CN113645582B - Logistics privacy protection system based on ciphertext policy attribute base key encapsulation - Google Patents

Logistics privacy protection system based on ciphertext policy attribute base key encapsulation Download PDF

Info

Publication number
CN113645582B
CN113645582B CN202110743563.XA CN202110743563A CN113645582B CN 113645582 B CN113645582 B CN 113645582B CN 202110743563 A CN202110743563 A CN 202110743563A CN 113645582 B CN113645582 B CN 113645582B
Authority
CN
China
Prior art keywords
logistics
key
information
module
end server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110743563.XA
Other languages
Chinese (zh)
Other versions
CN113645582A (en
Inventor
洪晟
潘豪文
李世中
漆小静
马杰
方翌佳
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beihang University
Original Assignee
Beihang University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beihang University filed Critical Beihang University
Publication of CN113645582A publication Critical patent/CN113645582A/en
Application granted granted Critical
Publication of CN113645582B publication Critical patent/CN113645582B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/30Services specially adapted for particular environments, situations or purposes
    • H04W4/35Services specially adapted for particular environments, situations or purposes for the management of goods or merchandise
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K7/00Methods or arrangements for sensing record carriers, e.g. for reading patterns
    • G06K7/10Methods or arrangements for sensing record carriers, e.g. for reading patterns by electromagnetic radiation, e.g. optical sensing; by corpuscular radiation
    • G06K7/10544Methods or arrangements for sensing record carriers, e.g. for reading patterns by electromagnetic radiation, e.g. optical sensing; by corpuscular radiation by scanning of the records by radiation in the optical part of the electromagnetic spectrum
    • G06K7/10821Methods or arrangements for sensing record carriers, e.g. for reading patterns by electromagnetic radiation, e.g. optical sensing; by corpuscular radiation by scanning of the records by radiation in the optical part of the electromagnetic spectrum further details of bar or optical code scanning devices
    • G06K7/10861Methods or arrangements for sensing record carriers, e.g. for reading patterns by electromagnetic radiation, e.g. optical sensing; by corpuscular radiation by scanning of the records by radiation in the optical part of the electromagnetic spectrum further details of bar or optical code scanning devices sensing of data fields affixed to objects or articles, e.g. coded labels
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/08Logistics, e.g. warehousing, loading or distribution; Inventory or stock management
    • G06Q10/083Shipping
    • G06Q10/0833Tracking
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • H04W12/033Protecting confidentiality, e.g. by encryption of the user plane, e.g. user's traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/041Key generation or derivation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/043Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
    • H04W12/0431Key distribution or pre-distribution; Key agreement

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Electromagnetism (AREA)
  • Economics (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Human Resources & Organizations (AREA)
  • Artificial Intelligence (AREA)
  • Toxicology (AREA)
  • Development Economics (AREA)
  • General Health & Medical Sciences (AREA)
  • Entrepreneurship & Innovation (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Marketing (AREA)
  • Operations Research (AREA)
  • Quality & Reliability (AREA)
  • Strategic Management (AREA)
  • Tourism & Hospitality (AREA)
  • General Business, Economics & Management (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention relates to a logistics privacy protection system based on ciphertext policy attribute base key encapsulation, which comprises a trusted key generation mechanism, a logistics company management end server, n handheld mobile devices and user mobile devices; the user mobile equipment and the handheld mobile equipment are provided with apps; the n handheld mobile devices are respectively communicated with the logistics company management end server and the trusted key generation mechanism, the user mobile device is respectively communicated with the trusted key generation mechanism and the logistics company management end server, the logistics company management end server is communicated with the trusted key generation mechanism, and the user mobile device is also communicated with the nth handheld mobile device. The system combines a CP-ABKE, an identity verification technology and a two-dimensional code technology to provide a new logistics privacy protection system, and designs an information access authority control mechanism based on attributes by combining hierarchical encryption and a two-dimensional code scanning decryption technology to realize the protection of internal user information.

Description

Logistics privacy protection system based on ciphertext policy attribute base key encapsulation
Technical Field
The invention provides a logistics privacy protection system based on ciphertext policy attribute base key encapsulation (CP-ABKE, ciphertext Policy-Attribute BasedKey Encapsulation), and belongs to the field of logistics information security.
Background
According to statistics of national post office, in 2020, 833.6 hundred million business volumes of national logistics service enterprises are accumulated, and the business volumes are increased by 31.2% in the same way; the service income is accumulated and completed 8795.4 hundred million yuan, which is increased by 17.3 percent. Wherein, the traffic volume in the same city is accumulated to be 121.7 hundred million, which is increased by 10.2% in the same ratio; 693.6 hundred million pieces of traffic are accumulated in different places, and the traffic is increased by 35.9% in the same ratio; the international/harbor australian platform traffic is accumulated to be 18.4 hundred million, and the same ratio is increased by 27.7%. However, in recent years, the event that the logistics company leaks the customer information is frequent, the main reason is that the privacy protection mechanism of the user is weaker, the personnel inside the logistics company can easily obtain the user privacy, the private information of the sender and the receiver is clearly written on the logistics face sheet, and the private information is easily obtained by lawbreakers, so that the privacy disclosure is caused, and the method becomes a target of lawbreaker telecommunication fraud or harassment.
The workflow of the traditional logistics information system is divided into three modules of a collecting stage, a transporting stage and a dispatching stage: in the receiving stage, a user fills in an electronic bill, filling in information comprises addresses, names, telephones and the like of a sender and a receiver, a logistics company plans a logistics path after receiving the electronic bill, returns a paper bill, posts the paper bill on a package and gives the paper bill to a logistics delivery center for starting transportation; after the packages arrive at a logistics sorting center in the transportation stage, sorting the packages by staff of a logistics company through information on a package face sheet, and transporting the packages to the next site; in the dispatch stage, the dispatcher contacts the recipient through the recipient information on the form and dispatches the package to the recipient. In the process, personnel in the logistics company can easily acquire the private information of the user, and the private information of the user exists on the package all the time, so that the threat to the privacy of the user is extremely high; in the delivery stage, the situation that the package is faked or misled by other people can also occur, so that direct loss is caused to the user.
Ciphertext policy attribute-based encryption (CP-ABE, ciphertext Policy Attribute Based Encryption) is an attribute-based encryption technique having four features: firstly, the resource provider only needs to encrypt by using the user attribute, does not need to pay attention to the number and the identity of members in the group, reduces the data encryption overhead and protects the user privacy; secondly, only group members meeting the ciphertext attribute requirement can decrypt the message, thereby ensuring the confidentiality of the data; thirdly, the user key in the ABE mechanism is related to a random polynomial or a random number, and keys of different users cannot be combined, so that collusion attack of the users is prevented; and fourthly, the ABE mechanism supports flexible access control strategies based on attributes, and AND, OR, NOT and threshold operation of the attributes can be realized. The characteristics enable ciphertext policy attribute base encryption (CP-ABE) to be more suitable for being used as an encryption scheme for protecting the privacy of a logistics system compared with the traditional public key encryption technology.
However, the ciphertext policy attribute-based encryption (CP-ABE) is an encryption algorithm based on bilinear pairing operation, the algorithm cost is high, and the encryption algorithm is difficult to deploy on mobile equipment.
The digital signature technology is an identity authentication technology based on public key encryption, a signature party uses a private key of the signature party to encrypt information to be used as a signature, other people can use public key decryption information of the signature party to realize verification of the signature, once the signature verification is successful, the information can be known to be sent by a user with a unique private key instead of other users according to the corresponding relation of public key cryptography. This technique can be used to solve the problem of person authentication where privacy is not a concern in the logistics distribution stage.
Disclosure of Invention
Aiming at the information security problem existing in the existing logistics system, the invention provides a logistics privacy protection system based on ciphertext policy attribute base key encapsulation (CP-ABKE). The invention aims to solve the problems of decentralization, face sheet information hiding and character verification of user privacy in the logistics process by utilizing technologies such as attribute encryption, two-dimensional code secret face sheet, digital signature and the like. The invention realizes the whole-flow protection of the user privacy in the logistics system, and particularly prevents personnel inside a logistics company from revealing the user privacy.
In order to achieve the above purpose, the invention adopts the following technical scheme:
the invention provides a logistics privacy protection system based on ciphertext policy attribute base key encapsulation (CP-ABKE), which comprises: the system comprises a trusted key generation mechanism, a logistics company management end server, n handheld mobile devices and user mobile devices;
The user mobile equipment is used by a sender and a receiver, and an app is arranged on the user mobile equipment;
the hand-held mobile equipment is used by logistics staff, the 1 st hand-held mobile equipment is used by an express delivery person 1, the 2 nd hand-held mobile equipment is used by an express delivery person 2, … …, the n-1 th hand-held mobile equipment is used by an express delivery person n-1, the n-th hand-held mobile equipment is used by a dispatch person n, and an app is arranged on the hand-held mobile equipment;
the app is internally provided with an order initialization module, a retrieval module, a receiving module and a mobile scanning dialing module; the order initialization module comprises an encryption module and a key encapsulation module; the retrieval module and the receiving module both comprise a decryption module and a key unpacking module; the order initialization module is deployed on the user mobile equipment, and the retrieval module, the receiving module and the mobile scanning dialing module are deployed on n handheld mobile equipment;
the trusted key generation mechanism is provided with an initialization module and a key generation module;
the logistics company management end server is provided with an information processing module, wherein the information processing module comprises an encryption module and a key encapsulation module;
the n handheld mobile devices are respectively communicated with a logistics company management end server and a trusted key generation mechanism, the user mobile devices are respectively communicated with the trusted key generation mechanism and the logistics company management end server, the logistics company management end server is communicated with the trusted key generation mechanism, and the user mobile devices are also communicated with the n handheld mobile devices;
The staff participating in the logistics transportation flow registers on the app of the handheld mobile device, and submits the corresponding working attributes to the trusted key generation mechanism so as to apply for the attribute private key;
the trusted key generation mechanism verifies the working attributes of all the workers, after the verification is passed, the initialization is carried out through the initialization module, then the attribute private key corresponding to each worker is generated through the key generation module and distributed to the handheld mobile equipment of the corresponding worker, the attribute private key is stored in the handheld mobile working equipment of the worker, and the trusted key generation mechanism also manages the attribute private key to prevent the key from being leaked or lost;
the trusted key generation mechanism also generates a corresponding public and private key pair for staff participating in the logistics transportation process and is arranged in the handheld mobile equipment;
the method comprises the steps that a sender and a receiver register on an app of a user mobile device, meanwhile, a trusted key generation mechanism generates corresponding public and private key pairs for the sender and the receiver and is arranged in the user mobile device, app accounts of the sender and the receiver bind the public and private key pairs issued by the trusted key generation mechanism, and the receiver sends own public keys to the sender;
The trusted key generation mechanism also issues a corresponding public and private key pair for a management end server of the logistics company, and the management end server of the logistics company can send the public key of the management end server of the logistics company to a sender;
staff participating in the logistics transportation flow logs in the app through the identity attribute and the working attribute, and can log in the app only after the working attribute and the identity attribute are successfully verified;
the sender logs in an app on a user mobile device, fills in logistics information on the user mobile device, generates an order, encrypts sender and recipient private information locally by using longitude and latitude coordinates of a recipient, signs a logistics package by using a Hash function and a private key of the sender, encrypts the encrypted private information, the encrypted signature and the logistics information by using a public key provided by a logistics company management end server, and then encapsulates the encrypted private information, the encrypted signature and the logistics information to be sent to the logistics company management end server;
the logistics company management end server receives an order initiated by a sender (or a user), decrypts the order by using a private key of the logistics company management end server, plans a transportation path through logistics information submitted by the sender (or the user), takes longitude and latitude coordinates of a logistics site on the transportation path as position attributes, takes normal working time of the logistics site as time attributes (working time of the logistics site or working time of a worker, such as from 8 to 18 in the morning), takes working identity of the logistics worker as authority attributes, carries out hierarchical encryption on logistics information by using the attributes, returns a secret two-dimensional code face list (comprising information required in a logistics transportation process), and posts the secret two-dimensional code face list on a logistics package surface and gives the secret two-dimensional code face list to a logistics delivery center for transportation;
In the logistics sorting stage, the courier 2 uses the 2 nd handheld mobile equipment to scan the encrypted two-dimensional code face list and uploads the self working attribute to a logistics company management end server;
the logistic company management end server sends corresponding ciphertext after verifying the received work attribute (when the work position, the work time and the work identity in the work attribute of the courier 2 are all corresponding to the attribute in the hierarchical encryption, the decryption is successful, and the logistic company management end server sends the corresponding ciphertext); after receiving the ciphertext, the 2 nd handheld mobile device generates a corresponding key through the attribute private key of the courier 2, decrypts the ciphertext, acquires information of the next station, and sends goods to the next station;
repeating the above operation until the logistics distribution stage;
in the logistics distribution stage, a dispatcher n uses an nth handheld mobile device to scan the encrypted two-dimensional code face list at a logistics site and uploads the self working attribute to a logistics company management end server;
the logistic company management end server verifies the received working attribute and then sends a corresponding ciphertext for the logistic company management end server; after receiving the ciphertext, the n-th handheld mobile device generates a corresponding key through the private key of the n-th handheld mobile device, decrypts the ciphertext, obtains a receiver address, scans codes again when the n-th handheld mobile device enters a certain range of the receiver address, generates a corresponding key through the private key of the n-th handheld mobile device, decrypts detailed information of the receiver, and sends a short message to the mobile device of the user or dials a telephone to contact the receiver (user);
In the logistics receiving stage, after receiving goods, a receiver uses a user mobile device to scan the encrypted two-dimensional code face list, uses a private key of the receiver to decrypt the digital signature of the sender, and verifies the digital signature of the sender; and the sender n uses the n-th handheld mobile device to verify the digital signature of the sender decrypted by the receiver, and after the verification is completed, the receiver uses the user mobile device to send the information of receiving confirmation to the management end server of the logistics company, so that the transportation flow is ended.
On the basis of the scheme, the working attributes comprise: working position, working time, working identity, equipment environment, etc.; the working time (time attribute) specifically refers to the working time of the staff member, such as 8:00-18:00 is working time, and the working time period is uploaded; the working position (position attribute) is uploaded in terms of longitude and latitude, and six valid digits are reserved; the working identity (authority attribute) refers to the post of a worker, if the working identity is a sorter, only the next station information can be obtained, and if the working identity is an administrator, more logistics information can be obtained; the identity attribute comprises a work number, a name and the like, and the work number, the name and the like are uploaded in a character string.
On the basis of the scheme, the encryption module and the key encapsulation module operate on the user mobile equipment and the logistics company management end server, the decryption module and the key decapsulation module operate on n handheld mobile equipment, the mobile scanning dialing module operates on the n handheld mobile equipment, and the initialization module and the key generation module operate on a trusted key generation mechanism.
On the basis of the scheme, the key packaging module, the key unpacking module, the encryption module, the decryption module, the initialization module and the key generation module adopt a CP-ABKE algorithm.
On the basis of the scheme, the key packaging module performs the following steps on the user mobile equipment:
1) Packaging the logistics information with the private information removed as Section1;
2) Generating a random number HN, performing a CP-ABKE algorithm by using longitude and latitude coordinates encryption of a receiver, generating a symmetric key, taking the key as an AES key, encrypting private information of a sender and the receiver, and taking the encrypted private information of the sender and the receiver, HN and order ID as Section2;
3) Calculating Hash (HN) =rn, encrypting all the logistics information by using a sender private key to form a digital signature of the sender, and encrypting the RN, the private information, the order ID and the sender digital signature by using a public key of a receiver to form a Section3;
And encrypting the Section1, the Section2 and the Section3 by using the public key provided by the logistics company management end server, and sending the encrypted public key to the logistics company management end server.
On the basis of the scheme, the private information comprises detailed addresses, telephone numbers, names and the like of the sender and the receiver; the logistics information includes a shipping site, a receiving site, and an order ID from which the detailed address is removed.
Based on the scheme, the digital signature algorithm is RSA-1024, and the Hash algorithm is MD5.
On the basis of the scheme, the encrypted two-dimensional code surface list consists of the order ID and the encrypted QR code, information on the encrypted two-dimensional code surface list can be obtained only when an authorized user scans the encrypted two-dimensional code surface list, and an unauthorized user cannot obtain the logistics information ciphertext even if the encrypted two-dimensional code surface list is obtained.
Based on the scheme, the order ID can be used for replacing a secret-carrying QR code when the secret-carrying two-dimensional code surface is stained or can not be scanned, the secret-carrying QR code comprises encrypted private information, digital signatures and the like, and the logistic company management end server carries out hierarchical encryption on logistic information and remark information, wherein the remark information comprises price-keeping information, payment information and the like, and the secret-carrying QR code is encrypted by using a national secret algorithm.
On the basis of the scheme, the logistics company management end server stores the logistics information identification after hierarchical encryption in the encrypted two-dimensional code face list, and personnel with different working attributes can scan the same encrypted two-dimensional code face list to acquire different information from the logistics company management end server.
On the basis of the scheme, the attribute private key is used for decrypting the information on the encrypted two-dimensional code face list.
On the basis of the scheme, a sender encrypts private information at the mobile equipment of the user and then sends the encrypted private information to the management end server of the logistics company, a worker cannot acquire the private information at the management end server of the logistics company, and only the sender n at the last section of the transportation stage can decrypt the private information through the attribute of the sender n.
Based on the scheme, the specific operation of carrying out hierarchical encryption on the logistics information is as follows: let the logistics site that passes be M1, M2, mn, before the logistics parcel reaches last site, the longitude and latitude coordinate of next logistics site is specifically referred to the logistics information that encrypts next site's information to guarantee that the staff at each station can only obtain next station information.
The system combines a CP-ABKE, an identity verification technology and a two-dimensional code technology to provide a new logistics privacy protection system, and designs an information access authority control mechanism based on attributes by combining hierarchical encryption and a two-dimensional code scanning decryption technology to realize the protection of internal user information.
The invention has the following advantages and positive effects:
1. in the system, the private information of the user is encrypted through the attribute, and only staff conforming to the attribute can decrypt the acquired information, namely, only the last dispatcher can acquire the private information of the user in a designated position and in a limited time. Compared with the conventional system that the logistics company management end can access the private information of the user at will, the logistics company management end server in the system cannot acquire the private information of the user, and the potential safety hazard that personnel in the logistics company leak the private information of the user in batches is eliminated.
2. The system realizes access control to the courier through multiple attributes, and the courier can log in the app only when the attributes such as the working attribute, the identity attribute and the like are successfully verified. Compared with the conventional system which only performs access control through the password, the system uses multiple attributes to identify the identity of the courier, and solves the problem of data leakage caused by password leakage or impossibility of the courier.
3. In the system, the logistics information and the private information are stored by the encrypted two-dimensional code face list, and only the authorization equipment of an authorized user can scan the code to acquire the effective information. Compared with the traditional system that the plaintext face list directly exposes the user privacy information, the system loads the two-dimensional code face list, so that the potential safety hazard that the plaintext face list reveals the user privacy is eliminated.
4. The system uses hierarchical encryption technology, and each station can only acquire information of the next station in the transportation process. Compared with the traditional system that all transport participants can acquire transport information, the system greatly reduces the range of information circulation in the transport process, and eliminates the potential safety hazard of revealing user privacy in the transport process.
5. In the distribution process of the system, fine granularity control of the position attribute of the courier is realized by acquiring longitude and latitude coordinates, and when the courier enters a certain range of a receiver, the contact way and the detailed address of the receiver are unlocked, so that the transportation difficulty of the last kilometer is solved.
6. The system uses digital signature in the delivery and receiving stages, realizes traceability of package sources, and can authenticate the package sources, compared with the traditional system direct delivery, the system realizes 'person concurrent verification', solves the traceability of goods and the verifiability of receivers under the condition of unknown private information of the receivers, and solves the problem of false signing in the traditional logistics system.
The CP-ABKE algorithm is based on bilinear pairing operation, is an advanced public key algorithm, and is not feasible for violent cracking.
8. The system is based on the existing equipment design in the current logistics industry, and has low transplanting cost and low equipment transformation cost.
Drawings
The invention has the following drawings:
FIG. 1 is a schematic flow chart of the system.
Fig. 2 is a schematic diagram of an encryption flow at the order generation stage.
Fig. 3 is a schematic flow chart of the process of obtaining the attribute private key by the employee.
FIG. 4 is a schematic diagram of encryption and decryption of the CP-ABE algorithm.
Fig. 5 is a flow chart of the modules of the transportation process.
Fig. 6 is a schematic diagram of a two-dimensional code face sheet.
Fig. 7 is a schematic diagram of user information flow in a conventional logistics system.
Fig. 8 is a schematic diagram of user information flow in the present system.
Fig. 9 is a graph of the encryption algorithm overhead of the present system.
Fig. 10 is an encryption time test chart of the system.
Fig. 11 is a schematic flow chart of the system.
Detailed Description
The invention is described in further detail below with reference to fig. 1-11.
The invention provides a logistics privacy protection system based on ciphertext policy attribute base key package, which is described in detail below with reference to the accompanying drawings:
as shown in fig. 1, the system is composed of a trusted key generating mechanism, a logistics company management end server, n handheld mobile devices and user mobile devices.
The user mobile equipment is used by a sender and a receiver, and an app is arranged on the user mobile equipment;
the hand-held mobile equipment is used by logistics staff, the 1 st hand-held mobile equipment is used by an express delivery person 1, the 2 nd hand-held mobile equipment is used by an express delivery person 2, … …, the n-1 th hand-held mobile equipment is used by an express delivery person n-1, the n-th hand-held mobile equipment is used by a dispatch person n, and an app is arranged on the hand-held mobile equipment;
the app is internally provided with an order initialization module, a retrieval module, a receiving module and a mobile scanning dialing module; the order initialization module comprises an encryption module and a key encapsulation module; the retrieval module and the receiving module both comprise a decryption module and a key unpacking module; the order initialization module is deployed on the user mobile equipment, and the retrieval module, the receiving module and the mobile scanning dialing module are deployed on n handheld mobile equipment;
the trusted key generation mechanism is provided with an initialization module and a key generation module;
the logistics company management end server is provided with an information processing module, wherein the information processing module comprises an encryption module and a key encapsulation module;
the encryption module and the key encapsulation module operate on the user mobile equipment and the logistic company management end server, the decryption module and the key decapsulation module operate on n handheld mobile equipment, the mobile scanning dialing module operates on the n handheld mobile equipment, and the initialization module and the key generation module operate on a trusted key generation mechanism.
The key encapsulation module, the key decapsulation module, the encryption module, the decryption module, the initialization module and the key generation module adopt a CP-ABKE algorithm.
The n handheld mobile devices are respectively communicated with a logistics company management end server and a trusted key generation mechanism, the user mobile devices are respectively communicated with the trusted key generation mechanism and the logistics company management end server, the logistics company management end server is communicated with the trusted key generation mechanism, and the user mobile devices are also communicated with the n handheld mobile devices.
After generating an order for a sender (sender), the main flow sends the processed order to an administrator (a management end server of a logistics company), and the administrator returns a QR code secret face list (secret two-dimensional code face list) after planning a path, so that the logistics package starts to be transported; each level of couriers needs to apply an attribute private key to a trusted key generation mechanism in advance, and the trusted key generation mechanism distributes the corresponding attribute private key to the couriers according to the received working attribute; after receiving the logistics package, the courier scans the QR code carrying secret surface sheet on the surface of the logistics package, verifies the working attribute of the courier, and after the verification is completed, the manager sends a corresponding ciphertext to the courier, and the courier decrypts the ciphertext through the attribute private key to complete transportation; the last distributor (dispatcher) decrypts the specific information of the receiver (receiver) through the attribute private key, and completes distribution after verification with the receiver.
As shown in fig. 11, the specific flow is as follows:
step one: the method comprises the steps that a worker of a logistics company submits working attributes such as a working position, working time, working identity, equipment environment and the like to a trusted key generation mechanism to apply for an attribute private key; after the trusted key generation mechanism verifies the authenticity of the working attribute submitted by the staff, a Key Gen algorithm in a CP-ABKE encryption algorithm is used for generating a corresponding attribute private key for the staff and sending the attribute private key to the staff, and the attribute private key is stored in a handheld mobile device used by the staff. When the staff of the logistics company registers, the trusted key generation mechanism can generate a corresponding public and private key pair for each staff and is arranged in the handheld mobile equipment of the logistics staff. The trusted key generation mechanism should be responsible for managing the attribute private key to prevent key leakage or loss.
The method comprises the steps that a sender and a receiver register on an app of a user mobile device, meanwhile, a trusted key generation mechanism generates corresponding public and private key pairs for the sender and the receiver and is arranged in the user mobile device, app accounts of the sender and the receiver bind the public and private key pairs issued by the trusted key generation mechanism, and the receiver sends own public keys to the sender;
The trusted key generation mechanism also issues a corresponding public and private key pair for a management end server of the logistics company, and the management end server of the logistics company can send the public key of the management end server of the logistics company to a sender;
staff participating in the logistics transportation flow logs in the app through the identity attribute and the working attribute, and can log in the app only after the working attribute and the identity attribute are successfully verified; the operational attributes include: working position, working time, working identity, equipment environment, etc.; the working time (time attribute) specifically refers to the working time of the staff member, such as 8:00-18:00 is working time, and the working time period is uploaded; the working position (position attribute) is uploaded in terms of longitude and latitude, and six valid digits are reserved; the working identity (authority attribute) refers to the post of a worker, if the working identity is a sorter, only the next station information can be obtained, and if the working identity is an administrator, more logistics information can be obtained; the identity attribute comprises a work number, a name and the like, and the work number, the name and the like are uploaded in a character string.
Step two: the sender fills in logistics information on the mobile equipment of the user, and a key packaging module arranged in the mobile equipment of the user executes the following steps:
1) Packaging the logistics information with the private information removed as Section1;
2) Generating a random number HN, performing a CP-ABKE algorithm by using longitude and latitude coordinates encryption of a receiver, generating a symmetric key, taking the key as an AES key, encrypting private information of a sender and the receiver, and taking the encrypted private information of the sender and the receiver, HN and order ID as Section2;
3) Calculating Hash (HN) =rn, encrypting all the logistics information by using a sender private key to form a digital signature of the sender, and encrypting the RN, the private information, the order ID and the sender digital signature by using a public key of a receiver to form a Section3;
encrypting the Section1, the Section2 and the Section3 by using a public key of a management end server of the logistics company, and sending the encrypted public key to the management end server of the logistics company;
step three: after receiving order information submitted by a user, the logistics company management end server decrypts the order information by using a private key of the logistics company management end server, plans a logistics transportation path according to the logistics information in the Section1, and after the path planning is completed, encrypts the logistics site information in a grading manner by using the attribute (position attribute, time attribute and authority attribute) of the logistics site on the path, and after the encryption is completed, codes the encrypted information into a secret two-dimensional code face list through a QR code and returns the secret two-dimensional code face list to a stock collector (courier 1). The consignor (courier 1) posts the secret two-dimensional code face sheet on the surface of the goods and gives the face sheet to the logistics delivery center to start transportation.
Step four: after receiving goods, staff in the logistics sorting center scans the loaded two-dimensional code face list by using handheld equipment and uploads the self working attribute to a management end server of a logistics company; the logistic company management end server verifies the received attribute and then sends a corresponding ciphertext for the logistic company management end server; after receiving the ciphertext, the employee generates a corresponding key through the private key of the employee, decrypts the ciphertext, acquires information of the next station, and sends goods to the next station.
Step five: after receiving goods, the logistics receiving center dispatcher scans the secret two-dimensional code face list and uploads the self working attribute to a logistics company management end server; after the physical distribution company management end server verifies the attribute, the encrypted private information ciphertext of the user is sent to the dispatcher, the dispatcher generates a corresponding key through the private key of the physical distribution company management end server, decrypts the private information of the user, dials the user telephone, and completes dispatching.
Step six: after receiving the goods, the receiver scans the two-dimensional code carrying sheet, decrypts the Section3 encrypted by the sender by using the private key of the receiver, and verifies the digital signature of the sender; the dispatcher can compare HN in Section2 with RN obtained by decryption of the addressee, so that the identity of the addressee is verified; and after verification is successful, the whole transportation stage is completed.
Through the steps, as only users and the last dispatcher can acquire the user privacy information, the user privacy information is decentralised in the logistics transportation process; the access control in the logistics transportation process is realized by carrying out hierarchical encryption on the logistics site; the information is stored in the encrypted two-dimensional code, so that the face bill information is hidden, and the character verification at the receiving stage is realized through the digital signature; the problem of revealing user privacy in the logistics process is solved from the multidimensional degree.
In the second step, the private information comprises detailed addresses, telephone numbers and names of senders and receivers, the logistics information comprises a delivery site, a receiving site and an order ID (identity) with the detailed addresses removed, a digital signature algorithm is RSA-1024, and a hash algorithm is MD5.
In the third step, the specific operation of encrypting the logistics information by the logistics company is as follows: let the logistics site that passes be M1, M2, mn, before the logistics parcel reaches last site, the logistics information that encrypts (M1, M2, mn-1) specifically refers to the longitude and latitude coordinate of next logistics site, namely encrypt the information of next site with the longitude and latitude coordinate of current site to guarantee that every station staff can only obtain next station information. The generated encrypted two-dimensional code can acquire effective information only when the authorized equipment of the logistics company scans.
In the fifth step, the information uploaded after the carrier of the logistics receiving center scans the encrypted two-dimension code includes: the self working attribute and the secret two-dimensional code information; the management end server of the logistics company needs to verify the authenticity of the employee attribute and send encrypted user private information to the management end server; when the dispatcher enters the specified receiving point diameter 1000m (namely, the longitude and latitude (xxx. Xx, xxx. Xx) remain two decimal places), and the longitude and latitude attribute and the time attribute used by the sender in encryption are consistent, the dispatcher can scan the code to dial the call of the recipient and acquire the detailed address to finish dispatching.
Sender processing order algorithm as shown in fig. 2, the sender needs to fill in the addresses, names and phones of the sender and the receiver, and the algorithm classifies the information into three categories: the logistics information, the final dispatch information and the user receiving information are information of express dispatch service provided for the logistics company, wherein the position of the information is accurate to the street, the information is selected by a sender to be completed when an order is created, and the information does not contain user sensitive information. The hierarchical address information is divided into provinces, city states, counties, and streets according to regions. Including sender hierarchical address information (AddSen) and recipient hierarchical address information (AddRec). The final dispatch information is provided to the courier (dispatcher) of the last link to complete the last kilometer delivery service, and includes the original address information filled in by the user, namely the complete specific address (DetAddSen) of the sender and the complete specific address (DetAddRec) of the recipient, the logistics number (IDOrder), the telephone numbers of the sender (PhoSen) and the receiver (PhoRec), and the verification code HN for verifying the identity of the receiver. The final dispatch information is attribute encrypted using the latitude and longitude coordinates of the recipient. The user receipt information is used for confirming receipt and specifying logistics information and is provided for the receiver. Specifically, the name of the sender (NamSen), the name of the receiver (NamRec), the phone of the sender (PhoSen), the phone of the receiver (PhoRec), the verification code and the original address information are included. User receipt information is entered using the public key of the recipient (PUBRec) The line is encrypted and decrypted only by the recipient. PRI (PRI) user Representing the private key of the user, PUB user Representing the user public key. The method comprises the following specific steps: the sender first generates a random number ID Order Namely, the unique logistics number of the express delivery represents the unique identification of the goods. Meanwhile, another random number RN is generated and hn=hash (RN) is calculated. Then, the sender encrypts all private information through the private key to obtain the electronic signature of the sender Sen . The sender packages the information in a classified way and adds the classified address information Sen 、Add Rec And ID Order Stored in Section 1 The method comprises the steps of carrying out a first treatment on the surface of the Specific address information Pho Sen 、Pho Rec 、ID Order And HN is stored in Section 2 In (a) and (b); finally, all private information and signature are processed Sen 、ID Order And RN is stored in Section 3 Among them.
The flow of acquiring the Attribute private key by the express delivery staff is shown in fig. 3, and the express delivery staff submits the working Attribute (Attribute) to the trusted key generation mechanism, including the working position, the working time, the working identity, the equipment environment and the like; after verifying the attribute authenticity, the trusted key generation mechanism generates a corresponding attribute private key SK through Keygen (Attribute) and returns the corresponding attribute private key SK to the courier.
The specific encryption and decryption process of the CP-ABE algorithm is shown in fig. 4, in the sample, public key PK and encryption attribute s= { BUAA, HD, beijin } are used to encrypt plaintext m=hellobuaa, and ciphertext C is obtained after encryption; if the decryption attribute S 'contains the encryption attribute S during decryption, the decryption can be successfully performed, and if the decryption attribute S' does not satisfy the encryption attribute S, the decryption cannot be performed.
Because the CP-ABE encryption and decryption algorithm is directly used, the time cost is high, only specific messages can be encrypted, and all messages cannot be encrypted, in the system, the CP-ABKE algorithm is used for completing key negotiation, namely, an empty message is encrypted through the CP-ABE algorithm according to encryption attributes to generate a ciphertext M, the key K is obtained after the encryption of the ciphertext M is carried out, the key K is used as an AES key for encrypting the information, after the ciphertext is received by a receiver, the decryption algorithm is carried out on the empty message through the self attribute S and the private key SK to generate a message M', if the decryption attribute is matched with the encryption attribute, the corresponding key K is generated after the encryption attribute is subjected to the Hash, and the AES decryption is carried out by using the key.
In the transportation process, the flow chart of each module is shown in fig. 5, an order initialization module is deployed on the mobile equipment of the user and is responsible for generating an order ciphertext, the order initialization module inputs the order information plaintext and outputs the order information ciphertext, and the order information is sent to a management end server of a logistics company after passing through the initialization module. The encryption module is deployed at a management end server of the logistics company and is mainly responsible for encrypting logistics information, the encryption module inputs logistics information such as order distribution paths, site number and the like, and the logistics information ciphertext encrypted by the grading attribute is output. The retrieval module is deployed on the mobile equipment of the courier and is mainly responsible for decrypting the logistics information ciphertext by using the attribute private key of the courier, and the retrieval module inputs the logistics information ciphertext and outputs the decrypted logistics information ciphertext. The receiving module is deployed on the mobile device of the courier and is mainly responsible for receiving the package, and the receiving module inputs the last section of logistics information ciphertext and outputs the last section of logistics information ciphertext as a delivery target.
In the system, as shown in fig. 6, a secret two-dimensional code face list mainly comprises an order ID and a secret QR code, wherein the order ID can be used as a substitute for the secret QR code when the secret two-dimensional code is stained or can not be scanned, and the secret QR code content comprises logistics information such as a transportation path, distribution information and the like; private information such as user detailed address, user phone, user name, etc.; the price-keeping information, payment information and other remark information are encrypted by using a secret code algorithm, and the information can be obtained only when authorized equipment scans.
In the current logistics system, as shown in fig. 7, after user private information is uploaded to a management end of a logistics company, a manager of the logistics company can easily obtain the user private information, participants in the transportation process can also obtain the user private information, and leakage paths of the user private information are numerous, so that hidden dangers are extremely large.
The user private information circulation condition in the system is shown in fig. 8, the user information is divided into private information and logistics information, the private information is locally encrypted by using the attribute of a receiver, the logistics information is encrypted by using the public key of a management end server of a logistics company, and the management end server of the logistics company can only acquire the logistics information and can not acquire the user private information. Only the last distributor conforming to the encryption attribute can decrypt the private information of the user through the attribute private key, so that the risk of revealing the private information of the user is greatly reduced, and the hidden danger of revealing the private information of the user by personnel in the logistics company is eliminated.
The cost of the CP-ABKE encryption algorithm of the system is shown in fig. 9, the time cost of testing the CP-ABKE encryption and decryption and the key generation function by using different attribute sets is shown, the key generation module is the module with the largest cost, and part of the calculation cost is born by a trusted key generation mechanism, so that the calculation pressures of mobile equipment and a logistics company management end server are greatly reduced, when the CP-ABKE encryption and decryption are carried out by using 10 attributes, the encryption and decryption time is less than 1s, wherein the time consumption of the CP-ABKE encryption operation executed by the logistics company management end server is less than 1s, and the time consumption of the CP-ABKE decryption operation executed by the mobile equipment is less than 0.3s.
Fig. 10 is a diagram for simulating encryption and decryption time overhead in the logistics transportation process of the system, and the abscissa represents the number of trials, wherein encryption and decryption of CP-ABKE and encryption of AES occupy most of the time overhead. While the time overhead of AES decryption and MD5 is small. Under the normal use condition, the use attributes are about 5, the encryption time is about 0.25s, the decryption time is about 0.06s, and the use requirements of the normal logistics transportation process can be met.
Table 1 is a security comparison table of the system and the traditional system, and from the logistic processes of the form of face list information, the encrypted data mode and the like, whether the attack modes of eavesdropping attack, content leakage attack, camouflage attack, collusion attack and the like and the security targets of data confidentiality, data integrity, non-repudiation, traceability, access control and the like can be resisted, the advantages and disadvantages of the system and the traditional system are compared, and from analysis, the system can realize protection of private information in the whole process, resist various attacks and is high in security.
Table 1 is a comparison table of the security of the present system and the conventional system
Figure BDA0003142136970000171
What is not described in detail in this specification is prior art known to those skilled in the art.

Claims (10)

1. The utility model provides a commodity circulation privacy protection system based on ciphertext policy attribute base key encapsulation which characterized in that includes: the system comprises a trusted key generation mechanism, a logistics company management end server, n handheld mobile devices and user mobile devices;
the user mobile equipment is used by a sender and a receiver, and an app is arranged on the user mobile equipment;
the hand-held mobile equipment is used by logistics staff, the 1 st hand-held mobile equipment is used by an express delivery person 1, the 2 nd hand-held mobile equipment is used by an express delivery person 2, … …, the n-1 th hand-held mobile equipment is used by an express delivery person n-1, the n-th hand-held mobile equipment is used by a dispatch person n, and an app is arranged on the hand-held mobile equipment;
the app is internally provided with an order initialization module, a retrieval module, a receiving module and a mobile scanning dialing module; the order initialization module comprises an encryption module and a key encapsulation module; the retrieval module and the receiving module both comprise a decryption module and a key unpacking module; the order initialization module is deployed on the user mobile equipment, and the retrieval module, the receiving module and the mobile scanning dialing module are deployed on n handheld mobile equipment;
The trusted key generation mechanism is provided with an initialization module and a key generation module;
the logistics company management end server is provided with an information processing module, wherein the information processing module comprises an encryption module and a key encapsulation module;
the n handheld mobile devices are respectively communicated with a logistics company management end server and a trusted key generation mechanism, the user mobile devices are respectively communicated with the trusted key generation mechanism and the logistics company management end server, the logistics company management end server is communicated with the trusted key generation mechanism, and the user mobile devices are also communicated with the n handheld mobile devices;
the staff participating in the logistics transportation flow registers on the app of the handheld mobile device, and submits the corresponding working attributes to the trusted key generation mechanism so as to apply for the attribute private key;
the trusted key generation mechanism verifies the working attribute of each worker, after the verification is passed, the trusted key generation mechanism is initialized through the initialization module, and then the attribute private key corresponding to each worker is generated through the key generation module and distributed to the handheld mobile equipment of the corresponding worker;
the trusted key generation mechanism also generates a corresponding public and private key pair for staff participating in the logistics transportation process and is arranged in the handheld mobile equipment;
The method comprises the steps that a sender and a receiver register on an app of a user mobile device, meanwhile, a trusted key generation mechanism generates corresponding public and private key pairs for the sender and the receiver and is arranged in the user mobile device, app accounts of the sender and the receiver bind the public and private key pairs issued by the trusted key generation mechanism, and the receiver sends own public keys to the sender;
the trusted key generation mechanism also issues a corresponding public and private key pair for a management end server of the logistics company, and the management end server of the logistics company can send the public key of the management end server of the logistics company to a sender;
staff participating in the logistics transportation flow logs in the app through the identity attribute and the working attribute, and can log in the app only after the working attribute and the identity attribute are successfully verified;
the sender logs in an app on a user mobile device, fills in logistics information on the user mobile device, generates an order, encrypts sender and recipient private information locally by using longitude and latitude coordinates of a recipient, signs a logistics package by using a Hash function and a private key of the sender, encrypts the encrypted private information, the encrypted signature and the logistics information by using a public key provided by a logistics company management end server, and then encapsulates the encrypted private information, the encrypted signature and the logistics information to be sent to the logistics company management end server;
The logistics company management end server receives an order initiated by a sender, decrypts the order by using a private key of the logistics company management end server after receiving the order, plans a transportation path through logistics information submitted by the sender, takes longitude and latitude coordinates of a logistics site on the transportation path as position attributes, takes normal working time of the logistics site as time attributes and takes working identity of a logistics worker as authority attributes, encrypts logistics information in a grading manner by using the attributes, returns a secret two-dimensional code face order, and the courier 1 posts the secret two-dimensional code face order on the surface of a logistics package and gives the secret two-dimensional code face order to a logistics delivery center for starting transportation;
in the logistics sorting stage, the courier 2 uses the 2 nd handheld mobile equipment to scan the encrypted two-dimensional code face list and uploads the self working attribute to a logistics company management end server;
the logistic company management end server verifies the received working attribute and then sends a corresponding ciphertext for the logistic company management end server; after receiving the ciphertext, the 2 nd handheld mobile device generates a corresponding key through the attribute private key of the courier 2, decrypts the ciphertext, acquires information of the next station, and sends goods to the next station;
repeating the above operation until the logistics distribution stage;
In the logistics distribution stage, a dispatcher n uses an nth handheld mobile device to scan the encrypted two-dimensional code face list at a logistics site and uploads the self working attribute to a logistics company management end server;
the logistic company management end server verifies the received working attribute and then sends a corresponding ciphertext for the logistic company management end server; after receiving the ciphertext, the n-th handheld mobile device generates a corresponding key through the private key of the n-th handheld mobile device, decrypts the ciphertext, obtains a receiver address, and when the receiver address is within a certain range, the n-th handheld mobile device is used for scanning codes again, the n-th handheld mobile device generates a corresponding key through the private key of the n-th handheld mobile device, decrypts detailed information of the receiver, and sends a short message to the user mobile device or dials a telephone to contact the receiver;
in the logistics receiving stage, after receiving goods, a receiver uses a user mobile device to scan the encrypted two-dimensional code face list, uses a private key of the receiver to decrypt the digital signature of the sender, and verifies the digital signature of the sender; the sender n uses the n-th handheld mobile equipment to verify the digital signature of the sender decrypted by the receiver, and after the verification is completed, the receiver uses the user mobile equipment to send the information of receiving confirmation to the management end server of the logistics company, and the transportation flow is ended;
When the dispatcher enters the designated receiving point diameter of 1000m and is consistent with the longitude and latitude attribute and the time attribute used by the sender in encryption, the dispatcher can scan the code to dial the call of the recipient and acquire the detailed address to finish dispatching.
2. The ciphertext policy attribute based key packaged logistics privacy protection system of claim 1 wherein the operational attributes comprise: working position, working time, working identity and equipment environment; the working time refers to working time of staff and is uploaded in a working time period; uploading the working position in terms of longitude and latitude, and reserving six valid digits; the working identity refers to the post of a worker; the identity attribute comprises a job number and a name, which are uploaded in a character string.
3. The cryptographic policy attribute based key package-based logistics privacy protection system of claim 1, wherein the cryptographic module and key package module operate on a user mobile device and a logistics company management end server, the decryption module and key decapsulation module operate on n handheld mobile devices, the mobile scan dialing module operates on an nth handheld mobile device, and the initialization module and key generation module operate on a trusted key generation facility.
4. The system for protecting logistics privacy based on ciphertext policy attribute base key encapsulation as recited in claim 3, wherein the key encapsulation module, the key decapsulation module, the encryption module, the decryption module, the initialization module, and the key generation module employ a CP-ABKE algorithm.
5. The logistic privacy protection system based on ciphertext policy attribute-based key encapsulation of claim 3, wherein the key encapsulation module performs the following steps on the user mobile device:
1) Packaging the logistics information with the private information removed as Section1;
2) Generating a random number HN, performing a CP-ABKE algorithm by using longitude and latitude coordinates encryption of a receiver, generating a symmetric key, taking the key as an AES key, encrypting private information of a sender and the receiver, and taking the encrypted private information of the sender and the receiver, HN and order ID as Section2;
3) Calculating Hash (HN) =rn, encrypting all the logistics information by using the private key of the sender to form a digital signature of the sender, and encrypting the RN, the private information, the order ID and the digital signature of the sender by using the public key of the receiver to form a Section3;
section1, section2 and Section3 are encrypted using the public key provided by the logistic company management end server and sent to the logistic company management end server.
6. The ciphertext policy attribute based key packaged logistics privacy protection system of claim 5, wherein said private information comprises a sender's and recipient's detailed address, telephone number, and name; the logistics information includes a shipping site, a receiving site, and an order ID from which the detailed address is removed.
7. The system for protecting logistics privacy based on ciphertext policy attribute based key encapsulation of claim 5, wherein the digital signature algorithm is RSA-1024 and the hash algorithm is MD5.
8. The logistic privacy protection system based on ciphertext policy attribute base key package of claim 1, wherein the secret-carrying two-dimensional code face list consists of an order ID and a secret-carrying QR code, information on the secret-carrying two-dimensional code face list can be obtained only when an authorized user scans, and an unauthorized user can not obtain logistic information ciphertext even if the secret-carrying two-dimensional code face list is obtained.
9. The logistic privacy protection system based on ciphertext policy attribute base key package of claim 8, wherein the order ID can be used instead of a secret QR code when the secret two-dimensional code is single-stained or cannot be scanned, the secret QR code contains encrypted private information and a digital signature, logistic information and remark information after the logistic company management end server is classified and encrypted, the remark information comprises price insurance information and payment information, and the secret QR code is encrypted by using a national encryption algorithm.
10. The logistic privacy protection system based on ciphertext policy attribute base key package of claim 1, wherein the specific operation of performing hierarchical encryption on logistic information is: let pass-through logistics sites be M1, M2,..mn, before the logistics package reaches the last site, the encrypted logistics information specifically refers to longitude and latitude coordinates of the next logistics site.
CN202110743563.XA 2021-06-03 2021-06-30 Logistics privacy protection system based on ciphertext policy attribute base key encapsulation Active CN113645582B (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202110620217 2021-06-03
CN2021106202172 2021-06-03

Publications (2)

Publication Number Publication Date
CN113645582A CN113645582A (en) 2021-11-12
CN113645582B true CN113645582B (en) 2023-05-12

Family

ID=78416557

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110743563.XA Active CN113645582B (en) 2021-06-03 2021-06-30 Logistics privacy protection system based on ciphertext policy attribute base key encapsulation

Country Status (1)

Country Link
CN (1) CN113645582B (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107104969A (en) * 2017-04-27 2017-08-29 山西大学 The method that the individual privacy information in express delivery is protected with dynamic encryption mechanism
CN108573361A (en) * 2017-03-11 2018-09-25 唐亚洲 A kind of logistics system and implementation method of electronic management
WO2018232956A1 (en) * 2017-06-23 2018-12-27 深圳市盛路物联通讯技术有限公司 Logistics information processing method and system
CN110390207A (en) * 2019-06-26 2019-10-29 江苏大学 A kind of shopping online personal information method for secret protection and send method with charge free

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103177220B (en) * 2013-04-12 2016-02-17 成都市易恒信科技有限公司 Based on the method for carrying out personal information encryption in the logistics system of Quick Response Code
CN103401676B (en) * 2013-07-16 2016-06-29 中国人民解放军海军工程大学 Method based on the logistics personal information intimacy protection system of Quick Response Code
CN106557929A (en) * 2015-09-23 2017-04-05 阿里巴巴集团控股有限公司 Logistics information processing method and processing device
CN105719120B (en) * 2016-04-25 2019-11-15 成都木马人网络科技有限公司 A method of encryption express delivery list privacy information
CN106060016A (en) * 2016-05-19 2016-10-26 上海大学 Encryption logistic system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108573361A (en) * 2017-03-11 2018-09-25 唐亚洲 A kind of logistics system and implementation method of electronic management
CN107104969A (en) * 2017-04-27 2017-08-29 山西大学 The method that the individual privacy information in express delivery is protected with dynamic encryption mechanism
WO2018232956A1 (en) * 2017-06-23 2018-12-27 深圳市盛路物联通讯技术有限公司 Logistics information processing method and system
CN110390207A (en) * 2019-06-26 2019-10-29 江苏大学 A kind of shopping online personal information method for secret protection and send method with charge free

Also Published As

Publication number Publication date
CN113645582A (en) 2021-11-12

Similar Documents

Publication Publication Date Title
CN105719120B (en) A method of encryption express delivery list privacy information
CN104933371B (en) Logistics personal information intimacy protection system based on multi-layer security Quick Response Code
CN107104969B (en) Method for protecting personal privacy information in express by applying dynamic encryption mechanism
CN100374971C (en) Securing access to an application service based on a proximity token
US8499156B2 (en) Method for implementing encryption and transmission of information and system thereof
CN106453268B (en) A method of realizing express delivery secret protection in logistics progress
CN105554032B (en) A kind of identity real name verification method and verification system for posting part based on express delivery
CN105354693A (en) Logistics industry-oriented system and method for cascade protection of user privacy information
CN110543785B (en) Logistics processing method, device and system based on block chain
CN105656920B (en) A kind of encryption and decryption method and system for posting number of packages evidence based on express delivery
CN1835434B (en) Electronic mail system and method based on CPK safety authentication
CN107437159A (en) A kind of intelligent express system of overall process secret protection, method and device
CN105450395A (en) Information encryption and decryption processing method and system
CN107437105B (en) Multi-role full-scene NFC and QR code safe express delivery system and use method
CN111369338B (en) Data processing method and device based on block chain
US20080130876A1 (en) Method for Private-Key Encryption of Messages, and Application to an Installation
CN1451213A (en) Systems and methods for authenticating an electronic message
CN107333262A (en) A kind of system and method based on CN39 code authentication phone numbers
CN106127441A (en) A kind of network system preventing personal information from leaking and implementation method
CN103973714A (en) E-mail account generating method and system
CN108710931B (en) Mailing address information privacy protection method based on two-dimensional code
CN105490814B (en) A kind of ticketing service real name identification method and system based on three-dimension code
WO2024114095A1 (en) Data transmission control method and apparatus, electronic device, and readable storage medium
CN113645582B (en) Logistics privacy protection system based on ciphertext policy attribute base key encapsulation
CN111080185A (en) Privacy protection express delivery and pickup system and method based on intelligent contract

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant