CN110011791A - Electronics authority secure flows shifting method and system, electronics voucher system based on D2D - Google Patents
Electronics authority secure flows shifting method and system, electronics voucher system based on D2D Download PDFInfo
- Publication number
- CN110011791A CN110011791A CN201910123597.1A CN201910123597A CN110011791A CN 110011791 A CN110011791 A CN 110011791A CN 201910123597 A CN201910123597 A CN 201910123597A CN 110011791 A CN110011791 A CN 110011791A
- Authority
- CN
- China
- Prior art keywords
- authority
- data packet
- random
- certificate
- electronics
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0825—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/70—Services for machine-to-machine communication [M2M] or machine type communication [MTC]
Abstract
The invention belongs to D2D fields of communication technology, disclose a kind of electronics authority secure flows shifting method and system, electronics voucher system based on D2D, 1 (UE of user equipment1) connect with electronics ticket service device (SERVER) by communication network, 1 (UE of user equipment1) and 2 (UE of user equipment2) connected by D2D channel.Electronics ticket service device is provided with certificate authority module (CA), authentication module (AS), data memory module (DB), and user equipment is provided with log-in module, data transmission module, D2D module.Same user possesses 1 or more equipment in the present invention, and wherein has 1 equipment (UE1) complete and the certification of electronics ticket service device and data transmission.Other equipment without again with electronics ticket service device establish be connected to the network, by with UE1D2D channel is established, the transfer of bill state is completed.Structure of the invention is reasonable, can save the communication resource of electronics ticket service device, simplifies user's operation, shortens authority and shifts elapsed time.
Description
Technical field
The invention belongs to D2D field of communication technology more particularly to a kind of electronics authority secure flows shifting method based on D2D and
System, electronics voucher system.
Background technique
Currently, the prior art commonly used in the trade is such that user using an equipment successful log and downloads mutually powered-down
After sub- authority information, if buying a new equipment again, the synchronous authority data on new equipment are want, then needing in the new equipment first line of a couplet
Net and server communication, repeat log in-verification process after from server end download electronics authority information.With bill system
System goes the propulsion of paper, electronicalization process, and the user using electronics voucher system is more and more.Electronics voucher system server needs
It handles and largely logs in and data transfer request, a large amount of request brings huge processing pressure to server, for service
Device reduces communication overhead, saves communication band resource, simplifies the transfer process of electronics authority data between user equipment, designs one kind
The bill transfer scheme of electronics voucher system is extremely urgent needs.
As billing system goes the propulsion of paper, electronicalization process, the user using electronics voucher system is more and more.It is existing
There is electronic billing system such as wechat electronic invoice, if user has purchased new mobile device and it is desirable that by the electronic invoice of used equipment
It is synchronized on new equipment, it is necessary to-verification process is once logged on new equipment, ticket of the new equipment from wechat after logging in successfully
Bill is downloaded on new equipment according to server, will lead in this way electronics voucher system server need handle largely log in
And data transfer request, a large amount of log on request brings immense pressure to server, and electronics voucher system requires system tool
There is the features such as high-throughput, high concurrent, rapid response, circulates for the safety of electronics authority, new used equipment is closer, and all
Possessed by same subscriber, it is not necessary that repeat and once log in-verification process, this programme logs in-verification process for new equipment
Simplified, alleviate the pressure of server, user is made not need to log in 2 synchronizations that new used equipment bill can be completed.
In conclusion problem of the existing technology is: electronics voucher system server need handle largely log in
And data transfer request, a large amount of log on request bring immense pressure to server;Safety circulation for electronics authority, newly
Used equipment is closer, and is all possessed by same subscriber, it is not necessary that is repeated and is once logged in-verification process.
Solve the difficulty of above-mentioned technical problem:
The difficulty to solve the above problems is, it is ensured that the safety of new used equipment D2D channel and reliability and
Channel establish after how by the authority data of used equipment it is appropriate be transmitted to new equipment up.
Solve the meaning of above-mentioned technical problem:
After solving the above problems, the service pressure of electronics ticket service device can be mitigated, save server process resource, letter
Change user's operation, accelerate the safe rate flow of electronics authority.
Summary of the invention
In view of the problems of the existing technology, the present invention provides a kind of electronics authority secure flows shifting method based on D2D
And system, electronics voucher system.
The invention is realized in this way a kind of electronics authority secure flows shifting method based on D2D, the electricity based on D2D
Sub- authority secure flows shifting method includes:
User equipment is connect with electronics ticket service device by communication network, is connected between user equipment by D2D channel,
After completion is mutually authenticated, user equipment is real-time or UE is acquired periodically1Existing and bill state from now on;Electronics ticket service
Device includes but is not limited to certificate authority module, authentication module, data memory module, and user equipment is provided with log-in module, data
Built-in CA is issued when transmission module, D2D module and the factory of each user equipment device certificate and device private, electronics with
According to the certificate of server.
Further, the electronics authority secure flows shifting method based on D2D includes:
(1) user equipment 1 establishes secure connection by communication network with electronics ticket service device, after secure connection foundation
User logs in, and electronics ticket service device sends a user to user equipment 1 and logs in successful voucher simultaneously after logging in successfully
The transmission of electronics authority data is carried out with user equipment 1;User equipment 1 and electronics ticket service device pass through communication network successfully
Establish after secure connection and successful log complete electronics authority data transmission be the bill transfer scheme based on D2D technology must
Want condition;
(2) in user equipment 1UE1After completing landfall process, user buys a new equipment user equipment 2UE at this time2, use
Want not needing that the electronics authority data safety in user equipment 1 is transferred to user in the case that networking logs in equipment 2 in family
In equipment 2;UE1Broadcast data packet includes UE in data packet1Certificate Cert1, data packet broadcast when time stampRandom number
random1And UE1It is rightAnd random1SignatureUE2Broadcast packet is received, first verifies that Cert1's
Legitimacy;Then it checksrandom1After sign testIt is whether consistent;Pass through UE after verifying2To UE1Hair
Response bag is sent, includes UE in data packet2Certificate Cert2、UE1Certificate Cert1, data packet generate when time stampAt random
Number random2、UE2To random1SignatureAnd UE2To Cert1、And random2SignatureUE1After receiving response, Cert is first verified that2Legitimacy, the Cert that will be received1With set
Whether standby certificate itself does comparison check consistent;
Then Cert is checked1,random2After sign testIt is whether consistent;By testing
UE after card1D2D request data package is sent to electronics ticket service device SERVER, includes Cert in data packet1、Cert2、UE1It is right
random1SignatureFrom UE2Obtained in the response of returnTime stamp when data packet generatesRandom number random3;After SERVER receives D2D request, first by Cert1、Cert2It is backed up with certificate authority module
Certificate whether consistent be compared, then verifySignature;By after verifying to UE1
Send a reply data packet, time stamp when generating in data packet comprising data packetRandom number random4, SERVER pairsSignatureUE1After the information for receiving SERVER transmission, random number a meter is selected
Calculate ga, to UE2Sending data packet includes:random4、ga、random5、And the data packet uses UE2Public key encryption transmitted;UE2It is used certainly after receiving data packet
Oneself private key verifies SERVER and UE after being decrypted1Signature, by verifying after obtain ga;UE2Random number b is selected, is calculated
gbBackward UE1Sending data packet includes: gb, data packet generate when time stampRandom number random6、UE2It is rightSignatureAnd the data packet uses UE1Public key carry out encrypted transmission;UE1
It receives and verifies UE after being decrypted after data packet using the private key of oneself2Signature, by verifying after obtain gb;K=(ga)bModp=(gb)aModp is UE1With UE2Communication key, UE2Completion and UE1Channel establish after, user is in new equipment UE2
The Taxpayer Identification Number taxpayer_ID, UE of upper input oneself2The identifier is sent to UE by established D2D channel1;
UE1Receive UE2After the Taxpayer Identification Number taxpayer_ID of transmission, with UE1Taxpayer Identification Number in the authority being locally stored
It is compared, generates an authority list ticket_list using the matched authority of Taxpayer Identification Number and return to UE2, authority
Each data item of list includes but is not limited to that the authority side of issuing title, authority recipient title and authority issue the time;
UE2Receive UE1After the authority list of return, user is according to the side's of making out an invoice title and receives ticket side's title and invoicing time selection need
It is synchronized to new equipment UE2Authority data, then UE2To UE1Send authority list tickets_list_ to be synchronized
selectet;UE1After receiving authority list tickets_list_selectet to be synchronized, by authority number needed for list
According to being sent to UE2;
UE2The authority data received are stored in local, then to UE1Return to unique knowledge of all authoritys stored
Alias ticket_IDnAnd the signature to all authority unique identifiersUE1It is informed to SERVER all
UE2The authority unique identifier and UE synchronized2To the signature of authority unique identifier;SERVER receives data packet posteriority
Demonstrate,prove UE2Signature, be verified and UE be written in the database2Device data and the equipment in the bank slip recognition number that has synchronized,
Then to UE1Return synchronously completes response, UE1Receive disconnection and UE after synchronously completing response2D2D connection, authority circulated
At.
Further, the electronics authority secure flows shifting method based on D2D specifically includes:
The first step, UE1Broadcast:
User is intended to by UE1To UE2Shift authority status information, UE1D2D connecting channel is established in broadcast data packet, request, number
According in packet include UE1Certificate Cert1, system timestampRandom number random1And UE1To system timestamp and at random
Several signatures
Second step, UE2→UE1:
UE2After receiving broadcast data packet, using the certificate of SERVER built-in when factory come in verify data packet
UE1The legitimacy of certificate, in the acknowledged UE of user1Information after, utilize obtained UE1Certification authentication UE1It is rightWith
random1SignatureThen the review time stabsWhether within the period of permission, random number random1
Whether occurred within the period of permission, if UE1Certificate is illegal, signature verification does not pass through,Have exceeded the time of permission
Section, random1Occurred meeting the first packet discard of above-mentioned any condition within the period of permission and to UE1Transmission is refused
Exhausted communication data packet simultaneously disconnects, otherwise UE2To UE1Reply data packet is sent, data packet includes: UE2Certificate Cert2、UE2
To random1SignatureCert1, system timestampRandom number random2And UE2To UE1Card
The signature of book, system timestamp and random number
Third step, UE1→ SERVER:
UE1Receive UE2The response bag of return, using the certificate of SERVER built-in when factory come verify data packet
Middle UE2The legitimacy of certificate, in the acknowledged UE of user2Information after, utilize obtained UE2Certification authentication UE2To Cert1、
And random2SignatureThen the UE in received data packet is compared1It is stored in certificate and equipment
Whether certificate is consistent, review time stampWhether within the period of permission, random number random2Whether permission period
Inside occurred, if UE2Certificate is illegal, signature verification does not pass through, UE1Certificate compare it is inconsistent,Have exceeded the time of permission
Section, random2Occurred meeting the first packet discard of above-mentioned any condition within the period of permission and to UE2Transmission is refused
Exhausted communication data packet simultaneously disconnects, otherwise UE1D2D parameter request data packet is sent to SERVER, data packet includes: Cert1、
Cert2、UE1To random1SignatureBy UE2What response bag obtainedSystem timestampRandom number random3;
4th step, SERVER → UE1:
SERVER receives UE1After the D2D parameter request data packet of transmission, the Cert in received data packet is compared1、Cert2
It is whether consistent with the certificate back-up that is stored in certificate repository, then verifyWithSign test the result is that
It is no consistent, review time stampWhether within the period of permission, random number random3Whether occur within the period of permission
It crosses, if the backup in certificate and certificate repository is inconsistent, sign test result is not identical,Have exceeded period, the random of permission3?
Occurred meeting the first packet discard of above-mentioned any condition in the period of permission and to UE1Send refusal communication data packet
And disconnect, otherwise SERVER is to UE1D2D parameter reply data packet is sent, data packet includes: the timestamp of systemWith
Machine number random4And SERVER is to the signature of system timestamp, random number
5th step, UE1→UE2:
UE1The review time stabs after receiving the D2D parameter response bag of SERVER returnWhether allowing in the period, with
Machine number random4Whether allowing to occur in the period, ifHaving exceeded allows period or random number random4Permitting
Perhaps occurred then packet discard in the period and requested to retransmit D2D parameter to SERVER, otherwise UE1Select a random number
A calculates ga, UE1To UE2D2D parameter notification data packet is sent, data packet includes:random4、ga, system timestampRandom number random5And UE1To ga, system timestamp and with
The signature of machine numberThe data packet uses UE2Public key PK2Encryption is sent;
6th step, UE2→UE1:
UE2UE is used first after receiving D2D parameter notice packet2Then packet decryption is utilized factory by the private key of itself
When built-in SERVER certificate come in verify data packetLegitimacy, using in II
Obtained UE1Certification authenticationLegitimacy, last review time stampWhether allowing
In period, random number random4、random5Whether allow the period in occurred, if data packet can not decrypt,Signature verification failure,Signature verification failure,OrExceed and has permitted
Perhaps period, random4Or random5Allowing to occur meeting the first packet discard of above-mentioned any condition in the period
And to UE1It sends refusal communication data packet and disconnects, otherwise UE2A random number b is selected, g is calculatedb(ga)bMod p,
UE2To UE1D2D parameter reply data packet is sent, data packet includes: gb, system timestampRandom number random6And
UE2To gb, the timestamp of system and the signature of random numberThe data packet uses UE1Public key PK1Add
Close transmission;
7th step, UE1→UE2: { START }K
UE1Receive UE2After the D2D parameter reply data packet of transmission, UE is used first1The private key of itself is by data packet solution
It is close, then utilize UE obtained in III2Certification authenticationLegitimacy, last review time stamp
Whether allowing in the period, random number random6Whether allow the period in occurred, if data packet can not decrypt,Signature verification failure,Having exceeded allows period, random6Allowing to occur in the period
Cross the first packet discard for meeting above-mentioned any condition and to UE2It sends refusal communication data packet and disconnects, otherwise UE1
Calculate (gb)aMod p, UE1To UE2Examination communication data packet is sent, data packet includes that communication starts field START, the data packet
Use the symmetric cryptographic key K=(g for having negotiated to finishb)aMod p=(ga)bMod p is encrypted;
8th step, UE2→UE1: { ACK }K
UE2Receive UE1It is decrypted after the examination communication data packet of transmission using consensus symmetric cryptographic key K, if
It can not decrypt then to UE1It sends refusal communication data packet and disconnects, otherwise UE2To UE1Transmission pings letter reply data packet, number
It include acknowledgement field ACK according to packet, which uses the symmetric cryptographic key K=(g for having negotiated to finishb)aMod p=(ga)b
Mod p is encrypted;
9th step, UE2→UE1: { taxpayer_ID }
UE2Completion and UE1Channel establish after, user is in new equipment UE2The Taxpayer Identification Number of upper input oneself
Taxpayer_ID, UE2The identifier is sent to UE by established D2D channel1;
Tenth step, UE1→UE2: { tickets_list }
UE1Receive UE2After the Taxpayer Identification Number taxpayer_ID of transmission, with UE1It pays taxes in the authority being locally stored
People's identifier is compared, and generates an authority list ticket_list using the matched authority of Taxpayer Identification Number and returns to
UE2, each data item of authority list includes that the authority side of issuing title, authority recipient title and authority issue the time;
11st step, UE2→UE1: { tickets_list_selected }
UE2Receive UE1After the authority list of return, user is according to the side's of making out an invoice title and when receiving ticket side's title and making out an invoice
Between selection need to be synchronized to new equipment UE2Authority data, then UE2To UE1Send authority list tickets_ to be synchronized
list_selectet;
12nd step, UE1→UE2: { tickets_data }
UE1After receiving authority list tickets_list_selectet to be synchronized, by authority data needed for list
It is sent to UE2;
13rd step, UE1→UE2:
UE2The authority data received are stored in local, then to UE1Return to unique knowledge of all authoritys stored
Alias ticket_IDnAnd the signature to all authority unique identifiers
14th step, UE1→ SERVER:
UE1All UE are informed to SERVER2The authority unique identifier and UE synchronized2To authority unique identifier
Signature;
15th step, SERVER → UE1: { synchron_complete }
SERVER verifies UE after receiving data packet2Signature, be verified and UE be written in the database2Device data
And the bank slip recognition number synchronized in the equipment, then to UE1Return synchronously completes response, UE1It receives and synchronously completes response
Disconnection and UE afterwards2D2D connection, authority circulation complete.
Another object of the present invention is to provide a kind of bases of the electronics authority secure flows shifting method described in realize based on D2D
In the safe flow system of electronics authority of D2D, the safe flow system of electronics authority based on D2D includes: electronics authority clothes
Business device, user equipment 1, user equipment 2;
User equipment 1 is connect with electronics ticket service device by communication network, and user equipment 1 and user equipment 2 pass through D2D
Channel connection;
Electronics ticket service device includes certificate authority module, authentication module, data memory module, and user equipment, which is provided with, to be stepped on
The device certificate and equipment that built-in CA is issued when land module, data transmission module, D2D module and each user equipment factory
The certificate of private key, electronics ticket service device.
5, the safe flow system of electronics authority based on D2D as claimed in claim 4, which is characterized in that the electronics
Ticket service device electronics ticket service device is connect with user equipment by communication network;Certificate authority module is responsible for legitimate user
Data needed for issuing certification, including sign containing electronics ticket service device trusted certificates, store the card of certificate user
Book copy provides related credentials data required when authentication module progress verification process;Authentication module is responsible for handling what user handed over
Log on request is completed Sign-On authentication to the necessary certification authentication data of certificate authority module request, after user logs in successfully and is counted
According to memory module interaction, the bill data of user is sent to user equipment;Data memory module is responsible for storing the bill of user
Corresponding bill data is sent to log-in module after the bill data request for receiving log-in module by data.
Further, the user equipment includes log-in module, data transmission module, D2D module, and each user equipment
When factory all it is built-in include: the device certificate that CA is issued and device private, electronics ticket service device certificate and electronics authority
Hash algorithm used by system, symmetrical enciphering and deciphering algorithm, asymmetric enciphering and deciphering algorithm and Jie's p-1 multiplicative group Zp *G, p two
Parameter;P is prime number, and g is to generate member;
Log-in module is responsible for receiving Client-initiated log on request, passes through communication network interaction with electronics ticket service device;
Data transmission module be responsible for store electronics ticket service device send bill data, in D2D module request bill data by institute
Data are needed to be sent to D2D module;D2D module is responsible for safe in the certification of new and old equipment room completion equipment, the foundation of same user
D2D channel, the safety circulation for completing authority.
Another object of the present invention is to provide a kind of electricity of the electronics authority secure flows shifting method described in application based on D2D
Sub- certificate system.
Another object of the present invention is to provide a kind of information data processing terminals equipped with the electronic certificate system.
In conclusion advantages of the present invention and good effect are as follows:, D2D communication is as emerging communication mode in communication network
Very important effect is played in network and wireless system.D2D communication allows adjacent equipment to carry out under the control of control node
Direct communication, with the help of the D2D communication technology, the new and old equipment room electronics authority circulation of user can be in the control of server
Lower directly to be transmitted, new equipment is when receiving the bill of transfer, it may not be necessary to connect server, save compared with original technology
The communication link between new equipment and electronics ticket service device has been removed, the communication overhead of electronics ticket service device is reduced, has been saved
The operation that user logs in again shortens authority transfer elapsed time.
After the present invention 1. users of satisfaction log on used equipment, do not need to carry out another secondary logon operation on new equipment.
2. new equipment can directly carry out data transmission with used equipment, do not need to establish communication channel respectively with electronics ticket service device.
3. there is good safety, the communication link of new and old equipment room should ensure that enough safeties, can resist known major part
Attack means.Symmetric key cryptography system in cryptography, asymmetry sampling, information signature, information authentication is employed herein
Algorithm, Diffie-Hellman Diffie-Hellman, which are all generally acknowledged, has high safety.D2D communication equipment is general in this patent
It is closer, in the horizon range that a people can control, increases eavesdropping, distort, intercept difficulty, strengthen the present invention and working as
The safety of lower society.The present invention is subjected to extension appropriate, the communication overhead of electronics ticket service device can be greatlyd save, side
Just user carries out the safety circulation of electronics authority in new and old equipment room.
The characteristics of present invention is communicated using cryptography with D2D solves the needs of electronics voucher system authority circulation at this stage
The problem of establishing communication link on new equipment again with server and logging in again, the business pressure of ticket service device is alleviated
Power improves authority rate flow, and the combination of the timestamp and random number that use in the present invention avoids Replay Attack, signature
The use of algorithm ensure that the integrality and non-repudiation of data transmission, and all symmetric communication session keys only exist in the present invention
It works when in secondary communication, transmission next time needs to re-start negotiation after secondary be transmitted, and ensure that the safety of scheme.
D2D communication allows adjacent equipment to carry out direct communication under the control of control node, with the help of the D2D communication technology, uses
The new and old equipment room authority circulation at family can directly be transmitted under the control of server, and new equipment is in the bill for receiving transfer
When, it may not be necessary to server is connected, is shifted by the equipment room that new legacy server is done directly authority, is saved compared with original technology
The communication link between new equipment and electronics ticket service device has been removed, the communication overhead of electronics ticket service device is reduced, has been saved
The operation that user logs in again shortens authority transfer elapsed time and ensure that new used equipment is consistent with the data of server
Property.
Detailed description of the invention
Fig. 1 is the system construction drawing of electronics ticket service device and user equipment 1 provided in an embodiment of the present invention.
Fig. 2 is the system construction drawing that the present invention implements the user equipment provided and user equipment 2.
Fig. 3 is the bill transfer method flow chart in electronics voucher system provided in an embodiment of the present invention based on D2D technology.
Specific embodiment
In order to make the objectives, technical solutions, and advantages of the present invention clearer, with reference to embodiments, to the present invention
It is further elaborated.It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, it is not used to
Limit the present invention.
Application principle of the invention is explained in detail with reference to the accompanying drawing.
As depicted in figs. 1 and 2, the electronics authority safe flow system provided in an embodiment of the present invention based on D2D includes: electricity
Sub- ticket service device, user equipment 1, user equipment 2;1 (UE of user equipment1) pass through with electronics ticket service device (SERVER) and lead to
Communication network connection, 1 (UE of user equipment1) and 2 (UE of user equipment2) connected by D2D channel.Electronics ticket service device include but
It is not limited to certificate authority module (CA), authentication module (AS), data memory module (DB), user equipment includes but is not limited to log in
The device certificate and equipment that built-in CA is issued when module, data transmission module, D2D module and each user equipment factory are private
The certificate of key, electronics ticket service device.
The modules of user equipment are write using high-level programming language, and log-in module is responsible for reception Client-initiated and is logged in
Request, passes through communication network interaction with electronics ticket service device;Data transmission module is responsible for storing the transmission of electronics ticket service device
Bill data, in D2D module request bill data required data are sent to D2D module;D2D module is responsible in same use
The safety circulation that the new and old equipment room at family completes equipment certification, establishes safe D2D channel, completes bill.User equipment 1 and electricity
Sub- ticket service device establishes secure connection by communication network, and user logs in after secure connection foundation, after logging in successfully
Electronics ticket service device logs in successful voucher to one user of transmission of user equipment 1 and carries out electronics authority with user equipment 1
The transmission of data.User equipment 1 and electronics authority are successfully set up user after secure connection and successful log by communication network
Equipment 1 and user equipment 2 can start to carry out the circulation of electronics authority, and the bill transfer scheme based on D2D technology specifically walks
It is rapid as follows:
i.UE1Broadcast:
User is intended to by UE1To UE2Shift authority status information, UE1D2D connecting channel is established in broadcast data packet, request, number
According in packet include UE1Certificate (Cert1), the timestamp of systemRandom number (random1) and UE1To system time
The signature of stamp and random number
ii.UE2→UE1:
UE2After receiving broadcast data packet, using the certificate of SERVER built-in when factory come in verify data packet
UE1The legitimacy of certificate, in the acknowledged UE of user1Information after, utilize obtained UE1Certification authentication UE1It is rightWith
random1SignatureThen the review time stabsWhether within the period of permission, random number random1
Whether occurred within the period of permission, if UE1Certificate is illegal, signature verification does not pass through,Have exceeded the time of permission
Section, random1Occurred meeting the first packet discard of above-mentioned any condition within the period of permission and to UE1Transmission is refused
Exhausted communication data packet simultaneously disconnects, otherwise UE2To UE1Reply data packet is sent, data packet includes: UE2Certificate (Cert2)、
UE2To random1SignatureCert1, system timestampRandom number (random2) and
UE2To UE1Certificate, system timestamp and random number signature
iii.UE1→ SERVER:
UE1Receive UE2The response bag of return, using the certificate of SERVER built-in when factory come verify data packet
Middle UE2The legitimacy of certificate, in the acknowledged UE of user2Information after, utilize obtained UE2Certification authentication UE2To Cert1、
And random2SignatureThen the UE in received data packet is compared1It is stored in certificate and equipment
Certificate it is whether consistent, the review time stampWhether within the period of permission, random number random2Whether permission time
Occurred in section, if UE2Certificate is illegal, signature verification does not pass through, UE1Certificate compare it is inconsistent,Have exceeded permission when
Between section, random2Occurred meeting the first packet discard of above-mentioned any condition within the period of permission and to UE2It sends
Refusal communication data packet simultaneously disconnects, otherwise UE1D2D parameter request data packet is sent to SERVER, data packet includes:
Cert1、Cert2、UE1To random1SignatureBy UE2What response bag obtainedWhen system
Between stabRandom number (random3)。
iv.SERVER→UE1:
SERVER receives UE1After the D2D parameter request data packet of transmission, the Cert in received data packet is compared1、Cert2
It is whether consistent with the certificate back-up that is stored in certificate repository, then verifyWithSign test the result is that
It is no consistent, review time stampWhether within the period of permission, random number random3Whether occur within the period of permission
It crosses, if the backup in certificate and certificate repository is inconsistent, sign test result is not identical,Have exceeded period, the random of permission3?
Occurred meeting the first packet discard of above-mentioned any condition in the period of permission and to UE1Send refusal communication data packet
And disconnect, otherwise SERVER is to UE1D2D parameter reply data packet is sent, data packet includes: the timestamp of systemRandom number (random4) and SERVER to the signature of system timestamp, random numberv.UE1→UE2:
UE1The review time stabs after receiving the D2D parameter response bag of SERVER returnWhether allowing in the period, with
Machine number random4Whether allowing to occur in the period, ifHaving exceeded allows period or random number random4Permitting
Perhaps occurred then packet discard in the period and requested to retransmit D2D parameter to SERVER, otherwise UE1Select a random number
A calculates ga, UE1To UE2D2D parameter notification data packet is sent, data packet includes:random4、ga, system timestampRandom number (random5) and UE1To ga, system time
The signature of stamp and random numberThe data packet uses UE2Public key PK2Encryption is sent.
vi.UE2→UE1:
UE2UE is used first after receiving D2D parameter notice packet2Then packet decryption is utilized factory by the private key of itself
When built-in SERVER certificate come in verify data packetLegitimacy, using in II
The UE arrived1Certification authenticationLegitimacy, last review time stampWhether when allowing
Between in section, random number random4、random5Whether allow the period in occurred, if data packet can not decrypt,Signature verification failure,Signature verification failure,OrExceed and has permitted
Perhaps period, random4Or random5Allowing to occur meeting the first packet discard of above-mentioned any condition in the period
And to UE1It sends refusal communication data packet and disconnects, otherwise UE2A random number b is selected, g is calculatedb(ga)bMod p,
UE2To UE1D2D parameter reply data packet is sent, data packet includes: gb, system timestampRandom number (random6)
And UE2To gb, the timestamp of system and the signature of random numberThe data packet uses UE1Public key
PK1Encryption is sent.
vii.UE1→UE2: { START }K
UE1Receive UE2After the D2D parameter reply data packet of transmission, UE is used first1The private key of itself is by data packet solution
It is close, then utilize UE obtained in III2Certification authenticationLegitimacy, last review time stamp
Whether allowing in the period, random number random6Whether allow the period in occurred, if data packet can not decrypt,Signature verification failure,Having exceeded allows period, random6Allowing to occur in the period
Cross the first packet discard for meeting above-mentioned any condition and to UE2It sends refusal communication data packet and disconnects, otherwise UE1
Calculate (gb)aMod p, UE1To UE2Examination communication data packet is sent, data packet includes that communication starts field START, the data packet
Use the symmetric cryptographic key K=(g for having negotiated to finishb)aMod p=(ga)bMod p is encrypted.
viii.UE2→UE1: { ACK }K
UE2Receive UE1It is decrypted after the examination communication data packet of transmission using consensus symmetric cryptographic key K, if
It can not decrypt then to UE1It sends refusal communication data packet and disconnects, otherwise UE2To UE1Transmission pings letter reply data packet,
Data packet includes acknowledgement field ACK, which uses the symmetric cryptographic key K=(g for having negotiated to finishb)aMod p=(ga)b
Mod p is encrypted.
ix.UE2→UE1: { taxpayer_ID }
UE2Completion and UE1Channel establish after, user is in new equipment UE2The Taxpayer Identification Number of upper input oneself
(taxpayer_ID), UE2The identifier is sent to UE by established D2D channel1。
x.UE1→UE2: { tickets_list }
UE1Receive UE2After the Taxpayer Identification Number (taxpayer_ID) of transmission, with UE1It is received in the authority being locally stored
Tax people's identifier is compared, and generates an authority list (ticket_list) using the matched authority of Taxpayer Identification Number and returns
Back to UE2, when each data item of authority list includes that the authority side of issuing title, authority recipient title and authority are issued
Between.
xi.UE2→UE1: { tickets_list_selected }
UE2Receive UE1After the authority list of return, user is according to the side's of making out an invoice title and when receiving ticket side's title and making out an invoice
Between selection need to be synchronized to new equipment UE2Authority data, then UE2To UE1Send authority list (tickets_ to be synchronized
list_selectet)。
xii.UE1→UE2: { tickets_data }
UE1After receiving authority list (tickets_list_selectet) to be synchronized, by authority number needed for list
According to being sent to UE2, authority data include but is not limited to: authority unique identifier, the side's of making out an invoice duty paragraph, the side of making out an invoice address and connection electricity
Talk about, the bank of deposit, the side of making out an invoice and account, receive ticket side's duty paragraph, receive ticket side address and telephone number, the Shou Piaofang bank of deposit and account,
It makes out an invoice date etc..
xiii.UE1→UE2:
UE2The authority data received are stored in local, then to UE1Return to unique knowledge of all authoritys stored
Alias (ticket_IDn) and to the signatures of all authority unique identifiersxiv.UE1→
SERVER:
UE1All UE are informed to SERVER2The authority unique identifier and UE synchronized2To authority unique identifier
Signature.
xv.SERVER→UE1: { synchron_complete }
SERVER verifies UE after receiving data packet2Signature, be verified and UE be written in the database2Device data
And the bank slip recognition number synchronized in the equipment, then to UE1Return synchronously completes response, UE1It receives and synchronously completes response
Disconnection and UE afterwards2D2D connection, authority circulation complete.
Application principle of the invention is further described with reference to the accompanying drawing.
As shown in figure 3, user buys a new equipment user equipment 2 at this time after user equipment 1 completes landfall process,
User wants not needing that the electronics authority data safety in user equipment 1 is transferred to use in the case that networking logs in equipment 2
In family equipment 2.1 (UE of user equipment1) broadcast data packet, it include UE in data packet1Certificate (Cert1), data packet broadcast when
Time stampRandom number (random1) and UE1It is rightAnd random1SignatureUser equipment 2
(UE2) broadcast packet is received, first verify that Cert1Legitimacy because the certificate of each equipment is all to be issued by CA and each
Platform equipment all built-in electronic ticket service device root certificates, it is possible to verify certificate legitimacy.Then it checksrandom1With
After sign testIt is whether consistent.Pass through UE after verifying2To UE1Response bag is sent, includes UE in data packet2's
Certificate (Cert2)、UE1Certificate (Cert1), data packet generate when time stampRandom number (random2)、UE2It is right
random1SignatureAnd UE2To Cert1、And random2SignatureUE1
After receiving response, Cert is first verified that2Legitimacy, the Cert that will be received1Doing comparison check with the certificate of equipment itself is
It is no consistent, then check Cert1,random2After sign testIt is whether consistent.Pass through verifying
UE afterwards1D2D request data package is sent to electronics ticket service device (SERVER), includes Cert in data packet1、Cert2、UE1It is right
random1SignatureFrom UE2Obtained in the response of returnTime stamp when data packet generatesRandom number (random3);After SERVER receives D2D request, first by Cert1、Cert2In certificate authority module
Unanimously whether the certificate of backup be compared, and then verifiesSignature.After verifying
SERVER is to UE1Send reply data packet, time stamp when generating in data packet comprising data packetRandom number
(random4), SERVER pairsSignatureUE1Receive the letter of SERVER transmission
After breath, random number a is selected to calculate ga, to UE2Sending data packet includes:random4、ga、random5、And the data packet uses UE2Public key encryption transmitted;UE2Receive data packet
The signature and UE of SERVER are verified after being decrypted afterwards using the private key of oneself1Signature, by verifying after obtain ga。UE2Selection
Random number b calculates gbBackward UE1Sending data packet includes: gb, data packet generate when time stampRandom number
(random6)、UE2It is rightSignatureAnd the data packet uses UE1Public key into
Row encrypted transmission;UE1It receives and verifies UE after being decrypted after data packet using the private key of oneself2Signature, by verifying after
To gb;K=(ga)bModp=(gb)aModp is UE1With UE2Communication key;UE2Completion and UE1Channel establish after, use
Family is in new equipment UE2The Taxpayer Identification Number (taxpayer_ID) of upper input oneself, UE2The identifier is passed through established
D2D channel is sent to UE1;UE1Receive UE2After the Taxpayer Identification Number (taxpayer_ID) of transmission, with UE1It is locally stored
Taxpayer Identification Number is compared in authority, generates an authority list (ticket_ using the matched authority of Taxpayer Identification Number
List UE) is returned to2, each data item of authority list include the authority side of issuing title, authority recipient title and with
According to issuing the time;UE2Receive UE1After the authority list of return, user ticket side's title and makes out an invoice according to the side's of making out an invoice title with receiving
Selection of time needs to be synchronized to new equipment UE2Authority data, then UE2To UE1Send authority list (tickets_ to be synchronized
list_selectet);UE1After receiving authority list (tickets_list_selectet) to be synchronized, needed in list
Authority data be sent to UE2, authority data include: authority unique identifier, the side's of making out an invoice duty paragraph, the side of making out an invoice address and connection electricity
Talk about, the bank of deposit, the side of making out an invoice and account, receive ticket side's duty paragraph, receive ticket side address and telephone number, the Shou Piaofang bank of deposit and account,
It makes out an invoice date etc.;UE2The authority data received are stored in local, then to UE1Return to the unique of all authoritys stored
Identifier (ticket_IDn) and to the signatures of all authority unique identifiersUE1To SERVER
Inform all UE2The authority unique identifier and UE synchronized2To the signature of authority unique identifier;SERVER receives number
According to verifying UE after packet2Signature, be verified and UE be written in the database2Device data and the equipment in the ticket that has synchronized
According to identifier, then to UE1Return synchronously completes response, UE1Receive disconnection and UE after synchronously completing response2D2D connection,
Authority circulation is completed.
The foregoing is merely illustrative of the preferred embodiments of the present invention, is not intended to limit the invention, all in essence of the invention
Made any modifications, equivalent replacements, and improvements etc., should all be included in the protection scope of the present invention within mind and principle.
Claims (8)
1. a kind of electronics authority secure flows shifting method based on D2D, which is characterized in that the electronics authority safety based on D2D
Circulation method includes:
User equipment is connect with electronics ticket service device by communication network, is connected between user equipment by D2D channel, is completed
After being mutually authenticated, user equipment is real-time or UE is acquired periodically1Existing and bill state from now on;Electronics ticket service device packet
Certificate authority module, authentication module, data memory module are included but are not limited to, user equipment is provided with log-in module, data transmission
The device certificate and device private, electronics authority that built-in CA is issued when module, D2D module and each user equipment factory take
The certificate of business device.
2. the electronics authority secure flows shifting method based on D2D as described in claim 1, which is characterized in that described based on D2D's
Electronics authority secure flows shifting method includes:
(1) user equipment 1 establishes secure connection by communication network with electronics ticket service device, the user after secure connection foundation
Logged in, log in successfully after electronics ticket service device to user equipment 1 send a user log in successful voucher and with
The transmission of the progress electronics authority data of family equipment 1;User equipment 1 is successfully set up with electronics ticket service device by communication network
The transmission that electronics authority data are completed after secure connection and successful log is the necessary item of the bill transfer scheme based on D2D technology
Part;
(2) in user equipment 1UE1After completing landfall process, user buys a new equipment user equipment 2UE at this time2, user thinks
It does not need that the electronics authority data safety in user equipment 1 is transferred to user equipment 2 in the case that networking logs in equipment 2
In;UE1Broadcast data packet includes UE in data packet1Certificate Cert1, data packet broadcast when time stampRandom number
random1And UE1It is rightAnd random1SignatureUE2Broadcast packet is received, first verifies that Cert1's
Legitimacy;Then it checksrandom1After sign testIt is whether consistent;Pass through UE after verifying2To UE1Hair
Response bag is sent, includes UE in data packet2Certificate Cert2、UE1Certificate Cert1, data packet generate when time stampRandom number
random2、UE2To random1SignatureAnd UE2To Cert1、And random2SignatureUE1After receiving response, Cert is first verified that2Legitimacy, the Cert that will be received1With set
Whether standby certificate itself does comparison check consistent;
Then Cert is checked1,random2After sign testIt is whether consistent;After verifying
UE1D2D request data package is sent to electronics ticket service device SERVER, includes Cert in data packet1、Cert2、UE1To random1
SignatureFrom UE2Obtained in the response of returnTime stamp when data packet generatesWith
Machine number random3;After SERVER receives D2D request, first by Cert1、Cert2With the certificate backed up in certificate authority module
It whether to be unanimously compared, then verifiesSignature;By after verifying to UE1Send one
Reply data packet, time stamp when being generated comprising data packet in data packetRandom number random4, SERVER pairsSignatureUE1After the information for receiving SERVER transmission, random number a meter is selected
Calculate ga, to UE2Sending data packet includes:random4、ga、random5、And the data packet uses UE2Public key encryption transmitted;UE2It is used certainly after receiving data packet
Oneself private key verifies SERVER and UE after being decrypted1Signature, by verifying after obtain ga;UE2Random number b is selected, is calculated
gbBackward UE1Sending data packet includes: gb, data packet generate when time stampRandom number random6、UE2It is rightSignatureAnd the data packet uses UE1Public key carry out encrypted transmission;UE1
It receives and verifies UE after being decrypted after data packet using the private key of oneself2Signature, by verifying after obtain gb;K=(ga)b
Mod p=(gb)aMod p is UE1With UE2Communication key, UE2Completion and UE1Channel establish after, user is in new equipment
UE2The Taxpayer Identification Number taxpayer_ID, UE of upper input oneself2The identifier is sent to by established D2D channel
UE1;UE1Receive UE2After the Taxpayer Identification Number taxpayer_ID of transmission, with UE1Taxpayer knows in the authority being locally stored
Alias is compared, and generates an authority list ticket_list using the matched authority of Taxpayer Identification Number and returns to UE2,
When each data item of authority list includes but is not limited to that the authority side of issuing title, authority recipient title and authority are issued
Between;UE2Receive UE1After the authority list of return, user is according to the side's of making out an invoice title and receives ticket side's title and invoicing time selection
Need to be synchronized to new equipment UE2Authority data, then UE2To UE1Send authority list tickets_list_ to be synchronized
selectet;UE1After receiving authority list tickets_list_selectet to be synchronized, by authority number needed for list
According to being sent to UE2;
UE2The authority data received are stored in local, then to UE1Return to the unique identifier of all authoritys stored
ticket_IDnAnd the signature to all authority unique identifiersUE1All UE are informed to SERVER2?
Synchronous authority unique identifier and UE2To the signature of authority unique identifier;SERVER verifies UE after receiving data packet2
Signature, be verified and UE be written in the database2Device data and the equipment in the bank slip recognition number that has synchronized, then
To UE1Return synchronously completes response, UE1Receive disconnection and UE after synchronously completing response2D2D connection, authority circulation complete.
3. the electronics authority secure flows shifting method based on D2D as claimed in claim 2, which is characterized in that described based on D2D's
Electronics authority secure flows shifting method specifically includes:
The first step, UE1Broadcast:
User is intended to by UE1To UE2Shift authority status information, UE1D2D connecting channel, data packet are established in broadcast data packet, request
In include UE1Certificate Cert1, system timestampRandom number random1And UE1To system timestamp and random number
Signature
Second step, UE2→UE1:
UE2After receiving broadcast data packet, using the certificate of SERVER built-in when factory come UE in verify data packet1Card
The legitimacy of book, in the acknowledged UE of user1Information after, utilize obtained UE1Certification authentication UE1It is rightAnd random1Label
NameThen the review time stabsWhether within the period of permission, random number random1Whether allowing
Period in occurred, if UE1Certificate is illegal, signature verification does not pass through,Have exceeded period, the random of permission1
Occurred meeting the first packet discard of above-mentioned any condition within the period of permission and to UE1Send refusal communication data
It wraps and disconnects, otherwise UE2To UE1Reply data packet is sent, data packet includes: UE2Certificate Cert2、UE2To random1
SignatureCert1, system timestampRandom number random2And UE2To UE1Certificate, system when
Between stamp and random number signature
Third step, UE1→ SERVER:
UE1Receive UE2The response bag of return, using the certificate of SERVER built-in when factory come UE in verify data packet2
The legitimacy of certificate, in the acknowledged UE of user2Information after, utilize obtained UE2Certification authentication UE2To Cert1、With
random2SignatureThen the UE in received data packet is compared1The card stored in certificate and equipment
Whether book is consistent, review time stampWhether within the period of permission, random number random2Whether within the period of permission
Occurred, if UE2Certificate is illegal, signature verification does not pass through, UE1Certificate compare it is inconsistent,Have exceeded permission period,
random2Occurred meeting the first packet discard of above-mentioned any condition within the period of permission and to UE2It is logical to send refusal
Letter data packet simultaneously disconnects, otherwise UE1D2D parameter request data packet is sent to SERVER, data packet includes: Cert1、
Cert2、UE1To random1SignatureBy UE2What response bag obtainedSystem timestampRandom number random3;
4th step, SERVER → UE1:
SERVER receives UE1After the D2D parameter request data packet of transmission, the Cert in received data packet is compared1、Cert2With card
Whether the certificate back-up stored in stack room is consistent, then verifiesWithSign test result whether one
It causes, review time stampWhether within the period of permission, random number random3Whether occurred within the period of permission,
If backup in certificate and certificate repository is inconsistent, sign test result is not identical,Have exceeded period, the random of permission3Permitting
Perhaps occurred meeting the first packet discard of above-mentioned any condition in period and to UE1Send refusal communication data packet simultaneously
It disconnects, otherwise SERVER is to UE1D2D parameter reply data packet is sent, data packet includes: the timestamp of systemAt random
Number random4And SERVER is to the signature of system timestamp, random number
5th step, UE1→UE2:
UE1The review time stabs after receiving the D2D parameter response bag of SERVER returnWhether allowing in the period, random number
random4Whether allowing to occur in the period, ifHaving exceeded allows period or random number random4When allowing
Between occurred then packet discard in section and request to retransmit D2D parameter to SERVER, otherwise UE1A random number a is selected, is counted
Calculate ga, UE1To UE2D2D parameter notification data packet is sent, data packet includes:random4、ga、
The timestamp of systemRandom number random5And UE1To ga, the timestamp of system and the signature of random numberThe data packet uses UE2Public key PK2Encryption is sent;
6th step, UE2→UE1:
UE2UE is used first after receiving D2D parameter notice packet2Then the private key of itself utilizes packet decryption when dispatching from the factory
Certificate through built-in SERVER comes in verify data packetLegitimacy, using obtained in II
UE1Certification authenticationLegitimacy, last review time stampWhether the period is being allowed
It is interior, random number random4、random5Whether allow the period in occurred, if data packet can not decrypt,Signature verification failure,Signature verification failure,OrExceed and has permitted
Perhaps period, random4Or random5Allowing to occur meeting the first packet discard of above-mentioned any condition in the period
And to UE1It sends refusal communication data packet and disconnects, otherwise UE2A random number b is selected, g is calculatedb(ga)bMod p,
UE2To UE1D2D parameter reply data packet is sent, data packet includes: gb, system timestampRandom number random6And
UE2To gb, the timestamp of system and the signature of random numberThe data packet uses UE1Public key PK1Add
Close transmission;
7th step, UE1→UE2: { START }K
UE1Receive UE2After the D2D parameter reply data packet of transmission, UE is used first1The private key of itself is by packet decryption, so
UE obtained in III is utilized afterwards2Certification authenticationLegitimacy, last review time stampWhether
Allow in the period, random number random6Whether allow the period in occurred, if data packet can not decrypt,Signature verification failure,Having exceeded allows period, random6Allowing to occur in the period
Cross the first packet discard for meeting above-mentioned any condition and to UE2It sends refusal communication data packet and disconnects, otherwise UE1
Calculate (gb)aMod p, UE1To UE2Examination communication data packet is sent, data packet includes that communication starts field START, the data packet
Use the symmetric cryptographic key K=(g for having negotiated to finishb)aMod p=(ga)bMod p is encrypted;
8th step, UE2→UE1: { ACK }K
UE2Receive UE1It is decrypted after the examination communication data packet of transmission using consensus symmetric cryptographic key K, if can not
Decryption is then to UE1It sends refusal communication data packet and disconnects, otherwise UE2To UE1Transmission pings letter reply data packet, data
Packet includes acknowledgement field ACK, which uses the symmetric cryptographic key K=(g for having negotiated to finishb)aMod p=(ga)b
Mod p is encrypted;
9th step, UE2→UE1: { taxpayer_ID }
UE2Completion and UE1Channel establish after, user is in new equipment UE2The Taxpayer Identification Number taxpayer_ of upper input oneself
ID, UE2The identifier is sent to UE by established D2D channel1;
Tenth step, UE1→UE2: { tickets_list }
UE1Receive UE2After the Taxpayer Identification Number taxpayer_ID of transmission, with UE1Taxpayer knows in the authority being locally stored
Alias is compared, and generates an authority list ticket_list using the matched authority of Taxpayer Identification Number and returns to UE2,
Each data item of authority list includes that the authority side of issuing title, authority recipient title and authority issue the time;
11st step, UE2→UE1: { tickets_list_selected }
UE2Receive UE1After the authority list of return, user is according to the side's of making out an invoice title and receives ticket side's title and invoicing time choosing
It selects and needs to be synchronized to new equipment UE2Authority data, then UE2To UE1Send authority list tickets_list_ to be synchronized
selectet;
12nd step, UE1→UE2: { tickets_data }
UE1After receiving authority list tickets_list_selectet to be synchronized, authority data needed for list are sent
To UE2;
13rd step, UE1→UE2:
UE2The authority data received are stored in local, then to UE1Return to the unique identifier of all authoritys stored
ticket_IDnAnd the signature to all authority unique identifiers
14th step, UE1→ SERVER:
UE1All UE are informed to SERVER2The authority unique identifier and UE synchronized2To the label of authority unique identifier
Name;
15th step, SERVER → UE1: { synchron_complete }
SERVER verifies UE after receiving data packet2Signature, be verified and UE be written in the database2Device data and
The bank slip recognition number synchronized in the equipment, then to UE1Return synchronously completes response, UE1It receives and breaks after synchronously completing response
It opens and UE2D2D connection, authority circulation complete.
4. a kind of electronics authority peace based on D2D of electronics authority secure flows shifting method realized described in claim 1 based on D2D
Full flow system, which is characterized in that the safe flow system of electronics authority based on D2D includes: electronics ticket service device, uses
Family equipment 1, user equipment 2;
User equipment 1 is connect with electronics ticket service device by communication network, and user equipment 1 and user equipment 2 pass through D2D channel
Connection;
Electronics ticket service device includes certificate authority module, authentication module, data memory module, and user equipment, which is provided with, logs in mould
The device certificate and equipment that built-in CA is issued when block, data transmission module, D2D module and each user equipment factory are private
The certificate of key, electronics ticket service device.
5. the safe flow system of electronics authority based on D2D as claimed in claim 4, which is characterized in that the electronics authority
Server electronic ticket service device is connect with user equipment by communication network;Certificate authority module is responsible for legitimate user and issues
Data needed for authenticating, including sign containing electronics ticket service device trusted certificates, store the certificate pair of certificate user
Originally, provide authentication module and carry out related credentials data required when verification process;Authentication module is responsible for handling logging in for user's friendship
Request completes Sign-On authentication to the necessary certification authentication data of certificate authority module request, and user deposits after logging in successfully with data
Module interaction is stored up, the bill data of user is sent to user equipment;Data memory module be responsible for store user bill data,
Corresponding bill data is sent to log-in module after the bill data request for receiving log-in module.
6. the safe flow system of electronics authority based on D2D as claimed in claim 4, which is characterized in that the user equipment
Including log-in module, data transmission module, D2D module, and all built-in when each user equipment factory includes: setting of issuing of CA
Standby certificate and device private, electronics ticket service device certificate and electronics voucher system used by hash algorithm, it is symmetrical plus
Decipherment algorithm, asymmetric enciphering and deciphering algorithm and Jie's p-1 multiplicative group Zp *G, p two parameter;P is prime number, and g is to generate member;
Log-in module is responsible for receiving Client-initiated log on request, passes through communication network interaction with electronics ticket service device;Data
Transmission module be responsible for store electronics ticket service device send bill data, in D2D module request bill data by required number
According to being sent to D2D module;D2D module is responsible for the D2D letter completed equipment certification in the new and old equipment room of same user, establish safety
Road, the safety circulation for completing authority.
7. a kind of electronic certificate using the electronics authority secure flows shifting method described in claims 1 to 3 any one based on D2D
System.
8. a kind of information data processing terminal equipped with electronic certificate system described in claim 7.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910123597.1A CN110011791B (en) | 2019-02-18 | 2019-02-18 | D2D-based electronic credential secure circulation method and system and electronic credential system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910123597.1A CN110011791B (en) | 2019-02-18 | 2019-02-18 | D2D-based electronic credential secure circulation method and system and electronic credential system |
Publications (2)
Publication Number | Publication Date |
---|---|
CN110011791A true CN110011791A (en) | 2019-07-12 |
CN110011791B CN110011791B (en) | 2021-07-09 |
Family
ID=67165826
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910123597.1A Active CN110011791B (en) | 2019-02-18 | 2019-02-18 | D2D-based electronic credential secure circulation method and system and electronic credential system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110011791B (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113159872A (en) * | 2021-02-26 | 2021-07-23 | 西安电子科技大学 | Privacy protection online billing service authentication method, system, storage medium and application |
CN116049802A (en) * | 2023-03-31 | 2023-05-02 | 深圳竹云科技股份有限公司 | Application single sign-on method, system, computer equipment and storage medium |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102571376A (en) * | 2012-02-24 | 2012-07-11 | 苏州阔地网络科技有限公司 | Method and system for implementing multi-window chat |
CN102711105A (en) * | 2012-05-18 | 2012-10-03 | 华为技术有限公司 | Method, device and system for communication through mobile communication network |
CN103595750A (en) * | 2012-08-17 | 2014-02-19 | 华为技术有限公司 | Method, terminal and network side for peer-to-pear communication |
CN104660567A (en) * | 2013-11-22 | 2015-05-27 | 中国联合网络通信集团有限公司 | D2D terminal access authentication method as well as D2D terminal and server |
CN106953727A (en) * | 2017-03-13 | 2017-07-14 | 南京邮电大学 | Based on the group safety certifying method without certificate in D2D communications |
CN107251591A (en) * | 2015-03-13 | 2017-10-13 | 英特尔Ip公司 | Device-to-device discovery and system, the method and apparatus of communication for safety |
-
2019
- 2019-02-18 CN CN201910123597.1A patent/CN110011791B/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102571376A (en) * | 2012-02-24 | 2012-07-11 | 苏州阔地网络科技有限公司 | Method and system for implementing multi-window chat |
CN102711105A (en) * | 2012-05-18 | 2012-10-03 | 华为技术有限公司 | Method, device and system for communication through mobile communication network |
CN103595750A (en) * | 2012-08-17 | 2014-02-19 | 华为技术有限公司 | Method, terminal and network side for peer-to-pear communication |
CN104660567A (en) * | 2013-11-22 | 2015-05-27 | 中国联合网络通信集团有限公司 | D2D terminal access authentication method as well as D2D terminal and server |
CN107251591A (en) * | 2015-03-13 | 2017-10-13 | 英特尔Ip公司 | Device-to-device discovery and system, the method and apparatus of communication for safety |
CN106953727A (en) * | 2017-03-13 | 2017-07-14 | 南京邮电大学 | Based on the group safety certifying method without certificate in D2D communications |
Non-Patent Citations (4)
Title |
---|
WENLONG SHEN等: ""Secure Key Establishment for Device-to-Device Communications"", 《IEEE》 * |
卢昊旗: ""D2D通信的认证和密钥协商协议研究"", 《中国优秀硕士学位论文全文数据库信息科技辑》 * |
张亚楠: ""D2D通信的隐私安全研究"", 《中国优秀硕士学位论文全文数据库信息科技辑》 * |
王明君: ""设备到设备_D2D_通信安全和隐私保护研究"", 《中国博士学位论文全文数据库信息科技辑》 * |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113159872A (en) * | 2021-02-26 | 2021-07-23 | 西安电子科技大学 | Privacy protection online billing service authentication method, system, storage medium and application |
CN113159872B (en) * | 2021-02-26 | 2024-03-29 | 西安电子科技大学 | Privacy protection online billing service authentication method, system, storage medium and application |
CN116049802A (en) * | 2023-03-31 | 2023-05-02 | 深圳竹云科技股份有限公司 | Application single sign-on method, system, computer equipment and storage medium |
CN116049802B (en) * | 2023-03-31 | 2023-07-18 | 深圳竹云科技股份有限公司 | Application single sign-on method, system, computer equipment and storage medium |
Also Published As
Publication number | Publication date |
---|---|
CN110011791B (en) | 2021-07-09 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109756485B (en) | Electronic contract signing method, electronic contract signing device, computer equipment and storage medium | |
US11050563B2 (en) | Method of exchanging keys by smart contract implemented on a blockchain | |
CN112003889B (en) | Distributed cross-link system and cross-link information interaction and system access control method | |
CN108270571B (en) | Internet of Things identity authorization system and its method based on block chain | |
Horn et al. | Authentication protocols for mobile network environment value-added services | |
CN101005359B (en) | Method and device for realizing safety communication between terminal devices | |
CN103297403B (en) | A kind of method and system for realizing dynamic cipher verification | |
EP1277301B1 (en) | Method for transmitting payment information between a terminal and a third equipement | |
CN103491540B (en) | The two-way access authentication system of a kind of WLAN based on identity documents and method | |
CN101393628B (en) | Novel network safe transaction system and method | |
CN102404347A (en) | Mobile internet access authentication method based on public key infrastructure | |
JP2005515715A (en) | Data transmission link | |
CN106060070A (en) | TLS handshake protocol for identity-based cryptosystem | |
CN111163109B (en) | Block chain center-removing type node anti-counterfeiting method | |
CN104901935A (en) | Bilateral authentication and data interaction security protection method based on CPK (Combined Public Key Cryptosystem) | |
CN114520976B (en) | Authentication method and device for user identity identification card and nonvolatile storage medium | |
CN111756529A (en) | Quantum session key distribution method and system | |
CN110020524A (en) | A kind of mutual authentication method based on smart card | |
CN106713236A (en) | End-to-end identity authentication and encryption method based on CPK identifier authentication | |
CN108632042A (en) | A kind of class AKA identity authorization systems and method based on pool of symmetric keys | |
US7971234B1 (en) | Method and apparatus for offline cryptographic key establishment | |
CN110011791A (en) | Electronics authority secure flows shifting method and system, electronics voucher system based on D2D | |
KR20010047563A (en) | Public key based mutual authentication method in wireless communication system | |
CN106330430B (en) | A kind of third party's method of mobile payment based on NTRU | |
CN113014376B (en) | Method for safety authentication between user and server |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
CB03 | Change of inventor or designer information | ||
CB03 | Change of inventor or designer information |
Inventor after: Cao Jin Inventor after: Liu Xiang Inventor after: Li Hui Inventor after: Zhu Hui Inventor after: Zhao Xingwen Inventor before: Cao Jin Inventor before: Liu Xiang Inventor before: Li Hui Inventor before: Zhu Hui Inventor before: Zhao Xingwen |