CN115884171A - Security data acquisition method based on entity key authentication and session key encryption - Google Patents

Security data acquisition method based on entity key authentication and session key encryption Download PDF

Info

Publication number
CN115884171A
CN115884171A CN202211302083.0A CN202211302083A CN115884171A CN 115884171 A CN115884171 A CN 115884171A CN 202211302083 A CN202211302083 A CN 202211302083A CN 115884171 A CN115884171 A CN 115884171A
Authority
CN
China
Prior art keywords
data
user
key
verification
task
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211302083.0A
Other languages
Chinese (zh)
Inventor
李勋宏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Youka Network Technology Co ltd
Original Assignee
Shanghai Youka Network Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Youka Network Technology Co ltd filed Critical Shanghai Youka Network Technology Co ltd
Priority to CN202211302083.0A priority Critical patent/CN115884171A/en
Publication of CN115884171A publication Critical patent/CN115884171A/en
Pending legal-status Critical Current

Links

Images

Abstract

The application relates to a security data acquisition method based on entity key authentication and session key encryption, and based on the implementation scheme of the application, the application carries out two-way key authentication between two application ends through a two-way key authentication and session key encryption technology based on an entity, and provides a data acquisition method based on the security authentication method based on the entity key authentication and the session key encryption. Compared with the existing offline data acquisition method, the offline data acquisition method has high safety and does not need to rely on the physical safety mechanism of data acquisition personnel. Compared with the existing off-line data acquisition method, the on-line data acquisition method does not need to adopt special person to transmit storage equipment, and has the advantages of small investment, good real-time performance and high safety.

Description

Security data acquisition method based on entity key authentication and session key encryption
Technical Field
The present disclosure relates to the field of block chain technologies, and in particular, to a security authentication method, a data acquisition method, and a data acquisition system based on entity key authentication and session key encryption.
Background
With the continually updated iteration of the autopilot function, the autopilot vehicle utilizes various sensors, such as GPS, cameras, millimeter wave radar, and lidar, to collect a large amount of data for use as a source of autopilot training data and raw data for high-precision maps. These data can be used for algorithm training, driving simulation and production of high-precision maps in the laboratory.
Because these data contain the images and position data of non-desensitized roads, vehicles, pedestrians, and building facilities, these data belong to confidential data and cannot be transmitted in the clear according to the requirements of legal regulations. Considering the requirement of data safety compliance, the data are loaded to a data center mainly in an off-line mode at present, and the data are mainly loaded to the data center by depending on a physical safety mechanism and a physical safety mechanism of data acquisition personnel, so that the personnel investment is large, the flexibility is poor, and the information safety risk is high.
Disclosure of Invention
In order to solve the above problems, the present application provides a security authentication method, a data acquisition method, and a data acquisition system based on entity key authentication and session key encryption.
In one aspect, the present application provides a security authentication method based on entity key authentication and session key encryption, including the following steps:
a first user terminal initiates an authentication request to a second user terminal;
the second user end receives and establishes a task according to the authentication request and returns authentication information to the first user end;
the first user terminal receives the authentication information and carries out bidirectional digital authentication with the second user terminal based on entity secret key authentication issued by the third user terminal;
and after the bidirectional digital authentication is finished, respectively generating session keys for the first user side and the second user side, and performing task association based on the session keys.
As an optional implementation of the present application, optionally, the receiving, by the second user end, and according to the authentication request, the task creation, and returning authentication information to the first user end, includes:
the second user terminal receives the authentication request and creates a task according to the authentication request, wherein the task is in an unauthenticated state;
and after the task is established, returning second authentication information to the first user side: task ID, task validity period, first data SIGNATURE signal, and server certificate S _ CERT.
As an optional implementation of the present application, optionally, the receiving, by the first user end, the authentication information, and performing bidirectional digital authentication with the second user end based on entity key authentication issued by a third user end, includes:
after receiving second authentication information returned by the second user, the first user authenticates a server certificate S _ CERT returned by the second user by adopting a pre-configured first certificate; after the server certificate S _ CERT passes the verification, the server certificate S _ CERT is used for verifying the first data SIGNATURE SIGNATURE; after the first data SIGNATURE SIGNATURE is verified, the first user side sends first authentication information to the second user side, wherein the first authentication information comprises a task ID, a first user identification, a second data SIGNATURE SIGNATURE and a first certificate V _ CERT;
after receiving first authentication information returned by the first user side, the second user side authenticates a first certificate V _ CERT returned by the first user side by adopting a pre-configured second certificate; and after the first certificate V _ CERT passes the verification, the first certificate V _ CERT is used for verifying the second data SIGNATURE SIGNATURE, and the data SIGNATURE verification between the first user side and the first user side is completed.
As an optional embodiment of the present application, optionally, when the second user authenticates the server certificate V _ CERT returned by the first user, the method further includes:
the second user end receives the first user identification;
and verifying whether the first user identification is in a white list of the second user side, if so, passing the identity verification of the first user side.
As an optional embodiment of the present application, optionally, after the second user end completes the data signature verification with the first user end, the method further includes:
after the second user end completes the verification of the second data SIGNATURE SIGNATURE, if the verification is successful, a public and private key pair (S _ SK, S _ PK) of the second user end is generated, and the S _ PK and the third data SIGNATURE SIGNATURE are returned to the first user end;
the first user side receives the S _ PK and the third data SIGNATURE SIGNATURE, and verifies the third data SIGNATURE SIGNATURE by adopting a server certificate S _ CERT returned by the second user side; after the verification is passed, the first user end saves S _ PK, generates a public and private key pair (V _ SK, V _ PK) of the first user end, and sends the V _ PK and a fourth data SIGNATURE SIGNATURE to the second user end;
and the second user side verifies the fourth data SIGNATURE SIGNATURE by using the server certificate V _ CERT to finish the verification of the public and private key pair with the first user side.
As an optional implementation of the present application, optionally, after the bidirectional digital authentication is completed, session keys are generated for the first user side and the second user side, respectively, and task association is performed based on the session keys, including:
after the second user end completes the verification of the fourth data SIGNATURE SIGNATURE, if the verification is successful, carrying out key agreement on V _ PK and S _ SK to generate a first session key, generating a first data verification key and a first data encryption key by using the first session key, associating the first data verification key and the first data encryption key with the task ID, setting the task to be in an available state, and returning a task establishment result to the first user end;
and the first user side performs key agreement by using the V _ SK and the S _ PK to generate a second session key, and generates a second data verification key and a second data encryption key by using the second session key and associates the second data verification key and the second data encryption key with the task ID to prepare for data acquisition.
In another aspect, the present application further provides a data collection method based on the above security authentication method based on entity key authentication and session key encryption, including the following steps:
the first user terminal performs data acquisition according to the task ID to obtain acquired data;
the first user terminal encrypts and verifies the acquired data by using a second session key to generate encrypted data and a verification value thereof;
and the first user terminal sends the encrypted data and the check value thereof to the second user terminal in an off-line mode or an on-line mode.
As an optional implementation of the present application, optionally, the encrypting and verifying the collected data by using a second session key by the first user end, and storing the encrypted data and the verification value, includes:
the first user terminal encrypts the acquired data by using a second data encryption key in a second session key associated with the task ID to generate encrypted data and stores the encrypted data;
and the first user terminal uses a second data verification key in a second session key associated with the task ID to verify the acquired data, generate the verification value and store the verification value.
As an optional embodiment of the present application, optionally, the method further includes:
the second user end receives the encrypted data and the check value sent by the first user end;
the second user end uses the first data verification key associated with the task ID to verify the verification value of the encrypted data;
and after the verification is passed, the second user end uses the first data encryption key associated with the task ID to decrypt or encrypt the encrypted data.
In another aspect of the present application, a data acquisition system is further provided, including:
a processor;
a memory for storing processor-executable instructions;
wherein the processor is configured to execute the executable instructions to implement the data acquisition method described above.
The invention has the technical effects that:
based on the implementation scheme of the application, the two-way key authentication is carried out between two application ends through a two-way key authentication and session key encryption technology based on an entity, and a data acquisition method for data encryption is provided based on a safety authentication method of the entity key authentication and the session key encryption. Compared with the existing offline data acquisition method, the offline data acquisition method has high safety and does not need to rely on the physical safety mechanism of data acquisition personnel. Compared with the existing offline data acquisition method, the online data acquisition method does not need to adopt a special person to transfer storage equipment, and has the advantages of small investment, good real-time performance and high safety.
Other features and aspects of the present disclosure will become apparent from the following detailed description of exemplary embodiments, which proceeds with reference to the accompanying drawings.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate exemplary embodiments, features, and aspects of the disclosure and, together with the description, serve to explain the principles of the disclosure.
FIG. 1 is a schematic diagram of the subject relationship of the digital certificate authority of the present invention;
FIG. 2 is a diagram illustrating a dynamic key agreement mechanism of the security authentication method of the present invention;
FIG. 3 is a schematic diagram illustrating the overall flow of data acquisition according to the present invention;
FIG. 4 is a schematic flow chart of a data acquisition method of the present invention;
FIG. 5 is a schematic flow chart illustrating the execution of data collection tasks for a vehicle according to the present invention;
FIG. 6 is a schematic flow chart illustrating the transmission of data for a vehicle according to the present invention.
Detailed Description
Various exemplary embodiments, features and aspects of the present disclosure will be described in detail below with reference to the accompanying drawings. In the drawings, like reference numbers can indicate functionally identical or similar elements. While the various aspects of the embodiments are presented in drawings, the drawings are not necessarily drawn to scale unless specifically indicated.
The word "exemplary" is used exclusively herein to mean "serving as an example, embodiment, or illustration. Any embodiment described herein as "exemplary" is not necessarily to be construed as preferred or advantageous over other embodiments.
Furthermore, in the following detailed description, numerous specific details are set forth in order to provide a better understanding of the present disclosure. It will be understood by those skilled in the art that the present disclosure may be practiced without some of these specific details. In some instances, methods, means, elements and circuits that are well known to those skilled in the art have not been described in detail so as not to obscure the present disclosure.
In this embodiment, the first user side, the second user side, and the third user side may be any application subject, and the authentication procedure between the first user side, the second user side, and the third user side is not limited to the initiation sequence of this embodiment.
The invention designs a safety data acquisition method based on entity key authentication and session key encryption, which can be used for the safety data acquisition of automatic driving and high-precision maps of intelligent networked automobiles, and can be used for off-line data acquisition and on-line data acquisition.
Example 1
The data acquisition method for data encryption is provided by a two-way key authentication and session key encryption technology based on an entity, and a security authentication method based on the entity key authentication and the session key encryption.
In one aspect, the present application provides a security authentication method based on entity key authentication and session key encryption, including the following steps:
a first user terminal initiates an authentication request to a second user terminal;
the second user end receives and establishes a task according to the authentication request and returns authentication information to the first user end;
the first user terminal receives the authentication information and carries out bidirectional digital authentication with the second user terminal based on entity secret key authentication issued by the third user terminal;
and after the bidirectional digital authentication is finished, generating session keys for the first user side and the second user side respectively, and performing task association based on the session keys.
As shown in fig. 1, in this embodiment, the first user is an autonomous vehicle, the second user is an autonomous cloud server, and the third user is an authority that can issue a certificate based on a cryptographic algorithm or an international algorithm for two entities, namely, the autonomous vehicle and the autonomous cloud server. The security mechanism of the invention comprises two parts of bidirectional key authentication based on an entity and session key encryption. The entity-based two-way secret key authentication is a digital certificate based on a national secret algorithm or an international algorithm, and the certificate of the national secret algorithm or the international algorithm is issued to two types of entities, namely an automatic driving vehicle and an automatic driving cloud server by an authority in the automatic driving industry or an enterprise; meanwhile, the automatic driving vehicle and the automatic driving cloud server are also internally provided with certificates of authorities, and when the automatic driving vehicle and the automatic driving cloud server establish a session, the validity of the digital certificate needs to be authenticated in two ways.
As shown in fig. 2, the session key encryption employs a dynamic key agreement mechanism, and the autonomous vehicle and the autonomous cloud server respectively generate a public and private key pair based on a national key algorithm or an international algorithm, and generate a session key using a key agreement algorithm. And encrypting and decrypting the data of the automatic driving and high-precision map by adopting a session key.
Fig. 3 is a schematic diagram of the overall flow of data acquisition. Data acquisition comprises three phases: the method comprises a data acquisition task establishing stage, a data acquisition task executing stage and a data acquisition task transmitting stage. The data acquisition task transmission stage is divided into real-time transmission and off-line transmission.
First, a mutual authentication is required to be established, creating a data collection task.
As shown in fig. 4, the vehicle requests a start-up authentication from the autonomous cloud server before it is ready to perform a data collection task. And the automatic driving cloud server receives the authentication request and starts to create a task.
As shown in fig. 4, specifically:
the automatic driving cloud server creates a task, the task is in an unauthenticated state, and returns a task ID, a task validity period, a data SIGNATURE SIGNATURE1 and a server certificate S _ CERT;
the vehicle uses the certificate of the authority to verify the S _ CERT, the S _ CERT is used to verify the SIGNATURE1 after the verification is passed, and the vehicle sends vehicle authentication information to the automatic driving cloud server after the verification is passed, wherein the vehicle authentication information comprises a task ID, a vehicle VIN number, a data SIGNATURE SIGNATURE2 and a vehicle certificate V _ CERT;
the automatic driving cloud server verifies the V _ CERT by using a certificate of an authority, determines whether the VIN of the vehicle is in a white list, verifies SIGNATURE2 by using the V _ CERT after the verification is passed, generates a session public and private key pair (S _ SK, S _ PK) of a server side by the automatic driving cloud server after the verification is passed, and returns the S _ PK and the data SIGNATURE SIGNATURE3 to the vehicle;
the vehicle uses S _ CERT to verify SIGNATURE3, after the verification is passed, the vehicle stores S _ PK, generates session public and private key pairs (V _ SK, V _ PK) of the vehicle end, and sends V _ PK and a data SIGNATURE SIGNATURE4 to the automatic driving cloud server;
the automatic driving cloud server verifies SIGNATURE4 by using V _ CERT, after the verification is passed, key agreement is carried out on V _ PK and S _ SK, a session key is generated, a data verification key and a data encryption key are generated by using the session key, the session key is associated with a task ID, the task is set to be in an available state, and a data acquisition task establishment result is returned to the vehicle.
And the vehicle carries out key agreement by using the V _ SK and the S _ PK to generate a session key, and generates a data verification key and a data encryption key by using the session key, and the data verification key and the data encryption key are associated with the task ID to prepare data acquisition.
Therefore, on the aspect of establishing communication between the vehicle and the server, bidirectional digital certificate authentication, signature authentication of a bidirectional public and private key pair and a session key association task ID are adopted, so that when a task is executed, data encryption and decryption processing is performed through the session key, multi-party authentication is realized, and data is sent safely.
It should be noted that, although the above bidirectional authentication method is described by taking the vehicle initiating authentication to the cloud server as an example, those skilled in the art can understand that the present disclosure should not be limited thereto. In fact, the user can flexibly set the order of initiating authentication according to the actual application scenario, as long as the technical function of the present application can be realized according to the above multi-authentication task association technical method.
Example 2
Based on the implementation principle of embodiment 1, the present application further provides a data acquisition method based on the above security authentication method based on entity key authentication and session key encryption, including the following steps:
the first user terminal performs data acquisition according to the task ID to obtain acquired data;
the first user terminal encrypts and verifies the acquired data by using a second session key to generate encrypted data and a verification value thereof;
and the first user end sends the encrypted data and the check value thereof to the second user end in an off-line mode or an on-line mode.
As shown in fig. 5, after establishing an encrypted channel between the vehicle and the cloud server, the vehicle may perform an information collection task. The vehicle executes a data acquisition task; and encrypting the acquired data by using a data encryption key in the session key associated with the task ID, and verifying the data by using a data verification key.
As an optional implementation of the present application, optionally, the encrypting and verifying the collected data by using a second session key by the first user end, and storing the encrypted data and the verification value, includes:
the first user terminal encrypts the acquired data by using a second data encryption key in a second session key associated with the task ID to generate encrypted data and stores the encrypted data;
and the first user terminal uses a second data verification key in a second session key associated with the task ID to verify the acquired data, generates the verification value and stores the verification value.
As an optional embodiment of the present application, optionally, the method further includes:
the second user end receives the encrypted data and the check value sent by the first user end;
the second user end uses the first data verification key associated with the task ID to verify the verification value of the encrypted data;
and after the verification is passed, the second user end uses the first data encryption key associated with the task ID to decrypt or transcrypt the encrypted data.
After data acquisition, entering a task transmission stage:
1. the vehicle uploads the task ID and the encrypted data to an automatic driving cloud server in an off-line mode or an on-line mode;
2. and the automatic driving cloud server judges whether the task ID is in the valid period, verifies the task ID by using a data verification key in the associated session key, and decrypts or encrypts the task ID by using a data encryption key after verification.
With reference to fig. 6, the vehicle encrypts the collected data, and sends the encrypted data to the automatic driving cloud server, and at this time, the cloud server verifies and decrypts the data by using the Share Key associated with the ID.
Besides decryption, encryption can be carried out, and the encryption can be carried out in the encryption mode, so that the received encrypted data are encrypted for the second time and then sent to a main body such as a third party.
Therefore, the method can be used for automatic driving of the intelligent networked automobile and safe data acquisition of a high-precision map, and can be used for off-line data acquisition and on-line data acquisition. Compared with the existing offline data acquisition method, the offline data acquisition method has high safety and does not need to rely on the physical safety mechanism of data acquisition personnel. Compared with the existing off-line data acquisition method, the on-line data acquisition method does not need to adopt special person to transmit storage equipment, and has the advantages of small investment, good real-time performance and high safety.
It should be apparent to those skilled in the art that all or part of the processes of the methods of the above embodiments may be implemented by hardware related to instructions of a computer program, and the program may be stored in a computer readable storage medium, and when executed, may include the processes of the embodiments of the control methods as described above. The modules or steps of the invention described above can be implemented by a general purpose computing device, they can be centralized on a single computing device or distributed over a network of multiple computing devices, and they can alternatively be implemented by program code executable by a computing device, so that they can be stored in a storage device and executed by a computing device, or they can be separately fabricated into various integrated circuit modules, or multiple modules or steps thereof can be fabricated into a single integrated circuit module. Thus, the present invention is not limited to any specific combination of hardware and software.
It will be understood by those skilled in the art that all or part of the processes of the methods of the above embodiments may be implemented by hardware related to instructions of a computer program, and the program may be stored in a computer readable storage medium, and when executed, may include the processes of the embodiments of the control methods as described above. The storage medium may be a magnetic disk, an optical disk, a Read-only memory (ROM), a Random Access Memory (RAM), a flash memory (FlashMemory), a hard disk (hard disk drive, abbreviated as HDD) or a Solid State Drive (SSD), etc.; the storage medium may also comprise a combination of memories of the kind described above.
Example 3
Still further, in another aspect of the present application, a data acquisition system is further provided, including:
a processor;
a memory for storing processor-executable instructions;
wherein the processor is configured to execute the executable instructions to implement the data acquisition method described above.
Embodiments of the present disclosure provide a data acquisition system including a processor and a memory for storing processor-executable instructions. Wherein the processor is configured to execute the executable instructions to implement any one of the above-described secure data collection methods based on entity key authentication and session key encryption.
Here, it should be noted that the number of processors may be one or more. Meanwhile, the data acquisition system of the embodiment of the present disclosure may further include an input device and an output device. The processor, the memory, the input device, and the output device may be connected by a bus, or may be connected by other means, and are not limited specifically herein.
The memory, which is a computer-readable storage medium, may be used to store software programs, computer-executable programs, and various modules, such as: the program or the module corresponding to the security data acquisition method based on the entity key authentication and the session key encryption in the embodiment of the disclosure. The processor executes various functional applications and data processing of the data acquisition system by running software programs or modules stored in the memory.
The input device may be used to receive an input number or signal. Wherein the signal may be a key signal generated in connection with user settings and function control of the device/terminal/server. The output means may comprise a display device such as a display screen.
The foregoing description of the embodiments of the present disclosure has been presented for purposes of illustration and description, but is not intended to be exhaustive or limited to the embodiments disclosed. Many modifications and variations will be apparent to those of ordinary skill in the art without departing from the scope and spirit of the described embodiments. The terms used herein were chosen in order to best explain the principles of the embodiments, the practical application, or technical improvements to the techniques in the marketplace, or to enable others of ordinary skill in the art to understand the embodiments disclosed herein.

Claims (10)

1. A security authentication method based on entity key authentication and session key encryption is characterized by comprising the following steps:
a first user terminal initiates an authentication request to a second user terminal;
the second user end receives and establishes a task according to the authentication request and returns authentication information to the first user end;
the first user end receives the authentication information and carries out bidirectional digital authentication with the second user end based on entity key authentication issued by the third user end;
and after the bidirectional digital authentication is finished, respectively generating session keys for the first user side and the second user side, and performing task association based on the session keys.
2. The method of claim 1, wherein the receiving, by the second ue, the authentication request, creating a task, and returning authentication information to the first ue comprises:
the second user end receives the authentication request and creates a task according to the authentication request, wherein the task is in an unauthenticated state;
and after the task is established, returning second authentication information to the first user terminal: task ID, task validity period, first data SIGNATURE signal, and server certificate S _ CERT.
3. The method of claim 1, wherein the first user receives the authentication information and performs bidirectional digital authentication with the second user based on entity key authentication issued by a third user, the method comprising:
after receiving second authentication information returned by the second user, the first user authenticates a server certificate S _ CERT returned by the second user by adopting a pre-configured first certificate; after the server certificate S _ CERT passes the verification, the server certificate S _ CERT is used for verifying the first data SIGNATURE SIGNATURE; after the first data SIGNATURE SIGNATURE is verified, the first user side sends first authentication information to the second user side, wherein the first authentication information comprises a task ID, a first user identification, a second data SIGNATURE SIGNATURE and a first certificate V _ CERT;
after receiving first authentication information returned by the first user side, the second user side authenticates a first certificate V _ CERT returned by the first user side by adopting a pre-configured second certificate; and after the first certificate V _ CERT passes the verification, the first certificate V _ CERT is used for verifying the second data SIGNATURE SIGNATURE, and the data SIGNATURE verification between the first user side and the first user side is completed.
4. The method of claim 3, further comprising, when the second user authenticates the server certificate V CERT returned from the first user, the step of:
the second user end receives the first user identification;
and verifying whether the first user identification is in a white list of the second user side, if so, passing the identity verification of the first user side.
5. The method of claim 3, further comprising, after the second user end completes verification of the data signature with the first user end, the following steps:
after the second user end completes the verification of the second data SIGNATURE SIGNATURE, if the verification is successful, a public and private key pair (S _ SK, S _ PK) of the second user end is generated, and the S _ PK and the third data SIGNATURE SIGNATURE are returned to the first user end;
the first user side receives the S _ PK and the third data SIGNATURE SIGNATURE, and verifies the third data SIGNATURE SIGNATURE by adopting a server certificate S _ CERT returned by the second user side; after the verification is passed, the first user end saves S _ PK, generates a public and private key pair (V _ SK, V _ PK) of the first user end, and sends the V _ PK and a fourth data SIGNATURE SIGNATURE to the second user end;
and the second user side verifies the fourth data SIGNATURE SIGNATURE by using the server certificate V _ CERT to finish the verification of the public and private key pair with the first user side.
6. The method of claim 5, wherein after the mutual digital authentication is completed, session keys are generated for the first user side and the second user side, respectively, and task association is performed based on the session keys, the method comprising:
after the second user end completes the verification of the fourth data SIGNATURE SIGNATURE, if the verification is successful, carrying out key agreement on V _ PK and S _ SK to generate a first session key, generating a first data verification key and a first data encryption key by using the first session key, associating the first data verification key and the first data encryption key with the task ID, setting the task to be in an available state, and returning a task establishment result to the first user end;
and the first user terminal performs key agreement by using the V _ SK and the S _ PK to generate a second session key, and generates a second data verification key and a second data encryption key by using the second session key, associates the second data verification key and the second data encryption key with the task ID and prepares for data acquisition.
7. The data collection method of the security authentication method based on the entity key authentication and the session key encryption according to any one of claims 1 to 6, comprising the following steps:
the first user terminal performs data acquisition according to the task ID to obtain acquired data;
the first user terminal encrypts and verifies the acquired data by using a second session key to generate encrypted data and a verification value thereof;
and the first user terminal sends the encrypted data and the check value thereof to the second user terminal in an off-line mode or an on-line mode.
8. The data collection method of claim 7, wherein the first user encrypts and verifies the collected data using a second session key, and stores the encrypted data and a verification value, comprising:
the first user terminal encrypts the acquired data by using a second data encryption key in a second session key associated with the task ID to generate encrypted data and stores the encrypted data;
and the first user terminal uses a second data verification key in a second session key associated with the task ID to verify the acquired data, generate the verification value and store the verification value.
9. The data acquisition method of claim 7, further comprising:
the second user end receives the encrypted data and the check value sent by the first user end;
the second user end uses the first data verification key associated with the task ID to verify the verification value of the encrypted data;
and after the verification is passed, the second user end uses the first data encryption key associated with the task ID to decrypt or encrypt the encrypted data.
10. A data acquisition system, comprising:
a processor;
a memory for storing processor-executable instructions;
wherein the processor is configured to implement the data acquisition method of any one of claims 7 to 9 when executing the executable instructions.
CN202211302083.0A 2022-10-24 2022-10-24 Security data acquisition method based on entity key authentication and session key encryption Pending CN115884171A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211302083.0A CN115884171A (en) 2022-10-24 2022-10-24 Security data acquisition method based on entity key authentication and session key encryption

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211302083.0A CN115884171A (en) 2022-10-24 2022-10-24 Security data acquisition method based on entity key authentication and session key encryption

Publications (1)

Publication Number Publication Date
CN115884171A true CN115884171A (en) 2023-03-31

Family

ID=85758816

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211302083.0A Pending CN115884171A (en) 2022-10-24 2022-10-24 Security data acquisition method based on entity key authentication and session key encryption

Country Status (1)

Country Link
CN (1) CN115884171A (en)

Similar Documents

Publication Publication Date Title
CN110086608B (en) User authentication method, device, computer equipment and computer readable storage medium
CN102510333B (en) Authorization method and system
CN110677376B (en) Authentication method, related device and system and computer readable storage medium
CN111435913B (en) Identity authentication method and device for terminal of Internet of things and storage medium
US11228438B2 (en) Security device for providing security function for image, camera device including the same, and system on chip for controlling the camera device
CN110324335B (en) Automobile software upgrading method and system based on electronic mobile certificate
CN108141444B (en) Improved authentication method and authentication device
CN106452782A (en) Method and system for producing a secure communication channel for terminals
CN112543166B (en) Real name login method and device
CN108540457B (en) Safety equipment and biological authentication control method and device thereof
CN111786799B (en) Digital certificate signing and issuing method and system based on Internet of things communication module
CN112910660B (en) Certificate issuing method, adding method and transaction processing method of blockchain system
CN113360878B (en) Signature method, device, server and medium
CN110838919B (en) Communication method, storage method, operation method and device
CN107248997B (en) Authentication method based on intelligent card under multi-server environment
CN116074023A (en) Authentication method and communication device
CN112235276B (en) Master-slave equipment interaction method, device, system, electronic equipment and computer medium
CN108833445B (en) Authentication method and device suitable for Internet of things system
CN114389812B (en) Internet of vehicles lightweight privacy protection batch authentication method based on PUF
KR101868564B1 (en) Apparatus for authenticating user in association with user-identification-registration and local-authentication and method for using the same
CN115884171A (en) Security data acquisition method based on entity key authentication and session key encryption
CN111656729B (en) System and method for computing escrow and private session keys for encoding digital communications between two devices
TW201638826A (en) System for using trust token to make application obtain digital certificate signature from another application on device and method thereof
TWM505130U (en) System to use safety credential to obtain digital certificate signing of different programs on mobile device
CN115396087B (en) Identity authentication method, device, equipment and medium based on temporary identity certificate

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination