and generate secret random number according to random number; According to described common parameter and secret random number, calculate the safety certificate being associated with secret random number; According to described common parameter, secret random number and the safety certificate that is associated with secret random number, generate the set of the alternative data item of encrypting;
Data gathering unit, is input to the alternative collection of data items of described encryption in the background data base of each data gathering node in network; The list of the authentication information of all legal Intellisense terminals is input to the background data base of each data gathering node;
Data statistics unit, according to the four-tuple < Intellisense terminal assumed name of the Intellisense terminal of collecting in network, encrypted data item, the signature of Intellisense terminal, the signature > of data gathering node carries out data statistics, according to described data statistics specified data, assembles result;
Data gathering node, utilize the log-on message of a plurality of Intellisense terminals of storing in network data aggregation server to authenticate corresponding Intellisense terminal, Intellisense terminal by authentication is determined the data that are associated with described Intellisense terminal in the alternative data item of encrypting, described data gathering nodes records four-tuple < Intellisense terminal assumed name, encrypted data item, the signature of Intellisense terminal, the signature > of data gathering node, submits to data gathering server using described quaternary ancestral as data report;
Data intelligence perception terminal is determined the data that are associated with described Intellisense terminal in the alternative data item of encrypting.
7. network data lens system according to claim 6, is characterized in that:
Described common parameter comprises following part: 1) two large prime number p, q, meet 2q=p-1, and require the group that forms according to p
Figure FDA0000454933370000071
on discrete logarithm problem difficulty hypothesis set up, thereby guarantee that the alternative data item of encrypting is not cracked; 2) exist
Figure FDA0000454933370000072
in the q rank element g, the h that choose at random: by g, generated
Figure FDA0000454933370000073
cyclic subgroup G; 3) the maximum possible value n of Intellisense terminal, alternative data item number N=ε n of encryption, wherein ε >2 is a safety coefficient; 4) secure Hash function H 1: { 0,1} *→ z q, while being used to generate standby suggestion option, construct non-interactive zero-knowledge proof; With 5) set { C of the alternative data item of encrypting 1, C 2..., C m, m is the number of the alternative data item of encryption;
Wherein parameter q, m and N satisfy condition:
Figure FDA0000454933370000074
wherein
Figure FDA0000454933370000075
with
Figure FDA0000454933370000076
represent respectively get whole and take off whole;
From set [0,1 ..., 2 e] in choose random number, wherein
Figure FDA0000454933370000077
8. network data lens system according to claim 6, is characterized in that:
Described Intellisense terminal is in sensor, point-of-sale terminal, personal digital assistant, smart mobile phone, flat computer and wireless telephone.
9. network data lens system according to claim 6, the set that wherein generates the alternative data item of encrypting specifically comprises:
1) according to common parameter, choose random number, and comprise according to random number calculating generation secret random number:
From integer set [0,1 ..., 2 e] in get 2m group, every group of N-1 random number wherein:
{k 1,1,k 1,2,...,k 1,N-1},{k 2,1,k 2,2,...,k 2,N-1},…,{k m,1,k m,2,...,k m,N-1},
{t 1,1,t 1,2,...,t 1,,N-1},{t 2,1,t 2,2,...,t 2,N-1},...,{t m,1,t m,2,....t m,N-1}
Wherein k and t represent random number;
Then calculate:
k i , N = ( 0 - &Sigma; j = 1 N - 1 k i , j ) mod 2 e ( i = 1,2 , &CenterDot; &CenterDot; &CenterDot; , m )
t i , N = ( 0 - &Sigma; j = 1 N - 1 t i , j ) mod 2 e ( i = 1,2 , &CenterDot; &CenterDot; &CenterDot; , m )
