WO2018076242A1 - Information transmition method and device - Google Patents

Information transmition method and device Download PDF

Info

Publication number
WO2018076242A1
WO2018076242A1 PCT/CN2016/103592 CN2016103592W WO2018076242A1 WO 2018076242 A1 WO2018076242 A1 WO 2018076242A1 CN 2016103592 W CN2016103592 W CN 2016103592W WO 2018076242 A1 WO2018076242 A1 WO 2018076242A1
Authority
WO
WIPO (PCT)
Prior art keywords
sender
signature
transmission message
information
plaintext
Prior art date
Application number
PCT/CN2016/103592
Other languages
French (fr)
Chinese (zh)
Inventor
熊晓春
黄正安
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Priority to PCT/CN2016/103592 priority Critical patent/WO2018076242A1/en
Publication of WO2018076242A1 publication Critical patent/WO2018076242A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • H04W12/033Protecting confidentiality, e.g. by encryption of the user plane, e.g. user's traffic

Definitions

  • V2X vehicle-to-X
  • V2V vehicle-to-vehicle
  • V2I vehicle-to- Infrastructure
  • V2P vehicle-to-pedestrian
  • V2X communication can achieve road safety, improve traffic efficiency, and provide users with rich streaming services.
  • V2X communication service broadcast-related services occupy the vast majority, for example, forward collision warnings between vehicles and vehicles.
  • the security requirements of V2X communication require that the recipient of the broadcast message be able to verify the legitimacy of the source.
  • the third generation partnership project (English: 3rd generation partnership project, 3GPP for short) proposes two methods to protect the security of V2X broadcast messages: one is based on identity-based signature (IBS). The other is a method based on digital certificates. However, no specific solution has been given for how to use these two methods to secure the broadcast messages sent.
  • the embodiment of the invention provides an information transmission method and device, which solves the problem that the broadcast message cannot be securely protected in the prior art.
  • the sender's information includes the sender's identity information and a signature; wherein the signature is a signature of the sender to the information other than the signature included in the transmission message.
  • the identity information of the sender includes an identifier ID of the sender, where the sender ID, the transmitted data, and the signature are both For the plain text.
  • the sender sends the transmission message through the identity signature-based data format, so that the receiver can perform integrity verification and sender identity authentication on the transmission message according to the information of the sender, thereby ensuring security of the transmission to be transmitted. Sex.
  • the transmission message further includes a public parameter or a public parameter index of the user signature system used by the sender, so that when the transmission message includes a public parameter of the user signature system used by the sender or When the public parameter index is used, the time for the receiver to determine the corresponding public parameter can be saved, and the efficiency of the security verification is improved.
  • the sender's identity information includes the sender's identity identification number ID, where the sender's ID is plaintext or The ciphertext, the transmitted data, and the signature are all ciphertext.
  • the sender sends the transmission message by using the identity signature and the identity-based encryption data format, so that the receiver can decrypt the transmission message according to the private key of the receiver, and obtain the information of the plaintext, based on the sender.
  • the information is used to securely verify the transmitted message, thereby ensuring the integrity and confidentiality of the transmitted message.
  • the transport message further includes: a public parameter or a public parameter index of the user signature system used by the sender, and/or a transmission The public parameter or public parameter index of the recipient's user encryption system used by the party to encrypt.
  • the public parameter or the public parameter index of the user encryption system of the receiver used by the sender to be encrypted is sent to the receiver, which can improve the efficiency of the receiver to decrypt the transmission message; of The public parameter or the public parameter index of the user signature system is sent to the receiver, which can save the time for the receiver to determine the corresponding public parameter, and improve the efficiency of the security verification.
  • the sender's identity information includes the sender's digital certificate.
  • the transmission message may include the sender's digital certificate or may not include the sender's digital certificate.
  • the sender sends the transmission message through the digital certificate-based data format, so that the receiver can perform security verification and identity authentication on the transmission message according to the sender's digital certificate, thereby ensuring the transmission sent by the sender. The security of the message.
  • the transmission message further includes a public key or a public key index of the receiver used by the sender to encrypt the transmission message, so that the receiver can receive the transmission message according to the The public key or public key index quickly determines the decrypted private key and improves the efficiency of decrypting the transmitted message.
  • the sender's digital certificate, the transmitted data, and the signature are plaintext; or the sender's digital certificate, the transmitted data, and the signature are all ciphertext; or, the sender's digital certificate is In plain text, the transmitted data and signature are both ciphertext.
  • the receiver may perform integrity verification and identity authentication on the transmitted message; when the sender's digital certificate is plaintext or ciphertext
  • the receiver can decrypt the received message, and then perform integrity verification and identity authentication on the transmitted message, thereby ensuring the integrity and confidentiality of the transmitted message. The security of the transmitted message is guaranteed.
  • the transmission message further includes at least one of: a validity period of the sender's ID, a key management center identifier used by the sender, and a time stamp of the transmission message.
  • the transmission message further includes a timestamp of transmitting the message.
  • the replay attack check is performed according to the timestamp of the transmission message to ensure the security of the transmission message.
  • an information transmission method comprising: receiving a receiving The transmission message sent by the sender using the preset data format; wherein the transmission message includes the transmitted data and the information of the sender; the receiver performs security verification on the transmission message according to the information of the sender.
  • the sender's information includes the sender's identity information and a signature; wherein the signature is a signature of the sender to the information other than the signature included in the transmission message; the receiver is based on the sender's
  • the information is used to perform security verification on the transmitted message, including: the receiving party performs verification calculation according to the identity information, signature and transmitted data of the sender, and obtains verification information; if the verification information is preset information, determines security verification of the transmitted message. Pass, otherwise it is determined that the security verification of the transmitted message does not pass.
  • the identity information of the sender includes an identifier ID of the sender, where the sender ID, the transmitted data, and the signature are both For the plain text.
  • the transport message further includes a public parameter or a public parameter index of the user signature system used by the sender.
  • the sender's identity information includes the sender's identity identification number ID, where the sender's ID is plaintext or The ciphertext, the transmitted data, and the signature are all ciphertexts; before the recipient performs security verification on the transmitted data according to the information of the sender, the method further includes: if the transmitted message includes the transmitted data and the signature are all ciphertexts The receiving party decrypts the transmission message according to the first preset private key, and obtains the plaintext of the transmitted data and the plaintext of the signature; if the sender's ID, the transmitted data, and the signature included in the transmission message are all ciphertext, the receiver is based on the The first preset private key decrypts the transmission message, and obtains the plaintext of the sender's ID, the plaintext of the transmitted data, and the plaintext of the signature.
  • the transport message further includes: a public parameter or a public parameter index of the user signature system used by the sender, and/or a transmission The public parameter or public parameter index of the recipient's user encryption system used by the party to encrypt.
  • the sender's identity information includes the sender's digital certificate.
  • the sender's digits may be included in the transmitted message.
  • the certificate may or may not include the sender's digital certificate.
  • the transport message further includes a public key or a public key index of the receiver used by the sender to encrypt the transmitted message.
  • the sender's digital certificate, the transmitted data, and the signature are plaintext; or the sender's digital certificate, the transmitted data, and the signature are all ciphertext; and the receiver is based on the sender's information.
  • the method further includes: the receiver decrypts the transmission message according to the second preset private key, and obtains the plaintext of the sender's digital certificate, the plaintext of the transmitted data, and the plaintext of the signature; or The sender's digital certificate is plaintext, and the transmitted data and the signature are both ciphertext; before the recipient performs security verification on the transmitted data according to the sender's information, the method further includes: the receiver according to the second preset private The key decrypts the transmitted message to obtain the plaintext of the transmitted data and the plaintext of the signature.
  • the transmission message further includes at least one of: a validity period of the sender's ID, a key management center identifier used by the sender, and a time stamp of the transmission message.
  • the transmission message further includes a timestamp of transmitting the message.
  • a sender device configured to send, by using a preset data format, a transmission message to the at least one receiving party.
  • the sender's information includes the sender's identity information and a signature; wherein the signature is a signature of the sender to the information other than the signature included in the transmission message.
  • the identity information of the sender includes an identifier ID of the sender, where the sender ID, the transmitted data, and the signature are both For the plain text.
  • the transport message further includes a public parameter or a public parameter index of the user signature system used by the sender.
  • the identity information of the sender includes the identity number of the sender, where the sender's ID is plaintext or ciphertext, and the transmitted data and signature are ciphertext.
  • the transport message further includes: a public parameter or a public parameter index of the user signature system used by the sender, and/or a transmission The public parameter or public parameter index of the recipient's user encryption system used by the party to encrypt.
  • the sender's identity information includes the sender's digital certificate.
  • the sender's digital certificate, the transmitted data, and the signature are plaintext; or the sender's digital certificate, the transmitted data, and the signature are all ciphertext; or, the sender's digital certificate is In plain text, the transmitted data and signature are both ciphertext.
  • the transmission message may include the sender's digital certificate or may not include the sender's digital certificate.
  • the transport message further includes a public key or a public key index of the receiver used by the sender to encrypt the transmitted message.
  • the transmission message further includes at least one of: a validity period of the sender's ID, a key management center identifier used by the sender, and a time stamp of the transmission message.
  • the transmission message further includes a timestamp of transmitting the message.
  • the fourth aspect provides a receiving device, where the receiving device includes: a receiving unit, configured to receive a transmission message sent by the sender using a preset data format, where the transmission message includes the transmitted data and the sender information; the verification unit Used to perform security verification on the transmitted message according to the sender's information.
  • the information of the sender includes the identity information and the signature of the sender, where the signature is a signature of the sender to the information other than the signature included in the transmission message, and the verification unit is specifically configured to:
  • the verification information is obtained according to the identity information, the signature and the transmission message of the sender, and the verification information is obtained. If the verification information is the preset information, it is determined that the security verification of the transmission message passes, otherwise the security verification of the transmission message is determined to fail.
  • the sender's identity information includes the sender's identity number ID; wherein the sender's ID, the transmitted data, and the signature are plaintext.
  • the transport message further includes a public parameter or a public parameter index of the user signature system used by the sender.
  • the sending device further includes: a decrypting unit, configured to: if the transmitted data and the signature included in the transmission message are all ciphertext, perform the transmission message according to the first preset private key Decrypting, obtaining the plaintext of the transmitted data and the plaintext of the signature; if the sender's ID, the transmitted data, and the signature included in the transmission message are all ciphertext, the transmission message is decrypted according to the first preset private key, and the sender is obtained.
  • a decrypting unit configured to: if the transmitted data and the signature included in the transmission message are all ciphertext, perform the transmission message according to the first preset private key Decrypting, obtaining the plaintext of the transmitted data and the plaintext of the signature; if the sender's ID, the transmitted data, and the signature included in the transmission message are all ciphertext, the transmission message is decrypted according to the first preset private key, and the sender is obtained.
  • the transport message further includes: a public parameter or a public parameter index of the user signature system used by the sender, and/or a transmission The public parameter or public parameter index of the recipient's user encryption system used by the party to encrypt.
  • the sender's identity information includes the sender's digital certificate.
  • the transmission message may include the sender's digital certificate or may not include the sender's digital certificate.
  • the transport message further includes a public key or a public key index of the receiver used by the sender to encrypt the transmitted message.
  • the sender's digital certificate, the transmitted data, and the signature are plaintext; or the sender's digital certificate, the transmitted data, and the signature are all ciphertext; and the verification unit is based on the sender's information.
  • the decryption unit is further configured to: decrypt the transmission message according to the second preset private key, obtain the plaintext of the sender's digital certificate, the plaintext of the transmitted data, and the plaintext of the signature; or, send The digital certificate of the party is in plain text, and the transmitted data and the signature are both ciphertext; before the security verification of the transmission message by the verification unit according to the information of the sender, the decryption unit is further configured to: transmit the message according to the second preset private key pair Decrypt and get the data to be sent Plain text and signed plain text.
  • the transmission message further includes at least one of: a validity period of the sender's ID, a key management center identifier used by the sender, and a time stamp of the transmission message.
  • the transmission message further includes a timestamp of transmitting the message.
  • a sender device in a fifth aspect, includes a memory, a processor, a bus, and a communication interface.
  • the memory stores code and data
  • the processor and the memory are connected by a bus
  • the processor runs the code in the memory to enable the sender.
  • the apparatus performs the information transmission method provided by any one of the above first aspect or any one of the possible implementations of the first aspect.
  • a receiver device in a sixth aspect, includes a memory, a processor, a bus, and a communication interface.
  • the memory stores code and data
  • the processor and the memory are connected by a bus
  • the processor runs the code in the memory to enable the sender.
  • the apparatus performs the information transmission method provided by any one of the above second aspect or any one of the possible implementations of the second aspect.
  • a communication system comprising a sender device and a receiver device, wherein the sender device is the third aspect, or any possible implementation manner of the third aspect, or the fifth aspect
  • the provided sender device, and/or the receiver device is the fourth aspect, or any possible implementation of the fourth aspect, or the receiver device provided by the sixth aspect.
  • a computer readable storage medium where computer executed instructions are stored, and when the at least one processor of the device executes the computer to execute an instruction, the device performs the first aspect or the first aspect.
  • the information transmission method provided by any one of the possible implementation manners, or the information transmission method provided by the foregoing second aspect or any possible implementation manner of the second aspect.
  • a computer program product comprising computer executable instructions stored in a computer readable storage medium; at least one processor of the device can read the computer from a computer readable storage medium Executing an instruction, the at least one processor executing the computer to execute the instruction, causing the device to implement the information transmission method provided by the first aspect or any one of the possible implementation manners of the first aspect, or performing the second aspect Or the information transmission method provided by any of the possible implementations of the second aspect.
  • FIG. 1 is a schematic structural diagram of a communication system according to an embodiment of the present invention.
  • FIG. 2 is a schematic structural diagram of a terminal device according to an embodiment of the present invention.
  • FIG. 3 is a schematic flowchart diagram of an information transmission method according to an embodiment of the present disclosure.
  • FIG. 4 is a schematic diagram of a first preset data format according to an embodiment of the present invention.
  • FIG. 5 is a schematic diagram of a second preset data format according to an embodiment of the present disclosure.
  • FIG. 6 is a schematic diagram of a third preset data format according to an embodiment of the present invention.
  • FIG. 7 is a schematic diagram of a fourth preset data format according to an embodiment of the present disclosure.
  • FIG. 8 is a schematic flowchart diagram of another information transmission method according to an embodiment of the present disclosure.
  • FIG. 9 is a schematic diagram of a fifth preset data format according to an embodiment of the present disclosure.
  • FIG. 10 is a schematic diagram of a sixth preset data format according to an embodiment of the present disclosure.
  • FIG. 11 is a schematic diagram of a seventh preset data format according to an embodiment of the present invention.
  • FIG. 12 is a schematic diagram of an eighth preset data format according to an embodiment of the present disclosure.
  • FIG. 13 is a schematic flowchart diagram of still another information transmission method according to an embodiment of the present invention.
  • FIG. 14 is a schematic diagram of a ninth preset data format according to an embodiment of the present disclosure.
  • FIG. 15 is a schematic diagram of a tenth preset data format according to an embodiment of the present invention.
  • FIG. 16 is a schematic structural diagram of a sender device according to an embodiment of the present disclosure.
  • FIG. 17 is a schematic structural diagram of another sender device according to an embodiment of the present disclosure.
  • FIG. 18 is a schematic structural diagram of still another sender device according to an embodiment of the present disclosure.
  • FIG. 19 is a schematic structural diagram of a receiver device according to an embodiment of the present disclosure.
  • FIG. 20 is a schematic structural diagram of another receiver device according to an embodiment of the present disclosure.
  • FIG. 21 is a schematic structural diagram of still another receiver device according to an embodiment of the present invention.
  • FIG. 1 is a schematic structural diagram of a communication system according to an embodiment of the present invention.
  • the communication system includes a base station 101 and a terminal device 102.
  • the base station 101 can communicate with the terminal device 102, and the terminal device 102 can be a vehicle, a user's handheld device, a smart wearable device, or the like.
  • a plurality of terminal devices 102 can also communicate with each other, and can perform direct communication through a device-to-device (D2D) mode, or through a device to a base station, and then to a device. The way to communicate indirectly.
  • D2D device-to-device
  • one terminal device may transmit information to other plurality of terminal devices 102 by means of broadcast, or may transmit information to one of the terminal devices 102 via a link.
  • FIG. 2 is a schematic structural diagram of a terminal device according to an embodiment of the present invention.
  • the terminal device includes a bus, a processor, a memory, an input/output interface, and a communication interface.
  • a bus is a circuit that connects the elements described and implements transmission between these elements.
  • the processor receives commands from other elements over the bus, decrypts the received commands, and performs calculations or data processing based on the decrypted commands.
  • the processor is a control center of the terminal device, and connects various parts of the entire terminal device by using various interfaces and lines, performs various functions by running or executing a software program module stored in the memory, and calling data stored in the memory.
  • the data is processed to perform overall monitoring of the terminal device.
  • the processor may include one or more processors; preferably, the processor may integrate an application processor and a modem processor, where the application processor mainly processes an operating system, a user interface, an application, etc., and modulates
  • the demodulation processor primarily handles wireless communications.
  • the memory may include program modules such as a kernel, a middleware, an application program interface (API), and an application.
  • the program module may be composed of software, firmware or hardware, or at least two of them.
  • the memory may mainly include a storage program area and an storage data area, wherein the storage program area may store an operating system, an application required for at least one function, and the like; the storage data area may store data created according to usage of the terminal device, and the like.
  • the memory may include a high speed random access memory, and may also include non-volatile memory. Storage, etc.
  • the input and output interfaces provide an interface between the processor and the peripheral interface module to forward commands or data entered by the user through the peripheral interface module.
  • the above peripheral interface module may be a sensor, a keyboard, a click wheel, a button, or the like. These buttons may include, but are not limited to, a home button, a volume button, a start button, and a lock button.
  • the communication interface connects the terminal device with other terminal devices and base stations.
  • the communication interface may be a radio frequency circuit including, but not limited to, an antenna, at least one amplifier, a transceiver, a coupler, a low noise amplifier, a duplexer, and the like.
  • the communication interface can be connected to other external terminal devices or base stations by wirelessly connecting to the network, so that communication between the terminal device and other terminal devices and the base station can be realized through the network.
  • the communication interface receives broadcast signals or broadcast associated information from an external broadcast management system via a broadcast channel.
  • the communication interface further includes a WiFi module, a Bluetooth module, an infrared module, etc. to facilitate short range communication.
  • the terminal device may further include a display device, a sensor module, an audio module, and the like, and details are not described herein again.
  • FIG. 3 is a schematic flowchart of an information transmission method according to an embodiment of the present invention. Referring to FIG. 3, the method includes the following steps.
  • Step 201 The sender determines the transmission message according to the preset data format.
  • the transmission message includes the transmitted data and the information of the sender, and the information of the sender is information for causing the receiver to perform security verification on the transmission message.
  • the sender may be the terminal device 102 in the communication system shown in FIG. 1 above, and may be a vehicle.
  • the receiving party may also be the terminal device 102 in the communication system shown in FIG. 1 above, and may be a vehicle, or a handheld device such as a user's mobile phone, tablet computer, smart watch, or smart wearable device.
  • the transmitted data may include one or more of the following information: sender speed information, location information, and alarm information, and the like.
  • the sender's information may include the sender's identity information and signature.
  • the sender's identity information may include different information.
  • the sender's identity information may include the sender's identity number (English: identity, referred to as: ID), or the sender's digital certificate, etc.
  • ID the sender's identity number
  • a signature is a signature of a sender other than the signature included in the transmission message.
  • Step 202 The sender sends a transmission message to at least one receiver by using a preset data format.
  • the sender can send the transmission message to the at least one recipient through the preset data format, so that each of the at least one receiver can receive the transmission message.
  • the sender when the sender is the terminal device shown in FIG. 1 , the sender may directly send the transmission message to the at least one receiver by using the broadcast mode, or may forward the transmission message to the base station, and the base station directly transmits the message to the base station. At least one recipient sends the transmission message.
  • Step 203 When the receiver receives the transmission message sent by the sender using the preset data format, the receiver performs security verification on the transmission message according to the information of the sender.
  • the receiving party performs security verification on the transmission message according to the information of the sender, and may include: Step 203a: The receiving party may perform verification calculation according to the identity information of the sender, the signature, and the transmitted data, to obtain verification information. Step 203b: If the verification information is preset information, it is determined that the security verification of the transmission message passes, otherwise it is determined that the security verification of the transmission message does not pass.
  • the sender determines the transmission message according to the preset data format, where the transmission message includes the transmitted data and the information of the sender, and then the sender sends the transmission message to the at least one receiver by using the preset data format, so that the receiving When receiving the transmission message, the party can perform security verification on the transmission message according to the information of the sender, thereby ensuring the security of the transmission message sent by the sender.
  • the preset data format may be different preset data formats, and in different preset data formats, the identity information of the sender may also include different information.
  • the transmission message determined by the sender according to different preset data formats is different, and the following is the identity information of the sender under different preset data formats, and according to The transmission message determined by the same preset data format is elaborated.
  • the different preset data formats may mainly include the following three different preset data formats.
  • the first type as shown in FIG. 4, if the preset data format is a data format based on identity-based signature (IBS), the identity information of the sender includes the ID of the sender.
  • the sender's ID, the transmitted data, and the signature included in the transmission message are all plaintext.
  • the parameter D/C (English: data/control, data/control) is used.
  • the parameter R is a reserved bit.
  • the preset data format includes three reserved bits R as an example.
  • the parameter PDCP SN (where PDCP is a packet data convergence layer protocol, English: packet data convergence protocol; SN is the serial number, English: serial number) can be used to indicate the serial number of the message.
  • the parameters D/C, R, and PDCP SN shown in the figure are the same as the parameters D/C, R, and PDCP SN included in the PDCP PDU (the protocol data unit, English: protocol data unit). For details, refer to the PDCP PDU. It is to be noted that the embodiments of the present invention are not described in detail herein. Oct1, Oct2, ..., OctN in Fig. 4 are used to indicate the first 1, 2, ..., N bytes, and each byte may include 8 bit bits.
  • the length of any information included in the transmission message may be one or more lines, and the length (cont) is determined by the length of the information itself.
  • Oct3 to OctN 1 in FIG. 4 are used to indicate the byte corresponding to the ID of the sender
  • OctN 1 +1 to OctN 2 are used to indicate the byte corresponding to the transmitted data
  • OctN 2 +1 to OctN are used to represent the signature. The corresponding byte.
  • the transmission message further includes a public parameter or a public parameter index of the user signature system used by the sender, and the pp is represented by the sender in FIG.
  • the public parameter of the user's signature system used by the sender Oct3 to OctN 1 in FIG. 5 are used to indicate the byte corresponding to the ID of the sender, and OctN 1 +1 to OctN 2 are used to indicate the byte corresponding to the pp or pp index of the sender, OctN 2 +1 to OctN. 3 is used to indicate the byte corresponding to the transmitted data, and OctN 3 +1 to OctN are used to indicate the byte corresponding to the signature.
  • the public parameter index is an identifier of a public parameter, and can be used to uniquely identify one
  • the public parameter of the user signature system for example, the public parameter index may be a serial number of a common parameter or the like.
  • the receiver may determine the corresponding public parameter according to the common parameter index.
  • the receiving party performs the verification calculation according to the identity information, the signature, and the transmitted data of the sender in step 203a, and obtains the verification information, specifically: the receiver according to the sender's ID, signature, and transmission.
  • the public parameters of the user signature system used by the party are verified and calculated, thereby obtaining verification information.
  • the public parameters or common parameter indexes of the set of user signature systems may not be included in the transmission message, and the specific preset data format is as shown in FIG.
  • the sender and the receiver may agree in advance; when the transmission message includes the public parameter or the public parameter index of the user signature system, the specific preset data format is as shown in the figure. 5 is shown. If the receiver supports multiple sets of user signature systems, the transmission message includes the public parameter or the public parameter index of the user signature system used by the sender.
  • the specific preset data format is shown in FIG. 5.
  • the sender sends the transmission message to the at least one receiver by using the data format of the identity signature IBS, so that the receiver can perform security verification on the transmission message according to the sender ID, the signature, and the sent data. Guaranteed transmission of message integrity.
  • the public parameter or the public parameter index of the user signature system used by the sender is sent to the receiver together, the time for the receiver to determine the corresponding public parameter can be saved, and the efficiency of the security verification is improved.
  • the identity information of the sender includes the ID of the sender.
  • the sender's ID is plain text or cipher text, and the transmitted data and signature are both ciphertext.
  • the transmission message further includes: a public parameter or a public of the user signature system used by the sender.
  • the transmission message further includes: a public parameter or a common parameter index of the user signature system used by the sender, and a public parameter of the user encryption system of the receiver used by the sender to encrypt.
  • the public parameter index is taken as an example for explanation.
  • the public parameter of the user signature system used by the sender is represented by pp of the sender
  • the public parameter of the user encryption system of the receiver used by the sender when the sender encrypts is represented by pp of the sender
  • the ID of the sender is The plain text is taken as an example for explanation.
  • Oct2 to OctN 1 in FIG. 7 are used to indicate the byte corresponding to the pp or pp index of the sender
  • OctN 1 +1 to OctN 2 are used to indicate the byte corresponding to the pp or pp index of the receiver
  • OctN 2 + 1 to OctN 3 are used to indicate the byte corresponding to the sender's ID
  • OctN 3 +1 to OctN are used to indicate the byte corresponding to the ciphertext.
  • the transmission message includes a public parameter or a public parameter index of the user signature system used by the sender, and/or a public parameter or a public parameter index of the user encryption system used by the sender to encrypt, here the user signature system
  • the user encryption system is similar to the user signature system. For details, refer to the description of the user signature system.
  • the transport message may include or exclude a public parameter or a public parameter index of the user signature system used by the sender, and may be agreed in advance when not included; If both the sender and the receiver support the use of multiple sets of user signature systems, the transport message also includes the public parameter or public parameter index of the user signature system used by the sender.
  • the receiver may further include step 202a before performing security verification on the transmission message according to the information of the sender in step 203.
  • Step 202a If the transmitted data and the signature included in the transmission message are both ciphertext, the receiver decrypts the transmission message according to the first preset private key, and obtains the plaintext of the transmitted data and the plaintext of the signature. If the sender's ID, the transmitted data, and the signature included in the transmission message are all ciphertext, the receiver decrypts the transmission message according to the first preset private key, and obtains The plaintext of the sender's ID, the plaintext of the transmitted data, and the plaintext of the signature.
  • the first preset private key is a private key of the recipient corresponding to a public parameter or a common parameter index of the user encryption system used by the sender when encrypting.
  • the first preset private key may be pre-agreed.
  • the first preset private key may be a receiver determined by the receiver according to a public parameter or a common parameter index of the user encryption system used by the sender when the transmission message is encrypted. Private key.
  • step 203a the receiving party performs verification calculation according to the identity information, the signature and the transmitted data of the sender, and obtains verification information, which is specifically: the receiver according to the sender's ID, the signature, and the user signature system used by the sender.
  • the public parameters are verified and calculated to obtain verification information.
  • the sender's ID of the transmission message is plaintext or ciphertext
  • the transmitted data and the signature are all ciphertext, so that the receiver receives the transmission.
  • the transmitted message can be decrypted, and then the transmitted message is verified for security, thereby ensuring the integrity and confidentiality of the transmitted message.
  • the public parameter or the public parameter index of the user encryption system of the receiver used by the sender to be encrypted is transmitted to the receiver, which can improve the efficiency of the receiver to decrypt the transmission message; the public of the user signature system used by the sender
  • the parameter or the public parameter index is sent to the receiver, which can save the time for the receiver to determine the corresponding public parameter, and improve the efficiency of the security verification.
  • the sender's identity information includes the sender's digital certificate.
  • the digital certificate, the transmitted data, and the signature of the sender included in the transmission message are all plaintext; or the digital certificate, the transmitted data, and the signature of the sender included in the transmission message are all ciphertext; or the transmission of the transmission message includes
  • the party's digital certificate is in plain text, and the transmitted data and signature are both ciphertext.
  • the transport message further includes a public key or a public key index of the receiver used by the sender to encrypt and transmit the message.
  • the public key index is an identifier of the public key, and can be used to uniquely identify a public key of a set of digital certificates.
  • the public key index can be a serial number of the public key, or if the identity information of the sender does not need to be encrypted.
  • the public key index may also be the sender's ID or the like.
  • FIG. 12 illustrates an example in which the sender's digital certificate, the transmitted data, and the signature are both ciphertexts.
  • FIG OctN 1 to 12 Oct3 for indicating the recipient's public key or public key corresponding to the byte index
  • OctN 1 +1 is used to represent OCTN corresponding ciphertext bytes.
  • the receiver performs security on the transmission message according to the information of the sender in step 203.
  • Step 202b may also be included prior to verification.
  • Step 202b If the digital certificate, the transmitted data, and the signature of the sender are both ciphertext, the receiver decrypts the transmission message according to the second preset private key, and obtains the plaintext of the sender's digital certificate, the plaintext of the transmitted data, and The plain text of the signature. If the sender's digital certificate is plaintext, the transmitted data and the signature are both ciphertext, and the receiver decrypts the transmission message according to the second preset private key to obtain the plaintext of the transmitted data and the plaintext of the signature.
  • the transmission message may include the sender's digital certificate or may not include the sender's digital certificate.
  • the preset data format may be a part of deleting the digital certificate of the sender in the preset data format shown in FIG. 9-11 or FIG. 12 described above.
  • the second preset private key is a private key corresponding to the digital certificate of the recipient used when the sender encrypts.
  • the second preset private key may be pre-agreed.
  • the second preset private key may be the receiver determined by the receiver according to the public parameter or the public parameter index of the user encryption system used by the sender when the transmission message is encrypted. Private key.
  • the receiver is based on the sender's identity information, signature, and The data is sent for verification calculation, and the verification information is obtained. Specifically, the receiver performs verification calculation according to the digital certificate, signature, and transmitted data of the sender, thereby obtaining verification information.
  • the sender sends the transmission message to the at least one receiver by using the digital certificate-based data format, and the transmission message can be guaranteed when the digital certificate, the transmitted data, and the signature of the sender included in the transmission message are both plaintext. Integrity; when the digital certificate of the sender included in the transmission message is plaintext or ciphertext, and the transmitted data and signature are both ciphertext, the confidentiality of the transmitted message can be guaranteed.
  • the transport message further includes at least one of: a validity period of the sender's ID, a key management center identifier used by the sender, and a time stamp of the transmitted message.
  • the specific preset data format is as shown in FIG. 14.
  • the preset data format includes an expiration date of the ID of the sender, a key management center identifier used by the sender, and a timestamp of the transmitted message as an example.
  • Oct3 sender ID is used to indicate the corresponding byte, OctN 1 +1 to OctN 2 for indicating the validity of the sender corresponding to the ID byte, OctN 2 +1 to OctN 3 with
  • OctN 3 +1 to OctN 4 are used to indicate the byte corresponding to the time stamp of the transmitted message
  • OctN 4 +1 to OctN 5 are used to indicate the transmission message.
  • the corresponding byte, OctN 5 +1 to OctN is used to represent the byte corresponding to the signature.
  • the transmission message when the transmission message includes the validity period of the sender's ID, the freshness of the sender's ID can be ensured, and the transmission message is prevented from being tracked.
  • the transmission message includes the key management center identifier used by the sender, the receiver can be conveniently determined to quickly determine the network public key to verify the signature.
  • the receiver can perform a replay attack check on the transmission message to further improve the security of the transmission message.
  • the transport message also includes a time stamp for transmitting the message.
  • the specific preset data format is shown in Figure 15. Oct3 to OctN 1 in FIG. 15 are used to indicate the byte corresponding to the sender's digital certificate, and OctN 1 +1 to OctN 2 are used to indicate the byte corresponding to the time stamp of the transmitted message, OctN 2 +1 to OctN 3 Used to indicate the byte corresponding to the transmitted data, OctN 3 +1 to OctN are used to indicate the byte corresponding to the signature.
  • the receiver may check the replay attack of the transmission message, thereby further ensuring the security of the transmission message.
  • the embodiment of the present invention further provides a data format based on an identity-encrypted IBE.
  • the sender determines that the transport message includes the transmitted data according to the IBE-based data format, and the transmitted data is a ciphertext.
  • the receiver can decrypt the transmission message according to the corresponding private key to obtain the transmitted data, thereby ensuring the confidentiality of the transmitted message.
  • the IBE-based data format may further include a public parameter or a common parameter index of the receiver's IBE system used by the sender to encrypt the transmission message, so as to receive The party quickly determines the corresponding private key according to the public parameter or the public parameter index, thereby improving the efficiency of the receiver to decrypt the transmitted message.
  • each network element such as a sender device and a receiver device, etc.
  • each network element includes hardware structures and/or software modules corresponding to each function.
  • the present invention can be implemented in a combination of hardware or hardware and computer software in conjunction with the network elements and algorithm steps of the various examples described in the embodiments disclosed herein. Whether a function is implemented in hardware or computer software to drive hardware depends on the specific application and design constraints of the solution. A person skilled in the art can use different methods for implementing the described functions for each particular application, but such implementation should not be considered to be beyond the scope of the present invention.
  • the embodiment of the present invention may divide the function module by the sender device and the receiver device according to the foregoing method example.
  • each function module may be divided according to each function, or two or more functions may be integrated into one process.
  • the above integrated modules can be implemented in the form of hardware or in the form of software functional modules. It should be noted that the division of the module in the embodiment of the present invention is schematic, and is only a logical function division, and the actual implementation may have another division manner.
  • FIG. 16 is a schematic diagram showing a possible structure of a sender device involved in the foregoing embodiment.
  • the sender device 300 includes a determining unit 301 and a sending unit 302.
  • the determining unit 301 is configured to execute FIG. 3, Step 201 in FIG. 8 or FIG. 13;
  • the transmitting unit 302 is configured to perform step 202 in FIG. 3, FIG. 8, or FIG. All the related content of the steps involved in the foregoing method embodiments may be referred to the functional description of the corresponding functional modules, and details are not described herein again.
  • FIG. 17 shows a possible logical structure diagram of the sender device 310 involved in the above embodiment.
  • the sender device 310 includes a processing module 312 and a communication module 313.
  • the processing module 312 is configured to control management of the actions of the sender device, for example, the processing module 312 is configured to perform step 201 of FIG. 3, FIG. 8, or FIG. 13, and/or other processes for the techniques described herein.
  • the communication module 313 is for communication with a base station or a recipient device.
  • the sender device 310 can also include a storage module 311 for transmitting program code and data of the party device.
  • the processing module 312 can be a processor or a controller, such as a central processing unit, a general purpose processor, a digital signal processor, an application specific integrated circuit, a field programmable gate array or other programmable logic device, a transistor logic device, Hardware components or any combination thereof. It is possible to implement or carry out the various illustrative logical blocks, modules and circuits described in connection with the present disclosure.
  • the processor may also be a combination of computing functions, for example, including one or more microprocessor combinations, combinations of digital signal processors and microprocessors, and the like.
  • the communication module 313 can be a transceiver, a transceiver circuit, a communication interface, or the like.
  • the storage module 311 can be a memory.
  • the sender device may be the device shown in FIG. 18.
  • the sender device 320 includes a processor 322, a communication interface 323, a memory 321, and a bus 324.
  • the communication interface 323, the processor 322, and the memory 321 are connected to each other through a bus 324.
  • the bus 324 may be a peripheral component interconnect standard (English: peripheral component interconnect, PCI for short) or an extended industry standard structure (English: extended industry) Standard architecture, referred to as: EISA) bus.
  • the bus can be divided into an address bus, a data bus, a control bus, and the like. For ease of representation, only one thick line is shown in Figure 18, but it does not mean that there is only one bus or one type of bus.
  • FIG. 19 is a schematic diagram showing a possible structure of the receiver device involved in the foregoing embodiment.
  • the receiver device 400 includes a receiving unit 401 and a verification unit 402.
  • the receiving unit 401 is configured to execute FIG. 3, The step of receiving the transmission message transmitted by the sender device through step 202 in FIG. 8 or FIG. 13; the verification unit 402 is configured to perform step 203 in FIG. 3, FIG. 8, or FIG.
  • the recipient device further includes a decryption unit 403.
  • the decryption unit 403 is configured to perform step 202a in FIG. 8 or step 202b in FIG. All the related content of the steps involved in the foregoing method embodiments may be referred to the functional description of the corresponding functional modules, and details are not described herein again.
  • FIG. 20 shows a possible logical structure diagram of the receiver device 410 involved in the above embodiment.
  • the recipient device 410 includes a processing module 412 and a communication module 413.
  • the processing module 412 is configured to perform control management on the action of the receiver device.
  • the processing module 412 is configured to perform step 203 in FIG. 3, FIG. 8, or FIG. 13, and step 202a in FIG. 8 or step 202b in FIG. And/or other processes for the techniques described herein.
  • the communication module 413 is used for communication with a base station or a sender device.
  • the recipient device 410 can also include a storage module 411 for storing program codes and data of the recipient device.
  • the processing module 412 can be a processor or a controller, such as a central processing unit, a general purpose processor, a digital signal processor, an application specific integrated circuit, a field programmable gate array or other programmable logic device, a transistor logic device, Hardware components or any combination thereof. It is possible to implement or carry out the various illustrative logical blocks, modules and circuits described in connection with the present disclosure.
  • the processor may also be a combination of computing functions, for example, including one or more microprocessor combinations, combinations of digital signal processors and microprocessors, and the like.
  • the communication module 413 can be a transceiver, a transceiver circuit, a communication interface, or the like.
  • the storage module 411 can be a memory.
  • the processing module 412 is a processor
  • the communication module 413 is a communication interface
  • the storage module 411 is a memory
  • the receiving device according to the embodiment of the present invention may be the device shown in FIG.
  • the receiver device 420 includes a processor 422, a communication interface 423, a memory 421, and a bus 424.
  • the communication interface 423, the processor 422, and the memory 421 are connected to each other through a bus 424.
  • the bus 424 may be a PCI bus or an EISA bus.
  • the bus can be divided into an address bus, a data bus, a control bus, and the like. For ease of representation, only one thick line is shown in FIG. 21, but it does not mean that there is only one bus or one type of bus.
  • a computer readable storage medium is stored, where computer execution instructions are stored, and when at least one processor of the device executes the computer to execute an instruction, the device executes the above figure. 3.
  • the information transmission side shown in Figure 8 or Figure 13 The step of the sender or the step of the receiver.
  • a computer program product comprising computer executable instructions stored in a computer readable storage medium; at least one processor of the device may be Reading the storage medium reads the computer execution instructions, and the at least one processor executing the computer execution instructions causes the apparatus to perform the steps of the sender or the receiving side in the information transmission method shown in FIG. 3, FIG. 8, or FIG.
  • a communication system including a sender device and a receiver device.
  • the sender device is the sender device shown in any of Figures 16-18, and/or the receiver device is the receiver device shown in any of Figures 19-21.
  • the sender device is configured to perform the steps of the sender in the information transmission method shown in FIG. 3, FIG. 8 or FIG. 13; the receiver device is configured to execute the information transmission method shown in FIG. 3, FIG. 8 or FIG. The steps in the receiver.
  • the sender device determines a transmission message according to a preset data format, where the transmission message includes the transmitted data and the information of the sender, and then the sender device uses the preset data format to the at least one receiver.
  • the device sends a transmission message, so that when receiving the transmission message, the receiver device can perform security verification on the transmission message according to the information of the sender, thereby ensuring the security of the sender device to send the transmission message.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

Provided in an embodiment of the present invention are a method and device for transmitting information, relating to the field of communication technology and intended to solve the problem that in the prior art, the security of a played message cannot be protected. The method comprises: a sender determines a transmission message according to a preset data format, the transmission message comprising transmitted data and information of the sender, and the information of the sender being used by a receiver to verify the security of the transition message; and the sender transmits the transmission message to at least one receiver using the preset data format. Therefore, when the receiver receives the transmission message, the receiver verifies the security of the transmission message according to the information of the sender comprised in the transmission message.

Description

一种信息传输方法及设备Information transmission method and device 技术领域Technical field
本发明涉及通信技术领域,尤其涉及一种信息传输方法及设备。The present invention relates to the field of communications technologies, and in particular, to an information transmission method and device.
背景技术Background technique
车与外界(英文:vehicle-to-X,简称:V2X)的信息交换,是指车辆与车辆(英文:vehicle-to-vehicle,简称:V2V)、车辆与基础设施(英文:vehicle-to-infrastructure,简称:V2I)、以及车辆与行人(英文:vehicle-to-pedestrian,简称:V2P)之间的通信。通过V2X通信可以实现提高道路安全、提高交通效率、以及为用户提供丰富的流媒体服务的目的。The information exchange between the vehicle and the outside world (English: vehicle-to-X, referred to as V2X) refers to vehicles and vehicles (English: vehicle-to-vehicle, referred to as V2V), vehicles and infrastructure (English: vehicle-to- Infrastructure, referred to as V2I), and communication between vehicles and pedestrians (English: vehicle-to-pedestrian, V2P). V2X communication can achieve road safety, improve traffic efficiency, and provide users with rich streaming services.
目前,在V2X通信业务中,广播相关的业务占据了绝大部分,比如,车车之间的前向碰撞告警等。V2X通信的安全需求要求广播消息的接收方能够验证消息来源的合法性。第三代合作伙伴计划(英文:3rd generation partnership project,简称:3GPP)中提出了两种保护V2X广播消息安全性的方法:一种是基于身份签名(英文:identity-based signature,IBS)的方法,另一种是基于数字证书的方法。但是,对于如何使用这两种方法对发送的广播消息进行安全性保护尚未给出具体的解决方法。At present, in the V2X communication service, broadcast-related services occupy the vast majority, for example, forward collision warnings between vehicles and vehicles. The security requirements of V2X communication require that the recipient of the broadcast message be able to verify the legitimacy of the source. The third generation partnership project (English: 3rd generation partnership project, 3GPP for short) proposes two methods to protect the security of V2X broadcast messages: one is based on identity-based signature (IBS). The other is a method based on digital certificates. However, no specific solution has been given for how to use these two methods to secure the broadcast messages sent.
发明内容Summary of the invention
本发明的实施例提供一种信息传输方法及设备,解决了现有技术中无法对发送的广播消息进行安全性保护的问题。The embodiment of the invention provides an information transmission method and device, which solves the problem that the broadcast message cannot be securely protected in the prior art.
为达到上述目的,本发明的实施例采用如下技术方案:In order to achieve the above object, embodiments of the present invention adopt the following technical solutions:
第一方面,提供一种信息传输方法,该方法包括:发送方根据预设数据格式确定传输消息;其中,传输消息包括被发送数据和发送方的信息;发送方的信息是用于使接收方对传输消息进行安全性验证的信息;发送方使用预设数据格式,向至少一个接收方发送传输消息。上述技术方案中,发送方通过根据预设数据格式确定传输消息,并使用预设数据格式向至少一个接收方发送该传输消息,从而通过预设的数据格式可以保 证发送方发送广播消息时的安全性。In a first aspect, an information transmission method is provided, the method comprising: a sender determining a transmission message according to a preset data format; wherein the transmission message includes the transmitted data and the sender information; and the sender information is used to enable the receiver Information for performing security verification on the transmitted message; the sender transmits the transmitted message to at least one recipient using a preset data format. In the foregoing technical solution, the sender determines the transmission message according to the preset data format, and sends the transmission message to the at least one receiver by using the preset data format, so that the preset data format can be guaranteed. The security of the sender when sending a broadcast message.
在一种可能的实现方式中,发送方的信息包括发送方的身份信息和签名;其中,签名是发送方对传输消息中包括的除签名之外的其他信息的签名。上述可选的技术方案中,提供了一种用于使接收方对传输消息进行验证的发送方的信息。In a possible implementation manner, the sender's information includes the sender's identity information and a signature; wherein the signature is a signature of the sender to the information other than the signature included in the transmission message. In the above optional technical solution, information for a sender for authenticating a transmission message is provided.
在一种可能的实现方式中,若预设数据格式为基于身份签名的数据格式,则发送方的身份信息包括发送方的身份标识号码ID;其中,发送方的ID、被发送数据和签名均为明文。上述可选的技术方案中,发送方通过基于身份签名的数据格式发送传输消息,可以使接收方根据发送方的信息对传输消息进行完整性验证和发送方身份认证,从而保证待传输性的安全性。In a possible implementation manner, if the preset data format is an identity signature-based data format, the identity information of the sender includes an identifier ID of the sender, where the sender ID, the transmitted data, and the signature are both For the plain text. In the foregoing optional technical solution, the sender sends the transmission message through the identity signature-based data format, so that the receiver can perform integrity verification and sender identity authentication on the transmission message according to the information of the sender, thereby ensuring security of the transmission to be transmitted. Sex.
进一步的,若接收方支持使用至少一套用户签名系统,传输消息还包括发送方使用的用户签名系统的公共参数或公共参数索引,从而当传输消息包括发送方使用的用户签名系统的公共参数或公共参数索引时,可以节省接收方确定对应的公共参数的时间,提高安全性验证的效率。Further, if the receiver supports using at least one set of user signature systems, the transmission message further includes a public parameter or a public parameter index of the user signature system used by the sender, so that when the transmission message includes a public parameter of the user signature system used by the sender or When the public parameter index is used, the time for the receiver to determine the corresponding public parameter can be saved, and the efficiency of the security verification is improved.
在一种可能的实现方式中,若预设数据格式为基于身份签名和基于身份加密的数据格式,则发送方的身份信息包括发送方的身份标识号码ID;其中,发送方的ID为明文或密文、被发送数据和签名均为密文。上述可选的技术方案中,发送方通过基于身份签名和基于身份加密的数据格式发送传输消息,可以使接收方根据自身的私钥对传输消息进行解密,得到明文的信息后,基于发送方的信息对传输消息进行安全性验证,从而同时保证了传输消息的完整性和机密性。In a possible implementation manner, if the preset data format is an identity-based signature and an identity-based encryption-based data format, the sender's identity information includes the sender's identity identification number ID, where the sender's ID is plaintext or The ciphertext, the transmitted data, and the signature are all ciphertext. In the foregoing optional technical solution, the sender sends the transmission message by using the identity signature and the identity-based encryption data format, so that the receiver can decrypt the transmission message according to the private key of the receiver, and obtain the information of the plaintext, based on the sender. The information is used to securely verify the transmitted message, thereby ensuring the integrity and confidentiality of the transmitted message.
进一步的,若发送方和接收方均支持使用至少一套用户签名系统和至少一套用户加密系统,传输消息还包括:发送方使用的用户签名系统的公共参数或公共参数索引,和/或发送方加密时所使用的接收方的用户加密系统的公共参数或公共参数索引。上述可选的技术方案中,将发送方加密时所使用的接收方的用户加密系统的公共参数或公共参数索引发送给接收方,可以提高接收方对传输消息进行解密的效率;将发送方使用的 用户签名系统的公共参数或公共参数索引发送给接收方,可以节省接收方确定对应的公共参数的时间,提高安全性验证的效率。Further, if both the sender and the receiver support the use of at least one set of user signature systems and at least one set of user encryption systems, the transport message further includes: a public parameter or a public parameter index of the user signature system used by the sender, and/or a transmission The public parameter or public parameter index of the recipient's user encryption system used by the party to encrypt. In the above optional technical solution, the public parameter or the public parameter index of the user encryption system of the receiver used by the sender to be encrypted is sent to the receiver, which can improve the efficiency of the receiver to decrypt the transmission message; of The public parameter or the public parameter index of the user signature system is sent to the receiver, which can save the time for the receiver to determine the corresponding public parameter, and improve the efficiency of the security verification.
在一种可能的实现方式中,若预设数据格式为基于数字证书的数据格式,则发送方的身份信息包括发送方的数字证书。可选的,若接收方支持使用一套数字证书,则传输消息中可以包括发送方的数字证书,也可以不包括发送方的数字证书。上述可选的技术方案中,发送方通过基于数字证书的数据格式发送传输消息,可以使接收方根据发送方的数字证书对传输消息进行安全性验证和身份认证,从而可以保证发送方发送的传输消息的安全性。In a possible implementation manner, if the preset data format is a digital certificate-based data format, the sender's identity information includes the sender's digital certificate. Optionally, if the receiver supports using a set of digital certificates, the transmission message may include the sender's digital certificate or may not include the sender's digital certificate. In the above optional technical solution, the sender sends the transmission message through the digital certificate-based data format, so that the receiver can perform security verification and identity authentication on the transmission message according to the sender's digital certificate, thereby ensuring the transmission sent by the sender. The security of the message.
进一步的,若接收方支持使用至少一套数字证书,传输消息还包括发送方加密传输消息时使用的接收方的公钥或公钥索引,从而使接收方在接收到传输消息时,可以根据该公钥或公钥索引快速地确定解密的私钥,提高解密传输消息的效率。Further, if the receiver supports using at least one set of digital certificates, the transmission message further includes a public key or a public key index of the receiver used by the sender to encrypt the transmission message, so that the receiver can receive the transmission message according to the The public key or public key index quickly determines the decrypted private key and improves the efficiency of decrypting the transmitted message.
在一种可能的实现方式中,发送方的数字证书、被发送数据和签名均为明文;或者,发送方的数字证书、被发送数据和签名均为密文;或者,发送方的数字证书为明文,被发送数据和签名均为密文。上述可选的技术方案中,当发送方的数字证书、被发送数据和签名均为明文时,接收方可以对传输消息进行完整性验证和身份认证;当发送方的数字证书为明文或密文、被发送数据和签名均为密文时,接收方可以在接收传输消息后先进行解密,之后对传输消息进行完整性验证和身份认证,从而可以同时保证传输消息的完整性和机密性,进而保证了传输消息的安全性。In a possible implementation manner, the sender's digital certificate, the transmitted data, and the signature are plaintext; or the sender's digital certificate, the transmitted data, and the signature are all ciphertext; or, the sender's digital certificate is In plain text, the transmitted data and signature are both ciphertext. In the above optional technical solution, when the sender's digital certificate, the transmitted data, and the signature are both plaintext, the receiver may perform integrity verification and identity authentication on the transmitted message; when the sender's digital certificate is plaintext or ciphertext When the transmitted data and the signature are both ciphertext, the receiver can decrypt the received message, and then perform integrity verification and identity authentication on the transmitted message, thereby ensuring the integrity and confidentiality of the transmitted message. The security of the transmitted message is guaranteed.
在一种可能的实现方式中,传输消息还包括以下至少一个:发送方的ID的有效期、发送方使用的密钥管理中心标识、传输消息的时间戳。上述可选的技术方案中,可以保证发送方的ID的新鲜性,防止传输消息被跟踪、被重放攻击,保证了传输消息的安全性。In a possible implementation manner, the transmission message further includes at least one of: a validity period of the sender's ID, a key management center identifier used by the sender, and a time stamp of the transmission message. In the above optional technical solution, the freshness of the ID of the sender can be ensured, the transmission message is prevented from being tracked, and the attack is replayed, thereby ensuring the security of the transmitted message.
在一种可能的实现方式中,传输消息还包括传输消息的时间戳。上述可选的技术方案中,可以使在接收到传输消息时,根据传输消息的时间戳进行重放攻击检查,保证传输消息的安全性。In a possible implementation, the transmission message further includes a timestamp of transmitting the message. In the foregoing optional technical solution, when the transmission message is received, the replay attack check is performed according to the timestamp of the transmission message to ensure the security of the transmission message.
第二方面,提供一种信息传输方法,该方法包括:接收方接收发 送方使用预设数据格式发送的传输消息;其中,传输消息包括被发送数据和发送方的信息;接收方根据发送方的信息,对传输消息进行安全性验证。In a second aspect, an information transmission method is provided, the method comprising: receiving a receiving The transmission message sent by the sender using the preset data format; wherein the transmission message includes the transmitted data and the information of the sender; the receiver performs security verification on the transmission message according to the information of the sender.
在一种可能的实现方式中,发送方的信息包括发送方的身份信息和签名;其中,签名是发送方对传输消息中包括的除签名之外的其他信息的签名;接收方根据发送方的信息,对传输消息进行安全性验证,包括:接收方根据发送方的身份信息、签名和被发送数据进行验证计算,得到验证信息;若验证信息为预设信息,则确定传输消息的安全性验证通过,否则确定传输消息的安全性验证不通过。In a possible implementation manner, the sender's information includes the sender's identity information and a signature; wherein the signature is a signature of the sender to the information other than the signature included in the transmission message; the receiver is based on the sender's The information is used to perform security verification on the transmitted message, including: the receiving party performs verification calculation according to the identity information, signature and transmitted data of the sender, and obtains verification information; if the verification information is preset information, determines security verification of the transmitted message. Pass, otherwise it is determined that the security verification of the transmitted message does not pass.
在一种可能的实现方式中,若预设数据格式为基于身份签名的数据格式,则发送方的身份信息包括发送方的身份标识号码ID;其中,发送方的ID、被发送数据和签名均为明文。进一步的,若接收方支持使用至少一套用户签名系统,传输消息还包括发送方使用的用户签名系统的公共参数或公共参数索引。In a possible implementation manner, if the preset data format is an identity signature-based data format, the identity information of the sender includes an identifier ID of the sender, where the sender ID, the transmitted data, and the signature are both For the plain text. Further, if the receiver supports using at least one set of user signature systems, the transport message further includes a public parameter or a public parameter index of the user signature system used by the sender.
在一种可能的实现方式中,若预设数据格式为基于身份签名和基于身份加密的数据格式,则发送方的身份信息包括发送方的身份标识号码ID;其中,发送方的ID为明文或密文、被发送数据和签名均为密文;接收方根据发送方的信息,对被发送数据进行安全性验证之前,该方法还包括:若传输消息包括的被发送数据和签名均为密文,接收方根据第一预设私钥对传输消息进行解密,得到被发送数据的明文和签名的明文;若传输消息包括的发送方的ID、被发送数据和签名均为密文,接收方根据第一预设私钥对传输消息进行解密,得到发送方的ID的明文、被发送数据的明文和签名的明文。进一步的,若发送方和接收方均支持使用至少一套用户签名系统和至少一套用户加密系统,传输消息还包括:发送方使用的用户签名系统的公共参数或公共参数索引,和/或发送方加密时所使用的接收方的用户加密系统的公共参数或公共参数索引。In a possible implementation manner, if the preset data format is an identity-based signature and an identity-based encryption-based data format, the sender's identity information includes the sender's identity identification number ID, where the sender's ID is plaintext or The ciphertext, the transmitted data, and the signature are all ciphertexts; before the recipient performs security verification on the transmitted data according to the information of the sender, the method further includes: if the transmitted message includes the transmitted data and the signature are all ciphertexts The receiving party decrypts the transmission message according to the first preset private key, and obtains the plaintext of the transmitted data and the plaintext of the signature; if the sender's ID, the transmitted data, and the signature included in the transmission message are all ciphertext, the receiver is based on the The first preset private key decrypts the transmission message, and obtains the plaintext of the sender's ID, the plaintext of the transmitted data, and the plaintext of the signature. Further, if both the sender and the receiver support the use of at least one set of user signature systems and at least one set of user encryption systems, the transport message further includes: a public parameter or a public parameter index of the user signature system used by the sender, and/or a transmission The public parameter or public parameter index of the recipient's user encryption system used by the party to encrypt.
在一种可能的实现方式中,若预设数据格式为基于数字证书的数据格式,则发送方的身份信息包括发送方的数字证书。可选的,若接收方支持使用一套数字证书,则传输消息中可以包括发送方的数字 证书,也可以不包括发送方的数字证书。进一步的,若接收方支持使用至少一套数字证书,传输消息还包括发送方加密传输消息时使用的接收方的公钥或公钥索引。In a possible implementation manner, if the preset data format is a digital certificate-based data format, the sender's identity information includes the sender's digital certificate. Optionally, if the receiver supports the use of a set of digital certificates, the sender's digits may be included in the transmitted message. The certificate may or may not include the sender's digital certificate. Further, if the receiver supports using at least one set of digital certificates, the transport message further includes a public key or a public key index of the receiver used by the sender to encrypt the transmitted message.
在一种可能的实现方式中,发送方的数字证书、被发送数据和签名均为明文;或者,发送方的数字证书、被发送数据和签名均为密文;接收方根据发送方的信息,对被发送数据进行安全性验证之前,该方法还包括:接收方根据第二预设私钥对传输消息进行解密,得到发送方的数字证书的明文、被发送数据的明文和签名的明文;或者,发送方的数字证书为明文,被发送数据和签名均为密文;接收方根据发送方的信息,对被发送数据进行安全性验证之前,该方法还包括:接收方根据第二预设私钥对传输消息进行解密,得到被发送数据的明文和签名的明文。In a possible implementation manner, the sender's digital certificate, the transmitted data, and the signature are plaintext; or the sender's digital certificate, the transmitted data, and the signature are all ciphertext; and the receiver is based on the sender's information. Before performing security verification on the transmitted data, the method further includes: the receiver decrypts the transmission message according to the second preset private key, and obtains the plaintext of the sender's digital certificate, the plaintext of the transmitted data, and the plaintext of the signature; or The sender's digital certificate is plaintext, and the transmitted data and the signature are both ciphertext; before the recipient performs security verification on the transmitted data according to the sender's information, the method further includes: the receiver according to the second preset private The key decrypts the transmitted message to obtain the plaintext of the transmitted data and the plaintext of the signature.
在一种可能的实现方式中,传输消息还包括以下至少一个:发送方的ID的有效期、发送方使用的密钥管理中心标识、传输消息的时间戳。In a possible implementation manner, the transmission message further includes at least one of: a validity period of the sender's ID, a key management center identifier used by the sender, and a time stamp of the transmission message.
在一种可能的实现方式中,传输消息还包括传输消息的时间戳。In a possible implementation, the transmission message further includes a timestamp of transmitting the message.
第三方面,提供一种发送方设备,发送方设备包括:确定单元,用于根据预设数据格式确定传输消息;其中,传输消息包括被发送数据和发送方的信息;发送方的信息是用于使接收方对传输消息进行安全性验证的信息;发送单元,用于使用预设数据格式,向至少一个接收方发送传输消息。In a third aspect, a sender device is provided, where the sender device includes: a determining unit, configured to determine, according to a preset data format, a transport message, where the transport message includes the sent data and the sender information; the sender information is used by And a sending unit, configured to send, by using a preset data format, a transmission message to the at least one receiving party.
在一种可能的实现方式中,发送方的信息包括发送方的身份信息和签名;其中,签名是发送方对传输消息中包括的除签名之外的其他信息的签名。In a possible implementation manner, the sender's information includes the sender's identity information and a signature; wherein the signature is a signature of the sender to the information other than the signature included in the transmission message.
在一种可能的实现方式中,若预设数据格式为基于身份签名的数据格式,则发送方的身份信息包括发送方的身份标识号码ID;其中,发送方的ID、被发送数据和签名均为明文。进一步的,若接收方支持使用至少一套用户签名系统,传输消息还包括发送方使用的用户签名系统的公共参数或公共参数索引。In a possible implementation manner, if the preset data format is an identity signature-based data format, the identity information of the sender includes an identifier ID of the sender, where the sender ID, the transmitted data, and the signature are both For the plain text. Further, if the receiver supports using at least one set of user signature systems, the transport message further includes a public parameter or a public parameter index of the user signature system used by the sender.
在一种可能的实现方式中,若预设数据格式为基于身份签名和基 于身份加密的数据格式,则发送方的身份信息包括发送方的身份标识号码ID;其中,发送方的ID为明文或密文、被发送数据和签名均为密文。进一步的,若发送方和接收方均支持使用至少一套用户签名系统和至少一套用户加密系统,传输消息还包括:发送方使用的用户签名系统的公共参数或公共参数索引,和/或发送方加密时所使用的接收方的用户加密系统的公共参数或公共参数索引。In a possible implementation, if the preset data format is based on identity signature and base In the data format of the identity encryption, the identity information of the sender includes the identity number of the sender, where the sender's ID is plaintext or ciphertext, and the transmitted data and signature are ciphertext. Further, if both the sender and the receiver support the use of at least one set of user signature systems and at least one set of user encryption systems, the transport message further includes: a public parameter or a public parameter index of the user signature system used by the sender, and/or a transmission The public parameter or public parameter index of the recipient's user encryption system used by the party to encrypt.
在一种可能的实现方式中,若预设数据格式为基于数字证书的数据格式,则发送方的身份信息包括发送方的数字证书。In a possible implementation manner, if the preset data format is a digital certificate-based data format, the sender's identity information includes the sender's digital certificate.
在一种可能的实现方式中,发送方的数字证书、被发送数据和签名均为明文;或者,发送方的数字证书、被发送数据和签名均为密文;或者,发送方的数字证书为明文,被发送数据和签名均为密文。可选的,若接收方支持使用一套数字证书,则传输消息中可以包括发送方的数字证书,也可以不包括发送方的数字证书。进一步的,若接收方支持使用至少一套数字证书,传输消息还包括发送方加密传输消息时使用的接收方的公钥或公钥索引。In a possible implementation manner, the sender's digital certificate, the transmitted data, and the signature are plaintext; or the sender's digital certificate, the transmitted data, and the signature are all ciphertext; or, the sender's digital certificate is In plain text, the transmitted data and signature are both ciphertext. Optionally, if the receiver supports using a set of digital certificates, the transmission message may include the sender's digital certificate or may not include the sender's digital certificate. Further, if the receiver supports using at least one set of digital certificates, the transport message further includes a public key or a public key index of the receiver used by the sender to encrypt the transmitted message.
在一种可能的实现方式中,传输消息还包括以下至少一个:发送方的ID的有效期、发送方使用的密钥管理中心标识、传输消息的时间戳。In a possible implementation manner, the transmission message further includes at least one of: a validity period of the sender's ID, a key management center identifier used by the sender, and a time stamp of the transmission message.
在一种可能的实现方式中,传输消息还包括传输消息的时间戳。In a possible implementation, the transmission message further includes a timestamp of transmitting the message.
第四方面,提供一种接收方设备,接收方设备包括:接收单元,用于接收发送方使用预设数据格式发送的传输消息;其中,传输消息包括被发送数据和发送方的信息;验证单元,用于根据发送方的信息,对传输消息进行安全性验证。The fourth aspect provides a receiving device, where the receiving device includes: a receiving unit, configured to receive a transmission message sent by the sender using a preset data format, where the transmission message includes the transmitted data and the sender information; the verification unit Used to perform security verification on the transmitted message according to the sender's information.
在一种可能的实现方式中,发送方的信息包括发送方的身份信息和签名;其中,签名是发送方对传输消息中包括的除签名之外的其他信息的签名;验证单元,具体用于:根据发送方的身份信息、签名和传输消息进行验证计算,得到验证信息;若验证信息为预设信息,则确定传输消息的安全性验证通过,否则确定传输消息的安全性验证不通过。In a possible implementation manner, the information of the sender includes the identity information and the signature of the sender, where the signature is a signature of the sender to the information other than the signature included in the transmission message, and the verification unit is specifically configured to: The verification information is obtained according to the identity information, the signature and the transmission message of the sender, and the verification information is obtained. If the verification information is the preset information, it is determined that the security verification of the transmission message passes, otherwise the security verification of the transmission message is determined to fail.
在一种可能的实现方式中,若预设数据格式为基于身份签名的数 据格式,则发送方的身份信息包括发送方的身份标识号码ID;其中,发送方的ID、被发送数据和签名均为明文。进一步的,若接收方支持使用至少一套用户签名系统,传输消息还包括发送方使用的用户签名系统的公共参数或公共参数索引。In a possible implementation, if the preset data format is based on the number of identity signatures According to the format, the sender's identity information includes the sender's identity number ID; wherein the sender's ID, the transmitted data, and the signature are plaintext. Further, if the receiver supports using at least one set of user signature systems, the transport message further includes a public parameter or a public parameter index of the user signature system used by the sender.
在一种可能的实现方式中,若预设数据格式为基于身份签名和基于身份加密的数据格式,则发送方的身份信息包括发送方的身份标识号码ID;其中,发送方的ID为明文或密文、被发送数据和签名均为密文;接收方设备还包括:解密单元,用于若传输消息包括的被发送数据和签名均为密文,根据第一预设私钥对传输消息进行解密,得到被发送数据的明文和签名的明文;若传输消息包括的发送方的ID、被发送数据和签名均为密文,根据第一预设私钥对传输消息进行解密,得到发送方的ID的明文、被发送数据的明文和签名的明文。进一步的,若发送方和接收方均支持使用至少一套用户签名系统和至少一套用户加密系统,传输消息还包括:发送方使用的用户签名系统的公共参数或公共参数索引,和/或发送方加密时所使用的接收方的用户加密系统的公共参数或公共参数索引。In a possible implementation manner, if the preset data format is an identity-based signature and an identity-based encryption-based data format, the sender's identity information includes the sender's identity identification number ID, where the sender's ID is plaintext or The ciphertext, the transmitted data, and the signature are all ciphertext; the receiving device further includes: a decrypting unit, configured to: if the transmitted data and the signature included in the transmission message are all ciphertext, perform the transmission message according to the first preset private key Decrypting, obtaining the plaintext of the transmitted data and the plaintext of the signature; if the sender's ID, the transmitted data, and the signature included in the transmission message are all ciphertext, the transmission message is decrypted according to the first preset private key, and the sender is obtained. The plain text of the ID, the plaintext of the transmitted data, and the plaintext of the signature. Further, if both the sender and the receiver support the use of at least one set of user signature systems and at least one set of user encryption systems, the transport message further includes: a public parameter or a public parameter index of the user signature system used by the sender, and/or a transmission The public parameter or public parameter index of the recipient's user encryption system used by the party to encrypt.
在一种可能的实现方式中,若预设数据格式为基于数字证书的数据格式,则发送方的身份信息包括发送方的数字证书。可选的,若接收方支持使用一套数字证书,则传输消息中可以包括发送方的数字证书,也可以不包括发送方的数字证书。进一步的,若接收方支持使用至少一套数字证书,传输消息还包括发送方加密传输消息时使用的接收方的公钥或公钥索引。In a possible implementation manner, if the preset data format is a digital certificate-based data format, the sender's identity information includes the sender's digital certificate. Optionally, if the receiver supports using a set of digital certificates, the transmission message may include the sender's digital certificate or may not include the sender's digital certificate. Further, if the receiver supports using at least one set of digital certificates, the transport message further includes a public key or a public key index of the receiver used by the sender to encrypt the transmitted message.
在一种可能的实现方式中,发送方的数字证书、被发送数据和签名均为明文;或者,发送方的数字证书、被发送数据和签名均为密文;验证单元根据发送方的信息,对传输消息进行安全性验证之前,解密单元还用于:根据第二预设私钥对传输消息进行解密,得到发送方的数字证书的明文、被发送数据的明文和签名的明文;或者,发送方的数字证书为明文,被发送数据和签名均为密文;验证单元根据发送方的信息,对传输消息进行安全性验证之前,解密单元还用于:根据第二预设私钥对传输消息进行解密,得到被发送数据的 明文和签名的明文。In a possible implementation manner, the sender's digital certificate, the transmitted data, and the signature are plaintext; or the sender's digital certificate, the transmitted data, and the signature are all ciphertext; and the verification unit is based on the sender's information. Before performing the security verification on the transmission message, the decryption unit is further configured to: decrypt the transmission message according to the second preset private key, obtain the plaintext of the sender's digital certificate, the plaintext of the transmitted data, and the plaintext of the signature; or, send The digital certificate of the party is in plain text, and the transmitted data and the signature are both ciphertext; before the security verification of the transmission message by the verification unit according to the information of the sender, the decryption unit is further configured to: transmit the message according to the second preset private key pair Decrypt and get the data to be sent Plain text and signed plain text.
在一种可能的实现方式中,传输消息还包括以下至少一个:发送方的ID的有效期、发送方使用的密钥管理中心标识、传输消息的时间戳。In a possible implementation manner, the transmission message further includes at least one of: a validity period of the sender's ID, a key management center identifier used by the sender, and a time stamp of the transmission message.
在一种可能的实现方式中,传输消息还包括传输消息的时间戳。In a possible implementation, the transmission message further includes a timestamp of transmitting the message.
第五方面,提供一种发送方设备,发送方设备包括存储器、处理器、总线和通信接口,存储器中存储代码和数据,处理器与存储器通过总线连接,处理器运行存储器中的代码使得发送方设备执行上述第一方面或第一方面任一种可能的实现方式中的任一项所提供的信息传输方法。In a fifth aspect, a sender device is provided. The sender device includes a memory, a processor, a bus, and a communication interface. The memory stores code and data, the processor and the memory are connected by a bus, and the processor runs the code in the memory to enable the sender. The apparatus performs the information transmission method provided by any one of the above first aspect or any one of the possible implementations of the first aspect.
第六方面,提供一种接收方设备,接收方设备包括存储器、处理器、总线和通信接口,存储器中存储代码和数据,处理器与存储器通过总线连接,处理器运行存储器中的代码使得发送方设备执行上述第二方面或第二方面任一种可能的实现方式中的任一项所提供的信息传输方法。In a sixth aspect, a receiver device is provided. The receiver device includes a memory, a processor, a bus, and a communication interface. The memory stores code and data, the processor and the memory are connected by a bus, and the processor runs the code in the memory to enable the sender. The apparatus performs the information transmission method provided by any one of the above second aspect or any one of the possible implementations of the second aspect.
第七方面,提供一种通信系统,该通信系统包括发送方设备和接收方设备,其中,发送方设备为第三方面、或者第三方面的任一种可能的实现方式、或者第五方面所提供的发送方设备,和/或接收方设备为第四方面、或者第四方面的任一种可能的实现方式、或者第六方面所提供的接收方设备。In a seventh aspect, a communication system is provided, the communication system comprising a sender device and a receiver device, wherein the sender device is the third aspect, or any possible implementation manner of the third aspect, or the fifth aspect The provided sender device, and/or the receiver device is the fourth aspect, or any possible implementation of the fourth aspect, or the receiver device provided by the sixth aspect.
第八方面,提供一种计算机可读存储介质,计算机可读存储介质中存储有计算机执行指令,当设备的至少一个处理器执行该计算机执行指令时,设备执行上述第一方面或者第一方面的任一种可能的实现方式所提供的信息传输方法,或者执行上述第二方面或者第二方面的任一种可能的实现方式所提供的信息传输方法。According to an eighth aspect, a computer readable storage medium is provided, where computer executed instructions are stored, and when the at least one processor of the device executes the computer to execute an instruction, the device performs the first aspect or the first aspect. The information transmission method provided by any one of the possible implementation manners, or the information transmission method provided by the foregoing second aspect or any possible implementation manner of the second aspect.
第九方面,提供一种计算机程序产品,该计算机程序产品包括计算机执行指令,该计算机执行指令存储在计算机可读存储介质中;设备的至少一个处理器可以从计算机可读存储介质读取该计算机执行指令,至少一个处理器执行该计算机执行指令使得设备实施上述第一方面或者第一方面的任一种可能的实现方式所提供的信息传输方法,或者执行上述第二方面 或者第二方面的任一种可能的实现方式所提供的信息传输方法。In a ninth aspect, a computer program product is provided, the computer program product comprising computer executable instructions stored in a computer readable storage medium; at least one processor of the device can read the computer from a computer readable storage medium Executing an instruction, the at least one processor executing the computer to execute the instruction, causing the device to implement the information transmission method provided by the first aspect or any one of the possible implementation manners of the first aspect, or performing the second aspect Or the information transmission method provided by any of the possible implementations of the second aspect.
附图说明DRAWINGS
为了更清楚地说明本发明实施例的技术方案,下面将对实施例中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings used in the embodiments will be briefly described below. It is obvious that the drawings in the following description are only some embodiments of the present invention. Those skilled in the art can also obtain other drawings based on these drawings without paying any creative work.
图1为本发明实施例提供的一种通信系统的结构示意图;1 is a schematic structural diagram of a communication system according to an embodiment of the present invention;
图2为本发明实施例提供的一种终端设备的结构示意图;2 is a schematic structural diagram of a terminal device according to an embodiment of the present invention;
图3为本发明实施例提供的一种信息传输方法的流程示意图;FIG. 3 is a schematic flowchart diagram of an information transmission method according to an embodiment of the present disclosure;
图4为本发明实施例提供的第一种预设数据格式的示意图;4 is a schematic diagram of a first preset data format according to an embodiment of the present invention;
图5为本发明实施例提供的第二种预设数据格式的示意图;FIG. 5 is a schematic diagram of a second preset data format according to an embodiment of the present disclosure;
图6为本发明实施例提供的第三种预设数据格式的示意图;FIG. 6 is a schematic diagram of a third preset data format according to an embodiment of the present invention;
图7为本发明实施例提供的第四种预设数据格式的示意图;FIG. 7 is a schematic diagram of a fourth preset data format according to an embodiment of the present disclosure;
图8为本发明实施例提供的另一种信息传输方法的流程示意图;FIG. 8 is a schematic flowchart diagram of another information transmission method according to an embodiment of the present disclosure;
图9为本发明实施例提供的第五种预设数据格式的示意图;FIG. 9 is a schematic diagram of a fifth preset data format according to an embodiment of the present disclosure;
图10为本发明实施例提供的第六种预设数据格式的示意图;FIG. 10 is a schematic diagram of a sixth preset data format according to an embodiment of the present disclosure;
图11为本发明实施例提供的第七种预设数据格式的示意图;FIG. 11 is a schematic diagram of a seventh preset data format according to an embodiment of the present invention;
图12为本发明实施例提供的第八种预设数据格式的示意图;FIG. 12 is a schematic diagram of an eighth preset data format according to an embodiment of the present disclosure;
图13为本发明实施例提供的又一种信息传输方法的流程示意图;FIG. 13 is a schematic flowchart diagram of still another information transmission method according to an embodiment of the present invention;
图14为本发明实施例提供的第九种预设数据格式的示意图;FIG. 14 is a schematic diagram of a ninth preset data format according to an embodiment of the present disclosure;
图15为本发明实施例提供的第十种预设数据格式的示意图;FIG. 15 is a schematic diagram of a tenth preset data format according to an embodiment of the present invention;
图16为本发明实施例提供的一种发送方设备的结构示意图;FIG. 16 is a schematic structural diagram of a sender device according to an embodiment of the present disclosure;
图17为本发明实施例提供的另一种发送方设备的结构示意图;FIG. 17 is a schematic structural diagram of another sender device according to an embodiment of the present disclosure;
图18为本发明实施例提供的又一种发送方设备的结构示意图;FIG. 18 is a schematic structural diagram of still another sender device according to an embodiment of the present disclosure;
图19为本发明实施例提供的一种接收方设备的结构示意图;FIG. 19 is a schematic structural diagram of a receiver device according to an embodiment of the present disclosure;
图20为本发明实施例提供的另一种接收方设备的结构示意图;FIG. 20 is a schematic structural diagram of another receiver device according to an embodiment of the present disclosure;
图21为本发明实施例提供的又一种接收方设备的结构示意图。FIG. 21 is a schematic structural diagram of still another receiver device according to an embodiment of the present invention.
具体实施方式detailed description
下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进 行清楚、完整地描述,显然,所描述的实施例仅仅是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有作出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。The technical solution in the embodiment of the present invention will be further described below with reference to the accompanying drawings in the embodiments of the present invention. The invention is described in a clear and complete manner, and it is obvious that the described embodiments are only a part of the embodiments of the invention, and not all of the embodiments. All other embodiments obtained by those skilled in the art based on the embodiments of the present invention without creative efforts are within the scope of the present invention.
图1为本发明实施例提供的一种通信系统的结构示意图,参见图1,该通信系统包括基站101和终端设备102。其中,基站101可以与终端设备102进行通信,终端设备102可以为车辆、用户的手持设备或者智能穿戴设备等等。FIG. 1 is a schematic structural diagram of a communication system according to an embodiment of the present invention. Referring to FIG. 1, the communication system includes a base station 101 and a terminal device 102. The base station 101 can communicate with the terminal device 102, and the terminal device 102 can be a vehicle, a user's handheld device, a smart wearable device, or the like.
在本发明实施例中,多个终端设备102之间也可以进行通信,且可以通过设备到设备(device-to-device,D2D)的方式进行直接通信,也可以通过设备到基站、再到设备的方式进行间接通信。当多个终端设备102之间进行通信时,一个终端设备可以通过广播的方式向其他多个终端设备102发送信息,也可以通过链路向其中的一个终端设备102发送信息。In the embodiment of the present invention, a plurality of terminal devices 102 can also communicate with each other, and can perform direct communication through a device-to-device (D2D) mode, or through a device to a base station, and then to a device. The way to communicate indirectly. When communication is performed between a plurality of terminal devices 102, one terminal device may transmit information to other plurality of terminal devices 102 by means of broadcast, or may transmit information to one of the terminal devices 102 via a link.
图2为本发明实施例提供的一种终端设备的结构示意图,该终端设备包括总线、处理器、存储器、输入输出接口和通信接口。FIG. 2 is a schematic structural diagram of a terminal device according to an embodiment of the present invention. The terminal device includes a bus, a processor, a memory, an input/output interface, and a communication interface.
总线是连接所描述的元素的电路并且在这些元素之间实现传输。例如,处理器通过总线从其它元素接收到命令,解密接收到的命令,根据解密的命令执行计算或数据处理。A bus is a circuit that connects the elements described and implements transmission between these elements. For example, the processor receives commands from other elements over the bus, decrypts the received commands, and performs calculations or data processing based on the decrypted commands.
处理器是终端设备的控制中心,利用各种接口和线路连接整个终端设备的各个部分,通过运行或执行存储在存储器内的软件程序模块,以及调用存储在存储器内的数据,执行各种功能和处理数据,从而对终端设备进行整体监控。可选的,处理器可以包括一个或多个处理器;优选的,处理器可集成应用处理器和调制解调处理器,其中,应用处理器主要处理操作系统、用户界面和应用程序等,调制解调处理器主要处理无线通信。The processor is a control center of the terminal device, and connects various parts of the entire terminal device by using various interfaces and lines, performs various functions by running or executing a software program module stored in the memory, and calling data stored in the memory. The data is processed to perform overall monitoring of the terminal device. Optionally, the processor may include one or more processors; preferably, the processor may integrate an application processor and a modem processor, where the application processor mainly processes an operating system, a user interface, an application, etc., and modulates The demodulation processor primarily handles wireless communications.
存储器可以包括程序模块,例如内核,中间件,应用程序接口(英文:application programmers interface,简称:API)和应用。所述程序模块可以是有软件、固件或硬件、或其中的至少两种组成。存储器可主要包括存储程序区和存储数据区,其中,存储程序区可存储操作系统、至少一个功能所需的应用程序等;存储数据区可存储根据终端设备的使用所创建的数据等。此外,存储器可以包括高速随机存取存储器,还可以包括非易失性存 储器等。The memory may include program modules such as a kernel, a middleware, an application program interface (API), and an application. The program module may be composed of software, firmware or hardware, or at least two of them. The memory may mainly include a storage program area and an storage data area, wherein the storage program area may store an operating system, an application required for at least one function, and the like; the storage data area may store data created according to usage of the terminal device, and the like. In addition, the memory may include a high speed random access memory, and may also include non-volatile memory. Storage, etc.
输入输出接口为处理器和外围接口模块之间提供接口,转发用户通过外围接口模块输入的命令或数据。上述外围接口模块可以是感应器、键盘,点击轮,按钮等。这些按钮可包括但不限于:主页按钮、音量按钮、启动按钮和锁定按钮。The input and output interfaces provide an interface between the processor and the peripheral interface module to forward commands or data entered by the user through the peripheral interface module. The above peripheral interface module may be a sensor, a keyboard, a click wheel, a button, or the like. These buttons may include, but are not limited to, a home button, a volume button, a start button, and a lock button.
通信接口将终端设备与其它终端设备、基站进行连接。可选的,该通信接口可以包括为射频电路,射频电路包括但不限于天线、至少一个放大器、收发信机、耦合器、低噪声放大器、双工器等。其中,通信接口可以通过无线连接到网络以连接到外部其它的终端设备或基站,从而通过网络可以实现终端设备与其它终端设备和基站之间的通信。在一个示例性实施例中,通信接口经由广播信道接收来自外部广播管理系统的广播信号或广播相关信息。在一个示例性实施例中,通信接口还包括WiFi模块、蓝牙模块、红外模块等,以促进短程通信。The communication interface connects the terminal device with other terminal devices and base stations. Optionally, the communication interface may be a radio frequency circuit including, but not limited to, an antenna, at least one amplifier, a transceiver, a coupler, a low noise amplifier, a duplexer, and the like. The communication interface can be connected to other external terminal devices or base stations by wirelessly connecting to the network, so that communication between the terminal device and other terminal devices and the base station can be realized through the network. In an exemplary embodiment, the communication interface receives broadcast signals or broadcast associated information from an external broadcast management system via a broadcast channel. In an exemplary embodiment, the communication interface further includes a WiFi module, a Bluetooth module, an infrared module, etc. to facilitate short range communication.
尽管未示出,终端设备还可以包括显示设备、传感器模块、音频模块等等,在此不再赘述。Although not shown, the terminal device may further include a display device, a sensor module, an audio module, and the like, and details are not described herein again.
本文中术语“和/或”,仅仅是一种描述关联对象的关联关系,表示可以存在三种关系,例如,A和/或B,可以表示:单独存在A,同时存在A和B,单独存在B这三种情况。另外,本文中字符“/”,一般表示前后关联对象是一种“或”的关系。本文中的多个是指两个或者两个以上。The term "and/or" in this context is merely an association describing the associated object, indicating that there may be three relationships, for example, A and / or B, which may indicate that A exists separately, and both A and B exist, respectively. B these three situations. In addition, the character "/" in this article generally indicates that the contextual object is an "or" relationship. A plurality in this document refers to two or more.
图3为本发明实施例提供的一种信息传输方法的流程示意图,参见图3,该方法包括以下几个步骤。FIG. 3 is a schematic flowchart of an information transmission method according to an embodiment of the present invention. Referring to FIG. 3, the method includes the following steps.
步骤201:发送方根据预设数据格式确定传输消息。其中,传输消息包括被发送数据和发送方的信息,发送方的信息是用于使接收方对传输消息进行安全性验证的信息。Step 201: The sender determines the transmission message according to the preset data format. The transmission message includes the transmitted data and the information of the sender, and the information of the sender is information for causing the receiver to perform security verification on the transmission message.
其中,发送方可以为上述图1所示的通信系统中的终端设备102,且可以为车辆。接收方也可以为上述图1所示的通信系统中的终端设备102,且可以为车辆、或者诸如用户的手机、平板电脑、智能手表等手持设备或智能穿戴设备等。The sender may be the terminal device 102 in the communication system shown in FIG. 1 above, and may be a vehicle. The receiving party may also be the terminal device 102 in the communication system shown in FIG. 1 above, and may be a vehicle, or a handheld device such as a user's mobile phone, tablet computer, smart watch, or smart wearable device.
可选的,该被发送数据可以包括以下信息中的一个或者多个:发送方的速度信息、位置信息和告警信息等等。 Optionally, the transmitted data may include one or more of the following information: sender speed information, location information, and alarm information, and the like.
另外,发送方的信息可以包括发送方的身份信息和签名。对于不同的预设数据格式,该发送方的身份信息可以包括不同的信息,比如,对于不同的预设数据格式,发送方的身份信息可以包括发送方的身份标识号码(英文:identity,简称:ID)、或者发送方的数字证书等。签名是发送方对传输消息中包括的除签名之外的其他信息的签名。In addition, the sender's information may include the sender's identity information and signature. For different preset data formats, the sender's identity information may include different information. For example, for different preset data formats, the sender's identity information may include the sender's identity number (English: identity, referred to as: ID), or the sender's digital certificate, etc. A signature is a signature of a sender other than the signature included in the transmission message.
步骤202:发送方使用预设数据格式,向至少一个接收方发送传输消息。Step 202: The sender sends a transmission message to at least one receiver by using a preset data format.
当发送方确定传输消息时,发送方可以通过该预设数据格式向至少一个接收方发送该传输消息,从而至少一个接收方中的每个接收方都可以接收到该传输消息。When the sender determines to transmit the message, the sender can send the transmission message to the at least one recipient through the preset data format, so that each of the at least one receiver can receive the transmission message.
可选的,当发送方为上述图1所示的终端设备时,发送方可以通过广播方式直接向至少一个接收方发送传输消息,也可以将传输消息转发给基站,由基站通过广播方式直接向至少一个接收方发送该传输消息。Optionally, when the sender is the terminal device shown in FIG. 1 , the sender may directly send the transmission message to the at least one receiver by using the broadcast mode, or may forward the transmission message to the base station, and the base station directly transmits the message to the base station. At least one recipient sends the transmission message.
步骤203:当接收方接收到发送方使用预设数据格式发送的传输消息时,接收方根据发送方的信息,对传输消息进行安全性验证。Step 203: When the receiver receives the transmission message sent by the sender using the preset data format, the receiver performs security verification on the transmission message according to the information of the sender.
其中,接收方根据发送方的信息,对传输消息进行安全性验证,可以包括:步骤203a、接收方可以根据发送方的身份信息、签名和被发送数据进行验证计算,得到验证信息。步骤203b、若验证信息为预设信息,则确定传输消息的安全性验证通过,否则确定传输消息的安全性验证不通过。The receiving party performs security verification on the transmission message according to the information of the sender, and may include: Step 203a: The receiving party may perform verification calculation according to the identity information of the sender, the signature, and the transmitted data, to obtain verification information. Step 203b: If the verification information is preset information, it is determined that the security verification of the transmission message passes, otherwise it is determined that the security verification of the transmission message does not pass.
在本发明实施例中,发送方根据预设数据格式确定传输消息,该传输消息包括被发送数据和发送方的信息,之后发送方使用预设数据格式向至少一个接收方发送传输消息,使得接收方在接收到该传输消息时,可以根据发送方的信息对传输消息进行安全性验证,从而保证了发送方发送的传输消息的安全性。In the embodiment of the present invention, the sender determines the transmission message according to the preset data format, where the transmission message includes the transmitted data and the information of the sender, and then the sender sends the transmission message to the at least one receiver by using the preset data format, so that the receiving When receiving the transmission message, the party can perform security verification on the transmission message according to the information of the sender, thereby ensuring the security of the transmission message sent by the sender.
进一步的,在上述步骤201中,由于预设数据格式可以为不同的预设数据格式,且在不同的预设数据格式下,发送方的身份信息也可以包括不同的信息。此外,发送方根据不同的预设数据格式确定的传输消息也会不同,下面分别对不同的预设数据格式下的发送方的身份信息、以及根据不 同的预设数据格式确定的传输消息进行详细阐述。其中,不同的预设数据格式主要可以包括以下三种不同的预设数据格式。Further, in the foregoing step 201, the preset data format may be different preset data formats, and in different preset data formats, the identity information of the sender may also include different information. In addition, the transmission message determined by the sender according to different preset data formats is different, and the following is the identity information of the sender under different preset data formats, and according to The transmission message determined by the same preset data format is elaborated. The different preset data formats may mainly include the following three different preset data formats.
第一种,如图4所示,若预设数据格式为基于身份签名(英文:identity-based signature,简称:IBS)的数据格式,则发送方的身份信息包括发送方的ID。其中,传输消息包括的发送方的ID、被发送数据和签名均为明文。The first type, as shown in FIG. 4, if the preset data format is a data format based on identity-based signature (IBS), the identity information of the sender includes the ID of the sender. The sender's ID, the transmitted data, and the signature included in the transmission message are all plaintext.
需要说明的是,图4所示的预设数据格式中,参数D/C、R和PDCP SN所示的预设数据格式中,参数D/C(英文:data/control,数据/控制)用于指示报文的类型;参数R是保留位,如图4所示,以预设数据格式中包括3个保留位R为例进行说明;参数PDCP SN(其中,PDCP为分组数据汇聚层协议,英文:packet data convergence protocol;SN为序列号,英文:serial number)可用于指示报文的序列号。图中所示的参数D/C、R和PDCP SN与PDCP PDU(PDU为协议数据单元,英文:protocol data unit)中包括的参数D/C、R和PDCP SN一致,具体参见PDCP PDU中的阐述,本发明实施例在此不做详细阐述。图4中的Oct1、Oct2、…、OctN用于表示第1、2、…、N字节,且每一个字节可以包括8个比特(bit)位。It should be noted that, in the preset data format shown in FIG. 4, among the preset data formats indicated by the parameters D/C, R, and PDCP SN, the parameter D/C (English: data/control, data/control) is used. The parameter R is a reserved bit. As shown in FIG. 4, the preset data format includes three reserved bits R as an example. The parameter PDCP SN (where PDCP is a packet data convergence layer protocol, English: packet data convergence protocol; SN is the serial number, English: serial number) can be used to indicate the serial number of the message. The parameters D/C, R, and PDCP SN shown in the figure are the same as the parameters D/C, R, and PDCP SN included in the PDCP PDU (the protocol data unit, English: protocol data unit). For details, refer to the PDCP PDU. It is to be noted that the embodiments of the present invention are not described in detail herein. Oct1, Oct2, ..., OctN in Fig. 4 are used to indicate the first 1, 2, ..., N bytes, and each byte may include 8 bit bits.
另外,图4所示的预设数据格式中,传输消息包括的任一信息的长度可以为一行或者多行,且具有的长度(cont)由信息自身的长度决定。图4中的Oct3至OctN1用于表示发送方的ID所对应的字节,OctN1+1至OctN2用于表示被发送数据所对应的字节,OctN2+1至OctN用于表示签名所对应的字节。In addition, in the preset data format shown in FIG. 4, the length of any information included in the transmission message may be one or more lines, and the length (cont) is determined by the length of the information itself. Oct3 to OctN 1 in FIG. 4 are used to indicate the byte corresponding to the ID of the sender, OctN 1 +1 to OctN 2 are used to indicate the byte corresponding to the transmitted data, and OctN 2 +1 to OctN are used to represent the signature. The corresponding byte.
可选的,如图5所示,若接收方支持使用至少一套用户签名系统,传输消息还包括发送方使用的用户签名系统的公共参数或公共参数索引,图5中以发送方的pp表示发送方使用的用户签名系统的公共参数。图5中的Oct3至OctN1用于表示发送方的ID所对应的字节,OctN1+1至OctN2用于表示发送方的pp或者pp索引所对应的字节,OctN2+1至OctN3用于表示被发送数据所对应的字节,OctN3+1至OctN用于表示签名所对应的字节。Optionally, as shown in FIG. 5, if the receiver supports using at least one set of user signature systems, the transmission message further includes a public parameter or a public parameter index of the user signature system used by the sender, and the pp is represented by the sender in FIG. The public parameter of the user's signature system used by the sender. Oct3 to OctN 1 in FIG. 5 are used to indicate the byte corresponding to the ID of the sender, and OctN 1 +1 to OctN 2 are used to indicate the byte corresponding to the pp or pp index of the sender, OctN 2 +1 to OctN. 3 is used to indicate the byte corresponding to the transmitted data, and OctN 3 +1 to OctN are used to indicate the byte corresponding to the signature.
其中,公共参数索引为公共参数的标识,可用于唯一标识一个 用户签名系统的公共参数,比如,该公共参数索引可以为公共参数的序列号等。当传输消息包括发送方使用的用户签名系统的公共参数索引时,接收方可以根据该公共参数索引确定对应的公共参数。The public parameter index is an identifier of a public parameter, and can be used to uniquely identify one The public parameter of the user signature system, for example, the public parameter index may be a serial number of a common parameter or the like. When the transport message includes a public parameter index of the user signature system used by the sender, the receiver may determine the corresponding public parameter according to the common parameter index.
在第一种预设数据格式下,步骤203a中接收方根据发送方的身份信息、签名和被发送数据进行验证计算,得到验证信息,具体为:接收方根据发送方的ID、签名、以及发送方使用的用户签名系统的公共参数进行验证计算,从而得到验证信息。In the first preset data format, the receiving party performs the verification calculation according to the identity information, the signature, and the transmitted data of the sender in step 203a, and obtains the verification information, specifically: the receiver according to the sender's ID, signature, and transmission. The public parameters of the user signature system used by the party are verified and calculated, thereby obtaining verification information.
需要说明的是,若发送方和接收方同时支持使用一套用户签名系统,传输消息中可以不包括该套用户签名系统的公共参数或公共参数索引,具体的预设数据格式如图4所示,且不包括该公共参数或公共参数索引时,发送方和接收方可以事先进行约定;当传输消息中包括该套用户签名系统的公共参数或公共参数索引时,具体的预设数据格式如图5所示。若接收方支持使用多套用户签名系统,则传输消息中包括发送方使用的用户签名系统的公共参数或公共参数索引,具体的预设数据格式如图5所示。It should be noted that if the sender and the receiver simultaneously support the use of a set of user signature systems, the public parameters or common parameter indexes of the set of user signature systems may not be included in the transmission message, and the specific preset data format is as shown in FIG. When the public parameter or the public parameter index is not included, the sender and the receiver may agree in advance; when the transmission message includes the public parameter or the public parameter index of the user signature system, the specific preset data format is as shown in the figure. 5 is shown. If the receiver supports multiple sets of user signature systems, the transmission message includes the public parameter or the public parameter index of the user signature system used by the sender. The specific preset data format is shown in FIG. 5.
在本发明实施例中,发送方使用基于身份签名IBS的数据格式向至少一个接收方发送传输消息,可以使接收方根据发送方的ID、签名和被发送数据,对传输消息进行安全性验证,保证了传输消息完整性。另外,将发送方使用的用户签名系统的公共参数或公共参数索引一起发送给接收方时,可以节省接收方确定对应的公共参数的时间,提高安全性验证的效率。In the embodiment of the present invention, the sender sends the transmission message to the at least one receiver by using the data format of the identity signature IBS, so that the receiver can perform security verification on the transmission message according to the sender ID, the signature, and the sent data. Guaranteed transmission of message integrity. In addition, when the public parameter or the public parameter index of the user signature system used by the sender is sent to the receiver together, the time for the receiver to determine the corresponding public parameter can be saved, and the efficiency of the security verification is improved.
第二种、如图6所示,若预设数据格式为基于IBS和基于身份加密(英文:identity-based encryption,简称:IBE)的数据格式,则发送方的身份信息包括发送方的ID。其中,发送方的ID为明文或密文、被发送数据和签名均为密文。Second, as shown in FIG. 6, if the preset data format is a data format based on IBS and identity-based encryption (IBE), the identity information of the sender includes the ID of the sender. The sender's ID is plain text or cipher text, and the transmitted data and signature are both ciphertext.
具体的,当发送方的ID为明文、被发送数据和签名均为密文时,预设数据格式如图6(a)所示,图6(a)中的Oct3至OctN1用于表示发送方的ID所对应的字节,OctN1+1至OctN用于表示密文所对应的字节。当发送方的ID、被发送数据和签名均为密文时,预设数据格式如图6(b)所示,图6(b)中的OctN1+1至OctN用于表示密文 所对应的字节。图6中的c表示密文。Specifically, when the sender ID for the plaintext, and a signature of data to be transmitted are encrypted, predetermined data format shown in Figure 6 (a) shown in FIG. 6 (a) of Oct3 to OctN 1 denotes a transmission for The byte corresponding to the ID of the party, OctN 1 +1 to OctN, is used to represent the byte corresponding to the ciphertext. When the sender's ID, the transmitted data, and the signature are both ciphertext, the preset data format is as shown in Figure 6(b), and OctN 1 +1 to OctN in Figure 6(b) are used to indicate the ciphertext. Bytes. c in Fig. 6 represents ciphertext.
可选的,如图7所示,若发送方和接收方均支持使用至少一套用户签名系统和至少一套用户加密系统,传输消息还包括:发送方使用的用户签名系统的公共参数或公共参数索引,和/或发送方加密时所使用的接收方的用户加密系统的公共参数或公共参数索引。如图7所示的预设数据格式中,以传输消息还包括:发送方使用的用户签名系统的公共参数或公共参数索引,和发送方加密时所使用的接收方的用户加密系统的公共参数或公共参数索引为例进行说明。图7中以发送方的pp表示发送方使用的用户签名系统的公共参数,以接收方的pp表示发送方加密时所使用的接收方的用户加密系统的公共参数,且以发送方的ID为明文为例进行说明。图7中的Oct2至OctN1用于表示发送方的pp或者pp索引所对应的字节,OctN1+1至OctN2用于表示接收方的pp或pp索引所对应的字节,OctN2+1至OctN3用于表示发送方的ID所对应的字节,OctN3+1至OctN用于表示密文所对应的字节。Optionally, as shown in FIG. 7, if both the sender and the receiver support using at least one user signature system and at least one user encryption system, the transmission message further includes: a public parameter or a public of the user signature system used by the sender. The parameter index, and/or the public parameter or common parameter index of the recipient's user encryption system used by the sender to encrypt. In the preset data format shown in FIG. 7, the transmission message further includes: a public parameter or a common parameter index of the user signature system used by the sender, and a public parameter of the user encryption system of the receiver used by the sender to encrypt. Or the public parameter index is taken as an example for explanation. In FIG. 7, the public parameter of the user signature system used by the sender is represented by pp of the sender, and the public parameter of the user encryption system of the receiver used by the sender when the sender encrypts is represented by pp of the sender, and the ID of the sender is The plain text is taken as an example for explanation. Oct2 to OctN 1 in FIG. 7 are used to indicate the byte corresponding to the pp or pp index of the sender, and OctN 1 +1 to OctN 2 are used to indicate the byte corresponding to the pp or pp index of the receiver, OctN 2 + 1 to OctN 3 are used to indicate the byte corresponding to the sender's ID, and OctN 3 +1 to OctN are used to indicate the byte corresponding to the ciphertext.
其中,对于传输消息中包括发送方使用的用户签名系统的公共参数或公共参数索引,和/或发送方加密时所使用的用户加密系统的公共参数或公共参数索引的情况,这里以用户签名系统为例进行说明,用户加密系统的情况与用户签名系统类似,具体参见用户签名系统的说明。具体为:若发送方和接收方支持使用一套用户签名系统,则传输消息中可以包括、或者不包括发送方使用的用户签名系统的公共参数或公共参数索引,不包括时可以事先进行约定;若发送方和接收方均支持使用多套用户签名系统,则传输消息中还包括发送方使用的用户签名系统的公共参数或公共参数索引。Wherein, the transmission message includes a public parameter or a public parameter index of the user signature system used by the sender, and/or a public parameter or a public parameter index of the user encryption system used by the sender to encrypt, here the user signature system As an example, the user encryption system is similar to the user signature system. For details, refer to the description of the user signature system. Specifically, if the sender and the receiver support the use of a set of user signature systems, the transport message may include or exclude a public parameter or a public parameter index of the user signature system used by the sender, and may be agreed in advance when not included; If both the sender and the receiver support the use of multiple sets of user signature systems, the transport message also includes the public parameter or public parameter index of the user signature system used by the sender.
进一步的,如图8所示,在第二种预设数据格式下,接收方在步骤203中根据发送方的信息,对传输消息进行安全性验证之前,还可以包括步骤202a。Further, as shown in FIG. 8, in the second preset data format, the receiver may further include step 202a before performing security verification on the transmission message according to the information of the sender in step 203.
步骤202a:若传输消息包括的被发送数据和签名均为密文,接收方根据第一预设私钥对传输消息进行解密,得到被发送数据的明文和签名的明文。若传输消息包括的发送方的ID、被发送数据和签名均为密文,接收方根据第一预设私钥对传输消息进行解密,得到 发送方的ID的明文、被发送数据的明文和签名的明文。Step 202a: If the transmitted data and the signature included in the transmission message are both ciphertext, the receiver decrypts the transmission message according to the first preset private key, and obtains the plaintext of the transmitted data and the plaintext of the signature. If the sender's ID, the transmitted data, and the signature included in the transmission message are all ciphertext, the receiver decrypts the transmission message according to the first preset private key, and obtains The plaintext of the sender's ID, the plaintext of the transmitted data, and the plaintext of the signature.
其中,第一预设私钥是与发送方加密时所使用的用户加密系统的公共参数或公共参数索引对应的接收方的私钥。在预设数据格式如图6所示时,该第一预设私钥可以是事先约定的。在预设数据格式如图7所示时,该第一预设私钥可以是接收方根据传输消息包括的发送方加密时所使用的用户加密系统的公共参数或公共参数索引确定的接收方的私钥。The first preset private key is a private key of the recipient corresponding to a public parameter or a common parameter index of the user encryption system used by the sender when encrypting. When the preset data format is as shown in FIG. 6, the first preset private key may be pre-agreed. When the preset data format is as shown in FIG. 7, the first preset private key may be a receiver determined by the receiver according to a public parameter or a common parameter index of the user encryption system used by the sender when the transmission message is encrypted. Private key.
相应的,步骤203a中接收方根据发送方的身份信息、签名和被发送数据进行验证计算,得到验证信息,具体为:接收方根据发送方的ID、签名、以及发送方使用的用户签名系统的公共参数进行验证计算,从而得到验证信息。Correspondingly, in step 203a, the receiving party performs verification calculation according to the identity information, the signature and the transmitted data of the sender, and obtains verification information, which is specifically: the receiver according to the sender's ID, the signature, and the user signature system used by the sender. The public parameters are verified and calculated to obtain verification information.
在本发明实施例中,发送方向至少一个接收方发送传输消息时,传输消息包括的发送方的ID为明文或密文、被发送数据和签名均为密文,从而接收方在接收到该传输消息时,可以对传输消息进行解密,之后对传输消息进行安全性验证,从而可以保证传输消息完整性和机密性。另外,将发送方加密时所使用的接收方的用户加密系统的公共参数或公共参数索引发送给接收方,可以提高接收方对传输消息进行解密的效率;将发送方使用的用户签名系统的公共参数或公共参数索引发送给接收方,可以节省接收方确定对应的公共参数的时间,提高安全性验证的效率。In the embodiment of the present invention, when at least one receiver sends a transmission message in the sending direction, the sender's ID of the transmission message is plaintext or ciphertext, the transmitted data and the signature are all ciphertext, so that the receiver receives the transmission. In the case of a message, the transmitted message can be decrypted, and then the transmitted message is verified for security, thereby ensuring the integrity and confidentiality of the transmitted message. In addition, the public parameter or the public parameter index of the user encryption system of the receiver used by the sender to be encrypted is transmitted to the receiver, which can improve the efficiency of the receiver to decrypt the transmission message; the public of the user signature system used by the sender The parameter or the public parameter index is sent to the receiver, which can save the time for the receiver to determine the corresponding public parameter, and improve the efficiency of the security verification.
第三种、如图9-图11所示,若预设数据格式为基于数字证书的数据格式,则发送方的身份信息包括发送方的数字证书。其中,传输消息包括的发送方的数字证书、被发送数据和签名均为明文;或者,传输消息包括的发送方的数字证书、被发送数据和签名均为密文;或者,传输消息包括的发送方的数字证书为明文,被发送数据和签名均为密文。Third, as shown in FIG. 9-11, if the preset data format is a digital certificate-based data format, the sender's identity information includes the sender's digital certificate. The digital certificate, the transmitted data, and the signature of the sender included in the transmission message are all plaintext; or the digital certificate, the transmitted data, and the signature of the sender included in the transmission message are all ciphertext; or the transmission of the transmission message includes The party's digital certificate is in plain text, and the transmitted data and signature are both ciphertext.
具体的,当发送方的数字证书、被发送数据和签名均为明文时,预设数据格式如图9所示,图9中的Oct3至OctN1用于表示发送方的数字证书所对应的字节,OctN1+1至OctN2用于表示被发送数据所对应的字节,OctN2+1至OctN用于表示签名所对应的字节。当发送方的数字证书、被发送数据和签名均为密文时,预设数据格式如图10所示,图10中的Oct3至OctN用于表示密文所对应的字节。当发送方 的数字证书为明文,被发送数据和签名均为密文时,预设数据格式如图11所示,图11中的Oct3至OctN1用于表示发送方的数字证书所对应的字节,OctN1+1至OctN用于表示密文所对应的字节。图9-图11中的c表示密文。Specifically, when the sender's digital certificate, and the signature is sent both plaintext data, preset data format shown in Figure 9, in FIG. 9 of Oct3 to OctN 1 is used to represent the word digital certificate corresponding to the sender In the section, OctN 1 +1 to OctN 2 are used to indicate the byte corresponding to the transmitted data, and OctN 2 +1 to OctN are used to indicate the byte corresponding to the signature. When the digital certificate, the transmitted data, and the signature of the sender are both ciphertext, the preset data format is as shown in FIG. 10, and Oct3 to OctN in FIG. 10 are used to represent the byte corresponding to the ciphertext. When the sender's digital certificate is plaintext data to be transmitted and the signature are encrypted, predetermined data format shown in Figure 11, in FIG. 11 of Oct3 to OctN 1 indicates that the word for a digital certificate corresponding to the sender Section, OctN 1 +1 to OctN is used to represent the byte corresponding to the ciphertext. c in Figures 9-11 shows ciphertext.
可选的,如图12所示,若接收方支持使用至少一套数字证书,传输消息还包括发送方加密传输消息时使用的接收方的公钥或公钥索引。其中,公钥索引为公钥的标识,可用于唯一标识一套数字证书的公钥,比如,该公钥索引可以为公钥的序列号,或者在发送方的身份信息不需要加密的情况下该公钥索引也可以为发送方的ID等。图12以发送方的数字证书、被发送数据和签名均为密文为例进行说明。图12中的Oct3至OctN1用于表示接收方的公钥或公钥索引所对应的字节,OctN1+1至OctN用于表示密文所对应的字节。Optionally, as shown in FIG. 12, if the receiver supports using at least one set of digital certificates, the transport message further includes a public key or a public key index of the receiver used by the sender to encrypt and transmit the message. The public key index is an identifier of the public key, and can be used to uniquely identify a public key of a set of digital certificates. For example, the public key index can be a serial number of the public key, or if the identity information of the sender does not need to be encrypted. The public key index may also be the sender's ID or the like. FIG. 12 illustrates an example in which the sender's digital certificate, the transmitted data, and the signature are both ciphertexts. FIG OctN 1 to 12 Oct3 for indicating the recipient's public key or public key corresponding to the byte index, OctN 1 +1 is used to represent OCTN corresponding ciphertext bytes.
进一步的,如图13所示,在第三种预设数据格式下,若传输消息中包括以密文表示的信息,则接收方在步骤203中根据发送方的信息,对传输消息进行安全性验证之前,还可以包括步骤202b。Further, as shown in FIG. 13, in the third preset data format, if the transmission message includes information represented by cipher text, the receiver performs security on the transmission message according to the information of the sender in step 203. Step 202b may also be included prior to verification.
步骤202b:若发送方的数字证书、被发送数据和签名均为密文,接收方根据第二预设私钥对传输消息进行解密,得到发送方的数字证书的明文、被发送数据的明文和签名的明文。若发送方的数字证书为明文,被发送数据和签名均为密文,接收方根据第二预设私钥对传输消息进行解密,得到被发送数据的明文和签名的明文。Step 202b: If the digital certificate, the transmitted data, and the signature of the sender are both ciphertext, the receiver decrypts the transmission message according to the second preset private key, and obtains the plaintext of the sender's digital certificate, the plaintext of the transmitted data, and The plain text of the signature. If the sender's digital certificate is plaintext, the transmitted data and the signature are both ciphertext, and the receiver decrypts the transmission message according to the second preset private key to obtain the plaintext of the transmitted data and the plaintext of the signature.
可选的,若接收方支持使用一套数字证书,则传输消息中可以包括发送方的数字证书,也可以不包括发送方的数字证书。当传输消息中不包括发送方的数字证书时,则预设数据格式可以为上述图9-11或图12所示的预设数据格式中删除发送方的数字证书的部分。Optionally, if the receiver supports using a set of digital certificates, the transmission message may include the sender's digital certificate or may not include the sender's digital certificate. When the digital certificate of the sender is not included in the transmission message, the preset data format may be a part of deleting the digital certificate of the sender in the preset data format shown in FIG. 9-11 or FIG. 12 described above.
其中,第二预设私钥是与发送方加密时所使用的接收方的数字证书对应的私钥。在预设数据格式如图9-11所示时,该第二预设私钥可以是事先约定的。在预设数据格式如图12所示时,该第二预设私钥可以是接收方根据传输消息包括的发送方加密时所使用的用户加密系统的公共参数或公共参数索引确定的接收方的私钥。The second preset private key is a private key corresponding to the digital certificate of the recipient used when the sender encrypts. When the preset data format is as shown in FIG. 9-11, the second preset private key may be pre-agreed. When the preset data format is as shown in FIG. 12, the second preset private key may be the receiver determined by the receiver according to the public parameter or the public parameter index of the user encryption system used by the sender when the transmission message is encrypted. Private key.
相应的,步骤203a中接收方根据发送方的身份信息、签名和被 发送数据进行验证计算,得到验证信息,具体为:接收方根据发送方的数字证书、签名、以及被发送数据进行验证计算,从而得到验证信息。Correspondingly, in step 203a, the receiver is based on the sender's identity information, signature, and The data is sent for verification calculation, and the verification information is obtained. Specifically, the receiver performs verification calculation according to the digital certificate, signature, and transmitted data of the sender, thereby obtaining verification information.
在本发明实施例中,发送方使用基于数字证书的数据格式向至少一个接收方发送传输消息,在传输消息包括的发送方的数字证书、被发送数据和签名均为明文时,可以保证传输消息的完整性;在传输消息包括的发送方的数字证书为明文或密文,被发送数据和签名均为密文时,可以保证传输消息的机密性。In the embodiment of the present invention, the sender sends the transmission message to the at least one receiver by using the digital certificate-based data format, and the transmission message can be guaranteed when the digital certificate, the transmitted data, and the signature of the sender included in the transmission message are both plaintext. Integrity; when the digital certificate of the sender included in the transmission message is plaintext or ciphertext, and the transmitted data and signature are both ciphertext, the confidentiality of the transmitted message can be guaranteed.
进一步的,当预设数据格式为基于IBS的数据格式时,传输消息还包括以下至少一个:发送方的ID的有效期、发送方使用的密钥管理中心标识、传输消息的时间戳。具体的预设数据格式如图14所示,图14中以预设数据格式均包括发送方的ID的有效期、发送方使用的密钥管理中心标识、传输消息的时间戳为例进行说明。图14中Oct3至OctN1用于表示发送方的ID所对应的字节,OctN1+1至OctN2用于表示发送方的ID的有效期所对应的字节,OctN2+1至OctN3用于表示发送方使用的密钥管理中心标识所对应的字节,OctN3+1至OctN4用于表示传输消息的时间戳所对应的字节,OctN4+1至OctN5用于表示传输消息所对应的字节,OctN5+1至OctN用于表示签名所对应的字节。Further, when the preset data format is an IBS-based data format, the transport message further includes at least one of: a validity period of the sender's ID, a key management center identifier used by the sender, and a time stamp of the transmitted message. The specific preset data format is as shown in FIG. 14. In FIG. 14, the preset data format includes an expiration date of the ID of the sender, a key management center identifier used by the sender, and a timestamp of the transmitted message as an example. FIG OctN 1 to 14, Oct3 sender ID is used to indicate the corresponding byte, OctN 1 +1 to OctN 2 for indicating the validity of the sender corresponding to the ID byte, OctN 2 +1 to OctN 3 with In the byte corresponding to the key management center identifier used by the sender, OctN 3 +1 to OctN 4 are used to indicate the byte corresponding to the time stamp of the transmitted message, and OctN 4 +1 to OctN 5 are used to indicate the transmission message. The corresponding byte, OctN 5 +1 to OctN, is used to represent the byte corresponding to the signature.
在本发明实施例中,当传输消息包括发送方的ID的有效期时,可以保证发送方的ID的新鲜性,防止传输消息被跟踪。当传输消息包括发送方使用的密钥管理中心标识时,可以方便接收方快速地确定网络公钥来验证签名。当传输消息包括传输消息的时间戳时,可以使接收方对该传输消息进行重放攻击检查,进一步提高传输消息的安全性In the embodiment of the present invention, when the transmission message includes the validity period of the sender's ID, the freshness of the sender's ID can be ensured, and the transmission message is prevented from being tracked. When the transmission message includes the key management center identifier used by the sender, the receiver can be conveniently determined to quickly determine the network public key to verify the signature. When the transmission message includes the timestamp of the transmission message, the receiver can perform a replay attack check on the transmission message to further improve the security of the transmission message.
当预设数据格式为基于数字证书的数据格式时,传输消息还包括传输消息的时间戳。具体的预设数据格式如图15所示。图15中的Oct3至OctN1用于表示发送方的数字证书所对应的字节,OctN1+1至OctN2用于表示传输消息的时间戳所对应的字节,OctN2+1至OctN3用于表示被发送数据所对应的字节,OctN3+1至OctN用于表示签名所对应的字节。 When the preset data format is a digital certificate based data format, the transport message also includes a time stamp for transmitting the message. The specific preset data format is shown in Figure 15. Oct3 to OctN 1 in FIG. 15 are used to indicate the byte corresponding to the sender's digital certificate, and OctN 1 +1 to OctN 2 are used to indicate the byte corresponding to the time stamp of the transmitted message, OctN 2 +1 to OctN 3 Used to indicate the byte corresponding to the transmitted data, OctN 3 +1 to OctN are used to indicate the byte corresponding to the signature.
在本发明实施例中,当传输消息还包括传输消息的时间戳时,可以使接收方对传输消息的重放攻击进行检查,从而进一步保证传输消息的安全性。In the embodiment of the present invention, when the transmission message further includes a timestamp of the transmission message, the receiver may check the replay attack of the transmission message, thereby further ensuring the security of the transmission message.
本发明实施例还提供一种基于身份加密IBE的数据格式,发送方根据基于IBE的数据格式,确定的传输消息包括被发送数据,且被发送数据为密文。当发送方使用基于IBE的数据格式向接收方发送传输消息后,接收方可以根据自身对应的私钥对传输消息进行解密,得到被发送数据,从而保证传输消息的机密性。进一步的,若接收方同时支持和使用多套IBE系统,则基于IBE的数据格式还可以包括发送方对传输消息进行加密时使用的接收方的IBE系统的公共参数或者公共参数索引,以使接收方根据该公共参数或者公共参数索引快速地确定对应的私钥,进而提高接收方对传输消息进行解密的效率。The embodiment of the present invention further provides a data format based on an identity-encrypted IBE. The sender determines that the transport message includes the transmitted data according to the IBE-based data format, and the transmitted data is a ciphertext. After the sender sends the transmission message to the receiver using the IBE-based data format, the receiver can decrypt the transmission message according to the corresponding private key to obtain the transmitted data, thereby ensuring the confidentiality of the transmitted message. Further, if the receiver supports and uses multiple sets of IBE systems at the same time, the IBE-based data format may further include a public parameter or a common parameter index of the receiver's IBE system used by the sender to encrypt the transmission message, so as to receive The party quickly determines the corresponding private key according to the public parameter or the public parameter index, thereby improving the efficiency of the receiver to decrypt the transmitted message.
上述主要从各个网元之间交互的角度对本发明实施例提供的方案进行了介绍。可以理解的是,各个网元,例如发送方设备和接收方设备等为了实现上述功能,其包含了执行各个功能相应的硬件结构和/或软件模块。本领域技术人员应该很容易意识到,结合本文中所公开的实施例描述的各示例的网元及算法步骤,本发明能够以硬件或硬件和计算机软件的结合形式来实现。某个功能究竟以硬件还是计算机软件驱动硬件的方式来执行,取决于技术方案的特定应用和设计约束条件。专业技术人员可以对每个特定的应用来使用不同方法来实现所描述的功能,但是这种实现不应认为超出本发明的范围。The solution provided by the embodiment of the present invention is mainly introduced from the perspective of interaction between the network elements. It can be understood that each network element, such as a sender device and a receiver device, etc., in order to implement the above functions, includes hardware structures and/or software modules corresponding to each function. Those skilled in the art will readily appreciate that the present invention can be implemented in a combination of hardware or hardware and computer software in conjunction with the network elements and algorithm steps of the various examples described in the embodiments disclosed herein. Whether a function is implemented in hardware or computer software to drive hardware depends on the specific application and design constraints of the solution. A person skilled in the art can use different methods for implementing the described functions for each particular application, but such implementation should not be considered to be beyond the scope of the present invention.
本发明实施例可以根据上述方法示例对发送方设备和接收方设备等进行功能模块的划分,例如,可以对应各个功能划分各个功能模块,也可以将两个或两个以上的功能集成在一个处理模块中。上述集成的模块既可以采用硬件的形式实现,也可以采用软件功能模块的形式实现。需要说明的是,本发明实施例中对模块的划分是示意性的,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式。The embodiment of the present invention may divide the function module by the sender device and the receiver device according to the foregoing method example. For example, each function module may be divided according to each function, or two or more functions may be integrated into one process. In the module. The above integrated modules can be implemented in the form of hardware or in the form of software functional modules. It should be noted that the division of the module in the embodiment of the present invention is schematic, and is only a logical function division, and the actual implementation may have another division manner.
在采用对应各个功能划分各个功能模块的情况下,图16示出了上述实施例中所涉及的发送方设备的一种可能的结构示意图,发送方设备300包括:确定单元301和发送单元302。其中,确定单元301用于执行图3、 图8或图13中的步骤201;发送单元302用于执行图3、图8或图13中的步骤202。上述方法实施例涉及的各步骤的所有相关内容均可以援引到对应功能模块的功能描述,在此不再赘述。FIG. 16 is a schematic diagram showing a possible structure of a sender device involved in the foregoing embodiment. The sender device 300 includes a determining unit 301 and a sending unit 302. The determining unit 301 is configured to execute FIG. 3, Step 201 in FIG. 8 or FIG. 13; the transmitting unit 302 is configured to perform step 202 in FIG. 3, FIG. 8, or FIG. All the related content of the steps involved in the foregoing method embodiments may be referred to the functional description of the corresponding functional modules, and details are not described herein again.
在采用集成的单元的情况下,图17示出了上述实施例中所涉及的发送方设备310的一种可能的逻辑结构示意图。发送方设备310包括:处理模块312和通信模块313。处理模块312用于对发送方设备的动作进行控制管理,例如,处理模块312用于执行图3、图8或图13中的步骤201,和/或用于本文所描述的技术的其他过程。通信模块313用于与基站或接收方设备的通信。发送方设备310还可以包括存储模块311,用于发送方设备的程序代码和数据。In the case of employing an integrated unit, FIG. 17 shows a possible logical structure diagram of the sender device 310 involved in the above embodiment. The sender device 310 includes a processing module 312 and a communication module 313. The processing module 312 is configured to control management of the actions of the sender device, for example, the processing module 312 is configured to perform step 201 of FIG. 3, FIG. 8, or FIG. 13, and/or other processes for the techniques described herein. The communication module 313 is for communication with a base station or a recipient device. The sender device 310 can also include a storage module 311 for transmitting program code and data of the party device.
其中,处理模块312可以是处理器或控制器,例如可以是中央处理器单元,通用处理器,数字信号处理器,专用集成电路,现场可编程门阵列或者其他可编程逻辑器件、晶体管逻辑器件、硬件部件或者其任意组合。其可以实现或执行结合本发明公开内容所描述的各种示例性的逻辑方框,模块和电路。所述处理器也可以是实现计算功能的组合,例如包含一个或多个微处理器组合,数字信号处理器和微处理器的组合等等。通信模块313可以是收发器、收发电路或通信接口等。存储模块311可以是存储器。The processing module 312 can be a processor or a controller, such as a central processing unit, a general purpose processor, a digital signal processor, an application specific integrated circuit, a field programmable gate array or other programmable logic device, a transistor logic device, Hardware components or any combination thereof. It is possible to implement or carry out the various illustrative logical blocks, modules and circuits described in connection with the present disclosure. The processor may also be a combination of computing functions, for example, including one or more microprocessor combinations, combinations of digital signal processors and microprocessors, and the like. The communication module 313 can be a transceiver, a transceiver circuit, a communication interface, or the like. The storage module 311 can be a memory.
当处理模块312为处理器,通信模块313为通信接口,存储模块311为存储器时,本发明实施例所涉及的发送方设备可以为图18所示的设备。When the processing module 312 is a processor, the communication module 313 is a communication interface, and the storage module 311 is a memory, the sender device according to the embodiment of the present invention may be the device shown in FIG. 18.
参阅图18所示,为发送方设备的一种硬件结构举例,该发送方设备320包括:处理器322、通信接口323、存储器321以及总线324。其中,通信接口323、处理器322以及存储器321通过总线324相互连接;总线324可以是外设部件互连标准(英文:peripheral component interconnect,简称:PCI)总线或扩展工业标准结构(英文:extended industry standard architecture,简称:EISA)总线等。所述总线可以分为地址总线、数据总线、控制总线等。为便于表示,图18中仅用一条粗线表示,但并不表示仅有一根总线或一种类型的总线。Referring to FIG. 18, for a hardware configuration example of a sender device, the sender device 320 includes a processor 322, a communication interface 323, a memory 321, and a bus 324. The communication interface 323, the processor 322, and the memory 321 are connected to each other through a bus 324. The bus 324 may be a peripheral component interconnect standard (English: peripheral component interconnect, PCI for short) or an extended industry standard structure (English: extended industry) Standard architecture, referred to as: EISA) bus. The bus can be divided into an address bus, a data bus, a control bus, and the like. For ease of representation, only one thick line is shown in Figure 18, but it does not mean that there is only one bus or one type of bus.
在采用对应各个功能划分各个功能模块的情况下,图19示出了上述实施例中所涉及的接收方设备的一种可能的结构示意图,接收方设备400包括:接收单元401和验证单元402。其中,接收单元401用于执行图3、 图8或图13中接收发送方设备通过步骤202发送的传输消息的步骤;验证单元402用于执行图3、图8或图13中的步骤203。进一步的,接收方设备还包括解密单元403。其中,解密单元403用于执行图8中的步骤202a或图13中的步骤202b。上述方法实施例涉及的各步骤的所有相关内容均可以援引到对应功能模块的功能描述,在此不再赘述。FIG. 19 is a schematic diagram showing a possible structure of the receiver device involved in the foregoing embodiment. The receiver device 400 includes a receiving unit 401 and a verification unit 402. The receiving unit 401 is configured to execute FIG. 3, The step of receiving the transmission message transmitted by the sender device through step 202 in FIG. 8 or FIG. 13; the verification unit 402 is configured to perform step 203 in FIG. 3, FIG. 8, or FIG. Further, the recipient device further includes a decryption unit 403. The decryption unit 403 is configured to perform step 202a in FIG. 8 or step 202b in FIG. All the related content of the steps involved in the foregoing method embodiments may be referred to the functional description of the corresponding functional modules, and details are not described herein again.
在采用集成的单元的情况下,图20示出了上述实施例中所涉及的接收方设备410的一种可能的逻辑结构示意图。接收方设备410包括:处理模块412和通信模块413。处理模块412用于对接收方设备的动作进行控制管理,例如,处理模块412用于执行图3、图8或图13中的步骤203,以及图8中的步骤202a或图13中的步骤202b,和/或用于本文所描述的技术的其他过程。通信模块413用于与基站或发送方设备的通信。接收方设备410还可以包括存储模块411,用于存储接收方设备的程序代码和数据。In the case of employing an integrated unit, FIG. 20 shows a possible logical structure diagram of the receiver device 410 involved in the above embodiment. The recipient device 410 includes a processing module 412 and a communication module 413. The processing module 412 is configured to perform control management on the action of the receiver device. For example, the processing module 412 is configured to perform step 203 in FIG. 3, FIG. 8, or FIG. 13, and step 202a in FIG. 8 or step 202b in FIG. And/or other processes for the techniques described herein. The communication module 413 is used for communication with a base station or a sender device. The recipient device 410 can also include a storage module 411 for storing program codes and data of the recipient device.
其中,处理模块412可以是处理器或控制器,例如可以是中央处理器单元,通用处理器,数字信号处理器,专用集成电路,现场可编程门阵列或者其他可编程逻辑器件、晶体管逻辑器件、硬件部件或者其任意组合。其可以实现或执行结合本发明公开内容所描述的各种示例性的逻辑方框,模块和电路。所述处理器也可以是实现计算功能的组合,例如包含一个或多个微处理器组合,数字信号处理器和微处理器的组合等等。通信模块413可以是收发器、收发电路或通信接口等。存储模块411可以是存储器。The processing module 412 can be a processor or a controller, such as a central processing unit, a general purpose processor, a digital signal processor, an application specific integrated circuit, a field programmable gate array or other programmable logic device, a transistor logic device, Hardware components or any combination thereof. It is possible to implement or carry out the various illustrative logical blocks, modules and circuits described in connection with the present disclosure. The processor may also be a combination of computing functions, for example, including one or more microprocessor combinations, combinations of digital signal processors and microprocessors, and the like. The communication module 413 can be a transceiver, a transceiver circuit, a communication interface, or the like. The storage module 411 can be a memory.
当处理模块412为处理器,通信模块413为通信接口,存储模块411为存储器时,本发明实施例所涉及的接收方设备可以为图21所示的设备。When the processing module 412 is a processor, the communication module 413 is a communication interface, and the storage module 411 is a memory, the receiving device according to the embodiment of the present invention may be the device shown in FIG.
参阅图21所示,为接收方设备的一种硬件结构举例,该接收方设备420包括:处理器422、通信接口423、存储器421以及总线424。其中,通信接口423、处理器422以及存储器421通过总线424相互连接;总线424可以是PCI总线或EISA总线等。所述总线可以分为地址总线、数据总线、控制总线等。为便于表示,图21中仅用一条粗线表示,但并不表示仅有一根总线或一种类型的总线。Referring to FIG. 21, for a hardware configuration example of a receiver device, the receiver device 420 includes a processor 422, a communication interface 423, a memory 421, and a bus 424. The communication interface 423, the processor 422, and the memory 421 are connected to each other through a bus 424. The bus 424 may be a PCI bus or an EISA bus. The bus can be divided into an address bus, a data bus, a control bus, and the like. For ease of representation, only one thick line is shown in FIG. 21, but it does not mean that there is only one bus or one type of bus.
在本发明的另一实施例中,还提供一种计算机可读存储介质,计算机可读存储介质中存储有计算机执行指令,当设备的至少一个处理器执行该计算机执行指令时,设备执行上述图3、图8或图13所示的信息传输方 法中发送方的步骤或者接收方的步骤。In another embodiment of the present invention, a computer readable storage medium is stored, where computer execution instructions are stored, and when at least one processor of the device executes the computer to execute an instruction, the device executes the above figure. 3. The information transmission side shown in Figure 8 or Figure 13 The step of the sender or the step of the receiver.
在本发明的另一实施例中,还提供一种计算机程序产品,该计算机程序产品包括计算机执行指令,该计算机执行指令存储在计算机可读存储介质中;设备的至少一个处理器可以从计算机可读存储介质读取该计算机执行指令,至少一个处理器执行该计算机执行指令使得设备实施上述图3、图8或图13所示的信息传输方法中发送方的步骤或者接收方的步骤。In another embodiment of the present invention, a computer program product is provided, the computer program product comprising computer executable instructions stored in a computer readable storage medium; at least one processor of the device may be Reading the storage medium reads the computer execution instructions, and the at least one processor executing the computer execution instructions causes the apparatus to perform the steps of the sender or the receiving side in the information transmission method shown in FIG. 3, FIG. 8, or FIG.
在本发明的另一实施例中,还提供一种通信系统,该通信系统包括发送方设备和接收方设备。发送方设备为图16-图18任一所示的发送方设备,和/或接收方设备为图19-图21任一所示的接收方设备。其中,发送方设备用于执行上述图3、图8或图13所示的信息传输方法中发送方的步骤;接收方设备用于执行上述图3、图8或图13所示的信息传输方法中接收方的步骤。In another embodiment of the present invention, there is also provided a communication system including a sender device and a receiver device. The sender device is the sender device shown in any of Figures 16-18, and/or the receiver device is the receiver device shown in any of Figures 19-21. The sender device is configured to perform the steps of the sender in the information transmission method shown in FIG. 3, FIG. 8 or FIG. 13; the receiver device is configured to execute the information transmission method shown in FIG. 3, FIG. 8 or FIG. The steps in the receiver.
在本发明实施例提供的通信系统中,发送方设备根据预设数据格式确定传输消息,该传输消息包括被发送数据和发送方的信息,之后发送方设备使用预设数据格式向至少一个接收方设备发送传输消息,使得接收方设备在接收到该传输消息时,可以根据发送方的信息对传输消息进行安全性验证,从而保证了发送方设备发送传输消息的安全性。In the communication system provided by the embodiment of the present invention, the sender device determines a transmission message according to a preset data format, where the transmission message includes the transmitted data and the information of the sender, and then the sender device uses the preset data format to the at least one receiver. The device sends a transmission message, so that when receiving the transmission message, the receiver device can perform security verification on the transmission message according to the information of the sender, thereby ensuring the security of the sender device to send the transmission message.
最后应说明的是:以上实施例仅用以说明本发明的技术方案,而非对其限制;尽管参照前述实施例对本发明进行了详细的说明,本领域的普通技术人员应当理解:其依然可以对前述各实施例所记载的技术方案进行修改,或者对其中部分技术特征进行等同替换;而这些修改或者替换,并不使相应技术方案的本质脱离本发明各实施例技术方案的精神和范围。 It should be noted that the above embodiments are only used to illustrate the technical solutions of the present invention, and are not limited thereto; although the present invention has been described in detail with reference to the foregoing embodiments, those skilled in the art should understand that The technical solutions described in the foregoing embodiments are modified, or the equivalents of the technical features are replaced. The modifications and substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the present invention.

Claims (30)

  1. 一种信息传输方法,其特征在于,所述方法包括:An information transmission method, characterized in that the method comprises:
    发送方根据预设数据格式确定传输消息;其中,所述传输消息包括被发送数据和所述发送方的信息;所述发送方的信息是用于使接收方对所述传输消息进行安全性验证的信息;The sender determines the transmission message according to the preset data format, where the transmission message includes the transmitted data and the information of the sender; the information of the sender is used for the receiver to perform security verification on the transmission message. Information;
    所述发送方使用所述预设数据格式,向至少一个所述接收方发送所述传输消息。The sender sends the transmission message to at least one of the recipients using the preset data format.
  2. 根据权利要求1所述的方法,其特征在于,所述发送方的信息包括所述发送方的身份信息和签名;其中,所述签名是所述发送方对所述传输消息中包括的除所述签名之外的其他信息的签名。The method according to claim 1, wherein the information of the sender includes identity information and a signature of the sender; wherein the signature is a division included in the transmission message by the sender The signature of other information than the signature.
  3. 根据权利要求2所述的方法,其特征在于,若所述预设数据格式为基于身份签名的数据格式,则所述发送方的身份信息包括所述发送方的身份标识号码ID;其中,所述发送方的ID、所述被发送数据和所述签名均为明文。The method according to claim 2, wherein if the preset data format is an identity signature based data format, the identity information of the sender includes an identity identification number ID of the sender; The ID of the sender, the transmitted data, and the signature are all plaintext.
  4. 根据权利要求2所述的方法,其特征在于,若所述预设数据格式为基于身份签名和基于身份加密的数据格式,则所述发送方的身份信息包括所述发送方的身份标识号码ID;其中,所述发送方的ID为明文或密文、所述被发送数据和所述签名均为密文。The method according to claim 2, wherein if the preset data format is an identity-based signature and an identity-based encryption-based data format, the sender's identity information includes the sender's identity identification number ID. Wherein the sender's ID is plaintext or ciphertext, the transmitted data, and the signature are both ciphertext.
  5. 根据权利要求2所述的方法,其特征在于,若所述预设数据格式为基于数字证书的数据格式,则所述发送方的身份信息包括所述发送方的数字证书。The method according to claim 2, wherein if the preset data format is a digital certificate-based data format, the sender's identity information includes the sender's digital certificate.
  6. 根据权利要求5所述的方法,其特征在于,The method of claim 5 wherein:
    所述发送方的数字证书、所述被发送数据和所述签名均为明文;The sender's digital certificate, the transmitted data, and the signature are all plaintext;
    或者,所述发送方的数字证书、所述被发送数据和所述签名均为密文;Or the digital certificate of the sender, the sent data, and the signature are all ciphertext;
    或者,所述发送方的数字证书为明文,所述被发送数据和所述签名均为密文。Alternatively, the sender's digital certificate is plaintext, and the transmitted data and the signature are both ciphertext.
  7. 根据权利要求3或4所述的方法,其特征在于,所述传输消息还包括以下至少一个:所述发送方的ID的有效期、所述发送方使用的密钥管理中心标识、所述传输消息的时间戳。 The method according to claim 3 or 4, wherein the transmission message further comprises at least one of: an expiration date of the sender's ID, a key management center identifier used by the sender, the transmission message Timestamp.
  8. 根据权利要求5或6所述的方法,其特征在于,所述传输消息还包括所述传输消息的时间戳。The method according to claim 5 or 6, wherein the transmission message further comprises a time stamp of the transmission message.
  9. 一种信息传输方法,其特征在于,所述方法包括:An information transmission method, characterized in that the method comprises:
    接收方接收发送方使用预设数据格式发送的传输消息;其中,所述传输消息包括被发送数据和所述发送方的信息;Receiving, by the receiving party, a transmission message sent by the sender using a preset data format, where the transmission message includes the transmitted data and the information of the sender;
    所述接收方根据所述发送方的信息,对所述传输消息进行安全性验证。The receiving party performs security verification on the transmission message according to the information of the sender.
  10. 根据权利要求9所述的方法,其特征在于,所述发送方的信息包括所述发送方的身份信息和签名;其中,所述签名是所述发送方对所述传输消息中包括的除所述签名之外的其他信息的签名;The method according to claim 9, wherein the information of the sender includes identity information and a signature of the sender; wherein the signature is a division included in the transmission message by the sender The signature of other information than the signature;
    所述接收方根据所述发送方的信息,对所述传输消息进行安全性验证,包括:The receiving party performs security verification on the transmission message according to the information of the sender, including:
    所述接收方根据所述发送方的身份信息、所述签名和所述被发送数据进行验证计算,得到验证信息;The receiving party performs verification calculation according to the identity information of the sender, the signature, and the transmitted data, to obtain verification information;
    若所述验证信息为预设信息,则确定所述传输消息的安全性验证通过,否则确定所述传输消息的安全性验证不通过。If the verification information is preset information, it is determined that the security verification of the transmission message passes, otherwise it is determined that the security verification of the transmission message does not pass.
  11. 根据权利要求10所述的方法,其特征在于,若所述预设数据格式为基于身份签名的数据格式,则所述发送方的身份信息包括所述发送方的身份标识号码ID;其中,所述发送方的ID、所述被发送数据和所述签名均为明文。The method according to claim 10, wherein if the preset data format is an identity signature based data format, the identity information of the sender includes an identity identification number ID of the sender; The ID of the sender, the transmitted data, and the signature are all plaintext.
  12. 根据权利要求10所述的方法,其特征在于,若所述预设数据格式为基于身份签名和基于身份加密的数据格式,则所述发送方的身份信息包括所述发送方的身份标识号码ID;其中,所述发送方的ID为明文或密文、所述被发送数据和所述签名均为密文;The method according to claim 10, wherein if the preset data format is an identity-based signature and an identity-based encryption-based data format, the sender's identity information includes the sender's identity identification number ID. Wherein the sender's ID is plaintext or ciphertext, the transmitted data, and the signature are both ciphertext;
    所述接收方根据所述发送方的信息,对所述被发送数据进行安全性验证之前,所述方法还包括:Before the receiving party performs security verification on the sent data according to the information of the sender, the method further includes:
    若所述传输消息包括的所述被发送数据和所述签名均为密文,所述接收方根据第一预设私钥对所述传输消息进行解密,得到所述被发送数据的明文和所述签名的明文;And if the transmitted data and the signature included in the transmission message are both ciphertext, the receiver decrypts the transmission message according to the first preset private key, to obtain a plaintext and a text of the sent data. The plain text of the signature;
    若所述传输消息包括的所述发送方的ID、所述被发送数据和所 述签名均为密文,所述接收方根据所述第一预设私钥对所述传输消息进行解密,得到所述发送方的ID的明文、所述被发送数据的明文和所述签名的明文。If the transmission message includes the ID of the sender, the transmitted data, and the The signature is a ciphertext, and the receiver decrypts the transmission message according to the first preset private key, and obtains the plaintext of the sender's ID, the plaintext of the sent data, and the signature. Clear text.
  13. 根据权利要求10所述的方法,其特征在于,若所述预设数据格式为基于数字证书的数据格式,则所述发送方的身份信息包括所述发送方的数字证书。The method according to claim 10, wherein if the preset data format is a digital certificate-based data format, the sender's identity information includes the sender's digital certificate.
  14. 根据权利要求13所述的方法,其特征在于,The method of claim 13 wherein:
    所述发送方的数字证书、所述被发送数据和所述签名均为明文;The sender's digital certificate, the transmitted data, and the signature are all plaintext;
    或者,所述发送方的数字证书、所述被发送数据和所述签名均为密文;所述接收方根据所述发送方的信息,对所述被发送数据进行安全性验证之前,所述方法还包括:所述接收方根据第二预设私钥对所述传输消息进行解密,得到所述发送方的数字证书的明文、所述被发送数据的明文和所述签名的明文;Or the digital certificate of the sender, the transmitted data, and the signature are all ciphertext; before the receiving party performs security verification on the transmitted data according to the information of the sender, The method further includes: the receiving party decrypting the transmission message according to the second preset private key, obtaining a plaintext of the sender's digital certificate, a plaintext of the transmitted data, and a plaintext of the signature;
    或者,所述发送方的数字证书为明文,所述被发送数据和所述签名均为密文;所述接收方根据所述发送方的信息,对所述被发送数据进行安全性验证之前,所述方法还包括:所述接收方根据所述第二预设私钥对所述传输消息进行解密,得到所述被发送数据的明文和所述签名的明文。Or the digital certificate of the sender is a plaintext, and the transmitted data and the signature are both ciphertext; before the receiver performs security verification on the sent data according to the information of the sender, The method further includes: the receiving party decrypting the transmission message according to the second preset private key, to obtain a plaintext of the transmitted data and a plaintext of the signature.
  15. 根据权利要求11或12所述的方法,其特征在于,所述传输消息还包括以下至少一个:所述发送方的ID的有效期、所述发送方使用的密钥管理中心标识、所述传输消息的时间戳。The method according to claim 11 or 12, wherein the transmission message further comprises at least one of: an expiration date of the sender's ID, a key management center identifier used by the sender, the transmission message Timestamp.
  16. 根据权利要求13或14所述的方法,其特征在于,所述传输消息还包括所述传输消息的时间戳。The method according to claim 13 or 14, wherein the transmission message further comprises a time stamp of the transmission message.
  17. 一种发送方设备,其特征在于,所述发送方设备包括:A sender device, wherein the sender device includes:
    确定单元,用于根据预设数据格式确定传输消息;其中,所述传输消息包括被发送数据和发送方的信息;所述发送方的信息是用于使接收方对所述传输消息进行安全性验证的信息;a determining unit, configured to determine, according to a preset data format, the transmission message, where the transmission message includes the transmitted data and the information of the sender; the information of the sender is used to enable the receiver to perform security on the transmission message Verified information;
    发送单元,用于使用所述预设数据格式,向至少一个所述接收方发送所述传输消息。And a sending unit, configured to send the transmission message to at least one of the receivers by using the preset data format.
  18. 根据权利要求17所述的发送方设备,其特征在于,所述发送 方的信息包括所述发送方的身份信息和签名;其中,所述签名是所述发送方对所述传输消息中包括的除所述签名之外的其他信息的签名。The sender device according to claim 17, wherein said transmitting The party information includes the identity information and the signature of the sender; wherein the signature is a signature of the sender to other information than the signature included in the transmission message.
  19. 根据权利要求18所述的发送方设备,其特征在于,若所述预设数据格式为基于身份签名的数据格式,则所述发送方的身份信息包括所述发送方的身份标识号码ID;其中,所述发送方的ID、所述被发送数据和所述签名均为明文。The sender device according to claim 18, wherein if the preset data format is an identity signature based data format, the sender identity information includes the sender identity number ID; The ID of the sender, the transmitted data, and the signature are all plaintext.
  20. 根据权利要求18所述的发送方设备,其特征在于,若所述预设数据格式为基于身份签名和基于身份加密的数据格式,则所述发送方的身份信息包括所述发送方的身份标识号码ID;其中,所述发送方的ID为明文或密文、所述被发送数据和所述签名均为密文。The sender device according to claim 18, wherein if the preset data format is an identity-based signature and an identity-based encryption-based data format, the identity information of the sender includes the identity of the sender a number ID; wherein the sender's ID is plaintext or ciphertext, the transmitted data, and the signature are both ciphertext.
  21. 根据权利要求18所述的发送方设备,其特征在于,若所述预设数据格式为基于数字证书的数据格式,则所述发送方的身份信息包括所述发送方的数字证书。The sender device according to claim 18, wherein if the preset data format is a digital certificate-based data format, the sender's identity information includes the sender's digital certificate.
  22. 根据权利要求21所述的发送方设备,其特征在于,The sender device according to claim 21, wherein
    所述发送方的数字证书、所述被发送数据和所述签名均为明文;The sender's digital certificate, the transmitted data, and the signature are all plaintext;
    或者,所述发送方的数字证书、所述被发送数据和所述签名均为密文;Or the digital certificate of the sender, the sent data, and the signature are all ciphertext;
    或者,所述发送方的数字证书为明文,所述被发送数据和所述签名均为密文。Alternatively, the sender's digital certificate is plaintext, and the transmitted data and the signature are both ciphertext.
  23. 根据权利要求19或20所述的发送方设备,其特征在于,所述传输消息还包括以下至少一个:所述发送方的ID的有效期、所述发送方使用的密钥管理中心标识、所述传输消息的时间戳。The sender device according to claim 19 or 20, wherein the transmission message further comprises at least one of: an expiration date of the sender's ID, a key management center identifier used by the sender, the The timestamp of the transmitted message.
  24. 根据权利要求21或22所述的发送方设备,其特征在于,所述传输消息还包括所述传输消息的时间戳。The sender device according to claim 21 or 22, wherein the transmission message further comprises a time stamp of the transmission message.
  25. 一种接收方设备,其特征在于,所述接收方设备包括:A receiver device, wherein the receiver device comprises:
    接收单元,用于接收发送方使用预设数据格式发送的传输消息;其中,所述传输消息包括被发送数据和所述发送方的信息;a receiving unit, configured to receive a transmission message sent by the sender using a preset data format, where the transmission message includes the transmitted data and the information of the sender;
    验证单元,用于根据所述发送方的信息,对所述传输消息进行安全性验证。And a verification unit, configured to perform security verification on the transmission message according to the information of the sender.
  26. 根据权利要求25所述的接收方设备,其特征在于,所述发 送方的信息包括所述发送方的身份信息和签名;其中,所述签名是所述发送方对所述传输消息中包括的除所述签名之外的其他信息的签名;The receiver device of claim 25, wherein said transmitting The information of the sender includes the identity information and the signature of the sender; wherein the signature is a signature of the sender to other information except the signature included in the transmission message;
    所述验证单元,具体用于:The verification unit is specifically configured to:
    根据所述发送方的身份信息、所述签名和所述传输消息进行验证计算,得到验证信息;Performing verification calculation according to the identity information of the sender, the signature, and the transmission message, to obtain verification information;
    若所述验证信息为预设信息,则确定所述传输消息的安全性验证通过,否则确定所述传输消息的安全性验证不通过。If the verification information is preset information, it is determined that the security verification of the transmission message passes, otherwise it is determined that the security verification of the transmission message does not pass.
  27. 根据权利要求26所述的接收方设备,其特征在于,若所述预设数据格式为基于身份签名的数据格式,则所述发送方的身份信息包括所述发送方的身份标识号码ID;其中,所述发送方的ID、所述被发送数据和所述签名均为明文。The receiver device according to claim 26, wherein if the preset data format is an identity signature based data format, the sender identity information includes the sender identity number ID; The ID of the sender, the transmitted data, and the signature are all plaintext.
  28. 根据权利要求26所述的接收方设备,其特征在于,若所述预设数据格式为基于身份签名和基于身份加密的数据格式,则所述发送方的身份信息包括所述发送方的身份标识号码ID;其中,所述发送方的ID为明文或密文、所述被发送数据和所述签名均为密文;The receiver device according to claim 26, wherein if the preset data format is an identity-based signature and an identity-based encryption-based data format, the identity information of the sender includes the identity of the sender a number ID; wherein the sender's ID is plaintext or ciphertext, the transmitted data, and the signature are both ciphertext;
    所述接收方设备还包括:The receiver device further includes:
    解密单元,用于若所述传输消息包括的所述被发送数据和所述签名均为密文,根据第一预设私钥对所述传输消息进行解密,得到所述被发送数据的明文和所述签名的明文;若所述传输消息包括的所述发送方的ID、所述被发送数据和所述签名均为密文,根据所述第一预设私钥对所述传输消息进行解密,得到所述发送方的ID的明文、所述被发送数据的明文和所述签名的明文。a decryption unit, configured to: if the transmitted data and the signature included in the transmission message are both ciphertext, decrypt the transmission message according to the first preset private key, to obtain a plaintext of the sent data The plaintext of the signature; if the ID of the sender, the transmitted data, and the signature are all ciphertext, the transport message is decrypted according to the first preset private key Obtaining a plaintext of the sender's ID, a plaintext of the transmitted data, and a plaintext of the signature.
  29. 根据权利要求26所述的接收方设备,其特征在于,若所述预设数据格式为基于数字证书的数据格式,则所述发送方的身份信息包括所述发送方的数字证书。The receiver device according to claim 26, wherein if the preset data format is a digital certificate-based data format, the sender's identity information includes the sender's digital certificate.
  30. 根据权利要求29所述的接收方设备,其特征在于,A receiver device according to claim 29, wherein
    所述发送方的数字证书、所述被发送数据和所述签名均为明文;The sender's digital certificate, the transmitted data, and the signature are all plaintext;
    或者,所述发送方的数字证书、所述被发送数据和所述签名均为密文;所述验证单元根据所述发送方的信息,对所述传输消息进行安 全性验证之前,所述解密单元还用于:根据第二预设私钥对所述传输消息进行解密,得到所述发送方的数字证书的明文、所述被发送数据的明文和所述签名的明文;Or the digital certificate of the sender, the sent data, and the signature are all ciphertext; the verification unit performs the transmission message according to the information of the sender. The decryption unit is further configured to: decrypt the transmission message according to the second preset private key, obtain the plaintext of the sender's digital certificate, the plaintext of the transmitted data, and the signature. Clear text
    或者,所述发送方的数字证书为明文,所述被发送数据和所述签名均为密文;所述验证单元根据所述发送方的信息,对所述传输消息进行安全性验证之前,所述解密单元还用于:根据所述第二预设私钥对所述传输消息进行解密,得到所述被发送数据的明文和所述签名的明文。 Or the digital certificate of the sender is a plaintext, and the transmitted data and the signature are both ciphertext; and the verification unit performs security verification on the transmission message according to the information of the sender. The decryption unit is further configured to: decrypt the transmission message according to the second preset private key, to obtain a plaintext of the transmitted data and a plaintext of the signature.
PCT/CN2016/103592 2016-10-27 2016-10-27 Information transmition method and device WO2018076242A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/CN2016/103592 WO2018076242A1 (en) 2016-10-27 2016-10-27 Information transmition method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2016/103592 WO2018076242A1 (en) 2016-10-27 2016-10-27 Information transmition method and device

Publications (1)

Publication Number Publication Date
WO2018076242A1 true WO2018076242A1 (en) 2018-05-03

Family

ID=62024251

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2016/103592 WO2018076242A1 (en) 2016-10-27 2016-10-27 Information transmition method and device

Country Status (1)

Country Link
WO (1) WO2018076242A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112261002A (en) * 2020-09-25 2021-01-22 山东浪潮通软信息科技有限公司 Data interface docking method and device
CN114143012A (en) * 2021-11-26 2022-03-04 北京声智科技有限公司 Message queue management method, device, equipment and computer readable storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040181689A1 (en) * 2003-03-11 2004-09-16 Satoshi Kiyoto Peer-to-peer communication apparatus and communication method
CN101355564A (en) * 2008-09-19 2009-01-28 广东南方信息安全产业基地有限公司 Method for implementing credible LAN and internet
CN104753865A (en) * 2013-12-27 2015-07-01 全联斯泰克科技有限公司 Internet communication method and device based on VoIP protocol and CPK protocol
CN105430640A (en) * 2015-12-09 2016-03-23 青岛海信移动通信技术股份有限公司 Short message encryption and authentication method, terminal and system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040181689A1 (en) * 2003-03-11 2004-09-16 Satoshi Kiyoto Peer-to-peer communication apparatus and communication method
CN101355564A (en) * 2008-09-19 2009-01-28 广东南方信息安全产业基地有限公司 Method for implementing credible LAN and internet
CN104753865A (en) * 2013-12-27 2015-07-01 全联斯泰克科技有限公司 Internet communication method and device based on VoIP protocol and CPK protocol
CN105430640A (en) * 2015-12-09 2016-03-23 青岛海信移动通信技术股份有限公司 Short message encryption and authentication method, terminal and system

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112261002A (en) * 2020-09-25 2021-01-22 山东浪潮通软信息科技有限公司 Data interface docking method and device
CN112261002B (en) * 2020-09-25 2022-11-22 浪潮通用软件有限公司 Data interface docking method and device
CN114143012A (en) * 2021-11-26 2022-03-04 北京声智科技有限公司 Message queue management method, device, equipment and computer readable storage medium

Similar Documents

Publication Publication Date Title
CN107231627B (en) Bluetooth network and network distribution method
CA2956590C (en) Apparatus and method for sharing a hardware security module interface in a collaborative network
CN101340443B (en) Session key negotiating method, system and server in communication network
CN107659406B (en) Resource operation method and device
US20170180330A1 (en) Method and electronic device for vehicle remote control and a non-transitory computer readable storage medium
KR20170057576A (en) Method and apparatus for providing security service for vehicle dedicated data channel in linking between vehicle head unit and external device
WO2022140903A1 (en) Ota update method and apparatus
WO2017133021A1 (en) Security processing method and relevant device
CN112449323B (en) Communication method, device and system
JP2021503839A (en) Security protection methods and equipment
CN110366175B (en) Security negotiation method, terminal equipment and network equipment
WO2022188027A1 (en) Secure communication method and device
WO2021120924A1 (en) Method and device for certificate application
JP2008060809A (en) Vehicle-to-vehicle communication method, vehicle-to-vehicle communication system and on-vehicle communication equipment
US9325670B2 (en) Communication information transmitting process and system
CN111355575A (en) Communication encryption method, electronic device and readable storage medium
CN111788836B (en) Data transmission method and BLE equipment
CN112602290B (en) Identity authentication method and device and readable storage medium
CN111050321A (en) Data processing method, device and storage medium
US20050086481A1 (en) Naming of 802.11 group keys to allow support of multiple broadcast and multicast domains
WO2018076798A1 (en) Method and apparatus for transmitting data
WO2018076242A1 (en) Information transmition method and device
WO2016032752A1 (en) Method and apparatus enabling interoperability between devices operating at different security levels and trust chains
WO2018076190A1 (en) Communication method, terminal, core network user plane device and access network device
Braga et al. Implementation issues in the construction of an application framework for secure SMS messages on android smartphones

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16920120

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 16920120

Country of ref document: EP

Kind code of ref document: A1