CN112187777A - Intelligent traffic sensing data encryption method and device, computer equipment and storage medium - Google Patents

Intelligent traffic sensing data encryption method and device, computer equipment and storage medium Download PDF

Info

Publication number
CN112187777A
CN112187777A CN202011016466.2A CN202011016466A CN112187777A CN 112187777 A CN112187777 A CN 112187777A CN 202011016466 A CN202011016466 A CN 202011016466A CN 112187777 A CN112187777 A CN 112187777A
Authority
CN
China
Prior art keywords
data
cloud server
user
key
decryption key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202011016466.2A
Other languages
Chinese (zh)
Inventor
苏聪
盛恩菊
王志敏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Sunwin Intelligent Co Ltd
Original Assignee
Shenzhen Sunwin Intelligent Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Sunwin Intelligent Co Ltd filed Critical Shenzhen Sunwin Intelligent Co Ltd
Priority to CN202011016466.2A priority Critical patent/CN112187777A/en
Publication of CN112187777A publication Critical patent/CN112187777A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0407Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
    • H04L63/0414Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden during transmission, i.e. party's identity is protected against eavesdropping, e.g. by using temporary identifiers, but is known to the other party or parties involved in the communication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0891Revocation or update of secret information, e.g. encryption key update or rekeying

Abstract

The invention relates to a smart traffic sensing encryption method, a device, computer equipment and a storage medium, wherein the method comprises the steps of initializing a smart traffic sensing system, and acquiring a master key and public parameters; creating a decryption key of a user; encrypting each sensor in the intelligent traffic sensing system to obtain sensing data; and sending the sensing data to a cloud server for storage at the cloud server. According to the invention, the decryption key of the user is set, the symmetric key encryption is carried out on the data detected by the sensor through light-weight operation, the encrypted data is transmitted to the cloud server for storage, fine-grained access control is carried out during subsequent user access, when the decryption key of the user is leaked, the user access authority corresponding to the decryption key is timely cancelled, the phenomena of flow interception, sensor harm and data leakage in the cloud server are safely prevented, and safer digital information is provided for urban users on the basis of the use of the existing intelligent traffic sensor.

Description

Intelligent traffic sensing data encryption method and device, computer equipment and storage medium
Technical Field
The invention relates to a sensing data encryption method, in particular to an intelligent traffic sensing encryption method, a device, computer equipment and a storage medium.
Background
At present, various intelligent services based on products of the internet of things are developed for the convenience of citizens. Sensing devices are already deployed in urban environments, which generate large amounts of data, often outsourcing the sensing data to certain cloud service companies to reduce capital and operating expenses and ensure high availability. However, cloud services may suffer from data leakage due to software and hardware, or they may have an incentive to release stored data to unauthorized entities. In many cases, sensory data includes sensitive or valuable data, information that is only authorized for reading by a user. However, the cloud server also has a leakage problem, and particularly, the cloud server is very vulnerable to a great deal of attacks, and data leakage of the smart city system may be a great money loss for data owners, or invade citizen privacy.
Aiming at the situation that data leakage is caused by the fact that an existing cloud server is attacked, the security encryption of the cloud server is started generally, and interaction requests sent to the cloud server are verified to ensure that malicious attacks do not exist.
Therefore, it is necessary to design a new method to provide safer digital information for urban users based on the existing smart traffic sensors, and to safely prevent the phenomena of traffic interception, sensor hazard, and data leakage in the cloud server.
Disclosure of Invention
The invention aims to overcome the defects of the prior art and provides an intelligent traffic sensing encryption method, an intelligent traffic sensing encryption device, a computer device and a storage medium.
In order to achieve the purpose, the invention adopts the following technical scheme: the intelligent traffic sensing encryption method comprises the following steps:
initializing an intelligent traffic sensing system, and acquiring a master key and public parameters;
creating a decryption key of a user;
encrypting each sensor in the intelligent traffic sensing system to obtain sensing data;
and sending the sensing data to a cloud server for storage at the cloud server.
The further technical scheme is as follows: the sending the sensing data to a cloud server so as to further include, after the cloud server stores the sensing data:
when the cloud server acquires the access request, verifying a decryption key and access authority of the user, and responding to the access request according to a verification result;
and when the decryption key of the user is leaked, revoking the decryption key of the user.
The further technical scheme is as follows: the encrypting each sensor within the intelligent traffic sensing system to obtain sensed data includes:
randomly generating a data encryption key for each sensor in the intelligent traffic sensing system;
and encrypting the data detected by the sensor by using the data encryption key to obtain the sensing data.
The further technical scheme is as follows: after encrypting the data detected by the sensor by using the data encryption key to obtain the sensing data, the method further comprises:
the data encryption key is re-validated and the data encryption counter is initialized.
The further technical scheme is as follows: when the cloud server acquires the access request, verifying the decryption key and the access authority of the user, and responding the access request according to the verification result, wherein the method comprises the following steps:
when the cloud server acquires the access request, judging whether a decryption key of the user is expired;
if the decryption key of the user is expired, the cloud server updates the decryption key of the user;
the cloud server judges whether the sensing data corresponding to the access request is expired;
if the sensing data corresponding to the access request is expired, the cloud server updates the sensing data;
and the cloud server transmits the updated sensing data to the terminal so that the terminal can decrypt the sensing data by combining the updated decryption key of the user.
The further technical scheme is as follows: when the decryption key of the user is leaked, revoking the decryption key of the user includes:
when the decryption key of the user is leaked, the cloud server acquires the message of the communication protocol again, adds the data encryption key in the message of the communication protocol to the history record in the cloud server, and discards the user information corresponding to the leaked decryption key of the user in the history record.
The invention also provides an intelligent traffic sensing encryption device, which comprises:
the system initialization unit is used for initializing the intelligent traffic sensing system and acquiring a master key and public parameters;
a decryption key creation unit for creating a decryption key of a user;
the encryption unit is used for encrypting each sensor in the intelligent traffic sensing system to obtain sensing data;
and the sending unit is used for sending the sensing data to a cloud server so as to be stored in the cloud server.
The further technical scheme is as follows: the encryption unit includes:
the key generation subunit is used for randomly generating a data encryption key for each sensor in the intelligent traffic sensing system;
and the data encryption subunit is used for encrypting the data detected by the sensor by using the data encryption key to obtain the sensing data.
The invention also provides computer equipment which comprises a memory and a processor, wherein the memory is stored with a computer program, and the processor realizes the method when executing the computer program.
The invention also provides a storage medium storing a computer program which, when executed by a processor, is operable to carry out the method as described above.
Compared with the prior art, the invention has the beneficial effects that: according to the invention, after a system where the sensor is located is initialized, a decryption key of a user is set, the data detected by the sensor is subjected to lightweight operation symmetric key encryption, the encrypted data is transmitted to the cloud server for storage, fine-grained access control is performed during subsequent user access, and when the decryption password of the user is leaked, the user access right corresponding to the decryption password is timely cancelled, so that the phenomena of flow interception, sensor damage and data leakage in the cloud server can be safely prevented, and safer digital information is provided for urban users on the basis of the use of the existing intelligent traffic sensor.
The invention is further described below with reference to the accompanying drawings and specific embodiments.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 is a schematic view of an application scenario of an intelligent traffic sensing encryption method according to an embodiment of the present invention;
fig. 2 is a schematic flow chart illustrating a smart traffic sensing encryption method according to an embodiment of the present invention;
FIG. 3 is a schematic sub-flowchart of a smart traffic sensing encryption method according to an embodiment of the present invention;
