CN114462944A

CN114462944A - Logistics safety management method and system based on big data environment application

Info

Publication number: CN114462944A
Application number: CN202210122949.3A
Authority: CN
Inventors: 梁金锋; 董林; 侯云辉
Original assignee: Individual
Current assignee: Individual
Priority date: 2022-02-09
Filing date: 2022-02-09
Publication date: 2022-05-10

Abstract

The invention relates to a logistics safety management method and a logistics safety management system based on big data environment application, wherein a unique user public key is distributed for each user, a first public key sequence is generated in a public key ring according to a public key of a receiver, the receiver further extracts partial public keys in the sequence to generate a second public key sequence for executing a signing authentication function, the second public key sequence is used for signing an associated order mark, a logistics management center confirms the identity of a signer according to ring signature data fed back by a receiver terminal, the locally stored order mark associated with the signer identity information is compared with signature content, if the order mark is matched with the signature content, the current logistics order is judged to be signed by the receiver, the logistics signing operation is finished by using ring signatures, the external anonymity and the true identity of the signer can be recognized only by the logistics management center, and the phenomenon that the signer information is leaked is avoided, The secure signing is realized while the signature forgery is prevented.

Description

Logistics safety management method and system based on big data environment application

Technical Field

The invention relates to the technical field of intelligent logistics, in particular to a logistics safety management method and system based on big data environment application.

Background

In recent years, with the rapid development of economic integration and computer network communication technologies, the logistics industry is greatly promoted, the logistics service level is remarkably improved, and particularly, the logistics industry rapidly grows into a new service industry in the current society due to the appearance of various large-scale e-commerce platforms such as Taobao, Tianmao, Jingdong, Amazon and the like. With the rapid increase of the e-commerce transaction amount, the logistics traffic amount is also exponentially increased. Taking the twenty-one shopping festival in 2020 as an example, the total quantity of 'double 11' logistics orders of cats in 2020 is rated at 23.21 billion, the sum of express delivery quantity in the whole year across the whole year in 2010 is exceeded, meanwhile, 39.65 billions of express are processed by enterprises in China for post and express between 1 and 11 days in 11 months in the year, wherein 6.75 billions of express are processed on 11 days in 11 months, the year-on-year increase is 26.16%, and the innovation history is high. However, the quality of service of logistics enterprises in big data environments is increasingly questioned. User information leakage, low distribution efficiency of the terminal logistics node and cargo loss become main problems faced by logistics enterprises.

Different from the traditional Logistics industry, the Logistics Internet of Things (Logistics Internet of Things) can realize a modern Logistics system with intelligent management and high efficiency by using a plurality of network communication technologies such as RFID, QR code, NFC, D2D and the like. Generally adopting an encryption technology aiming at user information privacy protection and data security, or further reconstructing a traditional data carrier format, and decrypting by a terminal with a specific authority to obtain final logistics information; such as: wealizarin et al proposed an express information privacy protection method based on RSA algorithm (quote: Wealizarin, morning, Lestasy electronic technology application: 2014,40(07)), defining a modified rebalance-RSA to encrypt personal information to improve encryption rate, Duchengjie et al proposed a novel express management system based on encrypted two-dimensional code label (Duchenjie, in Ching, Yao Ying Biao Zhejiang Wanli institute's institute of academic, 2017,30(03)), Zhan Xinweng et al proposed a two-dimensional code technology-based personal information privacy protection logistics system (Zhan, Lihuakang, Yangyao, Sun Zi computer application research. 2016,33(11)) to encrypt personal privacy information and encapsulate the personal information into two-dimensional code, redefine data format, so as to avoid the private information from being revealed, Kqi et al proposed a K-anonymous industry consumer personal protection based on express (in King, 2017, (30)) generalize the privacy information of the client by introducing a K-anonymity model, so that an attacker needs to exclude at least K-1 group of data to determine the relevant information of a corresponding target.

The technical scheme solves the problems of user information protection and data security to a certain extent, but the operation process is too complicated, the logistics progress is inconvenient to update and trace in time, especially the verification of the receiving of the terminal nodes is not strict, false signatures of non-self frequently occur due to the fact that the operation of a postman is not standard, express delivery is caused to be falsely claimed and wrongly claimed, and even the problem that goods are lost under the condition that no signing record exists can not be effectively solved.

Disclosure of Invention

The invention provides a logistics safety management method and system based on big data environment application, aiming at solving the problems of goods signoff authentication defects caused by artificial and imperfect procedures of logistics distribution nodes and over-complex existing safety security measures.

The invention discloses a logistics safety management method based on big data environment application, which specifically comprises the following steps:

the sending party generates an invoice by using the sending terminal and sends the invoice to the logistics management center;

the logistics management center confirms the identity information and the public key of the receiver according to the invoice, further generates a first public key sequence by the position of the public key of the receiver in the public key ring, the first public key sequence is a registered user public key set of a non-receiver extracted from the public key ring, then sends the first public key sequence to the receiver terminal of the receiver, simultaneously generates an order identification encrypted by the public key of the receiver according to the invoice, converts the ciphertext data into a two-dimensional code and sends the two-dimensional code to the sender terminal and the receiver terminal;

the two-dimension code is printed and pasted on the goods by the sending party by using the sending terminal, and then the two-dimension code is sent to the next-level transfer station terminal according to the appointed logistics forwarding path;

when the goods reach the next-stage transfer station, the next-stage transfer station terminal scans the two-dimensional code on the goods and matches the two-dimensional code with the two-dimensional code stored locally, after matching is successful, the local identity information and the two-dimensional code are uploaded to the logistics management center together, and the two-dimensional code is continuously sent to the next-stage transfer station terminal until the goods reach the distribution terminal;

the logistics management center records local identity information of transfer stations at all levels corresponding to the two-dimensional codes to form a forwarding path log of the goods;

the receiving party scans the two-dimensional code on the goods through the receiving terminal, decrypts the two-dimensional code by using a local private key to obtain an order identifier, extracts a first public key sequence bound with the order identifier, selects a part of public keys of the first public key sequence to form a second public key sequence with the receiving party public key, performs ring signature for the order identifier by using the second public key sequence, and sends ring signature data to the logistics management center;

the logistics management center utilizes the second public key sequence in the ring signature data to identify the real identity of the signer, extracts the order identification corresponding to the identity information of the signer after the signature verification is successful and compares the order identification with the signature content, if the order identification is consistent with the signature content, the signing successful message is locally recorded, the message is forwarded to the distribution terminal and the receiving terminal, and otherwise, the signing failed message is sent to the distribution terminal and the receiving terminal.

Further preferably, the public key ring is a virtual ring-shaped storage space constructed by a hash ring, the logistics management center allocates a unique user public key to each registered user, the storage address of the user public key is indexed by a hash value obtained by the user identity through hash operation, and the hash value is mapped into the value space of the hash ring.

Further preferably, the specific generation process of the first public key sequence is as follows:

the logistics management center extracts order numbers and recipient identity identifications recorded in the invoice, executes Hash operation on the recipient identity identifications, indexes recipient public keys in a Hash ring by using generated Hash values, divides the Hash ring into two half rings by using a zero value bit and a middle value bit of the Hash ring, and selects a user public key from the other half ring opposite to the half ring where the recipient public key is located to add into a first public key sequence;

and performing Hash iterative operation for a plurality of times on order numbers, judging the position of a Hash value each time, if the user public key is not stored in the current position, clockwise selecting the user public key on the adjacent position as a to-be-selected object of the Hash operation, further judging whether the to-be-selected object is positioned in a selected semi-ring, if the to-be-selected object is positioned in the selected semi-ring, extracting the to-be-selected object and adding a first public key sequence, otherwise abandoning the to-be-selected object, continuing to perform the Hash operation for the next time, and repeating the operation of selecting the user public keys until the user public keys with the set number and meeting the selection condition are obtained.

Further preferably, the process of the logistics management center using the second public key sequence to identify the signer identity is as follows: and extracting all public keys in the second public key sequence, searching and recording the storage positions of the public keys in the public key rings, if the unique public key is positioned in one half ring and the other public keys are positioned in the other half ring, judging the unique public key in the half ring as the public key of the signer, further acquiring the identity information of the signer by using the public key of the signer, otherwise, indicating that the ring signature data is an invalid signature.

Further preferably, the method further comprises a second public key sequence verification process: after identifying the identity information of the signer, the logistics management center extracts a first public key sequence which is locally stored and corresponds to the identity of the signer, judges whether the public keys of other users except the public key of the signer in the second public key sequence are all contained in the first public key sequence, if so, the second public key sequence is true, otherwise, the second public key sequence is false.

Further preferably, the specific process of the transfer station terminal distributing the goods according to the designated logistics forwarding path is as follows:

after receiving the identity information and the two-dimensional code of the previous-stage transfer station terminal, the logistics management center acquires the identity information of a receiver according to the two-dimensional code, selects a next-stage transfer station on an optimal forwarding path based on the address of the previous-stage transfer station and the address of the receiver, and sends an authorization book containing the identity information of the upper-stage transfer station and the lower-stage transfer station to the previous-stage transfer station terminal, wherein the authorization book is an electronic authorization certificate signed by the logistics management center;

the upper-level transfer station terminal sends the authorization book and the two-dimensional code to the lower-level transfer station terminal according to the identity information of the lower-level transfer station in the authorization book;

when goods arrive at the next-level transfer station, the next-level transfer station terminal scans the two-dimensional codes on the goods and matches the two-dimensional codes stored locally, after matching is successful, the next-level transfer station terminal further checks and signs the authorization book, judges whether the authorization book contains local identity information, if yes, the current-level transfer station is confirmed to be a goods receiving party authorized by the center, the local identity information and the two-dimensional codes are continuously sent to the logistics management center, otherwise, the current-level transfer station does not have goods receiving authority, and error messages are fed back to the logistics management center.

Further preferably, the logistics management center automatically assigns or actively applies for a distribution terminal by a distribution site with distribution capability according to the logistics forwarding path;

when the distribution terminal is actively applied, the distribution site sends a cargo distribution request message containing a cargo two-dimensional code to the logistics management center through the local terminal, the logistics management center judges whether the address of the receiver is located in the distribution administration area of the distribution site, if so, the distribution site is confirmed to be the distribution terminal, the distribution terminal identity information is associated with the cargo two-dimensional code, the distribution confirmation message is sent to the distribution terminal, and if not, the distribution request message is rejected to the terminal of the distribution site.

Further preferably, the method further comprises the following delivery terminal identity authentication process:

the receiving party receives the distribution terminal identity information and the signature thereof shown by the distribution terminal through the receiving terminal, and sends the distribution terminal identity information and the signature thereof to the logistics management center along with the two-dimensional code, and the distribution terminal identity information is signed by the private key of the distribution site;

and the logistics management center checks the signature by using the public key of the distribution site, compares the locally stored distribution terminal identity information associated with the two-dimensional code with the signature content after the signature is successfully checked, if the two-dimensional code is identical with the signature content, the distribution terminal identity authentication is true, otherwise, the distribution terminal identity authentication is false, and the execution of the signature confirmation operation is terminated.

The invention also provides a logistics safety management system, which specifically comprises: the system comprises a logistics management center, a database, a mail sending terminal, a mail receiving terminal, a transfer station terminal and a distribution terminal;

the logistics management center: the system is used for finishing user terminal registration, user account management and user public key negotiation distribution operation, and is responsible for maintaining forwarding services of all levels of transfer station terminals on an appointed logistics forwarding path and distribution signing services of a distribution terminal, confirming identity information of an addressee and a public key thereof according to a delivery order, further generating a first public key sequence by the position of the public key of the addressee in a public key ring, wherein the first public key sequence is a registered user public key set of a non-addressee extracted from the public key ring, then sending the first public key sequence to the addressee terminal, simultaneously generating an order identifier encrypted by the public key of the addressee according to the delivery order, converting ciphertext data into a two-dimensional code, sending the two-dimensional code to the addressee terminal and the addressee terminal, recording local identity information of all levels of transfer stations corresponding to the two-dimensional code, forming a forwarding path log of goods, and identifying the real identity of a signer by using a second public key sequence in ring signature data, after the signature verification is successful, extracting an order identification corresponding to the signer identity information and comparing the order identification with the signature content, if the order identification is consistent with the signature content, locally recording a signature success message, and forwarding the message to a distribution terminal and a receiving terminal, otherwise, sending a signature failure message to the distribution terminal and the receiving terminal;

a database: the system is used for storing the invoice, and an order mark, a receiver public key, a two-dimensional code, a first public key sequence, a forwarding path log of the goods and a signing-in state message which are derived from the invoice;

a mail sending terminal: the system comprises a logistics management center, a lower-level transfer station terminal, a logistics forwarding path and a lower-level transfer station terminal, wherein the logistics management center is used for generating a delivery order and sending the delivery order to the logistics management center, receiving a two-dimensional code sent by the logistics management center, finishing printing and sending the two-dimensional code to the lower-level transfer station terminal according to the specified logistics forwarding path;

receiving the terminal: the system comprises a logistics management center, a local private key, a first public key sequence, a second public key sequence, a ring signature data and a goods signing state message, wherein the logistics management center is used for scanning the two-dimensional code on the goods, decrypting the two-dimensional code by using the local private key to obtain an order mark, extracting the first public key sequence bound with the order mark, selecting a part of public keys of the first public key sequence and a public key of a receiver to form the second public key sequence, performing ring signature for the order mark by using the second public key sequence, sending the ring signature data to the logistics management center, and receiving the goods signing state message fed back by the logistics management center;

a transfer station terminal: the system comprises a logistics management center, a next-stage transfer station terminal, a distribution terminal and a next-stage transfer station terminal, wherein the logistics management center is used for scanning the two-dimensional codes on the goods arriving at the transfer station and matching the two-dimensional codes with the two-dimensional codes stored locally, uploading the local identity information and the two-dimensional codes to the logistics management center after the matching is successful, and continuously sending the two-dimensional codes to the next-stage transfer station terminal until the goods arrive at the distribution terminal;

a distribution terminal: and receiving the goods distribution tasks assigned by the distribution stations, completing goods distribution work according to the recipient addresses provided by the logistics management center, and receiving the goods signing-in state information fed back by the logistics management center.

The logistics safety management method and the system provided by the invention have the advantages that:

distributing a unique user public key for each user, when a certain user is confirmed as a receiver, generating a first public key sequence in the public key ring according to the receiver public key, further extracting part of the public keys in the sequence by the receiver to generate a second public key sequence for executing a sign-in authentication function, and the second public key sequence is used for signing the associated order mark, the logistics management center confirms the identity of the signer by using the ring signature data fed back by the receiver terminal, compares the locally stored order mark associated with the identity information of the signer with the signature content, if the matching is consistent, the current logistics order is judged to be signed by the receiver himself, the logistics signing operation is completed by using the ring signature, and unconditional anonymity is provided to the outside, only the logistics management center can identify the true identity of the signer, so that the information of the signer is prevented from being leaked, and the signature is prevented from being forged, and meanwhile, the safe signing is realized.

A public key ring of a virtual ring storage space is constructed by a hash ring, a user public key is mapped to a corresponding position in the hash ring through a hash value, the hash ring is divided into two half rings, the user public key in a first public key sequence is selected from the position of the half ring where a public key of a non-receiver is located, so that after a logistics management center receives a ring signature, the only public key in a certain half ring can be judged to be the public key of a signer by confirming the position of each public key in a public key ring in a second public key sequence, and the identity of the signer is still unknown for any third party except the logistics management center.

The two-dimensional code is used as a tracking object of the logistics order, actual order information is hidden in the two-dimensional code, the safety of the order information is protected through encryption of a public key of a receiver, the personal privacy of a user can be effectively protected, the logistics path assigned by the logistics management center is obtained in real time through scanning of all levels of terminals, the logistics management center obtains the position of the goods through receiving electronic data of the two-dimensional code, local identity information of all levels of transfer stations corresponding to the two-dimensional code is recorded, a forwarding path log of the goods is formed, and logistics tracing is achieved.

