CN116193448A - State code generation method based on position demonstration block chain - Google Patents
State code generation method based on position demonstration block chain Download PDFInfo
- Publication number
- CN116193448A CN116193448A CN202211011856.XA CN202211011856A CN116193448A CN 116193448 A CN116193448 A CN 116193448A CN 202211011856 A CN202211011856 A CN 202211011856A CN 116193448 A CN116193448 A CN 116193448A
- Authority
- CN
- China
- Prior art keywords
- proving
- verification
- location
- node
- card
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 33
- 238000012795 verification Methods 0.000 claims abstract description 122
- 230000004044 response Effects 0.000 claims abstract description 48
- 238000004080 punching Methods 0.000 claims description 33
- 238000004891 communication Methods 0.000 claims description 20
- 238000011156 evaluation Methods 0.000 claims description 4
- 238000012163 sequencing technique Methods 0.000 claims description 2
- 230000008901 benefit Effects 0.000 abstract description 2
- 238000005516 engineering process Methods 0.000 description 8
- 238000010586 diagram Methods 0.000 description 6
- 239000004973 liquid crystal related substance Substances 0.000 description 6
- 238000007726 management method Methods 0.000 description 5
- 230000008569 process Effects 0.000 description 4
- 230000007246 mechanism Effects 0.000 description 3
- 238000010200 validation analysis Methods 0.000 description 3
- 238000011161 development Methods 0.000 description 2
- 241001061225 Arcos Species 0.000 description 1
- 238000013475 authorization Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 230000001413 cellular effect Effects 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 238000013523 data management Methods 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000036541 health Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 238000012856 packing Methods 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/60—Context-dependent security
- H04W12/63—Location-dependent; Proximity-dependent
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1095—Replication or mirroring of data, e.g. scheduling or transport for data synchronisation between network nodes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3297—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/12—Detection or prevention of fraud
- H04W12/121—Wireless intrusion detection systems [WIDS]; Wireless intrusion prevention systems [WIPS]
- H04W12/122—Counter-measures against attacks; Protection against rogue devices
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/02—Services making use of location information
- H04W4/021—Services related to particular areas, e.g. point of interest [POI] services, venue services or geofences
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/02—Services making use of location information
- H04W4/029—Location-based management or tracking services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/80—Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/80—Wireless
- H04L2209/805—Lightweight hardware, e.g. radio-frequency identification [RFID] or sensor
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2463/00—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
- H04L2463/121—Timestamp
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/70—Reducing energy consumption in communication networks in wireless communication networks
Abstract
The invention discloses a state code generation method based on a position proving block chain, which comprises the following steps: step 1, constructing a block chain network: defining a network structure, wherein a network user comprises a card punch, a position proving person and a client; initializing the network; step 2, generating position evidence: the method comprises the steps that a card reader performs card reading and sends a position proving request, the position proving reader verifies the received position proving request and generates a position proving response, and the card reader verifies the position proving response and generates a position proving; step 3, position verification and uplink: broadcasting the position certificate to a block chain system by a card reader, verifying the position certificate by a verification node and linking the position certificate; and 4, the client verifies the position proving history of the card punch so as to generate a status code. Compared with the prior art, the method has the advantages of wide service range, strong robustness and high credibility.
Description
Technical Field
The invention relates to the technical field of position information security, in particular to a state code generation method based on a position proving block chain.
Background
Card punching has become a daily necessity for personnel in enterprises and institutions. The card punching program collects information such as the position of the user, and the related management department can know the journey, the destination and the like of the user by using the position information of the user to assist in completing control.
The current punching procedure is divided into two categories according to punching modes: active punching and passive punching. The active card punching program requirement means that the user manually uploads the position information of the user. Many schools, institutions and other departments mainly adopt an active card punching mechanism. Active punching cannot generate certification information such as status codes, travel cards and the like, and can only be used for data management of a background system, such as tracking and tracing. The passive card punching does not need the participation of a user, and the position information of the user is automatically extracted and transmitted to a background system through equipment such as a smart phone, video monitoring, an electronic card gate (e.g. a gate of a bus, a subway, a train, an airplane and the like). The background system generates by analyzing the travel record of the user when the user makes a status code generation request.
Two types of card punching modes have the common problem: the location information may be counterfeited. For active punching, the user can perceive the punching process, which can manually input erroneous position information when submitting position data, or generate false positions by installing a positioning simulator or the like. For passive punching, false position information can be generated; for example, a user may use multiple cell phone devices or select a remote roadway from a driving vehicle during a trip to avoid a video surveillance gate, etc.
Third party-based location verification is a popular way to deal with location information counterfeits. The current location proving method mainly adopts an infrastructure-dependent (e.g., wi-Fi, cellular network access point, etc.), which has the advantage of high processing speed but has the disadvantage of limited spatial coverage. For example, there are dead zones in spatial areas such as indoors, underground, etc. At present, with the development of mobile communication technology and wireless positioning technology, mobile terminal devices represented by smart phones are widely popularized. It is feasible to use near field communication technology of smart phones for infrastructure independent location verification.
In addition, the existing card punching system generally adopts a central system architecture, and has the problems of poor transparency, unreliability and the like. With the development of blockchain technology, it is also feasible to build a completely decentralised application system based on blockchain technology. For example, patent application CN113221159a proposes a report system based on blockchain, which uses a micro-service architecture as a system basic architecture to realize uplink and verification of health data and personnel information on the basis of database storage; patent application CN113488191a proposes a data comparison method across service providers, which performs information comparison without revealing the user's privacy. Although the method applies the blockchain technology to carry out the uplink and management of the information, a mechanism for generating and verifying the position certification is not introduced, so that the accuracy of the card punching information cannot be really ensured.
Disclosure of Invention
In order to solve the technical problems, the invention provides a state code generation method based on a position proving block chain, which constructs a block chain network structure, generates position proving through a near field communication mode, verifies the back uplink, and generates a state code of a card punch based on security evaluation by a client for the position proving verification history record of the uplink, thereby ensuring the accuracy of card punching information.
The invention discloses a state code generation method based on a position proving block chain, which comprises the following steps:
step 2, generating position evidence: the method comprises the steps that a card reader performs card reading and sends a position proving request, the position proving reader verifies the received position proving request and generates a position proving response, and the card reader verifies the position proving response and generates a position proving;
step 3, position verification and uplink: broadcasting the position certificate to a block chain system by a card reader, verifying the position certificate by a verification node and linking the position certificate;
and 4, the client verifies the position proving history of the card punch so as to generate a status code.
Further, in step 1, the blockchain network includes 4 types of nodes: the system comprises a request node, a witness node, a verification node and an accounting node;
the card punch forms a request node which sends out a position proving request;
the location prover constitutes a witness node that provides a geographic location proof for the requesting node;
the request node and the witness node in the network can be verification nodes, and the verification nodes authorize to evaluate and verify the position evidence of the request node;
the billing node is selected from the witness nodes based on a consensus algorithm.
Further, the initializing step of the blockchain network is as follows:
and generating a public key, a private key and a node certificate for each node, defining a configuration file, generating an creation block, and setting a consensus algorithm based on the stock right proof PoS.
Further, in step 2, the specific steps of generating the location proof are as follows:
step 2-1, the card punching is carried out by a card punching person, and 14 days are taken as a period; the card punch is a honest user providing real position information or a dishonest user providing false position information;
step 2-2, broadcasting a position proving request to users nearby by a card punching person through a near field communication interface;
step 2-3, after receiving the position proving request through the near field communication interface, the position proving person respectively performs signature verification and space distance verification;
step 2-4, according to the integrity, the position proving person is divided into: honest location prover, collusion location prover and malicious location prover; which respectively generate location-proving responses, in particular as follows:
1) Generating a response of the location proof by the honest location prover to the location proof request through signature verification and spatial distance verification; rejecting a response to the position proving request which does not pass the signature verification and the space distance verification, namely rejecting to prove a card reader providing a false position by the honest position proving person through the space distance verification;
2) The collusion location prover still generates a response of the location proof for the location proof request which passes the signature authentication but cannot pass the space distance verification; scenario where this applies: the dishonest position proving person and the card punching person providing false position information are communicated;
3) A malicious damage location prover generating a false location proof response to the location proof request through signature verification and space distance verification; scenario where this applies: the maliciously destroyed location prover prevents the card punch from failing to obtain the location proving service;
step 2-5, after receiving the position proving response through the near field communication interface, the card reader further performs front verification and space distance verification on the response information;
according to the integrity of the punch and the position proving person, the following combined space distance verification exists:
1) The honest punch and honest position proving person, the position information provided by both are real information, if the space distance verification condition is satisfied, the position proving response passes the verification of the punch;
2) The honest punch and the malicious damage position proving person, the honest punch finds false position information provided by the malicious damage position proving person, the verification condition cannot be met, and the position proving response cannot pass the verification of the punch;
3) The dishonest card reader and the collusion position proving device, the false position provided by the dishonest card reader and the false position information provided by the collusion position proving device meet the verification condition, and the position proving response passes the verification of the card reader;
step 2-6, the card reader generates position proving information by using the verified position proving response.
Further, in step 3, in order to implement tamper-proof and auditable public transparent management of the location identification information, a uplink of the location identification record is required, and the specific steps include:
step 3-1, broadcasting the generated position proving information to a block chain system through internet data communication by a card punching person;
step 3-2, selecting a node from the blockchain by using a PoS consensus algorithm as a verification node, and performing signature verification and space distance verification on the position verification information by using the blockchain system;
step 3-3, the verification node is used as an accounting node, and the verified position proving information is packaged to the current block; when the number of the transactions reaches a threshold set by the block, adding the current block into a block chain; meanwhile, the current state of the local storage block chain of the verification node is broadcasted in the block chain network, and other nodes update the local storage of the verification node after receiving the broadcast, so that the consistency of the state of the block chain of the whole network is ensured.
Further, in step 4, the specific steps of the client verifying the location proof history to generate the status code are as follows:
step 4-1, the card reader applies for generating a status code to the client by using the public key, the client queries the blockchain after receiving the application to obtain all the data containing the public key, and performs time sequencing according to the time stamp in the position evidence information to obtain a 14-day position evidence historical record;
step 4-2, in order to find the collusion attack of the dishonest card punch and the position proving person, the client jointly verifies the position proving through the space-time threshold value to prevent the collusion attack;
step 4-3, generating a state code of the card reader based on the security evaluation
Performing security assessment on a position proving history record passing client space-time threshold joint verification:
if there is a position proving record in the position proving history record, the position information of the position proving request contained in the position proving record has a space topology intersection with the region H, a red state code is generated for the card punch; if the card-punching machine has a space topology intersection with the region M, generating a yellow status code for the card-punching machine; otherwise, a green status code is generated for the cardholder.
The beneficial effects of the invention are as follows: the method adopts a position proving mechanism independent of an infrastructure, performs position proving based on a near field communication technology of the smart phone, can realize more universal space service range coverage, and has wide service range; the signature authentication, the space distance authentication and the space-time threshold joint authentication are adopted to carry out multistage auditing on the position proving information, so that malicious damage attack and collusion attack are avoided, and the method is guaranteed to have strong robustness; the block chain technology with distributed storage and encryption authentication tamper-proof properties is adopted to realize the transparent management of position certification and generated state codes, and the method is guaranteed to have high credibility.
Drawings
FIG. 1 is a general flow chart of an embodiment of the present invention;
FIG. 2 is a block chain network architecture diagram;
FIG. 3 is a schematic diagram of a near field communication based spatial distance verification;
FIG. 4 is a schematic diagram of a collusion attack by a location prover and a punch;
FIG. 5 is a schematic diagram of a vandalism attack by a location prover on a punch;
FIG. 6 is a schematic diagram of verifying node-to-location credential information uplink;
FIG. 7 is a schematic diagram of spatiotemporal threshold joint verification.
Detailed Description
In order that the invention may be more readily understood, a more particular description of the invention will be rendered by reference to specific embodiments that are illustrated in the appended drawings.
The invention discloses a state code generation method based on a position proving blockchain, which is shown in a figure 1 and comprises the following steps:
step 2, generating position evidence: the method comprises the steps that a card reader performs card reading and sends a position proving request, the position proving reader verifies the received position proving request and generates a position proving response, and the card reader verifies the position proving response and generates a position proving;
step 3, position verification and uplink: broadcasting the position certificate to a block chain system by a card reader, verifying the position certificate by a verification node and linking the position certificate;
and 4, the client verifies the position proving history of the card punch so as to generate a status code.
The method of the invention is specifically as follows:
Step 1-1, defining a network structure
The blockchains are divided into public chains, alliance chains and private chains according to the different joining modes of the members. The federation chain verifies that the transaction is internally decided by the federation. Public chain architecture may be employed for more social users, while federated chain architecture may be employed for corporate departments, school interiors, etc. The invention takes a coalition chain as an example to analyze the implementation process. The blockchain network structure is shown in fig. 2.
The network contains 3 types of users: a punch, a location prover and a client. The network comprises 4 types of nodes: a requesting node, a witness node, a verifying node, and an accounting node. The requesting node (the punch A1, A2, A3 in fig. 2) issues a location proof request, and the witness node (the location proof A, B, C in fig. 2) provides geographic location proof for the requesting node; the validation node is an authorization assessment and validation requesting node location proof and the accounting node is responsible for accounting services of the blockchain node. The verification node and the accounting node are not separately arranged, the request node and the witness node in the network can be the verification node, and the accounting node is selected from the witness nodes based on a consensus algorithm. The client is responsible for auditing the location evidence record to ultimately generate the status code of the cardholder. The data interaction is performed between the punch and the position proving person by adopting a near field communication (for example, bluetooth, wiFi and the like) mode. The data uplink, blockchain update and blockchain query of the client of the punch and the location prover all use the internet for data communication.
Step 1-2, network initialization
The blockchain network structure requires initialization to operate. The initialization step comprises the following steps: a public/private key and a node certificate are generated for each node, a configuration file is defined, an creation block is generated, and a PoS (certificate of stock) based consensus algorithm is set. The public/private key is used to encrypt/decrypt the location identification information, thereby making the location identification information non-tamperable. The nature of a node certificate is a set of binary files containing key pairs, the identity certificate being non-transferable and uniquely identifying a node in the network. The generation block does not store any position proving information, but stores the identity information of all nodes in the network, so that illegal users are prevented from tampering or replacing the identity information of the nodes in the network. In addition, a consensus algorithm for determining the network in the block profile is created for subsequent selection of the authentication node.
Step 2, position evidence generation
Step 2-1, punching card
The area where the punch is located is divided into: region H, region M, and region L. The punch card takes 14 days as one period. The cardholder may be an honest user providing real location information or a dishonest user providing false location information.
Step 2-2, the card reader sends a position proving request
The cardholder broadcasts a location verification request to its nearby users (including the cardholder, location prover) via a near field communication (e.g., bluetooth, wiFi, etc.) interface in a specific format defined as:
wherein, req (R→W) Is a location attestation request sent by a cardholder; [ latitude, longitude ]] R Is the location information provided by the punch, based on the integrity of the punch] R True location information, possibly of the cardholder, i.eFalse position information is also possible, i.e. +.>For example, the cardholder is located in region H, region M, but provides location information for region L; />The public key and the private key of the card reader respectively; the timestamp is the timestamp of the location attestation request issued by the cardholder; />Is the private key signature of the cardholder for its location information and timestamp.
Step 2-3, the location prover verifies the location proving request
After receiving the location proving request through the near field communication interface, the location proving person performs the following verification:
1) Signature verification, location prover requests from received location proof The public key of the card reader is obtained>And use +.>For a pair ofDecrypting, if the decryption is successful, verifying through the signature;
2) Spatial distance verification, location prover from Req by signature verification (R→W) Obtain the location information of the punch] R Calculate its location information with location prover [ location, longitude ]] W The specific calculation formula is as follows:
Dist (R→W) =Dist([latitude,longitude] R ,[latitude,longitude] W )
=R*arcos[cos(Y 1 )*cos(Y 2 )*cos(X 1 -X 2 )+sin(Y 1 )*sin(Y 2 )]wherein Dist (R→W) Is the Euclidean distance between the punch and the position proving person; r= 6371.0km is the earth radius; x is X 1 ,Y 1 Is the location information of the punch] R Converting radian; x is X 2 ,Y 2 For location prover location information] W Converting radian;
if the condition is satisfied: dist (Dist) (R→W) And less than Dmax, dmax being the maximum distance of near field communication, passing the spatial distance verification, otherwise failing as shown in FIG. 3.
Step 2-4, the position proving person generates a position proving response
The provers are classified according to the position of the integrity: honest location prover, collusion location prover and malicious location prover;
1) The honest location prover generates a response of the location proof to the location proof request through signature verification and space distance verification, the specific format of which is defined as:
wherein, the liquid crystal display device comprises a liquid crystal display device,is the public key of the location prover; req (r) (R→W) Is a location attestation request; [ latitude, longitude ]] w Is the true location information of the location prover, i.etimestamp of when the timestamp location prover responded to the request; />Is a private key signature of the location prover to its location and timestamp;
rejecting a response to the position proving request which does not pass the signature verification and the space distance verification, namely rejecting to prove a card reader providing a false position by the honest position proving person through the space distance verification;
2) Collude location prover, request Req for location proof that passes signature authentication but cannot pass spatial distance verification (R→W) Still generating a response of the location proof, the specific format of which is also defined as:
Scenario where this applies: dishonest location provers collude with the punch who provides false location information. For example, the cardholder and the location prover are both located in a region H or region M, and the cardholder provides a false location information in region L in its location requestThe location prover finds out through the verification of the spatial distance that the card-punching person provided false location information, but still verifies it, i.e. includes in its location response a false location information +.>And satisfies the space distance verification, namelyAs shown in fig. 4;
3) Maliciously corrupted location prover requesting Req for location proof by signature verification and spatial distance verification (R→W) A response to the location proof is generated, the specific format of which is also defined as:
wherein, the liquid crystal display device comprises a liquid crystal display device,false location information that is a location prover;
scenario where this applies: the vandalism location prover prevents the card punch from failing to obtain the location proving service. For example, depending on the actual location information of the punch and the location prover, both are within the range of near field communication. However, false location information provided by a location proverWith the location of the punch] R The spatial distance between them does not satisfy the spatial distance verification, i.e. +.> As shown in fig. 5.
Step 2-5, the cardholder verifies the location proof response
After receiving the position proving response through the near field communication interface, the card reader further performs signature verification and space distance verification on the response information;
1) Signature verification, cardholder proving response from location Public key of the location prover is obtained +.>And use +.>For->Decrypting, if the decryption is successful, verifying through the signature;
2) Spatial distance verification, the cardholder verifies from passing the signature In (3) obtaining location information provided by a location prover] W And calculates the position information of the punch and the player] R A European spatial distance between;
according to the integrity of the punch and the position proving person, the following combined space distance verification exists:
1) The honest punch and honest position proving punch both provide true position information, namely If the space distance verification is satisfied, i.e
The location verification response passes the verification of the cardholder;
2) Honest punch and malicious damage position evidence, honest punch find false position information provided by malicious damage position evidenceThe condition cannot be satisfied: /> The location proof response cannot pass the verification of the cardholder;
3) Dishonest punch and collusion position proving person, false position provided by dishonest punchThe collusion location prover provides false location informationThe conditions are satisfied:the location proof response is verified by the cardholder.
Step 2-6, generating position evidence by the card punch
The cardholder responds Res with verified location proof W→R Generating location proof information, the specific format of which is also defined as:
wherein, the liquid crystal display device comprises a liquid crystal display device,is the public key of the card reader; res (Res) W→R Is a location proof response; timestamp is a timestamp that generates a location proof; />Is the private key signature of the cardholder for the location proof response and the timestamp.
Step 3, position verification and uplink
In order to realize tamper-proof and auditable public transparent management of the position certification information, a 'uplink' of position certification records is needed. The method comprises the following specific steps:
step 3-1, the card reader broadcasts the position certificate to the block chain system
The location certification information LP to be generated by the cardholder W→R Broadcasting to a blockchain system through internet data communication;
step 3-2, the verification node verifies the position certification
The blockchain system uses a PoS (proof of stock) consensus algorithm to select a node from the blockchain as the validation node. Specifically, a candidate node set of verification nodes is selected according to the ownership (such as the number of tokens) of all nodes in a blockchain, and then the system selects one of the candidate node sets as the verification node through a random operation election method; further, verifying node pair location attestation information LP W→R Signature verification and spatial distance verification are performed. The specific verification process comprises the following steps:
1) Signature verification fromThe public key of the card reader is obtained>Use->For->And (5) decrypting, and if the decryption is successful, verifying through the signature.
2) Signature verification from Public key of the location prover is obtained +.>Use->For-> And (5) decrypting, and if the decryption is successful, verifying through the signature.
3) Signature verification from The public key of the card reader is obtained>Use->For a pair ofAnd (5) decrypting, and if the decryption is successful, verifying through the signature.
4) Spatial distance verification of slave Res W→R Obtained in the following section] w And from Req (R→W) Obtained in the following section] R And (3) performing space distance verification, and if the conditions are satisfied: dist (late, longitude)] R ,[latitude,longitude] W ) Dmax is less than or equal to, and the verification of the space distance is passed;
step 3-3, verifying that the node uplinks the position certificate
Authentication node as accounting node, LP W→R Packing to the current block. When the number of transactions reaches the block set threshold, the current block is added to the blockchain as shown in FIG. 6. Meanwhile, the current state of the local storage block chain of the verification node is broadcasted in the block chain network, and other nodes update the local storage of the verification node after receiving the broadcast, so that the consistency of the state of the block chain of the whole network is ensured.
Step 4, client verification location proving history generation status code
Step 4-1, acquiring a position evidence history record of the near 14 days of the card punch from the blockchain
The card reader uses its public keyApplying for generating a status code to the client, and inquiring the blockchain after the client receives the application to obtain all public keys +.>LP of (2) W→R And according to LP W→R Middle-> The included timestamp is time ordered to obtain a 14-day position demonstration history record, and the specific format is also defined as:
step 4-2, the client verifies the position evidence to prevent the collusion attack
In order to find the collusion attack of dishonest punch and position proving person, further design the time-space threshold value to jointly verify;
and (3) space-time threshold joint verification: for Chain_LP W→R Position evidence record of the i th day of the process
<[latitude,longitude] w ><timestamp>. If there is another punch in the blockchain (whose public key is) Position evidence record on day i->It contains a position-proof response +.>Is (1) the space-time information of<[latitude,longitude] ′ w ><timestamp ′ >And satisfies the following conditions:
(|timestamp ′ -timestamp|≤minInterval)
∧(Dist([latitude,longitude] R ,[latitude,longitude] W )
>maxDistant)
there is a collusion attack suspicion in which |timestamp ′ -time-stamp +.ltoreq.mininterval means that the time interval for two position proofs is below the specified threshold minInterval, dist ([ latency, length)] ′ w ,[latitude,longitude] W )>maxdist means that the spatial distance of the two location certificates exceeds a specified threshold maxdist;
the application scenario for this case is: the location prover generates a location-proving response at a certain time on day i (e.g., 8:00 a.m.) in a certain area (e.g., beijing city), and also generates a location-proving response at another, spatially distant area (e.g., nanjing city) within a shorter time interval of the same day (e.g., 8:30 a.m.). That is, the position prover respectively verifies two card readers with large space area spans in a shorter time interval, as shown in fig. 7;
thus, for Chain_LP W→R The suspected punch-card with the collusion attack exists, and the state code generation application of the suspected punch-card cannot pass the space-time threshold joint verification of the client;
step 4-3, generating a state code of the card reader based on the security evaluation
Location attestation history for joint verification by client spatiotemporal threshold And (3) carrying out safety assessment:
if chain_LP W→R There is a position assurance record1.ltoreq.i.ltoreq.14, containing a location attestation request +.>Position information of (a)<[latitude,longitude] R >The method includes the steps that when the card reader has a space topology intersection with a region H, a red status code is generated for the card reader; if the card-punching machine has a space topology intersection with the region M, generating a yellow status code for the card-punching machine; otherwise, a green status code is generated for the cardholder.
The foregoing is merely a preferred embodiment of the present invention, and is not intended to limit the present invention, and all equivalent variations using the description and drawings of the present invention are within the scope of the present invention.
Claims (6)
1. A state code generation method based on a position proving block chain is characterized by comprising the following steps:
step 1, constructing a block chain network: defining a network structure, wherein a network user comprises a card punch, a position proving person and a client; initializing the network;
step 2, generating position evidence: the method comprises the steps that a card reader performs card reading and sends a position proving request, the position proving reader verifies the received position proving request and generates a position proving response, and the card reader verifies the position proving response and generates a position proving;
step 3, position verification and uplink: broadcasting the position certificate to a block chain system by a card reader, verifying the position certificate by a verification node and linking the position certificate;
and 4, the client verifies the position proving history of the card punch so as to generate a status code.
2. The method of claim 1, wherein in step 1, the blockchain network includes 4 types of nodes: the system comprises a request node, a witness node, a verification node and an accounting node;
the card punch forms a request node which sends out a position proving request;
the location prover constitutes a witness node that provides a geographic location proof for the requesting node;
the request node and the witness node in the network can be verification nodes, and the verification nodes authorize to evaluate and verify the position evidence of the request node;
the billing node is selected from the witness nodes based on a consensus algorithm.
3. The method for generating a state code based on a location-proving blockchain as in claim 2, wherein the initializing step of the blockchain network is:
and generating a public key, a private key and a node certificate for each node, defining a configuration file, generating an creation block, and setting a consensus algorithm based on the stock right proof PoS.
4. A method for generating a state code based on a position certification blockchain as in claim 3, wherein in step 2, the specific steps of generating the position certification are:
step 2-1, the card punching is carried out by a card punching person, and 14 days are taken as a period; the card punch is a honest user providing real position information or a dishonest user providing false position information;
step 2-2, broadcasting a position proving request to users nearby by a card punching person through a near field communication interface;
step 2-3, after receiving the position proving request through the near field communication interface, the position proving person respectively performs signature verification and space distance verification;
step 2-4, according to the integrity, the position proving person is divided into: honest location prover, collusion location prover and malicious location prover; which respectively generate location-proving responses, in particular as follows:
1) Generating a response of the location proof by the honest location prover to the location proof request through signature verification and spatial distance verification; rejecting a response to the position proving request which does not pass the signature verification and the space distance verification, namely rejecting to prove a card reader providing a false position by the honest position proving person through the space distance verification;
2) The collusion location prover still generates a response of the location proof for the location proof request which passes the signature authentication but cannot pass the space distance verification; scenario where this applies: the dishonest position proving person and the card punching person providing false position information are communicated;
3) A malicious damage location prover generating a false location proof response to the location proof request through signature verification and space distance verification; scenario where this applies: the maliciously destroyed location prover prevents the card punch from failing to obtain the location proving service;
step 2-5, after receiving the position proving response through the near field communication interface, the card reader further performs front verification and space distance verification on the response information;
according to the integrity of the punch and the position proving person, the following combined space distance verification exists:
1) The honest punch and honest position proving person, the position information provided by both are real information, if the space distance verification condition is satisfied, the position proving response passes the verification of the punch;
2) The honest punch and the malicious damage position proving person, the honest punch finds false position information provided by the malicious damage position proving person, the verification condition cannot be met, and the position proving response cannot pass the verification of the punch;
3) The dishonest card reader and the collusion position proving device, the false position provided by the dishonest card reader and the false position information provided by the collusion position proving device meet the verification condition, and the position proving response passes the verification of the card reader;
step 2-6, the card reader generates position proving information by using the verified position proving response.
5. The method for generating a status code based on a location-based proving blockchain according to claim 3, wherein in step 3, in order to implement tamper-proof and auditable public transparent management of location-based proving information, a location-based proving record is required to be uplink, and the specific steps include:
step 3-1, broadcasting the generated position proving information to a block chain system through internet data communication by a card punching person;
step 3-2, selecting a node from the blockchain by using a PoS consensus algorithm as a verification node, and performing signature verification and space distance verification on the position verification information by using the blockchain system;
step 3-3, the verification node is used as an accounting node, and the verified position proving information is packaged to the current block; when the number of the transactions reaches a threshold set by the block, adding the current block into a block chain; meanwhile, the current state of the local storage block chain of the verification node is broadcasted in the block chain network, and other nodes update the local storage of the verification node after receiving the broadcast, so that the consistency of the state of the block chain of the whole network is ensured.
6. The method for generating status codes based on location-proving blockchain as in claim 1, wherein in step 4, the specific step of generating status codes by the client verification location-proving history is as follows:
step 4-1, the card reader applies for generating a status code to the client by using the public key, the client queries the blockchain after receiving the application to obtain all the data containing the public key, and performs time sequencing according to the time stamp in the position evidence information to obtain a 14-day position evidence historical record;
step 4-2, in order to find the collusion attack of the dishonest card punch and the position proving person, the client jointly verifies the position proving through the space-time threshold value to prevent the collusion attack;
step 4-3, generating a state code of the card reader based on the security evaluation
Performing security assessment on a position proving history record passing client space-time threshold joint verification:
if there is a position proving record in the position proving history record, the position information of the position proving request contained in the position proving record has a space topology intersection with the region H, a red state code is generated for the card punch; if the card-punching machine has a space topology intersection with the region M, generating a yellow status code for the card-punching machine; otherwise, a green status code is generated for the cardholder.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202211011856.XA CN116193448B (en) | 2022-08-23 | 2022-08-23 | State code generation method based on position demonstration block chain |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202211011856.XA CN116193448B (en) | 2022-08-23 | 2022-08-23 | State code generation method based on position demonstration block chain |
Publications (2)
Publication Number | Publication Date |
---|---|
CN116193448A true CN116193448A (en) | 2023-05-30 |
CN116193448B CN116193448B (en) | 2023-12-22 |
Family
ID=86451131
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202211011856.XA Active CN116193448B (en) | 2022-08-23 | 2022-08-23 | State code generation method based on position demonstration block chain |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN116193448B (en) |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111541657A (en) * | 2020-04-13 | 2020-08-14 | 成都链向科技有限公司 | Block chain-based safety position verification method |
CN111757310A (en) * | 2020-06-23 | 2020-10-09 | 中国联合网络通信集团有限公司 | Health code generation method, server and base station |
CN113141417A (en) * | 2021-05-17 | 2021-07-20 | 中国银行股份有限公司 | Health code scanning method, device and system based on block chain and 5G |
CN113515782A (en) * | 2021-06-18 | 2021-10-19 | 北京工业大学 | Personal track proving method based on block chain and zero-knowledge proving |
CN113593704A (en) * | 2021-07-30 | 2021-11-02 | 福建熵链延华科技有限公司 | Non-contact epidemic prevention method and system based on block chain |
CN113821816A (en) * | 2021-11-18 | 2021-12-21 | 杭州格物智安科技有限公司 | Block chain consensus method, system and device based on position |
-
2022
- 2022-08-23 CN CN202211011856.XA patent/CN116193448B/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111541657A (en) * | 2020-04-13 | 2020-08-14 | 成都链向科技有限公司 | Block chain-based safety position verification method |
CN111757310A (en) * | 2020-06-23 | 2020-10-09 | 中国联合网络通信集团有限公司 | Health code generation method, server and base station |
CN113141417A (en) * | 2021-05-17 | 2021-07-20 | 中国银行股份有限公司 | Health code scanning method, device and system based on block chain and 5G |
CN113515782A (en) * | 2021-06-18 | 2021-10-19 | 北京工业大学 | Personal track proving method based on block chain and zero-knowledge proving |
CN113593704A (en) * | 2021-07-30 | 2021-11-02 | 福建熵链延华科技有限公司 | Non-contact epidemic prevention method and system based on block chain |
CN113821816A (en) * | 2021-11-18 | 2021-12-21 | 杭州格物智安科技有限公司 | Block chain consensus method, system and device based on position |
Non-Patent Citations (1)
Title |
---|
余荣威等: "基于区块链的零知识位置证明方法研究", 电子与信息学报, vol. 42, no. 9, pages 1 - 8 * |
Also Published As
Publication number | Publication date |
---|---|
CN116193448B (en) | 2023-12-22 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Zhu et al. | ASAP: An anonymous smart-parking and payment scheme in vehicular networks | |
Li et al. | A lightweight privacy-preserving authentication protocol for VANETs | |
Gope et al. | Lightweight and privacy-preserving RFID authentication scheme for distributed IoT infrastructure with secure localization services for smart city environment | |
CN111464980B (en) | Electronic evidence obtaining device and method based on block chain in Internet of vehicles environment | |
CN102196431B (en) | Internet of things application scene-based protection method of privacy query and private identity verification | |
Nosouhi et al. | Blockchain for secure location verification | |
Feng et al. | An efficient privacy-preserving authentication model based on blockchain for VANETs | |
CN115398417A (en) | Secure method and system for environmental credit scoring | |
Gambs et al. | PROPS: A privacy-preserving location proof system | |
Bouchelaghem et al. | Reliable and secure distributed smart road pricing system for smart cities | |
Restuccia et al. | FIRST: A framework for optimizing information quality in mobile crowdsensing systems | |
CN104010302A (en) | Vehicle-mounted self-organizing network traffic data trust evaluation method | |
Li et al. | User-defined privacy-preserving traffic monitoring against n-by-1 jamming attack | |
CN109714169B (en) | Data credible circulation platform based on strict authorization and circulation method thereof | |
WO2020137971A1 (en) | Location information providing system and location information providing method | |
CN106897901A (en) | Based on the shared bicycle Secure Billing method that home is proved | |
CN106886920A (en) | Based on the shared bicycle Secure Billing method that home is proved | |
Lv et al. | Misbehavior detection in vehicular ad hoc networks based on privacy-preserving federated learning and blockchain | |
CN109146452A (en) | A kind of Internet of Things cost management method and system based on block chain | |
CN116193448B (en) | State code generation method based on position demonstration block chain | |
Sun et al. | Toward differential privacy for traffic measurement in vehicular cyber-physical systems | |
CN111931230A (en) | Data authorization method and device, storage medium and electronic device | |
Mengjun et al. | Privacy-preserving distributed location proof generating system | |
Zuo et al. | Cost-effective privacy-preserving vehicular urban sensing system | |
McEntyre et al. | Zero-knowledge proof for enabling privacy preserving electronic toll collection with vehicle-to-everything communications |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |