CN118250061A - A domestic encrypted digital authentication protection method for charging and swapping systems - Google Patents

A domestic encrypted digital authentication protection method for charging and swapping systems Download PDF

Info

Publication number
CN118250061A
CN118250061A CN202410380200.8A CN202410380200A CN118250061A CN 118250061 A CN118250061 A CN 118250061A CN 202410380200 A CN202410380200 A CN 202410380200A CN 118250061 A CN118250061 A CN 118250061A
Authority
CN
China
Prior art keywords
charging
digital
user
swapping
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202410380200.8A
Other languages
Chinese (zh)
Inventor
曹林敏
黄俊帅
胡烨辉
张周铭
吴俞宏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangdong Haoyidian Technology Co ltd
Original Assignee
Guangdong Haoyidian Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangdong Haoyidian Technology Co ltd filed Critical Guangdong Haoyidian Technology Co ltd
Priority to CN202410380200.8A priority Critical patent/CN118250061A/en
Publication of CN118250061A publication Critical patent/CN118250061A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The invention is applicable to the technical field of data security, and provides a domestic cryptographic digital authentication protection method of a charging and changing system, which comprises the following steps: the user carries out digital authentication through the terminal equipment, and enters a system to carry out content request after the authentication is passed, and configuration information is generated according to the content request; carrying out hash operation and digital signature on the content request and the configuration information, encrypting and transmitting to a server, and decrypting and verifying after the server receives the content request and the configuration information; the invention is based on the combination of digital authentication protection and a charging and changing system, can effectively prevent the charging operation of an unauthorized person through the digital authentication protection, ensure the safety of user information and funds, prevent malicious attack and data leakage, and can effectively ensure the integrity of information only through carrying out digital signature on a content request, prevent data tampering and fraudulent conduct, reduce risks and cost, be favorable for simplifying the management flow of charging and changing business and improve the operation efficiency.

Description

一种充换电系统国产密码化数字认证保护方法A domestic encrypted digital authentication protection method for charging and swapping systems

技术领域Technical Field

本发明属于数据安全技术领域,尤其涉及一种充换电系统国产密码化数字认证保护方法。The present invention belongs to the field of data security technology, and in particular relates to a domestic encrypted digital authentication protection method for a charging and swapping system.

背景技术Background technique

随着网络技术快速发展,其应用也在各兴业中广泛铺开,在带来便利得同时,也暴露除诸多的安全问题,用户对于网络数据隐私关注度越来越高。With the rapid development of network technology, its applications have been widely spread in various industries. While bringing convenience, it has also exposed many security issues. Users are paying more and more attention to the privacy of network data.

在电动自行车充换电系统中,现有技术可能包括基于RFID(射频识别)或NFC(近场通讯)的身份认证系统。这些技术方案利用无线通讯技术来实现用户身份的确认和授权,确保只有经过认证的用户才能进行电池充换电操作。然而,这些现有技术也存在一些缺点,例如安全性相对较低,存在被仿冒或篡改的风险;另外,RFID或NFC技术的数据传输距离相对有限,容易受到信号干扰或窃听攻击;此外,由于部分现有技术依赖于国外厂商的相关设备和技术标准,因此可能存在供应链可控性低、信息泄漏的隐患。In the charging and swapping system of electric bicycles, existing technologies may include identity authentication systems based on RFID (radio frequency identification) or NFC (near field communication). These technical solutions use wireless communication technology to confirm and authorize user identities, ensuring that only authenticated users can perform battery charging and swapping operations. However, these existing technologies also have some disadvantages, such as relatively low security and the risk of being counterfeited or tampered with; in addition, the data transmission distance of RFID or NFC technology is relatively limited, and it is susceptible to signal interference or eavesdropping attacks; in addition, since some existing technologies rely on relevant equipment and technical standards of foreign manufacturers, there may be hidden dangers of low supply chain controllability and information leakage.

因此,为解决上述问题,现提出一种充换电系统国产密码化数字认证保护方法。Therefore, in order to solve the above problems, a domestic encrypted digital authentication protection method for a charging and swapping system is proposed.

发明内容Summary of the invention

本发明提供一种充换电系统国产密码化数字认证保护方法,旨在解决现有的数字认证方法安全性较低的问题。The present invention provides a domestic encrypted digital authentication protection method for a charging and swapping system, aiming to solve the problem of low security of existing digital authentication methods.

本发明是这样实现的,一种充换电系统国产密码化数字认证保护方法,包括以下步骤:包括以下步骤:The present invention is implemented as follows: a domestic encrypted digital authentication protection method for a charging and swapping system comprises the following steps:

用户通过终端设备进行数字认证,认证通过后进入系统进行内容请求,根据内容请求生成配置信息;The user performs digital authentication through the terminal device, enters the system to make content requests after passing the authentication, and generates configuration information based on the content requests;

对内容请求和配置信息进行哈希运算和数字签名,加密后传输至服务器,服务器接收后进行解密、验证;Perform hash operations and digital signatures on content requests and configuration information, encrypt them and transmit them to the server, which then decrypts and verifies them.

服务器响应内容请求并执行处理,将响应结果进行哈希运算和数字签名,加密后传输至用户的终端设备进行解密、验证。The server responds to the content request and performs processing, hashing and digitally signing the response, encrypting it and transmitting it to the user's terminal device for decryption and verification.

优选的,还包括:获取用户的注册/登录请求并进行身份验证,确定用户的身份信息是否具备唯一性。Preferably, the method further includes: obtaining a registration/login request from a user and performing identity verification to determine whether the user's identity information is unique.

优选的,还包括:配置用户的身份信息和数字证书,对数字证书进行认证和数字签名,并对数字签名进行验签。Preferably, the method further includes: configuring the user's identity information and digital certificate, authenticating and digitally signing the digital certificate, and verifying the digital signature.

优选的,还包括:在验证数字证书后,进一步验证数字证书的有效期、颁发机构等信息。Preferably, the method further includes: after verifying the digital certificate, further verifying information such as the validity period and issuing authority of the digital certificate.

优选的,还包括:根据终端设备的识别结果,对用户的身份信息和数字证书配置缓存区和擦除规则。Preferably, the method further includes: configuring a cache area and erasure rules for the user's identity information and digital certificate according to the identification result of the terminal device.

优选的,还包括:将部分或全部的身份信息、数字证书和控制逻辑部署在充换电设备终端,通过充换电设备终端进行本地化认证与控制。Preferably, it also includes: deploying part or all of the identity information, digital certificates and control logic in the charging and swapping equipment terminal, and performing localized authentication and control through the charging and swapping equipment terminal.

与现有技术相比,本发明的有益效果是:Compared with the prior art, the present invention has the following beneficial effects:

本发明基于数字认证保护和充换电系统结合,通过数字认证保护能够有效地防止未经授权者进行充电操作,保障用户信息和资金的安全,防范恶意攻击和数据泄露,并通过对内容请求进行数字签名,能够有效地保证才做信息的完整性,防止数据篡改和欺诈行为,增强电子认证的身份验证强度从而减少了虚假认证和身份盗窃的风险,并确保只有授权用户能够访问特定资源,降低风险和成本,有利于简化充换电业务的管理流程,提高运营效率。The present invention is based on the combination of digital authentication protection and charging and swapping systems. Through digital authentication protection, it can effectively prevent unauthorized persons from performing charging operations, ensure the security of user information and funds, prevent malicious attacks and data leakage, and digitally sign content requests to effectively ensure the integrity of information, prevent data tampering and fraud, enhance the identity authentication strength of electronic authentication, thereby reducing the risk of false authentication and identity theft, and ensure that only authorized users can access specific resources, reduce risks and costs, and help simplify the management process of charging and swapping services and improve operational efficiency.

附图说明BRIEF DESCRIPTION OF THE DRAWINGS

图1为本发明的流程示意图。FIG. 1 is a schematic diagram of the process of the present invention.

具体实施方式Detailed ways

为了使本发明的目的、技术方案及优点更加清楚明白,以下结合附图及实施例,对本发明进行进一步详细说明。应当理解,此处所描述的具体实施例仅仅用以解释本发明,并不用于限定本发明。In order to make the purpose, technical solution and advantages of the present invention more clearly understood, the present invention is further described in detail below in conjunction with the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are only used to explain the present invention and are not intended to limit the present invention.

充换电系统执行充换电交易业务、账号服务业务、财务管理业务、支付业务;The charging and swapping system performs charging and swapping transaction services, account service services, financial management services, and payment services;

充换电交易业务包括订单、充值、退款、分成、订单结算、钱包、流水在内的充换电交易业务,对充换电交易业务使用SM4算法进行对称加解密,保护隐私信息;The charging and swapping transaction business includes orders, recharges, refunds, profit sharing, order settlement, wallets, and transaction flow. The charging and swapping transaction business uses the SM4 algorithm for symmetric encryption and decryption to protect privacy information;

账号服务业务包括用户信息管理(C端用户管理、租户管理、桩主管理、物业用户管理、平台管理用户管理)、权限管理,账号服务业务执行,调用SM2算法实现登录过程签名验签,实现国密合规的安全登录;Account service business includes user information management (C-end user management, tenant management, pile owner management, property user management, platform management user management), permission management, account service business execution, calling SM2 algorithm to implement signature verification during login process, and realize secure login in compliance with national encryption;

财务管理业务包括资金交易功能管理、结算功能管理、钱包功能管理、财务统计分析管理,对财务管理业务使用SM4算法进行对称加解密,保护隐私信息;Financial management services include fund transaction management, settlement management, wallet management, and financial statistics and analysis management. The SM4 algorithm is used for symmetric encryption and decryption of financial management services to protect privacy information.

支付业务集成多渠道支付能力功能,对支付业务使用SM4算法进行对称加解密,保护隐私信息。The payment service integrates multi-channel payment capabilities, uses the SM4 algorithm for symmetric encryption and decryption of payment services to protect privacy information.

请参阅图1,针对上述充换电系统,提出一种充换电系统国产密码化数字认证保护方法,包括以下步骤:Please refer to FIG1 . For the above-mentioned charging and swapping system, a domestic encrypted digital authentication protection method for the charging and swapping system is proposed, which includes the following steps:

S1、获取用户的注册/登录请求并进行身份验证,确定用户的身份信息是否具备唯一性;S1. Obtain the user's registration/login request and perform identity authentication to determine whether the user's identity information is unique;

其中,还包括获取用户进行注册/登录请求的终端设备的标识,对终端设备进行识别,所述终端设备包括PC端、移动终端和充电设备终端(充电桩),所述标识为终端设备的编码和信息,所述终端设备的信息包括型号、品牌;The method also includes obtaining the identifier of the terminal device through which the user makes a registration/login request, and identifying the terminal device, wherein the terminal device includes a PC terminal, a mobile terminal, and a charging device terminal (charging pile). The identifier is the code and information of the terminal device, and the information of the terminal device includes the model and brand.

具体的,用户通过终端设备进入系统应用后,系统参数初始化,通过SM2算法生成公钥;Specifically, after the user enters the system application through the terminal device, the system parameters are initialized and the public key is generated through the SM2 algorithm;

用户通过浏览器、小程序和APP,在系统的应用界面中输入身份信息,身份信息包括用户名称、密码、手机号、身份证号;Users enter their identity information in the system's application interface through browsers, mini-programs, and apps. The identity information includes user name, password, mobile phone number, and ID number;

身份信息输入后,通过公钥对用户的身份信息进行加密,服务器获取加密后的身份信息,再通过公钥进行解密,解密后的用户信息在数据库中查询,验证身份信息的唯一性,若已被注册,则反馈至用户进行登录,若未注册,则为用户生成对应的私钥,并发送至用户终端进行注册;After the identity information is entered, the user's identity information is encrypted by the public key. The server obtains the encrypted identity information and then decrypts it by the public key. The decrypted user information is queried in the database to verify the uniqueness of the identity information. If it has been registered, it will be fed back to the user for login. If it has not been registered, a corresponding private key will be generated for the user and sent to the user terminal for registration.

S2、配置用户的身份信息和数字证书,对数字证书进行认证和数字签名,并对数字签名进行验签;S2. Configure the user's identity information and digital certificate, authenticate and digitally sign the digital certificate, and verify the digital signature;

若用户的身份信息未被注册,则向数字证书颁发机构提交公钥和身份信息,验证用户身份后,将公钥与身份信息绑定生成数字证书,通过公钥加密生成数字签名,由服务器进行解密,验证数字签名和数字证书的一致性;If the user's identity information has not been registered, the public key and identity information are submitted to the digital certificate issuing authority. After verifying the user's identity, the public key and identity information are bound to generate a digital certificate. The digital signature is generated through public key encryption, and the server decrypts it to verify the consistency of the digital signature and the digital certificate.

其中,在验证数字证书后,进一步验证数字证书的有效期、颁发机构等信息,确保数字证书的有效性;After verifying the digital certificate, further verify the validity period, issuing authority and other information of the digital certificate to ensure the validity of the digital certificate;

数字证书中还包含用户的数字身份信息,该数字身份信息通过加密算法保护,仅可由数字证书颁发机构(CA)或授权机构解密和验证,以进一步保护用户的身份信息安全;The digital certificate also contains the user's digital identity information, which is protected by an encryption algorithm and can only be decrypted and verified by a digital certificate authority (CA) or an authorized agency to further protect the user's identity information security;

S3、根据终端设备的识别结果,对用户的身份信息和数字证书配置缓存区和擦除规则;S3. Configure a cache area and erasure rules for the user's identity information and digital certificate based on the identification result of the terminal device;

若用户通过PC端、移动终端、充电设备终端发出请求,客户端和服务器建立安全链接,将身份信息和数字证书部署在终端设备的存储设备上,通过用户身份信息和密码加密私钥,并将其存储在服务器上;充电设备终端在单次使用结束或退出登录后,将身份信息和数字证书以及数字签名和私钥从存储设备擦除;If the user sends a request through a PC, mobile terminal, or charging device terminal, the client and server establish a secure link, deploy the identity information and digital certificate on the storage device of the terminal device, encrypt the private key with the user's identity information and password, and store it on the server; after a single use or logout, the charging device terminal erases the identity information, digital certificate, digital signature, and private key from the storage device;

S4、用户通过终端设备进行数字认证,认证通过后进入系统进行内容请求,根据内容请求生成配置信息;S4. The user performs digital authentication through the terminal device, enters the system to make a content request after passing the authentication, and generates configuration information according to the content request;

数字认证登录过程中,结合多因素认证机制,如密码、指纹生物识别、动态验证码或其他个人身份识别信息来进行登录身份认证,以增强认证的安全性;During the digital authentication login process, a multi-factor authentication mechanism is used, such as a password, fingerprint biometrics, dynamic verification code or other personal identification information to perform login identity authentication to enhance the security of authentication;

所述内容请求包括充换电交易业务、账号服务业务、财务管理业务和支付业务的相关请求,所述充换电交易业务的内容请求包括生成订单、账户充值、退款处理、分成结算、订单结算、流水记录等充换电操作请求;所述账号服务业务的内容请求包括用户管理、信息管理和权限管理在内的账号管理操作请求,其中用户管理和信息管理包含用户、租户、桩主、物业、平台等多方面的人员和信息管理;所述财务管理业务的内容请求包括资金交易功能、结算功能、钱包功能、财务统计分析在内的交易操作请求;所述支付业务的内容请求包括多渠道的支付操作请求;The content requests include related requests for charging and swapping transaction services, account service services, financial management services and payment services. The content requests for charging and swapping transaction services include charging and swapping operation requests such as generating orders, account recharge, refund processing, profit-sharing settlement, order settlement, and transaction records; the content requests for account service services include account management operation requests including user management, information management, and authority management, wherein user management and information management include personnel and information management of users, tenants, pile owners, properties, platforms, and other aspects; the content requests for financial management services include transaction operation requests including fund transaction functions, settlement functions, wallet functions, and financial statistical analysis; the content requests for payment services include payment operation requests through multiple channels;

所述配置信息包括业务信息及其配置变更;The configuration information includes business information and configuration changes thereof;

S5、对内容请求和配置信息进行哈希运算和数字签名,加密后传输至服务器,服务器接收后进行解密、验证;S5. Perform hash operation and digital signature on the content request and configuration information, encrypt and transmit to the server, and the server decrypts and verifies after receiving;

具体的,对内容请求和配置信息的明文进行哈希运算,得到信息摘要;Specifically, a hash operation is performed on the plain text of the content request and the configuration information to obtain an information digest;

通过SM4算法,由用户的私钥对信息摘要进行加密,获得数字签名;The information summary is encrypted by the user's private key through the SM4 algorithm to obtain a digital signature;

随机产生一个密钥,通过密钥对内容请求和配置信息进行加密,形成密文;A key is randomly generated, and the content request and configuration information are encrypted using the key to form a ciphertext;

通过SM4算法,由服务器的公钥对随机产生的密钥进行加密,将加密后的密钥连同密文一起传输;The randomly generated key is encrypted by the server's public key through the SM4 algorithm, and the encrypted key is transmitted together with the ciphertext;

服务器通过私钥对加密后的密钥进行解密,获得密钥,并通过密钥对密文进行解密,获得内容请求和配置信息的明文;The server decrypts the encrypted key using the private key to obtain the key, and decrypts the ciphertext using the key to obtain the plaintext of the content request and configuration information;

再通过用户的公钥对内容请求和配置信息的明文进行相同的哈希运算,获得一个新的信息摘要;Then, the user's public key is used to perform the same hash operation on the plain text of the content request and configuration information to obtain a new information digest;

将解密获得的信息摘要与新的信息摘要比较是否一致,验证数据是否被修改;Compare the information digest obtained by decryption with the new information digest to see if they are consistent and verify whether the data has been modified;

S6、服务器响应内容请求并执行处理,将响应结果进行哈希运算和数字签名,加密后传输至用户的终端设备进行解密、验证;S6. The server responds to the content request and performs processing, performs hashing and digital signature on the response result, encrypts it and transmits it to the user's terminal device for decryption and verification;

具体的,服务器对响应后的内容请求进行处理,并对响应结果的明文信息进行哈希运算,得到信息摘要;Specifically, the server processes the content request after the response, and performs a hash operation on the plain text information of the response result to obtain an information summary;

通过SM4算法,由服务器的私钥对信息摘要进行加密,获得数字签名;The information summary is encrypted by the server's private key through the SM4 algorithm to obtain a digital signature;

随机产生一个密钥,通过密钥对响应结果进行加密,形成密文;A key is randomly generated and the response result is encrypted with the key to form a ciphertext;

通过SM4算法,由用户的公钥对随机产生的密钥进行加密,将加密后的密钥连同密文一起传输;Through the SM4 algorithm, the randomly generated key is encrypted by the user's public key, and the encrypted key is transmitted together with the ciphertext;

用户通过私钥对加密后的密钥进行解密,获得密钥,并通过密钥对密文进行解密,获得内容请求的响应结果明文;The user decrypts the encrypted key with the private key to obtain the key, and decrypts the ciphertext with the key to obtain the plaintext response result of the content request;

再通过服务器的公钥对响应结果的明文进行相同的哈希运算,获得一个新的信息摘要;Then use the server's public key to perform the same hash operation on the plaintext of the response result to obtain a new information summary;

将解密获得的信息摘要与新的信息摘要比较是否一致,验证数据是否被修改。Compare the decrypted information digest with the new information digest to see if they are consistent and verify whether the data has been modified.

进一步的,步骤S3还包括:将部分或全部的身份信息、数字证书和控制逻辑部署在充换电设备终端,通过充换电设备终端进行本地化认证与控制,确保在没有可靠网络连接的情况下也能够进行安全的充换电操作;Furthermore, step S3 also includes: deploying part or all of the identity information, digital certificates and control logic in the charging and swapping equipment terminal, and performing localized authentication and control through the charging and swapping equipment terminal to ensure that safe charging and swapping operations can be performed even without a reliable network connection;

进一步的,步骤S5还包括:终端设备出现充换电操作时,终端设备和服务器分别根据运算因子生成一个用于认证的一次性的动态口令,服务器对生成的动态口令进行比对,完成动态口令认证;Further, step S5 also includes: when the terminal device performs a charging or swapping operation, the terminal device and the server respectively generate a one-time dynamic password for authentication according to the operation factor, and the server compares the generated dynamic password to complete the dynamic password authentication;

具体的,内容请求中包含充换电操作时,根据与服务器之间的共享密钥、随机参数和密码算法,生成一个一次性的动态口令,并与内容请求和配置信息执行步骤S5;Specifically, when the content request includes a charging or swapping operation, a one-time dynamic password is generated according to the shared key, random parameters and cryptographic algorithm between the server and the content request and configuration information, and step S5 is performed;

服务器解密后,根据共享密钥、同一随机参数和相同的密码算法在内的运算因子,生成一个一次性的动态口令,并与解密获得的动态口令进行比对,若比对结果一致,则对充换电操作的请求作出响应,提高充换电操作的安全性。After decryption, the server generates a one-time dynamic password based on the shared key, the same random parameters and the same cryptographic algorithm, and compares it with the dynamic password obtained by decryption. If the comparison results are consistent, the server responds to the request for charging and swapping operations, thereby improving the security of the charging and swapping operations.

上述的充换电系统国产密码化数字认证保护方法应用于充换电系统,涉及充换电系统以下业务:The above-mentioned domestic encrypted digital authentication protection method for the charging and swapping system is applied to the charging and swapping system, involving the following businesses of the charging and swapping system:

1、用户信息管理及身份验证:用户首先需要进行身份验证,调用SM2算法进行注册、登录过程的数字签名和验签,通过密码、指纹扫描、人脸识别等方式确认用户的身份信息,可以确保只有经过正确认证的用户才能进行账号服务业务操作及充换电的充电业务操作。1. User information management and identity authentication: Users first need to authenticate their identities and call the SM2 algorithm to perform digital signatures and verification during the registration and login process. The user's identity information is confirmed through passwords, fingerprint scanning, face recognition, etc. This ensures that only users who have been correctly authenticated can perform account service operations and charging and swapping business operations.

2、生成订单:用户选择充换电服务后,系统产生对应的充电业务订单和换电业务订单,充电业务订单记录充电开始时间、充电桩编号、初始电量、充电量等相关信息,换电业务订单包括换电开始时间、充电桩编号、电池编码、电池电量,调用SM4算法对数据进行加密、解密,保护隐私信息,在订单生成后,对订单信息进行数字签名加密,保证订单信息的完整性和可信度。2. Generate an order: After the user selects the charging and battery swapping service, the system generates corresponding charging business orders and battery swapping business orders. The charging business order records the charging start time, charging pile number, initial power, charging amount and other related information. The battery swapping business order includes the battery swapping start time, charging pile number, battery code, battery power, and calls the SM4 algorithm to encrypt and decrypt the data to protect privacy information. After the order is generated, the order information is digitally signed and encrypted to ensure the integrity and credibility of the order information.

3、账户充值:用户进行账户充值操作,调用SM4算法对用户的充值请求进行数字认证,包括用户身份的确认和交易数据的安全传输。3. Account recharge: When a user recharges his account, the SM4 algorithm is called to digitally authenticate the user's recharge request, including confirmation of the user's identity and secure transmission of transaction data.

4、退款处理:当用户需要退款时,调用SM4算法通过数字认证确保退款申请的合法性,并执行相应的退款操作。4. Refund processing: When a user needs a refund, the SM4 algorithm is called to ensure the legitimacy of the refund application through digital authentication and perform the corresponding refund operation.

5、分成结算:如有相关合作伙伴或第三方参与充电业务,涉及到对充电收益的分成,调用SM4算法对结算操作进行数字认证以确保合作方的权益。5. Profit sharing and settlement: If there are relevant partners or third parties involved in the charging business, which involves sharing the charging revenue, the SM4 algorithm is called to digitally authenticate the settlement operation to ensure the rights and interests of the partners.

6、钱包管理:用户的账户内会持有一定金额的余额,进行充电时需要对余额做相应的扣减操作,调用SM4算法进行数字认证后,才能进行扣减操作。6. Wallet management: The user's account will hold a certain amount of balance. When charging, the balance needs to be deducted accordingly. The deduction operation can only be performed after calling the SM4 algorithm for digital authentication.

7、流水记录:记录用户的充电流水,包括充电时间、充电地点、充电消费等详细信息,统计过程中,调用SM4算法进行相应的数字签名确保数据的完整性。7. Flow record: record the user's charging flow, including charging time, charging location, charging consumption and other detailed information. During the statistical process, call the SM4 algorithm for corresponding digital signature to ensure the integrity of the data.

上业务流程中,通过充换电系统国产密码化数字认证保护方法可以确保充电业务的安全性、可信度和用户隐私的保护。In the above business process, the domestic encrypted digital authentication protection method of the charging and swapping system can ensure the security, credibility and user privacy of the charging business.

充换电系统国产密码化数字认证保护方法在电动自行车充换电业务流程中具有以下优点和有益效果:The domestic encrypted digital authentication protection method for charging and swapping systems has the following advantages and beneficial effects in the charging and swapping business process of electric bicycles:

1.安全性提升:数字认证能够有效地防止未经授权者进行充电操作,保障用户信息和资金的安全,防范恶意攻击和数据泄露;1. Improved security: Digital authentication can effectively prevent unauthorized persons from performing charging operations, protect the security of user information and funds, and prevent malicious attacks and data leaks;

2.数据完整性保障:通过数字签名等技术手段可以保证业务订单、充值、退款、分成、结算等操作信息的完整性,有效防止数据篡改和欺诈行为;2. Data integrity assurance: Digital signatures and other technical means can ensure the integrity of business orders, recharges, refunds, profit sharing, settlement and other operational information, effectively preventing data tampering and fraud;

3.方便快捷:用户可以通过密码、指纹或人脸识别等方式进行身份验证和交易确认,相比传统方式更加方便迅速;3. Convenient and fast: Users can authenticate their identities and confirm transactions through passwords, fingerprints or face recognition, which is more convenient and faster than traditional methods;

4.提升信任度:数字认证可以让用户对充电业务的安全和可靠性更加信任,促进用户的使用和消费意愿;4. Improve trust: Digital authentication can make users more confident in the safety and reliability of charging services, and promote users' willingness to use and consume;

5.合规性和法律风险降低:采用数字认证可以更好地满足相关合规性要求,并降低涉及充电业务的法律风险;5. Compliance and legal risk reduction: Digital certification can better meet relevant compliance requirements and reduce legal risks involved in charging business;

6.降低管理成本:数字认证的应用可以简化充电业务的管理流程,减少人力资源成本,提高运营效率;6. Reduce management costs: The application of digital authentication can simplify the management process of charging business, reduce human resource costs and improve operational efficiency;

综上所述,充换电系统国产密码化数字认证保护方法在电动自行车充换电业务流程中的应用将提升安全性、可靠性和便捷性,同时带来更高的用户体验和管理效率。To sum up, the application of domestic encrypted digital authentication protection methods for charging and swapping systems in the electric bicycle charging and swapping business processes will improve safety, reliability and convenience, while bringing higher user experience and management efficiency.

以上所述仅为本发明的较佳实施例而已,并不用以限制本发明,凡在本发明的精神和原则之内所作的任何修改、等同替换和改进等,均应包含在本发明的保护范围之内。The above description is only a preferred embodiment of the present invention and is not intended to limit the present invention. Any modifications, equivalent substitutions and improvements made within the spirit and principles of the present invention should be included in the protection scope of the present invention.

Claims (6)

1.一种充换电系统国产密码化数字认证保护方法,其特征在于,包括以下步骤:1. A domestic encrypted digital authentication protection method for a charging and swapping system, characterized by comprising the following steps: 用户通过终端设备进行数字认证,认证通过后进入系统进行内容请求,根据内容请求生成配置信息;The user performs digital authentication through the terminal device, enters the system to make content requests after passing the authentication, and generates configuration information based on the content requests; 对内容请求和配置信息进行哈希运算和数字签名,加密后传输至服务器,服务器接收后进行解密、验证;Perform hash operations and digital signatures on content requests and configuration information, encrypt them and transmit them to the server, which then decrypts and verifies them. 服务器响应内容请求并执行处理,将响应结果进行哈希运算和数字签名,加密后传输至用户的终端设备进行解密、验证。The server responds to the content request and performs processing, hashing and digitally signing the response, encrypting it and transmitting it to the user's terminal device for decryption and verification. 2.如权利要求1所述的一种充换电系统国产密码化数字认证保护方法,其特征在于,还包括:获取用户的注册/登录请求并进行身份验证,确定用户的身份信息是否具备唯一性。2. A domestic encrypted digital authentication protection method for a charging and swapping system as described in claim 1, characterized in that it also includes: obtaining a user's registration/login request and performing identity verification to determine whether the user's identity information is unique. 3.如权利要求2所述的一种充换电系统国产密码化数字认证保护方法,其特征在于,还包括:配置用户的身份信息和数字证书,对数字证书进行认证和数字签名,并对数字签名进行验签。3. A domestic encrypted digital authentication protection method for a charging and swapping system as described in claim 2, characterized in that it also includes: configuring the user's identity information and digital certificate, authenticating and digitally signing the digital certificate, and verifying the digital signature. 4.如权利要求2所述的一种充换电系统国产密码化数字认证保护方法,其特征在于,还包括:在验证数字证书后,进一步验证数字证书的有效期、颁发机构等信息。4. A domestic encrypted digital authentication protection method for a charging and swapping system as described in claim 2, characterized in that it also includes: after verifying the digital certificate, further verifying the validity period, issuing authority and other information of the digital certificate. 5.如权利要求3所述的一种充换电系统国产密码化数字认证保护方法,其特征在于,还包括:根据终端设备的识别结果,对用户的身份信息和数字证书配置缓存区和擦除规则。5. A domestic encrypted digital authentication protection method for a charging and swapping system as described in claim 3, characterized in that it also includes: configuring a cache area and erasure rules for the user's identity information and digital certificate based on the identification result of the terminal device. 6.如权利要求3所述的一种充换电系统国产密码化数字认证保护方法,其特征在于,还包括:将部分或全部的身份信息、数字证书和控制逻辑部署在充换电设备终端,通过充换电设备终端进行本地化认证与控制。6. A domestic encrypted digital authentication protection method for a charging and swapping system as described in claim 3 is characterized in that it also includes: deploying part or all of the identity information, digital certificates and control logic in the charging and swapping equipment terminal, and performing localized authentication and control through the charging and swapping equipment terminal.
CN202410380200.8A 2024-03-30 2024-03-30 A domestic encrypted digital authentication protection method for charging and swapping systems Pending CN118250061A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202410380200.8A CN118250061A (en) 2024-03-30 2024-03-30 A domestic encrypted digital authentication protection method for charging and swapping systems

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202410380200.8A CN118250061A (en) 2024-03-30 2024-03-30 A domestic encrypted digital authentication protection method for charging and swapping systems

Publications (1)

Publication Number Publication Date
CN118250061A true CN118250061A (en) 2024-06-25

Family

ID=91563668

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202410380200.8A Pending CN118250061A (en) 2024-03-30 2024-03-30 A domestic encrypted digital authentication protection method for charging and swapping systems

Country Status (1)

Country Link
CN (1) CN118250061A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN119963306A (en) * 2025-01-07 2025-05-09 交通银行股份有限公司北京市分行 Method and device for processing return data

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111107071A (en) * 2019-12-10 2020-05-05 重庆邮电大学 Electric vehicle charging service method capable of protecting privacy
US20230038949A1 (en) * 2019-12-03 2023-02-09 Keisuke Kido Electronic signature system and tamper-resistant device

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20230038949A1 (en) * 2019-12-03 2023-02-09 Keisuke Kido Electronic signature system and tamper-resistant device
CN111107071A (en) * 2019-12-10 2020-05-05 重庆邮电大学 Electric vehicle charging service method capable of protecting privacy

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN119963306A (en) * 2025-01-07 2025-05-09 交通银行股份有限公司北京市分行 Method and device for processing return data

Similar Documents

Publication Publication Date Title
TWI667585B (en) Method and device for safety authentication based on biological characteristics
US8132722B2 (en) System and method for binding a smartcard and a smartcard reader
US8112787B2 (en) System and method for securing a credential via user and server verification
CN101350723B (en) USB Key equipment and method for implementing verification thereof
EP2481230B1 (en) Authentication method, payment authorisation method and corresponding electronic equipments
US20090187980A1 (en) Method of authenticating, authorizing, encrypting and decrypting via mobile service
TWM623435U (en) System for verifying client identity and transaction services using multiple security levels
WO2015161699A1 (en) Secure data interaction method and system
CN107733636B (en) Authentication method and authentication system
CN112232814A (en) Encryption and decryption method of payment key, payment authentication method and terminal equipment
TWI591553B (en) Systems and methods for mobile devices to trade financial documents
WO2014141263A1 (en) Asymmetric otp authentication system
KR100939725B1 (en) Mobile terminal authentication method
CN106936588A (en) A kind of trustship method, the apparatus and system of hardware controls lock
CN111181960A (en) A secure credit and signature system based on terminal equipment blockchain application
US20070074027A1 (en) Methods of verifying, signing, encrypting, and decrypting data and file
KR20100071679A (en) System and method for identification with i-pin and electric wallet
CN118250061A (en) A domestic encrypted digital authentication protection method for charging and swapping systems
KR101868564B1 (en) Apparatus for authenticating user in association with user-identification-registration and local-authentication and method for using the same
CN115987598A (en) WebAuthn protocol-based national cryptographic algorithm identity authentication system, method and device
WO2023022584A1 (en) System and method for decentralising digital identification
CN1997954A (en) Securing of electronic transactions
TWI828001B (en) System for using multiple security levels to verify customer identity and transaction services and method thereof
CN119067650A (en) Offline payment method, system, device and storage medium
CN118646557A (en) A collection access and access control method and device based on industrial data

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20240625