FIG. 4 is a schematic block diagram of an intelligent traffic sensing encryption device according to an embodiment of the present invention;
fig. 5 is a schematic block diagram of an encryption unit of the intelligent traffic sensing encryption device according to an embodiment of the present invention;
FIG. 6 is a schematic block diagram of a computer device provided by an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
It will be understood that the terms "comprises" and/or "comprising," when used in this specification and the appended claims, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof.
It is also to be understood that the terminology used in the description of the invention herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. As used in the specification of the present invention and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise.
It should be further understood that the term "and/or" as used in this specification and the appended claims refers to and includes any and all possible combinations of one or more of the associated listed items.
Referring to fig. 1 and fig. 2, fig. 1 is a schematic view illustrating an application scenario of an intelligent traffic sensing encryption method according to an embodiment of the present invention. Fig. 2 is a schematic flow chart of a smart traffic sensing encryption method according to an embodiment of the present invention. The intelligent traffic sensing encryption method is applied to a server, the server performs data interaction with an intelligent traffic sensing system and a cloud server, data of the intelligent traffic sensing system are encrypted and then transmitted to the cloud server, the encrypted secret key is renewed every time, in the user access process, whether a decryption secret key is expired or not and whether access authority exists or not are verified, and when the decryption secret key is leaked, the decryption secret key is cancelled. The server is provided with a TTP (Time-Triggered Protocol).
Fig. 2 is a schematic flow chart of an intelligent traffic sensing encryption method according to an embodiment of the present invention. As shown in fig. 2, the method includes the following steps S110 to S140.
S110, initializing the intelligent traffic sensing system, and acquiring a master key and public parameters.
In this embodiment, each sensor within the smart traffic sensing system is initialized, the TTP executes set primitives, obtains attributes of the smart traffic sensing system, and generates a master key and common parameters. The TTP keeps the master key secret and initializes an empty re-encryption key history for each key to record attributes in the cloud server.
The primitive language is that a blank PCB is applied for a new process, a unique numerical identifier is distributed to the blank PCB, the inner name of the PCB is obtained, then the process is set to be in a ready state, and the process is arranged into a ready queue and a process family queue.
Specifically, the TTP holds a master key and a public/private key pair (k (TTP) pub, k (TTP) priv) by which a digital signature algorithm can be executed. Notation Sign (·) stands for TTP's signature algorithm. TTP is associated with each sensor j, a long push (k (j) LT), which is a preloaded symmetric key, present in the sensor. Each sensor also possesses a data encryption key (dek (j)), which is a symmetric key used to encrypt the sensed data. For each sensed data, the sensor calculates a new data encryption key as a one-way hash of the old version, which is securely destroyed. Each user u has a decryption key dk (u) and a public/private key pair (k (u) pub, k (u) priv) by means of which he can receive an asymmetric encryption of a secret message. The cloud server maintains a history of re-encrypted database keys and a decryption key component database to allow the agent to re-encrypt. In addition, it stores encrypted sensing data, sensor key material and ABE sealing keys. The sensed encrypted data is the sensed data generated by the sensor and the data encryption key is used. The sensor keying material is the amount required for a set of cryptographic sensors to encrypt the sensed data. The ABE sealing key is a data encryption key encrypted using ABE. Both the induction key material and the ABE sealed key are produced by TTP. To decrypt a block of encrypted sensory data, the user must first decrypt the corresponding ABE sealing key, thereby retrieving the data encryption key, and then decrypt it.
Monitoring road segment attributes allows the server to restrict users from accessing data sensed only from certain paths or regions of a city, designated as a set of road segments, i.e., authorized road segments. The server is allowed to restrict the user from accessing data that is only detected during a certain period of time, i.e., the validity period. Because TTP should produce a large number of ABE sealing keys in a time unit, a reasonable choice of time unit is one day.
In a smart traffic sensing system, edge representative segments of a city are represented by a network of streets, i.e., graphs. Each street is in one or more road segments and has a unique identifier. The sensor is a constrained device placed on the road segment from which the data was acquired, i.e., the distance of the sensed data relative to the road segment. The sensed data has been stored in encrypted form in the cloud server and is in a read-only state accessible to the user. The subscribers represent data users in the system. Each user has access to data obtained from certain users on the path or area of a city during a particular time period
And S120, creating a decryption key of the user.
In this embodiment, the decryption key of the user is used to access the sensing data.
The server provides the decryption key dk (u) to the user u. The TTP defines the access policy dk (u) of the user, which creates the decryption key of the user by performing the following operations: dk (u) KeyGen (MK, t (u)); the TTP encrypts the corresponding message (dk (u), ts, Sign (dk (u), ts)) delivered to the user, where ts is a timestamp, with the user's public key k (u) pub and provided to the user directly or through a cloud server. The user verifies that the TTP signature is valid and the timestamp is fresh. If everything is correctThe user accepts dk (u) as his/her decryption key. At the same time, the TTP encodes the user message
Figure BDA0002699234440000061
Sending to the cloud server, wherein λ (u) is an access policy attribute of the user; sign is a Sign function, URIs a subset of the attribute range, limits the user to accessing sensed data only from certain paths or regions of the city, the cloud server verifies that the TTP signature is valid, and the timestamp verifies as fresh. If everything is correct, the cloud server will store the decryption key component
Figure BDA0002699234440000062
S130, encrypting each sensor in the intelligent traffic sensing system to obtain sensing data.
In this embodiment, the sensing data refers to the sensing data encrypted by the symmetric key for the lightweight operation.
In an embodiment, referring to fig. 3, the step S130 may include steps S131 to S133.
And S131, randomly generating a data encryption key for each sensor in the intelligent traffic sensing system.
In the present embodiment, the data encryption key refers to a key used for encrypting data detected by the sensor.
S132, encrypting the data detected by the sensor by using the data encryption key to obtain sensing data;
s133, reconfirming the data encryption key, and initializing the data encryption counter.
Performed at the beginning of each time unit, for each sensor j, the TTP randomly generates a data encryption key dek (j) and encrypts the sensor by performing the following operations: ask (j) ═ Encrypt (dek (j), γ (j), Y, Ti∈γ(j)) Where ASK (j) is an encryption algorithm, Encrypt is a computer primitive, γ (j) is an encryption attribute, Y, Ti∈γ(j)Is the attribute range of the input to obtain the key for ABE sealing for the current sensor j. TTP to encrypt ABEThe sealed key is sent to the cloud server to be stored. In addition, for each sensor j, the TTP encrypts the corresponding message to form
Figure BDA0002699234440000071
Long key
Figure BDA0002699234440000072
Is a time stamp of the time of day,
Figure BDA0002699234440000073
represents a message authentication code to
Figure BDA0002699234440000074
Is a bond. Such encrypted messages constitute the material of sensor j for the current time unit of the sensor key. The TTP sends the sensor keying material for each sensor to the cloud server that stores it. Each sensor retrieves its sensor key material from the cloud server and then verifies that the message authentication code is valid and that the timestamp is fresh. If everything is correct, the sensor accepts DEK (j) as the current data encryption key and initializes a data encryption counter (c (j)) to zero. The sensor uses a data encryption counter to keep track of how many times the data encryption key time unit is currently updated. A reasonable choice of time units is one day.
Each time a sensor j senses new sensing data, the sensor firstly encrypts the sensed data by using the current data thereof by using a data encryption key dek (j), and the encrypted sensing data and the current data encryption counter c (j) form encrypted sensing data esd (j). The sensor sends the encrypted sensing data to the cloud server for storage. The sensor then computes a new data encryption key as the old one-way hash: DEK (j) Wen H (DEK (j)). Finally, the sensor securely destroys the old data encryption key and increments its data encryption counter.
And S140, sending the sensing data to a cloud server for storage in the cloud server.
In this embodiment, the encrypted sensing data may be stored in the cloud server as the sensing data, and in other embodiments, the encrypted sensing data, that is, the sensing data and the current data encryption counter may form an encrypted sensing data, and the encrypted sensing data is transmitted to the cloud server for storage.
In one embodiment, after the step S140, the method further includes steps S150 to S160.
S150, when the cloud server obtains the access request, verifying the decryption key and the access authority of the user, and responding to the access request according to a verification result.
In one embodiment, the step S150 may include the following steps:
when the cloud server acquires the access request, judging whether a decryption key of the user is expired;
if the decryption key of the user is expired, the cloud server updates the decryption key of the user;
the cloud server judges whether the sensing data corresponding to the access request is expired;
if the sensing data corresponding to the access request is expired, the cloud server updates the sensing data;
and the cloud server transmits the updated sensing data to the terminal so that the terminal can decrypt the sensing data by combining the updated decryption key of the user.
Specifically, whenever user u wants to access sensory data, the user first sends an access request to the cloud server specifying the sensory data he wants to access. Upon receiving the access request, the cloud server will check whether it passes, specifically the determination whether the number of components of the stored decryption key is expired, and for each expired component dki, the cloud server updates it by executing the following commands: dk'i=UpdateDK(i,dki,rki) And providing the updated component to the user. If the component of the decryption key has obsolete multiple versions, the cloud server will execute the UpdateDK primitive multiple times, each time using a different decryption key in the history RKHi. The cloud server checks whether there is some ABE sealed key ASK (j) of the sensing data, namely component cipher text of the sensing data is relative to the component cipher text of the sensing dataThe content requested by the user has expired. For each expired component ei, the cloud server updates it by executing the following commands: dk'i=UpdateDK(i,ei,rki) And replace ei with the updated version. If the version of the ABE ciphertext component ei has exceeded one version, the cloud server will execute the UpdateE primitive multiple times, each time using a different data encryption key in the history RKHi.
The cloud server provides the encrypted sensing data ESD (j) and an ABE sealing key of a time unit relative to the time unit for the user, and after receiving the message sent by the cloud server, the user retrieves the data encryption key by performing the following operations: dek (j) ═ Hc(j)(Decrypt (ASK (j), DK (u)); where Hn (-) denotes a one-way hash applied n times. the user decrypts the sensed data using the data encryption key DEK (j). if the user does not have access to the data, the decryption primitive will return and the user will not be able to retrieve the data encryption key.
And S160, when the decryption key of the user is leaked, revoking the decryption key of the user.
Specifically, when the decryption key of the user is leaked, the cloud server acquires the message of the communication protocol again, adds the data encryption key in the message of the communication protocol to the history record in the cloud server, and discards the user information corresponding to the leaked decryption key of the user in the history record.
In the present embodiment, when the key of the user is compromised, the cloud server performs key revocation. For each attribute i ∈ μ (u), the TTP updates the relevant quantity by performing the following operations: (t'i,T′i,rki) UpdateAttribute (i, MK), and let tiInstead of an updated version, the TTP sends a message
Figure BDA0002699234440000081
Sent to the cloud server, ts is the timestamp. The cloud server verifies that the TTP signature is valid and the timestamp is fresh. If everything is correct, the cloud server adds each re-encryption key rki to the history RKHi and discards all and revoked decryption key components
Figure BDA0002699234440000082
The associated user u. Finally, the TTP performs the sealing procedure in μ (u) limited to those sensors that have at least one ABE ciphertext attribute, i.e., the key revoked for the sensor that generated the sensory data is authorized to be decrypted.
The sensor only executes the lightweight operation symmetric key encryption, and a server can be arranged for interaction on the basis of the existing intelligent traffic sensing system, so that safer digital information is provided for urban users; constrained sensor devices may thus be used, allowing fine-grained access control to encrypted data stored in the cloud server, and traffic eavesdropping, sensor hazards, and data leaks in the cloud server may be securely prevented.
According to the intelligent traffic sensing encryption method, after a system where the sensor is located is initialized, a decryption key of a user is set, the data detected by the sensor is encrypted by a lightweight operation symmetric key, the encrypted data is transmitted to the cloud server to be stored, fine-grained access control is performed during subsequent user access, when the decryption key of the user is leaked, the user access right corresponding to the decryption key is timely cancelled, the phenomena of flow interception, sensor damage and data leakage in the cloud server can be safely prevented, and safer digital information is provided for urban users on the basis of the use of the existing intelligent traffic sensor.
Fig. 4 is a schematic block diagram of a smart traffic sensing encryption device 300 according to an embodiment of the present invention. As shown in fig. 4, the present invention also provides an intelligent traffic sensing encryption device 300 corresponding to the above intelligent traffic sensing encryption method. The intelligent traffic sensing encryption device 300 includes a unit for performing the intelligent traffic sensing encryption method described above, and the device may be configured in a server. Specifically, referring to fig. 4, the intelligent traffic sensing encryption device 300 includes a system initialization unit 301, a decryption key creation unit 302, an encryption unit 303, and a transmission unit 304.
The system initialization unit 301 is configured to initialize the smart traffic sensing system, and obtain a master key and a public parameter; a decryption key creation unit 302 for creating a decryption key of the user; an encryption unit 303, configured to encrypt each sensor in the smart traffic sensing system to obtain sensed data; a sending unit 304, configured to send the sensing data to a cloud server for storage at the cloud server.
In one embodiment, as shown in fig. 5, the encryption unit 303 includes a key generation sub-unit 3031, a data encryption sub-unit 3032, and a key reprocessing sub-unit 3033.
A key generation subunit 3031 configured to randomly generate a data encryption key for each sensor in the smart traffic sensing system; a data encryption sub-unit 3032, configured to encrypt data detected by the sensor with the data encryption key to obtain sensed data; a key re-processing sub-unit 3033, which is used to re-confirm the data encryption key and initialize the data encryption counter.
In addition, the device also comprises a cloud server.
The cloud server is used for verifying the decryption key and the access authority of the user when the cloud server obtains the access request, and responding to the access request according to a verification result; and when the decryption key of the user is leaked, revoking the decryption key of the user.
Specifically, the cloud server is configured to determine whether a decryption key of the user has expired when the cloud server obtains the access request; if the decryption key of the user is expired, the cloud server updates the decryption key of the user; the cloud server judges whether the sensing data corresponding to the access request is expired; if the sensing data corresponding to the access request is expired, the cloud server updates the sensing data; and the cloud server transmits the updated sensing data to the terminal so that the terminal can decrypt the sensing data by combining the updated decryption key of the user. When the decryption key of the user is leaked, the cloud server acquires the message of the communication protocol again, adds the data encryption key in the message of the communication protocol to the history record in the cloud server, and discards the user information corresponding to the leaked decryption key of the user in the history record.
It should be noted that, as will be clear to those skilled in the art, the detailed implementation process of the intelligent traffic sensing encryption device 300 and each unit can refer to the corresponding description in the foregoing method embodiment, and for convenience and brevity of description, no further description is provided herein.
The intelligent traffic sensing encryption device 300 may be implemented in the form of a computer program that can be run on a computer device as shown in fig. 6.
Referring to fig. 6, fig. 6 is a schematic block diagram of a computer device according to an embodiment of the present application. The computer device 500 may be a server, wherein the server may be an independent server or a server cluster composed of a plurality of servers.
Referring to fig. 6, the computer device 500 includes a processor 502, memory, and a network interface 505 connected by a system bus 501, where the memory may include a non-volatile storage medium 503 and an internal memory 504.
The non-volatile storage medium 503 may store an operating system 5031 and a computer program 5032. The computer programs 5032 include program instructions that, when executed, cause the processor 502 to perform a smart traffic sensing encryption method.
The processor 502 is used to provide computing and control capabilities to support the operation of the overall computer device 500.
The internal memory 504 provides an environment for the operation of the computer program 5032 in the non-volatile storage medium 503, and when the computer program 5032 is executed by the processor 502, the processor 502 can execute a smart traffic sensing encryption method.
The network interface 505 is used for network communication with other devices. Those skilled in the art will appreciate that the configuration shown in fig. 6 is a block diagram of only a portion of the configuration associated with the present application and does not constitute a limitation of the computer device 500 to which the present application may be applied, and that a particular computer device 500 may include more or less components than those shown, or may combine certain components, or have a different arrangement of components.
Wherein the processor 502 is configured to run the computer program 5032 stored in the memory to implement the following steps:
initializing an intelligent traffic sensing system, and acquiring a master key and public parameters; creating a decryption key of a user; encrypting each sensor in the intelligent traffic sensing system to obtain sensing data; and sending the sensing data to a cloud server for storage at the cloud server.
In an embodiment, the processor 502 further implements the following steps after implementing the sending of the sensing data to the cloud server for the storage step at the cloud server:
when the cloud server acquires the access request, verifying a decryption key and access authority of the user, and responding to the access request according to a verification result; and when the decryption key of the user is leaked, revoking the decryption key of the user.
In one embodiment, the processor 502 implements the encrypting each sensor in the intelligent traffic sensing system to obtain the sensed data step by:
randomly generating a data encryption key for each sensor in the intelligent traffic sensing system; and encrypting the data detected by the sensor by using the data encryption key to obtain the sensing data.
In an embodiment, after the step of encrypting the data detected by the sensor with the data encryption key to obtain the sensed data is implemented, the processor 502 further implements the following steps:
the data encryption key is re-validated and the data encryption counter is initialized.
In an embodiment, when the step of verifying the decryption key and the access right of the user when the cloud server obtains the access request and responding the access request according to the verification result is implemented, the processor 502 specifically implements the following steps:
when the cloud server acquires the access request, judging whether a decryption key of the user is expired; if the decryption key of the user is expired, the cloud server updates the decryption key of the user; the cloud server judges whether the sensing data corresponding to the access request is expired; if the sensing data corresponding to the access request is expired, the cloud server updates the sensing data; and the cloud server transmits the updated sensing data to the terminal so that the terminal can decrypt the sensing data by combining the updated decryption key of the user.
In an embodiment, when implementing the step of revoking the decryption key of the user when the decryption key of the user is leaked, the processor 502 specifically implements the following steps:
when the decryption key of the user is leaked, the cloud server acquires the message of the communication protocol again, adds the data encryption key in the message of the communication protocol to the history record in the cloud server, and discards the user information corresponding to the leaked decryption key of the user in the history record.
It should be understood that in the embodiment of the present Application, the Processor 502 may be a Central Processing Unit (CPU), and the Processor 502 may also be other general-purpose processors, Digital Signal Processors (DSPs), Application Specific Integrated Circuits (ASICs), Field Programmable Gate Arrays (FPGAs) or other Programmable logic devices, discrete Gate or transistor logic devices, discrete hardware components, and the like. Wherein a general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
It will be understood by those skilled in the art that all or part of the flow of the method implementing the above embodiments may be implemented by a computer program instructing associated hardware. The computer program includes program instructions, and the computer program may be stored in a storage medium, which is a computer-readable storage medium. The program instructions are executed by at least one processor in the computer system to implement the flow steps of the embodiments of the method described above.
Accordingly, the present invention also provides a storage medium. The storage medium may be a computer-readable storage medium. The storage medium stores a computer program, wherein the computer program, when executed by a processor, causes the processor to perform the steps of:
initializing an intelligent traffic sensing system, and acquiring a master key and public parameters; creating a decryption key of a user; encrypting each sensor in the intelligent traffic sensing system to obtain sensing data; and sending the sensing data to a cloud server for storage at the cloud server.
In an embodiment, the processor, after executing the computer program to implement the sending the sensing data to the cloud server to perform the storing step at the cloud server, further implements the following steps:
when the cloud server acquires the access request, verifying a decryption key and access authority of the user, and responding to the access request according to a verification result; and when the decryption key of the user is leaked, revoking the decryption key of the user.
In one embodiment, when the processor executes the computer program to perform the step of encrypting each sensor in the intelligent traffic sensing system to obtain the sensed data, the processor further performs the following steps:
randomly generating a data encryption key for each sensor in the intelligent traffic sensing system; and encrypting the data detected by the sensor by using the data encryption key to obtain the sensing data.
In an embodiment, after the step of encrypting the data detected by the sensor with the data encryption key to obtain the sensed data is implemented by the processor by executing the computer program, the following steps are further implemented:
the data encryption key is re-validated and the data encryption counter is initialized.
In an embodiment, when the processor executes the computer program to verify the decryption key and the access right of the user when the cloud server obtains the access request, and performs a response step of the access request according to a verification result, the following steps are specifically implemented:
when the cloud server acquires the access request, judging whether a decryption key of the user is expired; if the decryption key of the user is expired, the cloud server updates the decryption key of the user; the cloud server judges whether the sensing data corresponding to the access request is expired; if the sensing data corresponding to the access request is expired, the cloud server updates the sensing data; and the cloud server transmits the updated sensing data to the terminal so that the terminal can decrypt the sensing data by combining the updated decryption key of the user.
In an embodiment, when the processor executes the computer program to implement the step of revoking the decryption key of the user when the decryption key of the user is compromised, the following steps are specifically implemented:
when the decryption key of the user is leaked, the cloud server acquires the message of the communication protocol again, adds the data encryption key in the message of the communication protocol to the history record in the cloud server, and discards the user information corresponding to the leaked decryption key of the user in the history record.
The storage medium may be a usb disk, a removable hard disk, a Read-Only Memory (ROM), a magnetic disk, or an optical disk, which can store various computer readable storage media.
Those of ordinary skill in the art will appreciate that the elements and algorithm steps of the examples described in connection with the embodiments disclosed herein may be embodied in electronic hardware, computer software, or combinations of both, and that the components and steps of the examples have been described in a functional general in the foregoing description for the purpose of illustrating clearly the interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
In the embodiments provided in the present invention, it should be understood that the disclosed apparatus and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative. For example, the division of each unit is only one logic function division, and there may be another division manner in actual implementation. For example, various elements or components may be combined or may be integrated into another system, or some features may be omitted, or not implemented.
The steps in the method of the embodiment of the invention can be sequentially adjusted, combined and deleted according to actual needs. The units in the device of the embodiment of the invention can be merged, divided and deleted according to actual needs. In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a storage medium. Based on such understanding, the technical solution of the present invention essentially or partially contributes to the prior art, or all or part of the technical solution can be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a terminal, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention.
While the invention has been described with reference to specific embodiments, the invention is not limited thereto, and various equivalent modifications and substitutions can be easily made by those skilled in the art within the technical scope of the invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.

Claims (10)

1. The intelligent traffic sensing encryption method is characterized by comprising the following steps:
initializing an intelligent traffic sensing system, and acquiring a master key and public parameters;
creating a decryption key of a user;
encrypting each sensor in the intelligent traffic sensing system to obtain sensing data;
and sending the sensing data to a cloud server for storage at the cloud server.
2. The smart traffic sensing encryption method according to claim 1, wherein the sending the sensed data to a cloud server for storage by the cloud server further comprises:
when the cloud server acquires the access request, verifying a decryption key and access authority of the user, and responding to the access request according to a verification result;
and when the decryption key of the user is leaked, revoking the decryption key of the user.
3. The intelligent traffic sensing encryption method of claim 1, wherein encrypting each sensor in the intelligent traffic sensing system to obtain sensed data comprises:
randomly generating a data encryption key for each sensor in the intelligent traffic sensing system;
and encrypting the data detected by the sensor by using the data encryption key to obtain the sensing data.
4. The intelligent traffic sensing encryption method according to claim 3, wherein after encrypting the data detected by the sensor with the data encryption key to obtain the sensed data, the method further comprises:
the data encryption key is re-validated and the data encryption counter is initialized.
5. The intelligent traffic sensing encryption method according to claim 2, wherein the verifying the decryption key and the access right of the user when the cloud server obtains the access request, and responding to the access request according to the verification result comprises:
when the cloud server acquires the access request, judging whether a decryption key of the user is expired;
if the decryption key of the user is expired, the cloud server updates the decryption key of the user;
the cloud server judges whether the sensing data corresponding to the access request is expired;
if the sensing data corresponding to the access request is expired, the cloud server updates the sensing data;
and the cloud server transmits the updated sensing data to the terminal so that the terminal can decrypt the sensing data by combining the updated decryption key of the user.
6. The intelligent traffic sensing encryption method according to claim 2, wherein the revoking the decryption key of the user when the decryption key of the user is leaked comprises:
when the decryption key of the user is leaked, the cloud server acquires the message of the communication protocol again, adds the data encryption key in the message of the communication protocol to the history record in the cloud server, and discards the user information corresponding to the leaked decryption key of the user in the history record.
7. Wisdom traffic sensing encryption device, its characterized in that includes:
the system initialization unit is used for initializing the intelligent traffic sensing system and acquiring a master key and public parameters;
a decryption key creation unit for creating a decryption key of a user;
the encryption unit is used for encrypting each sensor in the intelligent traffic sensing system to obtain sensing data;
and the sending unit is used for sending the sensing data to a cloud server so as to be stored in the cloud server.
8. The intelligent traffic sensing encryption device of claim 7, wherein the encryption unit comprises:
the key generation subunit is used for randomly generating a data encryption key for each sensor in the intelligent traffic sensing system;
and the data encryption subunit is used for encrypting the data detected by the sensor by using the data encryption key to obtain the sensing data.
9. A computer device, characterized in that the computer device comprises a memory, on which a computer program is stored, and a processor, which when executing the computer program implements the method according to any of claims 1 to 6.
10. A storage medium, characterized in that the storage medium stores a computer program which, when executed by a processor, implements the method according to any one of claims 1 to 6.
CN202011016466.2A 2020-09-24 2020-09-24 Intelligent traffic sensing data encryption method and device, computer equipment and storage medium Pending CN112187777A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011016466.2A CN112187777A (en) 2020-09-24 2020-09-24 Intelligent traffic sensing data encryption method and device, computer equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011016466.2A CN112187777A (en) 2020-09-24 2020-09-24 Intelligent traffic sensing data encryption method and device, computer equipment and storage medium

Publications (1)

Publication Number Publication Date
CN112187777A true CN112187777A (en) 2021-01-05

Family

ID=73957098

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011016466.2A Pending CN112187777A (en) 2020-09-24 2020-09-24 Intelligent traffic sensing data encryption method and device, computer equipment and storage medium

Country Status (1)

Country Link
CN (1) CN112187777A (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108390876A (en) * 2018-02-13 2018-08-10 西安电子科技大学 Revocation outsourcing is supported to can verify that more authorization center access control methods, Cloud Server
CN110933033A (en) * 2019-10-27 2020-03-27 西安电子科技大学 Cross-domain access control method for multiple Internet of things domains in smart city environment

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108390876A (en) * 2018-02-13 2018-08-10 西安电子科技大学 Revocation outsourcing is supported to can verify that more authorization center access control methods, Cloud Server
CN110933033A (en) * 2019-10-27 2020-03-27 西安电子科技大学 Cross-domain access control method for multiple Internet of things domains in smart city environment

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
MARCO RASORI等: "ABE-Cities: An Attribute-Based Encryption System for Smart Cities", 《2018 IEEE INTERNATIONAL CONFERENCE ON SMART COMPUTING》 *

Similar Documents

Publication Publication Date Title
US7051211B1 (en) Secure software distribution and installation
KR100749867B1 (en) System and method for securely installing a cryptographic system on a secure device
EP3089399B1 (en) Methods and devices for securing keys for a non-secured, distributed environment with applications to virtualization and cloud-computing security and management
US7503074B2 (en) System and method for enforcing location privacy using rights management
US8806200B2 (en) Method and system for securing electronic data
US20080209231A1 (en) Contents Encryption Method, System and Method for Providing Contents Through Network Using the Encryption Method
KR101311059B1 (en) Revocation information management
CN105103119A (en) Data security service
CN105027130A (en) Delayed data access
US20200320178A1 (en) Digital rights management authorization token pairing
CN105103488A (en) Policy enforcement with associated data
CN105191207A (en) Federated key management
CN105122265A (en) Data security service system
JP2007511810A (en) Proof of execution using random number functions
KR101648364B1 (en) Method for improving encryption/decryption speed by complexly applying for symmetric key encryption and asymmetric key double encryption
US20090208015A1 (en) Offline consumption of protected information
US8417937B2 (en) System and method for securely transfering content from set-top box to personal media player
US8997252B2 (en) Downloadable security based on certificate status
CN112685786A (en) Financial data encryption and decryption method, system, equipment and storage medium
US11258601B1 (en) Systems and methods for distributed digital rights management with decentralized key management
US20190305940A1 (en) Group shareable credentials
KR102413497B1 (en) Systems and methods for secure electronic data transmission
US20210391982A1 (en) Distributed anonymized compliant encryption management system
KR20140004703A (en) Controlled security domains
CN112187777A (en) Intelligent traffic sensing data encryption method and device, computer equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20210105