WO2018076242A1 - Procédé et dispositif de tranmission d'informations - Google Patents

Procédé et dispositif de tranmission d'informations Download PDF

Info

Publication number
WO2018076242A1
WO2018076242A1 PCT/CN2016/103592 CN2016103592W WO2018076242A1 WO 2018076242 A1 WO2018076242 A1 WO 2018076242A1 CN 2016103592 W CN2016103592 W CN 2016103592W WO 2018076242 A1 WO2018076242 A1 WO 2018076242A1
Authority
WO
WIPO (PCT)
Prior art keywords
sender
signature
transmission message
information
plaintext
Prior art date
Application number
PCT/CN2016/103592
Other languages
English (en)
Chinese (zh)
Inventor
熊晓春
黄正安
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Priority to PCT/CN2016/103592 priority Critical patent/WO2018076242A1/fr
Publication of WO2018076242A1 publication Critical patent/WO2018076242A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • H04W12/033Protecting confidentiality, e.g. by encryption of the user plane, e.g. user's traffic

Definitions

  • V2X vehicle-to-X
  • V2V vehicle-to-vehicle
  • V2I vehicle-to- Infrastructure
  • V2P vehicle-to-pedestrian
  • V2X communication can achieve road safety, improve traffic efficiency, and provide users with rich streaming services.
  • V2X communication service broadcast-related services occupy the vast majority, for example, forward collision warnings between vehicles and vehicles.
  • the security requirements of V2X communication require that the recipient of the broadcast message be able to verify the legitimacy of the source.
  • the third generation partnership project (English: 3rd generation partnership project, 3GPP for short) proposes two methods to protect the security of V2X broadcast messages: one is based on identity-based signature (IBS). The other is a method based on digital certificates. However, no specific solution has been given for how to use these two methods to secure the broadcast messages sent.
  • the embodiment of the invention provides an information transmission method and device, which solves the problem that the broadcast message cannot be securely protected in the prior art.
  • the sender's information includes the sender's identity information and a signature; wherein the signature is a signature of the sender to the information other than the signature included in the transmission message.
  • the identity information of the sender includes an identifier ID of the sender, where the sender ID, the transmitted data, and the signature are both For the plain text.
  • the sender sends the transmission message through the identity signature-based data format, so that the receiver can perform integrity verification and sender identity authentication on the transmission message according to the information of the sender, thereby ensuring security of the transmission to be transmitted. Sex.
  • the transmission message further includes a public parameter or a public parameter index of the user signature system used by the sender, so that when the transmission message includes a public parameter of the user signature system used by the sender or When the public parameter index is used, the time for the receiver to determine the corresponding public parameter can be saved, and the efficiency of the security verification is improved.
  • the sender's identity information includes the sender's identity identification number ID, where the sender's ID is plaintext or The ciphertext, the transmitted data, and the signature are all ciphertext.
  • the sender sends the transmission message by using the identity signature and the identity-based encryption data format, so that the receiver can decrypt the transmission message according to the private key of the receiver, and obtain the information of the plaintext, based on the sender.
  • the information is used to securely verify the transmitted message, thereby ensuring the integrity and confidentiality of the transmitted message.
  • the transport message further includes: a public parameter or a public parameter index of the user signature system used by the sender, and/or a transmission The public parameter or public parameter index of the recipient's user encryption system used by the party to encrypt.
  • the public parameter or the public parameter index of the user encryption system of the receiver used by the sender to be encrypted is sent to the receiver, which can improve the efficiency of the receiver to decrypt the transmission message; of The public parameter or the public parameter index of the user signature system is sent to the receiver, which can save the time for the receiver to determine the corresponding public parameter, and improve the efficiency of the security verification.
  • the sender's identity information includes the sender's digital certificate.
  • the transmission message may include the sender's digital certificate or may not include the sender's digital certificate.
  • the sender sends the transmission message through the digital certificate-based data format, so that the receiver can perform security verification and identity authentication on the transmission message according to the sender's digital certificate, thereby ensuring the transmission sent by the sender. The security of the message.
  • the transmission message further includes a public key or a public key index of the receiver used by the sender to encrypt the transmission message, so that the receiver can receive the transmission message according to the The public key or public key index quickly determines the decrypted private key and improves the efficiency of decrypting the transmitted message.
  • the sender's digital certificate, the transmitted data, and the signature are plaintext; or the sender's digital certificate, the transmitted data, and the signature are all ciphertext; or, the sender's digital certificate is In plain text, the transmitted data and signature are both ciphertext.
  • the receiver may perform integrity verification and identity authentication on the transmitted message; when the sender's digital certificate is plaintext or ciphertext
  • the receiver can decrypt the received message, and then perform integrity verification and identity authentication on the transmitted message, thereby ensuring the integrity and confidentiality of the transmitted message. The security of the transmitted message is guaranteed.
  • the transmission message further includes at least one of: a validity period of the sender's ID, a key management center identifier used by the sender, and a time stamp of the transmission message.
  • the transmission message further includes a timestamp of transmitting the message.
  • the replay attack check is performed according to the timestamp of the transmission message to ensure the security of the transmission message.
  • an information transmission method comprising: receiving a receiving The transmission message sent by the sender using the preset data format; wherein the transmission message includes the transmitted data and the information of the sender; the receiver performs security verification on the transmission message according to the information of the sender.
  • the sender's information includes the sender's identity information and a signature; wherein the signature is a signature of the sender to the information other than the signature included in the transmission message; the receiver is based on the sender's
  • the information is used to perform security verification on the transmitted message, including: the receiving party performs verification calculation according to the identity information, signature and transmitted data of the sender, and obtains verification information; if the verification information is preset information, determines security verification of the transmitted message. Pass, otherwise it is determined that the security verification of the transmitted message does not pass.
  • the identity information of the sender includes an identifier ID of the sender, where the sender ID, the transmitted data, and the signature are both For the plain text.
  • the transport message further includes a public parameter or a public parameter index of the user signature system used by the sender.
  • the sender's identity information includes the sender's identity identification number ID, where the sender's ID is plaintext or The ciphertext, the transmitted data, and the signature are all ciphertexts; before the recipient performs security verification on the transmitted data according to the information of the sender, the method further includes: if the transmitted message includes the transmitted data and the signature are all ciphertexts The receiving party decrypts the transmission message according to the first preset private key, and obtains the plaintext of the transmitted data and the plaintext of the signature; if the sender's ID, the transmitted data, and the signature included in the transmission message are all ciphertext, the receiver is based on the The first preset private key decrypts the transmission message, and obtains the plaintext of the sender's ID, the plaintext of the transmitted data, and the plaintext of the signature.
  • the transport message further includes: a public parameter or a public parameter index of the user signature system used by the sender, and/or a transmission The public parameter or public parameter index of the recipient's user encryption system used by the party to encrypt.
  • the sender's identity information includes the sender's digital certificate.
  • the sender's digits may be included in the transmitted message.
  • the certificate may or may not include the sender's digital certificate.
  • the transport message further includes a public key or a public key index of the receiver used by the sender to encrypt the transmitted message.
  • the sender's digital certificate, the transmitted data, and the signature are plaintext; or the sender's digital certificate, the transmitted data, and the signature are all ciphertext; and the receiver is based on the sender's information.
  • the method further includes: the receiver decrypts the transmission message according to the second preset private key, and obtains the plaintext of the sender's digital certificate, the plaintext of the transmitted data, and the plaintext of the signature; or The sender's digital certificate is plaintext, and the transmitted data and the signature are both ciphertext; before the recipient performs security verification on the transmitted data according to the sender's information, the method further includes: the receiver according to the second preset private The key decrypts the transmitted message to obtain the plaintext of the transmitted data and the plaintext of the signature.
  • the transmission message further includes at least one of: a validity period of the sender's ID, a key management center identifier used by the sender, and a time stamp of the transmission message.
  • the transmission message further includes a timestamp of transmitting the message.
  • a sender device configured to send, by using a preset data format, a transmission message to the at least one receiving party.
  • the sender's information includes the sender's identity information and a signature; wherein the signature is a signature of the sender to the information other than the signature included in the transmission message.
  • the identity information of the sender includes an identifier ID of the sender, where the sender ID, the transmitted data, and the signature are both For the plain text.
  • the transport message further includes a public parameter or a public parameter index of the user signature system used by the sender.
  • the identity information of the sender includes the identity number of the sender, where the sender's ID is plaintext or ciphertext, and the transmitted data and signature are ciphertext.
  • the transport message further includes: a public parameter or a public parameter index of the user signature system used by the sender, and/or a transmission The public parameter or public parameter index of the recipient's user encryption system used by the party to encrypt.
  • the sender's identity information includes the sender's digital certificate.
  • the sender's digital certificate, the transmitted data, and the signature are plaintext; or the sender's digital certificate, the transmitted data, and the signature are all ciphertext; or, the sender's digital certificate is In plain text, the transmitted data and signature are both ciphertext.
  • the transmission message may include the sender's digital certificate or may not include the sender's digital certificate.
  • the transport message further includes a public key or a public key index of the receiver used by the sender to encrypt the transmitted message.
  • the transmission message further includes at least one of: a validity period of the sender's ID, a key management center identifier used by the sender, and a time stamp of the transmission message.
  • the transmission message further includes a timestamp of transmitting the message.
  • the fourth aspect provides a receiving device, where the receiving device includes: a receiving unit, configured to receive a transmission message sent by the sender using a preset data format, where the transmission message includes the transmitted data and the sender information; the verification unit Used to perform security verification on the transmitted message according to the sender's information.
  • the information of the sender includes the identity information and the signature of the sender, where the signature is a signature of the sender to the information other than the signature included in the transmission message, and the verification unit is specifically configured to:
  • the verification information is obtained according to the identity information, the signature and the transmission message of the sender, and the verification information is obtained. If the verification information is the preset information, it is determined that the security verification of the transmission message passes, otherwise the security verification of the transmission message is determined to fail.
  • the sender's identity information includes the sender's identity number ID; wherein the sender's ID, the transmitted data, and the signature are plaintext.
  • the transport message further includes a public parameter or a public parameter index of the user signature system used by the sender.
  • the sending device further includes: a decrypting unit, configured to: if the transmitted data and the signature included in the transmission message are all ciphertext, perform the transmission message according to the first preset private key Decrypting, obtaining the plaintext of the transmitted data and the plaintext of the signature; if the sender's ID, the transmitted data, and the signature included in the transmission message are all ciphertext, the transmission message is decrypted according to the first preset private key, and the sender is obtained.
  • a decrypting unit configured to: if the transmitted data and the signature included in the transmission message are all ciphertext, perform the transmission message according to the first preset private key Decrypting, obtaining the plaintext of the transmitted data and the plaintext of the signature; if the sender's ID, the transmitted data, and the signature included in the transmission message are all ciphertext, the transmission message is decrypted according to the first preset private key, and the sender is obtained.
  • the transport message further includes: a public parameter or a public parameter index of the user signature system used by the sender, and/or a transmission The public parameter or public parameter index of the recipient's user encryption system used by the party to encrypt.
  • the sender's identity information includes the sender's digital certificate.
  • the transmission message may include the sender's digital certificate or may not include the sender's digital certificate.
  • the transport message further includes a public key or a public key index of the receiver used by the sender to encrypt the transmitted message.
  • the sender's digital certificate, the transmitted data, and the signature are plaintext; or the sender's digital certificate, the transmitted data, and the signature are all ciphertext; and the verification unit is based on the sender's information.
  • the decryption unit is further configured to: decrypt the transmission message according to the second preset private key, obtain the plaintext of the sender's digital certificate, the plaintext of the transmitted data, and the plaintext of the signature; or, send The digital certificate of the party is in plain text, and the transmitted data and the signature are both ciphertext; before the security verification of the transmission message by the verification unit according to the information of the sender, the decryption unit is further configured to: transmit the message according to the second preset private key pair Decrypt and get the data to be sent Plain text and signed plain text.
  • the transmission message further includes at least one of: a validity period of the sender's ID, a key management center identifier used by the sender, and a time stamp of the transmission message.
  • the transmission message further includes a timestamp of transmitting the message.
  • a sender device in a fifth aspect, includes a memory, a processor, a bus, and a communication interface.
  • the memory stores code and data
  • the processor and the memory are connected by a bus
  • the processor runs the code in the memory to enable the sender.
  • the apparatus performs the information transmission method provided by any one of the above first aspect or any one of the possible implementations of the first aspect.
  • a receiver device in a sixth aspect, includes a memory, a processor, a bus, and a communication interface.
  • the memory stores code and data
  • the processor and the memory are connected by a bus
  • the processor runs the code in the memory to enable the sender.
  • the apparatus performs the information transmission method provided by any one of the above second aspect or any one of the possible implementations of the second aspect.
  • a communication system comprising a sender device and a receiver device, wherein the sender device is the third aspect, or any possible implementation manner of the third aspect, or the fifth aspect
  • the provided sender device, and/or the receiver device is the fourth aspect, or any possible implementation of the fourth aspect, or the receiver device provided by the sixth aspect.
  • a computer readable storage medium where computer executed instructions are stored, and when the at least one processor of the device executes the computer to execute an instruction, the device performs the first aspect or the first aspect.
  • the information transmission method provided by any one of the possible implementation manners, or the information transmission method provided by the foregoing second aspect or any possible implementation manner of the second aspect.
  • a computer program product comprising computer executable instructions stored in a computer readable storage medium; at least one processor of the device can read the computer from a computer readable storage medium Executing an instruction, the at least one processor executing the computer to execute the instruction, causing the device to implement the information transmission method provided by the first aspect or any one of the possible implementation manners of the first aspect, or performing the second aspect Or the information transmission method provided by any of the possible implementations of the second aspect.
  • FIG. 1 is a schematic structural diagram of a communication system according to an embodiment of the present invention.
  • FIG. 2 is a schematic structural diagram of a terminal device according to an embodiment of the present invention.
  • FIG. 3 is a schematic flowchart diagram of an information transmission method according to an embodiment of the present disclosure.
  • FIG. 4 is a schematic diagram of a first preset data format according to an embodiment of the present invention.
  • FIG. 5 is a schematic diagram of a second preset data format according to an embodiment of the present disclosure.
  • FIG. 6 is a schematic diagram of a third preset data format according to an embodiment of the present invention.
  • FIG. 7 is a schematic diagram of a fourth preset data format according to an embodiment of the present disclosure.
  • FIG. 8 is a schematic flowchart diagram of another information transmission method according to an embodiment of the present disclosure.
  • FIG. 9 is a schematic diagram of a fifth preset data format according to an embodiment of the present disclosure.
  • FIG. 10 is a schematic diagram of a sixth preset data format according to an embodiment of the present disclosure.
  • FIG. 11 is a schematic diagram of a seventh preset data format according to an embodiment of the present invention.
  • FIG. 12 is a schematic diagram of an eighth preset data format according to an embodiment of the present disclosure.
  • FIG. 13 is a schematic flowchart diagram of still another information transmission method according to an embodiment of the present invention.
  • FIG. 14 is a schematic diagram of a ninth preset data format according to an embodiment of the present disclosure.
  • FIG. 15 is a schematic diagram of a tenth preset data format according to an embodiment of the present invention.
  • FIG. 16 is a schematic structural diagram of a sender device according to an embodiment of the present disclosure.
  • FIG. 17 is a schematic structural diagram of another sender device according to an embodiment of the present disclosure.
  • FIG. 18 is a schematic structural diagram of still another sender device according to an embodiment of the present disclosure.
  • FIG. 19 is a schematic structural diagram of a receiver device according to an embodiment of the present disclosure.
  • FIG. 20 is a schematic structural diagram of another receiver device according to an embodiment of the present disclosure.
  • FIG. 21 is a schematic structural diagram of still another receiver device according to an embodiment of the present invention.
  • FIG. 1 is a schematic structural diagram of a communication system according to an embodiment of the present invention.
  • the communication system includes a base station 101 and a terminal device 102.
  • the base station 101 can communicate with the terminal device 102, and the terminal device 102 can be a vehicle, a user's handheld device, a smart wearable device, or the like.
  • a plurality of terminal devices 102 can also communicate with each other, and can perform direct communication through a device-to-device (D2D) mode, or through a device to a base station, and then to a device. The way to communicate indirectly.
  • D2D device-to-device
  • one terminal device may transmit information to other plurality of terminal devices 102 by means of broadcast, or may transmit information to one of the terminal devices 102 via a link.
  • FIG. 2 is a schematic structural diagram of a terminal device according to an embodiment of the present invention.
  • the terminal device includes a bus, a processor, a memory, an input/output interface, and a communication interface.
  • a bus is a circuit that connects the elements described and implements transmission between these elements.
  • the processor receives commands from other elements over the bus, decrypts the received commands, and performs calculations or data processing based on the decrypted commands.
  • the processor is a control center of the terminal device, and connects various parts of the entire terminal device by using various interfaces and lines, performs various functions by running or executing a software program module stored in the memory, and calling data stored in the memory.
  • the data is processed to perform overall monitoring of the terminal device.
  • the processor may include one or more processors; preferably, the processor may integrate an application processor and a modem processor, where the application processor mainly processes an operating system, a user interface, an application, etc., and modulates
  • the demodulation processor primarily handles wireless communications.
  • the memory may include program modules such as a kernel, a middleware, an application program interface (API), and an application.
  • the program module may be composed of software, firmware or hardware, or at least two of them.
  • the memory may mainly include a storage program area and an storage data area, wherein the storage program area may store an operating system, an application required for at least one function, and the like; the storage data area may store data created according to usage of the terminal device, and the like.
  • the memory may include a high speed random access memory, and may also include non-volatile memory. Storage, etc.
  • the input and output interfaces provide an interface between the processor and the peripheral interface module to forward commands or data entered by the user through the peripheral interface module.
  • the above peripheral interface module may be a sensor, a keyboard, a click wheel, a button, or the like. These buttons may include, but are not limited to, a home button, a volume button, a start button, and a lock button.
  • the communication interface connects the terminal device with other terminal devices and base stations.
  • the communication interface may be a radio frequency circuit including, but not limited to, an antenna, at least one amplifier, a transceiver, a coupler, a low noise amplifier, a duplexer, and the like.
  • the communication interface can be connected to other external terminal devices or base stations by wirelessly connecting to the network, so that communication between the terminal device and other terminal devices and the base station can be realized through the network.
  • the communication interface receives broadcast signals or broadcast associated information from an external broadcast management system via a broadcast channel.
  • the communication interface further includes a WiFi module, a Bluetooth module, an infrared module, etc. to facilitate short range communication.
  • the terminal device may further include a display device, a sensor module, an audio module, and the like, and details are not described herein again.
  • FIG. 3 is a schematic flowchart of an information transmission method according to an embodiment of the present invention. Referring to FIG. 3, the method includes the following steps.
  • Step 201 The sender determines the transmission message according to the preset data format.
  • the transmission message includes the transmitted data and the information of the sender, and the information of the sender is information for causing the receiver to perform security verification on the transmission message.
  • the sender may be the terminal device 102 in the communication system shown in FIG. 1 above, and may be a vehicle.
  • the receiving party may also be the terminal device 102 in the communication system shown in FIG. 1 above, and may be a vehicle, or a handheld device such as a user's mobile phone, tablet computer, smart watch, or smart wearable device.
  • the transmitted data may include one or more of the following information: sender speed information, location information, and alarm information, and the like.
  • the sender's information may include the sender's identity information and signature.
  • the sender's identity information may include different information.
  • the sender's identity information may include the sender's identity number (English: identity, referred to as: ID), or the sender's digital certificate, etc.
  • ID the sender's identity number
  • a signature is a signature of a sender other than the signature included in the transmission message.
  • Step 202 The sender sends a transmission message to at least one receiver by using a preset data format.
  • the sender can send the transmission message to the at least one recipient through the preset data format, so that each of the at least one receiver can receive the transmission message.
  • the sender when the sender is the terminal device shown in FIG. 1 , the sender may directly send the transmission message to the at least one receiver by using the broadcast mode, or may forward the transmission message to the base station, and the base station directly transmits the message to the base station. At least one recipient sends the transmission message.
  • Step 203 When the receiver receives the transmission message sent by the sender using the preset data format, the receiver performs security verification on the transmission message according to the information of the sender.
  • the receiving party performs security verification on the transmission message according to the information of the sender, and may include: Step 203a: The receiving party may perform verification calculation according to the identity information of the sender, the signature, and the transmitted data, to obtain verification information. Step 203b: If the verification information is preset information, it is determined that the security verification of the transmission message passes, otherwise it is determined that the security verification of the transmission message does not pass.
  • the sender determines the transmission message according to the preset data format, where the transmission message includes the transmitted data and the information of the sender, and then the sender sends the transmission message to the at least one receiver by using the preset data format, so that the receiving When receiving the transmission message, the party can perform security verification on the transmission message according to the information of the sender, thereby ensuring the security of the transmission message sent by the sender.
  • the preset data format may be different preset data formats, and in different preset data formats, the identity information of the sender may also include different information.
  • the transmission message determined by the sender according to different preset data formats is different, and the following is the identity information of the sender under different preset data formats, and according to The transmission message determined by the same preset data format is elaborated.
  • the different preset data formats may mainly include the following three different preset data formats.
  • the first type as shown in FIG. 4, if the preset data format is a data format based on identity-based signature (IBS), the identity information of the sender includes the ID of the sender.
  • the sender's ID, the transmitted data, and the signature included in the transmission message are all plaintext.
  • the parameter D/C (English: data/control, data/control) is used.
  • the parameter R is a reserved bit.
  • the preset data format includes three reserved bits R as an example.
  • the parameter PDCP SN (where PDCP is a packet data convergence layer protocol, English: packet data convergence protocol; SN is the serial number, English: serial number) can be used to indicate the serial number of the message.
  • the parameters D/C, R, and PDCP SN shown in the figure are the same as the parameters D/C, R, and PDCP SN included in the PDCP PDU (the protocol data unit, English: protocol data unit). For details, refer to the PDCP PDU. It is to be noted that the embodiments of the present invention are not described in detail herein. Oct1, Oct2, ..., OctN in Fig. 4 are used to indicate the first 1, 2, ..., N bytes, and each byte may include 8 bit bits.
  • the length of any information included in the transmission message may be one or more lines, and the length (cont) is determined by the length of the information itself.
  • Oct3 to OctN 1 in FIG. 4 are used to indicate the byte corresponding to the ID of the sender
  • OctN 1 +1 to OctN 2 are used to indicate the byte corresponding to the transmitted data
  • OctN 2 +1 to OctN are used to represent the signature. The corresponding byte.
  • the transmission message further includes a public parameter or a public parameter index of the user signature system used by the sender, and the pp is represented by the sender in FIG.
  • the public parameter of the user's signature system used by the sender Oct3 to OctN 1 in FIG. 5 are used to indicate the byte corresponding to the ID of the sender, and OctN 1 +1 to OctN 2 are used to indicate the byte corresponding to the pp or pp index of the sender, OctN 2 +1 to OctN. 3 is used to indicate the byte corresponding to the transmitted data, and OctN 3 +1 to OctN are used to indicate the byte corresponding to the signature.
  • the public parameter index is an identifier of a public parameter, and can be used to uniquely identify one
  • the public parameter of the user signature system for example, the public parameter index may be a serial number of a common parameter or the like.
  • the receiver may determine the corresponding public parameter according to the common parameter index.
  • the receiving party performs the verification calculation according to the identity information, the signature, and the transmitted data of the sender in step 203a, and obtains the verification information, specifically: the receiver according to the sender's ID, signature, and transmission.
  • the public parameters of the user signature system used by the party are verified and calculated, thereby obtaining verification information.
  • the public parameters or common parameter indexes of the set of user signature systems may not be included in the transmission message, and the specific preset data format is as shown in FIG.
  • the sender and the receiver may agree in advance; when the transmission message includes the public parameter or the public parameter index of the user signature system, the specific preset data format is as shown in the figure. 5 is shown. If the receiver supports multiple sets of user signature systems, the transmission message includes the public parameter or the public parameter index of the user signature system used by the sender.
  • the specific preset data format is shown in FIG. 5.
  • the sender sends the transmission message to the at least one receiver by using the data format of the identity signature IBS, so that the receiver can perform security verification on the transmission message according to the sender ID, the signature, and the sent data. Guaranteed transmission of message integrity.
  • the public parameter or the public parameter index of the user signature system used by the sender is sent to the receiver together, the time for the receiver to determine the corresponding public parameter can be saved, and the efficiency of the security verification is improved.
  • the identity information of the sender includes the ID of the sender.
  • the sender's ID is plain text or cipher text, and the transmitted data and signature are both ciphertext.
  • the transmission message further includes: a public parameter or a public of the user signature system used by the sender.
  • the transmission message further includes: a public parameter or a common parameter index of the user signature system used by the sender, and a public parameter of the user encryption system of the receiver used by the sender to encrypt.
  • the public parameter index is taken as an example for explanation.
  • the public parameter of the user signature system used by the sender is represented by pp of the sender
  • the public parameter of the user encryption system of the receiver used by the sender when the sender encrypts is represented by pp of the sender
  • the ID of the sender is The plain text is taken as an example for explanation.
  • Oct2 to OctN 1 in FIG. 7 are used to indicate the byte corresponding to the pp or pp index of the sender
  • OctN 1 +1 to OctN 2 are used to indicate the byte corresponding to the pp or pp index of the receiver
  • OctN 2 + 1 to OctN 3 are used to indicate the byte corresponding to the sender's ID
  • OctN 3 +1 to OctN are used to indicate the byte corresponding to the ciphertext.
  • the transmission message includes a public parameter or a public parameter index of the user signature system used by the sender, and/or a public parameter or a public parameter index of the user encryption system used by the sender to encrypt, here the user signature system
  • the user encryption system is similar to the user signature system. For details, refer to the description of the user signature system.
  • the transport message may include or exclude a public parameter or a public parameter index of the user signature system used by the sender, and may be agreed in advance when not included; If both the sender and the receiver support the use of multiple sets of user signature systems, the transport message also includes the public parameter or public parameter index of the user signature system used by the sender.
  • the receiver may further include step 202a before performing security verification on the transmission message according to the information of the sender in step 203.
  • Step 202a If the transmitted data and the signature included in the transmission message are both ciphertext, the receiver decrypts the transmission message according to the first preset private key, and obtains the plaintext of the transmitted data and the plaintext of the signature. If the sender's ID, the transmitted data, and the signature included in the transmission message are all ciphertext, the receiver decrypts the transmission message according to the first preset private key, and obtains The plaintext of the sender's ID, the plaintext of the transmitted data, and the plaintext of the signature.
  • the first preset private key is a private key of the recipient corresponding to a public parameter or a common parameter index of the user encryption system used by the sender when encrypting.
  • the first preset private key may be pre-agreed.
  • the first preset private key may be a receiver determined by the receiver according to a public parameter or a common parameter index of the user encryption system used by the sender when the transmission message is encrypted. Private key.
  • step 203a the receiving party performs verification calculation according to the identity information, the signature and the transmitted data of the sender, and obtains verification information, which is specifically: the receiver according to the sender's ID, the signature, and the user signature system used by the sender.
  • the public parameters are verified and calculated to obtain verification information.
  • the sender's ID of the transmission message is plaintext or ciphertext
  • the transmitted data and the signature are all ciphertext, so that the receiver receives the transmission.
  • the transmitted message can be decrypted, and then the transmitted message is verified for security, thereby ensuring the integrity and confidentiality of the transmitted message.
  • the public parameter or the public parameter index of the user encryption system of the receiver used by the sender to be encrypted is transmitted to the receiver, which can improve the efficiency of the receiver to decrypt the transmission message; the public of the user signature system used by the sender
  • the parameter or the public parameter index is sent to the receiver, which can save the time for the receiver to determine the corresponding public parameter, and improve the efficiency of the security verification.
  • the sender's identity information includes the sender's digital certificate.
  • the digital certificate, the transmitted data, and the signature of the sender included in the transmission message are all plaintext; or the digital certificate, the transmitted data, and the signature of the sender included in the transmission message are all ciphertext; or the transmission of the transmission message includes
  • the party's digital certificate is in plain text, and the transmitted data and signature are both ciphertext.
  • the transport message further includes a public key or a public key index of the receiver used by the sender to encrypt and transmit the message.
  • the public key index is an identifier of the public key, and can be used to uniquely identify a public key of a set of digital certificates.
  • the public key index can be a serial number of the public key, or if the identity information of the sender does not need to be encrypted.
  • the public key index may also be the sender's ID or the like.
  • FIG. 12 illustrates an example in which the sender's digital certificate, the transmitted data, and the signature are both ciphertexts.
  • FIG OctN 1 to 12 Oct3 for indicating the recipient's public key or public key corresponding to the byte index
  • OctN 1 +1 is used to represent OCTN corresponding ciphertext bytes.
  • the receiver performs security on the transmission message according to the information of the sender in step 203.
  • Step 202b may also be included prior to verification.
  • Step 202b If the digital certificate, the transmitted data, and the signature of the sender are both ciphertext, the receiver decrypts the transmission message according to the second preset private key, and obtains the plaintext of the sender's digital certificate, the plaintext of the transmitted data, and The plain text of the signature. If the sender's digital certificate is plaintext, the transmitted data and the signature are both ciphertext, and the receiver decrypts the transmission message according to the second preset private key to obtain the plaintext of the transmitted data and the plaintext of the signature.
  • the transmission message may include the sender's digital certificate or may not include the sender's digital certificate.
  • the preset data format may be a part of deleting the digital certificate of the sender in the preset data format shown in FIG. 9-11 or FIG. 12 described above.
  • the second preset private key is a private key corresponding to the digital certificate of the recipient used when the sender encrypts.
  • the second preset private key may be pre-agreed.
  • the second preset private key may be the receiver determined by the receiver according to the public parameter or the public parameter index of the user encryption system used by the sender when the transmission message is encrypted. Private key.
  • the receiver is based on the sender's identity information, signature, and The data is sent for verification calculation, and the verification information is obtained. Specifically, the receiver performs verification calculation according to the digital certificate, signature, and transmitted data of the sender, thereby obtaining verification information.
  • the sender sends the transmission message to the at least one receiver by using the digital certificate-based data format, and the transmission message can be guaranteed when the digital certificate, the transmitted data, and the signature of the sender included in the transmission message are both plaintext. Integrity; when the digital certificate of the sender included in the transmission message is plaintext or ciphertext, and the transmitted data and signature are both ciphertext, the confidentiality of the transmitted message can be guaranteed.
  • the transport message further includes at least one of: a validity period of the sender's ID, a key management center identifier used by the sender, and a time stamp of the transmitted message.
  • the specific preset data format is as shown in FIG. 14.
  • the preset data format includes an expiration date of the ID of the sender, a key management center identifier used by the sender, and a timestamp of the transmitted message as an example.
  • Oct3 sender ID is used to indicate the corresponding byte, OctN 1 +1 to OctN 2 for indicating the validity of the sender corresponding to the ID byte, OctN 2 +1 to OctN 3 with
  • OctN 3 +1 to OctN 4 are used to indicate the byte corresponding to the time stamp of the transmitted message
  • OctN 4 +1 to OctN 5 are used to indicate the transmission message.
  • the corresponding byte, OctN 5 +1 to OctN is used to represent the byte corresponding to the signature.
  • the transmission message when the transmission message includes the validity period of the sender's ID, the freshness of the sender's ID can be ensured, and the transmission message is prevented from being tracked.
  • the transmission message includes the key management center identifier used by the sender, the receiver can be conveniently determined to quickly determine the network public key to verify the signature.
  • the receiver can perform a replay attack check on the transmission message to further improve the security of the transmission message.
  • the transport message also includes a time stamp for transmitting the message.
  • the specific preset data format is shown in Figure 15. Oct3 to OctN 1 in FIG. 15 are used to indicate the byte corresponding to the sender's digital certificate, and OctN 1 +1 to OctN 2 are used to indicate the byte corresponding to the time stamp of the transmitted message, OctN 2 +1 to OctN 3 Used to indicate the byte corresponding to the transmitted data, OctN 3 +1 to OctN are used to indicate the byte corresponding to the signature.
  • the receiver may check the replay attack of the transmission message, thereby further ensuring the security of the transmission message.
  • the embodiment of the present invention further provides a data format based on an identity-encrypted IBE.
  • the sender determines that the transport message includes the transmitted data according to the IBE-based data format, and the transmitted data is a ciphertext.
  • the receiver can decrypt the transmission message according to the corresponding private key to obtain the transmitted data, thereby ensuring the confidentiality of the transmitted message.
  • the IBE-based data format may further include a public parameter or a common parameter index of the receiver's IBE system used by the sender to encrypt the transmission message, so as to receive The party quickly determines the corresponding private key according to the public parameter or the public parameter index, thereby improving the efficiency of the receiver to decrypt the transmitted message.
  • each network element such as a sender device and a receiver device, etc.
  • each network element includes hardware structures and/or software modules corresponding to each function.
  • the present invention can be implemented in a combination of hardware or hardware and computer software in conjunction with the network elements and algorithm steps of the various examples described in the embodiments disclosed herein. Whether a function is implemented in hardware or computer software to drive hardware depends on the specific application and design constraints of the solution. A person skilled in the art can use different methods for implementing the described functions for each particular application, but such implementation should not be considered to be beyond the scope of the present invention.
  • the embodiment of the present invention may divide the function module by the sender device and the receiver device according to the foregoing method example.
  • each function module may be divided according to each function, or two or more functions may be integrated into one process.
  • the above integrated modules can be implemented in the form of hardware or in the form of software functional modules. It should be noted that the division of the module in the embodiment of the present invention is schematic, and is only a logical function division, and the actual implementation may have another division manner.
  • FIG. 16 is a schematic diagram showing a possible structure of a sender device involved in the foregoing embodiment.
  • the sender device 300 includes a determining unit 301 and a sending unit 302.
  • the determining unit 301 is configured to execute FIG. 3, Step 201 in FIG. 8 or FIG. 13;
  • the transmitting unit 302 is configured to perform step 202 in FIG. 3, FIG. 8, or FIG. All the related content of the steps involved in the foregoing method embodiments may be referred to the functional description of the corresponding functional modules, and details are not described herein again.
  • FIG. 17 shows a possible logical structure diagram of the sender device 310 involved in the above embodiment.
  • the sender device 310 includes a processing module 312 and a communication module 313.
  • the processing module 312 is configured to control management of the actions of the sender device, for example, the processing module 312 is configured to perform step 201 of FIG. 3, FIG. 8, or FIG. 13, and/or other processes for the techniques described herein.
  • the communication module 313 is for communication with a base station or a recipient device.
  • the sender device 310 can also include a storage module 311 for transmitting program code and data of the party device.
  • the processing module 312 can be a processor or a controller, such as a central processing unit, a general purpose processor, a digital signal processor, an application specific integrated circuit, a field programmable gate array or other programmable logic device, a transistor logic device, Hardware components or any combination thereof. It is possible to implement or carry out the various illustrative logical blocks, modules and circuits described in connection with the present disclosure.
  • the processor may also be a combination of computing functions, for example, including one or more microprocessor combinations, combinations of digital signal processors and microprocessors, and the like.
  • the communication module 313 can be a transceiver, a transceiver circuit, a communication interface, or the like.
  • the storage module 311 can be a memory.
  • the sender device may be the device shown in FIG. 18.
  • the sender device 320 includes a processor 322, a communication interface 323, a memory 321, and a bus 324.
  • the communication interface 323, the processor 322, and the memory 321 are connected to each other through a bus 324.
  • the bus 324 may be a peripheral component interconnect standard (English: peripheral component interconnect, PCI for short) or an extended industry standard structure (English: extended industry) Standard architecture, referred to as: EISA) bus.
  • the bus can be divided into an address bus, a data bus, a control bus, and the like. For ease of representation, only one thick line is shown in Figure 18, but it does not mean that there is only one bus or one type of bus.
  • FIG. 19 is a schematic diagram showing a possible structure of the receiver device involved in the foregoing embodiment.
  • the receiver device 400 includes a receiving unit 401 and a verification unit 402.
  • the receiving unit 401 is configured to execute FIG. 3, The step of receiving the transmission message transmitted by the sender device through step 202 in FIG. 8 or FIG. 13; the verification unit 402 is configured to perform step 203 in FIG. 3, FIG. 8, or FIG.
  • the recipient device further includes a decryption unit 403.
  • the decryption unit 403 is configured to perform step 202a in FIG. 8 or step 202b in FIG. All the related content of the steps involved in the foregoing method embodiments may be referred to the functional description of the corresponding functional modules, and details are not described herein again.
  • FIG. 20 shows a possible logical structure diagram of the receiver device 410 involved in the above embodiment.
  • the recipient device 410 includes a processing module 412 and a communication module 413.
  • the processing module 412 is configured to perform control management on the action of the receiver device.
  • the processing module 412 is configured to perform step 203 in FIG. 3, FIG. 8, or FIG. 13, and step 202a in FIG. 8 or step 202b in FIG. And/or other processes for the techniques described herein.
  • the communication module 413 is used for communication with a base station or a sender device.
  • the recipient device 410 can also include a storage module 411 for storing program codes and data of the recipient device.
  • the processing module 412 can be a processor or a controller, such as a central processing unit, a general purpose processor, a digital signal processor, an application specific integrated circuit, a field programmable gate array or other programmable logic device, a transistor logic device, Hardware components or any combination thereof. It is possible to implement or carry out the various illustrative logical blocks, modules and circuits described in connection with the present disclosure.
  • the processor may also be a combination of computing functions, for example, including one or more microprocessor combinations, combinations of digital signal processors and microprocessors, and the like.
  • the communication module 413 can be a transceiver, a transceiver circuit, a communication interface, or the like.
  • the storage module 411 can be a memory.
  • the processing module 412 is a processor
  • the communication module 413 is a communication interface
  • the storage module 411 is a memory
  • the receiving device according to the embodiment of the present invention may be the device shown in FIG.
  • the receiver device 420 includes a processor 422, a communication interface 423, a memory 421, and a bus 424.
  • the communication interface 423, the processor 422, and the memory 421 are connected to each other through a bus 424.
  • the bus 424 may be a PCI bus or an EISA bus.
  • the bus can be divided into an address bus, a data bus, a control bus, and the like. For ease of representation, only one thick line is shown in FIG. 21, but it does not mean that there is only one bus or one type of bus.
  • a computer readable storage medium is stored, where computer execution instructions are stored, and when at least one processor of the device executes the computer to execute an instruction, the device executes the above figure. 3.
  • the information transmission side shown in Figure 8 or Figure 13 The step of the sender or the step of the receiver.
  • a computer program product comprising computer executable instructions stored in a computer readable storage medium; at least one processor of the device may be Reading the storage medium reads the computer execution instructions, and the at least one processor executing the computer execution instructions causes the apparatus to perform the steps of the sender or the receiving side in the information transmission method shown in FIG. 3, FIG. 8, or FIG.
  • a communication system including a sender device and a receiver device.
  • the sender device is the sender device shown in any of Figures 16-18, and/or the receiver device is the receiver device shown in any of Figures 19-21.
  • the sender device is configured to perform the steps of the sender in the information transmission method shown in FIG. 3, FIG. 8 or FIG. 13; the receiver device is configured to execute the information transmission method shown in FIG. 3, FIG. 8 or FIG. The steps in the receiver.
  • the sender device determines a transmission message according to a preset data format, where the transmission message includes the transmitted data and the information of the sender, and then the sender device uses the preset data format to the at least one receiver.
  • the device sends a transmission message, so that when receiving the transmission message, the receiver device can perform security verification on the transmission message according to the information of the sender, thereby ensuring the security of the sender device to send the transmission message.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

Un mode de réalisation de la présente invention concerne un procédé et un dispositif de transmission d'informations, appartenant au domaine technique de la communication. L'invention vise à résoudre le problème lié, dans l'état de la technique, au fait que la sécurité d'un message joué ne peut pas être protégée. Le procédé comprend les étapes suivantes : un expéditeur détermine un message de transmission selon un format de données prédéfini, le message de transmission contenant des données transmises et des informations de l'expéditeur, les informations de l'expéditeur étant utilisées par un récepteur pour vérifier la sécurité du message de transmission ; et l'expéditeur transmet le message de transmission à au moins un récepteur au moyen du format de données prédéfini. Par conséquent, lorsque le récepteur reçoit le message de transmission, le récepteur vérifie la sécurité du message de transmission sur la base des informations relatives de l'expéditeur contenues dans le message de transmission.
PCT/CN2016/103592 2016-10-27 2016-10-27 Procédé et dispositif de tranmission d'informations WO2018076242A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/CN2016/103592 WO2018076242A1 (fr) 2016-10-27 2016-10-27 Procédé et dispositif de tranmission d'informations

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2016/103592 WO2018076242A1 (fr) 2016-10-27 2016-10-27 Procédé et dispositif de tranmission d'informations

Publications (1)

Publication Number Publication Date
WO2018076242A1 true WO2018076242A1 (fr) 2018-05-03

Family

ID=62024251

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2016/103592 WO2018076242A1 (fr) 2016-10-27 2016-10-27 Procédé et dispositif de tranmission d'informations

Country Status (1)

Country Link
WO (1) WO2018076242A1 (fr)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112261002A (zh) * 2020-09-25 2021-01-22 山东浪潮通软信息科技有限公司 数据接口对接的方法及设备
CN114143012A (zh) * 2021-11-26 2022-03-04 北京声智科技有限公司 消息队列管理方法、装置、设备及计算机可读存储介质

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040181689A1 (en) * 2003-03-11 2004-09-16 Satoshi Kiyoto Peer-to-peer communication apparatus and communication method
CN101355564A (zh) * 2008-09-19 2009-01-28 广东南方信息安全产业基地有限公司 一种实现可信局域网及互联网的方法
CN104753865A (zh) * 2013-12-27 2015-07-01 全联斯泰克科技有限公司 基于VoIP协议和CPK协议的互联网通信方法和装置
CN105430640A (zh) * 2015-12-09 2016-03-23 青岛海信移动通信技术股份有限公司 一种短信加密认证方法、终端及系统

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040181689A1 (en) * 2003-03-11 2004-09-16 Satoshi Kiyoto Peer-to-peer communication apparatus and communication method
CN101355564A (zh) * 2008-09-19 2009-01-28 广东南方信息安全产业基地有限公司 一种实现可信局域网及互联网的方法
CN104753865A (zh) * 2013-12-27 2015-07-01 全联斯泰克科技有限公司 基于VoIP协议和CPK协议的互联网通信方法和装置
CN105430640A (zh) * 2015-12-09 2016-03-23 青岛海信移动通信技术股份有限公司 一种短信加密认证方法、终端及系统

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112261002A (zh) * 2020-09-25 2021-01-22 山东浪潮通软信息科技有限公司 数据接口对接的方法及设备
CN112261002B (zh) * 2020-09-25 2022-11-22 浪潮通用软件有限公司 数据接口对接的方法及设备
CN114143012A (zh) * 2021-11-26 2022-03-04 北京声智科技有限公司 消息队列管理方法、装置、设备及计算机可读存储介质

Similar Documents

Publication Publication Date Title
CN107231627B (zh) 一种蓝牙网络及配网方法
CN110177354B (zh) 一种车辆的无线控制方法及系统
CA2956590C (fr) Appareil et procede pour partager une interface de module de securite materiel dans un reseau collaboratif
CN101340443B (zh) 一种通信网络中会话密钥协商方法、系统和服务器
CN107659406B (zh) 一种资源操作方法及装置
KR20170057576A (ko) 차량 헤드 유닛과 외부 기기 연동 시 차량 전용 데이터 채널 보안 서비스 제공 방법 및 그를 위한 장치
WO2017133021A1 (fr) Procédé de traitement de sécurité et dispositif pertinent
JP2021503839A (ja) セキュリティ保護方法および装置
WO2022188027A1 (fr) Procédé et dispositif de communication sécurisée
CN112449323B (zh) 一种通信方法、装置和系统
CN112602290B (zh) 一种身份验证方法、装置和可读存储介质
WO2021120924A1 (fr) Procédé et dispositif d'application de certificats
CN110366175B (zh) 安全协商方法、终端设备和网络设备
JP2008060809A (ja) 車車間通信方法、車車間通信システムおよび車載通信装置
US20150237017A1 (en) Communication Information Transmitting Process and System
CN111050321A (zh) 一种数据处理方法、装置及存储介质
US20050086481A1 (en) Naming of 802.11 group keys to allow support of multiple broadcast and multicast domains
WO2018076798A1 (fr) Procédé et appareil de transmission de données
WO2018076242A1 (fr) Procédé et dispositif de tranmission d'informations
CN111788836B (zh) 数据传输的方法和ble设备
WO2016032752A1 (fr) Procédé et appareil permettant une interopérabilité entre des dispositifs fonctionnant à des niveaux de sécurité différents et chaînes de confiance
WO2018076190A1 (fr) Procédé de communication, terminal, dispositif de plan utilisateur de réseau central et dispositif de réseau d'accès
CN111836260A (zh) 一种认证信息处理方法、终端和网络设备
WO2023050373A1 (fr) Procédé, appareil et système de communication
Braga et al. Implementation issues in the construction of an application framework for secure SMS messages on android smartphones

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16920120

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 16920120

Country of ref document: EP

Kind code of ref document: A1