Based on above result, calculate again:
k j = &Sigma; i = 1 m 2 e ( i - 1 ) k i , j ( j = 1,2 , &CenterDot; &CenterDot; &CenterDot; , N )
t j = &Sigma; i = 1 m 2 e ( i - 1 ) t i , j ( j = 1,2 , &CenterDot; &CenterDot; &CenterDot; , N )
{ the k generating according to the method described above 1, k 2..., k n, { t 1, t 2..., t nmeet:
( &Sigma; j = 1 N k j ) mod 2 e = 0 , ( &Sigma; j = 1 N t j ) mod 2 e = 0
In the aggregation process of the alternative data item of generate encrypting with secured fashion by { k 1, k 2..., k n, { t 1, t 2..., t nas secret random number, preserve;
2) according to described common parameter and secret random number, calculating the safety certificate being associated with secret random number comprises:
Calculate:
W j = g k j h t j , j = 1,2 , . . . , N
Determine { W 1, W 2..., W nmeet:
&Pi; j = 1 N W j = &Pi; j = 1 N g k j h t j = 1
By { W 1, W 2..., W nas about secret random number { k 1, k 2..., k n, { t 1, t 2..., t nsafety certificate; Can not betray the pot to the roses any information of random number of safety certificate, once announce safety certificate, assailant cannot adopt different secret random number for generation of the alternative data item of encrypting;
3) set that generates the alternative data item of encrypting according to described common parameter, secret random number and the safety certificate that is associated with secret random number comprises:
v j , 0 = k j , P j , 0 = NIZK { t j | h t j = W j g - v j , 0 }
v j,i=k j+2 e(i-1)
Figure FDA0000454933370000092
i=1,2,…,m,
j=1,2,…,N
The small set { (v more than generating j, 0, P j, 0), (v j, 1, P j, 1) ..., (v j,m, P j, m) forming the alternative data item of encrypting, the total N of alternative data item of described encryption is individual: { (v j, 0, P j, 0), (v j, 1, P j, 1) ..., (v j,m, P j,m) (j=1,2 ..., N), it forms the set of the alternative data item of encrypting.
10. network data lens system according to claim 9, is characterized in that:
The detailed process of the alternative data item validation verification of described encryption is as follows:
Can carry out validation verification to the alternative data item of encrypting, detailed process is as follows:
1) when determining the alternative data item of the encryption being associated with described Intellisense terminal, if Intellisense terminal has been selected " the alternative data item C of encryption i", data gathering node will with C ialternative data item { the d of corresponding encryption 1, d 2..., d mand (v j,i, P j,i) export, and enclose the digital signature of Intellisense terminal;
2) when Intellisense terminal is selected to confirm, if selected " reselecting " option, data gathering node is by (v j, 0, P j, 0) and v j, 0m corresponding decimal number d ' 1, d ' 2..., d ' moutput, and reselect;
3) Intellisense terminal can be verified in real time: for two groups of numeral { d 1, d 2..., d mand d ' 1, d ' 2..., d ' m, except d i-d ' i=1, other a m-1 numeral all equates; If do not meet, illustrate that the encrypted data item of data gathering node exists mistake;
4), after the alternative data item of having selected to encrypt, Intellisense terminal can also be verified the P of output j, 0, P j,iand whether the digital signature of data gathering node is effective; If invalid, terminal reports that to data gathering server the alternative data item of the encryption of this data gathering node exists mistake;
5) if the alternative data item subitem (v encrypting j,i, P j, i) be used as validation verification, the alternative data item of the encryption of its correspondence is equivalent to be cancelled; Data gathering node is only by (v j, 0, P j, 0) be submitted to data gathering server.
CN201410010601.0A 2014-01-09 2014-01-09 Method and system capable of verifying intelligent sensing terminal data aggregation Expired - Fee Related CN103680111B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201410010601.0A CN103680111B (en) 2014-01-09 2014-01-09 Method and system capable of verifying intelligent sensing terminal data aggregation

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410010601.0A CN103680111B (en) 2014-01-09 2014-01-09 Method and system capable of verifying intelligent sensing terminal data aggregation

Publications (2)

Publication Number Publication Date
CN103680111A true CN103680111A (en) 2014-03-26
CN103680111B CN103680111B (en) 2017-01-25

Family

ID=50317524

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410010601.0A Expired - Fee Related CN103680111B (en) 2014-01-09 2014-01-09 Method and system capable of verifying intelligent sensing terminal data aggregation

Country Status (1)

Country Link
CN (1) CN103680111B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112308093A (en) * 2020-11-24 2021-02-02 腾讯科技(深圳)有限公司 Air quality perception method based on image recognition, model training method and system

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1954538A (en) * 2004-05-12 2007-04-25 艾利森电话股份有限公司 Key management messages for secure broadcast
US20070168546A1 (en) * 2006-01-18 2007-07-19 Microsoft Corporation Efficient Dispatch of Messages Based on Message Headers
CN101150849A (en) * 2006-09-18 2008-03-26 华为技术有限公司 Method for binding management secret key, system, mobile node and communication node
CN101702807A (en) * 2009-11-16 2010-05-05 东南大学 Wireless security access authentication method
CN102412967A (en) * 2011-09-29 2012-04-11 用友软件股份有限公司 Data transmission system and method

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1954538A (en) * 2004-05-12 2007-04-25 艾利森电话股份有限公司 Key management messages for secure broadcast
US20070168546A1 (en) * 2006-01-18 2007-07-19 Microsoft Corporation Efficient Dispatch of Messages Based on Message Headers
CN101150849A (en) * 2006-09-18 2008-03-26 华为技术有限公司 Method for binding management secret key, system, mobile node and communication node
CN101702807A (en) * 2009-11-16 2010-05-05 东南大学 Wireless security access authentication method
CN102412967A (en) * 2011-09-29 2012-04-11 用友软件股份有限公司 Data transmission system and method

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
张鹏: "关于多方安全协议的研究", 《中国优秀博硕士学位论文全文数据库(博士)信息科技辑》 *
曹张华: "网络编码中的保密通信", 《中国博士学位论文全文数据库信息科技辑》 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112308093A (en) * 2020-11-24 2021-02-02 腾讯科技(深圳)有限公司 Air quality perception method based on image recognition, model training method and system
CN112308093B (en) * 2020-11-24 2023-05-30 腾讯科技(深圳)有限公司 Air quality perception method based on image recognition, model training method and system

Also Published As

Publication number Publication date
CN103680111B (en) 2017-01-25

Similar Documents

Publication Publication Date Title
CN110391911B (en) System and method for anonymously voting block chain
Zhang et al. Blockchain-based decentralized and secure keyless signature scheme for smart grid
CN110224993B (en) Responsibility pursuing anonymous electronic voting method and system based on block chain
AU2017395785B2 (en) Voting system and method
CN111914027B (en) Block chain transaction keyword searchable encryption method and system
CN113364600B (en) Certificateless public auditing method for integrity of cloud storage data
CN104811450B (en) The date storage method and integrity verification method of a kind of identity-based in cloud computing
CN108768992B (en) Block chain based information anonymous transmission method and device and readable storage medium
RU2652443C1 (en) Voters votes quantity collected by electronic voting determining system and method
CN106878318A (en) A kind of block chain real time polling cloud system
Azad et al. M2m-rep: Reputation system for machines in the internet of things
CN112600675B (en) Electronic voting method and device based on group signature, electronic equipment and storage medium
CN101908961B (en) Multi-party secret handshaking method in short key environment
CN112291062B (en) Voting method and device based on block chain
Li et al. User-defined privacy-preserving traffic monitoring against n-by-1 jamming attack
Li et al. A blockchain-based self-tallying voting scheme in decentralized IoT
Zhang et al. A choreographed distributed electronic voting scheme
Thapa et al. SPA: A secure and private auction framework for decentralized online social networks
Faour Transparent voting platform based on permissioned blockchain
CN114240332B (en) Aggregation signature method for electronic voting
CN116527279A (en) Verifiable federal learning device and method for secure data aggregation in industrial control network
KR101167647B1 (en) An Electron Vote Symtem
CN103680111A (en) Method and system capable of verifying intelligent sensing terminal data aggregation
KR100362603B1 (en) An Electronic Voting Method
CN112422294A (en) Anonymous voting method and device based on ring signature, electronic equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20170125