CN114757685A - Shaddock agricultural product processing safety tracing method and system - Google Patents

Shaddock agricultural product processing safety tracing method and system Download PDF

Info

Publication number
CN114757685A
CN114757685A CN202210379559.4A CN202210379559A CN114757685A CN 114757685 A CN114757685 A CN 114757685A CN 202210379559 A CN202210379559 A CN 202210379559A CN 114757685 A CN114757685 A CN 114757685A
Authority
CN
China
Prior art keywords
tracing
signature
information
encrypted
center
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210379559.4A
Other languages
Chinese (zh)
Inventor
黄好霞
杨洲
曾镜源
郭江鸿
冯亚芬
陈科尹
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangdong Provincial Laboratory Of Lingnan Modern Agricultural Science And Technology
Jiaying University
Original Assignee
Guangdong Provincial Laboratory Of Lingnan Modern Agricultural Science And Technology
Jiaying University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangdong Provincial Laboratory Of Lingnan Modern Agricultural Science And Technology, Jiaying University filed Critical Guangdong Provincial Laboratory Of Lingnan Modern Agricultural Science And Technology
Priority to CN202210379559.4A priority Critical patent/CN114757685A/en
Publication of CN114757685A publication Critical patent/CN114757685A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce
    • G06Q30/018Certifying business or products
    • G06Q30/0185Product, service or business identity fraud
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K17/00Methods or arrangements for effecting co-operative working between equipments covered by two or more of main groups G06K1/00 - G06K15/00, e.g. automatic card files incorporating conveying and reading operations
    • G06K17/0022Methods or arrangements for effecting co-operative working between equipments covered by two or more of main groups G06K1/00 - G06K15/00, e.g. automatic card files incorporating conveying and reading operations arrangements or provisious for transferring data to distant stations, e.g. from a sensing device
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/72Signcrypting, i.e. digital signing and encrypting simultaneously

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • General Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Business, Economics & Management (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Mathematical Analysis (AREA)
  • Accounting & Taxation (AREA)
  • Mathematical Physics (AREA)
  • Pure & Applied Mathematics (AREA)
  • Computing Systems (AREA)
  • Algebra (AREA)
  • Entrepreneurship & Innovation (AREA)
  • Mathematical Optimization (AREA)
  • Development Economics (AREA)
  • Economics (AREA)
  • Finance (AREA)
  • Marketing (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Storage Device Security (AREA)

Abstract

The invention provides a shaddock agricultural product processing safety tracing method and a shaddock agricultural product processing safety tracing system. The method comprises the following steps: the encryption signing device signs the tracing information by using a private key of the encryption signature, encrypts the signature and the tracing information of the tracing information by using a session key of the current day, returns the encrypted signature and the encrypted tracing information of the tracing information to the enterprise equipment and reports the encrypted signature and the encrypted tracing information to the tracing center; the tracing center decrypts the encrypted signature and tracing information of the tracing information by using the session key of the current day, and verifies the signature based on the elliptic curve by using the public key of the encrypted signature; and the consumer scans the traceability two-dimensional code through the mobile terminal to obtain the traceability information of the product. The user APP carries out encryption query through a public key disclosed by the tracing center, and authenticity of a detected data source is provided.

Description

Shaddock agricultural product processing safety tracing method and system
Technical Field
The invention belongs to the field of agricultural product processing classification and food safety, and particularly relates to a shaddock type agricultural product processing safety tracing method and system.
Background
Most of the existing agricultural product traceability methods focus on crop growth information, environmental parameters and the like, and part of agricultural product safety traceability methods use a block chain to trace the growth information of agricultural products and the whole information such as transportation and sales; for pomelo agricultural products with thicker skins, in addition to visible product appearance information, consumers expect to obtain a sugar degree detection result which is key data invisible to naked eyes, but most of the current tracing methods do not provide the information. The encryption signing device of the invention utilizes the unique unchangeable ID of the security chip, the private key based on the elliptic curve and the network time to independently calculate the session key with the tracing center, and simultaneously uses the private key of the device to sign data, thereby protecting the authenticity, reliability and non-repudiation of the data on the basis of providing privacy protection for enterprise data. The user encrypts the query request through the public key of the tracing center, only the tracing center can correctly decrypt and return a result, and the trust of a consumer for purchasing a product is improved.
Disclosure of Invention
In order to solve the technical problems, the invention provides a technical scheme of a shaddock agricultural product processing safety tracing method and system, and aims to solve the technical problems.
The invention discloses a shaddock agricultural product processing safety tracing method, which comprises the following steps:
step S1, the tracing center generates a query private key and a query public key by using the parameters of the elliptic curve, and discloses the query public key; the tracing center prestores the elliptic curve parameters, the private key of the encrypted signature and the public key of the encrypted signature for an encrypted signature device issued to an enterprise; then the ID of the security chip of the encryption signature device is associated with an enterprise;
step S2, calculating the session key of the current day by applying the private key of the encrypted signature, the ID of the security chip and the current network time;
step S3, the enterprise equipment calls a development library issued by a traceability center, traceability information is sent to the encryption signing device, the encryption signing device signs the traceability information by using a private key of the encryption signature, encrypts the signature and the traceability information by using the session key of the current day, and returns the signature and the traceability information of the encrypted traceability information to the enterprise equipment, and the enterprise equipment reports the signature and the traceability information of the encrypted traceability information to the traceability center; the tracing information comprises: product numbering, sorting and grading process data;
step S4, the tracing center decrypts the encrypted signature and tracing information of the tracing information using the session key of the current day, and verifies the signature based on the elliptic curve by using the public key of the encrypted signature;
and step S5, the consumer scans the tracing two-dimensional code through the mobile terminal to generate scanning information, then encrypts the scanning information through the inquiry public key and sends the scanning information to the tracing center, and the tracing center decrypts the encrypted scanning information through the inquiry private key and retrieves the tracing information of the corresponding enterprise by using the decrypted scanning information.
According to the method of the first aspect of the present invention, in the step S1, the query public key is a query private key × G; the private key s of the encrypted signature is a random number and satisfies s < n, and n is the order of an elliptic curve; the public key P of the cryptographic signature is sxg, and G is the selected elliptic curve generator, also called base point.
Method according to the first aspect of the present invention, in step S2, the method for calculating the session key of the current day by using the private key of the cryptographic signature, the ID of the secure chip, and the current network time includes:
k=F(s|id|t)
in the formula, k is a session key of the current day, s is a private key of an encryption signature, ID is an ID of the security chip, t is the current network time, and F () is a hash function.
According to the method of the first aspect of the present invention, in step S3, the enterprise device invokes a development library issued by a tracing center, and sends tracing information to the cryptographic signature apparatus, where the cryptographic signature apparatus signs the tracing information by using a private key of the cryptographic signature, and the method includes:
the enterprise equipment calls a development library issued by the tracing center, and the tracing information M and the random number r are transmitted1Sending the encrypted signature to the encryption signing device;
according to the parameters of the stored elliptic curve and the random number r1Calculating a first signature variable of the tracing information, i.e. the first signature variable is r1XG, G is the selected elliptic curve generating element;
then according to the random number r1Calculating a second signature variable of the tracing information by using the private key s of the encrypted signature, the tracing information M and the ID of the security chip, wherein the second signature variable sign is (h + sx)/r1(ii) a h is the hash value of (id | M), and x is the coordinate of the base point G;
applying the first signature variable and the second signature variable to form a signature (r) of the tracing information1G,sign)。
According to the method of the first aspect of the present invention, in step S4, the method for verifying an elliptic curve-based signature using a public key of the cryptographic signature includes:
calculating a hash value h of the (id | M);
then (hG/sign + xP/sign) is calculated, and P is a public key of the encrypted signature;
the calculation result of (hG/sign + xP/sign) is compared with the first signature variable r1Comparing by XG, if the same result is passed, storing the traceThe source information M.
According to the method of the first aspect of the present invention, in step S5, the consumer scans the tracing two-dimensional code through the mobile terminal to generate scanning information, then encrypts the scanning information through the query public key, and sends the encrypted scanning information to the tracing center, and the tracing center decrypts the encrypted scanning information through the query private key, and the method for retrieving the tracing information corresponding to the enterprise using the decrypted scanning information includes:
a consumer scans the product grading traceability two-dimensional code through the mobile terminal to obtain scanning information of the enterprise code vID and the product number pID, encodes (vID | pID) to a point Z on the elliptic curve through the existing encoding mode, and generates a random number r2The query public key K ═ dG of the tracing center is used for encryption, d is a query private key, and the encryption result is (r)2G,Z+r2K) And sending the data to the source tracing center; and the tracing center decrypts the encrypted result to obtain Z and decodes the Z to obtain (vID | pID), queries corresponding tracing information and returns the result to the consumer.
The second aspect of the invention discloses a shaddock agricultural product processing safety tracing system, which comprises:
the tracing center generates a query private key and a query public key by using parameters of an elliptic curve and discloses the query public key; the tracing center prestores the elliptic curve parameters, the private key of the encrypted signature and the public key of the encrypted signature for an encrypted signature device issued to an enterprise; then the ID of the security chip of the encryption signature device is associated with an enterprise;
the second processing module is configured to calculate a session key of the current day by applying the private key of the encrypted signature, the ID of the security chip and the current network time;
the third processing module is configured to invoke a development library issued by a traceability center, send traceability information to the encryption signing device, the encryption signing device signs the traceability information by using a private key of the encryption signature, encrypts the signature and the traceability information by using the session key of the current day, returns the signature and the traceability information of the encrypted traceability information to the enterprise equipment, and reports the signature and the traceability information of the encrypted traceability information to the traceability center by the enterprise equipment;
the source tracing center decrypts the encrypted signature and source tracing information of the source tracing information by using the session key of the current day, and verifies the signature based on the elliptic curve by using the public key of the encrypted signature;
and the fifth processing module is configured to enable a consumer to scan the traceability two-dimensional code through the mobile terminal to generate scanning information, encrypt the scanning information through the inquiry public key and send the scanning information to the traceability center, and the traceability center decrypts the encrypted scanning information through the inquiry private key and retrieves the traceability information of the corresponding enterprise by using the decrypted scanning information.
According to the system of the second aspect of the present invention, the first processing module is configured to determine that the query public key is a query private key × G; the private key s of the encrypted signature is a random number and satisfies that s < n, and n is the order of an elliptic curve; the public key P of the cryptographic signature is sxg, and G is the selected elliptic curve generator, also called base point.
According to the system of the second aspect of the present invention, the second processing module configured to calculate a session key of the current day by applying the private key of the encrypted signature, the ID of the secure chip, and the current network time includes:
k=F(s|id|t)
in the formula, k is a session key of the current day, s is a private key of an encryption signature, ID is an ID of the security chip, t is the current network time, and F () is a hash function.
According to the system of the second aspect of the present invention, the third processing module is configured to invoke a development library issued by a tracing center by the enterprise device, and send tracing information to the encryption signing apparatus, where the signing of the tracing information by the encryption signing apparatus using a private key of the encryption signature includes:
the enterprise equipment calls a development library issued by the tracing center, and the tracing information M and the random number r are transmitted1Is sent to the stationThe encryption signature device;
according to the parameters of the stored elliptic curve and the random number r1Calculating a first signature variable of the tracing information, namely, the first signature variable is r1XG, G is the selected elliptic curve generating element;
then according to the random number r1Calculating a second signature variable of the tracing information by using the private key s of the encrypted signature, the tracing information M and the ID of the security chip, wherein the second signature variable sign is (h + sx)/r1(ii) a h is the hash value of (id | M), and x is the coordinate of the base point G;
applying the first signature variable and the second signature variable to form a signature (r) of the tracing information1G,sign)。
According to the system of the second aspect of the present invention, the fourth processing module is configured to verify the elliptic curve-based signature by using the public key of the cryptographic signature includes:
calculating a hash value h of the (id | M);
then (hG/sign + xP/sign) is calculated, and P is a public key of the encrypted signature;
the calculation result of (hG/sign + xP/sign) is compared with the first signature variable r1And comparing the XG, if the XG is the same, checking the label, and storing the tracing information M.
According to the system of the second aspect of the present invention, the fifth processing module is configured to scan the tracing two-dimensional code through the mobile terminal by the consumer, generate scanning information, encrypt the scanning information through the query public key, and send the encrypted scanning information to the tracing center, the tracing center decrypts the encrypted scanning information through the query private key, and the method for retrieving the tracing information corresponding to the enterprise using the decrypted scanning information includes:
a consumer scans the product grading traceability two-dimensional code through the mobile terminal to obtain scanning information of the enterprise code vID and the product number pID, encodes (vID | pID) to a point Z on the elliptic curve through the existing encoding mode, and generates a random number r2The query public key K ═ dG of the tracing center is used for encryption, d is a query private key, and the encryption result is (r)2G,Z+r2K) And sending the data to the source tracing center; and the tracing center decrypts the encrypted result to obtain Z and decodes the Z to obtain (vID | pID), queries corresponding tracing information and returns the result to the consumer.
A third aspect of the invention discloses an electronic device. The electronic device comprises a memory and a processor, the memory stores a computer program, and when the processor executes the computer program, the steps in the shaddock agricultural product processing safety tracing method in any one of the first aspects of the disclosure are realized.
A fourth aspect of the invention discloses a computer-readable storage medium. The computer readable storage medium stores thereon a computer program, and when the computer program is executed by a processor, the steps in the shaddock agricultural product processing safety tracing method in any one of the first aspects of the disclosure are implemented.
The scheme provided by the invention provides reliable grading information, especially the sugar degree parameter, of the pomelo agricultural products which are thick in epidermis and inconvenient to sample for consumers, and the consumers can conveniently and roughly judge the taste on the basis of appearance expression of the agricultural products. The enterprise carries out safety processing on the grading information in the processing process of the pomelo agricultural products through an encryption signing device issued by a tracing center and uploads the grading information to the tracing center, a session key of enterprise equipment and the tracing center is obtained by utilizing information such as a device private key, a safety chip ID, network time and the like and adopting an auto-negotiation method under the condition of no communication, and if the network time is year, month and day, the session key is secret one day, so that the forward and backward safety of data is provided; the signature of the detected data adopts a signature mode based on an elliptic curve, so that the authenticity of the data is provided; the consumer encrypts the data to be inquired through the public key of the traceability center and sends the encrypted information to the traceability center, only the traceability center can correctly decrypt the user request by using the private key and return the corresponding grading information, and judgment of purchasing pomelo agricultural products and trust of the products by the consumer are improved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and other drawings can be obtained by those skilled in the art without creative efforts.
FIG. 1 is a flow chart of a shaddock agricultural product processing security tracing method according to an embodiment of the present invention;
FIG. 2 is a block diagram of a shaddock-type agricultural product processing safety tracing apparatus according to an embodiment of the present invention;
fig. 3 is a flowchart illustrating auto-negotiation of session keys according to an embodiment of the present invention;
FIG. 4 is a signature encryption process for a device according to an embodiment of the invention;
FIG. 5 is a traceability center signature verification process according to an embodiment of the present invention;
FIG. 6 is a consumer tracing process according to an embodiment of the invention;
fig. 7 is a structural diagram of a shaddock agricultural product processing safety tracing system according to an embodiment of the present invention;
fig. 8 is a block diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be obtained by a person skilled in the art without making any creative effort based on the embodiments in the present invention, belong to the protection scope of the present invention.
The invention discloses a shaddock agricultural product processing safety tracing method. Fig. 1 is a flowchart of a shaddock agricultural product processing security tracing method according to an embodiment of the present invention, and as shown in fig. 1 and fig. 2, the method includes:
step S1, the tracing center generates a query private key and a query public key by using the parameters of the elliptic curve, and discloses the query public key; the tracing center prestores the elliptic curve parameters, the private key of the encrypted signature and the public key of the encrypted signature for an encrypted signature device issued to an enterprise; then the ID of the security chip of the encryption signature device is associated with an enterprise;
step S2, calculating the session key of the current day by applying the private key of the encrypted signature, the ID of the security chip and the current network time;
step S3, the enterprise equipment calls a development library issued by a traceability center, traceability information is sent to the encryption signing device, the encryption signing device signs the traceability information by using a private key of the encryption signature, encrypts the signature and the traceability information by using the session key of the current day, and returns the signature and the traceability information of the encrypted traceability information to the enterprise equipment, and the enterprise equipment reports the signature and the traceability information of the encrypted traceability information to the traceability center; the tracing information comprises: product numbering, sorting and grading process data;
step S4, the tracing center decrypts the encrypted signature and tracing information of the tracing information using the session key of the current day, and verifies the signature based on the elliptic curve by using the public key of the encrypted signature;
and step S5, the consumer scans the tracing two-dimensional code through the mobile terminal to generate scanning information, then encrypts the scanning information through the inquiry public key and sends the scanning information to the tracing center, and the tracing center decrypts the encrypted scanning information through the inquiry private key and retrieves the tracing information of the corresponding enterprise by using the decrypted scanning information.
In step S1, the tracing center generates a query private key and a query public key by using the parameters of the elliptic curve, and discloses the query public key; the tracing center prestores the elliptic curve parameters, the private key of the encrypted signature and the public key of the encrypted signature for an encrypted signature device issued to an enterprise; then the ID of the security chip of the encryption signature device is associated with an enterprise; the cryptographic signature device has a storage section, a calculation section, a communication section, and a secure chip having a unique unchangeable ID.
In some embodiments, in the step S1, the query public key is a query private key × G; the private key s of the encrypted signature is a random number and satisfies that s < n, and n is the order of an elliptic curve; the public key P of the encrypted signature is sxG, G is a selected elliptic curve generating element, which is also called a base point; from the elliptic curve characteristics, it is easy to know the random number s, the base point G, and find P ═ sG, but it is difficult to find s from 2 points of P and G, which is equivalent to finding the discrete logarithm of the elliptic curve.
The parameters of the elliptic curve are as follows: elliptic curve equation similar to y2=x3+ ax + b (mod p), where the elliptic curve parameter is T ═ p, a, b, G, n, h, where p is a large prime number in the finite field, and the length is generally 224 bits, 256 bits, or 384 bits, and 256 bits are selected in this embodiment; a and b are integers and are elliptic equation coefficients; g (x, y) is a point on the elliptic curve and is called a generator, x and y are coordinates of a base point G, the non-compression mode starts from 04, and the compression mode starts from 03; n is a prime number representing the order of the elliptic curve; h is a residue factor; the elliptic curve adopted in this embodiment is secp256k1, and the use of other elliptic curves does not affect the method of the present invention.
The private key of the encrypted signature is not readable outside, the storage of the private key of the encrypted signature can adopt the modes of disorder or physical fusing and the like to provide safe storage, and the ID of the safe chip can not be changed; and meanwhile, a library which can call the device for data encryption signature is provided for the enterprise.
In step S2, as shown in fig. 3, the cryptographic signature apparatus and the tracing center perform auto-negotiation every day to calculate the same session key of the current day by using the pre-stored private key of the cryptographic signature, the ID of the security chip, and the network time, so as to achieve a security level of "one secret per day", and provide forward and backward security for data; and calculating the session key of the current day by using the private key of the encrypted signature, the ID of the security chip and the current network time.
In some embodiments, in the step S2, the method for calculating the session key of the current day by applying the private key of the encrypted signature, the ID of the secure chip and the current network time includes:
k=F(s|id|t)
in the formula, k is a session key of the current day, s is a private key of an encryption signature, ID is an ID of the security chip, t is the current network time, and F () is a hash function.
Specifically, since the session key is updated by auto-negotiation every day, the network time may be up to date, e.g., 20220402 indicates 4/2/2022, and k ═ F (s | id | t) is calculated as the session key on the current day by using one-way hash. For example: let s be 81, t be 20220402, id be 1784653, sha256 be used as hash function, and then session key of the day:
k=sha256(s|id|t)=sha256(“81178465320220402”)
23137781e87931ed909f0abf11b892df1ecb260329cc8db160589575d07ba66b
the next day, the network updating time t is 20220403, and the session key of the current day is automatically calculated by each of the two parties:
k=sha256(s|id|t)=sha256(“81178465320220403”)
8635f30018f178dab36259a1a9daf044f46bfa1aec2710e3fe45a4c9f99595e2
the auto-negotiation secret key is 'secret one day', and provides forward and backward security of encrypted data.
In step S3, as shown in fig. 4, the enterprise device calls a development library issued by a tracing center, sends tracing information to the encryption signing device, the encryption signing device signs the tracing information by using the private key of the encryption signature, encrypts the signature and the tracing information of the tracing information by using the session key of the current day, returns the signature and the tracing information of the encrypted tracing information to the enterprise device, and reports the signature and the tracing information of the encrypted tracing information to the tracing center by the enterprise device; the tracing information comprises: product numbering, sorting and grading process data; and (3) detecting parameters, generating a product traceability two-dimensional code containing the enterprise code and the product number by the enterprise, and pasting or printing the product traceability two-dimensional code on a product package.
In some embodiments, in the step S3, the traceability information includes a key information of product grading, sugar degree, which is not visible to the naked eye of the consumer, in addition to the general processing information.
In some embodiments, in step S3, the enterprise device invokes a development library issued by a tracing center, and sends tracing information to the cryptographic signature apparatus, where the method for the cryptographic signature apparatus to sign the tracing information by using a private key of the cryptographic signature includes:
the enterprise equipment calls a development library issued by the tracing center, and the tracing information M and the random number r are transmitted1Sending the encrypted signature to the encryption signing device;
according to the parameters of the stored elliptic curve and the random number r1Calculating a first signature variable of the tracing information, i.e. the first signature variable is r1XG, G is the selected elliptic curve generating element;
then according to the random number r1Calculating a second signature variable of the tracing information by using the private key s of the encrypted signature, the tracing information M and the ID of the security chip, wherein the second signature variable sign is (h + sx)/r1(ii) a h is the hash value of (id | M), and x is the coordinate of the base point G;
applying the first signature variable and the second signature variable to form a signature (r) of the tracing information1G,sign)。
In step S4, as shown in fig. 5, the tracing center decrypts the encrypted signature of tracing information and tracing information by using the session key of the current day, and verifies the signature based on elliptic curve by using the public key of the encrypted signature.
In some embodiments, in the step S4, the method for verifying the elliptic curve-based signature by using the public key of the encrypted signature includes:
calculating a hash value h of the (id | M);
and (hG/sign + xP/sign) is calculated, wherein P is the public key of the encrypted signature.
The calculation result of (hG/sign + xP/sign) is compared with the first signature variable r1And comparing the XG, if the XG is the same, checking the label, and storing the tracing information M.
Specifically, the signature verification process proves to be as follows:
let device public key P ═ sG, s be private key, G be elliptic curve base point, parameter x come from signature r1G (x, y), then the traceability center calculates: hG/sign + xP/sign ═ hG/sign + x (sg)/sign ═ h + xs) G/((h + sx)/r1)=r1(h+xs)G/(h+sx)=r1G。
In step S5, as shown in fig. 6, the consumer scans the tracing two-dimensional code through the mobile terminal to generate scanning information, then encrypts the scanning information through the query public key, and sends the encrypted scanning information to the tracing center, and the tracing center decrypts the encrypted scanning information through the query private key, and retrieves the tracing information of the corresponding enterprise by using the decrypted scanning information.
In some embodiments, in step S5, the consumer scans the tracing two-dimensional code through the mobile terminal to generate scanning information, then encrypts the scanning information through the query public key, and sends the scanning information to the tracing center, and the tracing center decrypts the encrypted scanning information through the query private key, and the method for retrieving the tracing information corresponding to the enterprise using the decrypted scanning information includes:
a consumer scans a product grading traceability two-dimensional code through a mobile terminal to obtain scanning information of an enterprise code vID and a product number pID, encodes (vID | pID) to a point Z on an elliptic curve through the existing encoding mode, and generates a random number r2Encrypting by using the query public key K ═ dG of the tracing center, wherein d is a query private key and the encryption result is (r)2G,Z+r2K) And sending the data to the source tracing center; and the tracing center decrypts the encrypted result to obtain Z and decodes the Z to obtain (vID | pID), queries corresponding tracing information and returns the result to the consumer.
Specifically, the private key of the traceability center is d, the public key is K ═ dG, and the decryption process using the private key d is as follows: z + r2K-dr2G=Z+r2K-r2dG=Z+r2K-r2K=Z。
In conclusion, the scheme provided by the invention can provide reliable grading information, especially the sugar degree parameter, of pomelo agricultural products which have thicker skins and are inconvenient to test for consumers, and the consumers can roughly judge the taste on the basis of appearance expression of the agricultural products. The enterprise carries out safety processing on the grading information in the processing process of the pomelo agricultural products through an encryption signing device issued by a tracing center and uploads the grading information to the tracing center, a session key of enterprise equipment and the tracing center is obtained by utilizing information such as a device private key, a safety chip ID, network time and the like and adopting an auto-negotiation method under the condition of no communication, and if the network time is year, month and day, the session key is secret one day, so that the forward and backward safety of data is provided; the signature of the detected data adopts a signature mode based on an elliptic curve, so that the authenticity of the data is provided; the consumer encrypts the data to be inquired through the public key of the traceability center and sends the encrypted information to the traceability center, only the traceability center can correctly decrypt the user request by using the private key and return the corresponding grading information, and judgment of purchasing pomelo agricultural products and trust of the products by the consumer are improved.
The invention discloses a shaddock agricultural product processing safety tracing system in a second aspect. Fig. 7 is a structural diagram of a shaddock-type agricultural product processing security traceability system according to an embodiment of the present invention; as shown in fig. 7, the system 100 includes:
the first processing module 101 is configured to generate a query private key and a query public key by using parameters of an elliptic curve by a traceability center, and disclose the query public key; the tracing center prestores the elliptic curve parameters, the private key of the encrypted signature and the public key of the encrypted signature for an encrypted signature device issued to an enterprise; then the ID of the security chip of the encryption signature device is associated with an enterprise;
the second processing module 102 is configured to calculate a session key of the current day by applying the private key of the encrypted signature, the ID of the security chip and the current network time;
the third processing module 103 is configured to invoke a development library issued by a traceability center, send traceability information to the encryption signing device, the encryption signing device signs the traceability information by using a private key of the encryption signature, encrypts the signature and the traceability information of the traceability information by using the session key of the current day, returns the signature and the traceability information of the encrypted traceability information to the enterprise equipment, and reports the signature and the traceability information of the encrypted traceability information to the traceability center by the enterprise equipment;
the fourth processing module 104 is configured to decrypt the encrypted signature of the tracing information and the tracing information by using the session key of the current day, and perform verification of a signature based on an elliptic curve by using a public key of the encrypted signature;
the fifth processing module 105 is configured to scan the tracing two-dimensional code through the mobile terminal by the consumer, generate scanning information, encrypt the scanning information through the query public key, and send the encrypted scanning information to the tracing center, and the tracing center decrypts the encrypted scanning information through the query private key, and retrieves the tracing information corresponding to the enterprise by using the decrypted scanning information.
According to the system of the second aspect of the present invention, the first processing module 101 is configured to determine that the query public key is a query private key × G; the private key s of the encrypted signature is a random number and satisfies s < n, and n is the order of an elliptic curve; the public key P of the encrypted signature is sxg, and G is a selected elliptic curve generator, also called a base point.
According to the system of the second aspect of the present invention, the second processing module 102 is configured to calculate a session key of the current day by applying the private key of the encrypted signature, the ID of the secure chip, and the current network time includes:
k=F(s|id|t)
in the formula, k is a session key of the current day, s is a private key of an encryption signature, ID is an ID of the security chip, t is the current network time, and F () is a hash function.
According to the system in the second aspect of the present invention, the third processing module 103 is configured to, the enterprise device invokes a development library issued by a tracing center, and sends tracing information to the encryption signing apparatus, where the signing of the tracing information by the encryption signing apparatus using a private key of the encryption signature includes:
enterprise equipment calling tracingA development library issued by a source center is used for tracing the source information M and the random number r1Sending the data to the encryption signing device;
according to the parameters of the stored elliptic curve and the random number r1Calculating a first signature variable of the tracing information, namely, the first signature variable is r1XG, G is the selected elliptic curve generating element;
then according to the random number r1Calculating a second signature variable of the tracing information by using the private key s of the encrypted signature, the tracing information M and the ID of the security chip, wherein the second signature variable sign is (h + sx)/r1(ii) a h is the hash value of (id | M), and x is the coordinate of the base point G;
applying the first signature variable and the second signature variable to form a signature (r) of the tracing information1G,sign)。
According to the system of the second aspect of the present invention, the fourth processing module 104 is configured to verify the elliptic curve based signature by using the public key of the encrypted signature, including:
calculating a hash value h of the (id | M);
then (hG/sign + xP/sign) is calculated, and P is a public key of the encrypted signature;
the calculation result of (hG/sign + xP/sign) is compared with the first signature variable r1And comparing the XG, if the XG is the same, checking the label, and storing the tracing information M.
According to the system of the second aspect of the present invention, the fifth processing module 105 is configured to scan the tracing two-dimensional code through the mobile terminal by the consumer, generate scanning information, encrypt the scanning information through the query public key, and send the scanning information to the tracing center, the tracing center decrypts the encrypted scanning information through the query private key, and the method for retrieving the tracing information of the corresponding enterprise using the decrypted scanning information includes:
a consumer scans a product grading traceability two-dimensional code through a mobile terminal to obtain scanning information of an enterprise code vID and a product number pID, encodes (vID | pID) to a point Z on an elliptic curve through the existing encoding mode, and generates a random number r2Using said tracingThe central inquiry public key K ═ dG is encrypted, d is the inquiry private key, and the encryption result is (r)2G,Z+r2K) And sending the data to the source tracing center; and the tracing center decrypts the encrypted result to obtain Z and decodes the Z to obtain (vID | pID), queries corresponding tracing information and returns the result to the consumer.
A third aspect of the invention discloses an electronic device. The electronic equipment comprises a memory and a processor, the memory stores a computer program, and when the processor executes the computer program, the steps of the shaddock agricultural product processing safety tracing method disclosed by the invention in any one of the first aspect of the disclosure are realized.
Fig. 8 is a block diagram of an electronic device according to an embodiment of the present invention, and as shown in fig. 8, the electronic device includes a processor, a memory, a communication interface, a display screen, and an input device, which are connected by a system bus. Wherein the processor of the electronic device is configured to provide computing and control capabilities. The memory of the electronic equipment comprises a nonvolatile storage medium and an internal memory. The non-volatile storage medium stores an operating system and a computer program. The internal memory provides an environment for the operating system and the computer program to run on the non-volatile storage medium. The communication interface of the electronic device is used for carrying out wired or wireless communication with an external terminal, and the wireless communication can be realized through WIFI, an operator network, Near Field Communication (NFC) or other technologies. The display screen of the electronic equipment can be a liquid crystal display screen or an electronic ink display screen, and the input device of the electronic equipment can be a touch layer covered on the display screen, a key, a track ball or a touch pad arranged on the shell of the electronic equipment, an external keyboard, a touch pad or a mouse and the like.
It will be understood by those skilled in the art that the structure shown in fig. 8 is only a partial block diagram related to the technical solution disclosed in the present invention, and does not constitute a limitation to the electronic device to which the solution of the present application is applied, and a specific electronic device may include more or less components than those shown in the drawings, or combine some components, or have different arrangements of components.
A fourth aspect of the invention discloses a computer-readable storage medium. The computer readable storage medium stores a computer program, and when the computer program is executed by the processor, the steps in the processing safety tracing method for the pomelo agricultural products in any one of the first aspect of the disclosure are realized.
It should be noted that the technical features of the above embodiments can be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the above embodiments are not described, however, as long as there is no contradiction between the combinations of the technical features, the scope of the present description should be considered. The above examples only express several embodiments of the present application, and the description thereof is more specific and detailed, but not to be construed as limiting the scope of the invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the concept of the present application, and these are all within the scope of protection of the present application. Therefore, the protection scope of the present patent application shall be subject to the appended claims.

Claims (9)

1. A shaddock agricultural product processing safety tracing method is characterized by comprising the following steps:
step S1, the tracing center generates a query private key and a query public key by using the parameters of the elliptic curve, and discloses the query public key; the tracing center prestores the elliptic curve parameters, the private key of the encrypted signature and the public key of the encrypted signature for an encrypted signature device issued to an enterprise; then the ID of the security chip of the encryption signature device is associated with an enterprise;
step S2, calculating the session key of the current day by applying the private key of the encrypted signature, the ID of the security chip and the current network time;
step S3, the enterprise equipment calls a development library issued by a traceability center, traceability information is sent to the encryption signing device, the encryption signing device signs the traceability information by using a private key of the encryption signature, encrypts the signature and the traceability information by using the session key of the current day, and returns the signature and the traceability information of the encrypted traceability information to the enterprise equipment, and the enterprise equipment reports the signature and the traceability information of the encrypted traceability information to the traceability center; the tracing information comprises: product numbering, sorting and grading process data;
step S4, the tracing center uses the session key of the current day to decrypt the encrypted signature and tracing information of the tracing information, and uses the public key of the encrypted signature to verify the signature based on the elliptic curve;
and step S5, the consumer scans the tracing two-dimensional code through the mobile terminal to generate scanning information, then encrypts the scanning information through the inquiry public key and sends the scanning information to the tracing center, and the tracing center decrypts the encrypted scanning information through the inquiry private key and retrieves the tracing information of the corresponding enterprise by using the decrypted scanning information.
2. The method of claim 1, wherein in step S1, the query public key is a query private key xg; the private key s of the encrypted signature is a random number and satisfies that s < n, and n is the order of an elliptic curve; the public key P of the encrypted signature is sxg, and G is a selected elliptic curve generator, also called a base point.
3. The method of claim 1, wherein in step S2, the method for calculating the session key of the current day by using the private key of the encrypted signature, the ID of the security chip and the current network time includes:
k=F(s|id|t)
in the formula, k is a session key of the current day, s is a private key of an encryption signature, ID is an ID of the security chip, t is the current network time, and F () is a hash function.
4. The method of claim 1, wherein in step S3, the enterprise device calls a development library issued by a tracing center to send tracing information to the cryptographic signature apparatus, and the cryptographic signature apparatus signs the tracing information with a private key of the cryptographic signature includes:
the enterprise equipment calls a development library issued by the tracing center, and the tracing information M and the random number r are obtained1Sending the data to the encryption signing device;
according to the parameters of the stored elliptic curve and the random number r1Calculating a first signature variable of the tracing information, namely, the first signature variable is r1XG, G is the selected elliptic curve generating element;
then according to the random number r1Calculating a second signature variable of the tracing information by using the private key s of the encrypted signature, the tracing information M and the ID of the security chip, wherein the second signature variable sign is (h + sx)/r1(ii) a h is the hash value of (id | M), and x is the coordinate of the base point G;
applying the first signature variable and the second signature variable to form a signature (r) of the tracing information1G,sign)。
5. The method of claim 4, wherein in step S4, the method of verifying the elliptic curve-based signature by using the public key of the encrypted signature comprises:
calculating a hash value h of the (id | M);
then (hG/sign + xP/sign) is calculated, and P is a public key of the encrypted signature;
the calculation result of (hG/sign + xP/sign) is compared with the first signature variable r1And comparing the XG, if the XG is the same, checking the label, and storing the tracing information M.
6. The method of claim 1, wherein in the step S5, the consumer scans a tracing two-dimensional code through a mobile terminal to generate scanning information, encrypts the scanning information through a query public key, and sends the scanning information to the tracing center, the tracing center decrypts the encrypted scanning information through the query private key, and the method of retrieving the tracing information of the corresponding enterprise using the decrypted scanning information includes:
a consumer scans a product grading traceability two-dimensional code through a mobile terminal to obtain scanning information of an enterprise code vID and a product number pID, encodes (vID | pID) to a point Z on an elliptic curve through the existing encoding mode, and generates a random number r2Encrypting by using the query public key K ═ dG of the tracing center, wherein d is a query private key and the encryption result is (r)2G,Z+r2K) And sending the data to the tracing center; and the tracing center decrypts the encrypted result to obtain Z, decodes the Z to obtain (vID | pID), queries corresponding tracing information and returns the result to the consumer.
7. A safety traceability system for shaddock agricultural product processing is characterized by comprising:
the tracing center generates a query private key and a query public key by using parameters of an elliptic curve and discloses the query public key; the tracing center prestores the elliptic curve parameters, the private key of the encrypted signature and the public key of the encrypted signature for an encrypted signature device issued to an enterprise; then the ID of the security chip of the encryption signature device is associated with an enterprise;
the second processing module is configured to calculate a current day session key by applying the private key of the encrypted signature, the ID of the security chip and the current network time;
the third processing module is configured to call a development library issued by a tracing center, send tracing information to the encryption signing device, the encryption signing device signs the tracing information by using a private key of the encryption signature, encrypts the signature and the tracing information of the tracing information by using the session key of the current day, and returns the signature and the tracing information of the encrypted tracing information to the enterprise equipment, and the enterprise equipment reports the signature and the tracing information of the encrypted tracing information to the tracing center;
the source tracing center decrypts the encrypted signature and source tracing information of the source tracing information by using the session key of the current day, and verifies the signature based on the elliptic curve by using the public key of the encrypted signature;
and the fifth processing module is configured to enable a consumer to scan the tracing two-dimensional code through the mobile terminal to generate scanning information, encrypt the scanning information through the inquiry public key and send the encrypted scanning information to the tracing center, the tracing center decrypts the encrypted scanning information through the inquiry private key, and the tracing information of the corresponding enterprise is retrieved by applying the decrypted scanning information.
8. An electronic device, characterized in that the electronic device comprises a memory and a processor, the memory stores a computer program, and the processor implements the steps of the shaddock agricultural product processing safety tracing method in any one of claims 1 to 7 when executing the computer program.
9. A computer readable storage medium, wherein a computer program is stored on the computer readable storage medium, and when being executed by a processor, the computer program implements the steps in the processing safety tracing method for pomelo agricultural products of any one of claims 1 to 7.
CN202210379559.4A 2022-04-12 2022-04-12 Shaddock agricultural product processing safety tracing method and system Pending CN114757685A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210379559.4A CN114757685A (en) 2022-04-12 2022-04-12 Shaddock agricultural product processing safety tracing method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210379559.4A CN114757685A (en) 2022-04-12 2022-04-12 Shaddock agricultural product processing safety tracing method and system

Publications (1)

Publication Number Publication Date
CN114757685A true CN114757685A (en) 2022-07-15

Family

ID=82330104

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210379559.4A Pending CN114757685A (en) 2022-04-12 2022-04-12 Shaddock agricultural product processing safety tracing method and system

Country Status (1)

Country Link
CN (1) CN114757685A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114943038A (en) * 2022-07-26 2022-08-26 阿里健康科技(杭州)有限公司 Query method, server, query system, computer device, and storage medium
CN115580402A (en) * 2022-12-09 2023-01-06 蓝象智联(杭州)科技有限公司 Data hiding query method for secure multi-party computation
CN116188030A (en) * 2022-11-23 2023-05-30 深圳华稷科技有限公司 Secret recipe work tracing method and secret recipe work tracing system

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114943038A (en) * 2022-07-26 2022-08-26 阿里健康科技(杭州)有限公司 Query method, server, query system, computer device, and storage medium
CN114943038B (en) * 2022-07-26 2022-11-01 阿里健康科技(杭州)有限公司 Query method, server, query system, computer device and storage medium
CN116188030A (en) * 2022-11-23 2023-05-30 深圳华稷科技有限公司 Secret recipe work tracing method and secret recipe work tracing system
CN115580402A (en) * 2022-12-09 2023-01-06 蓝象智联(杭州)科技有限公司 Data hiding query method for secure multi-party computation

Similar Documents

Publication Publication Date Title
CN108681853B (en) Logistics information transmission method, system and device based on block chain
CN114757685A (en) Shaddock agricultural product processing safety tracing method and system
CN109255444B (en) Federal modeling method and device based on transfer learning and readable storage medium
TWI718567B (en) Two-dimensional code generation method, data processing method, device, server and computer readable storage medium
US20190356481A1 (en) System and method for securing digital assets
US8185476B2 (en) Digital rights management system protecting consumer privacy
CN109728906B (en) Anti-quantum-computation asymmetric encryption method and system based on asymmetric key pool
CN109064324A (en) Method of commerce, electronic device and readable storage medium storing program for executing based on alliance&#39;s chain
CN110795752A (en) Logistics information storage method, device, medium and electronic equipment based on block chain
US9600690B2 (en) Secure access for sensitive digital information
CN112883361B (en) Function jump method and device of application program, computer equipment and storage medium
CN109787758B (en) Anti-quantum computation MQV key agreement method and system based on private key pool and Elgamal
CN109921905B (en) Anti-quantum computation key negotiation method and system based on private key pool
CN109726571B (en) Electronic signature method and device for document, storage medium and electronic equipment
CN109936456B (en) Anti-quantum computation digital signature method and system based on private key pool
CN109905229B (en) Anti-quantum computing Elgamal encryption and decryption method and system based on group asymmetric key pool
JP2006094241A (en) Encryption apparatus, encryption processing method, program, and information protecting system using encryption apparatus
CN112199622A (en) Page jump method, system and storage medium
US20170200020A1 (en) Data management system, program recording medium, communication terminal, and data management server
CN113709115B (en) Authentication method and device
CN116455572B (en) Data encryption method, device and equipment
CN109905236B (en) Anti-quantum computing Elgamal encryption and decryption method and system based on private key pool
CN116684102A (en) Message transmission method, message verification method, device, equipment, medium and product
CN116015846A (en) Identity authentication method, identity authentication device, computer equipment and storage medium
CN114943038A (en) Query method, server, query system, computer device, and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination