CN110233738A - Space-time smart-tag authentication method and system based on link measurement - Google Patents
Space-time smart-tag authentication method and system based on link measurement Download PDFInfo
- Publication number
- CN110233738A CN110233738A CN201910583625.8A CN201910583625A CN110233738A CN 110233738 A CN110233738 A CN 110233738A CN 201910583625 A CN201910583625 A CN 201910583625A CN 110233738 A CN110233738 A CN 110233738A
- Authority
- CN
- China
- Prior art keywords
- user terminal
- time
- certification
- measurement
- moment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04B—TRANSMISSION
- H04B7/00—Radio transmission systems, i.e. using radiation field
- H04B7/14—Relay systems
- H04B7/15—Active relay systems
- H04B7/185—Space-based or airborne stations; Stations for satellite systems
- H04B7/1851—Systems using a satellite or space-based relay
- H04B7/18519—Operations control, administration or maintenance
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3271—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3297—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- Astronomy & Astrophysics (AREA)
- Aviation & Aerospace Engineering (AREA)
- General Physics & Mathematics (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The present invention provides a kind of space-time smart-tag authentication method and systems based on link measurement, applied to satellite communication network, this method comprises: control satellite communication network takes multiple measurements operation between user terminal and destinations traffic satellite, obtain space-time label and measurement result, wherein, repeatedly the number of measurement operation is greater than twice;Data packet to be certified is obtained, and combines space-time label and data packet to be certified, obtains the target packet for carrying space-time label;Target packet and measurement result, which are sent, to authentication center obtains authentication result so that authentication center is authenticated according to the information in the information and measurement result in target packet.The present invention is by repeatedly measuring obtained space-time label in conjunction with data packet for what is carried out between user terminal and telecommunication satellite, and to the mode that the space-time label carried in data packet is authenticated, it can be ensured that the authenticity and unforgeable of data packet to be certified.
Description
Technical field
The present invention relates to technical field of data security, more particularly, to a kind of space-time smart-tag authentication side based on link measurement
Method and system.
Background technique
It is high that many contemporary information systems applications do not require nothing more than space-time datum precision, and to space-time datum safety, certification
Propose requirement growing day by day.There is a representative of the terminal applies of special demands to time reference, is block chain application.Area
Block chain is a kind of a kind of linked data structure for being sequentially in time combined into data block in such a way that sequence is connected, and with
The distributed account book that can not be distorted He can not forge that cryptography mode guarantees.In the prior art, data block itself is wrapped
The verifying of the space time information included is all based on the Verification System of internet, and thus there is system clothes can be broken through by hacker's means
Business device, and then rewrite the risk of the verification information included with data falsification block itself.
Summary of the invention
In view of this, the purpose of the present invention is to provide a kind of space-time smart-tag authentication method based on link measurement and being
System, by repeatedly measuring obtained space-time label in conjunction with data packet for what is carried out between user terminal and telecommunication satellite, and it is right
The mode that the space-time label carried in data packet is authenticated, it can be ensured that the authenticity of data packet to be certified and can not forge
Property.
In a first aspect, being applied to the embodiment of the invention provides a kind of space-time smart-tag authentication method based on link measurement
Satellite communication network, which comprises control the satellite communication network between user terminal and destinations traffic satellite into
Row repeatedly measurement operation, obtains space-time label and measurement result, wherein the number of the multiple measurement operation is greater than twice, institute
Stating space-time label includes at least one of: the synchronization point of user terminal, the location information for authenticating random code and user terminal;
The measurement result includes at least one of: the current time of destinations traffic satellite, the first star distance, certification random code,
The location information of user terminal unique identifier, destinations traffic satellite;Data packet to be certified is obtained, and in conjunction with the space-time mark
Label and the data packet to be certified, obtain the target packet for carrying the space-time label;The mesh is sent to authentication center
Data packet and the measurement result are marked, so that the authentication center is according to the information and measurement knot in the target packet
Information in fruit is authenticated, and authentication result is obtained.
Further, it controls the satellite communication network and is taken multiple measurements between user terminal and destinations traffic satellite
Operation, obtains space-time label and measurement result includes: that the control user terminal is recognized to destinations traffic satellite transmission first
Card measurement request, so that the destinations traffic satellite calculates described first after getting the first certification measurement request
At the time of certification measurement request reaches the destinations traffic satellite, obtained for the first moment, and generate certification random code;Described first
It include user terminal unique identifier in certification measurement request;The destinations traffic satellite is controlled to send out to the user terminal simultaneously
The first response bag and second is sent to authenticate measurement request;First response bag includes at least one of: first moment,
Two moment, the certification random code, second moment are the hair of first response bag and the second certification measurement request
Send the moment;Wherein, the user terminal calculates after receiving first response bag and the second certification measurement request
When the second certification measurement request reaches the user terminal, on the user terminal at the time of clock, the third moment is obtained,
And time interval at the time of sending the first certification measurement request between the third moment is calculated, it obtains at the first time
Interval, and to the destinations traffic satellite send the second response bag, wherein in second response bag include it is following at least it
One: the third moment, the first time interval, the 4th moment, certification random code, the 4th moment answer for described second
Answer the sending instant of packet;Based on the data in the data and second response bag in first response bag, institute is calculated
State space-time label and the measurement result.
Further, it based on the data in the data and second response bag in first response bag, is calculated
The space-time label, comprising: using formula Te=Tg- (Ts+ (Dt4+Dt1+Dt2)/2) calculating star time difference Te, wherein Tg
For the third moment, Ts is first moment, and Dt4+Dt1 is the first time interval, Dt2 be first moment and
Time interval between second moment;Obtain the current time Tn of clock on the user terminal, and by formula Tg '=
Tn-Te calculates the synchronization point Tg ' of the user terminal;Obtain the location information of the user terminal;By the user terminal
Synchronization point, it is described certification random code and the user terminal location information as the space-time label.
Further, it based on the data in the data and second response bag in first response bag, is calculated
The measurement result includes: the current time for obtaining the destinations traffic satellite and the location information of the destinations traffic satellite;
Utilize formula dsg=(Dt4+Dt1-Dt2) * C/2 calculates the first star ground distance dsg, wherein C is the light velocity, and Dt4+Dt1 is described the
One time interval, time interval of the Dt2 between first moment and second moment;By the destinations traffic satellite
Current time, first star distance, the certification random code, the user terminal unique identifier, the destinations traffic
The location information of satellite is determined as the measurement result.
Further, the authentication center is according to the information in the information and the measurement result in the target packet
It is authenticated, obtains authentication result, comprising: obtain the synchronization point of user terminal in the information of the target packet;With
And the current time of the telecommunication satellite is obtained in the measurement result;Calculate current time of the telecommunication satellite and described
The time difference of the synchronization point of user terminal;Judge whether the time difference is greater than the first preset value;If it is, obtaining
The authentication result is the first authentication result, wherein first authentication result indicates not pass through the certification.
Further, then the method also includes: if it is judged that be less than or equal to described first pre- for the time difference
If value, then the second star of positional information calculation of location information and the user terminal based on telecommunication satellite ground distance;Meter
With calculating first star distance and second star ground the distance between distance difference;Judge whether the distance difference is greater than
Two preset values;If it is, obtaining the authentication result is first authentication result;If it is not, then obtaining the certification knot
Fruit is the second authentication result, wherein second authentication result indicates to pass through the certification.
Further, the method also includes: the measurement result is saved in the memory of the destinations traffic satellite
In.
Second aspect, the embodiment of the present invention also provide a kind of space-time smart-tag authentication system based on link measurement, are set to
Satellite communication network, comprising: multiple measurement module, space-time label are embedded in module and authentication module, wherein the multiple measurement mould
Block takes multiple measurements operation for controlling the satellite communication network between user terminal and destinations traffic satellite, obtains
Space-time label and measurement result, wherein it is described it is multiple measurement operation number be greater than twice, the space-time label include with down toward
It is one of few: the synchronization point of user terminal, the location information for authenticating random code and user terminal;The measurement result includes following
At least one: the current time of destinations traffic satellite, the first star distance, certification random code, user terminal unique identifier, mesh
Mark the location information of telecommunication satellite;The space-time label is embedded in module, for obtaining data packet to be certified, and in conjunction with it is described when
Empty label and the data packet to be certified, obtain the target packet for carrying the space-time label;The authentication module, is used for
The target packet and the measurement result are sent to authentication center, so that the authentication center is according to the target packet
In information and the measurement result in information authenticated, obtain authentication result.
Further, the multiple measurement module further include: the first measuring unit, the second measuring unit and computing unit,
Wherein, first measuring unit sends the first certification measurement to the destinations traffic satellite for controlling the user terminal
Request, so that the destinations traffic satellite after getting the first certification measurement request, calculates first certification and surveys
At the time of amount request reaches the destinations traffic satellite, obtained for the first moment, and generate certification random code;First certification is surveyed
It include user terminal unique identifier in amount request;Second measuring unit, for controlling the destinations traffic satellite simultaneously
The first response bag and the second certification measurement request are sent to the user terminal;First response bag include it is following at least it
One: first moment, the second moment, the certification random code, second moment are first response bag and described the
The sending instant of two certification measurement requests;Wherein, the user terminal is recognized receiving first response bag and described second
After card measurement request, when calculating the second certification measurement request reaches the user terminal, clock on the user terminal
At the time of, the third moment is obtained, and calculate at the time of sending the first certification measurement request between the third moment
Time interval obtains first time interval, and sends the second response bag to the destinations traffic satellite, wherein described second answers
Answering includes at least one of in packet: the third moment, the first time interval, the 4th moment, certification random code, described
4th moment was the sending instant of second response bag;The computing unit, for based on the number in first response bag
According to the data in second response bag, the space-time label and the measurement result is calculated.
Further, the computing unit is also used to: calculating star using formula Te=Tg- (Ts+ (Dt4+Dt1+Dt2)/2)
Ground time difference Te, wherein Tg is the third moment, and Ts is first moment, and Dt4+Dt1 is the first time interval,
Time interval of the Dt2 between first moment and second moment;Obtain clock on the user terminal it is current when
Tn is carved, and calculates the synchronization point Tg ' of the user terminal by formula Tg '=Tn-Te;Obtain the position of the user terminal
Information;Using the location information of the synchronization point of the user terminal, the certification random code and the user terminal as described in
Space-time label.
In embodiments of the present invention, it is carried out between user terminal and destinations traffic satellite by controlling satellite communication network
Repeatedly measurement operation, obtains space-time label and measurement result, wherein repeatedly the number of measurement operation is greater than twice;It obtains wait recognize
The data packet of card, and space-time label and data packet to be certified are combined, obtain the target packet for carrying space-time label;To certification
Center sends target packet and measurement result, so that authentication center is according in the information and measurement result in target packet
Information is authenticated, and authentication result is obtained.In such a way that the above process is to the certification of the space-time label carried in data packet, really
The authenticity and unforgeable of data packet to be certified have been protected, has been easy to alleviate data packet to be certified in the prior art
The technical issues of being forged.
Other features and advantages of the present invention will illustrate in the following description, also, partly become from specification
It obtains it is clear that understand through the implementation of the invention.The objectives and other advantages of the invention are in specification and attached drawing
Specifically noted structure is achieved and obtained.
To enable the above objects, features and advantages of the present invention to be clearer and more comprehensible, preferred embodiment is cited below particularly, and cooperate
Appended attached drawing, is described in detail below.
Detailed description of the invention
It, below will be to specific in order to illustrate more clearly of the specific embodiment of the invention or technical solution in the prior art
Embodiment or attached drawing needed to be used in the description of the prior art be briefly described, it should be apparent that, it is described below
Attached drawing is some embodiments of the present invention, for those of ordinary skill in the art, before not making the creative labor
It puts, is also possible to obtain other drawings based on these drawings.
Fig. 1 is a kind of flow chart of space-time smart-tag authentication method based on link measurement provided in an embodiment of the present invention;
Fig. 2 is that one kind provided in an embodiment of the present invention takes multiple measurements behaviour between user terminal and destinations traffic satellite
The timing diagram of work;
Fig. 3 is the data flow schematic diagram of space-time smart-tag authentication process provided in an embodiment of the present invention;
Fig. 4 is authentication method of the authentication center provided in an embodiment of the present invention to the target packet for carrying space-time label
Flow chart;
Fig. 5 is a kind of schematic diagram of space-time smart-tag authentication system based on link measurement provided in an embodiment of the present invention;
Fig. 6 is the schematic diagram of another space-time smart-tag authentication system based on link measurement provided in an embodiment of the present invention.
Specific embodiment
In order to make the object, technical scheme and advantages of the embodiment of the invention clearer, below in conjunction with attached drawing to the present invention
Technical solution be clearly and completely described, it is clear that described embodiments are some of the embodiments of the present invention, rather than
Whole embodiments.Based on the embodiments of the present invention, those of ordinary skill in the art are not making creative work premise
Under every other embodiment obtained, shall fall within the protection scope of the present invention.
In the description of the present invention, it should be noted that term " center ", "upper", "lower", "left", "right", "vertical",
The orientation or positional relationship of the instructions such as "horizontal", "inner", "outside" be based on the orientation or positional relationship shown in the drawings, merely to
Convenient for description the present invention and simplify description, rather than the device or element of indication or suggestion meaning must have a particular orientation,
It is constructed and operated in a specific orientation, therefore is not considered as limiting the invention.In addition, term " first ", " second ",
" third " is used for descriptive purposes only and cannot be understood as indicating or suggesting relative importance.
In addition, in the description of the embodiment of the present invention unless specifically defined or limited otherwise, term " installation ", " phase
Even ", " connection " shall be understood in a broad sense, for example, it may be being fixedly connected, may be a detachable connection, or be integrally connected;It can
To be mechanical connection, it is also possible to be electrically connected;It can be directly connected, can also can be indirectly connected through an intermediary
Connection inside two elements.For the ordinary skill in the art, above-mentioned term can be understood at this with concrete condition
Concrete meaning in invention.
Embodiment one:
According to embodiments of the present invention, a kind of embodiment of space-time smart-tag authentication method based on link measurement is provided, is needed
It is noted that step shown in the flowchart of the accompanying drawings can be in the computer system of such as a group of computer-executable instructions
Middle execution, although also, logical order is shown in flow charts, and it in some cases, can be to be different from herein
Sequence executes shown or described step.
Fig. 1 is a kind of flow chart of space-time smart-tag authentication method based on link measurement according to an embodiment of the present invention, such as
Shown in Fig. 1, this method is applied to satellite communication network, specifically comprises the following steps:
Step S102, control satellite communication network take multiple measurements behaviour between user terminal and destinations traffic satellite
Make, obtain space-time label and measurement result, wherein repeatedly measurement operation number be greater than twice, space-time label include with down toward
It is one of few: the synchronization point of user terminal, the location information for authenticating random code and user terminal;Measurement result include it is following at least
One of: the current time of destinations traffic satellite, the first star distance, certification random code, user terminal unique identifier, target it is logical
Believe the location information of satellite.
Preferably, in embodiments of the present invention, repeatedly the number of measurement operation is three times, it should be noted that in this hair
In bright embodiment, repeatedly the number of measurement operation is not limited to 3 times, can also be other numbers greater than 2, the present embodiment pair
This is not specifically limited.
Step S104 obtains data packet to be certified, and combines space-time label and data packet to be certified, when obtaining carrying
The target packet of empty label.
Optionally, data packet to be certified can be a block data to be certified in block chain, the present embodiment pair
Block to be certified is not specifically limited.
Step S106 sends target packet and measurement result to authentication center, so that authentication center is according to target data
The information in information and measurement result in packet is authenticated, and authentication result is obtained.Wherein, the target data after certification
Packet, which can be avoided, to be forged.
In embodiments of the present invention, it is carried out between user terminal and destinations traffic satellite by controlling satellite communication network
Repeatedly measurement operation, obtains space-time label and measurement result, wherein repeatedly the number of measurement operation is greater than twice;It obtains wait recognize
The data packet of card, and space-time label and data packet to be certified are combined, obtain the target packet for carrying space-time label;To certification
Center sends target packet and measurement result, so that authentication center is according in the information and measurement result in target packet
Information is authenticated, and authentication result is obtained.In such a way that the above process is to the certification of the space-time label carried in data packet, really
The authenticity and unforgeable of data packet to be certified have been protected, has been easy to alleviate data packet to be certified in the prior art
The technical issues of being forged.
Fig. 2 is according to the present invention a kind of when taking multiple measurements operation between user terminal and destinations traffic satellite
Sequence figure, wherein multiple pendulous frequency be three times, as shown in Fig. 2, the measurement operate the following steps are included:
Step S201, control user terminal sends the first certification measurement request to destinations traffic satellite, so that destinations traffic
Satellite is after getting the first certification measurement request, at the time of calculating the first certification measurement request reaches destinations traffic satellite,
The first moment Ts is obtained, and generates certification random code;It include user terminal unique identifier in first certification measurement request.Its
In, user terminal unique identifier is for characterizing subscriber identity information.
Step S202, control destinations traffic satellite sends the first response bag to user terminal simultaneously and the second certification measurement is asked
It asks;First response bag includes at least one of: the first moment Ts, the second moment Ts+Dt2, certification random code, the second moment was
The sending instant of first response bag and the second certification measurement request.
Step S203, user terminal calculate second and recognize after receiving the first response bag and the second certification measurement request
When card measurement request reaches user terminal, on user terminal at the time of clock, third moment Tg is obtained, and calculate transmission first and recognize
The time interval between the third moment at the time of card measurement request, first time interval Dt1+Dt4 is obtained, and to destinations traffic
Satellite sends the second response bag, wherein includes at least one of: third moment Tg, first time interval in the second response bag
Dt1+Dt4, the 4th moment Tg+Dt5, certification random code, the 4th moment are the sending instant of the second response bag;Based on the first response
The data in data and the second response bag in packet, are calculated space-time label and measurement result.
Specifically, it in step S203, based on the data in the data and the second response bag in the first response bag, calculates
To space-time label, include the following steps:
Step S2031 calculates star ground time difference Te using formula Te=Tg- (Ts+ (Dt4+Dt1+Dt2)/2), wherein Tg
For the third moment, Ts was the first moment, and Dt4+Dt1 is first time interval, Dt2 between the first moment and the second moment when
Between be spaced.
Step S2032 obtains the current time Tn of clock on user terminal, and calculates user by formula Tg '=Tn-Te
The synchronization point Tg ' of terminal.
Step S2033 obtains the location information of user terminal.
Step S2034, using the synchronization point Tg ' of user terminal, certification random code and user terminal location information as
Space-time label.
Specifically, it in step S203, based on the data in the data and the second response bag in the first response bag, calculates
Further include following steps to measurement result:
Step S2035 obtains the current time of destinations traffic satellite and the location information of destinations traffic satellite.
Step S2036 utilizes formula dsg=(Dt4+Dt1-Dt2) * C/2 calculates the first star ground distance dsg, wherein C is light
Speed, Dt4+Dt1 are first time interval, time interval of the Dt2 between the first moment and the second moment.
Step S2037, by the current time of destinations traffic satellite, the first star ground distance dsg, certification random code, user terminal
The location information of unique identifier, destinations traffic satellite, is determined as measurement result.
In embodiments of the present invention, it two-way is measured three times by what is carried out between above-mentioned user terminal and destinations traffic satellite
Process, and space-time label and measurement result can be respectively obtained by calculating, it should be noted that space-time label is stored in user
Terminal, measurement result are stored in the memory of destinations traffic satellite.Wherein, the space-time label that user terminal obtains can be used to
Carry out space-time smart-tag authentication.
Fig. 3 is the data flow schematic diagram of space-time smart-tag authentication process provided in an embodiment of the present invention.As shown in figure 3,
During space-time smart-tag authentication, it can be carried out first with the satellite nearest apart from user by the user of space-time smart-tag authentication demand two-way
Measurement operation three times, user and satellite respectively obtain space-time label and measurement result;Then user by space-time label with it is to be certified
Data packet combine, obtain carry space-time label target packet;End user and telecommunication satellite pass through satellite communication network
With ground gateway station, authentication center is sent by the target packet for carrying space-time label and measurement result respectively and carries out space-time mark
The certification of label.
Fig. 4 is authentication method of the authentication center provided in an embodiment of the present invention to the target packet for carrying space-time label
Flow chart, as shown in figure 4, this method is authenticated according to the information in the information and measurement result in target packet, specifically
Include the following steps:
Step S401, authentication center obtain the synchronization point of user terminal in the information of target packet;And it is surveying
Measure the current time that telecommunication satellite is obtained in result.
It should be noted that certification random code and measurement of the authentication center during authentication operation, in target packet
As a result the certification random code in is consistent.It can guarantee to participate in the target packet and measurement knot with an authentication operation in this way
Fruit is from primary two-way measurement process three times.
Step S402 calculates the time difference at the current time of telecommunication satellite and the synchronization point of user terminal.
Step S403, judges whether time difference is greater than the first preset value.Wherein, the first preset value can be according to practical need
It wants and specifically sets;If so, S404 is thened follow the steps, if not, thening follow the steps S405.
Step S404, obtaining authentication result is the first authentication result, wherein the first authentication result indicates obstructed to authenticating
It crosses.
Step S405, the second star of positional information calculation of location information and user terminal based on telecommunication satellite ground distance.
Step S406, with calculating the first star distance and the second star ground the distance between distance difference.
Step S407, judges whether distance difference is greater than the second preset value;If so, S404 is thened follow the steps, if not,
Then follow the steps S408.
Step S408, obtaining authentication result is the second authentication result, wherein the expression of the second authentication result passes through certification.
In embodiments of the present invention, authentication center by the information in the information and measurement result in target packet into
Capable authentication operation, obtains authentication result, wherein if obtained authentication result is that certification does not pass through, shows target data
Space-time label maximum probability in packet, which exists, forges, distorts or mistake information, should be according to insincere processing.
Optionally, space-time smart-tag authentication method provided in an embodiment of the present invention can be applied in above call for service.Example
Such as, the warning message that one carries space-time label is sent authentication center by alarm personnel, after authentication center's certification, confirmation alarm
Time and location information included in information are then to take further action after the reliable result of confirmation of the invention.
Optionally, method provided in an embodiment of the present invention is in subsequent applications, and user terminal application program can will be described
The a part of the space-time label information of user terminal as data block, and third party needs to provide user terminal application program
The authenticity of data block when being authenticated, the space-time label information that the satellite stored on satellite authenticates can be downloaded to ground
The space-time label information in face, the data block provided with user terminal application program carries out consistency comparison.
As can be seen from the above description, in embodiments of the present invention, by control satellite communication network in user terminal and mesh
Operation is taken multiple measurements between mark telecommunication satellite, obtains space-time label and measurement result, wherein the repeatedly number of measurement operation
Greater than twice;Data packet to be certified is obtained, and combines space-time label and data packet to be certified, obtains carrying space-time label
Target packet;Target packet and measurement result are sent to authentication center, so that authentication center is according in target packet
Information in information and measurement result is authenticated, and authentication result is obtained.Using the above process to the space-time carried in data packet
The mode of the certification of label, it is ensured that the authenticity and unforgeable of data packet to be certified, to alleviate the prior art
In data packet to be certified be easy the technical issues of being forged.
Embodiment two:
The embodiment of the invention also provides a kind of space-time smart-tag authentication system based on link measurement, which is mainly used for
A kind of space-time smart-tag authentication method based on link measurement provided by above content of the embodiment of the present invention is executed, below to this hair
The space-time smart-tag authentication system based on link measurement that bright embodiment provides does specific introduction.
Fig. 5 is a kind of schematic diagram of space-time smart-tag authentication system based on link measurement according to an embodiment of the present invention, is answered
For satellite communication network, as shown in figure 5, the system specifically includes that multiple measurement module 10, space-time label are embedded in 20 He of module
Authentication module 30.
Specifically, multiple measurement module 10, for control satellite communication network user terminal and destinations traffic satellite it
Between take multiple measurements operation, obtain space-time label and measurement result, wherein repeatedly measurement operation number be greater than twice, when
Empty label includes at least one of: the synchronization point of user terminal, the location information for authenticating random code and user terminal;Measurement
As a result include at least one of: the current time of destinations traffic satellite, the first star distance, certification random code, user terminal
The location information of unique identifier, destinations traffic satellite.
Preferably, in embodiments of the present invention, repeatedly the number of measurement operation is three times.
Space-time label is embedded in module 20, for obtaining data packet to be certified, and combines space-time label and number to be certified
According to packet, the target packet for carrying space-time label is obtained.
Authentication module 30, for sending target packet and measurement result to authentication center, so that authentication center is according to mesh
The information in information and measurement result in mark data packet is authenticated, and authentication result is obtained.
Optionally, Fig. 6 is another space-time smart-tag authentication system based on link measurement according to an embodiment of the present invention
Schematic diagram, as shown in fig. 6, repeatedly measurement module 10 further include: the first measuring unit 11, the second measuring unit 12 and computing unit
13。
Specifically, the first measuring unit 11 sends the first certification measurement to destinations traffic satellite for controlling user terminal
Request, so that destinations traffic satellite after getting the first certification measurement request, calculates the first certification measurement request and reaches mesh
At the time of marking telecommunication satellite, obtained for the first moment, and generate certification random code;It include user terminal in first certification measurement request
Unique identifier.
Second measuring unit 12 sends the first response bag and second to user terminal simultaneously for controlling destinations traffic satellite
Certification measurement request;First response bag includes at least one of: the first moment, the second moment, certification random code, the second moment
For the sending instant of the first response bag and the second certification measurement request.
Wherein, user terminal calculates the second certification and surveys after receiving the first response bag and the second certification measurement request
When amount request reaches user terminal, on user terminal at the time of clock, the third moment is obtained, and calculates transmission the first certification measurement
Time interval at the time of request between the third moment obtains first time interval, and sends second to destinations traffic satellite
Response bag, wherein include at least one of in the second response bag: third moment, first time interval, the 4th moment, certification
Random code, the 4th moment are the sending instant of the second response bag.
Computing unit 13, for based on the data in the data and the second response bag in the first response bag, when being calculated
Empty label and measurement result.
Optionally, computing unit 13 is also used to:
Using formula Te=Tg- (Ts+ (Dt4+Dt1+Dt2)/2) calculating star time difference Te, wherein when Tg is third
It carves, Ts was the first moment, and Dt4+Dt1 is first time interval, time interval of the Dt2 between the first moment and the second moment;
The current time Tn of clock on user terminal is obtained, and calculates the synchronization point Tg ' of user terminal by formula Tg '=Tn-Te;
Obtain the location information of user terminal;The location information of the synchronization point of user terminal, certification random code and user terminal is made
For space-time label.
Optionally, computing unit 13 is also used to:
Obtain the current time of destinations traffic satellite and the location information of destinations traffic satellite;Utilize formula dsg=(Dt4+
Dt1-Dt2) * C/2 calculates the first star ground distance dsg, wherein C is the light velocity, and Dt4+Dt1 is first time interval, when Dt2 is first
Carve the time interval between the second moment;By the current time of destinations traffic satellite, the first star distance, certification random code,
The location information of user terminal unique identifier, destinations traffic satellite, is determined as measurement result.
Specifically, authentication module 30 is also used to:
The synchronization point of user terminal is obtained in the information of target packet;And it obtains communication in the measurement results and defends
The current time of star;
Calculate the time difference at the current time of telecommunication satellite and the synchronization point of user terminal;
Judge whether time difference is greater than the first preset value;
If it is, obtaining authentication result is the first authentication result, wherein the first authentication result indicates obstructed to authenticating
It crosses;
If it is not, then the second star of positional information calculation of location information and user terminal based on telecommunication satellite ground distance;
With calculating the first star distance and the second star ground the distance between distance difference;
Judge whether distance difference is greater than the second preset value;
If it is, obtaining authentication result is the first authentication result;
If it is not, then obtaining authentication result is the second authentication result, wherein the expression of the second authentication result passes through certification.
Optionally, as shown in fig. 6, system provided in an embodiment of the present invention further includes memory module 40, for knot will to be measured
Fruit is saved in the memory of telecommunication satellite.
It is apparent to those skilled in the art that for convenience and simplicity of description, the system of foregoing description
It with the specific work process of device, can refer to corresponding processes in the foregoing method embodiment, details are not described herein.
Unless specifically stated otherwise, the opposite step of the component and step that otherwise illustrate in these embodiments, digital table
It is not limit the scope of the invention up to formula and numerical value.
It should also be noted that similar label and letter indicate similar terms in following attached drawing, therefore, once a certain Xiang Yi
It is defined in a attached drawing, does not then need that it is further defined and explained in subsequent attached drawing.
The flow chart and block diagram in the drawings show the system of multiple embodiments according to the present invention, method and computer journeys
The architecture, function and operation in the cards of sequence product.In this regard, each box in flowchart or block diagram can generation
A part of one module, section or code of table, a part of the module, section or code include one or more use
The executable instruction of the logic function as defined in realizing.It should also be noted that in some implementations as replacements, being marked in box
The function of note can also occur in a different order than that indicated in the drawings.For example, two continuous boxes can actually base
Originally it is performed in parallel, they can also be executed in the opposite order sometimes, and this depends on the function involved.It is also noted that
It is the combination of each box in block diagram and or flow chart and the box in block diagram and or flow chart, can uses and execute rule
The dedicated hardware based system of fixed function or movement is realized, or can use the group of specialized hardware and computer instruction
It closes to realize.
It is apparent to those skilled in the art that for convenience and simplicity of description, the system of foregoing description,
The specific work process of device and unit, can refer to corresponding processes in the foregoing method embodiment, and details are not described herein.
In several embodiments provided herein, it should be understood that disclosed systems, devices and methods, it can be with
It realizes by another way.The apparatus embodiments described above are merely exemplary, for example, the division of the unit,
Only a kind of logical function partition, there may be another division manner in actual implementation, in another example, multiple units or components can
To combine or be desirably integrated into another system, or some features can be ignored or not executed.Another point, it is shown or beg for
The mutual coupling, direct-coupling or communication connection of opinion can be through some communication interfaces, device or unit it is indirect
Coupling or communication connection can be electrical property, mechanical or other forms.
The unit as illustrated by the separation member may or may not be physically separated, aobvious as unit
The component shown may or may not be physical unit, it can and it is in one place, or may be distributed over multiple
In network unit.It can select some or all of unit therein according to the actual needs to realize the mesh of this embodiment scheme
's.
It, can also be in addition, the functional units in various embodiments of the present invention may be integrated into one processing unit
It is that each unit physically exists alone, can also be integrated in one unit with two or more units.
It, can be with if the function is realized in the form of SFU software functional unit and when sold or used as an independent product
It is stored in the executable non-volatile computer-readable storage medium of a processor.Based on this understanding, of the invention
Technical solution substantially the part of the part that contributes to existing technology or the technical solution can be with software in other words
The form of product embodies, which is stored in a storage medium, including some instructions use so that
One computer equipment (can be personal computer, server or the network equipment etc.) executes each embodiment institute of the present invention
State all or part of the steps of method.And storage medium above-mentioned includes: USB flash disk, mobile hard disk, read-only memory (ROM, Read-
Only Memory), random access memory (RAM, Random Access Memory), magnetic or disk etc. are various can be with
Store the medium of program code.
Finally, it should be noted that embodiment described above, only a specific embodiment of the invention, to illustrate the present invention
Technical solution, rather than its limitations, scope of protection of the present invention is not limited thereto, although with reference to the foregoing embodiments to this hair
It is bright to be described in detail, those skilled in the art should understand that: anyone skilled in the art
In the technical scope disclosed by the present invention, it can still modify to technical solution documented by previous embodiment or can be light
It is readily conceivable that variation or equivalent replacement of some of the technical features;And these modifications, variation or replacement, do not make
The essence of corresponding technical solution is detached from the spirit and scope of technical solution of the embodiment of the present invention, should all cover in protection of the invention
Within the scope of.Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.
Claims (10)
1. a kind of space-time smart-tag authentication method based on link measurement, which is characterized in that be applied to satellite communication network, the side
Method includes:
It controls the satellite communication network and takes multiple measurements operation between user terminal and destinations traffic satellite, obtain space-time
Label and measurement result, wherein it is described it is multiple measurement operation number be greater than twice, the space-time label include it is following at least it
One: the synchronization point of user terminal, the location information for authenticating random code and user terminal;The measurement result include it is following at least
One of: the current time of destinations traffic satellite, the first star distance, certification random code, user terminal unique identifier, target it is logical
Believe the location information of satellite;
Data packet to be certified is obtained, and in conjunction with the space-time label and the data packet to be certified, when obtaining carrying described
The target packet of empty label;
The target packet and the measurement result are sent to authentication center, so that the authentication center is according to the number of targets
It is authenticated according to the information in the information and the measurement result in packet, obtains authentication result.
2. the method according to claim 1, wherein controlling the satellite communication network in user terminal and target
Operation is taken multiple measurements between telecommunication satellite, obtains space-time label and measurement result includes:
It controls the user terminal and sends the first certification measurement request to the destinations traffic satellite, so that the destinations traffic is defended
After getting the first certification measurement request, calculating the first certification measurement request reaches the destinations traffic and defends star
It at the time of star, obtained for the first moment, and generates certification random code;It include that user terminal is unique in the first certification measurement request
Identifier;
It controls the destinations traffic satellite and sends the first response bag and the second certification measurement request to the user terminal simultaneously;Institute
Stating the first response bag includes at least one of: first moment, the second moment, the certification random code, when described second
Carve is first response bag and the sending instant that the second certification measurement is requested;
Wherein, the user terminal calculates institute after receiving first response bag and the second certification measurement request
When stating the second certification measurement request arrival user terminal, on the user terminal at the time of clock, the third moment is obtained, and
It calculates at the time of sending the first certification measurement request the time interval between the third moment, obtains between first time
Every, and the second response bag is sent to the destinations traffic satellite, wherein include at least one of in second response bag:
The third moment, the first time interval, the 4th moment, certification random code, the 4th moment are second response
The sending instant of packet;
Based on the data in the data and second response bag in first response bag, be calculated the space-time label and
The measurement result.
3. according to the method described in claim 2, it is characterized in that, based on the data and described second in first response bag
The space-time label is calculated in data in response bag, comprising:
Using formula Te=Tg- (Ts+ (Dt4+Dt1+Dt2)/2) calculating star time difference Te, wherein when Tg is the third
It carves, Ts is first moment, and Dt4+Dt1 is the first time interval, and Dt2 is first moment and second moment
Between time interval;
The current time Tn of clock on the user terminal is obtained, and the user terminal is calculated by formula Tg '=Tn-Te
Synchronization point Tg ';
Obtain the location information of the user terminal;
Using the synchronization point of the user terminal, it is described certification random code and the user terminal location information as it is described when
Empty label.
4. according to the method described in claim 2, it is characterized in that, based on the data and described second in first response bag
Data in response bag, the measurement result, which is calculated, includes:
Obtain the current time of the destinations traffic satellite and the location information of the destinations traffic satellite;
Utilize formula dsg=(Dt4+Dt1-Dt2) * C/2 calculates the first star ground distance dsg, wherein C is the light velocity, and Dt4+Dt1 is institute
State first time interval, time interval of the Dt2 between first moment and second moment;
By the current time of the destinations traffic satellite, first star distance, the certification random code, the user terminal
The location information of unique identifier, the destinations traffic satellite, is determined as the measurement result.
5. according to the method described in claim 2, it is characterized in that, the authentication center is according to the letter in the target packet
Information in breath and the measurement result is authenticated, and authentication result is obtained, comprising:
The synchronization point of user terminal is obtained in the information of the target packet;And institute is obtained in the measurement result
State the current time of telecommunication satellite;
Calculate the time difference at the current time of the telecommunication satellite and the synchronization point of the user terminal;
Judge whether the time difference is greater than the first preset value;
If it is, obtaining the authentication result is the first authentication result, wherein the first authentication result expression is recognized described
Card does not pass through.
6. according to the method described in claim 5, it is characterized in that, then the method also includes:
If it is judged that the time difference is less than or equal to first preset value, then the position based on the telecommunication satellite is believed
Cease with the second star of positional information calculation of the user terminal distance;
With calculating first star distance and second star ground the distance between distance difference;
Judge whether the distance difference is greater than the second preset value;
If it is, obtaining the authentication result is first authentication result;
If it is not, then obtaining the authentication result is the second authentication result, wherein the second authentication result expression is recognized described
Card passes through.
7. the method according to claim 1, wherein the method also includes:
The measurement result is saved in the memory of the destinations traffic satellite.
8. a kind of space-time smart-tag authentication system based on link measurement, which is characterized in that be set to satellite communication network, comprising:
Multiple measurement module, space-time label are embedded in module and authentication module, wherein
The multiple measurement module carries out between user terminal and destinations traffic satellite for controlling the satellite communication network
Repeatedly measurement operation, obtains space-time label and measurement result, wherein the number of the multiple measurement operation is greater than twice, described
Space-time label includes at least one of: the synchronization point of user terminal, the location information for authenticating random code and user terminal;Institute
Stating measurement result includes at least one of: the current time of destinations traffic satellite, the first star distance, certification random code, use
The location information of family terminal unique identifier, destinations traffic satellite;
The space-time label is embedded in module, for obtaining data packet to be certified, and in conjunction with the space-time label with described wait recognize
The data packet of card obtains the target packet for carrying the space-time label;
The authentication module, for sending the target packet and the measurement result to authentication center, so that the certification
Center is authenticated according to the information in the information and the measurement result in the target packet, obtains authentication result.
9. system according to claim 8, which is characterized in that the multiple measurement module further include: the first measuring unit,
Second measuring unit and computing unit, wherein
First measuring unit is asked for controlling the user terminal to destinations traffic satellite transmission the first certification measurement
It asks, so that the destinations traffic satellite calculates the first certification measurement after getting the first certification measurement request
At the time of request reaches the destinations traffic satellite, obtained for the first moment, and generate certification random code;The first certification measurement
It include user terminal unique identifier in request;
Second measuring unit sends the first response bag to the user terminal simultaneously for controlling the destinations traffic satellite
With the second certification measurement request;First response bag includes at least one of: first moment, the second moment, described
Random code is authenticated, second moment is the sending instant of first response bag and the second certification measurement request;
Wherein, the user terminal calculates institute after receiving first response bag and the second certification measurement request
When stating the second certification measurement request arrival user terminal, on the user terminal at the time of clock, the third moment is obtained, and
It calculates at the time of sending the first certification measurement request the time interval between the third moment, obtains between first time
Every, and the second response bag is sent to the destinations traffic satellite, wherein include at least one of in second response bag:
The third moment, the first time interval, the 4th moment, certification random code, the 4th moment are second response
The sending instant of packet;
The computing unit, for calculating based on the data in the data and second response bag in first response bag
Obtain the space-time label and the measurement result.
10. system according to claim 9, which is characterized in that the computing unit is also used to:
Using formula Te=Tg- (Ts+ (Dt4+Dt1+Dt2)/2) calculating star time difference Te, wherein when Tg is the third
It carves, Ts is first moment, and Dt4+Dt1 is the first time interval, and Dt2 is first moment and second moment
Between time interval;
The current time Tn of clock on the user terminal is obtained, and the user terminal is calculated by formula Tg '=Tn-Te
Synchronization point Tg ';
Obtain the location information of the user terminal;
Using the synchronization point of the user terminal, it is described certification random code and the user terminal location information as it is described when
Empty label.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910583625.8A CN110233738B (en) | 2019-06-28 | 2019-06-28 | Space-time label authentication method and system based on link measurement |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910583625.8A CN110233738B (en) | 2019-06-28 | 2019-06-28 | Space-time label authentication method and system based on link measurement |
Publications (2)
Publication Number | Publication Date |
---|---|
CN110233738A true CN110233738A (en) | 2019-09-13 |
CN110233738B CN110233738B (en) | 2020-05-12 |
Family
ID=67857667
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910583625.8A Active CN110233738B (en) | 2019-06-28 | 2019-06-28 | Space-time label authentication method and system based on link measurement |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110233738B (en) |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103222228A (en) * | 2010-11-18 | 2013-07-24 | 波音公司 | Spot beam based authentication of a satellite receiver |
US20140321511A1 (en) * | 2012-10-16 | 2014-10-30 | The Boeing Company | Space based authentication utilizing signals from low and medium earth orbit |
CN108055263A (en) * | 2017-12-11 | 2018-05-18 | 北京理工大学 | Entity authentication Rights Management System and method in a kind of satellite communication network |
-
2019
- 2019-06-28 CN CN201910583625.8A patent/CN110233738B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103222228A (en) * | 2010-11-18 | 2013-07-24 | 波音公司 | Spot beam based authentication of a satellite receiver |
US20140321511A1 (en) * | 2012-10-16 | 2014-10-30 | The Boeing Company | Space based authentication utilizing signals from low and medium earth orbit |
CN108055263A (en) * | 2017-12-11 | 2018-05-18 | 北京理工大学 | Entity authentication Rights Management System and method in a kind of satellite communication network |
Also Published As
Publication number | Publication date |
---|---|
CN110233738B (en) | 2020-05-12 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110493261A (en) | Identifying code acquisition methods, client, server and storage medium based on block chain | |
CN108369763A (en) | Charging system for vehicle | |
CN106533687B (en) | A kind of identity identifying method and equipment | |
CN105933353B (en) | The realization method and system of secure log | |
CN105898741B (en) | The control method and control system and UAV system of unmanned plane | |
CN110011988A (en) | Based on the certification authentication method and device of block chain, storage medium, electronic device | |
CN105119887B (en) | Method of calling and system | |
CN108512846A (en) | Mutual authentication method and device between a kind of terminal and server | |
RU2014129856A (en) | SYSTEM AND METHOD OF DYNAMIC TEMPORARY RESOLUTION FOR PAYMENT IN PORTABLE COMMUNICATION DEVICE | |
CN108259438A (en) | A kind of method and apparatus of the certification based on block chain technology | |
CN106411950B (en) | Authentication method, apparatus and system based on block chain transaction id | |
CN109525989A (en) | Data processing, identity identifying method and system, terminal | |
CN110084011A (en) | A kind of method and device of the verifying of user's operation | |
US9049596B1 (en) | Prevention of fraud in mobile SIM reissuing via knowledge based authentication | |
JP2007089156A (en) | Message transmitting method | |
CN108734836A (en) | shared bicycle unlocking method, system and terminal | |
CN108650220A (en) | Provide, obtain method, the equipment of mobile terminal certificate and automobile end chip certificate | |
CN108696356A (en) | A kind of digital certificate delet method, apparatus and system based on block chain | |
CN108632325A (en) | A kind of call method and device of application | |
CN105898790A (en) | Internet speed measuring method and equipment | |
CN110278255A (en) | A kind of method and device of the Internet of Things IOT communication between devices based on block chain | |
CN110071907A (en) | The generation method and device of two dimensional code | |
CN110247911A (en) | A kind of Traffic anomaly detection method and system | |
CN109150857A (en) | The method and apparatus of authentification of message | |
CN110233738A (en) | Space-time smart-tag authentication method and system based on link measurement |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |