CN110011791A - Electronics authority secure flows shifting method and system, electronics voucher system based on D2D - Google Patents

Electronics authority secure flows shifting method and system, electronics voucher system based on D2D Download PDF

Info

Publication number
CN110011791A
CN110011791A CN201910123597.1A CN201910123597A CN110011791A CN 110011791 A CN110011791 A CN 110011791A CN 201910123597 A CN201910123597 A CN 201910123597A CN 110011791 A CN110011791 A CN 110011791A
Authority
CN
China
Prior art keywords
authority
data packet
random
certificate
electronics
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201910123597.1A
Other languages
Chinese (zh)
Other versions
CN110011791B (en
Inventor
曹进
刘祥
李辉
朱辉
赵兴文
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xidian University
Original Assignee
Xidian University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xidian University filed Critical Xidian University
Priority to CN201910123597.1A priority Critical patent/CN110011791B/en
Publication of CN110011791A publication Critical patent/CN110011791A/en
Application granted granted Critical
Publication of CN110011791B publication Critical patent/CN110011791B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/70Services for machine-to-machine communication [M2M] or machine type communication [MTC]

Abstract

The invention belongs to D2D fields of communication technology, disclose a kind of electronics authority secure flows shifting method and system, electronics voucher system based on D2D, 1 (UE of user equipment1) connect with electronics ticket service device (SERVER) by communication network, 1 (UE of user equipment1) and 2 (UE of user equipment2) connected by D2D channel.Electronics ticket service device is provided with certificate authority module (CA), authentication module (AS), data memory module (DB), and user equipment is provided with log-in module, data transmission module, D2D module.Same user possesses 1 or more equipment in the present invention, and wherein has 1 equipment (UE1) complete and the certification of electronics ticket service device and data transmission.Other equipment without again with electronics ticket service device establish be connected to the network, by with UE1D2D channel is established, the transfer of bill state is completed.Structure of the invention is reasonable, can save the communication resource of electronics ticket service device, simplifies user's operation, shortens authority and shifts elapsed time.

Description

Electronics authority secure flows shifting method and system, electronics voucher system based on D2D
Technical field
The invention belongs to D2D field of communication technology more particularly to a kind of electronics authority secure flows shifting method based on D2D and System, electronics voucher system.
Background technique
Currently, the prior art commonly used in the trade is such that user using an equipment successful log and downloads mutually powered-down After sub- authority information, if buying a new equipment again, the synchronous authority data on new equipment are want, then needing in the new equipment first line of a couplet Net and server communication, repeat log in-verification process after from server end download electronics authority information.With bill system System goes the propulsion of paper, electronicalization process, and the user using electronics voucher system is more and more.Electronics voucher system server needs It handles and largely logs in and data transfer request, a large amount of request brings huge processing pressure to server, for service Device reduces communication overhead, saves communication band resource, simplifies the transfer process of electronics authority data between user equipment, designs one kind The bill transfer scheme of electronics voucher system is extremely urgent needs.
As billing system goes the propulsion of paper, electronicalization process, the user using electronics voucher system is more and more.It is existing There is electronic billing system such as wechat electronic invoice, if user has purchased new mobile device and it is desirable that by the electronic invoice of used equipment It is synchronized on new equipment, it is necessary to-verification process is once logged on new equipment, ticket of the new equipment from wechat after logging in successfully Bill is downloaded on new equipment according to server, will lead in this way electronics voucher system server need handle largely log in And data transfer request, a large amount of log on request brings immense pressure to server, and electronics voucher system requires system tool There is the features such as high-throughput, high concurrent, rapid response, circulates for the safety of electronics authority, new used equipment is closer, and all Possessed by same subscriber, it is not necessary that repeat and once log in-verification process, this programme logs in-verification process for new equipment Simplified, alleviate the pressure of server, user is made not need to log in 2 synchronizations that new used equipment bill can be completed.
In conclusion problem of the existing technology is: electronics voucher system server need handle largely log in And data transfer request, a large amount of log on request bring immense pressure to server;Safety circulation for electronics authority, newly Used equipment is closer, and is all possessed by same subscriber, it is not necessary that is repeated and is once logged in-verification process.
Solve the difficulty of above-mentioned technical problem:
The difficulty to solve the above problems is, it is ensured that the safety of new used equipment D2D channel and reliability and Channel establish after how by the authority data of used equipment it is appropriate be transmitted to new equipment up.
Solve the meaning of above-mentioned technical problem:
After solving the above problems, the service pressure of electronics ticket service device can be mitigated, save server process resource, letter Change user's operation, accelerate the safe rate flow of electronics authority.
Summary of the invention
In view of the problems of the existing technology, the present invention provides a kind of electronics authority secure flows shifting method based on D2D And system, electronics voucher system.
The invention is realized in this way a kind of electronics authority secure flows shifting method based on D2D, the electricity based on D2D Sub- authority secure flows shifting method includes:
User equipment is connect with electronics ticket service device by communication network, is connected between user equipment by D2D channel, After completion is mutually authenticated, user equipment is real-time or UE is acquired periodically1Existing and bill state from now on;Electronics ticket service Device includes but is not limited to certificate authority module, authentication module, data memory module, and user equipment is provided with log-in module, data Built-in CA is issued when transmission module, D2D module and the factory of each user equipment device certificate and device private, electronics with According to the certificate of server.
Further, the electronics authority secure flows shifting method based on D2D includes:
(1) user equipment 1 establishes secure connection by communication network with electronics ticket service device, after secure connection foundation User logs in, and electronics ticket service device sends a user to user equipment 1 and logs in successful voucher simultaneously after logging in successfully The transmission of electronics authority data is carried out with user equipment 1;User equipment 1 and electronics ticket service device pass through communication network successfully Establish after secure connection and successful log complete electronics authority data transmission be the bill transfer scheme based on D2D technology must Want condition;
(2) in user equipment 1UE1After completing landfall process, user buys a new equipment user equipment 2UE at this time2, use Want not needing that the electronics authority data safety in user equipment 1 is transferred to user in the case that networking logs in equipment 2 in family In equipment 2;UE1Broadcast data packet includes UE in data packet1Certificate Cert1, data packet broadcast when time stampRandom number random1And UE1It is rightAnd random1SignatureUE2Broadcast packet is received, first verifies that Cert1's Legitimacy;Then it checksrandom1After sign testIt is whether consistent;Pass through UE after verifying2To UE1Hair Response bag is sent, includes UE in data packet2Certificate Cert2、UE1Certificate Cert1, data packet generate when time stampAt random Number random2、UE2To random1SignatureAnd UE2To Cert1And random2SignatureUE1After receiving response, Cert is first verified that2Legitimacy, the Cert that will be received1With set Whether standby certificate itself does comparison check consistent;
Then Cert is checked1,random2After sign testIt is whether consistent;By testing UE after card1D2D request data package is sent to electronics ticket service device SERVER, includes Cert in data packet1、Cert2、UE1It is right random1SignatureFrom UE2Obtained in the response of returnTime stamp when data packet generatesRandom number random3;After SERVER receives D2D request, first by Cert1、Cert2It is backed up with certificate authority module Certificate whether consistent be compared, then verifySignature;By after verifying to UE1 Send a reply data packet, time stamp when generating in data packet comprising data packetRandom number random4, SERVER pairsSignatureUE1After the information for receiving SERVER transmission, random number a meter is selected Calculate ga, to UE2Sending data packet includes:random4garandom5And the data packet uses UE2Public key encryption transmitted;UE2It is used certainly after receiving data packet Oneself private key verifies SERVER and UE after being decrypted1Signature, by verifying after obtain ga;UE2Random number b is selected, is calculated gbBackward UE1Sending data packet includes: gb, data packet generate when time stampRandom number random6、UE2It is rightSignatureAnd the data packet uses UE1Public key carry out encrypted transmission;UE1 It receives and verifies UE after being decrypted after data packet using the private key of oneself2Signature, by verifying after obtain gb;K=(ga)bModp=(gb)aModp is UE1With UE2Communication key, UE2Completion and UE1Channel establish after, user is in new equipment UE2 The Taxpayer Identification Number taxpayer_ID, UE of upper input oneself2The identifier is sent to UE by established D2D channel1; UE1Receive UE2After the Taxpayer Identification Number taxpayer_ID of transmission, with UE1Taxpayer Identification Number in the authority being locally stored It is compared, generates an authority list ticket_list using the matched authority of Taxpayer Identification Number and return to UE2, authority Each data item of list includes but is not limited to that the authority side of issuing title, authority recipient title and authority issue the time; UE2Receive UE1After the authority list of return, user is according to the side's of making out an invoice title and receives ticket side's title and invoicing time selection need It is synchronized to new equipment UE2Authority data, then UE2To UE1Send authority list tickets_list_ to be synchronized selectet;UE1After receiving authority list tickets_list_selectet to be synchronized, by authority number needed for list According to being sent to UE2
UE2The authority data received are stored in local, then to UE1Return to unique knowledge of all authoritys stored Alias ticket_IDnAnd the signature to all authority unique identifiersUE1It is informed to SERVER all UE2The authority unique identifier and UE synchronized2To the signature of authority unique identifier;SERVER receives data packet posteriority Demonstrate,prove UE2Signature, be verified and UE be written in the database2Device data and the equipment in the bank slip recognition number that has synchronized, Then to UE1Return synchronously completes response, UE1Receive disconnection and UE after synchronously completing response2D2D connection, authority circulated At.
Further, the electronics authority secure flows shifting method based on D2D specifically includes:
The first step, UE1Broadcast:
User is intended to by UE1To UE2Shift authority status information, UE1D2D connecting channel is established in broadcast data packet, request, number According in packet include UE1Certificate Cert1, system timestampRandom number random1And UE1To system timestamp and at random Several signatures
Second step, UE2→UE1:
UE2After receiving broadcast data packet, using the certificate of SERVER built-in when factory come in verify data packet UE1The legitimacy of certificate, in the acknowledged UE of user1Information after, utilize obtained UE1Certification authentication UE1It is rightWith random1SignatureThen the review time stabsWhether within the period of permission, random number random1 Whether occurred within the period of permission, if UE1Certificate is illegal, signature verification does not pass through,Have exceeded the time of permission Section, random1Occurred meeting the first packet discard of above-mentioned any condition within the period of permission and to UE1Transmission is refused Exhausted communication data packet simultaneously disconnects, otherwise UE2To UE1Reply data packet is sent, data packet includes: UE2Certificate Cert2、UE2 To random1SignatureCert1, system timestampRandom number random2And UE2To UE1Card The signature of book, system timestamp and random number
Third step, UE1→ SERVER:
UE1Receive UE2The response bag of return, using the certificate of SERVER built-in when factory come verify data packet Middle UE2The legitimacy of certificate, in the acknowledged UE of user2Information after, utilize obtained UE2Certification authentication UE2To Cert1 And random2SignatureThen the UE in received data packet is compared1It is stored in certificate and equipment Whether certificate is consistent, review time stampWhether within the period of permission, random number random2Whether permission period Inside occurred, if UE2Certificate is illegal, signature verification does not pass through, UE1Certificate compare it is inconsistent,Have exceeded the time of permission Section, random2Occurred meeting the first packet discard of above-mentioned any condition within the period of permission and to UE2Transmission is refused Exhausted communication data packet simultaneously disconnects, otherwise UE1D2D parameter request data packet is sent to SERVER, data packet includes: Cert1、 Cert2、UE1To random1SignatureBy UE2What response bag obtainedSystem timestampRandom number random3
4th step, SERVER → UE1:
SERVER receives UE1After the D2D parameter request data packet of transmission, the Cert in received data packet is compared1、Cert2 It is whether consistent with the certificate back-up that is stored in certificate repository, then verifyWithSign test the result is that It is no consistent, review time stampWhether within the period of permission, random number random3Whether occur within the period of permission It crosses, if the backup in certificate and certificate repository is inconsistent, sign test result is not identical,Have exceeded period, the random of permission3? Occurred meeting the first packet discard of above-mentioned any condition in the period of permission and to UE1Send refusal communication data packet And disconnect, otherwise SERVER is to UE1D2D parameter reply data packet is sent, data packet includes: the timestamp of systemWith Machine number random4And SERVER is to the signature of system timestamp, random number
5th step, UE1→UE2:
UE1The review time stabs after receiving the D2D parameter response bag of SERVER returnWhether allowing in the period, with Machine number random4Whether allowing to occur in the period, ifHaving exceeded allows period or random number random4Permitting Perhaps occurred then packet discard in the period and requested to retransmit D2D parameter to SERVER, otherwise UE1Select a random number A calculates ga, UE1To UE2D2D parameter notification data packet is sent, data packet includes:random4ga, system timestampRandom number random5And UE1To ga, system timestamp and with The signature of machine numberThe data packet uses UE2Public key PK2Encryption is sent;
6th step, UE2→UE1:
UE2UE is used first after receiving D2D parameter notice packet2Then packet decryption is utilized factory by the private key of itself When built-in SERVER certificate come in verify data packetLegitimacy, using in II Obtained UE1Certification authenticationLegitimacy, last review time stampWhether allowing In period, random number random4、random5Whether allow the period in occurred, if data packet can not decrypt,Signature verification failure,Signature verification failure,OrExceed and has permitted Perhaps period, random4Or random5Allowing to occur meeting the first packet discard of above-mentioned any condition in the period And to UE1It sends refusal communication data packet and disconnects, otherwise UE2A random number b is selected, g is calculatedb(ga)bMod p, UE2To UE1D2D parameter reply data packet is sent, data packet includes: gb, system timestampRandom number random6And UE2To gb, the timestamp of system and the signature of random numberThe data packet uses UE1Public key PK1Add Close transmission;
7th step, UE1→UE2: { START }K
UE1Receive UE2After the D2D parameter reply data packet of transmission, UE is used first1The private key of itself is by data packet solution It is close, then utilize UE obtained in III2Certification authenticationLegitimacy, last review time stamp Whether allowing in the period, random number random6Whether allow the period in occurred, if data packet can not decrypt,Signature verification failure,Having exceeded allows period, random6Allowing to occur in the period Cross the first packet discard for meeting above-mentioned any condition and to UE2It sends refusal communication data packet and disconnects, otherwise UE1 Calculate (gb)aMod p, UE1To UE2Examination communication data packet is sent, data packet includes that communication starts field START, the data packet Use the symmetric cryptographic key K=(g for having negotiated to finishb)aMod p=(ga)bMod p is encrypted;
8th step, UE2→UE1: { ACK }K
UE2Receive UE1It is decrypted after the examination communication data packet of transmission using consensus symmetric cryptographic key K, if It can not decrypt then to UE1It sends refusal communication data packet and disconnects, otherwise UE2To UE1Transmission pings letter reply data packet, number It include acknowledgement field ACK according to packet, which uses the symmetric cryptographic key K=(g for having negotiated to finishb)aMod p=(ga)b Mod p is encrypted;
9th step, UE2→UE1: { taxpayer_ID }
UE2Completion and UE1Channel establish after, user is in new equipment UE2The Taxpayer Identification Number of upper input oneself Taxpayer_ID, UE2The identifier is sent to UE by established D2D channel1
Tenth step, UE1→UE2: { tickets_list }
UE1Receive UE2After the Taxpayer Identification Number taxpayer_ID of transmission, with UE1It pays taxes in the authority being locally stored People's identifier is compared, and generates an authority list ticket_list using the matched authority of Taxpayer Identification Number and returns to UE2, each data item of authority list includes that the authority side of issuing title, authority recipient title and authority issue the time;
11st step, UE2→UE1: { tickets_list_selected }
UE2Receive UE1After the authority list of return, user is according to the side's of making out an invoice title and when receiving ticket side's title and making out an invoice Between selection need to be synchronized to new equipment UE2Authority data, then UE2To UE1Send authority list tickets_ to be synchronized list_selectet;
12nd step, UE1→UE2: { tickets_data }
UE1After receiving authority list tickets_list_selectet to be synchronized, by authority data needed for list It is sent to UE2
13rd step, UE1→UE2:
UE2The authority data received are stored in local, then to UE1Return to unique knowledge of all authoritys stored Alias ticket_IDnAnd the signature to all authority unique identifiers
14th step, UE1→ SERVER:
UE1All UE are informed to SERVER2The authority unique identifier and UE synchronized2To authority unique identifier Signature;
15th step, SERVER → UE1: { synchron_complete }
SERVER verifies UE after receiving data packet2Signature, be verified and UE be written in the database2Device data And the bank slip recognition number synchronized in the equipment, then to UE1Return synchronously completes response, UE1It receives and synchronously completes response Disconnection and UE afterwards2D2D connection, authority circulation complete.
Another object of the present invention is to provide a kind of bases of the electronics authority secure flows shifting method described in realize based on D2D In the safe flow system of electronics authority of D2D, the safe flow system of electronics authority based on D2D includes: electronics authority clothes Business device, user equipment 1, user equipment 2;
User equipment 1 is connect with electronics ticket service device by communication network, and user equipment 1 and user equipment 2 pass through D2D Channel connection;
Electronics ticket service device includes certificate authority module, authentication module, data memory module, and user equipment, which is provided with, to be stepped on The device certificate and equipment that built-in CA is issued when land module, data transmission module, D2D module and each user equipment factory The certificate of private key, electronics ticket service device.
5, the safe flow system of electronics authority based on D2D as claimed in claim 4, which is characterized in that the electronics Ticket service device electronics ticket service device is connect with user equipment by communication network;Certificate authority module is responsible for legitimate user Data needed for issuing certification, including sign containing electronics ticket service device trusted certificates, store the card of certificate user Book copy provides related credentials data required when authentication module progress verification process;Authentication module is responsible for handling what user handed over Log on request is completed Sign-On authentication to the necessary certification authentication data of certificate authority module request, after user logs in successfully and is counted According to memory module interaction, the bill data of user is sent to user equipment;Data memory module is responsible for storing the bill of user Corresponding bill data is sent to log-in module after the bill data request for receiving log-in module by data.
Further, the user equipment includes log-in module, data transmission module, D2D module, and each user equipment When factory all it is built-in include: the device certificate that CA is issued and device private, electronics ticket service device certificate and electronics authority Hash algorithm used by system, symmetrical enciphering and deciphering algorithm, asymmetric enciphering and deciphering algorithm and Jie's p-1 multiplicative group Zp *G, p two Parameter;P is prime number, and g is to generate member;
Log-in module is responsible for receiving Client-initiated log on request, passes through communication network interaction with electronics ticket service device; Data transmission module be responsible for store electronics ticket service device send bill data, in D2D module request bill data by institute Data are needed to be sent to D2D module;D2D module is responsible for safe in the certification of new and old equipment room completion equipment, the foundation of same user D2D channel, the safety circulation for completing authority.
Another object of the present invention is to provide a kind of electricity of the electronics authority secure flows shifting method described in application based on D2D Sub- certificate system.
Another object of the present invention is to provide a kind of information data processing terminals equipped with the electronic certificate system.
In conclusion advantages of the present invention and good effect are as follows:, D2D communication is as emerging communication mode in communication network Very important effect is played in network and wireless system.D2D communication allows adjacent equipment to carry out under the control of control node Direct communication, with the help of the D2D communication technology, the new and old equipment room electronics authority circulation of user can be in the control of server Lower directly to be transmitted, new equipment is when receiving the bill of transfer, it may not be necessary to connect server, save compared with original technology The communication link between new equipment and electronics ticket service device has been removed, the communication overhead of electronics ticket service device is reduced, has been saved The operation that user logs in again shortens authority transfer elapsed time.
After the present invention 1. users of satisfaction log on used equipment, do not need to carry out another secondary logon operation on new equipment. 2. new equipment can directly carry out data transmission with used equipment, do not need to establish communication channel respectively with electronics ticket service device. 3. there is good safety, the communication link of new and old equipment room should ensure that enough safeties, can resist known major part Attack means.Symmetric key cryptography system in cryptography, asymmetry sampling, information signature, information authentication is employed herein Algorithm, Diffie-Hellman Diffie-Hellman, which are all generally acknowledged, has high safety.D2D communication equipment is general in this patent It is closer, in the horizon range that a people can control, increases eavesdropping, distort, intercept difficulty, strengthen the present invention and working as The safety of lower society.The present invention is subjected to extension appropriate, the communication overhead of electronics ticket service device can be greatlyd save, side Just user carries out the safety circulation of electronics authority in new and old equipment room.
The characteristics of present invention is communicated using cryptography with D2D solves the needs of electronics voucher system authority circulation at this stage The problem of establishing communication link on new equipment again with server and logging in again, the business pressure of ticket service device is alleviated Power improves authority rate flow, and the combination of the timestamp and random number that use in the present invention avoids Replay Attack, signature The use of algorithm ensure that the integrality and non-repudiation of data transmission, and all symmetric communication session keys only exist in the present invention It works when in secondary communication, transmission next time needs to re-start negotiation after secondary be transmitted, and ensure that the safety of scheme. D2D communication allows adjacent equipment to carry out direct communication under the control of control node, with the help of the D2D communication technology, uses The new and old equipment room authority circulation at family can directly be transmitted under the control of server, and new equipment is in the bill for receiving transfer When, it may not be necessary to server is connected, is shifted by the equipment room that new legacy server is done directly authority, is saved compared with original technology The communication link between new equipment and electronics ticket service device has been removed, the communication overhead of electronics ticket service device is reduced, has been saved The operation that user logs in again shortens authority transfer elapsed time and ensure that new used equipment is consistent with the data of server Property.
Detailed description of the invention
Fig. 1 is the system construction drawing of electronics ticket service device and user equipment 1 provided in an embodiment of the present invention.
Fig. 2 is the system construction drawing that the present invention implements the user equipment provided and user equipment 2.
Fig. 3 is the bill transfer method flow chart in electronics voucher system provided in an embodiment of the present invention based on D2D technology.
Specific embodiment
In order to make the objectives, technical solutions, and advantages of the present invention clearer, with reference to embodiments, to the present invention It is further elaborated.It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, it is not used to Limit the present invention.
Application principle of the invention is explained in detail with reference to the accompanying drawing.
As depicted in figs. 1 and 2, the electronics authority safe flow system provided in an embodiment of the present invention based on D2D includes: electricity Sub- ticket service device, user equipment 1, user equipment 2;1 (UE of user equipment1) pass through with electronics ticket service device (SERVER) and lead to Communication network connection, 1 (UE of user equipment1) and 2 (UE of user equipment2) connected by D2D channel.Electronics ticket service device include but It is not limited to certificate authority module (CA), authentication module (AS), data memory module (DB), user equipment includes but is not limited to log in The device certificate and equipment that built-in CA is issued when module, data transmission module, D2D module and each user equipment factory are private The certificate of key, electronics ticket service device.
The modules of user equipment are write using high-level programming language, and log-in module is responsible for reception Client-initiated and is logged in Request, passes through communication network interaction with electronics ticket service device;Data transmission module is responsible for storing the transmission of electronics ticket service device Bill data, in D2D module request bill data required data are sent to D2D module;D2D module is responsible in same use The safety circulation that the new and old equipment room at family completes equipment certification, establishes safe D2D channel, completes bill.User equipment 1 and electricity Sub- ticket service device establishes secure connection by communication network, and user logs in after secure connection foundation, after logging in successfully Electronics ticket service device logs in successful voucher to one user of transmission of user equipment 1 and carries out electronics authority with user equipment 1 The transmission of data.User equipment 1 and electronics authority are successfully set up user after secure connection and successful log by communication network Equipment 1 and user equipment 2 can start to carry out the circulation of electronics authority, and the bill transfer scheme based on D2D technology specifically walks It is rapid as follows:
i.UE1Broadcast:
User is intended to by UE1To UE2Shift authority status information, UE1D2D connecting channel is established in broadcast data packet, request, number According in packet include UE1Certificate (Cert1), the timestamp of systemRandom number (random1) and UE1To system time The signature of stamp and random number
ii.UE2→UE1:
UE2After receiving broadcast data packet, using the certificate of SERVER built-in when factory come in verify data packet UE1The legitimacy of certificate, in the acknowledged UE of user1Information after, utilize obtained UE1Certification authentication UE1It is rightWith random1SignatureThen the review time stabsWhether within the period of permission, random number random1 Whether occurred within the period of permission, if UE1Certificate is illegal, signature verification does not pass through,Have exceeded the time of permission Section, random1Occurred meeting the first packet discard of above-mentioned any condition within the period of permission and to UE1Transmission is refused Exhausted communication data packet simultaneously disconnects, otherwise UE2To UE1Reply data packet is sent, data packet includes: UE2Certificate (Cert2)、 UE2To random1SignatureCert1, system timestampRandom number (random2) and UE2To UE1Certificate, system timestamp and random number signature
iii.UE1→ SERVER:
UE1Receive UE2The response bag of return, using the certificate of SERVER built-in when factory come verify data packet Middle UE2The legitimacy of certificate, in the acknowledged UE of user2Information after, utilize obtained UE2Certification authentication UE2To Cert1 And random2SignatureThen the UE in received data packet is compared1It is stored in certificate and equipment Certificate it is whether consistent, the review time stampWhether within the period of permission, random number random2Whether permission time Occurred in section, if UE2Certificate is illegal, signature verification does not pass through, UE1Certificate compare it is inconsistent,Have exceeded permission when Between section, random2Occurred meeting the first packet discard of above-mentioned any condition within the period of permission and to UE2It sends Refusal communication data packet simultaneously disconnects, otherwise UE1D2D parameter request data packet is sent to SERVER, data packet includes: Cert1、Cert2、UE1To random1SignatureBy UE2What response bag obtainedWhen system Between stabRandom number (random3)。
iv.SERVER→UE1:
SERVER receives UE1After the D2D parameter request data packet of transmission, the Cert in received data packet is compared1、Cert2 It is whether consistent with the certificate back-up that is stored in certificate repository, then verifyWithSign test the result is that It is no consistent, review time stampWhether within the period of permission, random number random3Whether occur within the period of permission It crosses, if the backup in certificate and certificate repository is inconsistent, sign test result is not identical,Have exceeded period, the random of permission3? Occurred meeting the first packet discard of above-mentioned any condition in the period of permission and to UE1Send refusal communication data packet And disconnect, otherwise SERVER is to UE1D2D parameter reply data packet is sent, data packet includes: the timestamp of systemRandom number (random4) and SERVER to the signature of system timestamp, random numberv.UE1→UE2:
UE1The review time stabs after receiving the D2D parameter response bag of SERVER returnWhether allowing in the period, with Machine number random4Whether allowing to occur in the period, ifHaving exceeded allows period or random number random4Permitting Perhaps occurred then packet discard in the period and requested to retransmit D2D parameter to SERVER, otherwise UE1Select a random number A calculates ga, UE1To UE2D2D parameter notification data packet is sent, data packet includes:random4ga, system timestampRandom number (random5) and UE1To ga, system time The signature of stamp and random numberThe data packet uses UE2Public key PK2Encryption is sent.
vi.UE2→UE1:
UE2UE is used first after receiving D2D parameter notice packet2Then packet decryption is utilized factory by the private key of itself When built-in SERVER certificate come in verify data packetLegitimacy, using in II The UE arrived1Certification authenticationLegitimacy, last review time stampWhether when allowing Between in section, random number random4、random5Whether allow the period in occurred, if data packet can not decrypt,Signature verification failure,Signature verification failure,OrExceed and has permitted Perhaps period, random4Or random5Allowing to occur meeting the first packet discard of above-mentioned any condition in the period And to UE1It sends refusal communication data packet and disconnects, otherwise UE2A random number b is selected, g is calculatedb(ga)bMod p, UE2To UE1D2D parameter reply data packet is sent, data packet includes: gb, system timestampRandom number (random6) And UE2To gb, the timestamp of system and the signature of random numberThe data packet uses UE1Public key PK1Encryption is sent.
vii.UE1→UE2: { START }K
UE1Receive UE2After the D2D parameter reply data packet of transmission, UE is used first1The private key of itself is by data packet solution It is close, then utilize UE obtained in III2Certification authenticationLegitimacy, last review time stamp Whether allowing in the period, random number random6Whether allow the period in occurred, if data packet can not decrypt,Signature verification failure,Having exceeded allows period, random6Allowing to occur in the period Cross the first packet discard for meeting above-mentioned any condition and to UE2It sends refusal communication data packet and disconnects, otherwise UE1 Calculate (gb)aMod p, UE1To UE2Examination communication data packet is sent, data packet includes that communication starts field START, the data packet Use the symmetric cryptographic key K=(g for having negotiated to finishb)aMod p=(ga)bMod p is encrypted.
viii.UE2→UE1: { ACK }K
UE2Receive UE1It is decrypted after the examination communication data packet of transmission using consensus symmetric cryptographic key K, if It can not decrypt then to UE1It sends refusal communication data packet and disconnects, otherwise UE2To UE1Transmission pings letter reply data packet, Data packet includes acknowledgement field ACK, which uses the symmetric cryptographic key K=(g for having negotiated to finishb)aMod p=(ga)b Mod p is encrypted.
ix.UE2→UE1: { taxpayer_ID }
UE2Completion and UE1Channel establish after, user is in new equipment UE2The Taxpayer Identification Number of upper input oneself (taxpayer_ID), UE2The identifier is sent to UE by established D2D channel1
x.UE1→UE2: { tickets_list }
UE1Receive UE2After the Taxpayer Identification Number (taxpayer_ID) of transmission, with UE1It is received in the authority being locally stored Tax people's identifier is compared, and generates an authority list (ticket_list) using the matched authority of Taxpayer Identification Number and returns Back to UE2, when each data item of authority list includes that the authority side of issuing title, authority recipient title and authority are issued Between.
xi.UE2→UE1: { tickets_list_selected }
UE2Receive UE1After the authority list of return, user is according to the side's of making out an invoice title and when receiving ticket side's title and making out an invoice Between selection need to be synchronized to new equipment UE2Authority data, then UE2To UE1Send authority list (tickets_ to be synchronized list_selectet)。
xii.UE1→UE2: { tickets_data }
UE1After receiving authority list (tickets_list_selectet) to be synchronized, by authority number needed for list According to being sent to UE2, authority data include but is not limited to: authority unique identifier, the side's of making out an invoice duty paragraph, the side of making out an invoice address and connection electricity Talk about, the bank of deposit, the side of making out an invoice and account, receive ticket side's duty paragraph, receive ticket side address and telephone number, the Shou Piaofang bank of deposit and account, It makes out an invoice date etc..
xiii.UE1→UE2:
UE2The authority data received are stored in local, then to UE1Return to unique knowledge of all authoritys stored Alias (ticket_IDn) and to the signatures of all authority unique identifiersxiv.UE1→ SERVER:
UE1All UE are informed to SERVER2The authority unique identifier and UE synchronized2To authority unique identifier Signature.
xv.SERVER→UE1: { synchron_complete }
SERVER verifies UE after receiving data packet2Signature, be verified and UE be written in the database2Device data And the bank slip recognition number synchronized in the equipment, then to UE1Return synchronously completes response, UE1It receives and synchronously completes response Disconnection and UE afterwards2D2D connection, authority circulation complete.
Application principle of the invention is further described with reference to the accompanying drawing.
As shown in figure 3, user buys a new equipment user equipment 2 at this time after user equipment 1 completes landfall process, User wants not needing that the electronics authority data safety in user equipment 1 is transferred to use in the case that networking logs in equipment 2 In family equipment 2.1 (UE of user equipment1) broadcast data packet, it include UE in data packet1Certificate (Cert1), data packet broadcast when Time stampRandom number (random1) and UE1It is rightAnd random1SignatureUser equipment 2 (UE2) broadcast packet is received, first verify that Cert1Legitimacy because the certificate of each equipment is all to be issued by CA and each Platform equipment all built-in electronic ticket service device root certificates, it is possible to verify certificate legitimacy.Then it checksrandom1With After sign testIt is whether consistent.Pass through UE after verifying2To UE1Response bag is sent, includes UE in data packet2's Certificate (Cert2)、UE1Certificate (Cert1), data packet generate when time stampRandom number (random2)、UE2It is right random1SignatureAnd UE2To Cert1And random2SignatureUE1 After receiving response, Cert is first verified that2Legitimacy, the Cert that will be received1Doing comparison check with the certificate of equipment itself is It is no consistent, then check Cert1,random2After sign testIt is whether consistent.Pass through verifying UE afterwards1D2D request data package is sent to electronics ticket service device (SERVER), includes Cert in data packet1、Cert2、UE1It is right random1SignatureFrom UE2Obtained in the response of returnTime stamp when data packet generatesRandom number (random3);After SERVER receives D2D request, first by Cert1、Cert2In certificate authority module Unanimously whether the certificate of backup be compared, and then verifiesSignature.After verifying SERVER is to UE1Send reply data packet, time stamp when generating in data packet comprising data packetRandom number (random4), SERVER pairsSignatureUE1Receive the letter of SERVER transmission After breath, random number a is selected to calculate ga, to UE2Sending data packet includes:random4garandom5And the data packet uses UE2Public key encryption transmitted;UE2Receive data packet The signature and UE of SERVER are verified after being decrypted afterwards using the private key of oneself1Signature, by verifying after obtain ga。UE2Selection Random number b calculates gbBackward UE1Sending data packet includes: gb, data packet generate when time stampRandom number (random6)、UE2It is rightSignatureAnd the data packet uses UE1Public key into Row encrypted transmission;UE1It receives and verifies UE after being decrypted after data packet using the private key of oneself2Signature, by verifying after To gb;K=(ga)bModp=(gb)aModp is UE1With UE2Communication key;UE2Completion and UE1Channel establish after, use Family is in new equipment UE2The Taxpayer Identification Number (taxpayer_ID) of upper input oneself, UE2The identifier is passed through established D2D channel is sent to UE1;UE1Receive UE2After the Taxpayer Identification Number (taxpayer_ID) of transmission, with UE1It is locally stored Taxpayer Identification Number is compared in authority, generates an authority list (ticket_ using the matched authority of Taxpayer Identification Number List UE) is returned to2, each data item of authority list include the authority side of issuing title, authority recipient title and with According to issuing the time;UE2Receive UE1After the authority list of return, user ticket side's title and makes out an invoice according to the side's of making out an invoice title with receiving Selection of time needs to be synchronized to new equipment UE2Authority data, then UE2To UE1Send authority list (tickets_ to be synchronized list_selectet);UE1After receiving authority list (tickets_list_selectet) to be synchronized, needed in list Authority data be sent to UE2, authority data include: authority unique identifier, the side's of making out an invoice duty paragraph, the side of making out an invoice address and connection electricity Talk about, the bank of deposit, the side of making out an invoice and account, receive ticket side's duty paragraph, receive ticket side address and telephone number, the Shou Piaofang bank of deposit and account, It makes out an invoice date etc.;UE2The authority data received are stored in local, then to UE1Return to the unique of all authoritys stored Identifier (ticket_IDn) and to the signatures of all authority unique identifiersUE1To SERVER Inform all UE2The authority unique identifier and UE synchronized2To the signature of authority unique identifier;SERVER receives number According to verifying UE after packet2Signature, be verified and UE be written in the database2Device data and the equipment in the ticket that has synchronized According to identifier, then to UE1Return synchronously completes response, UE1Receive disconnection and UE after synchronously completing response2D2D connection, Authority circulation is completed.
The foregoing is merely illustrative of the preferred embodiments of the present invention, is not intended to limit the invention, all in essence of the invention Made any modifications, equivalent replacements, and improvements etc., should all be included in the protection scope of the present invention within mind and principle.

Claims (8)

1. a kind of electronics authority secure flows shifting method based on D2D, which is characterized in that the electronics authority safety based on D2D Circulation method includes:
User equipment is connect with electronics ticket service device by communication network, is connected between user equipment by D2D channel, is completed After being mutually authenticated, user equipment is real-time or UE is acquired periodically1Existing and bill state from now on;Electronics ticket service device packet Certificate authority module, authentication module, data memory module are included but are not limited to, user equipment is provided with log-in module, data transmission The device certificate and device private, electronics authority that built-in CA is issued when module, D2D module and each user equipment factory take The certificate of business device.
2. the electronics authority secure flows shifting method based on D2D as described in claim 1, which is characterized in that described based on D2D's Electronics authority secure flows shifting method includes:
(1) user equipment 1 establishes secure connection by communication network with electronics ticket service device, the user after secure connection foundation Logged in, log in successfully after electronics ticket service device to user equipment 1 send a user log in successful voucher and with The transmission of the progress electronics authority data of family equipment 1;User equipment 1 is successfully set up with electronics ticket service device by communication network The transmission that electronics authority data are completed after secure connection and successful log is the necessary item of the bill transfer scheme based on D2D technology Part;
(2) in user equipment 1UE1After completing landfall process, user buys a new equipment user equipment 2UE at this time2, user thinks It does not need that the electronics authority data safety in user equipment 1 is transferred to user equipment 2 in the case that networking logs in equipment 2 In;UE1Broadcast data packet includes UE in data packet1Certificate Cert1, data packet broadcast when time stampRandom number random1And UE1It is rightAnd random1SignatureUE2Broadcast packet is received, first verifies that Cert1's Legitimacy;Then it checksrandom1After sign testIt is whether consistent;Pass through UE after verifying2To UE1Hair Response bag is sent, includes UE in data packet2Certificate Cert2、UE1Certificate Cert1, data packet generate when time stampRandom number random2、UE2To random1SignatureAnd UE2To Cert1And random2SignatureUE1After receiving response, Cert is first verified that2Legitimacy, the Cert that will be received1With set Whether standby certificate itself does comparison check consistent;
Then Cert is checked1,random2After sign testIt is whether consistent;After verifying UE1D2D request data package is sent to electronics ticket service device SERVER, includes Cert in data packet1、Cert2、UE1To random1 SignatureFrom UE2Obtained in the response of returnTime stamp when data packet generatesWith Machine number random3;After SERVER receives D2D request, first by Cert1、Cert2With the certificate backed up in certificate authority module It whether to be unanimously compared, then verifiesSignature;By after verifying to UE1Send one Reply data packet, time stamp when being generated comprising data packet in data packetRandom number random4, SERVER pairsSignatureUE1After the information for receiving SERVER transmission, random number a meter is selected Calculate ga, to UE2Sending data packet includes:random4garandom5And the data packet uses UE2Public key encryption transmitted;UE2It is used certainly after receiving data packet Oneself private key verifies SERVER and UE after being decrypted1Signature, by verifying after obtain ga;UE2Random number b is selected, is calculated gbBackward UE1Sending data packet includes: gb, data packet generate when time stampRandom number random6、UE2It is rightSignatureAnd the data packet uses UE1Public key carry out encrypted transmission;UE1 It receives and verifies UE after being decrypted after data packet using the private key of oneself2Signature, by verifying after obtain gb;K=(ga)b Mod p=(gb)aMod p is UE1With UE2Communication key, UE2Completion and UE1Channel establish after, user is in new equipment UE2The Taxpayer Identification Number taxpayer_ID, UE of upper input oneself2The identifier is sent to by established D2D channel UE1;UE1Receive UE2After the Taxpayer Identification Number taxpayer_ID of transmission, with UE1Taxpayer knows in the authority being locally stored Alias is compared, and generates an authority list ticket_list using the matched authority of Taxpayer Identification Number and returns to UE2, When each data item of authority list includes but is not limited to that the authority side of issuing title, authority recipient title and authority are issued Between;UE2Receive UE1After the authority list of return, user is according to the side's of making out an invoice title and receives ticket side's title and invoicing time selection Need to be synchronized to new equipment UE2Authority data, then UE2To UE1Send authority list tickets_list_ to be synchronized selectet;UE1After receiving authority list tickets_list_selectet to be synchronized, by authority number needed for list According to being sent to UE2
UE2The authority data received are stored in local, then to UE1Return to the unique identifier of all authoritys stored ticket_IDnAnd the signature to all authority unique identifiersUE1All UE are informed to SERVER2? Synchronous authority unique identifier and UE2To the signature of authority unique identifier;SERVER verifies UE after receiving data packet2 Signature, be verified and UE be written in the database2Device data and the equipment in the bank slip recognition number that has synchronized, then To UE1Return synchronously completes response, UE1Receive disconnection and UE after synchronously completing response2D2D connection, authority circulation complete.
3. the electronics authority secure flows shifting method based on D2D as claimed in claim 2, which is characterized in that described based on D2D's Electronics authority secure flows shifting method specifically includes:
The first step, UE1Broadcast:
User is intended to by UE1To UE2Shift authority status information, UE1D2D connecting channel, data packet are established in broadcast data packet, request In include UE1Certificate Cert1, system timestampRandom number random1And UE1To system timestamp and random number Signature
Second step, UE2→UE1:
UE2After receiving broadcast data packet, using the certificate of SERVER built-in when factory come UE in verify data packet1Card The legitimacy of book, in the acknowledged UE of user1Information after, utilize obtained UE1Certification authentication UE1It is rightAnd random1Label NameThen the review time stabsWhether within the period of permission, random number random1Whether allowing Period in occurred, if UE1Certificate is illegal, signature verification does not pass through,Have exceeded period, the random of permission1 Occurred meeting the first packet discard of above-mentioned any condition within the period of permission and to UE1Send refusal communication data It wraps and disconnects, otherwise UE2To UE1Reply data packet is sent, data packet includes: UE2Certificate Cert2、UE2To random1 SignatureCert1, system timestampRandom number random2And UE2To UE1Certificate, system when Between stamp and random number signature
Third step, UE1→ SERVER:
UE1Receive UE2The response bag of return, using the certificate of SERVER built-in when factory come UE in verify data packet2 The legitimacy of certificate, in the acknowledged UE of user2Information after, utilize obtained UE2Certification authentication UE2To Cert1With random2SignatureThen the UE in received data packet is compared1The card stored in certificate and equipment Whether book is consistent, review time stampWhether within the period of permission, random number random2Whether within the period of permission Occurred, if UE2Certificate is illegal, signature verification does not pass through, UE1Certificate compare it is inconsistent,Have exceeded permission period, random2Occurred meeting the first packet discard of above-mentioned any condition within the period of permission and to UE2It is logical to send refusal Letter data packet simultaneously disconnects, otherwise UE1D2D parameter request data packet is sent to SERVER, data packet includes: Cert1、 Cert2、UE1To random1SignatureBy UE2What response bag obtainedSystem timestampRandom number random3
4th step, SERVER → UE1:
SERVER receives UE1After the D2D parameter request data packet of transmission, the Cert in received data packet is compared1、Cert2With card Whether the certificate back-up stored in stack room is consistent, then verifiesWithSign test result whether one It causes, review time stampWhether within the period of permission, random number random3Whether occurred within the period of permission, If backup in certificate and certificate repository is inconsistent, sign test result is not identical,Have exceeded period, the random of permission3Permitting Perhaps occurred meeting the first packet discard of above-mentioned any condition in period and to UE1Send refusal communication data packet simultaneously It disconnects, otherwise SERVER is to UE1D2D parameter reply data packet is sent, data packet includes: the timestamp of systemAt random Number random4And SERVER is to the signature of system timestamp, random number
5th step, UE1→UE2:
UE1The review time stabs after receiving the D2D parameter response bag of SERVER returnWhether allowing in the period, random number random4Whether allowing to occur in the period, ifHaving exceeded allows period or random number random4When allowing Between occurred then packet discard in section and request to retransmit D2D parameter to SERVER, otherwise UE1A random number a is selected, is counted Calculate ga, UE1To UE2D2D parameter notification data packet is sent, data packet includes:random4ga、 The timestamp of systemRandom number random5And UE1To ga, the timestamp of system and the signature of random numberThe data packet uses UE2Public key PK2Encryption is sent;
6th step, UE2→UE1:
UE2UE is used first after receiving D2D parameter notice packet2Then the private key of itself utilizes packet decryption when dispatching from the factory Certificate through built-in SERVER comes in verify data packetLegitimacy, using obtained in II UE1Certification authenticationLegitimacy, last review time stampWhether the period is being allowed It is interior, random number random4、random5Whether allow the period in occurred, if data packet can not decrypt,Signature verification failure,Signature verification failure,OrExceed and has permitted Perhaps period, random4Or random5Allowing to occur meeting the first packet discard of above-mentioned any condition in the period And to UE1It sends refusal communication data packet and disconnects, otherwise UE2A random number b is selected, g is calculatedb(ga)bMod p, UE2To UE1D2D parameter reply data packet is sent, data packet includes: gb, system timestampRandom number random6And UE2To gb, the timestamp of system and the signature of random numberThe data packet uses UE1Public key PK1Add Close transmission;
7th step, UE1→UE2: { START }K
UE1Receive UE2After the D2D parameter reply data packet of transmission, UE is used first1The private key of itself is by packet decryption, so UE obtained in III is utilized afterwards2Certification authenticationLegitimacy, last review time stampWhether Allow in the period, random number random6Whether allow the period in occurred, if data packet can not decrypt,Signature verification failure,Having exceeded allows period, random6Allowing to occur in the period Cross the first packet discard for meeting above-mentioned any condition and to UE2It sends refusal communication data packet and disconnects, otherwise UE1 Calculate (gb)aMod p, UE1To UE2Examination communication data packet is sent, data packet includes that communication starts field START, the data packet Use the symmetric cryptographic key K=(g for having negotiated to finishb)aMod p=(ga)bMod p is encrypted;
8th step, UE2→UE1: { ACK }K
UE2Receive UE1It is decrypted after the examination communication data packet of transmission using consensus symmetric cryptographic key K, if can not Decryption is then to UE1It sends refusal communication data packet and disconnects, otherwise UE2To UE1Transmission pings letter reply data packet, data Packet includes acknowledgement field ACK, which uses the symmetric cryptographic key K=(g for having negotiated to finishb)aMod p=(ga)b Mod p is encrypted;
9th step, UE2→UE1: { taxpayer_ID }
UE2Completion and UE1Channel establish after, user is in new equipment UE2The Taxpayer Identification Number taxpayer_ of upper input oneself ID, UE2The identifier is sent to UE by established D2D channel1
Tenth step, UE1→UE2: { tickets_list }
UE1Receive UE2After the Taxpayer Identification Number taxpayer_ID of transmission, with UE1Taxpayer knows in the authority being locally stored Alias is compared, and generates an authority list ticket_list using the matched authority of Taxpayer Identification Number and returns to UE2, Each data item of authority list includes that the authority side of issuing title, authority recipient title and authority issue the time;
11st step, UE2→UE1: { tickets_list_selected }
UE2Receive UE1After the authority list of return, user is according to the side's of making out an invoice title and receives ticket side's title and invoicing time choosing It selects and needs to be synchronized to new equipment UE2Authority data, then UE2To UE1Send authority list tickets_list_ to be synchronized selectet;
12nd step, UE1→UE2: { tickets_data }
UE1After receiving authority list tickets_list_selectet to be synchronized, authority data needed for list are sent To UE2
13rd step, UE1→UE2:
UE2The authority data received are stored in local, then to UE1Return to the unique identifier of all authoritys stored ticket_IDnAnd the signature to all authority unique identifiers
14th step, UE1→ SERVER:
UE1All UE are informed to SERVER2The authority unique identifier and UE synchronized2To the label of authority unique identifier Name;
15th step, SERVER → UE1: { synchron_complete }
SERVER verifies UE after receiving data packet2Signature, be verified and UE be written in the database2Device data and The bank slip recognition number synchronized in the equipment, then to UE1Return synchronously completes response, UE1It receives and breaks after synchronously completing response It opens and UE2D2D connection, authority circulation complete.
4. a kind of electronics authority peace based on D2D of electronics authority secure flows shifting method realized described in claim 1 based on D2D Full flow system, which is characterized in that the safe flow system of electronics authority based on D2D includes: electronics ticket service device, uses Family equipment 1, user equipment 2;
User equipment 1 is connect with electronics ticket service device by communication network, and user equipment 1 and user equipment 2 pass through D2D channel Connection;
Electronics ticket service device includes certificate authority module, authentication module, data memory module, and user equipment, which is provided with, logs in mould The device certificate and equipment that built-in CA is issued when block, data transmission module, D2D module and each user equipment factory are private The certificate of key, electronics ticket service device.
5. the safe flow system of electronics authority based on D2D as claimed in claim 4, which is characterized in that the electronics authority Server electronic ticket service device is connect with user equipment by communication network;Certificate authority module is responsible for legitimate user and issues Data needed for authenticating, including sign containing electronics ticket service device trusted certificates, store the certificate pair of certificate user Originally, provide authentication module and carry out related credentials data required when verification process;Authentication module is responsible for handling logging in for user's friendship Request completes Sign-On authentication to the necessary certification authentication data of certificate authority module request, and user deposits after logging in successfully with data Module interaction is stored up, the bill data of user is sent to user equipment;Data memory module be responsible for store user bill data, Corresponding bill data is sent to log-in module after the bill data request for receiving log-in module.
6. the safe flow system of electronics authority based on D2D as claimed in claim 4, which is characterized in that the user equipment Including log-in module, data transmission module, D2D module, and all built-in when each user equipment factory includes: setting of issuing of CA Standby certificate and device private, electronics ticket service device certificate and electronics voucher system used by hash algorithm, it is symmetrical plus Decipherment algorithm, asymmetric enciphering and deciphering algorithm and Jie's p-1 multiplicative group Zp *G, p two parameter;P is prime number, and g is to generate member;
Log-in module is responsible for receiving Client-initiated log on request, passes through communication network interaction with electronics ticket service device;Data Transmission module be responsible for store electronics ticket service device send bill data, in D2D module request bill data by required number According to being sent to D2D module;D2D module is responsible for the D2D letter completed equipment certification in the new and old equipment room of same user, establish safety Road, the safety circulation for completing authority.
7. a kind of electronic certificate using the electronics authority secure flows shifting method described in claims 1 to 3 any one based on D2D System.
8. a kind of information data processing terminal equipped with electronic certificate system described in claim 7.
CN201910123597.1A 2019-02-18 2019-02-18 D2D-based electronic credential secure circulation method and system and electronic credential system Active CN110011791B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910123597.1A CN110011791B (en) 2019-02-18 2019-02-18 D2D-based electronic credential secure circulation method and system and electronic credential system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910123597.1A CN110011791B (en) 2019-02-18 2019-02-18 D2D-based electronic credential secure circulation method and system and electronic credential system

Publications (2)

Publication Number Publication Date
CN110011791A true CN110011791A (en) 2019-07-12
CN110011791B CN110011791B (en) 2021-07-09

Family

ID=67165826

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910123597.1A Active CN110011791B (en) 2019-02-18 2019-02-18 D2D-based electronic credential secure circulation method and system and electronic credential system

Country Status (1)

Country Link
CN (1) CN110011791B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113159872A (en) * 2021-02-26 2021-07-23 西安电子科技大学 Privacy protection online billing service authentication method, system, storage medium and application
CN116049802A (en) * 2023-03-31 2023-05-02 深圳竹云科技股份有限公司 Application single sign-on method, system, computer equipment and storage medium

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102571376A (en) * 2012-02-24 2012-07-11 苏州阔地网络科技有限公司 Method and system for implementing multi-window chat
CN102711105A (en) * 2012-05-18 2012-10-03 华为技术有限公司 Method, device and system for communication through mobile communication network
CN103595750A (en) * 2012-08-17 2014-02-19 华为技术有限公司 Method, terminal and network side for peer-to-pear communication
CN104660567A (en) * 2013-11-22 2015-05-27 中国联合网络通信集团有限公司 D2D terminal access authentication method as well as D2D terminal and server
CN106953727A (en) * 2017-03-13 2017-07-14 南京邮电大学 Based on the group safety certifying method without certificate in D2D communications
CN107251591A (en) * 2015-03-13 2017-10-13 英特尔Ip公司 Device-to-device discovery and system, the method and apparatus of communication for safety

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102571376A (en) * 2012-02-24 2012-07-11 苏州阔地网络科技有限公司 Method and system for implementing multi-window chat
CN102711105A (en) * 2012-05-18 2012-10-03 华为技术有限公司 Method, device and system for communication through mobile communication network
CN103595750A (en) * 2012-08-17 2014-02-19 华为技术有限公司 Method, terminal and network side for peer-to-pear communication
CN104660567A (en) * 2013-11-22 2015-05-27 中国联合网络通信集团有限公司 D2D terminal access authentication method as well as D2D terminal and server
CN107251591A (en) * 2015-03-13 2017-10-13 英特尔Ip公司 Device-to-device discovery and system, the method and apparatus of communication for safety
CN106953727A (en) * 2017-03-13 2017-07-14 南京邮电大学 Based on the group safety certifying method without certificate in D2D communications

Non-Patent Citations (4)

* Cited by examiner, † Cited by third party
Title
WENLONG SHEN等: ""Secure Key Establishment for Device-to-Device Communications"", 《IEEE》 *
卢昊旗: ""D2D通信的认证和密钥协商协议研究"", 《中国优秀硕士学位论文全文数据库信息科技辑》 *
张亚楠: ""D2D通信的隐私安全研究"", 《中国优秀硕士学位论文全文数据库信息科技辑》 *
王明君: ""设备到设备_D2D_通信安全和隐私保护研究"", 《中国博士学位论文全文数据库信息科技辑》 *

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113159872A (en) * 2021-02-26 2021-07-23 西安电子科技大学 Privacy protection online billing service authentication method, system, storage medium and application
CN113159872B (en) * 2021-02-26 2024-03-29 西安电子科技大学 Privacy protection online billing service authentication method, system, storage medium and application
CN116049802A (en) * 2023-03-31 2023-05-02 深圳竹云科技股份有限公司 Application single sign-on method, system, computer equipment and storage medium
CN116049802B (en) * 2023-03-31 2023-07-18 深圳竹云科技股份有限公司 Application single sign-on method, system, computer equipment and storage medium

Also Published As

Publication number Publication date
CN110011791B (en) 2021-07-09

Similar Documents

Publication Publication Date Title
CN109756485B (en) Electronic contract signing method, electronic contract signing device, computer equipment and storage medium
US11050563B2 (en) Method of exchanging keys by smart contract implemented on a blockchain
CN112003889B (en) Distributed cross-link system and cross-link information interaction and system access control method
CN108270571B (en) Internet of Things identity authorization system and its method based on block chain
Horn et al. Authentication protocols for mobile network environment value-added services
CN101005359B (en) Method and device for realizing safety communication between terminal devices
CN103297403B (en) A kind of method and system for realizing dynamic cipher verification
EP1277301B1 (en) Method for transmitting payment information between a terminal and a third equipement
CN103491540B (en) The two-way access authentication system of a kind of WLAN based on identity documents and method
CN101393628B (en) Novel network safe transaction system and method
CN102404347A (en) Mobile internet access authentication method based on public key infrastructure
JP2005515715A (en) Data transmission link
CN106060070A (en) TLS handshake protocol for identity-based cryptosystem
CN111163109B (en) Block chain center-removing type node anti-counterfeiting method
CN104901935A (en) Bilateral authentication and data interaction security protection method based on CPK (Combined Public Key Cryptosystem)
CN114520976B (en) Authentication method and device for user identity identification card and nonvolatile storage medium
CN111756529A (en) Quantum session key distribution method and system
CN110020524A (en) A kind of mutual authentication method based on smart card
CN106713236A (en) End-to-end identity authentication and encryption method based on CPK identifier authentication
CN108632042A (en) A kind of class AKA identity authorization systems and method based on pool of symmetric keys
US7971234B1 (en) Method and apparatus for offline cryptographic key establishment
CN110011791A (en) Electronics authority secure flows shifting method and system, electronics voucher system based on D2D
KR20010047563A (en) Public key based mutual authentication method in wireless communication system
CN106330430B (en) A kind of third party's method of mobile payment based on NTRU
CN113014376B (en) Method for safety authentication between user and server

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CB03 Change of inventor or designer information
CB03 Change of inventor or designer information

Inventor after: Cao Jin

Inventor after: Liu Xiang

Inventor after: Li Hui

Inventor after: Zhu Hui

Inventor after: Zhao Xingwen

Inventor before: Cao Jin

Inventor before: Liu Xiang

Inventor before: Li Hui

Inventor before: Zhu Hui

Inventor before: Zhao Xingwen