CN108881279B - Mobile health medical sensor data privacy protection method - Google Patents
Mobile health medical sensor data privacy protection method Download PDFInfo
- Publication number
- CN108881279B CN108881279B CN201810757163.2A CN201810757163A CN108881279B CN 108881279 B CN108881279 B CN 108881279B CN 201810757163 A CN201810757163 A CN 201810757163A CN 108881279 B CN108881279 B CN 108881279B
- Authority
- CN
- China
- Prior art keywords
- signature
- data center
- cloud data
- participant
- index
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0407—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
- H04L63/0414—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden during transmission, i.e. party's identity is protected against eavesdropping, e.g. by using temporary identifiers, but is known to the other party or parties involved in the communication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3297—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
Abstract
The invention relates to a mobile health medical data privacy protection method based on certificateless double-authentication protection aggregate signature. Based on the excellent performance of the certificateless double-authentication protection aggregated signature, the method provided by the invention not only avoids the problems of certificate management, key escrow and re-signature, but also improves the calculation efficiency of the mobile health medical data during the aggregated signature verification, realizes the privacy protection of the mobile health medical data, and can be safely used in open mobile health medical treatment.
Description
Technical Field
The invention belongs to the technical field of information security, and particularly relates to a mobile health medical sensor data privacy protection method based on certificateless double-authentication protection aggregate signature.
Background
In order to solve the problem of key escrow in the identity-based public key cryptosystem, in 2005, huangxin et al publicly proposed a certificateless signature scheme (CLS). Compared with identity-based signatures, CLS does not require certificate management and requires less load, and is therefore more suitable for mobile security application environments with low bandwidth requirements and low energy consumption. Therefore, the IBS can solve the binding problem of the public key and the entity and simplify the management problem of the certificate. Therefore, since the birth of a certificateless digital signature scheme, the method is always a very active research hotspot in cryptography.
In 2014, Poettering and stepila first proposed the concept of dual authentication guard signatures. In the internet of vehicles, the basic idea of the double authentication protection signature is as follows: the signer signs the collision message to generate two signatures, and then sends the two signatures to the verifier respectively; the signature verifier verifies the received signatures respectively. If the signature passes the verification, the verifier can trust that the vehicle user did indeed sign both collision messages and the verifier can extract the signature key from both signatures.
The cloud-based Internet of things health medical system is a health medical informatization ecosystem which takes a medical Internet of things as a core and has high information movement and high information sharing. Under the support of cloud service and the Internet of things, the medical file can be collected and shared throughout the life. The health files of the life of an individual are stored in a cloud network in detail, and doctors and parties can consult the health files in time through computers and mobile phones under the authorization permission. In addition, although the existing health medical data privacy protection method based on the CLS can effectively improve the calculation efficiency of message signature verification, the existing health medical data privacy protection method based on batch verification has the problem of emphasis on signature, and therefore, the existing health medical data privacy protection method based on batch verification cannot be well applied to health medical data privacy protection. Therefore, how to effectively combine the certificateless double-authentication protection aggregate signature with the healthy medical data, so that the medical data is deterred from being illegally tampered, and the authenticity and the credibility of the data are ensured, thereby having long-term research significance.
Disclosure of Invention
In order to solve the above problems in the prior art, the present invention provides a + subject name. The technical problem to be solved by the invention is realized by the following technical scheme: a mobile health medical sensor data privacy protection method based on certificateless double-authentication protection aggregation signature comprises the following steps:
step 1, initializing a system, and establishing a registration system by a management server MS; the parameters in the registration system are as follows: (1) selection of sMS∈Zq *And generates a public key PMSpub=sMSP;
(2) Disclosing system parameters (P, q, G, P)MSpub,h1,h2);
(3) Cloud data center random selection sCDC∈Zq *And generates QCDC=sCDCP, the main private key of the cloud data center is(QCDC,sCDC);
Wherein s isMSTwo secure hash functions h representing the system master private key1:{0,1}*×G→G;h2:{0,1}*×G→Zq *(ii) a P represents a generator of the multiplicative group G; zq *Represents an integer multiplicative group;
step 2, participant CiGenerating a partial key and accessing the cloud data center by the management server MS;
step 3, the participant CiReceiving a message Mi=(a,pi) Then, r is randomly selectedi∈Zq *And a time stamp tiSigning the sensor data, wherein tiIs a hold message Mi=(a,pi) System time of freshness;
step 4, the cloud data center is used for the participant CiVerifying the validity of the signed sensor data;
step 5, the cloud data center pairs the verified participant CiAggregating signatures of the sensor data;
step 6, the cloud data center verifies the aggregated signatures in batch;
step 7, participant CiAnd extracting a re-signing key.
Further, step 2.1, participant CiSelecting a random number si1∈Zq *And generates partial key Qi1=si1P;
Step 2.2, the management server MS generates part of private key pski1=sMSh1(Idi,Qi1);IdiRepresents participant CiThe identity of (a);
step 2.3, the management server MS selects the random number wi∈Zq *And generates
Qi2=h1(Idi,Qi1),pski2=sMSh1(Idi,Qi1),indexis=wiQi2,indexiv=wipski2;
Step 2.4, the management server MS stores the sequence code sni=(Idi,Qi1,Qi2,indexis,indexiv) The SN is sent through a safety channeli=indexivAnd indexisSent to identity IdiParticipant C ofi。
Further, step 3.1, the participant CiReceiving a message Mi=(a,pi) Then, r is randomly selectedi∈Zq *And generate Ri=riP;
Step 3.2, the participant CiRandomly selecting a timestamp tiAnd generating ki=h2(Idi||pi,Ri) And Si=pskIdi+akirimodq;
Step 3.3, the cloud data center passes through an encryption algorithm EncQCDC(SNi||ki||ti)=SN′iFor SNi||ki||tiCarrying out encryption;
step 3.4, the participant CiOutputting a message Mi=(a,pi) Signature (R) ofi,Si,Mi,SN′i) And uploading the message signature to a cloud data center, and issuing a sensing task by the cloud data center.
Further, step 4.1, the cloud data center receives a signature (R)i,Si,Mi,SN′i) Post-pass decryption algorithm SNi||ki||ti=DecsCDC(SN′i) Carrying out decryption;
step 4.2, the cloud data center verifies equation ki=h2(pi||ti,Ri) And SiP=indexivPMSpub+akiRiWhether the result is true or not; if the two equations hold at the same time, the signature is valid, otherwise the signature is rejected.
Further, for n participants C1,Λ,CnAnd its partial signature set (R)i,Si,Mi) When the time T is reached, the cloud data center generates
And
aggregating all received signatures, and outputting an aggregated signature σ ═ (R, S, index)v)。
Further, the cloud data center verifies the equation SP ═ indexvPMSpubAnd if the + R is established, accepting the aggregated signature, and if not, rejecting the aggregated signature.
Further, the specific steps of step 7 are: respectively given collision messages Mi1=(a,pi1) And Mi2=(a,pi2) Signature σ ofi1=(Ri,Si1,ki1,Mi1,SN′i1),σi2=(Ri,Si2,ki2,Mi2,SN′i2) Then respectively decrypting SN through decryption algorithmi1||ki1||ti=DecsCDC(SN′i1) And SNi2||ki2||ti=DecsCDC(SN′i2);
Finally calculating the signature key
Wherein R isi=riP,ki1=h2(pi1||ti,Ri),ki2=h2(pi2||ti,Ri),
Compared with the prior art, the invention has the beneficial effects that: the method provided by the invention is different from the common certificateless aggregated signature in that after the same signer signs twice, the signature private key can be obtained by utilizing an extraction algorithm, and the method benefits from the excellent performance of certificateless double-authentication protection aggregated signature
Drawings
Fig. 1 is a certificateless dual authentication protected aggregate signature flow diagram for implementing the present invention.
Fig. 2 is a flow diagram of a mobile health medical sensor data privacy protection construction method based on certificateless dual authentication protection aggregate signatures.
Detailed Description
The present invention will be described in further detail with reference to specific examples, but the embodiments of the present invention are not limited thereto.
In the description of the present invention, it is to be understood that the terms "central," "longitudinal," "lateral," "upper," "lower," "front," "rear," "left," "right," "vertical," "horizontal," "top," "bottom," "inner," "outer," and the like are used in the orientation or positional relationship indicated in the drawings, which are merely for convenience in describing the invention and to simplify the description, and are not intended to indicate or imply that the referenced device or element must have a particular orientation, be constructed and operated in a particular orientation, and are therefore not to be construed as limiting the invention.
Furthermore, the terms "first," "second," "third," and the like are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implicit to a number of indicated technical features. Thus, a feature defined as "first," "second," etc. may explicitly or implicitly include one or more of that feature. In the description of the invention, the meaning of "a plurality" is two or more unless otherwise specified.
The terms "mounted," "connected," and "coupled" are to be construed broadly and may, for example, be fixedly coupled, detachably coupled, or integrally coupled; can be mechanically or electrically connected; they may be connected directly or indirectly through intervening media, or they may be interconnected between two elements. The specific meaning of the above terms in the creation of the present invention can be understood by those of ordinary skill in the art through specific situations.
As shown in fig. 1, the method for constructing a certificateless dual authentication protection aggregate signature based on a mobile health medical sensor according to the method for constructing a certificateless dual authentication protection aggregate signature of the present invention comprises the following specific steps:
1. and (3) a parameter generation algorithm: given a security parameter k, the Key Generation Center (KGC) selects two large prime numbers p, q and an elliptic curve E: y2=x3+ ax + bmod, where a, b ∈ Fp,FpIs a finite field.
KGC random selection number alpha epsilon Zq *P ∈ G and calculate the master public key Ppubα P, where α is the master private key known only by KGC. P denotes a generator of the multiplicative group G.
KGC selects two secure hash functions h1:{0,1}*×G→G;h2:{0,1}*×G→Zq *,Zq *Representing an integer multiplicative group. System public key: (P, P, q, E, G, Ppub,h1,h2)。
2. And (3) a private key analysis algorithm:
signer CiRandom selection of si1Calculating partial master public key Qi1=si1P。CiAsking about the personal identity IdiPart of the private key of (1).
KGC calculates pskIdi=αh1(Idi,Qi1) And by securityChannel distribution part private key pskIdiTo signer CiAnd discloses part of the master public key Qi1。
3. Signature algorithm: signer CiReceiving message Mi=(a,pi) Thereafter, the signature part private key psk is usedIdiThe signature is performed as follows:
(1) signer CiRandom selection of ri∈Zq *Calculating Ri=riP。
(2) Signer CiCalculating ki=h2(Idi||pi,Ri) And Si=pskIdi+akirimodq。
(3) Signer CiOutputting a message MiSignature σ ofi=(ki,Ri,Si)。
4. And (3) verification algorithm: verification of equation ki=h2(Idi||pi,Ri) And SiP=Ppubh1(Idi,Qi1)+akiRiAnd if the two are true, the signature is valid, otherwise, the signature is rejected.
5. And (3) an aggregation algorithm: to obtain information about all messages MiSignature σ ofiThe aggregator calculates as follows:
6. Batch verification algorithm: order to
Given n signers C1,...,CnGenerated group signature σ1=(R1,S1),,...,σi=(Rn,Sn) Check whether the following equation holds: SP ═ PpubAnd H + R, if yes, accepting the signature, otherwise, rejecting the signature.
7. Re-signed signature passwordAnd (3) key extraction algorithm: respectively given collision messages Mi1=(a,pi1) And Mi2=(a,pi2) Signature σ ofi1=(Ki1,Ri,Si1),,σi2=(Ki2,Ri,Si2),
Computing a signature private key
Wherein R isi=riP,Ki1=h2(Idi||pi1,Ri),Ki2=h2(Idi||pi1,Ri),
According to the method for constructing the certificateless double-authentication protection aggregation signature, the method for constructing the certificateless double-authentication protection aggregation signature is suitable for the mobile health medical sensor, and the protocol can be divided into an initialization stage, a registration stage, a message signature stage, a verification stage, an aggregation stage, a batch verification stage and a signature key extraction stage through re-signature.
As shown in fig. 2, the embodiment provides a mobile health medical sensor data privacy protection method based on certificateless dual authentication protection aggregation signature, which includes the following steps:
step 1, initializing a system, and establishing a registration system by a management server MS; the parameters in the registration system are as follows: (1) selection of sMS∈Zq *And generates a public key PMSpub=sMSP;
(2) Disclosing system parameters (P, q, G, P)MSpub,h1,h2);
(3) Cloud data center random selection sCDC∈Zq *And generates QCDC=sCDCP, the main private key of the cloud data center is (Q)CDC,sCDC);
Wherein s isMSSystem of representationsOwner's private key, two secure hash functions h1:{0,1}*×G→G;h2:{0,1}*×G→Zq *(ii) a P represents a generator of the multiplicative group G; zq *Represents an integer multiplicative group;
step 2, registration phase, participant CiGenerating a part of keys and accessing the cloud data center by the management server MS;
step 2.1, participant CiSelecting a random number si1∈Zq *And generates partial key Qi1=si1P;
Step 2.2, the management server MS generates part of private key pski1=sMSh1(Idi,Qi1);IdiRepresents participant CiThe identity of (a);
step 2.3, the management server MS selects the random number wi∈Zq *And generates
Qi2=h1(Idi,Qi1),pski2=sMSh1(Idi,Qi1),indexis=wiQi2,indexiv=wipski2;
Step 2.4, the management server MS stores the sequence code sni=(Idi,Qi1,Qi2,indexis,indexiv) The SN is sent through a safety channeli=indexivAnd indexisSent to identity IdiParticipant C ofi。
Step 3, message signing phase, participant CiReceiving a message Mi=(a,pi) Then, r is randomly selectedi∈Zq *And a time stamp tiSigning the sensor data, wherein tiIs a hold message Mi=(a,pi) System time of freshness;
step 3.1, participant CiReceiving a message Mi=(a,pi) Then, r is randomly selectedi∈Zq *And generate Ri=riP;
Step 3.2, participant CiRandomly selecting a timestamp tiAnd generating ki=h2(Idi||pi,Ri) And Si=pskIdi+akirimodq;
Step 3.3, the cloud data center passes through an encryption algorithm EncQCDC(SNi||ki||ti)=SNi' Pair SNi||ki||tiCarrying out encryption;
step 3.4, participant CiOutputting a message Mi=(a,pi) Signature (R) ofi,Si,Mi,SN′i) And uploading the message signature to a cloud data center, and issuing a sensing task by the cloud data center.
Step 4, in the verification stage, the cloud data center is used for the participant CiVerifying the validity of the signed sensor data;
step 4.1, the cloud data center receives the signature (R)i,Si,Mi,SN′i) Post-pass decryption algorithm SNi||ki||ti=DecsCDC(SN′i) Carrying out decryption;
step 4.2, the cloud data center verifies equation ki=h2(pi||ti,Ri) And SiP=indexivPMSpub+akiRiWhether the result is true or not; if the two equations hold at the same time, the signature is valid, otherwise the signature is rejected.
Step 5, aggregation stage, wherein the cloud data center pairs the verified participants CiAggregating signatures of the sensor data;
the specific steps of the step 5 are as follows: for n participants C1,Λ,CnAnd its partial signature set (R)i,Si,Mi) When the time T is reached, the cloud data center generates
And
aggregating all received signatures, and outputting an aggregated signature σ ═ (R, S, index)v)。
Step 6, in a batch verification stage, the cloud data center performs batch verification on the aggregated signature; cloud data center verification equation SP ═ indexvPMSpubAnd if the + R is established, the aggregated signature is accepted, otherwise, the aggregated signature is rejected.
Step 7, during the stage of re-signing and extracting the signature key, participant CiAnd extracting a re-signing key.
Respectively given collision messages Mi1=(a,pi1) And Mi2=(a,pi2) Signature σ ofi1=(Ri,Si1,ki1,Mi1,SN′i1),σi2=(Ri,Si2,ki2,Mi2,SN′i2) Then respectively decrypting SN through decryption algorithmi1||ki1||ti=DecsCDC(SN′i1) And SNi2||ki2||ti=DecsCDC(SN′i2);
Finally calculating the signature key
Wherein R isi=riP,ki1=h2(pi1||ti,Ri),ki2=h2(pi2||ti,Ri),
The foregoing is a more detailed description of the invention in connection with specific preferred embodiments and it is not intended that the invention be limited to these specific details. For those skilled in the art to which the invention pertains, several simple deductions or substitutions can be made without departing from the spirit of the invention, and all shall be considered as belonging to the protection scope of the invention.
Claims (6)
1. A mobile health medical sensor data privacy protection method is characterized by comprising the following steps: the method comprises the following steps:
step 1, initializing a system, and establishing a registration system by a management server MS; the parameters in the registration system are as follows: (1) selection of sMS∈Zq *And generates a public key PMSpub=sMSP;
(2) Disclosing system parameters (P, q, G, P)MSpub,h1,h2);
(3) Cloud data center random selection sCDC∈Zq *And generates QCDC=sCDCP, the main private key of the cloud data center is (Q)CDC,sCDC);
Wherein s isMSTwo secure hash functions h representing the system master private key1:{0,1}*×G→G;h2:{0,1}*×G→Zq *(ii) a P represents a generator of the multiplicative group G; zq *Represents an integer multiplicative group;
step 2, participant CiGenerating a partial key and accessing the cloud data center by the management server MS;
step 3, the participant CiReceiving a message Mi=(a,pi) Then, r is randomly selectedi∈Zq *And a time stamp tiSigning the sensor data, wherein tiIs a hold message Mi=(a,pi) System time of freshness;
step 4, the cloud data center is used for the participant CiVerifying the validity of the signed sensor data;
step 5, the cloud data center pairs the verified participant CiAggregating signatures of the sensor data;
step 6, the cloud data center verifies the aggregated signatures in batch;
step 7, addingAnd CiExtracting a re-signed signature key;
the specific steps of the step 7 are as follows: firstly, collision messages M are respectively specifiedi1=(a,pi1) And Mi2=(a,pi2) Signature σ ofi1=(Ri,Si1,ki1,Mi1,SN′i1),σi2=(Ri,Si2,ki2,Mi2,SN′i2) Then respectively decrypted by a decryption algorithm
And
finally calculating the signature key
Wherein R isi=riP,ki1=h2(pi1||ti,Ri),ki2=h2(pi2||ti,Ri),
2. The method of claim 1, wherein: the specific steps of the step 2 are as follows: step 2.1, participant CiSelecting a random number si1∈Zq *And generates partial key Qi1=si1P;
Step 2.2, the management server MS generates part of private key pski1=sMSh1(Idi,Qi1);IdiRepresents participant CiThe identity of (a);
step 2.3, the management server MS selects the random number wi∈Zq *And generates
Qi2=h1(Idi,Qi1),pski2=sMSh1(Idi,Qi1),indexis=wiQi2,indexiv=wipski2;
Step 2.4, the management server MS stores the sequence code sni=(Idi,Qi1,Qi2,indexis,indexiv) The SN is sent through a safety channeli=indexivAnd indexisSent to identity IdiParticipant C ofi。
3. The method of claim 2, wherein: the specific steps of the step 3 are as follows: step 3.1, the participant CiReceiving a message Mi=(a,pi) Then, r is randomly selectedi∈Zq *And generate Ri=riP;
Step 3.2, the participant CiRandomly selecting a timestamp tiAnd generating ki=h2(Idi||pi,Ri) And
step 3.3, the cloud data center passes through an encryption algorithm
For SNi||ki||tiCarrying out encryption;
step 3.4, the participant CiOutputting a message Mi=(a,pi) Signature (R) ofi,Si,Mi,SN′i) And uploading the message signature to a cloud data center, and issuing a sensing task by the cloud data center.
4. The method of claim 3, wherein: the specific steps of the step 4 are as follows: step 4.1, the cloud data center receives the signature(Ri,Si,Mi,SN′i) Post-pass decryption algorithm
Carrying out decryption;
step 4.2, the cloud data center verifies equation ki=h2(pi||ti,Ri) And SiP=indexivPMSpub+akiRiWhether the result is true or not; if the two equations hold at the same time, the signature is valid, otherwise the signature is rejected.
5. The method of claim 4, wherein: the specific steps of the step 5 are as follows: for n participants C1,Λ,CnAnd its partial signature set (R)i,Si,Mi) When the time T is reached, the cloud data center generates
And
aggregating all received signatures, and outputting an aggregated signature σ ═ (R, S, index)v)。
6. The method of claim 5, wherein: the specific steps of the step 6 are as follows: the cloud data center verification equation SP is indexvPMSpubAnd if the + R is established, accepting the aggregated signature, and if not, rejecting the aggregated signature.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810757163.2A CN108881279B (en) | 2018-07-11 | 2018-07-11 | Mobile health medical sensor data privacy protection method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810757163.2A CN108881279B (en) | 2018-07-11 | 2018-07-11 | Mobile health medical sensor data privacy protection method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108881279A CN108881279A (en) | 2018-11-23 |
| CN108881279B true CN108881279B (en) | 2020-11-10 |
Family
ID=64300870
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810757163.2A Active CN108881279B (en) | 2018-07-11 | 2018-07-11 | Mobile health medical sensor data privacy protection method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108881279B (en) |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109510712B (en) * | 2019-01-10 | 2021-10-15 | 济南大学 | Remote medical data privacy protection method, system and terminal |
| CN109743706B (en) * | 2019-02-21 | 2021-10-08 | 暨南大学 | Data aggregation method with validity verification function in Internet of things environment |
| CN110149214B (en) * | 2019-06-06 | 2021-09-14 | 中国铁道科学研究院集团有限公司 | LTE-R network group authentication key negotiation method without certificate aggregation signature |
| CN110995443B (en) * | 2019-12-02 | 2022-03-25 | 联想(北京)有限公司 | Data processing method and device |
| CN112636915B (en) * | 2020-11-27 | 2024-03-22 | 杭州趣链科技有限公司 | Batch signature verification method, device, equipment and medium based on SM2 cryptographic algorithm |
| CN116743431B (en) * | 2023-05-10 | 2024-02-02 | 重庆大学 | Certificate-free aggregation signature data security protection method and system based on pairing-free |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106131059A (en) * | 2016-08-23 | 2016-11-16 | 河海大学 | A kind of network condition method for secret protection and system based on the car without certificate aggregate signature |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10498537B2 (en) * | 2016-08-01 | 2019-12-03 | Institute For Development And Research In Banking Technology (Drbt) | System and method for providing secure collaborative software as a service (SaaS) attestation service for authentication in cloud computing |
-
2018
- 2018-07-11 CN CN201810757163.2A patent/CN108881279B/en active Active
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106131059A (en) * | 2016-08-23 | 2016-11-16 | 河海大学 | A kind of network condition method for secret protection and system based on the car without certificate aggregate signature |
Non-Patent Citations (3)
| Title |
|---|
| Deterring Certificate Subversion: Efficient Double-Authentication-Preventing Signatures;Bellare.Mihir;《Iacr International Workshop on Public Key Cryptography 2017》;20171231;全文 * |
| Double-authentication-preventing signatures;Bertram Poettering;《Springer》;20151215;全文 * |
| 移动网络接入认证的隐私保护研究;刘贺;《中国博士学位论文全文数据库》;20141215(第12期);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108881279A (en) | 2018-11-23 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108881279B (en) | Mobile health medical sensor data privacy protection method | |
| WO2021042685A1 (en) | Transaction method, device, and system employing blockchain | |
| CN107483212B (en) | Method for generating digital signature by cooperation of two parties | |
| CN108683493B (en) | Data aggregation method for providing privacy protection in smart power grid | |
| CN107733648B (en) | Identity-based RSA digital signature generation method and system | |
| KR101425552B1 (en) | Group signature system and schemes with controllable linkability | |
| CN104767612B (en) | It is a kind of from the label decryption method without certificate environment to PKIX environment | |
| CN102387019B (en) | Certificateless partially blind signature method | |
| CN107124268A (en) | A kind of privacy set common factor computational methods for resisting malicious attack | |
| CN107947913A (en) | The anonymous authentication method and system of a kind of identity-based | |
| CN110120939B (en) | Encryption method and system capable of repudiation authentication based on heterogeneous system | |
| CN107707358A (en) | A kind of EC KCDSA digital signature generation method and system | |
| CN109660338B (en) | Anti-quantum computation digital signature method and system based on symmetric key pool | |
| CN111010272B (en) | Identification private key generation and digital signature method, system and device | |
| CN102546173B (en) | Digital signature system and signature method based on certificate | |
| CN104767611B (en) | It is a kind of from PKIX environment to the label decryption method without certificate environment | |
| EP2792098B1 (en) | Group encryption methods and devices | |
| CN108551435B (en) | Verifiable encryption group signature method with anonymity | |
| JP6043804B2 (en) | Combined digital certificate | |
| CN109936456B (en) | Anti-quantum computation digital signature method and system based on private key pool | |
| JP2002534701A (en) | Auto-recoverable, auto-encryptable cryptosystem using escrowed signature-only keys | |
| CN104821880A (en) | Certificate-free generalized proxy signcryption method | |
| CN108494559B (en) | Electronic contract signing method based on semi-trusted third party | |
| CN111030821A (en) | Alliance chain encryption method based on bilinear mapping technology | |
| CN112417489B (en) | Digital signature generation method and device and server |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |