[go: up one dir, main page]

CN109845185A - A kind of data transmission method, terminal, node device and system - Google Patents

A kind of data transmission method, terminal, node device and system Download PDF

Info

Publication number
CN109845185A
CN109845185A CN201680090122.1A CN201680090122A CN109845185A CN 109845185 A CN109845185 A CN 109845185A CN 201680090122 A CN201680090122 A CN 201680090122A CN 109845185 A CN109845185 A CN 109845185A
Authority
CN
China
Prior art keywords
terminal
digital signature
public key
key
management system
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201680090122.1A
Other languages
Chinese (zh)
Other versions
CN109845185B (en
Inventor
熊晓春
黄正安
付建军
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Publication of CN109845185A publication Critical patent/CN109845185A/en
Application granted granted Critical
Publication of CN109845185B publication Critical patent/CN109845185B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

本发明实施例公开了一种数据传输方法、终端、节点设备以及系统,其中,所述方法包括:第一终端接收第二终端发送的广播安全信息,广播安全信息包括广播消息、第二数字签名、第一数字签名、第一公钥以及系统标识,第一数字签名是密钥管理系统基于第二私钥对第一公钥进行计算得到的,第二数字签名是第二终端基于第一私钥对广播消息进行计算得到的;基于系统标识获取第二公钥,并基于第二公钥对第一数字签名进行校验,当校验成功时,识别第二终端为有效终端;基于第一公钥对第二数字签名进行校验,当校验成功时,对广播消息进行处理。采用本发明实施例,可在确保广播消息来源的合法性基础上减小开销和传输数据量。

Embodiments of the present invention disclose a data transmission method, a terminal, a node device, and a system, wherein the method includes: a first terminal receives broadcast security information sent by a second terminal, and the broadcast security information includes a broadcast message, a second digital signature , a first digital signature, a first public key, and a system identifier. The first digital signature is obtained by the key management system based on the second private key by calculating the first public key, and the second digital signature is obtained by the second terminal based on the first private key. It is obtained by calculating the key pair broadcast message; the second public key is obtained based on the system identifier, and the first digital signature is verified based on the second public key, and when the verification is successful, the second terminal is identified as a valid terminal; based on the first digital signature The public key verifies the second digital signature, and when the verification is successful, the broadcast message is processed. By adopting the embodiments of the present invention, the overhead and the amount of transmitted data can be reduced on the basis of ensuring the legitimacy of the broadcast message source.

Description

PCT国内申请,说明书已公开。PCT domestic application, the description has been published.

Claims (28)

  1. A kind of data transmission method, which is characterized in that the described method includes:
    First terminal receives the broadcast safe information that second terminal is sent, the broadcast safe information includes broadcast message, second digital signature of the broadcast message, first digital signature of the second terminal, first public key of the second terminal and the system banner of key management system, first digital signature is that the key management system is calculated first public key based on the second private key of the key management system, second digital signature is that the second terminal is calculated the broadcast message based on the first private key of the second terminal;
    The first terminal obtains the second public key of the key management system based on the system banner, and is verified based on second public key to first digital signature, when verifying successfully, identifies that the second terminal is effective terminal;
    The first terminal is based on first public key and verifies to second digital signature, when verifying successfully, handles the broadcast message.
  2. The method as described in claim 1, which is characterized in that first digital signature is that the key management system is calculated by effective initial time of the preset signature algorithm to second private key, first public key and first private key.
  3. Method according to claim 2, which is characterized in that the broadcast safe information further includes the generation time of effective initial time and second digital signature;
    The first terminal is obtained based on the system banner before the second public key of the key management system, further includes:
    The first terminal is based on preset time parameter and effective initial time, determines the valid interval of first private key;
    When being located in the valid interval generation time, the first terminal determines that first private key is effective private key.
  4. Method as claimed in claim 3, which is characterized in that the first terminal is based on preset time parameter and effective initial time, before the valid interval for determining first private key, further includes:
    The first terminal obtains the receiving time of the broadcast safe information;
    When the receiving time and the difference generated between the time are less than preset time threshold, trigger the first terminal and be based on the preset time parameter and effective initial time, determine the valid interval of first private key.
  5. Such as the described in any item methods of claim 2~4, which is characterized in that the first terminal is based on second public key and verifies to first digital signature, comprising:
    The first terminal is handled second public key, first public key, effective initial time and first digital signature by preset verification algorithm, obtains the check results of first digital signature;
    When the check results of first digital signature are equal to 1, the first terminal is determined to first digital signature verification success.
  6. The method as described in claim 1, which is characterized in that the first terminal is obtained based on the system banner before the second public key of the key management system, further includes:
    The first terminal is sent to first node equipment trusts acquisition of credentials request, so that the first node equipment is sent to the key management system for credential request information is trusted;
    The first terminal receives the key management system by the feedback information of the first terminal of the first node device forwards, and the feedback information of the first terminal includes updated second public key of the system banner and the key management system.
  7. Method as claimed in claim 6, which is characterized in that the first terminal receives after feedback information of the key management system by the first terminal of the first node device forwards, further includes:
    The first terminal generates the corresponding relationship of the system banner and updated second public key, and stores the system banner and its corresponding updated second public key;
    When original second public key corresponding there are the system banner in the local data base of the first terminal, the first terminal deletes original second public key after by preset duration.
  8. The method of claim 7, which is characterized in that the first terminal obtains the second public key of the key management system based on the system banner, and is verified based on second public key to first digital signature, comprising:
    The first terminal obtains corresponding updated second public key of system banner and original second public key;
    The first terminal is based on updated second public key and verifies to first digital signature, obtains the first check results of first digital signature;
    The first terminal is based on original second public key and verifies to first digital signature, obtains the second check results of first digital signature.
  9. Method according to claim 8, which is characterized in that it is described when verifying successfully, identify that the second terminal is effective terminal, comprising:
    When first check results are equal to 1 or second check results are equal to 1, the first terminal determines that the second terminal is effective terminal.
  10. A kind of data transmission method, which is characterized in that the described method includes:
    First node equipment receives the trust acquisition of credentials request that second terminal is sent;
    The first node equipment requests to send to key management system according to the trust acquisition of credentials trusts credential request information;
    The first node equipment receives the feedback information for the second terminal that the key management system is sent, the feedback information includes the first digital signature for trusting voucher and the second terminal of the second terminal, the trust voucher includes the first private key and the first public key, and first digital signature is that the key management system is calculated first public key based on the second private key of the key management system;
    The feedback information is sent to the second terminal by the first node equipment.
  11. Method as claimed in claim 10, which is characterized in that the first node equipment requests to send before trusting credential request information to key management system according to the trust acquisition of credentials, further includes:
    The first node equipment sends authentication request to second node equipment, so that the second node equipment It whether detects in the local data base of the second node equipment comprising the broadcast service authorization message to the second terminal, when the local data base of the second node equipment includes the broadcast service authorization message to the second terminal, the broadcast service authorization message to the second terminal is sent to the first node equipment by the second node equipment;
    The first node equipment receives the broadcast service authorization message to the second terminal that the second node equipment is sent.
  12. Method as claimed in claim 10, which is characterized in that the first node equipment requests to send to key management system according to the trust acquisition of credentials trusts credential request information, comprising:
    The first node equipment generates the effective initial time for trusting voucher;
    The trust credential request information is sent to the key management system by the first node equipment, and the trust credential request information carries effective initial time.
  13. Method as claimed in claim 12, it is characterized in that, first digital signature is that the key management system is calculated by the second private key, first public key and effective initial time of the preset signature algorithm to the key management system;
    The feedback information includes the second public key of the trust voucher, first digital signature, effective initial time and the key management system.
  14. Method as claimed in claim 10, which is characterized in that the first node equipment receives after the feedback information that the key management system is sent, further includes:
    The first node equipment generates the terminal iidentification of the second terminal and the corresponding relationship of the feedback information, and stores the terminal iidentification and its corresponding feedback information.
  15. A kind of terminal, which is characterized in that the terminal includes:
    Broadcast safe information receiving module, for receiving the broadcast safe information of second terminal transmission, the broadcast safe information includes broadcast message, the second digital signature of the broadcast message, the first digital signature of the second terminal, the first public key of the second terminal and the system banner of key management system, first digital signature be the key management system based on the second private key of the key management system to described What one public key was calculated, second digital signature is that the second terminal is calculated the broadcast message based on the first private key of the second terminal;
    Correction verification module verifies first digital signature for being obtained the second public key of the key management system based on the system banner, and based on second public key, when verifying successfully, identifies that the second terminal is effective terminal;
    The correction verification module is also used to verify second digital signature based on first public key, when verifying successfully, be handled the broadcast message.
  16. Terminal as claimed in claim 15, which is characterized in that first digital signature is that the key management system is calculated by effective initial time of the preset signature algorithm to second private key, first public key and first private key.
  17. Terminal as claimed in claim 16, which is characterized in that the broadcast safe information further includes the generation time of effective initial time and second digital signature;
    The terminal further include:
    Determining module before the second public key for being obtained the key management system based on the system banner for the correction verification module, is based on preset time parameter and effective initial time, determines the valid interval of first private key;
    The determining module is also used to when being located in the valid interval generation time, determines that first private key is effective private key.
  18. Terminal as claimed in claim 17, which is characterized in that the terminal further include:
    Receiving time obtains module, for the determining module based on preset time parameter and effective initial time, before the valid interval for determining first private key, obtains the receiving time of the broadcast safe information;
    The determining module is also used to be based on the preset time parameter and effective initial time when the difference between the receiving time and the generation time is less than preset time threshold, determine the valid interval of first private key.
  19. Such as the described in any item terminals of claim 16~18, which is characterized in that the correction verification module base First digital signature is verified in second public key, is specifically used for:
    Second public key, first public key, effective initial time and first digital signature are handled by preset verification algorithm, obtain the check results of first digital signature;
    When the check results of first digital signature are equal to 1, determine to first digital signature verification success.
  20. Terminal as claimed in claim 15, which is characterized in that the terminal further include:
    Request sending module, before the second public key for obtaining the key management system based on the system banner for the correction verification module, it is sent to first node equipment and trusts acquisition of credentials request, so that the first node equipment is sent to the key management system for credential request information is trusted;
    Feedback information receiving module, for receiving the key management system by the feedback information of the first terminal of the first node device forwards, the feedback information of the first terminal includes updated second public key of the system banner and the key management system.
  21. Terminal as claimed in claim 20, which is characterized in that the terminal further include:
    Memory module, after receiving feedback information of the key management system by the first terminal of the first node device forwards for the feedback information receiving module, the corresponding relationship of the system banner and updated second public key is generated, and stores the system banner and its corresponding updated second public key;
    Removing module, for deleting original second public key after by preset duration when original second public key corresponding there are the system banner in the local data base of the terminal.
  22. Terminal as claimed in claim 21, which is characterized in that the correction verification module obtains the second public key of the key management system based on the system banner, and is verified based on second public key to first digital signature, is specifically used for:
    Obtain corresponding updated second public key of the system banner and original second public key;
    First digital signature is verified based on updated second public key, obtains the first check results of first digital signature;
    First digital signature is verified based on original second public key, obtains first number Second check results of signature.
  23. Terminal as claimed in claim 22, which is characterized in that the correction verification module identifies that the second terminal is effective terminal, be specifically used for when verifying successfully:
    When first check results are equal to 1 or second check results are equal to 1, determine that the second terminal is effective terminal.
  24. A kind of node device, which is characterized in that the node device includes:
    Request receiving module, for receiving the trust acquisition of credentials request of second terminal transmission;
    Solicited message sending module trusts credential request information for requesting to send to key management system according to the trust acquisition of credentials;
    Feedback information receiving module, for receiving the feedback information for the second terminal that the key management system is sent, the feedback information includes the first digital signature for trusting voucher and the second terminal of the second terminal, the trust voucher includes the first private key and the first public key, and first digital signature is that the key management system is calculated first public key based on the second private key of the key management system;
    Feedback information sending module, for the feedback information to be sent to the second terminal.
  25. Node device as claimed in claim 24, which is characterized in that the node device further include:
    Request sending module, it requests to send before trusting credential request information to the key management system according to the trust acquisition of credentials for the solicited message sending module, authentication request is sent to second node equipment, so that whether the second node equipment detects in the local data base of the second node equipment comprising the broadcast service authorization message to the second terminal, when in the local data base of the second node equipment comprising the broadcast service authorization message to the second terminal, broadcast service authorization message to the second terminal is sent to the node device by the second node equipment;
    Authorization message receiving module, the broadcast service authorization message to the second terminal sent for receiving the second node equipment.
  26. Node device as claimed in claim 24, which is characterized in that the solicited message sends mould Block is specifically used for:
    Generate the effective initial time for trusting voucher;
    The trust credential request information is sent to the key management system, the trust credential request information carries effective initial time.
  27. Node device as claimed in claim 26, it is characterized in that, first digital signature is that the key management system is calculated by the second private key, first public key and effective initial time of the preset signature algorithm to the key management system;
    The feedback information includes the second public key of the trust voucher, first digital signature, effective initial time and the key management system.
  28. Node device as claimed in claim 24, which is characterized in that the node device further include:
    Memory module generates the terminal iidentification of the second terminal and the corresponding relationship of the feedback information, and store the terminal iidentification and its corresponding feedback information after receiving the feedback information that the key management system is sent for the feedback information receiving module.
CN201680090122.1A 2016-10-31 2016-10-31 A data transmission method, terminal, node device and system Active CN109845185B (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2016/104139 WO2018076377A1 (en) 2016-10-31 2016-10-31 Data transmission method, terminal, node device and system

Publications (2)

Publication Number Publication Date
CN109845185A true CN109845185A (en) 2019-06-04
CN109845185B CN109845185B (en) 2020-11-10

Family

ID=62024248

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201680090122.1A Active CN109845185B (en) 2016-10-31 2016-10-31 A data transmission method, terminal, node device and system

Country Status (2)

Country Link
CN (1) CN109845185B (en)
WO (1) WO2018076377A1 (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111131494A (en) * 2019-12-31 2020-05-08 上海能塔智能科技有限公司 Vehicle data storage and verification processing method and device, electronic equipment and medium
CN112733128A (en) * 2021-02-06 2021-04-30 深圳市云小白科技有限公司 Centerless Internet of things security authentication method based on asymmetric encryption
CN112822758A (en) * 2020-12-31 2021-05-18 深圳市晨北科技有限公司 Method, device and storage medium for accessing network
CN114554469A (en) * 2022-02-24 2022-05-27 盒马(中国)有限公司 Data transmission method, bluetooth communication device, storage medium, and program product
CN115226060A (en) * 2021-04-16 2022-10-21 华为技术有限公司 Data transmission method and data processing device
WO2023151696A1 (en) * 2022-02-14 2023-08-17 华为技术有限公司 Communication method, communication apparatus, and system

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110521228B (en) * 2017-06-16 2024-04-02 摩托罗拉移动有限责任公司 Malicious unit detection information
CN110826091B (en) * 2018-08-14 2022-05-06 珠海金山办公软件有限公司 File signature method and device, electronic equipment and readable storage medium
CN110311783B (en) * 2019-05-30 2022-09-23 平安科技(深圳)有限公司 User attribution verification method and device based on group signature and computer equipment

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050132195A1 (en) * 2003-12-16 2005-06-16 Josef Dietl Electronic signing apparatus and methods
CN101060480A (en) * 2007-06-04 2007-10-24 武汉理工大学 HORSEI2-based mobile self-organized network safety QoS multicast route creating method
CN101296083A (en) * 2008-05-14 2008-10-29 华为技术有限公司 An encrypted data transmission method and system
CN101610150A (en) * 2009-07-22 2009-12-23 中兴通讯股份有限公司 Third-party digital signature method and data transmission system
CN102263638A (en) * 2010-05-31 2011-11-30 索尼公司 Authentication device, authentication method, program, and signature generation device

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8627073B2 (en) * 2010-03-24 2014-01-07 GM Global Technology Operations LLC Adaptive certificate distribution mechanism in vehicular networks using forward error correcting codes
US8756430B2 (en) * 2011-04-14 2014-06-17 GM Global Technology Operations LLC Exploiting application characteristics for multiple-authenticator broadcast authentication schemes
CN105706390B (en) * 2013-10-30 2020-03-03 三星电子株式会社 Method and apparatus for performing device-to-device communication in a wireless communication network
CN105323753A (en) * 2014-05-30 2016-02-10 中国电信股份有限公司 In-vehicle safety module, vehicular system and method for information interaction between vehicles
CN104683112B (en) * 2015-03-20 2017-12-01 江苏大学 A kind of car car safety communicating method that certification is assisted based on RSU

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050132195A1 (en) * 2003-12-16 2005-06-16 Josef Dietl Electronic signing apparatus and methods
CN101060480A (en) * 2007-06-04 2007-10-24 武汉理工大学 HORSEI2-based mobile self-organized network safety QoS multicast route creating method
CN101296083A (en) * 2008-05-14 2008-10-29 华为技术有限公司 An encrypted data transmission method and system
CN101610150A (en) * 2009-07-22 2009-12-23 中兴通讯股份有限公司 Third-party digital signature method and data transmission system
CN102263638A (en) * 2010-05-31 2011-11-30 索尼公司 Authentication device, authentication method, program, and signature generation device

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111131494A (en) * 2019-12-31 2020-05-08 上海能塔智能科技有限公司 Vehicle data storage and verification processing method and device, electronic equipment and medium
CN111131494B (en) * 2019-12-31 2022-06-03 上海能塔智能科技有限公司 Vehicle data storage and verification processing method and device, electronic equipment and medium
CN112822758A (en) * 2020-12-31 2021-05-18 深圳市晨北科技有限公司 Method, device and storage medium for accessing network
CN112733128A (en) * 2021-02-06 2021-04-30 深圳市云小白科技有限公司 Centerless Internet of things security authentication method based on asymmetric encryption
CN112733128B (en) * 2021-02-06 2022-06-14 深圳市云小白科技有限公司 Centerless Internet of things security authentication method based on asymmetric encryption
CN115226060A (en) * 2021-04-16 2022-10-21 华为技术有限公司 Data transmission method and data processing device
CN115226060B (en) * 2021-04-16 2025-05-23 深圳引望智能技术有限公司 Data transmission method and data processing device
WO2023151696A1 (en) * 2022-02-14 2023-08-17 华为技术有限公司 Communication method, communication apparatus, and system
CN114554469A (en) * 2022-02-24 2022-05-27 盒马(中国)有限公司 Data transmission method, bluetooth communication device, storage medium, and program product

Also Published As

Publication number Publication date
CN109845185B (en) 2020-11-10
WO2018076377A1 (en) 2018-05-03

Similar Documents

Publication Publication Date Title
CN109845185A (en) A kind of data transmission method, terminal, node device and system
CN111869249B (en) Security BLE JUST WORKS pairing method aiming at man-in-the-middle attack
CN106899410B (en) A kind of method and device of equipment identities certification
CN103763356B (en) A kind of SSL establishment of connection method, apparatus and system
CN105188055B (en) wireless network access method, wireless access point and server
CN106130716B (en) Key exchange system and method based on authentication information
US20140298037A1 (en) Method, apparatus, and system for securely transmitting data
WO2018076365A1 (en) Key negotiation method and device
US10277406B1 (en) Authentication process for issuing sequence of short-lived digital certificates
TW201706900A (en) Method and device for authentication using dynamic passwords
WO2009079916A1 (en) A method for generating a key pair and transmitting a public key or a certificate application document securely
CN110943976A (en) A password-based user signature private key management method
CN108234450B (en) A method for identity authentication, a method for terminal registration, a server and a terminal
KR100842267B1 (en) Integrated user authentication server, client and method in a system with multiple authentication means
CN101867929A (en) Authentication method, system, authentication server and terminal device
CN113285932B (en) Method for obtaining edge service, server and edge device
WO2016011588A1 (en) Mobility management entity, home server, terminal, and identity authentication system and method
CN104796255A (en) A safety certification method, device and system for a client end
CN110719292A (en) Connection authentication method and system between edge computing equipment and central cloud platform
CN111698204B (en) Bidirectional identity authentication method and device
CN111314269B (en) Address automatic allocation protocol security authentication method and equipment
KR101749449B1 (en) Two Level Privacy Preserving Pseudonymous Authentication Method for Vehicular Ad-Hoc Network and System Therefor
WO2017206185A1 (en) Method, apparatus and system for verifying legitimacy of application program
CN103986716A (en) Establishment method of SSL connection and communication method and device based on SSL connection
KR101256114B1 (en) Message authentication code test method and system of many mac testserver

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant