CN116193448A - State code generation method based on position demonstration block chain - Google Patents

State code generation method based on position demonstration block chain Download PDF

Info

Publication number
CN116193448A
CN116193448A CN202211011856.XA CN202211011856A CN116193448A CN 116193448 A CN116193448 A CN 116193448A CN 202211011856 A CN202211011856 A CN 202211011856A CN 116193448 A CN116193448 A CN 116193448A
Authority
CN
China
Prior art keywords
proving
verification
location
node
card
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202211011856.XA
Other languages
Chinese (zh)
Other versions
CN116193448B (en
Inventor
张海涛
杨雨鑫
杨莹
刘晋源
宋锐
朱少楠
乐洋
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nanjing University of Posts and Telecommunications
Original Assignee
Nanjing University of Posts and Telecommunications
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nanjing University of Posts and Telecommunications filed Critical Nanjing University of Posts and Telecommunications
Priority to CN202211011856.XA priority Critical patent/CN116193448B/en
Publication of CN116193448A publication Critical patent/CN116193448A/en
Application granted granted Critical
Publication of CN116193448B publication Critical patent/CN116193448B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/63Location-dependent; Proximity-dependent
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1095Replication or mirroring of data, e.g. scheduling or transport for data synchronisation between network nodes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3297Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • H04W12/121Wireless intrusion detection systems [WIDS]; Wireless intrusion prevention systems [WIPS]
    • H04W12/122Counter-measures against attacks; Protection against rogue devices
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/02Services making use of location information
    • H04W4/021Services related to particular areas, e.g. point of interest [POI] services, venue services or geofences
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/02Services making use of location information
    • H04W4/029Location-based management or tracking services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/80Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless
    • H04L2209/805Lightweight hardware, e.g. radio-frequency identification [RFID] or sensor
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/121Timestamp
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/70Reducing energy consumption in communication networks in wireless communication networks

Abstract

The invention discloses a state code generation method based on a position proving block chain, which comprises the following steps: step 1, constructing a block chain network: defining a network structure, wherein a network user comprises a card punch, a position proving person and a client; initializing the network; step 2, generating position evidence: the method comprises the steps that a card reader performs card reading and sends a position proving request, the position proving reader verifies the received position proving request and generates a position proving response, and the card reader verifies the position proving response and generates a position proving; step 3, position verification and uplink: broadcasting the position certificate to a block chain system by a card reader, verifying the position certificate by a verification node and linking the position certificate; and 4, the client verifies the position proving history of the card punch so as to generate a status code. Compared with the prior art, the method has the advantages of wide service range, strong robustness and high credibility.

Description

State code generation method based on position demonstration block chain
Technical Field
The invention relates to the technical field of position information security, in particular to a state code generation method based on a position proving block chain.
Background
Card punching has become a daily necessity for personnel in enterprises and institutions. The card punching program collects information such as the position of the user, and the related management department can know the journey, the destination and the like of the user by using the position information of the user to assist in completing control.
The current punching procedure is divided into two categories according to punching modes: active punching and passive punching. The active card punching program requirement means that the user manually uploads the position information of the user. Many schools, institutions and other departments mainly adopt an active card punching mechanism. Active punching cannot generate certification information such as status codes, travel cards and the like, and can only be used for data management of a background system, such as tracking and tracing. The passive card punching does not need the participation of a user, and the position information of the user is automatically extracted and transmitted to a background system through equipment such as a smart phone, video monitoring, an electronic card gate (e.g. a gate of a bus, a subway, a train, an airplane and the like). The background system generates by analyzing the travel record of the user when the user makes a status code generation request.
Two types of card punching modes have the common problem: the location information may be counterfeited. For active punching, the user can perceive the punching process, which can manually input erroneous position information when submitting position data, or generate false positions by installing a positioning simulator or the like. For passive punching, false position information can be generated; for example, a user may use multiple cell phone devices or select a remote roadway from a driving vehicle during a trip to avoid a video surveillance gate, etc.
Third party-based location verification is a popular way to deal with location information counterfeits. The current location proving method mainly adopts an infrastructure-dependent (e.g., wi-Fi, cellular network access point, etc.), which has the advantage of high processing speed but has the disadvantage of limited spatial coverage. For example, there are dead zones in spatial areas such as indoors, underground, etc. At present, with the development of mobile communication technology and wireless positioning technology, mobile terminal devices represented by smart phones are widely popularized. It is feasible to use near field communication technology of smart phones for infrastructure independent location verification.
In addition, the existing card punching system generally adopts a central system architecture, and has the problems of poor transparency, unreliability and the like. With the development of blockchain technology, it is also feasible to build a completely decentralised application system based on blockchain technology. For example, patent application CN113221159a proposes a report system based on blockchain, which uses a micro-service architecture as a system basic architecture to realize uplink and verification of health data and personnel information on the basis of database storage; patent application CN113488191a proposes a data comparison method across service providers, which performs information comparison without revealing the user's privacy. Although the method applies the blockchain technology to carry out the uplink and management of the information, a mechanism for generating and verifying the position certification is not introduced, so that the accuracy of the card punching information cannot be really ensured.
Disclosure of Invention
In order to solve the technical problems, the invention provides a state code generation method based on a position proving block chain, which constructs a block chain network structure, generates position proving through a near field communication mode, verifies the back uplink, and generates a state code of a card punch based on security evaluation by a client for the position proving verification history record of the uplink, thereby ensuring the accuracy of card punching information.
The invention discloses a state code generation method based on a position proving block chain, which comprises the following steps:
step 1, constructing a block chain network: defining a network structure, wherein a network user comprises a card punch, a position proving person and a client; initializing the network;
step 2, generating position evidence: the method comprises the steps that a card reader performs card reading and sends a position proving request, the position proving reader verifies the received position proving request and generates a position proving response, and the card reader verifies the position proving response and generates a position proving;
step 3, position verification and uplink: broadcasting the position certificate to a block chain system by a card reader, verifying the position certificate by a verification node and linking the position certificate;
and 4, the client verifies the position proving history of the card punch so as to generate a status code.
Further, in step 1, the blockchain network includes 4 types of nodes: the system comprises a request node, a witness node, a verification node and an accounting node;
the card punch forms a request node which sends out a position proving request;
the location prover constitutes a witness node that provides a geographic location proof for the requesting node;
the request node and the witness node in the network can be verification nodes, and the verification nodes authorize to evaluate and verify the position evidence of the request node;
the billing node is selected from the witness nodes based on a consensus algorithm.
Further, the initializing step of the blockchain network is as follows:
and generating a public key, a private key and a node certificate for each node, defining a configuration file, generating an creation block, and setting a consensus algorithm based on the stock right proof PoS.
Further, in step 2, the specific steps of generating the location proof are as follows:
step 2-1, the card punching is carried out by a card punching person, and 14 days are taken as a period; the card punch is a honest user providing real position information or a dishonest user providing false position information;
step 2-2, broadcasting a position proving request to users nearby by a card punching person through a near field communication interface;
step 2-3, after receiving the position proving request through the near field communication interface, the position proving person respectively performs signature verification and space distance verification;
step 2-4, according to the integrity, the position proving person is divided into: honest location prover, collusion location prover and malicious location prover; which respectively generate location-proving responses, in particular as follows:
1) Generating a response of the location proof by the honest location prover to the location proof request through signature verification and spatial distance verification; rejecting a response to the position proving request which does not pass the signature verification and the space distance verification, namely rejecting to prove a card reader providing a false position by the honest position proving person through the space distance verification;
2) The collusion location prover still generates a response of the location proof for the location proof request which passes the signature authentication but cannot pass the space distance verification; scenario where this applies: the dishonest position proving person and the card punching person providing false position information are communicated;
3) A malicious damage location prover generating a false location proof response to the location proof request through signature verification and space distance verification; scenario where this applies: the maliciously destroyed location prover prevents the card punch from failing to obtain the location proving service;
step 2-5, after receiving the position proving response through the near field communication interface, the card reader further performs front verification and space distance verification on the response information;
according to the integrity of the punch and the position proving person, the following combined space distance verification exists:
1) The honest punch and honest position proving person, the position information provided by both are real information, if the space distance verification condition is satisfied, the position proving response passes the verification of the punch;
2) The honest punch and the malicious damage position proving person, the honest punch finds false position information provided by the malicious damage position proving person, the verification condition cannot be met, and the position proving response cannot pass the verification of the punch;
3) The dishonest card reader and the collusion position proving device, the false position provided by the dishonest card reader and the false position information provided by the collusion position proving device meet the verification condition, and the position proving response passes the verification of the card reader;
step 2-6, the card reader generates position proving information by using the verified position proving response.
Further, in step 3, in order to implement tamper-proof and auditable public transparent management of the location identification information, a uplink of the location identification record is required, and the specific steps include:
step 3-1, broadcasting the generated position proving information to a block chain system through internet data communication by a card punching person;
step 3-2, selecting a node from the blockchain by using a PoS consensus algorithm as a verification node, and performing signature verification and space distance verification on the position verification information by using the blockchain system;
step 3-3, the verification node is used as an accounting node, and the verified position proving information is packaged to the current block; when the number of the transactions reaches a threshold set by the block, adding the current block into a block chain; meanwhile, the current state of the local storage block chain of the verification node is broadcasted in the block chain network, and other nodes update the local storage of the verification node after receiving the broadcast, so that the consistency of the state of the block chain of the whole network is ensured.
Further, in step 4, the specific steps of the client verifying the location proof history to generate the status code are as follows:
step 4-1, the card reader applies for generating a status code to the client by using the public key, the client queries the blockchain after receiving the application to obtain all the data containing the public key, and performs time sequencing according to the time stamp in the position evidence information to obtain a 14-day position evidence historical record;
step 4-2, in order to find the collusion attack of the dishonest card punch and the position proving person, the client jointly verifies the position proving through the space-time threshold value to prevent the collusion attack;
step 4-3, generating a state code of the card reader based on the security evaluation
Performing security assessment on a position proving history record passing client space-time threshold joint verification:
if there is a position proving record in the position proving history record, the position information of the position proving request contained in the position proving record has a space topology intersection with the region H, a red state code is generated for the card punch; if the card-punching machine has a space topology intersection with the region M, generating a yellow status code for the card-punching machine; otherwise, a green status code is generated for the cardholder.
The beneficial effects of the invention are as follows: the method adopts a position proving mechanism independent of an infrastructure, performs position proving based on a near field communication technology of the smart phone, can realize more universal space service range coverage, and has wide service range; the signature authentication, the space distance authentication and the space-time threshold joint authentication are adopted to carry out multistage auditing on the position proving information, so that malicious damage attack and collusion attack are avoided, and the method is guaranteed to have strong robustness; the block chain technology with distributed storage and encryption authentication tamper-proof properties is adopted to realize the transparent management of position certification and generated state codes, and the method is guaranteed to have high credibility.
Drawings
FIG. 1 is a general flow chart of an embodiment of the present invention;
FIG. 2 is a block chain network architecture diagram;
FIG. 3 is a schematic diagram of a near field communication based spatial distance verification;
FIG. 4 is a schematic diagram of a collusion attack by a location prover and a punch;
FIG. 5 is a schematic diagram of a vandalism attack by a location prover on a punch;
FIG. 6 is a schematic diagram of verifying node-to-location credential information uplink;
FIG. 7 is a schematic diagram of spatiotemporal threshold joint verification.
Detailed Description
In order that the invention may be more readily understood, a more particular description of the invention will be rendered by reference to specific embodiments that are illustrated in the appended drawings.
The invention discloses a state code generation method based on a position proving blockchain, which is shown in a figure 1 and comprises the following steps:
step 1, constructing a block chain network: defining a network structure, wherein a network user comprises a card punch, a position proving person and a client; initializing the network;
step 2, generating position evidence: the method comprises the steps that a card reader performs card reading and sends a position proving request, the position proving reader verifies the received position proving request and generates a position proving response, and the card reader verifies the position proving response and generates a position proving;
step 3, position verification and uplink: broadcasting the position certificate to a block chain system by a card reader, verifying the position certificate by a verification node and linking the position certificate;
and 4, the client verifies the position proving history of the card punch so as to generate a status code.
The method of the invention is specifically as follows:
step 1, blockchain network construction
Step 1-1, defining a network structure
The blockchains are divided into public chains, alliance chains and private chains according to the different joining modes of the members. The federation chain verifies that the transaction is internally decided by the federation. Public chain architecture may be employed for more social users, while federated chain architecture may be employed for corporate departments, school interiors, etc. The invention takes a coalition chain as an example to analyze the implementation process. The blockchain network structure is shown in fig. 2.
The network contains 3 types of users: a punch, a location prover and a client. The network comprises 4 types of nodes: a requesting node, a witness node, a verifying node, and an accounting node. The requesting node (the punch A1, A2, A3 in fig. 2) issues a location proof request, and the witness node (the location proof A, B, C in fig. 2) provides geographic location proof for the requesting node; the validation node is an authorization assessment and validation requesting node location proof and the accounting node is responsible for accounting services of the blockchain node. The verification node and the accounting node are not separately arranged, the request node and the witness node in the network can be the verification node, and the accounting node is selected from the witness nodes based on a consensus algorithm. The client is responsible for auditing the location evidence record to ultimately generate the status code of the cardholder. The data interaction is performed between the punch and the position proving person by adopting a near field communication (for example, bluetooth, wiFi and the like) mode. The data uplink, blockchain update and blockchain query of the client of the punch and the location prover all use the internet for data communication.
Step 1-2, network initialization
The blockchain network structure requires initialization to operate. The initialization step comprises the following steps: a public/private key and a node certificate are generated for each node, a configuration file is defined, an creation block is generated, and a PoS (certificate of stock) based consensus algorithm is set. The public/private key is used to encrypt/decrypt the location identification information, thereby making the location identification information non-tamperable. The nature of a node certificate is a set of binary files containing key pairs, the identity certificate being non-transferable and uniquely identifying a node in the network. The generation block does not store any position proving information, but stores the identity information of all nodes in the network, so that illegal users are prevented from tampering or replacing the identity information of the nodes in the network. In addition, a consensus algorithm for determining the network in the block profile is created for subsequent selection of the authentication node.
Step 2, position evidence generation
Step 2-1, punching card
The area where the punch is located is divided into: region H, region M, and region L. The punch card takes 14 days as one period. The cardholder may be an honest user providing real location information or a dishonest user providing false location information.
Step 2-2, the card reader sends a position proving request
The cardholder broadcasts a location verification request to its nearby users (including the cardholder, location prover) via a near field communication (e.g., bluetooth, wiFi, etc.) interface in a specific format defined as:
Figure SMS_1
wherein, req (R→W) Is a location attestation request sent by a cardholder; [ latitude, longitude ]] R Is the location information provided by the punch, based on the integrity of the punch] R True location information, possibly of the cardholder, i.e
Figure SMS_2
False position information is also possible, i.e. +.>
Figure SMS_3
For example, the cardholder is located in region H, region M, but provides location information for region L; />
Figure SMS_4
The public key and the private key of the card reader respectively; the timestamp is the timestamp of the location attestation request issued by the cardholder; />
Figure SMS_5
Is the private key signature of the cardholder for its location information and timestamp.
Step 2-3, the location prover verifies the location proving request
After receiving the location proving request through the near field communication interface, the location proving person performs the following verification:
1) Signature verification, location prover requests from received location proof
Figure SMS_6
Figure SMS_7
The public key of the card reader is obtained>
Figure SMS_8
And use +.>
Figure SMS_9
For a pair of
Figure SMS_10
Decrypting, if the decryption is successful, verifying through the signature;
2) Spatial distance verification, location prover from Req by signature verification (R→W) Obtain the location information of the punch] R Calculate its location information with location prover [ location, longitude ]] W The specific calculation formula is as follows:
Dist (R→W) =Dist([latitude,longitude] R ,[latitude,longitude] W )
=R*arcos[cos(Y 1 )*cos(Y 2 )*cos(X 1 -X 2 )+sin(Y 1 )*sin(Y 2 )]wherein Dist (R→W) Is the Euclidean distance between the punch and the position proving person; r= 6371.0km is the earth radius; x is X 1 ,Y 1 Is the location information of the punch] R Converting radian; x is X 2 ,Y 2 For location prover location information] W Converting radian;
if the condition is satisfied: dist (Dist) (R→W) And less than Dmax, dmax being the maximum distance of near field communication, passing the spatial distance verification, otherwise failing as shown in FIG. 3.
Step 2-4, the position proving person generates a position proving response
The provers are classified according to the position of the integrity: honest location prover, collusion location prover and malicious location prover;
1) The honest location prover generates a response of the location proof to the location proof request through signature verification and space distance verification, the specific format of which is defined as:
Figure SMS_11
wherein, the liquid crystal display device comprises a liquid crystal display device,
Figure SMS_12
is the public key of the location prover; req (r) (R→W) Is a location attestation request; [ latitude, longitude ]] w Is the true location information of the location prover, i.e
Figure SMS_13
timestamp of when the timestamp location prover responded to the request; />
Figure SMS_14
Is a private key signature of the location prover to its location and timestamp;
rejecting a response to the position proving request which does not pass the signature verification and the space distance verification, namely rejecting to prove a card reader providing a false position by the honest position proving person through the space distance verification;
2) Collude location prover, request Req for location proof that passes signature authentication but cannot pass spatial distance verification (R→W) Still generating a response of the location proof, the specific format of which is also defined as:
Figure SMS_15
wherein [ latitude, longitude] w Is false location information provided by the location prover, i.e
Figure SMS_16
Scenario where this applies: dishonest location provers collude with the punch who provides false location information. For example, the cardholder and the location prover are both located in a region H or region M, and the cardholder provides a false location information in region L in its location request
Figure SMS_17
The location prover finds out through the verification of the spatial distance that the card-punching person provided false location information, but still verifies it, i.e. includes in its location response a false location information +.>
Figure SMS_18
And satisfies the space distance verification, namely
Figure SMS_19
As shown in fig. 4;
3) Maliciously corrupted location prover requesting Req for location proof by signature verification and spatial distance verification (R→W) A response to the location proof is generated, the specific format of which is also defined as:
Figure SMS_20
wherein, the liquid crystal display device comprises a liquid crystal display device,
Figure SMS_21
false location information that is a location prover;
scenario where this applies: the vandalism location prover prevents the card punch from failing to obtain the location proving service. For example, depending on the actual location information of the punch and the location prover, both are within the range of near field communication. However, false location information provided by a location prover
Figure SMS_22
With the location of the punch] R The spatial distance between them does not satisfy the spatial distance verification, i.e. +.>
Figure SMS_23
Figure SMS_24
As shown in fig. 5.
Step 2-5, the cardholder verifies the location proof response
After receiving the position proving response through the near field communication interface, the card reader further performs signature verification and space distance verification on the response information;
1) Signature verification, cardholder proving response from location
Figure SMS_25
Figure SMS_26
Public key of the location prover is obtained +.>
Figure SMS_27
And use +.>
Figure SMS_28
For->
Figure SMS_29
Decrypting, if the decryption is successful, verifying through the signature;
2) Spatial distance verification, the cardholder verifies from passing the signature
Figure SMS_30
Figure SMS_31
In (3) obtaining location information provided by a location prover] W And calculates the position information of the punch and the player] R A European spatial distance between;
according to the integrity of the punch and the position proving person, the following combined space distance verification exists:
1) The honest punch and honest position proving punch both provide true position information, namely
Figure SMS_32
Figure SMS_33
If the space distance verification is satisfied, i.e
Figure SMS_34
The location verification response passes the verification of the cardholder;
2) Honest punch and malicious damage position evidence, honest punch find false position information provided by malicious damage position evidence
Figure SMS_35
The condition cannot be satisfied: />
Figure SMS_36
Figure SMS_37
The location proof response cannot pass the verification of the cardholder;
3) Dishonest punch and collusion position proving person, false position provided by dishonest punch
Figure SMS_38
The collusion location prover provides false location information
Figure SMS_39
The conditions are satisfied:
Figure SMS_40
the location proof response is verified by the cardholder.
Step 2-6, generating position evidence by the card punch
The cardholder responds Res with verified location proof W→R Generating location proof information, the specific format of which is also defined as:
Figure SMS_41
/>
wherein, the liquid crystal display device comprises a liquid crystal display device,
Figure SMS_42
is the public key of the card reader; res (Res) W→R Is a location proof response; timestamp is a timestamp that generates a location proof; />
Figure SMS_43
Is the private key signature of the cardholder for the location proof response and the timestamp.
Step 3, position verification and uplink
In order to realize tamper-proof and auditable public transparent management of the position certification information, a 'uplink' of position certification records is needed. The method comprises the following specific steps:
step 3-1, the card reader broadcasts the position certificate to the block chain system
The location certification information LP to be generated by the cardholder W→R Broadcasting to a blockchain system through internet data communication;
step 3-2, the verification node verifies the position certification
The blockchain system uses a PoS (proof of stock) consensus algorithm to select a node from the blockchain as the validation node. Specifically, a candidate node set of verification nodes is selected according to the ownership (such as the number of tokens) of all nodes in a blockchain, and then the system selects one of the candidate node sets as the verification node through a random operation election method; further, verifying node pair location attestation information LP W→R Signature verification and spatial distance verification are performed. The specific verification process comprises the following steps:
1) Signature verification from
Figure SMS_44
The public key of the card reader is obtained>
Figure SMS_45
Use->
Figure SMS_46
For->
Figure SMS_47
And (5) decrypting, and if the decryption is successful, verifying through the signature.
2) Signature verification from
Figure SMS_48
Figure SMS_49
Public key of the location prover is obtained +.>
Figure SMS_50
Use->
Figure SMS_51
For->
Figure SMS_52
Figure SMS_53
And (5) decrypting, and if the decryption is successful, verifying through the signature.
3) Signature verification from
Figure SMS_54
Figure SMS_55
The public key of the card reader is obtained>
Figure SMS_56
Use->
Figure SMS_57
For a pair of
Figure SMS_58
And (5) decrypting, and if the decryption is successful, verifying through the signature.
4) Spatial distance verification of slave Res W→R Obtained in the following section] w And from Req (R→W) Obtained in the following section] R And (3) performing space distance verification, and if the conditions are satisfied: dist (late, longitude)] R ,[latitude,longitude] W ) Dmax is less than or equal to, and the verification of the space distance is passed;
step 3-3, verifying that the node uplinks the position certificate
Authentication node as accounting node, LP W→R Packing to the current block. When the number of transactions reaches the block set threshold, the current block is added to the blockchain as shown in FIG. 6. Meanwhile, the current state of the local storage block chain of the verification node is broadcasted in the block chain network, and other nodes update the local storage of the verification node after receiving the broadcast, so that the consistency of the state of the block chain of the whole network is ensured.
Step 4, client verification location proving history generation status code
Step 4-1, acquiring a position evidence history record of the near 14 days of the card punch from the blockchain
The card reader uses its public key
Figure SMS_59
Applying for generating a status code to the client, and inquiring the blockchain after the client receives the application to obtain all public keys +.>
Figure SMS_60
LP of (2) W→R And according to LP W→R Middle->
Figure SMS_61
Figure SMS_62
The included timestamp is time ordered to obtain a 14-day position demonstration history record, and the specific format is also defined as:
Figure SMS_63
step 4-2, the client verifies the position evidence to prevent the collusion attack
In order to find the collusion attack of dishonest punch and position proving person, further design the time-space threshold value to jointly verify;
and (3) space-time threshold joint verification: for Chain_LP W→R Position evidence record of the i th day of the process
Figure SMS_64
1.ltoreq.i.ltoreq.14, containing a position-justifying response
Figure SMS_65
Is (1) the space-time information of
<[latitude,longitude] w ><timestamp>. If there is another punch in the blockchain (whose public key is
Figure SMS_66
) Position evidence record on day i->
Figure SMS_67
It contains a position-proof response +.>
Figure SMS_68
Is (1) the space-time information of<[latitude,longitude] w ><timestamp >And satisfies the following conditions:
(|timestamp -timestamp|≤minInterval)
∧(Dist([latitude,longitude] R ,[latitude,longitude] W )
>maxDistant)
there is a collusion attack suspicion in which |timestamp -time-stamp +.ltoreq.mininterval means that the time interval for two position proofs is below the specified threshold minInterval, dist ([ latency, length)] w ,[latitude,longitude] W )>maxdist means that the spatial distance of the two location certificates exceeds a specified threshold maxdist;
the application scenario for this case is: the location prover generates a location-proving response at a certain time on day i (e.g., 8:00 a.m.) in a certain area (e.g., beijing city), and also generates a location-proving response at another, spatially distant area (e.g., nanjing city) within a shorter time interval of the same day (e.g., 8:30 a.m.). That is, the position prover respectively verifies two card readers with large space area spans in a shorter time interval, as shown in fig. 7;
thus, for Chain_LP W→R The suspected punch-card with the collusion attack exists, and the state code generation application of the suspected punch-card cannot pass the space-time threshold joint verification of the client;
step 4-3, generating a state code of the card reader based on the security evaluation
Location attestation history for joint verification by client spatiotemporal threshold
Figure SMS_69
Figure SMS_70
And (3) carrying out safety assessment:
if chain_LP W→R There is a position assurance record
Figure SMS_71
1.ltoreq.i.ltoreq.14, containing a location attestation request +.>
Figure SMS_72
Position information of (a)<[latitude,longitude] R >The method includes the steps that when the card reader has a space topology intersection with a region H, a red status code is generated for the card reader; if the card-punching machine has a space topology intersection with the region M, generating a yellow status code for the card-punching machine; otherwise, a green status code is generated for the cardholder.
The foregoing is merely a preferred embodiment of the present invention, and is not intended to limit the present invention, and all equivalent variations using the description and drawings of the present invention are within the scope of the present invention.

Claims (6)

1. A state code generation method based on a position proving block chain is characterized by comprising the following steps:
step 1, constructing a block chain network: defining a network structure, wherein a network user comprises a card punch, a position proving person and a client; initializing the network;
step 2, generating position evidence: the method comprises the steps that a card reader performs card reading and sends a position proving request, the position proving reader verifies the received position proving request and generates a position proving response, and the card reader verifies the position proving response and generates a position proving;
step 3, position verification and uplink: broadcasting the position certificate to a block chain system by a card reader, verifying the position certificate by a verification node and linking the position certificate;
and 4, the client verifies the position proving history of the card punch so as to generate a status code.
2. The method of claim 1, wherein in step 1, the blockchain network includes 4 types of nodes: the system comprises a request node, a witness node, a verification node and an accounting node;
the card punch forms a request node which sends out a position proving request;
the location prover constitutes a witness node that provides a geographic location proof for the requesting node;
the request node and the witness node in the network can be verification nodes, and the verification nodes authorize to evaluate and verify the position evidence of the request node;
the billing node is selected from the witness nodes based on a consensus algorithm.
3. The method for generating a state code based on a location-proving blockchain as in claim 2, wherein the initializing step of the blockchain network is:
and generating a public key, a private key and a node certificate for each node, defining a configuration file, generating an creation block, and setting a consensus algorithm based on the stock right proof PoS.
4. A method for generating a state code based on a position certification blockchain as in claim 3, wherein in step 2, the specific steps of generating the position certification are:
step 2-1, the card punching is carried out by a card punching person, and 14 days are taken as a period; the card punch is a honest user providing real position information or a dishonest user providing false position information;
step 2-2, broadcasting a position proving request to users nearby by a card punching person through a near field communication interface;
step 2-3, after receiving the position proving request through the near field communication interface, the position proving person respectively performs signature verification and space distance verification;
step 2-4, according to the integrity, the position proving person is divided into: honest location prover, collusion location prover and malicious location prover; which respectively generate location-proving responses, in particular as follows:
1) Generating a response of the location proof by the honest location prover to the location proof request through signature verification and spatial distance verification; rejecting a response to the position proving request which does not pass the signature verification and the space distance verification, namely rejecting to prove a card reader providing a false position by the honest position proving person through the space distance verification;
2) The collusion location prover still generates a response of the location proof for the location proof request which passes the signature authentication but cannot pass the space distance verification; scenario where this applies: the dishonest position proving person and the card punching person providing false position information are communicated;
3) A malicious damage location prover generating a false location proof response to the location proof request through signature verification and space distance verification; scenario where this applies: the maliciously destroyed location prover prevents the card punch from failing to obtain the location proving service;
step 2-5, after receiving the position proving response through the near field communication interface, the card reader further performs front verification and space distance verification on the response information;
according to the integrity of the punch and the position proving person, the following combined space distance verification exists:
1) The honest punch and honest position proving person, the position information provided by both are real information, if the space distance verification condition is satisfied, the position proving response passes the verification of the punch;
2) The honest punch and the malicious damage position proving person, the honest punch finds false position information provided by the malicious damage position proving person, the verification condition cannot be met, and the position proving response cannot pass the verification of the punch;
3) The dishonest card reader and the collusion position proving device, the false position provided by the dishonest card reader and the false position information provided by the collusion position proving device meet the verification condition, and the position proving response passes the verification of the card reader;
step 2-6, the card reader generates position proving information by using the verified position proving response.
5. The method for generating a status code based on a location-based proving blockchain according to claim 3, wherein in step 3, in order to implement tamper-proof and auditable public transparent management of location-based proving information, a location-based proving record is required to be uplink, and the specific steps include:
step 3-1, broadcasting the generated position proving information to a block chain system through internet data communication by a card punching person;
step 3-2, selecting a node from the blockchain by using a PoS consensus algorithm as a verification node, and performing signature verification and space distance verification on the position verification information by using the blockchain system;
step 3-3, the verification node is used as an accounting node, and the verified position proving information is packaged to the current block; when the number of the transactions reaches a threshold set by the block, adding the current block into a block chain; meanwhile, the current state of the local storage block chain of the verification node is broadcasted in the block chain network, and other nodes update the local storage of the verification node after receiving the broadcast, so that the consistency of the state of the block chain of the whole network is ensured.
6. The method for generating status codes based on location-proving blockchain as in claim 1, wherein in step 4, the specific step of generating status codes by the client verification location-proving history is as follows:
step 4-1, the card reader applies for generating a status code to the client by using the public key, the client queries the blockchain after receiving the application to obtain all the data containing the public key, and performs time sequencing according to the time stamp in the position evidence information to obtain a 14-day position evidence historical record;
step 4-2, in order to find the collusion attack of the dishonest card punch and the position proving person, the client jointly verifies the position proving through the space-time threshold value to prevent the collusion attack;
step 4-3, generating a state code of the card reader based on the security evaluation
Performing security assessment on a position proving history record passing client space-time threshold joint verification:
if there is a position proving record in the position proving history record, the position information of the position proving request contained in the position proving record has a space topology intersection with the region H, a red state code is generated for the card punch; if the card-punching machine has a space topology intersection with the region M, generating a yellow status code for the card-punching machine; otherwise, a green status code is generated for the cardholder.
CN202211011856.XA 2022-08-23 2022-08-23 State code generation method based on position demonstration block chain Active CN116193448B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211011856.XA CN116193448B (en) 2022-08-23 2022-08-23 State code generation method based on position demonstration block chain

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211011856.XA CN116193448B (en) 2022-08-23 2022-08-23 State code generation method based on position demonstration block chain

Publications (2)

Publication Number Publication Date
CN116193448A true CN116193448A (en) 2023-05-30
CN116193448B CN116193448B (en) 2023-12-22

Family

ID=86451131

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211011856.XA Active CN116193448B (en) 2022-08-23 2022-08-23 State code generation method based on position demonstration block chain

Country Status (1)

Country Link
CN (1) CN116193448B (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111541657A (en) * 2020-04-13 2020-08-14 成都链向科技有限公司 Block chain-based safety position verification method
CN111757310A (en) * 2020-06-23 2020-10-09 中国联合网络通信集团有限公司 Health code generation method, server and base station
CN113141417A (en) * 2021-05-17 2021-07-20 中国银行股份有限公司 Health code scanning method, device and system based on block chain and 5G
CN113515782A (en) * 2021-06-18 2021-10-19 北京工业大学 Personal track proving method based on block chain and zero-knowledge proving
CN113593704A (en) * 2021-07-30 2021-11-02 福建熵链延华科技有限公司 Non-contact epidemic prevention method and system based on block chain
CN113821816A (en) * 2021-11-18 2021-12-21 杭州格物智安科技有限公司 Block chain consensus method, system and device based on position

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111541657A (en) * 2020-04-13 2020-08-14 成都链向科技有限公司 Block chain-based safety position verification method
CN111757310A (en) * 2020-06-23 2020-10-09 中国联合网络通信集团有限公司 Health code generation method, server and base station
CN113141417A (en) * 2021-05-17 2021-07-20 中国银行股份有限公司 Health code scanning method, device and system based on block chain and 5G
CN113515782A (en) * 2021-06-18 2021-10-19 北京工业大学 Personal track proving method based on block chain and zero-knowledge proving
CN113593704A (en) * 2021-07-30 2021-11-02 福建熵链延华科技有限公司 Non-contact epidemic prevention method and system based on block chain
CN113821816A (en) * 2021-11-18 2021-12-21 杭州格物智安科技有限公司 Block chain consensus method, system and device based on position

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
余荣威等: "基于区块链的零知识位置证明方法研究", 电子与信息学报, vol. 42, no. 9, pages 1 - 8 *

Also Published As

Publication number Publication date
CN116193448B (en) 2023-12-22

Similar Documents

Publication Publication Date Title
Zhu et al. ASAP: An anonymous smart-parking and payment scheme in vehicular networks
Li et al. A lightweight privacy-preserving authentication protocol for VANETs
Gope et al. Lightweight and privacy-preserving RFID authentication scheme for distributed IoT infrastructure with secure localization services for smart city environment
CN111464980B (en) Electronic evidence obtaining device and method based on block chain in Internet of vehicles environment
CN102196431B (en) Internet of things application scene-based protection method of privacy query and private identity verification
Nosouhi et al. Blockchain for secure location verification
Feng et al. An efficient privacy-preserving authentication model based on blockchain for VANETs
CN115398417A (en) Secure method and system for environmental credit scoring
Gambs et al. PROPS: A privacy-preserving location proof system
Bouchelaghem et al. Reliable and secure distributed smart road pricing system for smart cities
Restuccia et al. FIRST: A framework for optimizing information quality in mobile crowdsensing systems
CN104010302A (en) Vehicle-mounted self-organizing network traffic data trust evaluation method
Li et al. User-defined privacy-preserving traffic monitoring against n-by-1 jamming attack
CN109714169B (en) Data credible circulation platform based on strict authorization and circulation method thereof
WO2020137971A1 (en) Location information providing system and location information providing method
CN106897901A (en) Based on the shared bicycle Secure Billing method that home is proved
CN106886920A (en) Based on the shared bicycle Secure Billing method that home is proved
Lv et al. Misbehavior detection in vehicular ad hoc networks based on privacy-preserving federated learning and blockchain
CN109146452A (en) A kind of Internet of Things cost management method and system based on block chain
CN116193448B (en) State code generation method based on position demonstration block chain
Sun et al. Toward differential privacy for traffic measurement in vehicular cyber-physical systems
CN111931230A (en) Data authorization method and device, storage medium and electronic device
Mengjun et al. Privacy-preserving distributed location proof generating system
Zuo et al. Cost-effective privacy-preserving vehicular urban sensing system
McEntyre et al. Zero-knowledge proof for enabling privacy preserving electronic toll collection with vehicle-to-everything communications

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant