CN114338014B - Safety reporting method, device and system for environmental supervision and law enforcement - Google Patents
Safety reporting method, device and system for environmental supervision and law enforcement Download PDFInfo
- Publication number
- CN114338014B CN114338014B CN202210003100.4A CN202210003100A CN114338014B CN 114338014 B CN114338014 B CN 114338014B CN 202210003100 A CN202210003100 A CN 202210003100A CN 114338014 B CN114338014 B CN 114338014B
- Authority
- CN
- China
- Prior art keywords
- public key
- numerical value
- reporter
- public
- public keys
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention relates to the technical field of information security, and discloses a security reporting method, device and system for environmental supervision and law enforcement. The safe reporting scheme capable of fuzzily and hiding the information of the reporters in the reporting process is provided by the invention, the authenticity of the source of the reported information can be ensured, and meanwhile, the public key of the reporters is fuzzily and hidden as much as possible, so that the information of the reporters is not easily acquired, the worry that the information of the reporters may be leaked by the masses on the environment supervision comprehensive law enforcement reporting platform is powerfully eliminated, the reporting enthusiasm of the people is favorably improved, the environment supervision law enforcement resistance is reduced, the full development of the environmental protection industry is promoted, and the practical application and the popularization are facilitated.
Description
Technical Field
The invention belongs to the technical field of information security, and particularly relates to a security reporting method, device and system for environmental supervision and law enforcement.
Background
The environmental supervision is a specific, direct and microscopic environmental protection law enforcement behavior, is one of the main ways for the environmental protection administrative department to implement unified supervision and strengthen law enforcement, and is an important measure for implementing environmental supervision and management under the market economic condition. The main task of environmental monitoring is to carry out on-site supervision and inspection on pollutant emission conditions of pollution sources in jurisdictions and ocean and ecological destruction events and participate in processing in accordance with laws under the leadership of ecological environment departments of all levels of people governments, wherein law enforcement behaviors are mainly carried out in jurisdictions governed by environmental administration departments, and generally, law enforcement cannot be carried out in a cross-region directly among levels. Because the environment monitoring and law enforcement has the characteristics of wide scope of jurisdictions, various types, daily supervision and the like, the illegal behaviors are discovered and collected evidence only by an environment administration department, so that the law enforcement is inevitably not caught, difficult to sing and limited in effect, and the heat tide of the participation of the masses must be fully raised, so that an environment monitoring comprehensive law enforcement reporting platform is necessary to be provided based on the internet technology to encourage the masses to actively collect and report the evidence of the pollutant emission condition of pollution sources and the environment-friendly illegal information such as ocean and ecological damage events, and further assist the law enforcement department to effectively solve the difficult discovery and difficult evidence collection problems in the law enforcement process.
However, in real life, people often worry about the problem that the information of the reporting person (or the reporting person or the complainer) is leaked on the reporting platform, so that the reporting enthusiasm is not high, and the existing environmental monitoring and law enforcement has great resistance, so how to hide the information of the reporting person while ensuring the authenticity of the source of the reporting information is not easily obtained is a problem that needs to be researched urgently by technical personnel in the field.
Disclosure of Invention
In order to eliminate the concern that the information of the reporters may be leaked by the masses on the environment supervision comprehensive law enforcement reporting platform and solve the problems of low reporting enthusiasm and high resistance to environment supervision law enforcement, the invention aims to provide a safety reporting method, device, system, computer equipment and computer readable storage medium for environment supervision law enforcement, which can ensure the authenticity of the source of the reporting information, simultaneously can not easily acquire the information of the reporters by carrying out fuzzy and hiding processing on public keys of the reporters as much as possible, powerfully eliminate the concern that the information of the reporters may be leaked by the masses on the environment supervision comprehensive law enforcement reporting platform, are favorable for improving the reporting enthusiasm of the masses, reduce the resistance to environment supervision law enforcement, promote the full development of the environmental protection industry, and are convenient for practical application and popularization.
In a first aspect, the present invention provides a security reporting method for environmental monitoring and law enforcement, which is applicable to interactive execution between a platform server and a reporter terminal, and includes:
sending a safe report request message to a platform server by a reporter terminal;
after receiving the security report request message, a platform server triggers and randomly generates a unique numerical value in a local enclave trusted execution environment based on an SGX technology, and screens out a plurality of registrar public keys from all registrar public keys, wherein the unique numerical value is a natural number greater than zero, and all the registrar public keys are stored in the enclave trusted execution environment;
feeding back a security report response message corresponding to the security report request message to the reporter terminal by the platform server, wherein the security report response message comprises the unique numerical value encrypted by using a reporter public key and the plurality of registrars public keys;
by the platform server in the enclDetermining a public key sequence number according to the unique numerical value and the total number of the public keys of the registrars in an ave trusted execution environment, and then inserting the reporter public key into the registrars public keys according to the public key sequence number to obtain a public key set PK = { PK 1 ,PK 2 ,…,PK i ,…PK n-1 ,PK n ,PK n+1 ,…,PK m+1 And binding and storing the unique numerical value and the public key set PK, wherein m represents the total number of public keys of the plurality of registrars, i represents a natural number and i belongs to [1, m +1 ]],PK i Represents the ith public key in the public key set PK, n represents the serial number of the public key and n = mod (d, m) +1,d represents the unique numerical value, mod () represents the remainder function, PK n Representing the publisher public key;
after receiving the safe reporting response message, the reporter terminal decrypts by using a reporter private key corresponding to the reporter public key to obtain the unique numerical value and the plurality of registrars public keys;
determining the public key serial number according to the unique numerical value and the public key total number of the plurality of registrars public keys by the publisher terminal, and inserting the publisher public key into the plurality of registrars public keys according to the public key serial number to obtain the public key set PK;
randomly generating a plurality of numerical values corresponding to the public keys of the registrars one by an announcing person terminal;
encrypting by the reporter terminal by using the corresponding public key for each numerical value in the plurality of numerical values to obtain a corresponding ciphertext;
carrying out Hash algorithm processing on the generated report information by a report terminal to obtain a first Hash value;
determining a ciphertext c by the publisher terminal according to the following signature verification equation n :
Wherein SE () represents the pair of the first hash valueSymmetric encryption algorithm of the symmetric key, c i Representation and public key PK i A corresponding ciphertext, d representing the unique numerical value;
using, by the presenter terminal, the presenter private key pair to the ciphertext c n Decrypting to obtain the public key PK of the reporter n Corresponding numerical value r n ;
Sending the value r by the terminal of the newspaper publisher according to the serial number of the public key n Inserting into the plurality of numerical values to obtain a set of numerical values R = { R = } 1 ,r 2 ,…,r i ,…,r n-1 ,r n ,r n+1 ,…,r m+1 Wherein r is i Represents the ith numerical value in the numerical value set R;
uploading a report message to the platform server by a reporter terminal, wherein the report message is a message without a sending address and comprises the report information which is not encrypted by using the reporter private key, the unique numerical value and the numerical value set R;
after receiving the report message, the platform server sends the report message into the enclave trusted execution environment;
finding the bound public key set PK in the enclave trusted execution environment by the platform server according to the unique numerical value, carrying out hash algorithm processing on the reported information to obtain a second hash value, and judging the following signature verification equation:
when the establishment is established, accepting the report information, wherein SE' () represents a symmetric encryption algorithm using the second hash value as a symmetric key, and c i ' denotes a ciphertext obtained by encrypting the ith number in the set of values R using the ith public key in the set of public keys PK.
Based on the invention content, a safe reporting scheme capable of fuzzily and hiding the information of the reporters in the reporting process is provided, namely, before formal reporting, a reporter terminal can trigger a platform server to generate a unique numerical value and screen out a plurality of registrant public keys for participating in the fuzzy reporter public key in an SGX technology-based enclave trusted execution environment through first interaction, the unique numerical value and the plurality of registrant public keys are encrypted and fed back to the reporter terminal, then, when the formal reporting is carried out, the reporter terminal generates group signature information based on the generated reporting information, the unique numerical value and the plurality of registrant public keys, and finally, the reporting information, the unique numerical value and the group signature information are uploaded in a clear text, so that the platform server can carry out source authenticity verification on the received reporting information according to the unique numerical value, the plurality of registrant public keys, the trusted public key and the group signature information in the enclave execution environment, the source authenticity of the reporting information is ensured, the fuzzy and hidden processing on the reporters are not easily obtained, the public key is easily obtained, the environmental protection and the application of the public key is facilitated, and the development of the environmental protection and the environmental protection of the reporting information is promoted.
In one possible design, the screening of the plurality of registrant public keys from all registrant public keys comprises:
and randomly screening m ' registrant public keys from all registrants public keys to serve as a plurality of registrants public keys according to the reporter fuzzy number m ' which is specified by the reporter in the security report request message, wherein all the registrants public keys are stored in the enclave trusted execution environment, and m ' is a natural number not less than ten.
In one possible design, screening the plurality of registrant public keys from all the registrant public keys includes:
according to the reporter fuzzy condition which is in the safety reporting request message and is designated by a reporter, finding at least one historical public key set which meets the reporter fuzzy condition and corresponds to at least one piece of historical accepted reporting information one by one from a historical reporting record, wherein the reporter fuzzy condition comprises an environmental surveillance law enforcement jurisdiction, an environmental surveillance law enforcement type and/or an environmental surveillance law enforcement period, the historical public key set comprises partial registrant public keys in all registrant public keys, and all the registrant public keys are stored in the enclave trusted execution environment;
and taking out all public keys from the at least one historical public key set to obtain a plurality of registrars public keys.
In one possible design, after accepting the reporting information, the method further includes:
binding and storing the unique value and a first timestamp in the enclave trusted execution environment, wherein the first timestamp comprises a receiving timestamp of the security reporting request message and/or a sending timestamp of the security reporting response message;
after the report information is verified and a reward payment request message from the reporter terminal is received, sending the reward payment request message into the enclave trusted execution environment, wherein the reward payment request message comprises the unique numerical value and a second timestamp encrypted by using the reporter private key, and the second timestamp is recorded by the reporter terminal and comprises a sending timestamp of the safety report request message and/or a receiving timestamp of the safety report response message;
decrypting and acquiring the unique value and the second timestamp by using the reporter public key in the enclave trusted execution environment, and then finding the bound first timestamp according to the unique value so as to respond to the reward payment request message when the absolute difference value between the first timestamp and the second timestamp is judged to be smaller than a preset threshold value: the prize is reported upon payment.
The invention provides a safety reporting device for environmental supervision and law enforcement, which is arranged on a platform server and comprises a request triggering module, a message sending module, a binding storage module, a message transferring module and a signature verification module;
the request triggering module is used for triggering and randomly generating a unique numerical value in a local enclave trusted execution environment based on an SGX technology after receiving a security reporting request message from a reporter terminal, and screening a plurality of registrar public keys from all registrar public keys, wherein the unique numerical value is a natural number greater than zero, and all the registrar public keys are stored in the enclave trusted execution environment;
the message sending module is in communication connection with the request triggering module and is used for feeding back a security report response message corresponding to the security report request message to the reporter terminal, wherein the security report response message comprises the unique numerical value encrypted by using a reporter public key and the plurality of registrars public keys;
the binding storage module is in communication connection with the request triggering module and is used for determining a public key serial number according to the unique numerical value and the total number of the public keys of the registrars in the enclave trusted execution environment, and then inserting the reporter public key into the registrars public key according to the public key serial number to obtain a public key set PK = { PK = 1 ,PK 2 ,…,PK i ,…PK n-1 ,PK n ,PK n+1 ,…,PK m+1 And binding and storing the unique numerical value and the public key set PK, wherein m represents the total number of public keys of the plurality of registrars, i represents a natural number and i belongs to [1, m +1 ]],PK i Represents the ith public key in the public key set PK, n represents the serial number of the public key and has n = mod (d, m) +1,d representing the unique numerical value, mod () represents a complementation function, PK n Representing the publisher public key;
the message transfer module is configured to send the report message to the enclave trusted execution environment after receiving the report message from the reporter terminal, where the report message is a message without a sending address and includes report information that is not encrypted by using a reporter private key, the unique numerical value, and a numerical value set, and the numerical value set is obtained by the reporter terminal according to the following manner: after receiving the safety report response message, decrypting by using a report private key corresponding to the report public key to obtain the unique numerical value and the plurality of registrars public keys; firstly, determining the public key sequence number according to the unique numerical value and the total number of the public keys of the registrantsThen, inserting the public key of the reporter into the public keys of the multiple registrars according to the serial number of the public key to obtain the public key set PK; randomly generating a plurality of numerical values which correspond to the public keys of the registrants one by one; encrypting each numerical value in the plurality of numerical values by using a corresponding public key to obtain a corresponding ciphertext; carrying out Hash algorithm processing on the reported information to obtain a first Hash value; determining the ciphertext c according to the signature verification equation n :
Wherein SE () represents a symmetric encryption algorithm using said first hash value as a symmetric key, c i Representation and public key PK i A corresponding ciphertext; using the publisher private key to pair the ciphertext c n Decrypting to obtain the public key PK of the reporter n Corresponding value r n (ii) a The value r is obtained according to the public key sequence number n Inserting into the plurality of numerical values, resulting in the set of numerical values R = { R = { (R) } 1 ,r 2 ,…,r i ,…,r n-1 ,r n ,r n+1 ,…,r m+1 In which r is i Represents the ith numerical value in the numerical value set R;
the signature verification module is respectively in communication connection with the message transfer module and the binding storage module, and is configured to find the bound public key set PK according to the unique value in the enclave trusted execution environment, perform the hash algorithm processing on the report information, obtain a second hash value, and determine the following signature verification equation:
when the establishment is established, accepting the report information, wherein SE' () represents a symmetric encryption algorithm using the second hash value as a symmetric key, and c i ' denotes a ciphertext obtained by encrypting the ith number in the set of values R using the ith public key in the set of public keys PK.
In a third aspect, the present invention provides another security reporting apparatus for environmental surveillance and law enforcement, arranged at a terminal of a reporter, comprising a message sending module, a message receiving module, a message decrypting module, a set obtaining module, a random number generating module, a numerical value encrypting module, a hash processing module, a ciphertext determining module, a ciphertext decrypting module and a numerical value inserting module;
the message sending module is used for sending a security report request message to a platform server so that the platform server can trigger and randomly generate a unique numerical value in a local SGX technology-based enclave trusted execution environment, and screen out a plurality of registrant public keys from all registrant public keys, wherein the unique numerical value is a natural number greater than zero, and all the registrant public keys are stored in the enclave trusted execution environment;
the message receiving module is configured to receive a security report response message which is fed back by the platform server and corresponds to the security report request message, where the security report response message includes the unique numerical value encrypted by using a reporter public key and the plurality of registrants public keys;
the message decryption module is in communication connection with the message receiving module and is used for decrypting by using an issuer private key corresponding to the issuer public key to obtain the unique numerical value and the multiple registrars public keys;
the set acquisition module is in communication connection with the message decryption module and is used for determining a public key sequence number according to the unique numerical value and the total number of the public keys of the registrars, and then inserting the public key of the reporter into the public keys of the registrars according to the public key sequence number to obtain a public key set PK = { PK = 1 ,PK 2 ,…,PK i ,…PK n-1 ,PK n ,PK n+1 ,…,PK m+1 Where m denotes the total number of public keys of the registrars' public keys, i denotes a natural number and has i ∈ [1, m +1 ]],PK i Represents the ith public key in the public key set PK, n represents the serial number of the public key and n = mod (d, m) +1,d represents the unique numerical value, mod () represents the remainder function, PK n Presentation instrumentThe publisher public key;
the random number generation module is used for randomly generating a plurality of numerical values which are in one-to-one correspondence with the public keys of the registrants;
the numerical value encryption module is respectively in communication connection with the message decryption module and the random number generation module, and is used for encrypting each numerical value in the plurality of numerical values by using a corresponding public key to obtain a corresponding ciphertext;
the hash processing module is used for carrying out hash algorithm processing on the generated report information to obtain a first hash value;
the ciphertext determining module is respectively in communication connection with the message decrypting module, the set acquiring module, the numerical value encrypting module and the hash processing module and is used for determining a ciphertext c according to the following signature verification equation n :
Wherein SE () represents a symmetric encryption algorithm using said first hash value as a symmetric key, c i Representation and public key PK i A corresponding ciphertext;
the ciphertext decryption module is in communication connection with the ciphertext determination module and is used for using the reporter private key to the ciphertext c n Decrypting to obtain the public key PK of the reporter n Corresponding value r n ;
The value insertion module is in communication connection with the ciphertext decryption module and is used for inserting the value r according to the public key sequence number n Inserting into the plurality of numerical values to obtain a set of numerical values R = { R = } 1 ,r 2 ,…,r i ,…,r n-1 ,r n ,r n+1 ,…,r m+1 In which r is i Represents the ith numerical value in the numerical value set R;
the message sending module is in communication connection with the value inserting module, and is further configured to upload, to the platform server, a report message that has no sending address and includes the report information that is not encrypted by the reporter private key, the unique value, and the value set R, so that the platform server sends the report message to the enclave trusted execution environment after receiving the report message, finds the public key set PK that is pre-bound and obtained by locally inserting the reporter public key into the multiple registrants public keys according to the public key sequence number in the enclave trusted execution environment according to the unique value, and performs the hash algorithm processing on the report information to obtain a second hash value, and determines a signature verification equation as follows:
In a fourth aspect, the present invention provides a security reporting system for environment supervision law enforcement, including a platform server and a reporter terminal, wherein the platform server is configured to execute the security reporting method for environment supervision law enforcement, which is executed by the platform server and is designed according to the first aspect or any one of the first aspects, and the reporter terminal is communicatively connected to the platform server and is configured to execute the security reporting method for environment supervision law enforcement, which is executed by the reporter terminal and is designed according to the first aspect or any one of the first aspects.
In a fifth aspect, the present invention provides a computer device comprising a memory, a processor and a transceiver communicatively connected, wherein the memory is used for storing a computer program, and the transceiver is used for transmitting and receiving information, and the processor is used for reading the computer program, and executing the security reporting method executed by a platform server and used for environmental surveillance law enforcement as described in the first aspect or any one of the first aspects, or executing the security reporting method executed by a reporter terminal and used for environmental surveillance law enforcement as described in the first aspect or any one of the first aspects.
In a sixth aspect, the present invention provides a computer-readable storage medium having stored thereon instructions which, when executed on a computer, perform a security reporting method performed by a platform server for environmental surveillance enforcement as described in the first aspect or any one of the first aspects or perform a security reporting method performed by a reporter terminal for environmental surveillance enforcement as described in the first aspect or any one of the first aspects.
In a seventh aspect, the present invention provides a computer program product comprising instructions which, when run on a computer, cause the computer to perform a security reporting method for environmental surveillance enforcement, performed by a platform server, as described in the first aspect or any one of the first aspects, or a security reporting method for environmental surveillance enforcement, performed by a reporter terminal, as described in the first aspect or any one of the first aspects.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a schematic flow chart of a security reporting method for environmental surveillance law enforcement provided by the present invention.
Fig. 2 is a schematic structural diagram of a first safety reporting device for environmental supervision and law enforcement provided by the invention.
Fig. 3 is a schematic structural diagram of a second safety reporting device for environmental supervision and law enforcement according to the present invention.
Fig. 4 is a schematic structural diagram of a security reporting system for environmental surveillance law enforcement provided by the present invention.
Fig. 5 is a schematic structural diagram of a computer device provided by the present invention.
Detailed Description
The invention is further described with reference to the following figures and specific embodiments. It should be noted that the description of the embodiments is provided to help understanding of the present invention, but the present invention is not limited thereto. Specific structural and functional details disclosed herein are merely representative of exemplary embodiments of the invention. This invention may, however, be embodied in many alternate forms and should not be construed as limited to the embodiments set forth herein.
It will be understood that, although the terms first, second, etc. may be used herein to describe various objects, these objects should not be limited by these terms. These terms are only used to distinguish one object from another. For example, a first object may be referred to as a second object, and similarly, a second object may be referred to as a first object, without departing from the scope of example embodiments of the present invention.
It should be understood that, for the term "and/or" as may appear herein, it is merely an associative relationship that describes an associated object, meaning that three relationships may exist, e.g., a and/or B may mean: a exists alone, B exists alone or A and B exist at the same time; for the term "/and" as may appear herein, which describes another associative object relationship, it means that two relationships may exist, e.g., a/and B, may mean: a exists singly or A and B exist simultaneously; in addition, for the character "/" that may appear herein, it generally means that the former and latter associated objects are in an "or" relationship.
As shown in fig. 1, the security reporting method for environmental surveillance law enforcement provided in the first aspect of this embodiment may be, but not limited to, executed by two computer devices (i.e., a platform server and a reporter terminal, where the latter may be, for example, an electronic communication device such as a personal computer, a smart phone, a personal digital assistant, a wearable device, or a platform server) with certain computing resources, so as to ensure authenticity of a report information source, and simultaneously perform a fuzzy and hidden process on a public key of a reporter as much as possible, so that the information of the reporter is not easily obtained, strongly eliminate a concern that information of the reporter may be leaked from a public key of an environmental surveillance comprehensive law enforcement reporting platform, and facilitate increasing reporting enthusiasm of the public, reducing resistance of environmental surveillance law enforcement, promoting full development of environmental careers, and facilitating practical application and popularization. As shown in fig. 1, the security reporting method for environmental surveillance enforcement may include, but is not limited to, the following steps S1 to S15.
S1, sending a safety report request message to a platform server by a reporter terminal.
In the step S1, the reporter terminal is an electronic communication device held by a reporter, and is, for example, a Personal Computer (PC, which refers to a multipurpose Computer with a size, price and performance suitable for Personal use, and electronic devices such as a desktop Computer, a notebook Computer, a mini-notebook Computer, a tablet Computer, a super book, and the like, which belong to Personal computers), a smart phone, a Personal digital assistant (PAD), or a wearable device. The platform server refers to a server which is held by an environment administration and is used for providing an environment monitoring integrated law enforcement reporting response service, such as a web server or an APP (Application program, abbreviation) server. The security report request message is generated and sent on the reporter terminal by the reporter through conventional man-machine interaction operation, and the security report request message needs to include but is not limited to a sending address (also called a source address) so as to be capable of carrying out feedback of a security report response message in the following.
S2, after receiving the security report request message, the platform server triggers and randomly generates a unique numerical value in a local enclave trusted execution environment based on an SGX technology, and screens out a plurality of registrants public keys from all registrants public keys, wherein the unique numerical value is a natural number larger than zero, and all the registrants public keys are stored in the enclave trusted execution environment.
In the step S2, the SGX technology (fully called Intel Software Guard Extensions, which is an extension to Intel system) is a prior art for enhancing Software security on the server side, and a specific implementation scheme for constructing enclave (the english language means "enclave", here may be understood as a trusted execution environment) may be as follows: (1) Loading a virtual machine mirror image needing to be operated into a disk; (2) The key certificate for generating the codes and the data of the encrypted application programs is generated, namely, the SGX technology provides a more advanced key encryption method, the key is a brand-new key generated by an SGX version key, a CPU machine key and a key distributed to a user by an Intel official party under a key generation algorithm, and the key is used for encrypting the codes and the data of the application programs needing to be loaded; (3) Firstly loading codes and data of an application program or a mirror image to be loaded into an SGX Loader to prepare for loading the codes and the data into enclave; (4) Dynamically applying for constructing an enclave in an Intel SGX trusted mode; (5) Firstly, decrypting a program and data needing to be loaded in an EPC (envelope Page Cache) form through a secret key certificate; (6) The SGX instruction proves that the decrypted program and data are credible, the program and the data are loaded into enclave, and then each EPC content loaded into the enclave is copied; (7) Due to the fact that hardware isolation is used, confidentiality and integrity of enclaves are further guaranteed, and it is guaranteed that different enclaves cannot conflict or cannot be mutually accessed; (8) Starting an enclave initialization program, forbidding to continuously load and verify the EPC, generating an enclave identity certificate, encrypting the certificate, and storing the encrypted certificate as an enclave mark in a TCS (Thread Control Structure) of the enclave for recovering and verifying the identity of the enclave; (9) And completing the isolation of the SGX, starting to execute through a mirror image program in enclave of hardware isolation, and constructing the hardware isolation based on the trusted computing technology. Therefore, the security operation of the legal software can be encapsulated in the enclave trusted execution environment, the software is protected from being attacked by malicious software, and the privileged or non-privileged software cannot access the enclave, that is, once the software and data are in the enclave trusted execution environment, even an operating system or a VMM (Hypervisor) cannot influence the code and data in the enclave. The enclave can be understood as a 'black box' which is not used for identifying and isolating malicious programs, but encapsulates sensitive data and information of software, and any authority including an administrator cannot access the trusted execution environment, so that the sensitive information cannot be illegally accessed and modified by fraudulent software running at a higher privilege level.
In step S2, the uniqueness of the unique value means that the corresponding value generated by the conventional random algorithm has not been generated before, so as to ensure that the corresponding information can be uniquely bound later. And after carrying out platform legal registration on a corresponding registrant (the reporter is also used as a registrant during registration) in the all registrant public keys, safely storing the registrant public keys in the enclave trusted execution environment. The multiple registrars' public keys are used for participating in the fuzzy reporter public key, so that a snooper can hardly identify the real reporter public key. To facilitate the reporter's specification of the desired degree of obfuscation, it is preferable to screen out a plurality of registrars public keys from all registrars public keys, including but not limited to the following steps: and randomly screening m ' registrant public keys from all registrants public keys to serve as a plurality of registrants public keys according to the reporter fuzzy number m ' which is specified by the reporter in the security report request message, wherein all the registrants public keys are stored in the enclave trusted execution environment, and m ' is a natural number not less than ten. Thus, the larger the value of m ', the more registrars ' public keys that participate in the obfuscation of the publisher public key, the greater the difficulty in identifying the true publisher public key, and the safer the publisher's information. In addition, since the public key of the issuer is included in the public keys of all the registrants, in order to avoid that a snooper discovers an issuer, in the process of screening out a plurality of public keys of the registrants from the public keys of all the registrants, the public keys of the issuer are preferably excluded and then screened, so that the public keys of the registrants do not include the public key of the issuer.
And S3, the platform server feeds back a security report response message corresponding to the security report request message to the reporter terminal, wherein the security report response message comprises but is not limited to the unique numerical value encrypted by using the reporter public key and the plurality of registrars public keys.
In the step S3, since the unique numerical value and the plurality of registrants' public keys are transmitted to the issuer terminal after being encrypted using the issuer public key, and only the issuer terminal has the issuer private key corresponding to the issuer public key, it means that only the issuer terminal can decrypt the private key, thereby ensuring the security of the information transmitted midway. In addition, the private key of the issuer and the corresponding public key of the issuer are a typical public and private key pair (preferably a pair of asymmetric keys), and need to be generated and securely stored in the terminal of the issuer when the issuer performs platform legal registration in a conventional manner, so as to perform corresponding encryption and decryption operations.
S4, determining a public key sequence number by the platform server in the enclave trusted execution environment according to the unique numerical value and the total number of the public keys of the registrants, and inserting the reporter public key into the registrants public keys according to the public key sequence number to obtain a public key set PK = { PK 1 ,PK 2 ,…,PK i ,…PK n-1 ,PK n ,PK n+1 ,…,PK m+1 And binding and storing the unique numerical value and the public key set PK, wherein m represents the total number of public keys of the plurality of registrars, i represents a natural number and i belongs to [1, m +1 ]],PK i Represents the ith public key in the public key set PK, n represents the serial number of the public key and n = mod (d, m) +1,d represents the unique numerical value, mod () represents the remainder function, PK n Representing the publisher public key.
In the step S4, for example, when the total number of the public keys of the plurality of registrars is 20, if the serial number of the public key is 1, the issuer public key may be inserted before a first registrar public key of the plurality of registrars public keys; if the public key serial number is 13, the issuer public key may be inserted after the 12 th registrant public key among the plurality of registrant public keys, and serial number +1 may be performed for other registrant public keys located after the 12 th registrant public key. In addition, the public keys of the registrars are transmitted to the terminal of the newspaper lifter instead of the public key set PK, so that the information of the newspaper lifter can be further hidden in the transmission process, and the possibility of leakage is avoided.
And S5, after receiving the safety report response message, the reporter terminal decrypts by using a reporter private key corresponding to the reporter public key to obtain the unique numerical value and the multiple registrars public keys.
S6, the public key sequence number is also determined by the reporter terminal according to the unique numerical value and the public key total number of the plurality of registrars public keys, and then the reporter public key is inserted into the plurality of registrars public keys according to the public key sequence number to obtain the public key set PK.
In step S6, for example, see step S4 above.
And S7, randomly generating a plurality of numerical values corresponding to the public keys of the registrars one by the reporter terminal.
In step S7, each of the plurality of values may also be generated by a conventional random algorithm, and is preferably a different value.
And S8, encrypting each numerical value in the plurality of numerical values by using a corresponding public key through the reporter terminal to obtain a corresponding ciphertext.
And S9, the reporter terminal performs hash algorithm processing on the generated report information to obtain a first hash value.
In step S9, the reporting information is used to record detailed contents to be specifically reported by the reporter, including but not limited to contents such as a reported object, illegal details, and illegal evidence, which can be generated through a conventional human-computer interaction operation. In addition, the hash algorithm is an existing conventional algorithm, and the first hash value with a fixed length can be obtained.
S10, determining a ciphertext c by the reporter terminal according to the following signature verification equation n :
Wherein SE () represents a symmetric encryption algorithm using said first hash value as a symmetric key, c i Representation and public key PK i Corresponding ciphertext, d represents the unique numerical value.
In the step S10, the signature verification equation is a common verification equation since the ciphertext c is in the equation n (which is considered to be the public key PK of the presenter n The corresponding cipher text) is the only unknown, so the specific value can be determined by conventional solution equation means.
S11, using the reporter private key pair by the reporter terminal to obtain the ciphertext c n Decrypting to obtain the public key PK of the reporter n Corresponding value r n 。
In step S11, the ciphertext c is encrypted n Is regarded as using said publisher public key PK n A ciphertext generated by encrypting an unknown value, such that the ciphertext c may be encrypted using the publisher's private key n Decrypting to determine the unknown value, the value r n 。
S12, the value r is obtained by the reporter terminal according to the public key sequence number n Inserting into the plurality of numerical values to obtain a set of numerical values R = { R = } 1 ,r 2 ,…,r i ,…,r n-1 ,r n ,r n+1 ,…,r m+1 In which r is i Representing the ith value in the set of values R.
In step S12, the value set R is used as group signature information, and for a specific insertion example, refer to step S4, which is not described herein again.
And S13, uploading a report message to the platform server by the reporter terminal, wherein the report message is a message without a sending address and comprises but is not limited to the report message which is not encrypted by using the reporter private key, the unique numerical value and the numerical value set R.
In step S13, since the report information, the unique numerical value and the numerical value set R are plaintext information, even if a snooper acquires the public key of all registrants (for example, the snooper performs the collection of the public key of the registrants by initiating the aforementioned secure report request message several times), the public key of the reporters cannot be determined by one decryption attempt at a time (because decryption is not required), and thus the information of the reporters cannot be determined. Furthermore, since the report message is a message without a sending address (also called a source address), even if the message is intercepted, it is impossible to determine where the message comes from.
And S14, after receiving the report message, the platform server sends the report message into the enclave trusted execution environment.
S15, the platform server finds the bound public key set PK in the enclave trusted execution environment according to the unique numerical value, and carries out hash algorithm processing on the reported information to obtain a second hash value, and the following signature verification equation is determined:
when the establishment is established, accepting the report information, wherein SE' () represents a symmetric encryption algorithm using the second hash value as a symmetric key, and c i ' denotes a ciphertext obtained by encrypting the ith number in the set of values R using the ith public key in the set of public keys PK.
In step S15, if the signature verification equation is satisfied, it indicates that the value set R includes the signature information of the reporter, so that the source authenticity of the report information can be ensured, and at this time, the report information can be accepted for further performing verification and law enforcement. Furthermore, if the signature verification equation does not hold, it will not be accepted.
Therefore, based on the security reporting method described in the foregoing steps S1 to S15 and used for environmental monitoring and law enforcement, a security reporting scheme is provided that can obscure and hide the information of the reporter in the reporting process, that is, before formal reporting, first interaction is performed, so that the reporter terminal can trigger the platform server to generate a unique numerical value and screen out a plurality of registrant public keys for participating in the fuzzy reporter public key in an enclave trusted execution environment based on the SGX technology, and encrypt and feed back the public keys to the reporter terminal, then, when formal reporting is performed, the reporter terminal generates group signature information based on the generated reporting information, the unique numerical value and the plurality of registrant public keys, and finally uploads the reporting information, the unique numerical value and the group signature information in a clear text, so that the platform server can perform source authenticity verification on the received reporting information according to the unique numerical value, the plurality of registranters, the reporter and the group signature information in the enclave trusted execution environment, and perform processing on the fuzzy processing of the reporting and hidden public key of the environmental monitoring and hidden environmental protection public keys, thereby facilitating development of the public keys of the environmental monitoring and environmental protection and promotion of the public key.
On the basis of the technical solution of the first aspect, the present embodiment further provides another possible design how to obfuscate the public key of the publisher, that is, screening out a plurality of public keys of registrars from all public keys of registrars, including but not limited to the following steps S101 to S102.
S101, according to a reporter fuzzy condition which is in the safety report request message and is designated by a reporter, at least one historical public key set which meets the reporter fuzzy condition and corresponds to at least one piece of historical accepted report information one by one is searched from a historical report record, wherein the reporter fuzzy condition comprises but is not limited to an environmental surveillance law enforcement jurisdiction, an environmental surveillance type and/or an environmental law enforcement time period, the historical public key set comprises but is not limited to a part of registrants public keys in all registrants public keys, and all the registrants public keys are stored in the enclave credible execution environment.
In step S101, the history acceptance report information is report information that has been accepted by signature verification (that is, as described in step S15), and the history public key set is a public key set PK used for signature verification of the history acceptance report information. The fuzzy condition of the reporter is used for facilitating the reporter to place the reporter in a suspect reporter list which is difficult to identify due to high similarity of image characteristics, wherein the environment supervision law enforcement jurisdiction can be but not limited to a county level jurisdiction, a city level jurisdiction or a provincial level jurisdiction, and the environment supervision law enforcement type can be but not limited to a type of law enforcement treatment due to waste gas emission, a type of law enforcement treatment due to waste water emission or a type of law enforcement treatment due to waste solid burying and the like; the environmental surveillance enforcement period may be, but is not limited to, within the last month, within the last quarter, within the last year, or the like. For example, the reporter wants to report the illegal event of wastewater discharge in the area a, so that the fuzzy condition of the reporter includes information of the area a belonging to, the type of law enforcement treatment due to wastewater discharge, the last year and the like, so as to find all historical acceptance reporting information and all historical public key sets for the illegal event of wastewater discharge reporting in the area a belonging to the last year.
S102, all public keys are taken out from the at least one historical public key set to obtain a plurality of registrars public keys.
In step S102, since the at least one historical public key set may include the issuer public key, in order to avoid a snooper from finding an issuer, it is preferable to exclude the issuer public key during the process of retrieving all public keys, so that the public keys of the registrars do not include the issuer public key. In addition, if the secure report request message carries the report fuzzy number m ' specified by the report, m ' registrar public keys can be randomly screened out from all the public keys taken out to serve as the plurality of registrar public keys, and when the total number of the public keys of all the public keys is less than m ', the registrar public keys can be randomly screened out from all the registrar public keys to complement.
Therefore, based on the possible design I described in the steps S101 to S102, the person who submits the report can conveniently place the person in a suspect list which is difficult to identify due to high similarity of the portrait characteristics, the difficulty of identifying the true person who submits the report is further increased, and the information of the person who submits the report is better protected.
In this embodiment, on the basis of the technical solution of the first aspect, a second possible design is provided for how to protect the security of the information of the reporter during the process of reporting the reward, that is, after the reporting information is accepted, the method further includes, but is not limited to, the following steps S16 to S18.
And S16, the platform server binds and stores the unique value and a first time stamp in the enclave trusted execution environment, wherein the first time stamp comprises a receiving time stamp of the security reporting request message and/or a sending time stamp of the security reporting response message.
S17, by the platform server be in report information is surveyed and is received and come from after the reward payment request message of reporter terminal, will reward payment request message is sent into in the envelope trusted execution environment, wherein, reward payment request message contains but not limited to have and uses the encrypted only numerical value of reporter private key and second time stamp etc., the second time stamp by the reporter terminal record and contain the sending time stamp of safe report request message and/or the receipt time stamp of safe report response message.
S18, the platform server uses the reporter public key in the enclave trusted execution environment to decrypt and obtain the unique value and the second timestamp, and then the bound first timestamp is found according to the unique value, so that when the absolute difference value between the first timestamp and the second timestamp is judged to be smaller than a preset threshold value, the reward payment request message is responded: the prizes are reported upon payment.
In the step S18, considering that there is a possibility that the clock of the reporter terminal and the clock of the platform server are asynchronous, when it is determined that the absolute difference between the first timestamp and the second timestamp is smaller than a preset threshold (for example, 1 minute), the reporter terminal is determined to be the terminal providing the accepted and verified report information, and then the reward payment request message is responded: the prizes are reported upon payment. Because the time stamp interacted for the first time before the official report is reported is used as the report confirmation evidence and is irrelevant to the report information and the official report time, the condition that a snooper associates the report information with the report reward can be avoided, and the condition that the reporter is not easily found in the prize receiving process is further ensured.
Therefore, based on the second possible design described in the foregoing steps S16 to S18, it is avoided that the snooper associates the report information with the report reward, and it is further ensured that the reporter is not easily found in the process of receiving the reward.
As shown in fig. 2, a second aspect of this embodiment provides a virtual device for implementing the security reporting method executed by a platform server and used for environmental monitoring and law enforcement according to any one of the first aspect or any one of the first aspect, where the virtual device is disposed on the platform server and includes a request triggering module, a message sending module, a binding storage module, a message transferring module, and a signature verification module;
the request triggering module is used for triggering and randomly generating a unique value in a local enclave trusted execution environment based on an SGX technology after receiving a security report request message from a reporter terminal, and screening a plurality of registrars public keys from all registrars public keys, wherein the unique value is a natural number greater than zero, and all the registrars public keys are stored in the enclave trusted execution environment;
the message sending module is in communication connection with the request triggering module and is used for feeding back a security report response message corresponding to the security report request message to the reporter terminal, wherein the security report response message comprises the unique numerical value encrypted by using a reporter public key and the plurality of registrars public keys;
the binding storage module is in communication connection with the request triggering module and is used for determining a public key serial number according to the unique numerical value and the total number of the public keys of the registrars in the enclave trusted execution environment, and then inserting the reporter public key into the registrars public key according to the public key serial number to obtain a public key set
PK={PK 1 ,PK 2 ,…,PK i ,…PK n-1 ,PK n ,PK n+1 ,…,PK m+1 And binding and storing the unique numerical value and the public key set PK, wherein m represents the total number of public keys of the plurality of registrars, i represents a natural number and i belongs to [1, m +1 ]],PK i Represents the ith public key in the public key set PK, n represents the serial number of the public key and n = mod (d, m) +1,d represents the unique numerical value, mod () represents the remainder function, PK n Representing the publisher public key;
the message transfer module is configured to send the report message to the enclave trusted execution environment after receiving the report message from the reporter terminal, where the report message is a message without a sending address and includes report information that is not encrypted by using a reporter private key, the unique numerical value, and a numerical value set, and the numerical value set is obtained by the reporter terminal according to the following manner: after receiving the safety report response message, decrypting by using a report private key corresponding to the report public key to obtain the unique numerical value and the plurality of registrars public keys; firstly, determining the public key serial number according to the unique numerical value and the public key total number of the plurality of registrars public keys, and then inserting the reporter public key into the plurality of registrars public keys according to the public key serial number to obtain the public key set PK; randomly generating a plurality of numerical values which correspond to the public keys of the registrants one by one; encrypting each numerical value in the plurality of numerical values by using a corresponding public key to obtain a corresponding ciphertext; carrying out Hash algorithm processing on the reported information to obtain a first Hash value; determining the ciphertext c according to the following signature verification equation n :
Wherein SE () represents a symmetric encryption algorithm using said first hash value as a symmetric key, c i Representation and public key PK i A corresponding ciphertext; using the publisher private key to pair the ciphertext c n Decrypting to obtain the public key PK of the reporter n Corresponding value r n (ii) a The value r is obtained according to the public key sequence number n Inserting into the plurality of numerical values, resulting in the set of numerical values R = { R = { (R) } 1 ,r 2 ,…,r i ,…,r n-1 ,r n ,r n+1 ,…,r m+1 Wherein r is i Represents the ith numerical value in the numerical value set R;
the signature verification module is respectively in communication connection with the message transfer module and the binding storage module, and is configured to find the bound public key set PK according to the unique value in the enclave trusted execution environment, perform the hash algorithm processing on the report information, obtain a second hash value, and determine the following signature verification equation:
when the establishment is established, accepting the report information, wherein SE' () represents a symmetric encryption algorithm using the second hash value as a symmetric key, and c i ' denotes a ciphertext obtained by encrypting the ith value in the value set R using the ith public key in the public key set PK.
For the working process, working details, and technical effects of the foregoing apparatus provided in the second aspect of this embodiment, reference may be made to the safety reporting method in any one of the first aspect or the first aspect, which is not described herein again.
As shown in fig. 3, a third aspect of this embodiment provides a virtual device for implementing the secure reporting method executed by a reporter terminal and used for environmental monitoring and law enforcement according to any one of the first aspect or the first aspect, where the virtual device is disposed in the reporter terminal and includes a message sending module, a message receiving module, a message decrypting module, a set obtaining module, a random number generating module, a numerical encryption module, a hash processing module, a ciphertext determining module, a ciphertext decrypting module, and a numerical insertion module;
the message sending module is used for sending a security report request message to a platform server so that the platform server can trigger and randomly generate a unique numerical value in a local SGX technology-based enclave trusted execution environment, and screen out a plurality of registrant public keys from all registrant public keys, wherein the unique numerical value is a natural number greater than zero, and all the registrant public keys are stored in the enclave trusted execution environment;
the message receiving module is configured to receive a security report response message which is fed back by the platform server and corresponds to the security report request message, where the security report response message includes the unique numerical value encrypted by using a reporter public key and the plurality of registrants public keys;
the message decryption module is in communication connection with the message receiving module and is used for decrypting by using a private key of the newspaper publisher corresponding to the public key of the newspaper publisher to obtain the unique numerical value and the plurality of registrars public keys;
the set acquisition module is in communication connection with the message decryption module and is used for determining a public key serial number according to the unique numerical value and the total number of public keys of the registrars and inserting the publisher public key into the registrars public keys according to the public key serial number to obtain a public key set PK = { PK 1 ,PK 2 ,…,PK i ,…PK n-1 ,PK n ,PK n+1 ,…,PK m+1 Where m denotes the total number of public keys of the registrars' public keys, i denotes a natural number and has i ∈ [1, m +1 ]],PK i Represents the ith public key in the public key set PK, n represents the serial number of the public key and n = mod (d, m) +1,d represents the unique numerical value, mod () represents the remainder function, PK n Representing the publisher public key;
the random number generation module is used for randomly generating a plurality of numerical values which are in one-to-one correspondence with the public keys of the registrars;
the numerical value encryption module is respectively in communication connection with the message decryption module and the random number generation module, and is used for encrypting each numerical value in the plurality of numerical values by using a corresponding public key to obtain a corresponding ciphertext;
the hash processing module is used for carrying out hash algorithm processing on the generated report information to obtain a first hash value;
the ciphertext determining module is respectively in communication connection with the message decrypting module, the set acquiring module, the numerical value encrypting module and the hash processing module and is used for determining a ciphertext c according to the following signature verification equation n :
Wherein SE () represents a symmetric encryption algorithm using said first hash value as a symmetric key, c i Representation and public key PK i A corresponding ciphertext;
the ciphertext decryption module is in communication connection with the ciphertext determination module and is used for using the reporter private key to the ciphertext c n Decrypting to obtain the public key PK of the reporter n Corresponding value r n ;
The value insertion module is in communication connection with the ciphertext decryption module and is used for inserting the value r according to the public key sequence number n Inserting into the plurality of numerical values to obtain a set of numerical values R = { R = } 1 ,r 2 ,…,r i ,…,r n-1 ,r n ,r n+1 ,…,r m+1 Wherein r is i Represents the ith numerical value in the numerical value set R;
the message sending module is in communication connection with the value inserting module, and is further configured to upload, to the platform server, a report message that has no sending address and includes the report information that is not encrypted by the reporter private key, the unique value, and the value set R, so that the platform server sends the report message to the enclave trusted execution environment after receiving the report message, finds the public key set PK that is pre-bound and obtained by locally inserting the reporter public key into the multiple registrants public keys according to the public key sequence number in the enclave trusted execution environment according to the unique value, and performs the hash algorithm processing on the report information to obtain a second hash value, and determines a signature verification equation as follows:
For the working process, the working details, and the technical effects of the foregoing apparatus provided in the third aspect of this embodiment, reference may be made to the safety reporting method possibly designed in the first aspect or the first aspect, which is not described herein again.
As shown in fig. 4, a fourth aspect of this embodiment provides a system for implementing the security reporting method for environment surveillance law enforcement according to any one of the first aspect or the first aspect, including a platform server and a reporter terminal, where the platform server is configured to execute the security reporting method for environment surveillance law enforcement according to any one of the first aspect or the first aspect, the security reporting method being executed by the platform server and used for environment surveillance law enforcement, and the reporter terminal is communicatively connected to the platform server and is configured to execute the security reporting method for environment surveillance law enforcement according to any one of the first aspect or the first aspect, the method being executed by the reporter terminal and used for environment surveillance law enforcement according to any one of the first aspect or the first aspect.
For the working process, the working details, and the technical effects of the foregoing apparatus provided in the fourth aspect of this embodiment, reference may be made to the safety reporting method in any one of the first aspect or the first aspect, which is not described herein again.
As shown in fig. 5, a third aspect of the present embodiment provides a computer device for executing the security reporting method executed by a platform server and used for environmental surveillance enforcement according to the first aspect or any one of the first aspects, or executing the security reporting method executed by a reporter terminal and used for environmental surveillance enforcement according to the first aspect or any one of the first aspects, including a memory connected in communication, a processor and a transceiver, wherein the memory is used for storing a computer program, the transceiver is used for transmitting and receiving information, and the processor is used for reading the computer program, executing the security reporting method executed by the platform server and used for environmental surveillance enforcement according to the first aspect or any one of the first aspects, or executing the security reporting method executed by the reporter terminal and used for environmental surveillance enforcement according to the first aspect or any one of the first aspects. For example, the Memory may include, but is not limited to, a Random-Access Memory (RAM), a Read-Only Memory (ROM), a Flash Memory (Flash Memory), a First-in First-out (FIFO), a First-in Last-out (FILO), and/or a First-in Last-out (FILO); the processor may be, but is not limited to, a microprocessor of the model number STM32F105 family. In addition, the computer device may also include, but is not limited to, a power module, a display screen, and other necessary components.
For the working process, working details, and technical effects of the foregoing computer device provided in the fifth aspect of this embodiment, reference may be made to the safety reporting method in any one of the first aspect and the first aspect, which is not described herein again.
A sixth aspect of the present embodiment provides a computer-readable storage medium storing instructions including a security reporting method executed by a platform server and used for environmental surveillance enforcement as may be designed according to the first aspect or any of the first aspects, or a security reporting method executed by a reporter terminal and used for environmental surveillance enforcement as may be designed according to the first aspect or any of the first aspects, that is, the computer-readable storage medium having stored thereon instructions that, when executed on a computer, perform a security reporting method executed by a platform server and used for environmental surveillance enforcement as may be designed according to the first aspect or any of the first aspects, or perform a security reporting method executed by a reporter terminal and used for environmental surveillance enforcement as may be designed according to the first aspect or any of the first aspects. The computer-readable storage medium refers to a carrier for storing data, and may include, but is not limited to, a computer-readable storage medium such as a floppy disk, an optical disk, a hard disk, a flash Memory, a flash disk and/or a Memory Stick (Memory Stick), and the computer may be a general-purpose computer, a special-purpose computer, a computer network, or other programmable devices.
For the working process, the working details and the technical effects of the foregoing computer-readable storage medium provided in the sixth aspect of this embodiment, reference may be made to the security reporting method in any one of the first aspect or the first aspect, which is not described herein again.
A seventh aspect of the present embodiment provides a computer program product containing instructions which, when executed on a computer, cause the computer to perform the security reporting method for environmental surveillance enforcement performed by a platform server according to the first aspect or any one of the first aspect, or perform the security reporting method for environmental surveillance enforcement performed by a reporter terminal according to the first aspect or any one of the first aspect. The computer may be a general purpose computer, a special purpose computer, a network of computers, or other programmable devices.
Finally, it should be noted that the present invention is not limited to the above alternative embodiments, and that various other forms of products can be obtained by anyone in light of the present invention. The above detailed description should not be taken as limiting the scope of the invention, which is defined in the claims, and which the description is intended to be interpreted accordingly.
Claims (10)
1. A safety reporting method for environmental supervision and law enforcement is characterized by being applicable to a platform server and comprising the following steps:
after receiving a security report request message from a reporter terminal, triggering and randomly generating a unique numerical value in a local enclave trusted execution environment based on an SGX technology, and screening a plurality of registrar public keys from all registrar public keys, wherein the unique numerical value is a natural number greater than zero, and all the registrar public keys are stored in the enclave trusted execution environment;
feeding back a security report response message corresponding to the security report request message to the reporter terminal, wherein the security report response message comprises the unique numerical value encrypted by using a reporter public key and the plurality of registrars public keys;
determining a public key serial number according to the unique numerical value and the total number of the public keys of the registrars in the enclave trusted execution environment, and then inserting the reporter public key into the registrars public keys according to the public key serial number to obtain a public key set PK = { PK 1 ,PK 2 ,…,PK i ,…PK n-1 ,PK n ,PK n+1 ,…,PK m+1 And binding and storing the unique numerical value and the public key set PK, wherein m represents the total number of public keys of the plurality of registrars, i represents a natural number and i belongs to [1, m +1 ]],PK i Represents the ith public key in the public key set PK, n represents the serial number of the public key and n = mod (d, m) +1,d represents the unique numerical value, mod () represents the remainder function, PK n Representing the publisher public key;
after receiving a report message from the reporter terminal, sending the report message into the envelope trusted execution environment, wherein the report message is a message without a sending address and contains report information which is not encrypted by a reporter private key, the unique numerical value and a numerical value set, and the numerical value set is obtained by the reporter terminal according to the following modes: after receiving the safety report response message, decrypting by using a report private key corresponding to the report public key to obtain the unique numerical value and the plurality of registrars public keys; firstly, determining the public key serial number according to the unique numerical value and the public key total number of the plurality of registrars public keys, and then inserting the reporter public key into the plurality of registrars public keys according to the public key serial number to obtain the public key set PK; random generation and saidA plurality of numerical values corresponding to the public keys of the registrars one by one; encrypting each numerical value in the plurality of numerical values by using a corresponding public key to obtain a corresponding ciphertext; carrying out Hash algorithm processing on the reported information to obtain a first Hash value; determining the ciphertext c according to the signature verification equation n :
Wherein SE () represents a symmetric encryption algorithm using said first hash value as a symmetric key, c i Representation and public key PK i A corresponding ciphertext; using the publisher private key to pair the ciphertext c n Decrypting to obtain the public key PK of the reporter n Corresponding value r n (ii) a The value r is obtained according to the public key sequence number n Inserting into the plurality of numerical values, resulting in the set of numerical values R = { R = { (R) } 1 ,r 2 ,…,r i ,…,r n-1 ,r n ,r n+1 ,…,r m+1 Wherein r is i Represents the ith numerical value in the numerical value set R;
finding the bound public key set PK in the enclave trusted execution environment according to the unique numerical value, carrying out hash algorithm processing on the reported information to obtain a second hash value, and judging the following signature verification equation:
when the establishment is established, accepting the report information, wherein SE' () represents a symmetric encryption algorithm using the second hash value as a symmetric key, and c i ' denotes a ciphertext obtained by encrypting the ith number in the set of values R using the ith public key in the set of public keys PK.
2. The security reporting method of claim 1, wherein screening the plurality of registrants 'public keys from all registrants' public keys comprises:
and randomly screening m ' registrant public keys from all registrants public keys to serve as a plurality of registrants public keys according to the reporter fuzzy number m ' which is specified by the reporter in the security report request message, wherein all the registrants public keys are stored in the enclave trusted execution environment, and m ' is a natural number not less than ten.
3. The security reporting method of claim 1, wherein screening the plurality of registrants 'public keys from all registrants' public keys comprises:
according to the reporter fuzzy condition which is in the safety reporting request message and is designated by a reporter, finding at least one historical public key set which meets the reporter fuzzy condition and corresponds to at least one piece of historical accepted reporting information one by one from a historical reporting record, wherein the reporter fuzzy condition comprises an environmental surveillance law enforcement jurisdiction, an environmental surveillance law enforcement type and/or an environmental surveillance law enforcement period, the historical public key set comprises partial registrant public keys in all registrant public keys, and all the registrant public keys are stored in the enclave trusted execution environment;
and taking out all public keys from the at least one historical public key set to obtain a plurality of registrars public keys.
4. The secure reporting method of claim 1, wherein after accepting the reporting information, the method further comprises:
binding and storing the unique value and a first timestamp in the enclave trusted execution environment, wherein the first timestamp comprises a receiving timestamp of the security reporting request message and/or a sending timestamp of the security reporting response message;
after the report information is verified and a reward payment request message from the reporter terminal is received, sending the reward payment request message into the enclave trusted execution environment, wherein the reward payment request message comprises the unique numerical value and a second timestamp encrypted by using the reporter private key, and the second timestamp is recorded by the reporter terminal and comprises a sending timestamp of the safety report request message and/or a receiving timestamp of the safety report response message;
decrypting and acquiring the unique value and the second timestamp by using the reporter public key in the enclave trusted execution environment, and then finding the bound first timestamp according to the unique value so as to respond to the reward payment request message when the absolute difference value between the first timestamp and the second timestamp is judged to be smaller than a preset threshold value: the prize is reported upon payment.
5. A safety reporting device for environmental supervision and law enforcement is characterized by being arranged on a platform server and comprising a request triggering module, a message sending module, a binding storage module, a message transferring module and a signature verification module;
the request triggering module is used for triggering and randomly generating a unique numerical value in a local enclave trusted execution environment based on an SGX technology after receiving a security reporting request message from a reporter terminal, and screening a plurality of registrar public keys from all registrar public keys, wherein the unique numerical value is a natural number greater than zero, and all the registrar public keys are stored in the enclave trusted execution environment;
the message sending module is in communication connection with the request triggering module and is used for feeding back a security report response message corresponding to the security report request message to the reporter terminal, wherein the security report response message comprises the unique numerical value encrypted by using a reporter public key and the plurality of registrars public keys;
the binding storage module is in communication connection with the request triggering module and is used for determining a public key serial number according to the unique numerical value and the total number of the public keys of the registrars in the enclave trusted execution environment, and then inserting the reporter public key into the registrars public key according to the public key serial number to obtain a public key set PK = { PK = 1 ,PK 2 ,…,PK i ,…PK n-1 ,PK n ,PK n+1 ,…,PK m+1 And binding and storing the unique numerical value and the public key set PK, wherein m represents the total number of public keys of the plurality of registrars, i represents a natural number and i belongs to [1, m +1 ]],PK i Represents the ith public key in the public key set PK, n represents the serial number of the public key and n = mod (d, m) +1,d represents the unique numerical value, mod () represents the remainder function, PK n Representing the publisher public key;
the message transfer module is configured to send the report message to the enclave trusted execution environment after receiving the report message from the reporter terminal, where the report message is a message without a sending address and includes report information that is not encrypted by using a reporter private key, the unique numerical value, and a numerical value set, and the numerical value set is obtained by the reporter terminal according to the following manner: after receiving the safety report response message, decrypting by using a report private key corresponding to the report public key to obtain the unique numerical value and the plurality of registrars public keys; firstly, determining the public key serial number according to the unique numerical value and the public key total number of the plurality of registrars public keys, and then inserting the reporter public key into the plurality of registrars public keys according to the public key serial number to obtain the public key set PK; randomly generating a plurality of numerical values which correspond to the public keys of the registrants one by one; encrypting each numerical value in the plurality of numerical values by using a corresponding public key to obtain a corresponding ciphertext; carrying out Hash algorithm processing on the reported information to obtain a first Hash value; determining the ciphertext c according to the signature verification equation n :
Wherein SE () represents a symmetric encryption algorithm using said first hash value as a symmetric key, c i Representation and public key PK i A corresponding ciphertext; using the publisher private key to pair the ciphertext c n Decrypting to obtain the public key PK of the reporter n Corresponding value r n (ii) a The value r is obtained according to the public key sequence number n Inserting into the plurality of numerical values, resulting in the set of numerical values R = { R = { (R) } 1 ,r 2 ,…,r i ,…,r n-1 ,r n ,r n+1 ,…,r m+1 Wherein r is i Represents the ith numerical value in the numerical value set R;
the signature verification module is respectively in communication connection with the message transfer module and the binding storage module, and is configured to find the bound public key set PK according to the unique value in the enclave trusted execution environment, perform the hash algorithm processing on the report information, obtain a second hash value, and determine the following signature verification equation:
when the establishment is established, accepting the report information, wherein SE' () represents a symmetric encryption algorithm using the second hash value as a symmetric key, and c i ' denotes a ciphertext obtained by encrypting the ith value in the value set R using the ith public key in the public key set PK.
6. A safety reporting method for environmental supervision and law enforcement is characterized by being suitable for a reporter terminal and comprising the following steps:
sending a security report request message to a platform server, so that the platform server triggers and randomly generates a unique numerical value in a local enclave trusted execution environment based on an SGX technology, and screens out a plurality of registrant public keys from all registrant public keys, wherein the unique numerical value is a natural number greater than zero, and all the registrant public keys are stored in the enclave trusted execution environment;
receiving a security report response message which is fed back by the platform server and corresponds to the security report request message, wherein the security report response message comprises the unique numerical value encrypted by using a reporter public key and the plurality of registrars public keys;
decrypting by using a private key of the issuer corresponding to the public key of the issuer to obtain the unique numerical value and the public keys of the multiple registrars;
determining public key sequence number according to the unique numerical value and the total number of the public keys of the registrars, and inserting the reporter public key into the public keys of the registrars according to the public key sequence number to obtain a public key set PK = { PK = 1 ,PK 2 ,…,PK i ,…PK n-1 ,PK n ,PK n+1 ,…,PK m+1 Where m denotes the total number of public keys of the registrars' public keys, i denotes a natural number and has i ∈ [1, m +1 ]],PK i Represents the ith public key in the public key set PK, n represents the serial number of the public key and n = mod (d, m) +1,d represents the unique numerical value, mod () represents the remainder function, PK n Representing the publisher public key;
randomly generating a plurality of numerical values which correspond to the public keys of the registrants one by one;
encrypting each numerical value in the plurality of numerical values by using a corresponding public key to obtain a corresponding ciphertext;
carrying out hash algorithm processing on the generated report information to obtain a first hash value;
determining the ciphertext c according to the signature verification equation n :
Wherein SE () represents a symmetric encryption algorithm using said first hash value as a symmetric key, c i Representation and public key PK i A corresponding ciphertext;
using the publisher private key to pair the ciphertext c n Decrypting to obtain the public key PK of the reporter n Corresponding value r n ;
The value r is obtained according to the public key sequence number n Inserting into the plurality of numerical values to obtain a set of numerical values R = { R = } 1 ,r 2 ,…,r i ,…,r n-1 ,r n ,r n+1 ,…,r m+1 Wherein r is i Represents the ith numerical value in the numerical value set R;
uploading a report message which has no sending address and contains the report information, the unique numerical value and the numerical value set R and is not encrypted by the reporter private key to the platform server, so that the platform server sends the report message to the enclave trusted execution environment after receiving the report message, further finding the public key set PK which is bound in advance and obtained by locally inserting the reporter public keys into the public keys according to the public key serial numbers in the enclave trusted execution environment according to the unique numerical value, and performing the hash algorithm processing on the report message to obtain a second hash value, and judging the following signature verification equation:
and accepting the report information when the establishment is established, wherein SE '() represents a symmetric encryption algorithm using the second hash value as a symmetric key, and c' i And the ciphertext obtained by encrypting the ith number in the number set R by using the ith public key in the public key set PK.
7. A safety reporting device for environment supervision and law enforcement is characterized by being arranged at a reporter terminal and comprising a message sending module, a message receiving module, a message decryption module, a set acquisition module, a random number generation module, a numerical value encryption module, a hash processing module, a ciphertext determination module, a ciphertext decryption module and a numerical value insertion module;
the message sending module is used for sending a security report request message to a platform server so that the platform server can trigger and randomly generate a unique numerical value in a local SGX technology-based enclave trusted execution environment, and screen out a plurality of registrant public keys from all registrant public keys, wherein the unique numerical value is a natural number greater than zero, and all the registrant public keys are stored in the enclave trusted execution environment;
the message receiving module is configured to receive a security report response message which is fed back by the platform server and corresponds to the security report request message, where the security report response message includes the unique numerical value encrypted by using a reporter public key and the plurality of registrants public keys;
the message decryption module is in communication connection with the message receiving module and is used for decrypting by using a private key of the newspaper publisher corresponding to the public key of the newspaper publisher to obtain the unique numerical value and the plurality of registrars public keys;
the set acquisition module is in communication connection with the message decryption module and is used for determining a public key sequence number according to the unique numerical value and the total number of the public keys of the registrars, and then inserting the public key of the reporter into the public keys of the registrars according to the public key sequence number to obtain a public key set PK = { PK = 1 ,PK 2 ,…,PK i ,…PK n-1 ,PK n ,PK n+1 ,…,PK m+1 Where m denotes the total number of public keys of the multiple registrants' public keys, i denotes a natural number and has i e [1, m +1 ]],PK i Represents the ith public key in the public key set PK, n represents the serial number of the public key and n = mod (d, m) +1,d represents the unique numerical value, mod () represents the remainder function, PK n Representing the publisher public key;
the random number generation module is used for randomly generating a plurality of numerical values which are in one-to-one correspondence with the public keys of the registrants;
the numerical value encryption module is respectively in communication connection with the message decryption module and the random number generation module, and is used for encrypting each numerical value in the plurality of numerical values by using a corresponding public key to obtain a corresponding ciphertext;
the hash processing module is used for carrying out hash algorithm processing on the generated report information to obtain a first hash value;
the ciphertext determining module is respectively in communication connection with the message decrypting module, the set acquiring module, the numerical value encrypting module and the hash processing module, and is used for determining a ciphertext c according to the following signature verification equation n :
Wherein SE () represents a symmetric encryption algorithm using said first hash value as a symmetric key, c i Representation and public key PK i A corresponding ciphertext;
the ciphertext decryption module is in communication connection with the ciphertext determination module and is used for using the reporter private key to the ciphertext c n Decrypting to obtain the public key PK of the reporter n Corresponding value r n ;
The value insertion module is in communication connection with the ciphertext decryption module and is used for inserting the value r according to the public key sequence number n Inserting into the plurality of numerical values to obtain a set of numerical values R = { R = } 1 ,r 2 ,…,r i ,…,r n-1 ,r n ,r n+1 ,…,r m+1 Wherein r is i Represents the ith numerical value in the numerical value set R;
the message sending module is in communication connection with the value inserting module, and is further configured to upload, to the platform server, a report message that has no sending address and includes the report information that is not encrypted by the reporter private key, the unique value, and the value set R, so that the platform server sends the report message to the enclave trusted execution environment after receiving the report message, finds the public key set PK that is pre-bound and obtained by locally inserting the reporter public key into the multiple registrants public keys according to the public key sequence number in the enclave trusted execution environment according to the unique value, and performs the hash algorithm processing on the report information to obtain a second hash value, and determines a signature verification equation as follows:
and accepting the report information when the establishment is established, wherein SE '() represents a symmetric encryption algorithm using the second hash value as a symmetric key, and c' i And the ciphertext obtained by encrypting the ith number in the number set R by using the ith public key in the public key set PK.
8. A security reporting system for environmental surveillance law enforcement, comprising a platform server and a reporter terminal, wherein the platform server is configured to perform the security reporting method according to any one of claims 1 to 4, and the reporter terminal is communicatively connected to the platform server and configured to perform the security reporting method according to claim 6.
9. A computer device comprising a memory, a processor and a transceiver communicatively connected, wherein the memory is used for storing a computer program, the transceiver is used for transmitting and receiving information, and the processor is used for reading the computer program and executing the security reporting method according to any one of claims 1 to 4 or 6.
10. A computer-readable storage medium having stored thereon instructions for performing, when executed on a computer, the security reporting method of any one of claims 1 to 4 or claim 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210003100.4A CN114338014B (en) | 2022-01-04 | 2022-01-04 | Safety reporting method, device and system for environmental supervision and law enforcement |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210003100.4A CN114338014B (en) | 2022-01-04 | 2022-01-04 | Safety reporting method, device and system for environmental supervision and law enforcement |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114338014A CN114338014A (en) | 2022-04-12 |
| CN114338014B true CN114338014B (en) | 2023-03-24 |
Family
ID=81022234
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210003100.4A Active CN114338014B (en) | 2022-01-04 | 2022-01-04 | Safety reporting method, device and system for environmental supervision and law enforcement |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114338014B (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110213251A (en) * | 2019-05-22 | 2019-09-06 | 杭州复杂美科技有限公司 | It reports an offender anonymously and rewards distribution method and get method, equipment and storage medium |
| CN111064578A (en) * | 2019-12-18 | 2020-04-24 | 平安国际智慧城市科技股份有限公司 | Data security reporting method and device and computer readable storage medium |
| CN112350820A (en) * | 2020-10-29 | 2021-02-09 | 青海大学 | Multi-receiver signcryption method, sending end, receiving end, system and storage medium |
-
2022
- 2022-01-04 CN CN202210003100.4A patent/CN114338014B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110213251A (en) * | 2019-05-22 | 2019-09-06 | 杭州复杂美科技有限公司 | It reports an offender anonymously and rewards distribution method and get method, equipment and storage medium |
| CN111064578A (en) * | 2019-12-18 | 2020-04-24 | 平安国际智慧城市科技股份有限公司 | Data security reporting method and device and computer readable storage medium |
| CN112350820A (en) * | 2020-10-29 | 2021-02-09 | 青海大学 | Multi-receiver signcryption method, sending end, receiving end, system and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114338014A (en) | 2022-04-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| TWI778953B (en) | A method and system for securing computer software using a distributed hash table and a blockchain | |
| CN110582775B (en) | Method for managing files based on blockchain by utilizing UTXO (universal time-series oscillator) foundation protocol and file management server using same | |
| CN109074433B (en) | Method and system for verifying digital asset integrity using a distributed hash table and a peer-to-peer distributed ledger | |
| Volety et al. | Cracking Bitcoin wallets: I want what you have in the wallets | |
| AU716912B2 (en) | Electronic copy protection mechanism | |
| EP1643403A1 (en) | Encryption system using device authentication keys | |
| CN101977183B (en) | High reliable digital content service method applicable to multiclass terminal equipment | |
| CN1609810A (en) | Providing secure input and output to a trusted agent in a system with a high-assurance execution environment | |
| CN105740725A (en) | File protection method and system | |
| CN114884697B (en) | Data encryption and decryption method and related equipment based on cryptographic algorithm | |
| CN111797430A (en) | Data verification method, device, server and storage medium | |
| CN113822675A (en) | Block chain based message processing method, device, equipment and storage medium | |
| Singh et al. | Cloud computing security using blockchain technology | |
| CN111859431A (en) | Electronic file signature method and device, electronic equipment and storage medium | |
| CN114626079A (en) | File viewing method, device, equipment and storage medium based on user permission | |
| Holmes et al. | A framework for live host-based Bitcoin wallet forensics and triage | |
| CN100543762C (en) | Computer-aided design data encryption protecting method based on hardware environment | |
| CN114338014B (en) | Safety reporting method, device and system for environmental supervision and law enforcement | |
| CN110890979A (en) | Automatic deploying method, device, equipment and medium for fortress machine | |
| CN101099207A (en) | Portable data support with watermark function | |
| Gupta et al. | Machine learning forensics: A New Branch of digital forensics | |
| CN116760631B (en) | Multi-service data hierarchical management and control method and system based on regulation and control cloud platform | |
| TW201032084A (en) | System for managing the external access of electronic file and method of the same | |
| Zou et al. | A cloud based SIM DRM scheme for the mobile internet | |
| CN117499159B (en) | Block chain-based data transaction method and device and electronic equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |