Search

CN-122001568-A - Layering system for vehicle network interaction service scene and data sharing method thereof

CN122001568ACN 122001568 ACN122001568 ACN 122001568ACN-122001568-A

Abstract

The invention provides a layering system for a vehicle network interaction service scene and a data sharing method thereof, wherein a charging pile in the layering system distributes ciphertext data of plaintext data to other charging piles, collects ciphertext shares sent by the other charging piles to obtain collected ciphertext, packages the collected ciphertext into charging pile messages and uploads the charging pile messages to corresponding charging platforms, the charging platforms reconstruct and aggregate the collected ciphertext in at least one charging pile message to obtain aggregate ciphertext, packages the aggregate ciphertext into charging platform messages and uploads the charging platform messages to an aggregation platform, the aggregation platform generates a decryption key based on an authorization key of the collected at least one charging platform, decrypts the aggregate ciphertext in the received at least one charging platform message by using the decryption key to obtain the aggregate ciphertext of plaintext, the risk of data leakage is avoided, and the requirement of privacy protection of a user side and minimum visibility of power grid interaction scene information can not be obtained in the aggregation process.

Inventors

  • LI PEIJUN
  • Yin Mingkai
  • WANG WEN
  • YANG YE
  • WU FAN
  • ZHANG NAN
  • XU JIAN
  • LIU YITONG
  • LI ZHICHENG
  • LI JINSONG

Assignees

  • 国网智慧车联网技术有限公司
  • 国网信息通信产业集团有限公司
  • 国家工业信息安全发展研究中心
  • 东北大学
  • 国网电动汽车服务湖北有限公司

Dates

Publication Date
20260508
Application Date
20251219

Claims (20)

  1. 1. The layering system for the vehicle network interaction service scene is characterized by comprising a three-party entity consisting of a plurality of charging piles, a plurality of charging platforms and an aggregation platform; Each charging pile is used for encrypting plaintext data of the charging pile based on a random number and an encryption key negotiated by a three-party entity to obtain ciphertext data, distributing the ciphertext data to other charging piles, and summarizing ciphertext shares sent by other charging piles to obtain summarized ciphertext; each charging platform is used for reconstructing and aggregating the summarized ciphertext in the received at least one charging pile message to obtain an aggregate ciphertext; the aggregation platform is used for generating a decryption key based on the collected authorization key of the at least one charging platform, and decrypting the aggregation ciphertext in the received at least one charging platform message by utilizing the decryption key to obtain the aggregation data of the plaintext.
  2. 2. The system of claim 1, wherein the charging pile is specifically configured to encrypt plaintext data by using an elliptic curve cryptosystem ECC-ElGamal homomorphic encryption algorithm based on a random number and an encryption key negotiated by a three-party entity to obtain ciphertext data; the ciphertext data satisfies the following formula: Wherein, the Ciphertext data for the ith charging stake, In order to be a temporary public key, In order to mask the ciphertext, The random number of the ith charging pile, P is the base point of the elliptic curve, The plain text data for the ith charging peg, Encryption keys negotiated for the three-party entity.
  3. 3. The system of claim 1, wherein the charging stake is specifically configured to split the ciphertext data into a number of sub-ciphertexts equal to the number of the plurality of charging stake based on a Shamir threshold secret sharing mechanism, generate ciphertext shares of each of the sub-ciphertexts, and distribute the ciphertext shares of each of the sub-ciphertexts to corresponding other charging stake.
  4. 4. The system of claim 1, wherein the charging stake is specifically configured to calculate a summary for the summary ciphertext, generate a summary ciphertext signature using a local charging stake private key based on the summary, package the reporting ciphertext, the summary ciphertext signature, a self charging stake identification, and a terminal certificate into a charging stake message; The charging platform is specifically configured to verify a summarized ciphertext signature according to a report ciphertext, a charging pile identifier and a terminal certificate in the charging pile message based on each received charging pile message, and verify a three-party entity certificate chain according to the terminal certificate; the method comprises the steps of carrying out reconstruction aggregation on an summarized ciphertext in a charging pile message which is successful in summarized ciphertext signature verification and certificate chain verification to obtain an aggregated ciphertext, utilizing a local charging platform private key to generate an aggregated ciphertext signature of the aggregated ciphertext, and packaging the aggregated ciphertext, the aggregated ciphertext signature, a charging platform identifier of the self and a medium-level certificate into a charging platform message; The aggregation platform is specifically configured to verify an aggregation ciphertext signature according to an aggregation ciphertext in the charging platform message, a charging platform identifier and a middle certificate based on each received charging platform message, and verify a three-party entity certificate chain according to the middle certificate, and decrypt the aggregation ciphertext in the charging platform message for which the aggregation ciphertext signature verification and the certificate chain verification are successful by using the decryption key to obtain aggregation data of plaintext.
  5. 5. The system of claim 1 or 4, wherein the charging platform is specifically configured to reconstruct and aggregate at least one summarized ciphertext through a lagrangian interpolation formula to obtain an aggregated ciphertext; The aggregation platform is specifically configured to reconstruct at least one authorization key through a lagrangian interpolation formula to obtain a decryption key when the number of the received authorization keys reaches a set threshold value in a Shamir threshold secret sharing mechanism, and decrypt at least one aggregation ciphertext by using the decryption key and combining a solution theory of discrete logarithms on an elliptic curve to obtain aggregation data of a plaintext.
  6. 6. The system of claim 1, wherein the aggregation platform is further configured to select a random number as an aggregation platform private key, calculate an aggregation platform public key based on the aggregation platform private key, perform self-signing on the aggregation platform public key and the aggregation platform identification to generate a root certificate; The charging platform is also used for selecting a random number as a charging platform private key, calculating a charging platform public key based on the charging platform private key, carrying the charging platform public key and a charging platform identifier in a medium-level certificate issuing request, sending the charging platform public key and the charging platform identifier to the aggregation platform, and receiving a medium-level certificate issued by the aggregation platform; The charging pile is further used for selecting a random number as a charging pile private key, calculating a charging pile public key based on the charging pile private key, carrying the charging pile public key and a charging pile identifier in a terminal certificate issuing request, sending the terminal certificate to the charging platform, receiving a terminal certificate issued by the charging platform, and forming a three-party entity certificate chain.
  7. 7. The system of claim 1, wherein the encryption key is computationally generated by a three-party entity via a specific negotiation mechanism based on a respective public key.
  8. 8. The system of claim 1, wherein the charging platform is further configured to split a private key of the charging platform into private key shares of the same number as the entities, distribute the private key shares to other entities, and aggregate the private key shares sent by the other entities to obtain the authorization key.
  9. 9. A method for sharing data based on the hierarchical system for a vehicle network interactive service scene according to any one of claims 1 to 8, comprising: Receiving at least one charging pile message; Performing ciphertext signature verification and certificate chain verification on each charging pile message; reconstructing and aggregating the summarized ciphertext in the charging pile message with successful summarized ciphertext signature verification and certificate chain verification to obtain an aggregated ciphertext; and packaging the aggregation ciphertext into a charging platform message, and reporting the charging platform message to an aggregation platform.
  10. 10. The method of claim 9, wherein said cryptographically signing and certificate chain verifying each of said charging pile messages comprises: Based on each charging pile message, verifying the summarized ciphertext signature according to the reporting ciphertext in the charging pile message, the charging pile identifier and the terminal certificate, and verifying the three-party entity certificate chain according to the terminal certificate.
  11. 11. The method of claim 9, wherein said packaging the aggregate ciphertext into a charging dock message comprises: Generating an aggregation ciphertext signature of the aggregation ciphertext by using a local charging platform private key; And packaging the aggregation ciphertext, the aggregation ciphertext signature, the self charging platform identifier and the intermediate certificate into a charging platform message.
  12. 12. The method of any one of claims 9-11, wherein reconstructing and aggregating the summary ciphertext in the charging pile message for which both the summary ciphertext signature verification and the certificate chain verification are successful to obtain an aggregate ciphertext, comprises: and reconstructing and aggregating the summarized ciphertext in the charging pile message which is successfully verified by the summarized ciphertext signature verification and the certificate chain verification through a Lagrange interpolation formula to obtain an aggregated ciphertext.
  13. 13. The method of claim 9, wherein prior to receiving the at least one charging pile message, further comprising: Selecting a random number as a charging platform private key, and calculating a charging platform public key based on the charging platform private key; the charging platform public key and the charging platform identifier of the charging platform public key are carried in a medium-level certificate issuing request and sent to the aggregation platform, and the medium-level certificate issued by the aggregation platform is received; and issuing the terminal certificate for the charging pile based on the charging pile public key and the charging pile identifier in the received terminal certificate issuing request.
  14. 14. The method of claim 9, wherein prior to receiving the at least one charging pile message, further comprising: Splitting the private key of the charging platform into private key shares with the same number as the entities, distributing the private key shares to other entities, and summarizing the private key shares sent by other entities to obtain the authorized key.
  15. 15. A method for sharing data based on the hierarchical system for a vehicle network interactive service scene according to any one of claims 1 to 8, comprising: Encrypting self plaintext data based on the random number and an encryption key negotiated by the three-party entity to obtain ciphertext data; distributing the ciphertext data to other charging piles, and summarizing ciphertext shares sent by other charging piles to obtain summarized ciphertext; and packaging the summarized ciphertext into a charging pile message, and uploading the charging pile message to a corresponding charging platform.
  16. 16. The method of claim 15, wherein encrypting the plaintext data based on the random number and the encryption key negotiated by the three-party entity to obtain ciphertext data comprises: Based on the random number and the encryption key negotiated by the three-party entity, encrypting self plaintext data by adopting an elliptic curve cryptosystem ECC-ElGamal homomorphic encryption algorithm to obtain ciphertext data; the ciphertext data satisfies the following formula: Wherein, the Ciphertext data for the ith charging stake, In order to be a temporary public key, In order to mask the ciphertext, The random number of the ith charging pile, P is the base point of the elliptic curve, The plain text data for the ith charging peg, Encryption keys negotiated for the three-party entity.
  17. 17. The method of claim 15, wherein the distributing the ciphertext data to other charging posts comprises: based on a Shamir threshold secret sharing mechanism, splitting the ciphertext data into sub ciphertexts the same as the charging piles in number, and generating ciphertext shares of each sub ciphertext; and distributing the ciphertext share of each sub ciphertext to corresponding other charging piles.
  18. 18. The method of claim 15, wherein said packaging the summary ciphertext into a charging stake message comprises: calculating an abstract of the summarized ciphertext; Based on the abstract, generating an summarized ciphertext signature by using a local charging pile private key; and packaging the reporting ciphertext, the summarized ciphertext signature, the charging pile identification of the self and the terminal certificate into a charging pile message.
  19. 19. The method according to any one of claims 15-18, wherein the encrypting the plaintext data based on the random number and the encryption key negotiated by the three-party entity further comprises, before obtaining the ciphertext data: Selecting a random number as a charging pile private key, and calculating a charging pile public key based on the charging pile private key; and sending the charging pile public key and the charging pile identifier to the charging platform in a terminal certificate issuing request, and receiving the terminal certificate issued by the charging platform.
  20. 20. The method of claim 15, wherein the encryption key is computationally generated by a three-party entity via a specific negotiation mechanism based on a respective public key.

Description

Layering system for vehicle network interaction service scene and data sharing method thereof Technical Field The invention relates to the technical field of data security and privacy protection, in particular to a layering system for a vehicle network interaction service scene and a data sharing method thereof. Background With the deep advancement of the construction of a novel electric power system, vehicle-to-Grid interaction (V2G) is becoming a key technical path for supporting the cooperative operation of an electric Vehicle and a power Grid as an important mode of bidirectional flow of energy and information. In the mode, a large number of dispersed flexible load resources of the electric automobile can support business applications such as load prediction, dispatching optimization, auxiliary service response, market settlement and the like only by gathering main bodies such as charging piles, charging platforms, load aggregation platforms/virtual power plants and the like. In order to support the service functions, the data flow among multiple sources, multiple stages and multiple platforms becomes the basis for safe and efficient operation of a vehicle-network interaction system. However, as the V2G scale expands, the body and hierarchy involved in data flow increases significantly, and the cross-platform and cross-hierarchy data sharing requirements become increasingly complex, so that the problems of reliability of data transmission, privacy of the sharing process, security of cross-platform data processing and the like are more and more prominent: In a multistage data flow system of vehicle-network interaction, a charging pile is used as bottom equipment closest to a user side, and the collected original data generally comprises highly sensitive information such as charging time, electric quantity, electricity price period, vehicle behavior characteristics, equipment state and the like. However, in the prior art system, a data aggregation mechanism is generally adopted to realize privacy protection, but the original data still needs to be decrypted before aggregation calculation, so that the original data is exposed in a plaintext form in an intermediate link, the risk of data leakage is increased, the bottom layer original information is inevitably mastered by nodes at all levels in the aggregation process, and the requirements of privacy protection at a user side and minimum visibility of information in a power grid interaction scene are difficult to meet. Disclosure of Invention In order to overcome the defects, the invention provides a layering system for a vehicle network interaction service scene, which comprises a three-party entity consisting of a plurality of charging piles, a plurality of charging platforms and an aggregation platform; Each charging pile is used for encrypting plaintext data of the charging pile based on a random number and an encryption key negotiated by a three-party entity to obtain ciphertext data, distributing the ciphertext data to other charging piles, and summarizing ciphertext shares sent by other charging piles to obtain summarized ciphertext; each charging platform is used for reconstructing and aggregating the summarized ciphertext in the received at least one charging pile message to obtain an aggregate ciphertext; the aggregation platform is used for generating a decryption key based on the collected authorization key of the at least one charging platform, and decrypting the aggregation ciphertext in the received at least one charging platform message by utilizing the decryption key to obtain the aggregation data of the plaintext. On the other hand, the invention also provides a data sharing method of the hierarchical system facing the vehicle network interaction service scene based on the above aspect, which comprises the steps of receiving at least one charging pile message, carrying out ciphertext signature verification and certificate chain verification on each charging pile message, carrying out reconstruction and aggregation on summarized ciphertext in the charging pile message with successful summarized ciphertext signature verification and certificate chain verification to obtain an aggregation ciphertext, packaging the aggregation ciphertext into a charging platform message, and reporting the charging platform message to an aggregation platform. On the other hand, the invention also provides a data sharing method of the layering system facing the vehicle network interactive service scene based on the aspect, which comprises the steps of encrypting plaintext data of the layering system based on random numbers and encryption keys negotiated by three-party entities to obtain ciphertext data, distributing the ciphertext data to other charging piles, summarizing ciphertext shares sent by the other charging piles to obtain summarized ciphertext, packaging the summarized ciphertext into charging pile information, and uploading the charging pile informati