The receiving terminal is used for receiving the distribution terminal identity information and the signature thereof shown by the distribution terminal and sending the distribution terminal identity information and the signature to the logistics management center along with the two-dimensional code, so that the logistics management center can perform identity authentication on the receiving party and the distribution party at the same time, the safety of the last distribution link in the logistics process is guaranteed, the adverse consequences of cargo loss, miscarrying and the like caused by artificial illegal distribution are avoided through an identity authentication mechanism, and the distribution efficiency and the trust of a user to a logistics enterprise are improved.

Drawings

FIG. 1 is a flow chart of a method for logistics safety management provided by the present invention;

fig. 2 is a schematic diagram of a public key ring structure provided in the embodiment of the present invention;

FIG. 3 is a flowchart illustrating the operation of generating a first public key sequence using a public key ring according to an embodiment of the present invention;

FIG. 4 is a schematic diagram of a spatial structure of a first public key sequence generated by using a public key ring according to an embodiment of the present invention;

fig. 5 is an architecture diagram of a logistics security management system based on big data environment application provided by the invention.

Detailed Description

Embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While certain embodiments of the present disclosure are shown in the drawings, it is to be understood that the present disclosure may be embodied in various forms and should not be construed as limited to the embodiments set forth herein, but rather are provided for a more thorough and complete understanding of the present disclosure. It should be understood that the drawings and embodiments of the disclosure are for illustration purposes only and are not intended to limit the scope of the disclosure.

As shown in fig. 1, the present invention provides a logistics security management method based on big data environment application, including:

and the sending party generates an invoice by using the sending terminal and sends the invoice to the logistics management center. The invoice is related information obtained from a shopping order provided by an e-commerce platform, and mainly comprises: order number, article type (such as documents, fresh or clothing fabrics and the like), sending mode (such as express outlets, sending boxes or home delivery and the like), guarantee amount, cargo weight, sending party identity identification, sending party address and contact mode, receiving party identity identification, receiving party address and contact mode, payment mode (sending or receiving payment), payment amount, delivery mode (such as express outlets, sending boxes or home delivery and the like), delivery reservation/delivery time and the like. In this embodiment, the mobile phone number added during the user registration is used as the identity of the sender and the recipient, and the user can log in the terminal by using the mobile phone number as the user ID and can cooperate to complete the verification functions such as mobile phone short messages. The invoice can be encrypted by a private key of the sender, and is decrypted by the logistics management center by using a public key of the sender to obtain a plaintext, or the secure transmission of data is realized by a temporary secret key negotiated and exchanged by the two parties.

After decrypting the ciphertext, the logistics management center confirms the identity of the receiver according to the receiver identity identifier recorded in the delivery bill, extracts the locally stored receiver public key, further generates a first public key sequence by the position of the receiver public key in the public key ring, wherein the first public key sequence is a registered user public key set of a non-receiver extracted from the public key ring, then sends the first public key sequence to the receiver terminal of the receiver, encrypts the first public key sequence through the public key of the receiver, and decrypts by a private key of the receiver terminal to obtain a plaintext.

The public key ring is a virtual ring storage space constructed by a set hash value domain, and a hash ring storage structure is specifically adopted in this embodiment. The logistics management center distributes a unique user public key for each registered user, the storage address of the user public key is indexed by a hash value obtained by the user identity through hash operation, and the hash value is mapped into a value space of a hash ring. As shown in FIG. 2, the constructed hash ring value range is 0-2³²The hash values are distributed in a clockwise circling ascending order among the binary values, the identity identifiers of the users A-E can obtain the hash values through 32-bit hash operation, and the hash values point to the storage areas where the public keys of the users A-E are located on different positions in a ring space correspondingly, so that a virtual ring-shaped storage structure is formed. 2³²The value range of (2) can ensure that any two hash values are not easy to collide, and can sufficiently meet the registration requirements of a large number of users. Meanwhile, the value range can be expanded to 2 according to the requirement of a big data environment⁴⁸The range of bits is even higher, the occurrence of collision is further reduced, the specific position of each user public key does not need to be adjusted for the whole ring space, and the expansion is convenient.

In addition, for the daily maintenance of the user public key, when a user logs off, the corresponding public key data in the public key space needs to be deleted, the storage position in the ring space is set to be NULL, or the specific positions of some public keys can be manually set, for example, if A is set to be 2²²Position-1, B is at 2²²Position-2, C at 2²²3 position, D at 2²²4, the hash value of the user identity identification does not need to be calculated at the moment, or a secondary index relation between the calculated hash value and the manually selected hash value is established, the method can meet the requirement of batch verification of the user identity with the uniform attribute relation, if the positions are not adjacent, the ring-surrounding query operation needs to be executed every time the identity with the same attribute is verified, and the ring-surrounding query only needs to be executed for batch search of public keys adjacent to the positions, so that the working efficiency is improved。

The distribution mode of the user public key has various modes, a public and private key pair can be generated by the logistics management center when the user registers, and the verification and downloading operation can be realized by a mobile phone of a user party through a short message or a mailbox and the like; or obtained after negotiation by both parties, for example, the most common RSA public key generation mechanism is adopted. Selecting two large prime numbers p and q locally by a user terminal, calculating the product n of the two prime numbers to be pq, further calculating the Euler function phi (n) to be (p-1) (q-1), randomly selecting an integer e, and requiring the e to meet the condition: 1 < e < phi (n), and e and phi (n) are relatively prime, and the value of d is calculated according to the equation edmod phi (n) 1, wherein { e, n } is used as a public key and sent to a logistics management center through a local terminal, and { d } is used as a user private key and stored locally, wherein elements p and q can be derived by collecting data with the biological characteristics of the user when the user registers in the terminal. Compared with a distribution mode completely by a logistics management center, the public and private key pair derived by user registration has higher security performance, the operation of distributing the key pair by the logistics management center is simpler, and the public and private key pair and the key pair can be selected preferentially according to actual use scenes and security requirements.

Then, the logistics management center generates an order mark according to the invoice, specifically, a hash value obtained by hash operation of summary information in the invoice can be extracted to serve as the order mark, the ciphertext data is converted into two-dimensional code format data after being encrypted by a public key of a receiver, and the two-dimensional code format data is sent to the sending terminal and the receiving terminal. The logistics management center locally stores a data table related to the logistics order, and the data table at least comprises the following table entries, and objects stored in the table entries are correlated in the database to form a linked list structure.

Order numbering	First public key sequence	Order identification	Two-dimensional code	Path log
					Order No.n	First PK Sequence	Order ID	QR code	Path Log

After the receiving terminal receives the two-dimension code and the corresponding first public key sequence, the ciphertext data converted by the two-dimension code is decrypted by using a local private key to obtain an order identification, and the order identification and the first public key sequence are stored in an associated mode and used for completing acceptance check operation when goods are actually received subsequently.

After the two-dimensional code format data is received by the sender, the two-dimensional code is printed and attached to the goods by using the sender terminal, the printing process can be completed by a printer connected with a network interface of the sender terminal at the moment, and then the two-dimensional code is sent to the next-level transfer station terminal according to the appointed logistics forwarding path.

When the goods arrive at the next-stage transfer station, the next-stage transfer station terminal scans the two-dimensional code on the goods and matches the two-dimensional code stored locally, after matching is successful, the local identity information and the two-dimensional code are uploaded to the logistics management center together, the next-stage transfer station terminal continues to send the two-dimensional code until the goods arrive at the distribution terminal, if matching is unsuccessful, the scanned two-dimensional code data and the local identity information are sent to the logistics management center together with an error report, and the logistics management center verifies the error reason.

In each link of goods forwarding, the logistics management center records local identity information of transfer stations at all levels corresponding to the two-dimensional codes to form a forwarding path log of the goods. Taking the data table format as an example, after receiving two-dimensional code data sent by a certain logistics intermediate node, the logistics management center matches a table entry consistent with the two-dimensional code stored in the database, confirms a logistics order to which the two-dimensional code belongs by using an order identification, and records local identity information of the transfer station node, including key information of the name, the identity identification, the address and the contact way of a transfer station merchant entity store, a goods acceptance checker, acceptance time and the like in a table entry log under the conditions that the identity authentication of the transfer station node is passed and the data is complete, so that the flow direction of goods can be tracked and monitored in real time. Taking the receiver as an example, the receiver terminal sends an order logistics tracking message containing identity authentication data to the logistics management center, and the logistics management center feeds back a specified forwarding path log message to the receiver terminal after successfully verifying the identity of the receiver, so that the receiver can check the logistics progress in real time.

After the goods arrive the delivery website, the delivery service terminal can formalize as express delivery network self-fetching, electronic deposit box self-fetching or home delivery according to the delivery mode. If the courier deposits the goods into the deposit box, the two-dimensional code on the goods is scanned by a scanning area provided by the deposit box, and the two-dimensional code and the identity information of the deposit box are uploaded to a logistics management center, the logistics management center firstly authenticates the identity information of the deposit point, confirms the detailed address of the addressee in the invoice information by the two-dimensional code after confirming that the two-dimensional code is correct, if the deposit box is positioned near or in the jurisdiction of the address of the addressee, the deposit box is authorized to be used as a distribution terminal of the logistics order, and an authorization code is simultaneously sent to a server side of the deposit box and the address terminal. The consignee sends the register information to the designated deposit box according to the register information received by the terminal, and the deposit box can display the electronic two-dimensional code of the goods through the display screen after the authorization code is input and the matching is successful. For users who take goods by themselves or distribute goods by visiting the door, the courier only needs to show the two-dimensional code attached to the goods to the receiver to complete scanning.

The receiving party scans the two-dimensional code on goods or a screen through the receiving terminal, decrypts the two-dimensional code by using a local private key to obtain an order identification, extracts a first public key sequence bound with the order identification, sends an authentication error message to the logistics management center if the first public key sequence is not associated, otherwise selects a part of public keys of the first public key sequence and a public key of the receiving party to form a second public key sequence, executes ring signature for the order identification by using the second public key sequence, and sends ring signature data to the logistics management center.

And generating ring signature data for the order identification by utilizing the second public key sequence. Suppose that the signer arbitrarily chooses N users, each A user, when creating the ring signature_iAll possess a public key PK_iAnd a private key SK_iWe can define a mixing function, e.g.

C_k,v(y₁,y₂,…,y_N) For any set of inputs (y)₁,y₂,…,y_N) All can be solved, but for an attacker, if the trapdoor function g cannot be solved₁,g₂,…,g_NGiven the inverse function of C_k,v(g₁(x₁),g₂(x₂),…,g_N(x_N) X cannot be obtained₁,x₂,…,x_N. This process specifically requires the execution of the following 3 algorithms keyGen (), Sign (), and Verify ().

The key generation algorithm: KeyGen ()

Let keyGen () be a probabilistic polynomial function with input of a set security parameter λ and output of a public key PK_iAnd a private key SK_iThe key pair is generated by the logistics management center and distributed to the user terminal, or obtained through negotiation between the logistics management center and the user terminal, namely, the local public and private key pair of the user terminal can be generated by adopting a classical public key encryption algorithm such as RSA, ElGamal and the like.

Signature algorithm: sign ()

The receiving terminal u uses its own private key SK_uAnd the second public key sequence set is used for signing the information M, wherein the M is order identification data at the moment, and a ring signature sigma is generated.

1. Providing a first public key sequence set L for a signer by a logistics management center₁＝{PK₁,PK₂,…PK_NTherein each PK_iWith a change of y_iCorrelation;

2. receiving pieceThe terminal collects L from the first public key sequence₁Extracting partial public key to obtain public key set { PK₁,PK₂,…PK_TT is less than or equal to N, and a self public key is added to further obtain a second public key sequence set L₂＝{PK₁,PK₂,…PK_T,PK_uAnd the extraction mode can be random or obtained by sequencing through various logic relations.

3. Calculating k ═ H (m), where H denotes a hash operation and k is taken as a symmetric encryption algorithm E_kThe secret key of (a);

4. selecting a random number v, the initial value v belongs to {0,1}^b；

5. Generating a random number x_i(i ═ 1,2, … N, i ≠ u), i.e., the signer assigns a random number x to the public key of all users except self_iAccording to x_iCalculate corresponding y_i＝g(x_i)；

6. Solving equation C_k,v(y₁,y₂,…,y_N) Obtain the corresponding value y of the signer_u；

7. The signer solves the corresponding according to the trapdoor knowledge

8. Generating a ring signature σ ═ (PK) for a (2T +3) tuple₁,PK₂,…PK_T,PK_u,v,x₁,x₂,…,x_T,x_u)。

For an attacker, even if the private keys of all ring members are obtained, the probability that the attacker can correctly judge the true signer does not exceed 1/T + 1. In the process of executing the ring signature, the user can bind the hand-sign data and the order identification on the electronic board and send the binding data and the order identification to the logistics management center, and the order identification and the hand-sign data are marked at intervals through special character strings, so that the order identification field can be conveniently identified. In addition, data with the biological characteristics of the user can be added in the signature, such as parameters with unique characteristic information, such as collected face images and fingerprints, and are also isolated by related special fields.

And the logistics management center identifies the true identity of the signer by using the second public key sequence in the ring signature data. First, extract the public key sequence set { PK in the ring signature σ₁,PK₂,…PK_T,PK_uFinding the position of each public key in the set in the public key ring to confirm the public key PK of the ring signer_u(ii) a Then, executing signature verification algorithm Verify ():

1. according to x_iCalculating y_i＝g(x_i) Obtaining (y)₁,y₂,…,y_T,y_u)；

2. Calculating k ═ h (m);

3. substituting the above parameters into equation C_k,v(y₁,y₂,…,y_T,y_u) And (v) verifying whether the equation is established, if so, indicating that the signature verification is successful, and outputting 'True', otherwise, indicating that the verification is failed, and outputting 'False'.

After the signature is successfully checked, extracting an order mark associated with the public key of the signer and comparing the order mark with an order mark in the signature content M, if the order mark is consistent with the order mark in the signature content M, indicating that the order is confirmed as a receiver to sign, locally recording a sign-in successful message, forwarding the message to a distribution terminal and a receiver terminal, if the order mark is inconsistent with the signature mark in the distribution terminal and the receiver terminal, indicating that the receiver to which the order belongs is inconsistent with an actual receiver, sending a sign-in failure message to the distribution terminal and the receiver terminal, recording a reason for refusing the sign-in the failure message, and performing related processing by a courier or a user according to the message prompted by the terminal. For the signature content M containing the data of the hand sign, the order identification needs to be extracted from the signature content M first, and then the verification is performed.

By utilizing the public key ring structure, the invention provides a method for generating a first public key sequence, which identifies the public key of a signer from a public key set by utilizing different positions of a user public key in the public key ring. As shown in FIG. 4, in the hash ring, there are zero-valued bits and an intermediate value of 2 of the hash ring³²The/2 bit divides it into two half-rings, and the half-rings distribute the public keys.

The specific generation process of the first public key sequence is as follows:

as shown in fig. 3, the logistics management center extracts the order number and the recipient identity recorded in the invoice, performs hash operation on the recipient identity, indexes the recipient public key in the hash ring by using the generated hash value, and selects the user public key from the other half ring opposite to the half ring where the recipient public key is located in the hash ring to add to the first public key sequence. Executing a plurality of times of Hash iterative operations according to order numbers, pointing a Hash value obtained by each operation to a user public key, judging the position of each time of Hash value, if the user public key is not stored in the current position, clockwise selecting the user public keys on adjacent positions as objects to be selected of the Hash operation, further judging whether the objects to be selected are positioned in a selected semi-ring, if the objects to be selected are positioned in the selected semi-ring, extracting the objects to be selected and adding the objects to a first public key sequence, otherwise abandoning the objects to be selected, continuously executing the next Hash operation, and repeatedly executing the user public key selection operation until the user public keys with set number and meeting the selection condition are obtained. The choice of the elements in the first public key sequence allows collisions to occur, i.e. allows more than two elements to be the same, because the probability of repeated collisions is very low, and even if this occurs, there is no effect on the signature as long as the number of elements in the set meets the security requirements.

Taking the case shown in FIG. 3 as an example, the range of the value ranges 0-2³²In the hash ring of (1), 0 bit and 2 bit are added³²The position/2 is empty, the connection line of the two nodes divides the node into two semi-rings in an imaging way, and the value range is divided into 1-2³²2-1 and 2³²/2+1～2³². Firstly, performing hash operation on the recipient identity identifier to obtain a hash value R, and knowing that a public key corresponding to the hash value R is located in the first half-ring, it is necessary to extract a user public key in the second half-ring as an element in the first public key sequence set. When the order number is calculated for the 1 st time to obtain the hash value H1, NULL is displayed at the storage position of H1, and No user public key exists at the storage position, the user public key UserPK No1 at the adjacent position H2 is selected clockwise as an object to be selected for the hash operation, the UserPK No1 is further confirmed to be positioned in the second semi-ring and added into the first public key sequence, and then the second half of the hash value H1 is executedAnd 2 times of Hash iterative operation is carried out to obtain a Hash value H3, the user public key UserPK No2 stored at the position H3 is confirmed to be positioned in the second semi-ring and is added into the first public key sequence, similarly, the 3 rd time of Hash iterative operation is carried out on the Hash value H3 to obtain a Hash value H4, the position H4 is also NULL at the moment, the user public key UserPK No3 at the position H5 adjacent to the position H5 is selected clockwise to be positioned in the first semi-ring, the selection condition is not met, and the next time of Hash operation is continuously carried out. In the process of the 5 th hash operation, the user public key UserPK No5 corresponding to the position H7 is found to be also located in the first half ring, so that the hash value H7 is used to jump to execute the 6 th hash operation to obtain H8, and so on, until all the user public keys meeting the conditions are selected, wherein the number of the user public keys set in the embodiment is 6, so that the generated public key sequences are { UserPK No1, UserPK No2, UserPK No4, UserPK No6, UserPK No7, and UserPK No8}, and all the elements are located in the second half ring.

And the receiving terminal binds the first public key sequence with the order identification after receiving the first public key sequence. And when the scanned goods two-dimensional code is the order mark, searching a corresponding public key sequence, and selecting a part of public keys from the first public key sequence to participate in the ring signature. Assume that the generated second public key sequence is:

{UserPK No1,UserPK No4,UserPK No6,UserPK No8,RecipientPK}

the ring signature is performed using the algorithm mentioned above, and the ring signature σ is (UserPK No1, UserPK No4, UserPK No6, UserPK No8, RecipientPK, v, x)₁,x₄,x₆,x₈,x_R) And sending the data such as the signed order identification to a logistics management center. And if the first public key sequence bound with the order identification is not found after the scanned two-dimensional code is locally decrypted, sending an authentication error message to the logistics management center.

After receiving the signature data, the logistics management center extracts all public keys in the second public key sequence, searches and records the storage positions of the public keys in the public key ring, wherein UserPK No1, UserPK No4, UserPK No6 and UserPK No8 are positioned in the second semi-ring, and only RecipientPK is positioned in the first semi-ring, so that the user identification corresponding to RecipientPK is the real identity of the signer. On the contrary, if there is no unique public key in one of the half rings and the rest public keys are in the other half ring, the specific signer identity information cannot be judged, and the ring signature data is judged to be an invalid signature.

In addition, another different identity authentication mode can be provided according to the received second public key sequence. The logistics management center firstly searches a related table entry in a database according to an order mark in the signature content, if the related table entry is not found, an authentication error message is fed back to the receiving terminal, otherwise, a first public key sequence in the table entry is extracted, a second public key sequence in the ring signature is compared with the first public key sequence, if only a unique user public key is in the second public key sequence and is not contained in the first public key sequence, and then the logistics management center further judges that the user corresponding to the user public key is the real identity of the signer if the user public key is not in the same Hash semi-ring with other user public keys in the second public key sequence. And finally, after the real identity is confirmed, the ring signature verification operation is continuously executed, after the verification is successful, the receiver is judged to sign himself, and a corresponding confirmation message is sent.

In another embodiment provided by the present invention, the logistics forwarding path designated by the transfer station terminal can be directly allocated by the logistics management center, and each transfer station forwards the goods to the next level of logistics node according to the designated path, which specifically comprises the following steps:

after receiving the identity information and the two-dimensional code of the previous-stage transfer station terminal, the logistics management center acquires the identity information of a receiver according to the two-dimensional code, selects a next-stage transfer station on an optimal forwarding path based on the address of the previous-stage transfer station and the address of the receiver, and sends an authorization book containing the identity information of the upper-stage transfer station and the lower-stage transfer station to the previous-stage transfer station terminal, wherein the authorization book is an electronic authorization certificate signed by the logistics management center.

The upper-level transfer station terminal sends the authorization book and the two-dimensional code to the lower-level transfer station terminal according to the identity information of the lower-level transfer station in the authorization book; and the next-stage transfer station terminal stores the two-dimension code and the authorization book received from the same terminal in an associated manner, and calls the related authorization book by using the two-dimension code.

According to the invention, the distribution route is authorized and designated by the logistics management center, the distribution resources can be reasonably optimized according to the distribution range, the station cargo traffic and the like, the address of the receiver and the contact information can be hidden, for each level of transfer stations, the forwarding address of the next transfer station of the logistics order can be obtained from the logistics management center, but the contact information of the receiver cannot be obtained, so that the privacy of users is protected, and the risk of user information leakage is prevented.

In addition, the distribution terminal can be automatically assigned according to the logistics forwarding path or actively applied by a distribution station with distribution capability.

The logistics management center automatically assigns the distribution terminal as a preferred selection according to the logistics forwarding path, generally designates a path end node as the distribution terminal, and also can select a node with less workload adjacent to the commodity circulation as the distribution terminal by referring to the daily commodity circulation so as to improve the utilization rate of distribution resources.

In order to further improve the system security, the method of the invention also comprises the following steps:

and the logistics management center checks the signature by using the public key of the distribution site, compares the locally stored distribution terminal identity information associated with the two-dimensional code with the signature content after the signature is successfully checked, if the signature is the same as the signature, the distribution terminal identity authentication is true, namely the authorized distribution party of the current logistics order is determined as the distribution terminal, and if the signature is not the same as the authorized distribution party of the current logistics order, the distribution terminal identity authentication is false, namely the distribution terminal does not have the distribution task authority, and the signing confirmation operation is terminated. The identity authentication work of the adding and distributing terminal can effectively avoid the express delivery by the agent among couriers, the express delivery can only be managed and provided with distribution service by exclusive personnel, and the condition that goods cannot be traced when being delivered by mistake or lost due to distribution disorder is avoided.

In order to implement the above method, the present invention further provides a logistics security management system, as shown in fig. 5, the system specifically includes: the system comprises a logistics management center, a database, a mail sending terminal, a mail receiving terminal, a transfer station terminal and a distribution terminal.

and (4) distribution terminal: and receiving the goods distribution tasks assigned by the distribution stations, completing goods distribution work according to the recipient addresses provided by the logistics management center, and receiving the goods signing-in state information fed back by the logistics management center.

Although the subject matter has been described in language specific to structural features and/or methodological acts, it is to be understood that the subject matter defined in the appended claims is not necessarily limited to the specific features or acts described above. Rather, the specific features and acts described above are disclosed as example forms of implementing the claims.

Claims

1. A logistics safety management method based on big data environment application is characterized by comprising the following steps:

the sending party prints and applies the two-dimensional code on the goods by using the sending terminal, and then sends the two-dimensional code to the next-level transfer station terminal according to the appointed logistics forwarding path;

2. The logistics security management method based on big data environment application of claim 1, wherein the public key ring is a virtual ring-shaped storage space constructed by a hash ring, the logistics management center allocates a unique user public key to each registered user, the storage address of the user public key is indexed by a hash value obtained by a hash operation through a user identity, and the hash value is mapped into the value space of the hash ring.

3. The logistics safety management method based on big data environment application of claim 2, wherein the specific generation process of the first public key sequence is as follows:

the logistics management center extracts order numbers and recipient identity identifications recorded in the invoice, performs Hash operation on the recipient identity identifications, indexes recipient public keys in a Hash ring by using generated Hash values, divides the Hash ring into two half rings by using zero values and middle values of the Hash ring, and selects a user public key from the other half ring opposite to the half ring where the recipient public key is located to add in a first public key sequence;

4. The logistics safety management method based on big data environment application of claim 3, wherein the logistics management center uses the second public key sequence to identify the identity of the signer by the following steps: and extracting all public keys in the second public key sequence, searching and recording the storage positions of the public keys in the public key rings, if the unique public key is positioned in one half ring and the other public keys are positioned in the other half ring, judging the unique public key in the half ring as the public key of the signer, further acquiring the identity information of the signer by using the public key of the signer, otherwise, indicating that the ring signature data is an invalid signature.

5. The logistics safety management method based on big data environment application of claim 4, further comprising a second public key sequence verification process: after identifying the identity information of the signer, the logistics management center extracts a first public key sequence which is locally stored and corresponds to the identity of the signer, judges whether the public keys of other users except the public key of the signer in the second public key sequence are all contained in the first public key sequence, if so, the second public key sequence is true, otherwise, the second public key sequence is false.

6. The logistics safety management method based on big data environment application of claim 1, wherein the specific process of the transfer station terminal distributing goods according to the designated logistics forwarding path is as follows:

when the goods arrive at the next-stage transfer station, the next-stage transfer station terminal scans the two-dimensional code on the goods and matches the two-dimensional code stored locally, after matching succeeds, the authorization book is further checked and signed, whether the authorization book contains local identity information or not is judged, if yes, the current-stage transfer station is confirmed to be a goods receiving party authorized by the center, the local identity information and the two-dimensional code are continuously sent to the logistics management center, otherwise, the current-stage transfer station does not have goods receiving authority, and an error message is fed back to the logistics management center.

7. The logistics safety management method based on big data environment application of claim 1, wherein the logistics management center automatically assigns or is actively applied by a distribution site with distribution capability as a distribution terminal according to a logistics forwarding path;

8. The logistics safety management method based on big data environment application of claim 7, further comprising a distribution terminal identity authentication process:

9. A logistics security management system, the system comprising: the system comprises a logistics management center, a database, a mail sending terminal, a mail receiving terminal, a transfer station terminal and a distribution terminal;