CN110233738A - Space-time smart-tag authentication method and system based on link measurement - Google Patents

Space-time smart-tag authentication method and system based on link measurement Download PDF

Info

Publication number
CN110233738A
CN110233738A CN201910583625.8A CN201910583625A CN110233738A CN 110233738 A CN110233738 A CN 110233738A CN 201910583625 A CN201910583625 A CN 201910583625A CN 110233738 A CN110233738 A CN 110233738A
Authority
CN
China
Prior art keywords
user terminal
time
certification
measurement
moment
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201910583625.8A
Other languages
Chinese (zh)
Other versions
CN110233738B (en
Inventor
陈曦
殷柳国
魏齐辉
匡麟玲
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Qingshen Technology Development Co Ltd
Tsinghua University
Original Assignee
Shanghai Qingshen Technology Development Co Ltd
Tsinghua University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Qingshen Technology Development Co Ltd, Tsinghua University filed Critical Shanghai Qingshen Technology Development Co Ltd
Priority to CN201910583625.8A priority Critical patent/CN110233738B/en
Publication of CN110233738A publication Critical patent/CN110233738A/en
Application granted granted Critical
Publication of CN110233738B publication Critical patent/CN110233738B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04BTRANSMISSION
    • H04B7/00Radio transmission systems, i.e. using radiation field
    • H04B7/14Relay systems
    • H04B7/15Active relay systems
    • H04B7/185Space-based or airborne stations; Stations for satellite systems
    • H04B7/1851Systems using a satellite or space-based relay
    • H04B7/18519Operations control, administration or maintenance
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3271Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3297Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Astronomy & Astrophysics (AREA)
  • Aviation & Aerospace Engineering (AREA)
  • General Physics & Mathematics (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The present invention provides a kind of space-time smart-tag authentication method and systems based on link measurement, applied to satellite communication network, this method comprises: control satellite communication network takes multiple measurements operation between user terminal and destinations traffic satellite, obtain space-time label and measurement result, wherein, repeatedly the number of measurement operation is greater than twice;Data packet to be certified is obtained, and combines space-time label and data packet to be certified, obtains the target packet for carrying space-time label;Target packet and measurement result, which are sent, to authentication center obtains authentication result so that authentication center is authenticated according to the information in the information and measurement result in target packet.The present invention is by repeatedly measuring obtained space-time label in conjunction with data packet for what is carried out between user terminal and telecommunication satellite, and to the mode that the space-time label carried in data packet is authenticated, it can be ensured that the authenticity and unforgeable of data packet to be certified.

Description

Space-time smart-tag authentication method and system based on link measurement
Technical field
The present invention relates to technical field of data security, more particularly, to a kind of space-time smart-tag authentication side based on link measurement Method and system.
Background technique
It is high that many contemporary information systems applications do not require nothing more than space-time datum precision, and to space-time datum safety, certification Propose requirement growing day by day.There is a representative of the terminal applies of special demands to time reference, is block chain application.Area Block chain is a kind of a kind of linked data structure for being sequentially in time combined into data block in such a way that sequence is connected, and with The distributed account book that can not be distorted He can not forge that cryptography mode guarantees.In the prior art, data block itself is wrapped The verifying of the space time information included is all based on the Verification System of internet, and thus there is system clothes can be broken through by hacker's means Business device, and then rewrite the risk of the verification information included with data falsification block itself.
Summary of the invention
In view of this, the purpose of the present invention is to provide a kind of space-time smart-tag authentication method based on link measurement and being System, by repeatedly measuring obtained space-time label in conjunction with data packet for what is carried out between user terminal and telecommunication satellite, and it is right The mode that the space-time label carried in data packet is authenticated, it can be ensured that the authenticity of data packet to be certified and can not forge Property.
In a first aspect, being applied to the embodiment of the invention provides a kind of space-time smart-tag authentication method based on link measurement Satellite communication network, which comprises control the satellite communication network between user terminal and destinations traffic satellite into Row repeatedly measurement operation, obtains space-time label and measurement result, wherein the number of the multiple measurement operation is greater than twice, institute Stating space-time label includes at least one of: the synchronization point of user terminal, the location information for authenticating random code and user terminal; The measurement result includes at least one of: the current time of destinations traffic satellite, the first star distance, certification random code, The location information of user terminal unique identifier, destinations traffic satellite;Data packet to be certified is obtained, and in conjunction with the space-time mark Label and the data packet to be certified, obtain the target packet for carrying the space-time label;The mesh is sent to authentication center Data packet and the measurement result are marked, so that the authentication center is according to the information and measurement knot in the target packet Information in fruit is authenticated, and authentication result is obtained.
Further, it controls the satellite communication network and is taken multiple measurements between user terminal and destinations traffic satellite Operation, obtains space-time label and measurement result includes: that the control user terminal is recognized to destinations traffic satellite transmission first Card measurement request, so that the destinations traffic satellite calculates described first after getting the first certification measurement request At the time of certification measurement request reaches the destinations traffic satellite, obtained for the first moment, and generate certification random code;Described first It include user terminal unique identifier in certification measurement request;The destinations traffic satellite is controlled to send out to the user terminal simultaneously The first response bag and second is sent to authenticate measurement request;First response bag includes at least one of: first moment, Two moment, the certification random code, second moment are the hair of first response bag and the second certification measurement request Send the moment;Wherein, the user terminal calculates after receiving first response bag and the second certification measurement request When the second certification measurement request reaches the user terminal, on the user terminal at the time of clock, the third moment is obtained, And time interval at the time of sending the first certification measurement request between the third moment is calculated, it obtains at the first time Interval, and to the destinations traffic satellite send the second response bag, wherein in second response bag include it is following at least it One: the third moment, the first time interval, the 4th moment, certification random code, the 4th moment answer for described second Answer the sending instant of packet;Based on the data in the data and second response bag in first response bag, institute is calculated State space-time label and the measurement result.
Further, it based on the data in the data and second response bag in first response bag, is calculated The space-time label, comprising: using formula Te=Tg- (Ts+ (Dt4+Dt1+Dt2)/2) calculating star time difference Te, wherein Tg For the third moment, Ts is first moment, and Dt4+Dt1 is the first time interval, Dt2 be first moment and Time interval between second moment;Obtain the current time Tn of clock on the user terminal, and by formula Tg '= Tn-Te calculates the synchronization point Tg ' of the user terminal;Obtain the location information of the user terminal;By the user terminal Synchronization point, it is described certification random code and the user terminal location information as the space-time label.
Further, it based on the data in the data and second response bag in first response bag, is calculated The measurement result includes: the current time for obtaining the destinations traffic satellite and the location information of the destinations traffic satellite; Utilize formula dsg=(Dt4+Dt1-Dt2) * C/2 calculates the first star ground distance dsg, wherein C is the light velocity, and Dt4+Dt1 is described the One time interval, time interval of the Dt2 between first moment and second moment;By the destinations traffic satellite Current time, first star distance, the certification random code, the user terminal unique identifier, the destinations traffic The location information of satellite is determined as the measurement result.
Further, the authentication center is according to the information in the information and the measurement result in the target packet It is authenticated, obtains authentication result, comprising: obtain the synchronization point of user terminal in the information of the target packet;With And the current time of the telecommunication satellite is obtained in the measurement result;Calculate current time of the telecommunication satellite and described The time difference of the synchronization point of user terminal;Judge whether the time difference is greater than the first preset value;If it is, obtaining The authentication result is the first authentication result, wherein first authentication result indicates not pass through the certification.
Further, then the method also includes: if it is judged that be less than or equal to described first pre- for the time difference If value, then the second star of positional information calculation of location information and the user terminal based on telecommunication satellite ground distance;Meter With calculating first star distance and second star ground the distance between distance difference;Judge whether the distance difference is greater than Two preset values;If it is, obtaining the authentication result is first authentication result;If it is not, then obtaining the certification knot Fruit is the second authentication result, wherein second authentication result indicates to pass through the certification.
Further, the method also includes: the measurement result is saved in the memory of the destinations traffic satellite In.
Second aspect, the embodiment of the present invention also provide a kind of space-time smart-tag authentication system based on link measurement, are set to Satellite communication network, comprising: multiple measurement module, space-time label are embedded in module and authentication module, wherein the multiple measurement mould Block takes multiple measurements operation for controlling the satellite communication network between user terminal and destinations traffic satellite, obtains Space-time label and measurement result, wherein it is described it is multiple measurement operation number be greater than twice, the space-time label include with down toward It is one of few: the synchronization point of user terminal, the location information for authenticating random code and user terminal;The measurement result includes following At least one: the current time of destinations traffic satellite, the first star distance, certification random code, user terminal unique identifier, mesh Mark the location information of telecommunication satellite;The space-time label is embedded in module, for obtaining data packet to be certified, and in conjunction with it is described when Empty label and the data packet to be certified, obtain the target packet for carrying the space-time label;The authentication module, is used for The target packet and the measurement result are sent to authentication center, so that the authentication center is according to the target packet In information and the measurement result in information authenticated, obtain authentication result.
Further, the multiple measurement module further include: the first measuring unit, the second measuring unit and computing unit, Wherein, first measuring unit sends the first certification measurement to the destinations traffic satellite for controlling the user terminal Request, so that the destinations traffic satellite after getting the first certification measurement request, calculates first certification and surveys At the time of amount request reaches the destinations traffic satellite, obtained for the first moment, and generate certification random code;First certification is surveyed It include user terminal unique identifier in amount request;Second measuring unit, for controlling the destinations traffic satellite simultaneously The first response bag and the second certification measurement request are sent to the user terminal;First response bag include it is following at least it One: first moment, the second moment, the certification random code, second moment are first response bag and described the The sending instant of two certification measurement requests;Wherein, the user terminal is recognized receiving first response bag and described second After card measurement request, when calculating the second certification measurement request reaches the user terminal, clock on the user terminal At the time of, the third moment is obtained, and calculate at the time of sending the first certification measurement request between the third moment Time interval obtains first time interval, and sends the second response bag to the destinations traffic satellite, wherein described second answers Answering includes at least one of in packet: the third moment, the first time interval, the 4th moment, certification random code, described 4th moment was the sending instant of second response bag;The computing unit, for based on the number in first response bag According to the data in second response bag, the space-time label and the measurement result is calculated.
Further, the computing unit is also used to: calculating star using formula Te=Tg- (Ts+ (Dt4+Dt1+Dt2)/2) Ground time difference Te, wherein Tg is the third moment, and Ts is first moment, and Dt4+Dt1 is the first time interval, Time interval of the Dt2 between first moment and second moment;Obtain clock on the user terminal it is current when Tn is carved, and calculates the synchronization point Tg ' of the user terminal by formula Tg '=Tn-Te;Obtain the position of the user terminal Information;Using the location information of the synchronization point of the user terminal, the certification random code and the user terminal as described in Space-time label.
In embodiments of the present invention, it is carried out between user terminal and destinations traffic satellite by controlling satellite communication network Repeatedly measurement operation, obtains space-time label and measurement result, wherein repeatedly the number of measurement operation is greater than twice;It obtains wait recognize The data packet of card, and space-time label and data packet to be certified are combined, obtain the target packet for carrying space-time label;To certification Center sends target packet and measurement result, so that authentication center is according in the information and measurement result in target packet Information is authenticated, and authentication result is obtained.In such a way that the above process is to the certification of the space-time label carried in data packet, really The authenticity and unforgeable of data packet to be certified have been protected, has been easy to alleviate data packet to be certified in the prior art The technical issues of being forged.
Other features and advantages of the present invention will illustrate in the following description, also, partly become from specification It obtains it is clear that understand through the implementation of the invention.The objectives and other advantages of the invention are in specification and attached drawing Specifically noted structure is achieved and obtained.
To enable the above objects, features and advantages of the present invention to be clearer and more comprehensible, preferred embodiment is cited below particularly, and cooperate Appended attached drawing, is described in detail below.
Detailed description of the invention
It, below will be to specific in order to illustrate more clearly of the specific embodiment of the invention or technical solution in the prior art Embodiment or attached drawing needed to be used in the description of the prior art be briefly described, it should be apparent that, it is described below Attached drawing is some embodiments of the present invention, for those of ordinary skill in the art, before not making the creative labor It puts, is also possible to obtain other drawings based on these drawings.
Fig. 1 is a kind of flow chart of space-time smart-tag authentication method based on link measurement provided in an embodiment of the present invention;
Fig. 2 is that one kind provided in an embodiment of the present invention takes multiple measurements behaviour between user terminal and destinations traffic satellite The timing diagram of work;
Fig. 3 is the data flow schematic diagram of space-time smart-tag authentication process provided in an embodiment of the present invention;
Fig. 4 is authentication method of the authentication center provided in an embodiment of the present invention to the target packet for carrying space-time label Flow chart;
Fig. 5 is a kind of schematic diagram of space-time smart-tag authentication system based on link measurement provided in an embodiment of the present invention;
Fig. 6 is the schematic diagram of another space-time smart-tag authentication system based on link measurement provided in an embodiment of the present invention.
Specific embodiment
In order to make the object, technical scheme and advantages of the embodiment of the invention clearer, below in conjunction with attached drawing to the present invention Technical solution be clearly and completely described, it is clear that described embodiments are some of the embodiments of the present invention, rather than Whole embodiments.Based on the embodiments of the present invention, those of ordinary skill in the art are not making creative work premise Under every other embodiment obtained, shall fall within the protection scope of the present invention.
In the description of the present invention, it should be noted that term " center ", "upper", "lower", "left", "right", "vertical", The orientation or positional relationship of the instructions such as "horizontal", "inner", "outside" be based on the orientation or positional relationship shown in the drawings, merely to Convenient for description the present invention and simplify description, rather than the device or element of indication or suggestion meaning must have a particular orientation, It is constructed and operated in a specific orientation, therefore is not considered as limiting the invention.In addition, term " first ", " second ", " third " is used for descriptive purposes only and cannot be understood as indicating or suggesting relative importance.
In addition, in the description of the embodiment of the present invention unless specifically defined or limited otherwise, term " installation ", " phase Even ", " connection " shall be understood in a broad sense, for example, it may be being fixedly connected, may be a detachable connection, or be integrally connected;It can To be mechanical connection, it is also possible to be electrically connected;It can be directly connected, can also can be indirectly connected through an intermediary Connection inside two elements.For the ordinary skill in the art, above-mentioned term can be understood at this with concrete condition Concrete meaning in invention.
Embodiment one:
According to embodiments of the present invention, a kind of embodiment of space-time smart-tag authentication method based on link measurement is provided, is needed It is noted that step shown in the flowchart of the accompanying drawings can be in the computer system of such as a group of computer-executable instructions Middle execution, although also, logical order is shown in flow charts, and it in some cases, can be to be different from herein Sequence executes shown or described step.
Fig. 1 is a kind of flow chart of space-time smart-tag authentication method based on link measurement according to an embodiment of the present invention, such as Shown in Fig. 1, this method is applied to satellite communication network, specifically comprises the following steps:
Step S102, control satellite communication network take multiple measurements behaviour between user terminal and destinations traffic satellite Make, obtain space-time label and measurement result, wherein repeatedly measurement operation number be greater than twice, space-time label include with down toward It is one of few: the synchronization point of user terminal, the location information for authenticating random code and user terminal;Measurement result include it is following at least One of: the current time of destinations traffic satellite, the first star distance, certification random code, user terminal unique identifier, target it is logical Believe the location information of satellite.
Preferably, in embodiments of the present invention, repeatedly the number of measurement operation is three times, it should be noted that in this hair In bright embodiment, repeatedly the number of measurement operation is not limited to 3 times, can also be other numbers greater than 2, the present embodiment pair This is not specifically limited.
Step S104 obtains data packet to be certified, and combines space-time label and data packet to be certified, when obtaining carrying The target packet of empty label.
Optionally, data packet to be certified can be a block data to be certified in block chain, the present embodiment pair Block to be certified is not specifically limited.
Step S106 sends target packet and measurement result to authentication center, so that authentication center is according to target data The information in information and measurement result in packet is authenticated, and authentication result is obtained.Wherein, the target data after certification Packet, which can be avoided, to be forged.
In embodiments of the present invention, it is carried out between user terminal and destinations traffic satellite by controlling satellite communication network Repeatedly measurement operation, obtains space-time label and measurement result, wherein repeatedly the number of measurement operation is greater than twice;It obtains wait recognize The data packet of card, and space-time label and data packet to be certified are combined, obtain the target packet for carrying space-time label;To certification Center sends target packet and measurement result, so that authentication center is according in the information and measurement result in target packet Information is authenticated, and authentication result is obtained.In such a way that the above process is to the certification of the space-time label carried in data packet, really The authenticity and unforgeable of data packet to be certified have been protected, has been easy to alleviate data packet to be certified in the prior art The technical issues of being forged.
Fig. 2 is according to the present invention a kind of when taking multiple measurements operation between user terminal and destinations traffic satellite Sequence figure, wherein multiple pendulous frequency be three times, as shown in Fig. 2, the measurement operate the following steps are included:
Step S201, control user terminal sends the first certification measurement request to destinations traffic satellite, so that destinations traffic Satellite is after getting the first certification measurement request, at the time of calculating the first certification measurement request reaches destinations traffic satellite, The first moment Ts is obtained, and generates certification random code;It include user terminal unique identifier in first certification measurement request.Its In, user terminal unique identifier is for characterizing subscriber identity information.
Step S202, control destinations traffic satellite sends the first response bag to user terminal simultaneously and the second certification measurement is asked It asks;First response bag includes at least one of: the first moment Ts, the second moment Ts+Dt2, certification random code, the second moment was The sending instant of first response bag and the second certification measurement request.
Step S203, user terminal calculate second and recognize after receiving the first response bag and the second certification measurement request When card measurement request reaches user terminal, on user terminal at the time of clock, third moment Tg is obtained, and calculate transmission first and recognize The time interval between the third moment at the time of card measurement request, first time interval Dt1+Dt4 is obtained, and to destinations traffic Satellite sends the second response bag, wherein includes at least one of: third moment Tg, first time interval in the second response bag Dt1+Dt4, the 4th moment Tg+Dt5, certification random code, the 4th moment are the sending instant of the second response bag;Based on the first response The data in data and the second response bag in packet, are calculated space-time label and measurement result.
Specifically, it in step S203, based on the data in the data and the second response bag in the first response bag, calculates To space-time label, include the following steps:
Step S2031 calculates star ground time difference Te using formula Te=Tg- (Ts+ (Dt4+Dt1+Dt2)/2), wherein Tg For the third moment, Ts was the first moment, and Dt4+Dt1 is first time interval, Dt2 between the first moment and the second moment when Between be spaced.
Step S2032 obtains the current time Tn of clock on user terminal, and calculates user by formula Tg '=Tn-Te The synchronization point Tg ' of terminal.
Step S2033 obtains the location information of user terminal.
Step S2034, using the synchronization point Tg ' of user terminal, certification random code and user terminal location information as Space-time label.
Specifically, it in step S203, based on the data in the data and the second response bag in the first response bag, calculates Further include following steps to measurement result:
Step S2035 obtains the current time of destinations traffic satellite and the location information of destinations traffic satellite.
Step S2036 utilizes formula dsg=(Dt4+Dt1-Dt2) * C/2 calculates the first star ground distance dsg, wherein C is light Speed, Dt4+Dt1 are first time interval, time interval of the Dt2 between the first moment and the second moment.
Step S2037, by the current time of destinations traffic satellite, the first star ground distance dsg, certification random code, user terminal The location information of unique identifier, destinations traffic satellite, is determined as measurement result.
In embodiments of the present invention, it two-way is measured three times by what is carried out between above-mentioned user terminal and destinations traffic satellite Process, and space-time label and measurement result can be respectively obtained by calculating, it should be noted that space-time label is stored in user Terminal, measurement result are stored in the memory of destinations traffic satellite.Wherein, the space-time label that user terminal obtains can be used to Carry out space-time smart-tag authentication.
Fig. 3 is the data flow schematic diagram of space-time smart-tag authentication process provided in an embodiment of the present invention.As shown in figure 3, During space-time smart-tag authentication, it can be carried out first with the satellite nearest apart from user by the user of space-time smart-tag authentication demand two-way Measurement operation three times, user and satellite respectively obtain space-time label and measurement result;Then user by space-time label with it is to be certified Data packet combine, obtain carry space-time label target packet;End user and telecommunication satellite pass through satellite communication network With ground gateway station, authentication center is sent by the target packet for carrying space-time label and measurement result respectively and carries out space-time mark The certification of label.
Fig. 4 is authentication method of the authentication center provided in an embodiment of the present invention to the target packet for carrying space-time label Flow chart, as shown in figure 4, this method is authenticated according to the information in the information and measurement result in target packet, specifically Include the following steps:
Step S401, authentication center obtain the synchronization point of user terminal in the information of target packet;And it is surveying Measure the current time that telecommunication satellite is obtained in result.
It should be noted that certification random code and measurement of the authentication center during authentication operation, in target packet As a result the certification random code in is consistent.It can guarantee to participate in the target packet and measurement knot with an authentication operation in this way Fruit is from primary two-way measurement process three times.
Step S402 calculates the time difference at the current time of telecommunication satellite and the synchronization point of user terminal.
Step S403, judges whether time difference is greater than the first preset value.Wherein, the first preset value can be according to practical need It wants and specifically sets;If so, S404 is thened follow the steps, if not, thening follow the steps S405.
Step S404, obtaining authentication result is the first authentication result, wherein the first authentication result indicates obstructed to authenticating It crosses.
Step S405, the second star of positional information calculation of location information and user terminal based on telecommunication satellite ground distance.
Step S406, with calculating the first star distance and the second star ground the distance between distance difference.
Step S407, judges whether distance difference is greater than the second preset value;If so, S404 is thened follow the steps, if not, Then follow the steps S408.
Step S408, obtaining authentication result is the second authentication result, wherein the expression of the second authentication result passes through certification.
In embodiments of the present invention, authentication center by the information in the information and measurement result in target packet into Capable authentication operation, obtains authentication result, wherein if obtained authentication result is that certification does not pass through, shows target data Space-time label maximum probability in packet, which exists, forges, distorts or mistake information, should be according to insincere processing.
Optionally, space-time smart-tag authentication method provided in an embodiment of the present invention can be applied in above call for service.Example Such as, the warning message that one carries space-time label is sent authentication center by alarm personnel, after authentication center's certification, confirmation alarm Time and location information included in information are then to take further action after the reliable result of confirmation of the invention.
Optionally, method provided in an embodiment of the present invention is in subsequent applications, and user terminal application program can will be described The a part of the space-time label information of user terminal as data block, and third party needs to provide user terminal application program The authenticity of data block when being authenticated, the space-time label information that the satellite stored on satellite authenticates can be downloaded to ground The space-time label information in face, the data block provided with user terminal application program carries out consistency comparison.
As can be seen from the above description, in embodiments of the present invention, by control satellite communication network in user terminal and mesh Operation is taken multiple measurements between mark telecommunication satellite, obtains space-time label and measurement result, wherein the repeatedly number of measurement operation Greater than twice;Data packet to be certified is obtained, and combines space-time label and data packet to be certified, obtains carrying space-time label Target packet;Target packet and measurement result are sent to authentication center, so that authentication center is according in target packet Information in information and measurement result is authenticated, and authentication result is obtained.Using the above process to the space-time carried in data packet The mode of the certification of label, it is ensured that the authenticity and unforgeable of data packet to be certified, to alleviate the prior art In data packet to be certified be easy the technical issues of being forged.
Embodiment two:
The embodiment of the invention also provides a kind of space-time smart-tag authentication system based on link measurement, which is mainly used for A kind of space-time smart-tag authentication method based on link measurement provided by above content of the embodiment of the present invention is executed, below to this hair The space-time smart-tag authentication system based on link measurement that bright embodiment provides does specific introduction.
Fig. 5 is a kind of schematic diagram of space-time smart-tag authentication system based on link measurement according to an embodiment of the present invention, is answered For satellite communication network, as shown in figure 5, the system specifically includes that multiple measurement module 10, space-time label are embedded in 20 He of module Authentication module 30.
Specifically, multiple measurement module 10, for control satellite communication network user terminal and destinations traffic satellite it Between take multiple measurements operation, obtain space-time label and measurement result, wherein repeatedly measurement operation number be greater than twice, when Empty label includes at least one of: the synchronization point of user terminal, the location information for authenticating random code and user terminal;Measurement As a result include at least one of: the current time of destinations traffic satellite, the first star distance, certification random code, user terminal The location information of unique identifier, destinations traffic satellite.
Preferably, in embodiments of the present invention, repeatedly the number of measurement operation is three times.
Space-time label is embedded in module 20, for obtaining data packet to be certified, and combines space-time label and number to be certified According to packet, the target packet for carrying space-time label is obtained.
Authentication module 30, for sending target packet and measurement result to authentication center, so that authentication center is according to mesh The information in information and measurement result in mark data packet is authenticated, and authentication result is obtained.
Optionally, Fig. 6 is another space-time smart-tag authentication system based on link measurement according to an embodiment of the present invention Schematic diagram, as shown in fig. 6, repeatedly measurement module 10 further include: the first measuring unit 11, the second measuring unit 12 and computing unit 13。
Specifically, the first measuring unit 11 sends the first certification measurement to destinations traffic satellite for controlling user terminal Request, so that destinations traffic satellite after getting the first certification measurement request, calculates the first certification measurement request and reaches mesh At the time of marking telecommunication satellite, obtained for the first moment, and generate certification random code;It include user terminal in first certification measurement request Unique identifier.
Second measuring unit 12 sends the first response bag and second to user terminal simultaneously for controlling destinations traffic satellite Certification measurement request;First response bag includes at least one of: the first moment, the second moment, certification random code, the second moment For the sending instant of the first response bag and the second certification measurement request.
Wherein, user terminal calculates the second certification and surveys after receiving the first response bag and the second certification measurement request When amount request reaches user terminal, on user terminal at the time of clock, the third moment is obtained, and calculates transmission the first certification measurement Time interval at the time of request between the third moment obtains first time interval, and sends second to destinations traffic satellite Response bag, wherein include at least one of in the second response bag: third moment, first time interval, the 4th moment, certification Random code, the 4th moment are the sending instant of the second response bag.
Computing unit 13, for based on the data in the data and the second response bag in the first response bag, when being calculated Empty label and measurement result.
Optionally, computing unit 13 is also used to:
Using formula Te=Tg- (Ts+ (Dt4+Dt1+Dt2)/2) calculating star time difference Te, wherein when Tg is third It carves, Ts was the first moment, and Dt4+Dt1 is first time interval, time interval of the Dt2 between the first moment and the second moment; The current time Tn of clock on user terminal is obtained, and calculates the synchronization point Tg ' of user terminal by formula Tg '=Tn-Te; Obtain the location information of user terminal;The location information of the synchronization point of user terminal, certification random code and user terminal is made For space-time label.
Optionally, computing unit 13 is also used to:
Obtain the current time of destinations traffic satellite and the location information of destinations traffic satellite;Utilize formula dsg=(Dt4+ Dt1-Dt2) * C/2 calculates the first star ground distance dsg, wherein C is the light velocity, and Dt4+Dt1 is first time interval, when Dt2 is first Carve the time interval between the second moment;By the current time of destinations traffic satellite, the first star distance, certification random code, The location information of user terminal unique identifier, destinations traffic satellite, is determined as measurement result.
Specifically, authentication module 30 is also used to:
The synchronization point of user terminal is obtained in the information of target packet;And it obtains communication in the measurement results and defends The current time of star;
Calculate the time difference at the current time of telecommunication satellite and the synchronization point of user terminal;
Judge whether time difference is greater than the first preset value;
If it is, obtaining authentication result is the first authentication result, wherein the first authentication result indicates obstructed to authenticating It crosses;
If it is not, then the second star of positional information calculation of location information and user terminal based on telecommunication satellite ground distance;
With calculating the first star distance and the second star ground the distance between distance difference;
Judge whether distance difference is greater than the second preset value;
If it is, obtaining authentication result is the first authentication result;
If it is not, then obtaining authentication result is the second authentication result, wherein the expression of the second authentication result passes through certification.
Optionally, as shown in fig. 6, system provided in an embodiment of the present invention further includes memory module 40, for knot will to be measured Fruit is saved in the memory of telecommunication satellite.
It is apparent to those skilled in the art that for convenience and simplicity of description, the system of foregoing description It with the specific work process of device, can refer to corresponding processes in the foregoing method embodiment, details are not described herein.
Unless specifically stated otherwise, the opposite step of the component and step that otherwise illustrate in these embodiments, digital table It is not limit the scope of the invention up to formula and numerical value.
It should also be noted that similar label and letter indicate similar terms in following attached drawing, therefore, once a certain Xiang Yi It is defined in a attached drawing, does not then need that it is further defined and explained in subsequent attached drawing.
The flow chart and block diagram in the drawings show the system of multiple embodiments according to the present invention, method and computer journeys The architecture, function and operation in the cards of sequence product.In this regard, each box in flowchart or block diagram can generation A part of one module, section or code of table, a part of the module, section or code include one or more use The executable instruction of the logic function as defined in realizing.It should also be noted that in some implementations as replacements, being marked in box The function of note can also occur in a different order than that indicated in the drawings.For example, two continuous boxes can actually base Originally it is performed in parallel, they can also be executed in the opposite order sometimes, and this depends on the function involved.It is also noted that It is the combination of each box in block diagram and or flow chart and the box in block diagram and or flow chart, can uses and execute rule The dedicated hardware based system of fixed function or movement is realized, or can use the group of specialized hardware and computer instruction It closes to realize.
It is apparent to those skilled in the art that for convenience and simplicity of description, the system of foregoing description, The specific work process of device and unit, can refer to corresponding processes in the foregoing method embodiment, and details are not described herein.
In several embodiments provided herein, it should be understood that disclosed systems, devices and methods, it can be with It realizes by another way.The apparatus embodiments described above are merely exemplary, for example, the division of the unit, Only a kind of logical function partition, there may be another division manner in actual implementation, in another example, multiple units or components can To combine or be desirably integrated into another system, or some features can be ignored or not executed.Another point, it is shown or beg for The mutual coupling, direct-coupling or communication connection of opinion can be through some communication interfaces, device or unit it is indirect Coupling or communication connection can be electrical property, mechanical or other forms.
The unit as illustrated by the separation member may or may not be physically separated, aobvious as unit The component shown may or may not be physical unit, it can and it is in one place, or may be distributed over multiple In network unit.It can select some or all of unit therein according to the actual needs to realize the mesh of this embodiment scheme 's.
It, can also be in addition, the functional units in various embodiments of the present invention may be integrated into one processing unit It is that each unit physically exists alone, can also be integrated in one unit with two or more units.
It, can be with if the function is realized in the form of SFU software functional unit and when sold or used as an independent product It is stored in the executable non-volatile computer-readable storage medium of a processor.Based on this understanding, of the invention Technical solution substantially the part of the part that contributes to existing technology or the technical solution can be with software in other words The form of product embodies, which is stored in a storage medium, including some instructions use so that One computer equipment (can be personal computer, server or the network equipment etc.) executes each embodiment institute of the present invention State all or part of the steps of method.And storage medium above-mentioned includes: USB flash disk, mobile hard disk, read-only memory (ROM, Read- Only Memory), random access memory (RAM, Random Access Memory), magnetic or disk etc. are various can be with Store the medium of program code.
Finally, it should be noted that embodiment described above, only a specific embodiment of the invention, to illustrate the present invention Technical solution, rather than its limitations, scope of protection of the present invention is not limited thereto, although with reference to the foregoing embodiments to this hair It is bright to be described in detail, those skilled in the art should understand that: anyone skilled in the art In the technical scope disclosed by the present invention, it can still modify to technical solution documented by previous embodiment or can be light It is readily conceivable that variation or equivalent replacement of some of the technical features;And these modifications, variation or replacement, do not make The essence of corresponding technical solution is detached from the spirit and scope of technical solution of the embodiment of the present invention, should all cover in protection of the invention Within the scope of.Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.

Claims (10)

1. a kind of space-time smart-tag authentication method based on link measurement, which is characterized in that be applied to satellite communication network, the side Method includes:
It controls the satellite communication network and takes multiple measurements operation between user terminal and destinations traffic satellite, obtain space-time Label and measurement result, wherein it is described it is multiple measurement operation number be greater than twice, the space-time label include it is following at least it One: the synchronization point of user terminal, the location information for authenticating random code and user terminal;The measurement result include it is following at least One of: the current time of destinations traffic satellite, the first star distance, certification random code, user terminal unique identifier, target it is logical Believe the location information of satellite;
Data packet to be certified is obtained, and in conjunction with the space-time label and the data packet to be certified, when obtaining carrying described The target packet of empty label;
The target packet and the measurement result are sent to authentication center, so that the authentication center is according to the number of targets It is authenticated according to the information in the information and the measurement result in packet, obtains authentication result.
2. the method according to claim 1, wherein controlling the satellite communication network in user terminal and target Operation is taken multiple measurements between telecommunication satellite, obtains space-time label and measurement result includes:
It controls the user terminal and sends the first certification measurement request to the destinations traffic satellite, so that the destinations traffic is defended After getting the first certification measurement request, calculating the first certification measurement request reaches the destinations traffic and defends star It at the time of star, obtained for the first moment, and generates certification random code;It include that user terminal is unique in the first certification measurement request Identifier;
It controls the destinations traffic satellite and sends the first response bag and the second certification measurement request to the user terminal simultaneously;Institute Stating the first response bag includes at least one of: first moment, the second moment, the certification random code, when described second Carve is first response bag and the sending instant that the second certification measurement is requested;
Wherein, the user terminal calculates institute after receiving first response bag and the second certification measurement request When stating the second certification measurement request arrival user terminal, on the user terminal at the time of clock, the third moment is obtained, and It calculates at the time of sending the first certification measurement request the time interval between the third moment, obtains between first time Every, and the second response bag is sent to the destinations traffic satellite, wherein include at least one of in second response bag: The third moment, the first time interval, the 4th moment, certification random code, the 4th moment are second response The sending instant of packet;
Based on the data in the data and second response bag in first response bag, be calculated the space-time label and The measurement result.
3. according to the method described in claim 2, it is characterized in that, based on the data and described second in first response bag The space-time label is calculated in data in response bag, comprising:
Using formula Te=Tg- (Ts+ (Dt4+Dt1+Dt2)/2) calculating star time difference Te, wherein when Tg is the third It carves, Ts is first moment, and Dt4+Dt1 is the first time interval, and Dt2 is first moment and second moment Between time interval;
The current time Tn of clock on the user terminal is obtained, and the user terminal is calculated by formula Tg '=Tn-Te Synchronization point Tg ';
Obtain the location information of the user terminal;
Using the synchronization point of the user terminal, it is described certification random code and the user terminal location information as it is described when Empty label.
4. according to the method described in claim 2, it is characterized in that, based on the data and described second in first response bag Data in response bag, the measurement result, which is calculated, includes:
Obtain the current time of the destinations traffic satellite and the location information of the destinations traffic satellite;
Utilize formula dsg=(Dt4+Dt1-Dt2) * C/2 calculates the first star ground distance dsg, wherein C is the light velocity, and Dt4+Dt1 is institute State first time interval, time interval of the Dt2 between first moment and second moment;
By the current time of the destinations traffic satellite, first star distance, the certification random code, the user terminal The location information of unique identifier, the destinations traffic satellite, is determined as the measurement result.
5. according to the method described in claim 2, it is characterized in that, the authentication center is according to the letter in the target packet Information in breath and the measurement result is authenticated, and authentication result is obtained, comprising:
The synchronization point of user terminal is obtained in the information of the target packet;And institute is obtained in the measurement result State the current time of telecommunication satellite;
Calculate the time difference at the current time of the telecommunication satellite and the synchronization point of the user terminal;
Judge whether the time difference is greater than the first preset value;
If it is, obtaining the authentication result is the first authentication result, wherein the first authentication result expression is recognized described Card does not pass through.
6. according to the method described in claim 5, it is characterized in that, then the method also includes:
If it is judged that the time difference is less than or equal to first preset value, then the position based on the telecommunication satellite is believed Cease with the second star of positional information calculation of the user terminal distance;
With calculating first star distance and second star ground the distance between distance difference;
Judge whether the distance difference is greater than the second preset value;
If it is, obtaining the authentication result is first authentication result;
If it is not, then obtaining the authentication result is the second authentication result, wherein the second authentication result expression is recognized described Card passes through.
7. the method according to claim 1, wherein the method also includes:
The measurement result is saved in the memory of the destinations traffic satellite.
8. a kind of space-time smart-tag authentication system based on link measurement, which is characterized in that be set to satellite communication network, comprising: Multiple measurement module, space-time label are embedded in module and authentication module, wherein
The multiple measurement module carries out between user terminal and destinations traffic satellite for controlling the satellite communication network Repeatedly measurement operation, obtains space-time label and measurement result, wherein the number of the multiple measurement operation is greater than twice, described Space-time label includes at least one of: the synchronization point of user terminal, the location information for authenticating random code and user terminal;Institute Stating measurement result includes at least one of: the current time of destinations traffic satellite, the first star distance, certification random code, use The location information of family terminal unique identifier, destinations traffic satellite;
The space-time label is embedded in module, for obtaining data packet to be certified, and in conjunction with the space-time label with described wait recognize The data packet of card obtains the target packet for carrying the space-time label;
The authentication module, for sending the target packet and the measurement result to authentication center, so that the certification Center is authenticated according to the information in the information and the measurement result in the target packet, obtains authentication result.
9. system according to claim 8, which is characterized in that the multiple measurement module further include: the first measuring unit, Second measuring unit and computing unit, wherein
First measuring unit is asked for controlling the user terminal to destinations traffic satellite transmission the first certification measurement It asks, so that the destinations traffic satellite calculates the first certification measurement after getting the first certification measurement request At the time of request reaches the destinations traffic satellite, obtained for the first moment, and generate certification random code;The first certification measurement It include user terminal unique identifier in request;
Second measuring unit sends the first response bag to the user terminal simultaneously for controlling the destinations traffic satellite With the second certification measurement request;First response bag includes at least one of: first moment, the second moment, described Random code is authenticated, second moment is the sending instant of first response bag and the second certification measurement request;
Wherein, the user terminal calculates institute after receiving first response bag and the second certification measurement request When stating the second certification measurement request arrival user terminal, on the user terminal at the time of clock, the third moment is obtained, and It calculates at the time of sending the first certification measurement request the time interval between the third moment, obtains between first time Every, and the second response bag is sent to the destinations traffic satellite, wherein include at least one of in second response bag: The third moment, the first time interval, the 4th moment, certification random code, the 4th moment are second response The sending instant of packet;
The computing unit, for calculating based on the data in the data and second response bag in first response bag Obtain the space-time label and the measurement result.
10. system according to claim 9, which is characterized in that the computing unit is also used to:
Using formula Te=Tg- (Ts+ (Dt4+Dt1+Dt2)/2) calculating star time difference Te, wherein when Tg is the third It carves, Ts is first moment, and Dt4+Dt1 is the first time interval, and Dt2 is first moment and second moment Between time interval;
The current time Tn of clock on the user terminal is obtained, and the user terminal is calculated by formula Tg '=Tn-Te Synchronization point Tg ';
Obtain the location information of the user terminal;
Using the synchronization point of the user terminal, it is described certification random code and the user terminal location information as it is described when Empty label.
CN201910583625.8A 2019-06-28 2019-06-28 Space-time label authentication method and system based on link measurement Active CN110233738B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910583625.8A CN110233738B (en) 2019-06-28 2019-06-28 Space-time label authentication method and system based on link measurement

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910583625.8A CN110233738B (en) 2019-06-28 2019-06-28 Space-time label authentication method and system based on link measurement

Publications (2)

Publication Number Publication Date
CN110233738A true CN110233738A (en) 2019-09-13
CN110233738B CN110233738B (en) 2020-05-12

Family

ID=67857667

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910583625.8A Active CN110233738B (en) 2019-06-28 2019-06-28 Space-time label authentication method and system based on link measurement

Country Status (1)

Country Link
CN (1) CN110233738B (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103222228A (en) * 2010-11-18 2013-07-24 波音公司 Spot beam based authentication of a satellite receiver
US20140321511A1 (en) * 2012-10-16 2014-10-30 The Boeing Company Space based authentication utilizing signals from low and medium earth orbit
CN108055263A (en) * 2017-12-11 2018-05-18 北京理工大学 Entity authentication Rights Management System and method in a kind of satellite communication network

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103222228A (en) * 2010-11-18 2013-07-24 波音公司 Spot beam based authentication of a satellite receiver
US20140321511A1 (en) * 2012-10-16 2014-10-30 The Boeing Company Space based authentication utilizing signals from low and medium earth orbit
CN108055263A (en) * 2017-12-11 2018-05-18 北京理工大学 Entity authentication Rights Management System and method in a kind of satellite communication network

Also Published As

Publication number Publication date
CN110233738B (en) 2020-05-12

Similar Documents

Publication Publication Date Title
CN110493261A (en) Identifying code acquisition methods, client, server and storage medium based on block chain
CN108369763A (en) Charging system for vehicle
CN106533687B (en) A kind of identity identifying method and equipment
CN105933353B (en) The realization method and system of secure log
CN105898741B (en) The control method and control system and UAV system of unmanned plane
CN110011988A (en) Based on the certification authentication method and device of block chain, storage medium, electronic device
CN105119887B (en) Method of calling and system
CN108512846A (en) Mutual authentication method and device between a kind of terminal and server
RU2014129856A (en) SYSTEM AND METHOD OF DYNAMIC TEMPORARY RESOLUTION FOR PAYMENT IN PORTABLE COMMUNICATION DEVICE
CN108259438A (en) A kind of method and apparatus of the certification based on block chain technology
CN106411950B (en) Authentication method, apparatus and system based on block chain transaction id
CN109525989A (en) Data processing, identity identifying method and system, terminal
CN110084011A (en) A kind of method and device of the verifying of user's operation
US9049596B1 (en) Prevention of fraud in mobile SIM reissuing via knowledge based authentication
JP2007089156A (en) Message transmitting method
CN108734836A (en) shared bicycle unlocking method, system and terminal
CN108650220A (en) Provide, obtain method, the equipment of mobile terminal certificate and automobile end chip certificate
CN108696356A (en) A kind of digital certificate delet method, apparatus and system based on block chain
CN108632325A (en) A kind of call method and device of application
CN105898790A (en) Internet speed measuring method and equipment
CN110278255A (en) A kind of method and device of the Internet of Things IOT communication between devices based on block chain
CN110071907A (en) The generation method and device of two dimensional code
CN110247911A (en) A kind of Traffic anomaly detection method and system
CN109150857A (en) The method and apparatus of authentification of message
CN110233738A (en) Space-time smart-tag authentication method and system based on link measurement

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant