[go: up one dir, main page]

CN107104969B - Method for protecting personal privacy information in express by applying dynamic encryption mechanism - Google Patents

Method for protecting personal privacy information in express by applying dynamic encryption mechanism Download PDF

Info

Publication number
CN107104969B
CN107104969B CN201710287976.5A CN201710287976A CN107104969B CN 107104969 B CN107104969 B CN 107104969B CN 201710287976 A CN201710287976 A CN 201710287976A CN 107104969 B CN107104969 B CN 107104969B
Authority
CN
China
Prior art keywords
key
express
encryption algorithm
server
type
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201710287976.5A
Other languages
Chinese (zh)
Other versions
CN107104969A (en
Inventor
高嘉伟
郭丽峰
杜响成
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanxi University
Original Assignee
Shanxi University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanxi University filed Critical Shanxi University
Priority to CN201710287976.5A priority Critical patent/CN107104969B/en
Publication of CN107104969A publication Critical patent/CN107104969A/en
Application granted granted Critical
Publication of CN107104969B publication Critical patent/CN107104969B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/08Logistics, e.g. warehousing, loading or distribution; Inventory or stock management
    • G06Q10/083Shipping
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/045Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/062Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Health & Medical Sciences (AREA)
  • Physics & Mathematics (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Economics (AREA)
  • General Physics & Mathematics (AREA)
  • Quality & Reliability (AREA)
  • Marketing (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Entrepreneurship & Innovation (AREA)
  • Operations Research (AREA)
  • Development Economics (AREA)
  • Tourism & Hospitality (AREA)
  • Human Resources & Organizations (AREA)
  • Medical Informatics (AREA)
  • Databases & Information Systems (AREA)
  • Software Systems (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Storage Device Security (AREA)

Abstract

The invention provides a method for protecting personal privacy information in express by using a dynamic encryption mechanism, belongs to the field of information security, and aims to solve the problems of low security, high information leakage risk and the like in the conventional mode. The method comprises the following steps: a public terminal or a user terminal of an express initiating station acquires personal privacy information and address information of express and sends the information to a server; the method comprises the steps that a server receives personal privacy information and address information, determines an express destination and selects an algorithm number to determine a target encryption algorithm, obtains a first type of key of the express destination and a second type of key of the target encryption algorithm, encrypts the number of the target encryption algorithm by using a public key PK1 in the first type of key, and encrypts the personal privacy information by using a public key PK2 and/or a key K in the second type of key; the public terminal or the user terminal generates and prints the express bill; each express station transports the express according to the address information; and after the express delivery terminal is reached, the courier uses the handheld device to scan the two-dimensional code, and obtains the personal privacy information according to the scanning result.

Description

运用动态加密机制保护快递中的个人隐私信息的方法A method of using dynamic encryption mechanism to protect personal privacy information in express delivery

技术领域technical field

本发明涉及物流信息安全技术领域,尤其涉及一种运用动态加密机制保护快递中的个人隐私信息的方法。The invention relates to the technical field of logistics information security, in particular to a method for protecting personal privacy information in express delivery by using a dynamic encryption mechanism.

背景技术Background technique

随着互联网和物流业的迅猛发展,快递作为一种重要的物品传递方式,已成为人们生活的重要组成部分。据国家邮政局统计,2016年全国快递业务量超过300亿件,同比增加53%,业务收入累计完成超过3900亿元,同比增加39%。物流行业的产业规模和市场前景还有进一步提升的空间。但是,随着快递行业的迅速发展,用户的个人隐私信息安全问题也引起人们越来越多的重视。近年来,用户姓名、电话号码和地址信息等个人隐私信息通过一些快递企业废弃的快递面单予以泄露的新闻报道层出不穷,这给个人的隐私信息安全蒙上了一层阴影。在数字化和网络化的时代,客户信息的泄露,不仅会使个人隐私权受到侵害,还可能使个人的正常生活受到干扰,诸如会使用户收到大量垃圾短信、商业广告等的频繁骚扰,甚至会使个人的财产和人身安全也会受到威胁。因此,快递业务中的信息暴露已使消费者“私人化”信息面临“公共化”的危机。邮寄快递是否可以让消费者重新找回安全感,如何保护消费者快递中的个人隐私信息的安全也引起了产业界和学术界的广泛关注。With the rapid development of the Internet and the logistics industry, express delivery, as an important way of delivering goods, has become an important part of people's lives. According to statistics from the State Post Bureau, in 2016, the national express delivery business volume exceeded 30 billion, a year-on-year increase of 53%, and the accumulated business income exceeded 390 billion yuan, a year-on-year increase of 39%. There is still room for further improvement in the industrial scale and market prospects of the logistics industry. However, with the rapid development of the express delivery industry, the security of users' personal privacy information has also attracted more and more attention. In recent years, there have been numerous news reports that personal privacy information such as user names, phone numbers and address information has been leaked through the discarded express delivery receipts of some express delivery companies, which casts a shadow over the security of personal privacy information. In the era of digitalization and networking, the leakage of customer information will not only infringe on personal privacy, but also interfere with the normal life of individuals, such as frequent harassment of users receiving a large number of spam text messages, commercial advertisements, etc., and even Personal property and personal safety will also be threatened. Therefore, the exposure of information in the express delivery business has made consumers' "private" information face the crisis of "publicization". Whether postal express can make consumers regain a sense of security, and how to protect the safety of personal privacy information in consumer express delivery has also attracted widespread attention from the industry and academia.

近年来,出现了一些保护快递中个人隐私信息的专利和方法,这些专利和方法中,有的将寄件人与收件人的所有信息(包括地址信息、快递单号)利用固定算法进行加密;有的将快递面单分为加密与非加密的两份,加密的快递面单粘贴至包裹表面由物流企业进行运输,非加密快递面单交由寄件人,以作为寄送快递凭证并可随时查询物流信息;有的需要人工在特定的手持设备中输入寄件人与收件人的信息,方才能够对信息进行加密;有的虽然对寄件人与收件人的信息进行加密,但是在快递物流配送过程中,只要该物流企业中持有手持设备的从业人员,不论是否由其进行派送,都能扫码破解信息,从而造成信息泄露的隐患和风险。In recent years, there have been some patents and methods for protecting personal privacy information in express delivery. Some of these patents and methods encrypt all the information of the sender and recipient (including address information and express tracking number) using a fixed algorithm. ; Some divide the express receipt into encrypted and non-encrypted two copies. The encrypted express receipt is pasted to the surface of the package and transported by the logistics company, and the non-encrypted express receipt is handed over to the sender as a certificate for sending express delivery. Logistics information can be inquired at any time; some need to manually enter the information of the sender and the recipient in a specific handheld device before the information can be encrypted; while some encrypt the information of the sender and the recipient, However, in the process of express logistics and distribution, as long as the employees in the logistics enterprise hold handheld devices, regardless of whether they are dispatched by them, they can scan the code to crack the information, thus causing hidden dangers and risks of information leakage.

通过比较可以发现,以上专利和方法会大幅度地增加物流配送的成本和配送时间。例如,将收件人与寄件人的地址信息都予以加密,在快递中转运输时,快递运输员必须通过扫码以获取地址信息,从而会增加快递配送时间,加大相关从业者的劳动强度。若将快递面单分为加密与非加密两份,将额外增加面单成本,此外寄件人可能将未进行加密的快递面单丢弃,同样会给快递信息安全增加不确定因素。若将需要加密的信息通过手动进行录入,同样会大量的耗费时间与成本,在互联网时代,这种方法在适用的场景上也有着一定的局限性。另外,现有的方法在对个人隐私信息进行加密时,通常采用的是固定的加密算法,适用范围较为单一。综上,目前的保护快递中的个人隐私信息的方法存在着会大幅度地增加物流配送的成本和配送时间、会加大快递从业者的劳动强度、保护个人隐私信息的方式因使用固定加密算法而安全性不高以及任何快递员均可以通过手持设备扫码破解信息容易造成信息泄露的风险等问题。By comparison, it can be found that the above patents and methods will greatly increase the cost and delivery time of logistics distribution. For example, the address information of the recipient and the sender is encrypted. When the express delivery is in transit, the express transporter must scan the code to obtain the address information, which will increase the express delivery time and increase the labor intensity of the relevant practitioners. . If the express receipt is divided into encrypted and non-encrypted, it will increase the cost of the express. In addition, the sender may discard the unencrypted express receipt, which will also increase the uncertainty of express information security. If the information that needs to be encrypted is manually entered, it will also consume a lot of time and cost. In the Internet era, this method also has certain limitations in applicable scenarios. In addition, the existing methods usually use a fixed encryption algorithm when encrypting personal privacy information, and the scope of application is relatively single. To sum up, the current methods of protecting personal privacy information in express delivery will greatly increase the cost and delivery time of logistics distribution, increase the labor intensity of express delivery practitioners, and protect personal privacy information due to the use of fixed encryption algorithms. However, the security is not high, and any courier can scan the code with a handheld device to crack the information, which may easily lead to the risk of information leakage.

发明内容SUMMARY OF THE INVENTION

为了解决目前的保护快递中的个人隐私信息的方法中存在的会大幅度地增加物流配送的成本和配送时间、会加大快递从业者的劳动强度、保护个人隐私信息的方式因使用固定加密算法而安全性不高、以及任何快递员均可以通过手持设备扫码破解信息容易造成信息泄露的风险等技术问题,本发明提供一种运用动态加密机制保护快递中的个人隐私信息的方法。In order to solve the problems existing in the current method of protecting personal privacy information in express delivery, the cost and delivery time of logistics distribution will be greatly increased, and the labor intensity of express delivery practitioners will be increased. The way of protecting personal privacy information is due to the use of fixed encryption algorithms. However, the security is not high, and any courier can scan the code with a handheld device to decipher the information, which may easily cause the risk of information leakage. The present invention provides a method for protecting personal privacy information in express delivery by using a dynamic encryption mechanism.

本发明的技术方案是:The technical scheme of the present invention is:

一种运用动态加密机制保护快递中的个人隐私信息的方法,其包括如下步骤:A method for protecting personal privacy information in express delivery using a dynamic encryption mechanism, comprising the following steps:

步骤1,快递起始站的公共终端或用户终端获取待寄出快递的寄件人和收件人的个人隐私信息及地址信息,并将个人隐私信息及地址信息发送至物流企业的服务器;Step 1, the public terminal or user terminal of the express delivery station obtains the personal privacy information and address information of the sender and recipient of the express delivery to be sent, and sends the personal privacy information and address information to the server of the logistics enterprise;

步骤2,服务器接收个人隐私信息及地址信息,并根据预设单号生成规则生成待寄出快递的快递单号,记录快递单号的生成时间,确定待寄出快递所要到达的快递终点站;Step 2, the server receives the personal privacy information and address information, and generates the express delivery number to be sent out according to the preset tracking number generation rule, records the generation time of the express delivery number, and determines the express delivery terminal to which the express delivery to be sent out;

步骤3,服务器根据快递单号的后两位数字、待寄出快递的地址信息的起始省份和终点省份的编号和快递单号的生成时间中的日期的数字,计算这些数字的数字和sum;服务器使用数字和sum对加密算法库中的算法总数求余,得到余数n,并将余数n确定为目标加密算法的编号,将该编号所对应的加密算法确定为目标加密算法;所述生成时间中的日期的数字为:年份取后两位数、月份和日取两位数;Step 3, the server calculates the number and sum of these numbers according to the last two digits of the courier number, the numbers of the starting province and destination province of the address information to be sent out, and the number of the date in the generation time of the courier number. ; The server uses numbers and sum to calculate the remainder of the total number of algorithms in the encryption algorithm library, obtains the remainder n, and determines the remainder n as the number of the target encryption algorithm, and the encryption algorithm corresponding to the number is determined as the target encryption algorithm; The generation The number of the date in the time is: the last two digits of the year, the two digits of the month and day;

步骤4,服务器根据待寄出快递所要到达的快递终点站获取快递终点站的第一类密钥中的私钥SK1和公钥PK1,并获取目标加密算法的第二类密钥中的私钥SK2、公钥PK2和/或密钥K;Step 4: The server obtains the private key SK1 and the public key PK1 in the first type key of the express terminal according to the express terminal to which the express to be sent will arrive, and obtains the private key in the second type key of the target encryption algorithm. SK2, public key PK2 and/or key K;

步骤5,服务器使用快递终点站的第一类密钥中的公钥PK1对目标加密算法的编号进行加密,使用目标加密算法的第二类密钥中的公钥PK2和/或密钥K对个人隐私信息进行加密;Step 5, the server encrypts the number of the target encryption algorithm using the public key PK1 in the first type key of the express terminal, and uses the public key PK2 and/or key K pair in the second type key of the target encryption algorithm Encrypt personal privacy information;

步骤6,服务器按照快递面单中各个信息的排布顺序,将生成快递面单所需的各个信息发送至快递起始站的公共终端或用户终端,所述快递面单包括以明文显示的寄件人和收件人的地址信息、以明文显示的个人隐私信息中的一部分信息、以条码形式显示的快递单号和至少一个二维码,所述二维码包括快递单号、加密后的目标加密算法的编号和加密后的个人隐私信息;Step 6: The server sends the information required to generate the express delivery receipt to the public terminal or the user terminal of the express delivery starting station according to the arrangement order of the various information in the express delivery receipt. address information of the sender and recipient, a part of the personal privacy information displayed in plain text, the express tracking number displayed in the form of barcode and at least one QR code, the QR code includes the express tracking number, encrypted The number of the target encryption algorithm and the encrypted personal privacy information;

步骤7,快递起始站的公共终端或用户终端根据接收的生成快递面单所需的信息生成并打印快递面单后,物流企业的各个快递站根据快递面单上以明文显示的地址信息对快递进行运输;Step 7: After the public terminal or the user terminal of the express delivery starting station generates and prints the express delivery form according to the received information required for generating the express delivery form, each express station of the logistics enterprise matches the express delivery form with the address information displayed in plain text on the express delivery form. courier for transportation;

步骤8,当快递到达快递终点站后,快递终点站的派件员使用手持设备扫描所述二维码,并根据扫描结果获取个人隐私信息,使派件员根据个人隐私信息通知收件人领取快递。Step 8: When the express arrives at the express delivery terminal, the dispatcher at the express terminal scans the QR code with the handheld device, and obtains personal privacy information according to the scanning result, so that the dispatcher notifies the recipient to receive it according to the personal privacy information. express delivery.

优选地,所述个人隐私信息包括姓名和电话。Preferably, the personal privacy information includes name and phone number.

优选地,所述步骤3中,服务器为待寄出快递确定目标加密算法的方法还可为:服务器从预先存储的加密算法库中为待寄出快递随机选取一个编号,将该编号所对应的加密算法确定为目标加密算法。Preferably, in the step 3, the method for the server to determine the target encryption algorithm for the express to be sent may also be: the server randomly selects a number for the express to be sent from a pre-stored encryption algorithm library, and the number corresponding to the The encryption algorithm is determined as the target encryption algorithm.

优选地,所述步骤2中,服务器确定待寄出快递所要到达的快递终点站的方法为:Preferably, in the step 2, the method for the server to determine the express delivery terminal to be reached by the express delivery to be sent is:

服务器将用户在用户终端或快递起始站的公共终端中选择的终点站确定为待寄出快递所要达到的快递终点站;The server determines the terminal selected by the user in the user terminal or the public terminal of the express starting station as the express terminal to be reached by the express to be sent;

或,服务器根据待寄出快递的收件人的地址信息,选择离收件人的地址最近的快递站作为快递终点站。Or, the server selects the express station nearest to the address of the recipient as the express delivery terminal according to the address information of the recipient to be sent out.

优选地,所述步骤5中,服务器使用目标加密算法的第二类密钥中的公钥PK2和/或密钥K对个人隐私信息进行加密是指:Preferably, in the step 5, the server uses the public key PK2 and/or the key K in the second type of key of the target encryption algorithm to encrypt the personal privacy information means:

当服务器使用的目标加密算法为对称加密算法时,使用目标加密算法的第二类密钥中的密钥K对个人隐私信息进行加密;When the target encryption algorithm used by the server is a symmetric encryption algorithm, use the key K in the second type of key of the target encryption algorithm to encrypt personal privacy information;

当服务器使用的目标加密算法为非对称加密算法时,使用目标加密算法的第二类密钥中的公钥PK2对个人隐私信息进行加密;When the target encryption algorithm used by the server is an asymmetric encryption algorithm, use the public key PK2 in the second type of key of the target encryption algorithm to encrypt personal privacy information;

当服务器使用的目标加密算法为混合加密算法时,使用目标加密算法的第二类密钥中的公钥PK2对第二类密钥K进行加密,将加密后的密钥K存储于服务器或手持设备中,之后在对个人隐私信息进行加密时,服务器使用目标加密算法的第二类密钥中的私钥SK2对加密后的密钥K进行解密,使用解密后的密钥K对个人隐私信息进行加密。When the target encryption algorithm used by the server is a hybrid encryption algorithm, use the public key PK2 in the second type key of the target encryption algorithm to encrypt the second type key K, and store the encrypted key K in the server or handheld In the device, when encrypting personal privacy information, the server uses the private key SK2 in the second type of key of the target encryption algorithm to decrypt the encrypted key K, and uses the decrypted key K to decrypt the personal privacy information. to encrypt.

优选地,所述步骤6中的个人隐私信息中的一部分信息是指姓名中的姓氏和手机号中的前三位数字和后四位数字;或者,个人隐私信息中的一部分信息是指姓名中的姓氏、固定电话号码中的区号和除区号外的固定电话号码中的后四位。Preferably, a part of the personal privacy information in the step 6 refers to the surname in the name and the first three digits and the last four digits of the mobile phone number; or, a part of the personal privacy information refers to the name in the name surname, the area code in the landline number, and the last four digits of the landline number other than the area code.

优选地,所述步骤8中,手持设备根据扫描结果获取个人隐私信息时,包括如下三种方式:Preferably, in the step 8, when the handheld device obtains personal privacy information according to the scanning result, the following three methods are included:

第一种方式:手持设备扫描二维码后,获取本地预先存储的第一类密钥中的私钥SK1,并使用第一类密钥中的私钥SK1对目标加密算法的编号进行解密,然后,在本地预先存储的各个加密算法的第二类密钥中查询目标加密算法的编号对应的第二类密钥中的私钥SK2和/或密钥K,并使用查询到的第二类密钥中的私钥SK2和/或密钥K对个人隐私信息进行解密,得到个人隐私信息;其中,各种加密算法的第二类密钥为服务器预先生成并发送至手持设备中的,且每种加密算法的第二类密钥在服务器下次重新生成之前保持不变;The first method: After scanning the QR code with the handheld device, obtain the private key SK1 in the first type of key pre-stored locally, and use the private key SK1 in the first type of key to decrypt the number of the target encryption algorithm, Then, query the private key SK2 and/or the key K in the second type key corresponding to the number of the target encryption algorithm in the locally pre-stored second type key of each encryption algorithm, and use the queried second type key The private key SK2 and/or the key K in the key decrypt the personal privacy information to obtain the personal privacy information; wherein, the second type keys of various encryption algorithms are pre-generated by the server and sent to the handheld device, and The second type of key for each encryption algorithm remains unchanged until the next regeneration by the server;

第二种方式:手持设备扫描二维码得到快递单号,并获取本地预先存储的第一类密钥中的私钥SK1后,使用获取到的第一类密钥中的私钥SK1对目标加密算法的编号进行解密,得到目标加密算法的编号后,将快递单号及目标加密算法的编号发送至服务器,服务器查询到快递单号对应的目标加密算法的第二类密钥中的SK2和/或密钥K,并使用查询到的第二类密钥中的SK2和/或密钥K对个人隐私信息进行解密后,将个人隐私信息发送至手持设备;其中,目标加密算法的第二类密钥为服务器生成快递单号及确定目标加密算法后计算得到并存储于服务器本地的,且每份快递对应不同的第二类密钥;The second way: After the handheld device scans the QR code to obtain the courier number, and obtains the private key SK1 in the locally pre-stored first-class key, use the obtained private key SK1 in the first-class key to pair the target. The number of the encryption algorithm is decrypted, and after the number of the target encryption algorithm is obtained, the express order number and the number of the target encryption algorithm are sent to the server, and the server queries the SK2 and SK2 in the second type key of the target encryption algorithm corresponding to the express order number. / or key K, and decrypt the personal privacy information using SK2 and/or key K in the queried second type of keys, and then send the personal privacy information to the handheld device; wherein, the second key of the target encryption algorithm The class key is calculated after the server generates the express order number and determines the target encryption algorithm and is stored locally on the server, and each express corresponds to a different second class key;

第三种方式:手持设备扫描二维码得到快递单号,并获取本地预先存储的第一类密钥中的私钥SK1后,使用获取到的第一类密钥中的私钥SK1对目标加密算法的编号进行解密,得到目标加密算法的编号后,将快递单号及目标加密算法的编号发送至服务器,服务器查询到快递单号对应的目标加密算法的第二类密钥中的SK2和/或密钥K,并将查询到的第二类密钥中的SK2和/或密钥K发送至手持设备,手持设备接收服务器查询到的第二类密钥中的SK2和/或密钥K后,使用接收的第二类密钥中的SK2和/或密钥K对个人隐私信息进行解密,得到个人隐私信息;其中,目标加密算法的第二类密钥为服务器生成快递单号及确定目标加密算法后计算得到,并存储于服务器本地的,且每份快递对应不同的第二类密钥。The third way: After the handheld device scans the QR code to obtain the express tracking number, and obtains the private key SK1 in the locally pre-stored first-class key, use the obtained private key SK1 in the first-class key to pair the target The number of the encryption algorithm is decrypted, and after the number of the target encryption algorithm is obtained, the express order number and the number of the target encryption algorithm are sent to the server, and the server queries the SK2 and SK2 in the second type key of the target encryption algorithm corresponding to the express order number. /or key K, and send SK2 and/or key K in the second type of key queried to the handheld device, and the handheld device receives the SK2 and/or key in the second type of key queried by the server After K, use SK2 and/or key K in the received second type key to decrypt the personal privacy information to obtain the personal privacy information; wherein, the second type key of the target encryption algorithm is for the server to generate the express tracking number and After determining the target encryption algorithm, it is calculated and stored locally on the server, and each express corresponds to a different second type of key.

优选地,还包括:服务器定期更新加密算法选取规则、和/或加密算法库、和/或每个快递站的第一类密钥和每种加密算法的第二类密钥;所述加密算法库的更新包括对其中的加密算法的数量、种类或每种加密算法编号的更新。Preferably, it also includes: the server regularly updates the encryption algorithm selection rules, and/or the encryption algorithm library, and/or the first type key of each express station and the second type key of each encryption algorithm; the encryption algorithm The update of the library includes the update of the number, kind or number of each encryption algorithm in it.

本发明的有益效果为:The beneficial effects of the present invention are:

寄件人可以通过用户终端上的微信公众号、物流企业的APP等或者登录快递公司寄件系统直接填写信息下单,在打印快递面单交由揽件员后,揽件员根据快递面单上寄件人的地址信息上门取货、验货,之后将快递交由中转站进行运输,无需非要在特定手持设备上手动输入信息,操作简单。本发明在对个人隐私信息加密时,利用了快递终点站的第一类密钥,当快递到达快递终点站时,手持设备先利用第一类密钥获取目标加密算法的编号,这样若解密的操作者不是快递终点站的相关工作人员,则无法对个人隐私信息进行解密操作,从而减少了非相关人员获取到个人隐私信息的可能性,提高了个人隐私信息的安全性。本发明中粘贴至快递表面和留存于寄件人的快递面单是一致的,并不予以区分。因为寄件人只需知道快递单号就能查询相关物流信息,而该快递单号并未予以加密,这样可以有效节约成本,较好地适应现有的物流企业。对于每份快递,本发明的加密算法是从加密算法库中选择的,不同的快递使用不同的加密算法,或者即使不同快递可能使用了相同的加密算法,但其密钥可以不同,因此加密算法的不确定性加大了破解的难度和成本。本发明中的加密算法的动态选取规则可以根据寄件人与收件人的地址信息、快递单号等信息,结合快递公司自身的情况制定,进一步增加了不确定性,给信息的破解增加了难度。此外,动态加密算法库不局限于固定的加密算法,可以嵌套使用现有的加密算法或者未来新发明的加密算法及其改进算法。加密算法库可以进行不断地完善与扩展,使得整个加密体系更加灵活、安全。本发明快递单号依照目前物流企业自身体系的快递单号的生成方式,各中转快递点通过现有方式扫描条形码获取快递单号,将快递物流信息更新并上传至服务器,以供寄件人或收件人根据快递单号查询物流信息。本发明可以在不大幅度提高物流企业的成本和改变操作模式的前提下,有效地保护用户的个人隐私信息。因此,与背景技术相比,本发明具有不仅能够安全保护快递中的个人隐私信息,而且不会大幅度地增加物流配送的成本、配送时间及快递从业者的劳动强度,操作简单等优点。The sender can directly fill in the information and place an order through the WeChat public account on the user terminal, the APP of the logistics company, or log in to the delivery system of the express company. The address information of the sender can be picked up and inspected, and then the express is delivered to the transit station for transportation. There is no need to manually enter the information on a specific handheld device, and the operation is simple. When encrypting personal privacy information, the present invention utilizes the first type key of the express delivery terminal. When the express delivery arrives at the express delivery terminal, the handheld device first uses the first type key to obtain the number of the target encryption algorithm, so that if the decrypted If the operator is not a relevant staff member of the express terminal, he cannot decrypt the personal privacy information, thereby reducing the possibility of non-related personnel obtaining personal privacy information and improving the security of personal privacy information. In the present invention, the express delivery form pasted on the express delivery surface and the express delivery form kept on the sender are the same, and are not differentiated. Because the sender only needs to know the express tracking number to query relevant logistics information, and the express tracking number is not encrypted, which can effectively save costs and better adapt to existing logistics companies. For each courier, the encryption algorithm of the present invention is selected from the encryption algorithm library, different couriers use different encryption algorithms, or even if different couriers may use the same encryption algorithm, its key can be different, so the encryption algorithm The uncertainty increases the difficulty and cost of cracking. The dynamic selection rule of the encryption algorithm in the present invention can be formulated according to the address information of the sender and the recipient, the courier number and other information, combined with the situation of the courier company itself, which further increases the uncertainty and increases the cracking of the information. difficulty. In addition, the dynamic encryption algorithm library is not limited to fixed encryption algorithms, and existing encryption algorithms or newly invented encryption algorithms and their improved algorithms can be nested. The encryption algorithm library can be continuously improved and expanded, making the entire encryption system more flexible and secure. The express order number of the present invention is based on the way of generating the express order number in the current logistics enterprise's own system. Each transit express point scans the barcode to obtain the express order number through the existing method, and updates and uploads the express logistics information to the server for the sender or the sender. The recipient inquires the logistics information according to the express tracking number. The present invention can effectively protect the user's personal privacy information under the premise of not greatly increasing the cost of the logistics enterprise and changing the operation mode. Therefore, compared with the background art, the present invention not only can safely protect personal privacy information in express delivery, but also does not greatly increase the cost, delivery time and labor intensity of express delivery practitioners, and has the advantages of simple operation and the like.

附图说明Description of drawings

图1是本发明的流程图。Figure 1 is a flow chart of the present invention.

图2是本发明的一种快递面单的示意图。FIG. 2 is a schematic diagram of an express delivery bill of the present invention.

具体实施方式Detailed ways

为使本发明的目的、技术方案和优点更加清楚,下面结合附图对本发明实施方式作进一步地详细描述。In order to make the objectives, technical solutions and advantages of the present invention clearer, the embodiments of the present invention are further described in detail below with reference to the accompanying drawings.

如图1所示,本实施例中的运用动态加密机制保护快递中的个人隐私信息的方法,包括如下步骤:As shown in Figure 1, the method for protecting personal privacy information in express delivery using a dynamic encryption mechanism in this embodiment includes the following steps:

步骤1,快递起始站的公共终端或用户终端获取待寄出快递的寄件人和收件人的个人隐私信息及地址信息,并将个人隐私信息及地址信息发送至物流企业的服务器。Step 1: The public terminal or user terminal of the express delivery station obtains the personal privacy information and address information of the sender and recipient of the express delivery to be sent, and sends the personal privacy information and address information to the server of the logistics enterprise.

步骤2,服务器接收个人隐私信息及地址信息,并根据预设单号生成规则生成待寄出快递的快递单号,记录快递单号的生成时间,确定待寄出快递所要到达的快递终点站。Step 2: The server receives personal privacy information and address information, and generates the express delivery number to be sent out according to the preset tracking number generation rule, records the generation time of the express delivery number, and determines the express delivery destination to which the express delivery to be sent.

其中,预设单号生成规则可以参见已有的快递单号生成规则,本实施例对此不作详细阐述。For the preset tracking number generation rule, reference may be made to the existing express tracking number generation rule, which is not described in detail in this embodiment.

步骤3,服务器根据快递单号的后两位数字、待寄出快递的地址信息的起始省份和终点省份的编号和快递单号的生成时间中的日期的数字,计算这些数字的数字和sum;服务器使用数字和sum对加密算法库中的算法总数求余,得到余数n,并将余数n确定为目标加密算法的编号,将该编号所对应的加密算法确定为目标加密算法;所述生成时间中的日期的数字为:年份取后两位数、月份和日取两位数。Step 3, the server calculates the number and sum of these numbers according to the last two digits of the courier number, the numbers of the starting province and destination province of the address information to be sent out, and the number of the date in the generation time of the courier number. ; The server uses numbers and sum to calculate the remainder of the total number of algorithms in the encryption algorithm library, obtains the remainder n, and determines the remainder n as the number of the target encryption algorithm, and the encryption algorithm corresponding to the number is determined as the target encryption algorithm; The generation The digits of the date in the time are: year with last two digits, month and day with two digits.

其中,加密算法库中存储有加密算法与编号之间的对应关系。The encryption algorithm library stores the correspondence between encryption algorithms and numbers.

另外,该步骤中所述的选取编号的方式并不构成对本发明的限定,本发明也可以根据快递单号、待寄出快递的地址信息中的起始省份和终点省份的编号、快递单号的生成时间中的一种或至少两种的组合,采用其它方式来确定一个编号作为目标加密算法的编号。In addition, the method of selecting the number described in this step does not constitute a limitation to the present invention. The present invention can also be based on the express order number, the number of the starting province and the destination province in the address information of the express to be sent, and the express order number. One or a combination of at least two of the generation times, and other methods are used to determine a number as the number of the target encryption algorithm.

步骤4,服务器根据待寄出快递所要到达的快递终点站获取快递终点站的第一类密钥中的私钥SK1和公钥PK1,并获取目标加密算法的第二类密钥中的私钥SK2、公钥PK2和/或密钥K。Step 4: The server obtains the private key SK1 and the public key PK1 in the first type key of the express terminal according to the express terminal to which the express to be sent will arrive, and obtains the private key in the second type key of the target encryption algorithm. SK2, public key PK2 and/or key K.

其中,服务器会预先为各个快递站计算区别于其它快递站的第一类密钥。另外,服务器还会为加密算法计算第二类密钥。具体地,在计算加密算法的第二类密钥时,可以是服务器预先为各种加密算法均计算得到第二类密钥;也可以是服务器在步骤2中生成快递单号及在步骤3中确定目标加密算法后,计算该快递所采用的目标加密算法的第二类密钥。Wherein, the server will pre-calculate the first type key for each express station which is different from other express stations. In addition, the server calculates a second type of key for the encryption algorithm. Specifically, when calculating the second type key of the encryption algorithm, the server may calculate and obtain the second type key for various encryption algorithms in advance; After the target encryption algorithm is determined, the second type key of the target encryption algorithm adopted by the express is calculated.

关于服务器计算快递站的第一类密钥的方式通常采用非对称加密算法的密钥计算方法。服务器计算加密算法的第二类密钥时,第二类密钥的计算方法根据加密算法的类型不同而采用不同的密钥计算方法。例如,当加密算法为对称加密算法DES时,服务器使用DES的密钥计算方法计算该加密算法的第二类密钥。关于加密算法的密钥计算方法,可以参见已有的密钥计算方式,本发明对称不作详细阐述。Regarding the way that the server calculates the first type key of the express station, the key calculation method of the asymmetric encryption algorithm is usually adopted. When the server calculates the second type key of the encryption algorithm, the calculation method of the second type key adopts different key calculation methods according to different types of encryption algorithms. For example, when the encryption algorithm is the symmetric encryption algorithm DES, the server uses the key calculation method of DES to calculate the second type key of the encryption algorithm. Regarding the key calculation method of the encryption algorithm, reference may be made to the existing key calculation method, and the symmetry of the present invention will not be described in detail.

步骤5,服务器使用快递终点站的第一类密钥中的公钥PK1对目标加密算法的编号进行加密,使用目标加密算法的第二类密钥中的公钥PK2和/或密钥K对个人隐私信息进行加密。Step 5, the server encrypts the number of the target encryption algorithm using the public key PK1 in the first type key of the express terminal, and uses the public key PK2 and/or key K pair in the second type key of the target encryption algorithm Personal privacy information is encrypted.

步骤6,服务器按照快递面单中各个信息的排布顺序,将生成快递面单所需的各个信息发送至快递起始站的公共终端或用户终端,所述快递面单包括以明文显示的寄件人和收件人的地址信息、以明文显示的个人隐私信息中的一部分信息、以条码形式显示的快递单号和至少一个二维码,所述二维码包括快递单号、加密后的目标加密算法的编号和加密后的个人隐私信息。Step 6: The server sends the information required to generate the express delivery receipt to the public terminal or the user terminal of the express delivery starting station according to the arrangement order of the various information in the express delivery receipt. address information of the sender and recipient, a part of the personal privacy information displayed in plain text, the express tracking number displayed in the form of barcode and at least one QR code, the QR code includes the express tracking number, encrypted The number of the target encryption algorithm and the encrypted personal privacy information.

该步骤中,生成快递面单所需的各个信息包括快递单号,由快递单号形成的条形码,以明文显示的寄件人姓名中的一部分及以暗文显示的寄件人姓名中的一部分,寄件人的地址信息,以明文显示的寄件人电话中的一部分及以暗文显示的寄件人电话中的一部分,以明文显示的收件人的姓名中的一部分及以暗文显示的收件人姓名中的一部分,收件人的地址信息,以明文显示的收件人电话中的一部分及以暗文显示的收件人电话中的一部分,物品品名、重量、数量及附加信息等物品信息,保价金额、付费方式、费用总计等费用信息,至少一个二维码等。In this step, the various information required for generating the express receipt includes the express order number, the barcode formed by the express order number, a part of the sender's name displayed in plain text, and a part of the sender's name displayed in dark text , the sender's address information, part of the sender's phone in plaintext and part of the sender's phone in dark text, part of the recipient's name in clear text and part of the recipient's name in dark text part of the recipient's name, the recipient's address information, part of the recipient's phone number displayed in plaintext and part of the recipient's phone number displayed in dark text, item name, weight, quantity and additional information and other item information, cost information such as insured price, payment method, total cost, at least one QR code, etc.

进一步地,服务器在将这些信息发送至快递起始站的公共终端或用户终端时,可以按照上述排布顺序发送。当然,还可以其它排布顺序发送,本实施例对此不作具体限定。Further, when the server sends the information to the public terminal or the user terminal of the express originating station, the information may be sent according to the above arrangement sequence. Of course, other arrangements may also be used for sending, which is not specifically limited in this embodiment.

步骤7,快递起始站的公共终端或用户终端根据接收的生成快递面单所需的信息生成并打印快递面单后,物流企业的各个快递站根据快递面单上以明文显示的地址信息对快递进行运输。Step 7: After the public terminal or the user terminal of the express delivery starting station generates and prints the express delivery form according to the received information required for generating the express delivery form, each express station of the logistics enterprise matches the express delivery form with the address information displayed in plain text on the express delivery form. Express shipping.

其中,快递起始站的公共终端或用户终端接收上述信息后,按照接收顺序及预设的快递面单模板,将上述各种信息嵌入快递面单模板中的相应位置,得到快递面单。如图2所示,其为本实施例提供的一种快递面单的示意图。Wherein, after receiving the above information, the public terminal or user terminal of the express delivery starting station embeds the above various information into the corresponding positions in the express delivery form template according to the receiving order and the preset express delivery form template, and obtains the express delivery form. As shown in FIG. 2 , it is a schematic diagram of an express delivery receipt provided in this embodiment.

步骤8,当快递到达快递终点站后,快递终点站的派件员使用手持设备扫描所述二维码,并根据扫描结果获取个人隐私信息,使派件员根据个人隐私信息通知收件人领取快递。Step 8: When the express arrives at the express delivery terminal, the dispatcher at the express terminal scans the QR code with the handheld device, and obtains personal privacy information according to the scanning result, so that the dispatcher notifies the recipient to receive it according to the personal privacy information. express delivery.

其中,所述个人隐私信息包括姓名和电话。该电话包括手机号和固定电话号码。Wherein, the personal privacy information includes name and phone number. The phone number includes mobile and landline numbers.

可选地,所述步骤3中,服务器为待寄出快递确定目标加密算法的方法还可为:服务器从预先存储的加密算法库中为待寄出快递随机选取一个编号,将该编号对应的加密算法作为目标加密算法。当然,不同快递公司也可以根据自己的需要制定其它不同的加密算法选取规则,本实施例对此不作具体限定。Optionally, in the step 3, the method for the server to determine the target encryption algorithm for the express to be sent may also be: the server randomly selects a number for the express to be sent from a pre-stored encryption algorithm library, and the number corresponding to the Encryption algorithm as the target encryption algorithm. Of course, different express companies can also formulate other different encryption algorithm selection rules according to their own needs, which are not specifically limited in this embodiment.

可选地,所述步骤3举例说明如下。例如,每个省份分配一个2位数的编号,各省的编号固定不变,该编号可参照中国地图各省份的顺序,例如山西省为04,浙江省为11。选取目标加密算法时,将快递单号的后两位、快递起始站与快递终点站省份所对应的数字编号与寄送时间,即快递单号的生成时间(年份用后两位数字表示)相加,得到数字和sum。假设服务器加密算法库中有m个算法,则用数字和sum对m取余,得到余数n,其取值范围为[0,m-1]。余数n对应于所选择的目标加密算法的编号,该编号所对应的加密算法确定为目标加密算法。Optionally, the step 3 is illustrated as follows. For example, each province is assigned a 2-digit number, and the number of each province is fixed. The number can refer to the order of the provinces on the map of China. For example, Shanxi Province is 04, and Zhejiang Province is 11. When selecting the target encryption algorithm, the last two digits of the express order number, the number corresponding to the express starting station and express destination province, and the delivery time, that is, the generation time of the express order number (the year is represented by the last two digits) Add to get the numbers and sum. Assuming that there are m algorithms in the server encryption algorithm library, use the number and sum to take the remainder of m to obtain the remainder n, whose value range is [0, m-1]. The remainder n corresponds to the number of the selected target encryption algorithm, and the encryption algorithm corresponding to the number is determined as the target encryption algorithm.

假如在2017年2月3日收到一份从山西省至浙江省的快递,其快递单号为979100001,则对应的数字依次为17(寄送年份后两位)、02(寄送月份)、03(寄送日期)、04(山西省编号)、11(浙江省编号)和01(快递单后两位),相加的数字和sum为38。如果加密算法库中有3个加密算法,sum为38,取余数n为2,则目标加密算法的编号为2。If you receive a courier from Shanxi Province to Zhejiang Province on February 3, 2017, and its courier number is 979100001, the corresponding numbers are 17 (the last two digits of the year of delivery) and 02 (the month of delivery) , 03 (delivery date), 04 (Shanxi province number), 11 (Zhejiang province number) and 01 (the last two digits of the courier bill), the sum of the sum is 38. If there are 3 encryption algorithms in the encryption algorithm library, the sum is 38, and the remainder n is 2, the number of the target encryption algorithm is 2.

可选地,所述步骤2中,服务器确定待寄出快递所要到达的快递终点站的方法包括如下两种方式:Optionally, in the step 2, the method for the server to determine the express delivery terminal to which the express to be sent will arrive includes the following two methods:

第一种方式:服务器将用户在用户终端或快递起始站的公共终端中选择的终点站确定为待寄出快递所要达到的快递终点站。The first way: the server determines the terminal selected by the user in the user terminal or the public terminal of the express starting station as the express terminal to be reached by the express to be sent.

具体地,用户在用户终端或快递起始站的公共终端上填写寄件人和收件人的个人隐私信息和地址信息后,用户再选定快递终点站,服务器将用户选定的快递终点站确定为待寄出快递所要达到的快递终点站。Specifically, after the user fills in the personal privacy information and address information of the sender and the recipient on the user terminal or the public terminal of the express delivery starting station, the user selects the express delivery terminal, and the server sends the express delivery terminal selected by the user to the express delivery terminal. Determine the express destination to be reached by the express to be sent.

第二种方式:服务器根据待寄出快递的收件人的地址信息,确定离收件人的地址最近的快递站作为快递终点站。The second way: the server determines the express station closest to the address of the recipient as the express delivery terminal according to the address information of the recipient to be sent out.

可选地,所述步骤5中,服务器使用目标加密算法的第二类密钥中的公钥PK2和/或密钥K对个人隐私信息进行加密是指如下三种情况:Optionally, in the step 5, the server uses the public key PK2 and/or the key K in the second type of key of the target encryption algorithm to encrypt the personal privacy information refers to the following three situations:

第一种情况:当服务器使用的目标加密算法为对称加密算法时,使用目标加密算法的第二类密钥中的密钥K对个人隐私信息进行加密。The first case: when the target encryption algorithm used by the server is a symmetric encryption algorithm, use the key K in the second type of key of the target encryption algorithm to encrypt personal privacy information.

例如,当目标加密算法为DES、AES或IDEA等对称加密算法时,快递信息传送至服务器后,服务器使用这些对称加密算法的第二类密钥中的密钥K对个人隐私信息进行加密。For example, when the target encryption algorithm is a symmetric encryption algorithm such as DES, AES, or IDEA, after the express information is sent to the server, the server uses the key K in the second type of keys of these symmetric encryption algorithms to encrypt personal privacy information.

第二种情况:当服务器使用的目标加密算法为非对称加密算法时,使用目标加密算法的第二类密钥中的公钥PK2对个人隐私信息进行加密。The second case: when the target encryption algorithm used by the server is an asymmetric encryption algorithm, the personal privacy information is encrypted by using the public key PK2 in the second type of key of the target encryption algorithm.

例如,当目标加密算法为RSA、Elgamal或ECC等非对称加密算法时,快递信息传送至服务器后,服务器使用这些非对称加密算法的第二类密钥中的公钥PK2对个人隐私信息进行加密。For example, when the target encryption algorithm is an asymmetric encryption algorithm such as RSA, Elgamal or ECC, after the express information is sent to the server, the server uses the public key PK2 in the second type of key of these asymmetric encryption algorithms to encrypt personal privacy information .

第三种情况:当服务器使用的目标加密算法为混合加密算法时,使用目标加密算法的第二类密钥中的公钥PK2对第二类密钥K进行加密,将加密后的密钥K存储于服务器或手持设备中,之后在对个人隐私信息进行加密时,服务器使用目标加密算法的第二类密钥中的私钥SK2对加密后的密钥K进行解密,使用解密后的密钥K对个人隐私信息进行加密。The third case: when the target encryption algorithm used by the server is a hybrid encryption algorithm, use the public key PK2 in the second type key of the target encryption algorithm to encrypt the second type key K, and encrypt the encrypted key K Stored in the server or handheld device, and then when encrypting personal privacy information, the server decrypts the encrypted key K using the private key SK2 in the second type of key of the target encryption algorithm, and uses the decrypted key K encrypts personal privacy information.

例如,当目标加密算法为DES与RSA的混合加密算法时,密钥K是以第二类密钥中的PK2加密后的形式储存于服务器中的,快递信息传送至服务器后,服务器使用目标加密算法的第二类密钥中的私钥SK2对加密后的密钥K进行解密,然后使用解密后的密钥K对个人隐私信息进行加密。其中,采用不同的目标加密算法,第二类密钥中的私钥SK2、公钥PK2和密钥K是不相同的。For example, when the target encryption algorithm is a hybrid encryption algorithm of DES and RSA, the key K is stored in the server in the form of PK2 encryption in the second type of key. After the express information is sent to the server, the server uses the target encryption The private key SK2 in the second type of key of the algorithm decrypts the encrypted key K, and then uses the decrypted key K to encrypt personal privacy information. Among them, using different target encryption algorithms, the private key SK2, the public key PK2 and the key K in the second type of key are different.

特别地,当采用的加密算法为混合加密算法时,密钥K除以PK2加密后的形式存储在服务器中外,还可以存储于手持设备中。In particular, when the adopted encryption algorithm is a hybrid encryption algorithm, the key K can be stored in the handheld device in addition to being stored in the server in the form of PK2 encryption.

可选地,所述步骤6中,个人隐私信息中的一部分信息是指姓名中的姓氏和手机号中的前三位数字和后四位数字;或者,个人隐私信息中的一部分信息是指姓名中的姓氏、固定电话号码中的区号和除区号外的固定电话号码中的后四位。也就是说,本发明的快递面单上,姓名中的姓氏和手机号中的前三位数字和后四位数字明文显示,姓名中除姓氏之外的名字和手机号的中间四位数字以暗文的形式进行显示。或者,快递面单上,姓名中的姓氏和固定电话号码中的区号和除区号外的固定电话号码的后四位数字明文显示,姓名中除姓氏之外的名字和固定电话号码中的其它数字以暗文的形式进行显示。例如,当固定电话号码为01087654321时,快递面单上区号010和4321以明文形式显示,8765用其它符号如“*”代替。另外,本发明中对寄件人与收件人的地址信息不进行加密处理,以便于派送或者退件时快速查询相应地址,以及在物流配送过程中及时发现并纠正配送错误。Optionally, in the step 6, a part of the information in the personal privacy information refers to the surname in the name and the first three digits and the last four digits in the mobile phone number; or, a part of the information in the personal privacy information refers to the name. Last name in , the area code in a landline number, and the last four digits of a landline number other than the area code. That is to say, on the express delivery form of the present invention, the surname in the name and the first three digits and the last four digits of the mobile phone number are displayed in plain text, and the middle four digits of the first name other than the surname and the mobile phone number in the name are displayed in plain text. Displayed in dark text. Or, on the express delivery form, the last name in the name and the area code in the fixed telephone number and the last four digits of the fixed telephone number except the area code are displayed in plain text, the first name in the name except the surname and the other digits in the fixed telephone number Displayed in dark text. For example, when the fixed phone number is 01087654321, the area codes 010 and 4321 on the express delivery slip are displayed in plain text, and 8765 is replaced by other symbols such as "*". In addition, in the present invention, the address information of the sender and the recipient is not encrypted, so that the corresponding addresses can be quickly inquired during delivery or return, and delivery errors can be found and corrected in time during the logistics and delivery process.

可选地,所述步骤8中,手持设备根据扫描结果对个人隐私信息进行解密时,包括如下三种方式:Optionally, in the step 8, when the handheld device decrypts the personal privacy information according to the scanning result, the following three methods are included:

第一种方式:手持设备扫描二维码后,获取本地预先存储的第一类密钥中的私钥SK1,并使用第一类密钥中的私钥SK1对目标加密算法的编号进行解密,然后,在本地预先存储的各个加密算法的第二类密钥中查询目标加密算法的编号对应的第二类密钥中的私钥SK2和/或密钥K,并使用查询到的第二类密钥中的私钥SK2和/或密钥K对个人隐私信息进行解密,得到个人隐私信息;其中,各种加密算法的第二类密钥为服务器预先生成并发送至手持设备中的,且每种加密算法的第二类密钥在服务器下次重新生成之前保持不变。The first method: After scanning the QR code with the handheld device, obtain the private key SK1 in the first type of key pre-stored locally, and use the private key SK1 in the first type of key to decrypt the number of the target encryption algorithm, Then, query the private key SK2 and/or the key K in the second type key corresponding to the number of the target encryption algorithm in the locally pre-stored second type key of each encryption algorithm, and use the queried second type key The private key SK2 and/or the key K in the key decrypt the personal privacy information to obtain the personal privacy information; wherein, the second type keys of various encryption algorithms are pre-generated by the server and sent to the handheld device, and The second type of key for each encryption algorithm remains unchanged until the next regeneration by the server.

该种方式中,每个手持设备预先存储有所属快递站的第一类密钥和各种加密算法的第二类密钥。在此基础上,手持设备从本地获取其第一类密钥中的私钥SK1,然后再使用第一类密钥中的私钥SK1对目标加密算法的编号进行解密,通过目标加密算法的编号在本地查询目标加密算法的第二类密钥中的私钥SK2和/或密钥K,并使用查询到的第二类密钥中的私钥SK2和/或密钥K对个人隐私信息进行解密。该种方式下,手持设备本地存储的所属快递站的第一类密钥和各种加密算法的第二类密钥,可以是由服务器预先计算好后发给手持设备的,也可以是服务器计算好后下发至各个快递站后,由各个快递站下发至其范围内的各个手持设备。In this way, each handheld device pre-stores the first type key of the express station to which it belongs and the second type key of various encryption algorithms. On this basis, the handheld device obtains the private key SK1 in the first type of key locally, and then uses the private key SK1 in the first type of key to decrypt the number of the target encryption algorithm. Query the private key SK2 and/or the key K in the second type key of the target encryption algorithm locally, and use the queried private key SK2 and/or the key K in the second type key to perform the personal privacy information decrypt. In this way, the first type key of the express station to which the handheld device belongs and the second type key of various encryption algorithms stored locally can be pre-calculated by the server and sent to the handheld device, or it can be calculated by the server. After delivery to each express station, each express station will send it to each handheld device within its range.

在此方式下,第一类密钥与第二类密钥在一段时间内保持不变。当服务器重新计算每个快递站的第一类密钥和每种加密算法的第二类密钥,并重新下发至各个快递站或手持设备后,手持设备更新第一类密钥和第二类密钥。In this way, the keys of the first type and the keys of the second type remain unchanged for a period of time. When the server recalculates the first type key of each express station and the second type key of each encryption algorithm, and re-distributes it to each express station or handheld device, the handheld device updates the first type key and the second type key. class key.

第二种方式:手持设备扫描二维码得到快递单号,并获取本地预先存储的第一类密钥中的私钥SK1后,使用获取到的第一类密钥中的私钥SK1对目标加密算法的编号进行解密,得到目标加密算法的编号后,将快递单号及目标加密算法的编号发送至服务器,服务器查询到快递单号对应的目标加密算法的第二类密钥中的SK2和/或密钥K,并使用查询到的第二类密钥中的SK2和/或密钥K对个人隐私信息进行解密后,将个人隐私信息发送至手持设备;其中,目标加密算法的第二类密钥为服务器生成快递单号及确定目标加密算法后计算得到并存储于服务器本地的,且每份快递对应不同的第二类密钥。The second way: After the handheld device scans the QR code to obtain the courier number, and obtains the private key SK1 in the locally pre-stored first-class key, use the obtained private key SK1 in the first-class key to pair the target. The number of the encryption algorithm is decrypted, and after the number of the target encryption algorithm is obtained, the express order number and the number of the target encryption algorithm are sent to the server, and the server queries the SK2 and SK2 in the second type key of the target encryption algorithm corresponding to the express order number. / or key K, and decrypt the personal privacy information using SK2 and/or key K in the queried second type of keys, and then send the personal privacy information to the handheld device; wherein, the second key of the target encryption algorithm The class key is calculated after the server generates the express order number and determines the target encryption algorithm and is stored locally on the server, and each express corresponds to a different second class key.

该种方式下,快递站的第一类密钥中的私钥SK1也是存储于手持设备本地,手持设备扫描二维码后,先从本地获取快递站的第一类密钥中的私钥SK1。In this way, the private key SK1 in the first type key of the express station is also stored locally on the handheld device. After the handheld device scans the QR code, it first obtains the private key SK1 in the first type key of the express station locally. .

在该种方式下,目标加密算法的第二类密钥由服务器生成快递单号及确定目标加密算法后计算得到,每份快递所对应的第二类密钥是不同的,加大了不确定性,增加了破解难度,提高了个人隐私信息的安全性。In this way, the second type key of the target encryption algorithm is calculated by the server after generating the express order number and determining the target encryption algorithm. The second type key corresponding to each express is different, which increases the uncertainty. It increases the difficulty of cracking and improves the security of personal privacy information.

第三种方式:手持设备扫描二维码得到快递单号,并获取本地预先存储的第一类密钥中的私钥SK1后,使用获取到的第一类密钥中的私钥SK1对目标加密算法的编号进行解密,得到目标加密算法的编号后,将快递单号及目标加密算法的编号发送至服务器,服务器查询到快递单号对应的目标加密算法的第二类密钥中的SK2和/或密钥K,并将查询到的第二类密钥中的SK2和/或密钥K发送至手持设备,手持设备接收服务器查询到的第二类密钥中的SK2和/或密钥K后,使用接收的第二类密钥中的SK2和/或密钥K对个人隐私信息进行解密,得到个人隐私信息;其中,目标加密算法的第二类密钥为服务器生成快递单号及确定目标加密算法后计算得到,并存储于服务器本地的,且每份快递对应不同的第二类密钥。The third way: After the handheld device scans the QR code to obtain the express tracking number, and obtains the private key SK1 in the locally pre-stored first-class key, use the obtained private key SK1 in the first-class key to pair the target The number of the encryption algorithm is decrypted, and after the number of the target encryption algorithm is obtained, the express order number and the number of the target encryption algorithm are sent to the server, and the server queries the SK2 and SK2 in the second type key of the target encryption algorithm corresponding to the express order number. /or key K, and send SK2 and/or key K in the second type of key queried to the handheld device, and the handheld device receives the SK2 and/or key in the second type of key queried by the server After K, use SK2 and/or key K in the received second type key to decrypt the personal privacy information to obtain the personal privacy information; wherein, the second type key of the target encryption algorithm is for the server to generate the express tracking number and After determining the target encryption algorithm, it is calculated and stored locally on the server, and each express corresponds to a different second type of key.

该种方式与上述第二种方式的区别在于,第二种方式是服务器解密获取到个人隐私信息后发送至手持设备,而该种方式下,服务器查询到第二类密钥中的SK2和/或密钥K发送至手持设备,由手持设备使用接收的第二类密钥中的SK2和/或密钥K对个人隐私信息进行解密来得到个人隐私信息。另外,该种方式中,对于每份快递,服务器生成器目标加密算法的第二类密钥后,先存储于服务器本地,并在接收手持设备发送的快递单号及目标加密算法的编号时,才将目标加密算法的第二类密钥发送至手持设备。The difference between this method and the above-mentioned second method is that in the second method, the server decrypts and obtains personal privacy information and sends it to the handheld device. Or the key K is sent to the handheld device, and the handheld device decrypts the personal privacy information using SK2 and/or the key K in the received second type of keys to obtain the personal privacy information. In addition, in this method, for each express, the server generates the second type key of the target encryption algorithm and stores it locally on the server, and when receiving the express tracking number and the number of the target encryption algorithm sent by the handheld device, The second type key of the target encryption algorithm is sent to the handheld device.

在该种方式下,目标加密算法所需的第二类密钥由服务器生成快递单号及确定目标加密算法后计算得到,即每份快递所对应的第二类密钥是不同的,加大了不确定性,增加了破解难度,提高了个人隐私信息的安全性。In this way, the second type key required by the target encryption algorithm is calculated by the server after generating the express order number and determining the target encryption algorithm, that is, the second type key corresponding to each express delivery is different. It increases the uncertainty, increases the difficulty of cracking, and improves the security of personal privacy information.

上述实施例中的加密算法选取规则、和/或加密算法库、和/或每个快递站的第一类密钥和每种加密算法的第二类密钥需定期更新;所述加密算法库的更新包括加密算法的数量、种类或每种加密算法编号的更新。通过更新加密算法选取规则、加密算法库和/或每个快递站的第一类密钥和每种加密算法的第二类密钥,可以加强加密算法的安全性和可靠性,进一步避免用户的个人隐私信息泄露。The encryption algorithm selection rule in the above-mentioned embodiment, and/or the encryption algorithm library, and/or the first type key of each express station and the second type key of each encryption algorithm need to be updated regularly; the encryption algorithm library The update includes the number, type of encryption algorithm or the update of the number of each encryption algorithm. By updating the encryption algorithm selection rules, the encryption algorithm library and/or the first type key of each express station and the second type key of each encryption algorithm, the security and reliability of the encryption algorithm can be strengthened, and the user's Personal privacy information leaked.

另外,在上述步骤8的第一种实现方式中,每个快递站也可以定期更新其第一类密钥和其存储的各种加密算法的第二类密钥。例如,每周更新一次,每月更新一次等。更新后的第一类密钥和第二类密钥中的公钥和私钥由服务器随机生成后,发送至各个快递站后,由各个快递站发送至其范围内的各个手持设备,或者服务器直接发送至各个手持设备。每个手持设备在更新公私密钥对后,会一并存储更新后的公私密钥对和更新之前的公私密钥对。定期更新公私密钥对的目的是为了进一步加强加密算法的安全性和可靠性,而保留更新前的公私密钥对主要是防止前一段时间寄送的快递在更新公私密钥对后达到快递终点站时,快递终点站的手持设备无法正确解码。In addition, in the first implementation manner of the above-mentioned step 8, each express station may also periodically update its first-type key and its stored second-type keys of various encryption algorithms. For example, weekly updates, monthly updates, etc. The updated public key and private key in the first type key and the second type key are randomly generated by the server and sent to each express station, and then sent by each express station to each handheld device or server within its range. Send directly to each handheld device. After updating the public-private key pair, each handheld device will store the updated public-private key pair and the previous public-private key pair together. The purpose of regularly updating the public-private key pair is to further strengthen the security and reliability of the encryption algorithm, and the preservation of the public-private key pair before the update is mainly to prevent the express delivery sent some time ago from reaching the express destination after the public-private key pair is updated. The handheld device at the courier terminal could not decode correctly when it was stopped.

本发明中,所述快递起始站的公共终端是指快递起始站提供的便于寄件人(用户)在寄快递时填写寄件人和收件人的个人隐私信息及地址信息的设备,如PC、笔记本电脑等。用户终端是指用户个人的可以用于填写寄件人和收件人的个人隐私信息及地址信息的设备,如手机、笔记本电脑、平板等。用户可以在任何场所通过其用户终端上的微信等社交平台中的公众号或物流企业的服务网站或APP填写寄件人和收件人的个人隐私信息及地址信息。In the present invention, the public terminal of the express starting station refers to a device provided by the express starting station to facilitate the sender (user) to fill in the personal privacy information and address information of the sender and the recipient when sending express delivery, Such as PC, laptop, etc. A user terminal refers to a user's personal device that can be used to fill in the sender's and recipient's personal privacy information and address information, such as a mobile phone, laptop computer, tablet, etc. Users can fill in the personal privacy information and address information of the sender and recipient through the official account of the social platform such as WeChat on the user terminal or the service website or APP of the logistics company in any place.

服务器预先存储的加密算法库中存储了各种类型的加密算法及其对应的编号。具体地,加密算法库中有对称加密算法、非对称加密算法和混合加密算法等一系列加密算法。每种加密算法都有一个唯一的编号。比如:DES算法对应编号为0,RSA算法对应编号为1,DES和RSA算法的混合加密算法对应编号为2等。后续解密过程中依靠加密算法对应的编号、或、加密算法对应的编号和快递单号来寻找对应的解密密钥,进而获取被加密的个人隐私信息。Various types of encryption algorithms and their corresponding numbers are stored in the encryption algorithm library pre-stored by the server. Specifically, the encryption algorithm library includes a series of encryption algorithms such as symmetric encryption algorithms, asymmetric encryption algorithms, and hybrid encryption algorithms. Each encryption algorithm has a unique number. For example, the corresponding number of the DES algorithm is 0, the corresponding number of the RSA algorithm is 1, and the corresponding number of the hybrid encryption algorithm of the DES and RSA algorithms is 2, etc. In the subsequent decryption process, the corresponding decryption key is searched by the number corresponding to the encryption algorithm, or the number corresponding to the encryption algorithm and the express order number, and then the encrypted personal privacy information is obtained.

步骤5中,服务器使用快递终点站的第一类密钥中的公钥PK1对目标加密算法的编号进行加密,则可避免快递在运转途中其它快递站的快递员都可以通过其手持设备扫描二维码获取到目标加密算法编号,若之后进一步与服务器进行交互也就比较容易地获得解密的密钥,从而增大了个人隐私信息的泄露风险。In step 5, the server encrypts the number of the target encryption algorithm by using the public key PK1 in the first type of key of the express destination station, so as to avoid that the couriers of other express stations during the operation of the express delivery can scan the number of the target encryption algorithm through their handheld devices. The dimensional code obtains the target encryption algorithm number, and if it further interacts with the server, it will be easier to obtain the decryption key, thus increasing the risk of leakage of personal privacy information.

步骤6中,快递面单包括两个相同的二维码。例如,打印出的快递面单的中间和右上角各有一个二维码,目的是为了防止在快递运送过程中快递面单的污损使得二维码不完整,导致无法进行扫码解密,不同位置设置多个二维码提供了一定的安全保障。In step 6, the express delivery receipt includes two identical QR codes. For example, there is a QR code in the middle and the upper right corner of the printed express delivery form. The purpose is to prevent the contamination of the express delivery form during the express delivery process and make the QR code incomplete, which makes it impossible to scan and decrypt the code. Setting up multiple QR codes at the location provides a certain security guarantee.

进一步地,当快递面单中的两个二维码全部污损导致无法进行正常扫码或派送时,待寄出快递将退回至具有高级权限的快递管理员所在的快递站,具有高级权限的快递管理员通过其专用设备和明码显示的快递单号在服务器查询收件人与寄件人的相关信息,从而继续进行快递包裹的派件。如果快递被派送至错误的终点站,由于其解码密钥不正确,只能退回至上级站点派送至正确终点站,从而有效地保护了用户的隐私信息。Further, when the two QR codes in the express receipt are all defaced and cannot be scanned or delivered normally, the express to be sent will be returned to the express station where the express administrator with advanced authority is located. The courier administrator checks the relevant information of the recipient and the sender on the server through its special equipment and the express tracking number displayed in the clear code, so as to continue the delivery of the express package. If the courier is delivered to the wrong terminal, because its decoding key is incorrect, it can only be returned to the superior station for delivery to the correct terminal, thus effectively protecting the user's private information.

步骤7中,当寄件人在快递起始站的公共终端填写个人隐私信息和地址信息时,可以直接通过快递起始站的公共终端或与其连接的设备打印快递面单;当寄件人通过用户终端填写个人隐私信息和地址信息时,可以通过用户终端或与用户终端连接的设备打印快递面单。另外,本发明中,若寄件人是在快递起始站打印的快递面单,则揽件员可以根据未加密的地址信息上门对待寄出快递进行验视,或者在快递起始站对寄件人带来的待寄出快递进行验视;若寄件人是在用户终端或其所连接的设备上打印快递面单,则揽件员在确定寄件人的地址信息后上门对待寄出快递进行验视即可。In step 7, when the sender fills in the personal privacy information and address information at the public terminal of the express starting station, the express delivery form can be printed directly through the public terminal of the express starting station or a device connected to it; When the user terminal fills in personal privacy information and address information, the express face slip can be printed through the user terminal or a device connected to the user terminal. In addition, in the present invention, if the sender is the express delivery form printed at the express delivery starting station, the picker can visit the door to check the express delivery according to the unencrypted address information, or check the delivery at the express starting station. Check the courier to be sent brought by the sender; if the sender prints the courier receipt on the user terminal or the device connected to it, the sender will come to the door to prepare the delivery after confirming the sender's address information. The courier can be inspected.

本发明中,之所以在加密时,对个人隐私信息的全部信息进行加密,是为了便于在解密时,手持设备可以直接获得个人隐私信息的全部信息。而在快递面单中,只显示个人隐私信息中的一部分信息,例如,如图2所示,快递面单中寄件人与收件人姓名中除姓氏之外的名字用“*”代替,手机号的4至7位用用“*”代替,手机号的后四位明码显示,是为了在派送过程中快速识别收件人。例如,姓名:张三丰,手机号:13812345678,打印出的电子快递面单上显示为:张**,手机号:138****5678。收件人与寄件人的地址信息在打印出的快递面单上以明文的形式显示,目的是为了在派送或者退件时快速查询相应的地址。此外,打印出的快递面单中的中间部分标有快递起始站和快递终点站的城市名称,并且着重标出,如使用大号黑色加粗字体予以突出标注,目的是防止快递在运输过程中出现配送错误的情况时,及时提醒相关工作人员,从而降低快递运输配送错误的可能性。打印出的快递面单上同时包括以条码形式显示的快递单号,目的是在现有物流配送体系下,能够通过扫描条形码的方式及时更新物流信息,从而方便用户根据快递单号查询物流信息。具体地,当快递到达任一快递中转站时,该快递中转站扫描该快递单号后,向服务器提交当前的物流信息,服务器更新物流信息,后续用户需要查询物流信息时,通过快递单号即可实现。In the present invention, the whole information of the personal privacy information is encrypted during encryption, so that the handheld device can directly obtain all the information of the personal privacy information during decryption. In the express delivery slip, only a part of the personal privacy information is displayed. For example, as shown in Figure 2, the names of the sender and recipient in the express delivery slip are replaced by "*". The 4 to 7 digits of the mobile phone number are replaced by "*", and the last four digits of the mobile phone number are displayed in plain code, in order to quickly identify the recipient during the delivery process. For example, the name: Zhang Sanfeng, the mobile phone number: 13812345678, the printed electronic express face sheet shows: Zhang**, the mobile phone number: 138****5678. The address information of the recipient and the sender is displayed in clear text on the printed express delivery slip, in order to quickly query the corresponding address during delivery or return. In addition, the middle part of the printed express delivery form is marked with the city names of the express starting station and express destination station, and it is marked with emphasis, such as using large black bold fonts to highlight it, in order to prevent express delivery during transportation. When there is a delivery error in the delivery, the relevant staff will be reminded in time, thereby reducing the possibility of delivery errors in express delivery. The printed courier receipt also includes the courier number displayed in the form of a barcode. The purpose is to update the logistics information in time by scanning the barcode under the existing logistics distribution system, so as to facilitate the user to query the logistics information according to the courier number. Specifically, when the express arrives at any express transit station, the express transit station scans the express tracking number, submits the current logistics information to the server, and the server updates the logistics information. When subsequent users need to query the logistics information, the express tracking number is Can achieve.

进一步地,打印快递面单后,快递起始站将包含有快递信息与二维码的快递面单打印黏贴至待寄出快递包裹的表面,以便于根据上面的地址信息进行配送。Further, after printing the express delivery form, the express starting station will print and paste the express delivery form containing the express information and the QR code on the surface of the express package to be sent, so as to facilitate delivery according to the above address information.

可选地,步骤8中,在通知收件人领取快递时,派件员可以控制手持设备调用个人隐私信息中的电话号码,并拨打所述电话号码或向所述号码发送消息,以通知收件人取件。具体地,手持设备可内置通信控制模块,例如安装SIM卡后,派件员可利用该手持设备扫描二维码后获取收件人电话号码,并可自动拨打该电话或者发送短信。Optionally, in step 8, when notifying the recipient to pick up the express, the dispatcher can control the handheld device to call the phone number in the personal privacy information, and dial the phone number or send a message to the number to notify the recipient. Pickup by the person. Specifically, the handheld device can have a built-in communication control module. For example, after installing the SIM card, the dispatcher can scan the QR code with the handheld device to obtain the recipient's phone number, and can automatically dial the phone or send a short message.

Claims (7)

1. A method for protecting personal privacy information in express delivery by using a dynamic encryption mechanism is characterized by comprising the following steps:
step 1, a public terminal or a user terminal of an express starting station acquires personal privacy information and address information of a sender and a receiver to be sent out an express, and sends the personal privacy information and the address information to a server of a logistics enterprise;
step 2, the server receives the personal privacy information and the address information, generates an express bill number of the express to be sent out according to a preset bill number generation rule, records the generation time of the express bill number, and determines an express terminal station to which the express to be sent out arrives;
step 3, the server calculates the number and sum of the last two digits of the express bill number, the serial numbers of the start province and the end province of the address information of the express to be sent out and the digits of the date in the generation time of the express bill number; the server uses the numbers and sum to complement the total number of the algorithms in the encryption algorithm library to obtain a remainder n, determines the remainder n as the number of the target encryption algorithm, and determines the encryption algorithm corresponding to the number as the target encryption algorithm; the number of dates in the generation time is: taking two digits after year, month and day;
step 4, the server acquires a private key SK1 and a public key PK1 in a first type of key of the express destination according to the express destination to which the express to be sent out arrives, and acquires a private key SK2, a public key PK2 and/or a key K in a second type of key of a target encryption algorithm;
step 5, the server encrypts the serial number of the target encryption algorithm by using a public key PK1 in the first type of key of the express destination, and encrypts the personal privacy information by using a public key PK2 and/or a key K in the second type of key of the target encryption algorithm;
step 6, the server sends each piece of information required for generating the express bill to a public terminal or a user terminal of an express starting station according to the arrangement sequence of each piece of information in the express bill, wherein the express bill comprises address information of a sender and a receiver displayed in a plaintext, part of information in personal privacy information displayed in the plaintext, an express bill number displayed in a bar code form and at least one two-dimensional code, and the two-dimensional code comprises the express bill number, the number of an encrypted target encryption algorithm and the encrypted personal privacy information;
step 7, after the public terminal or the user terminal of the express initiating station generates and prints the express bill according to the received information required for generating the express bill, each express station of the logistics enterprise transports the express according to the address information displayed in the plain text on the express bill;
step 8, when the express reaches an express terminal, a dispatcher of the express terminal scans the two-dimensional code by using a handheld device, and obtains personal privacy information according to a scanning result, so that the dispatcher informs a receiver to take the express according to the personal privacy information;
in step 8, when the handheld device obtains the private information according to the scanning result, the method includes the following three ways:
the first mode is as follows: after the handheld device scans the two-dimensional code, a private key SK1 in a first type of key stored locally in advance is obtained, the number of a target encryption algorithm is decrypted by using the private key SK1 in the first type of key, then the private key SK2 and/or the key K in a second type of key corresponding to the number of the target encryption algorithm are inquired in second types of keys of various encryption algorithms stored locally in advance, and personal privacy information is decrypted by using the private key SK2 and/or the key K in the inquired second type of key, so that personal privacy information is obtained; the second-class keys of various encryption algorithms are pre-calculated by the server and sent to the handheld device, and the second-class keys of each encryption algorithm are kept unchanged before the server recalculates next time;
the second mode is as follows: the handheld device scans the two-dimensional code to obtain an express bill number, after a private key SK1 in a first type key stored locally in advance is obtained, the private key SK1 in the obtained first type key is used for decrypting the number of a target encryption algorithm, after the number of the target encryption algorithm is obtained, the express bill number and the number of the target encryption algorithm are sent to the server, the server inquires SK2 and/or a key K in a second type key of the target encryption algorithm corresponding to the express bill number, and after the personal privacy information is decrypted by the SK2 and/or the key K in the inquired second type key, the personal privacy information is sent to the handheld device; the second type key of the target encryption algorithm is used for generating an express bill number for the server, determining the target encryption algorithm, calculating, obtaining and storing the second type key in the local server, and each express corresponds to a different second type key;
the third mode is as follows: the handheld device scans the two-dimensional code to obtain an express bill number, after a private key SK1 in a first type key stored locally in advance is obtained, the private key SK1 in the obtained first type key is used for decrypting the number of a target encryption algorithm, after the number of the target encryption algorithm is obtained, the express bill number and the number of the target encryption algorithm are sent to the server, the server inquires SK2 and/or a key K in a second type key of the target encryption algorithm corresponding to the express bill number, and sends the inquired SK2 and/or the key K in the second type key to the handheld device, after the handheld device receives the SK2 and/or the key K in the second type key inquired by the server, the received SK2 and/or the key K in the second type key are used for decrypting the personal privacy information, and the personal privacy information is obtained; the second type key of the target encryption algorithm is obtained by calculation after the server generates the express bill number and determines the target encryption algorithm, and is sent to the handheld device, and each express corresponds to a different second type key.
2. The method for protecting personal privacy information in courier by applying dynamic encryption mechanism as claimed in claim 1, wherein the personal privacy information includes name and phone.
3. The method for protecting private information in courier by using dynamic encryption mechanism as claimed in claim 1 or 2, wherein in step 3, the method for the server to determine the target encryption algorithm for the courier to be sent out is further: the server randomly selects a number for the express to be sent from a pre-stored encryption algorithm library, and determines an encryption algorithm corresponding to the number as a target encryption algorithm.
4. The method for protecting the private information in the courier by using the dynamic encryption mechanism as claimed in claim 1 or 2, wherein in the step 2, the method for the server to determine the courier destination to which the courier is to be sent out is as follows:
the server determines a terminal station selected by a user from a user terminal or a public terminal of an express initial station as an express terminal station to which express is to be sent out;
or the server selects the express station closest to the address of the addressee as an express destination station according to the address information of the addressee of the express to be sent out.
5. The method for protecting personal privacy information in courier by using dynamic encryption mechanism as claimed in claim 1 or 2, wherein in the step 5, the server uses the public key PK2 and/or the secret key K in the second type of key of the target encryption algorithm to encrypt the personal privacy information means:
when the target encryption algorithm used by the server is a symmetric encryption algorithm, encrypting the personal privacy information by using a key K in a second type of key of the target encryption algorithm;
when the target encryption algorithm used by the server is an asymmetric encryption algorithm, the public key PK2 in the second type of key of the target encryption algorithm is used for encrypting the personal privacy information;
when the target encryption algorithm used by the server is a mixed encryption algorithm, the public key PK2 in the second type of key of the target encryption algorithm is used for encrypting the key K in the second type of key, the encrypted key K is stored in the server or the handheld device, and then when the personal privacy information is encrypted, the server decrypts the encrypted key K by using the private key SK2 in the second type of key of the target encryption algorithm and encrypts the personal privacy information by using the decrypted key K.
6. The method for protecting the personal privacy information in the express delivery by applying the dynamic encryption mechanism as claimed in claim 1 or 2, wherein a part of the information in the personal privacy information in the step 6 refers to the first three digits and the last four digits in the last name and the mobile phone number in the name; alternatively, a part of the private information may be a last name in the name, an area code in the fixed telephone number, and the last four digits in the fixed telephone number except the area code.
7. The method for protecting private information of express delivery by using dynamic encryption mechanism as claimed in claim 1 or 2, further comprising:
the server regularly updates an encryption algorithm selection rule and/or an encryption algorithm library and/or a first type key of each express delivery station and a second type key of each encryption algorithm; the updating of the encryption algorithm library includes updating the number, kind or number of each encryption algorithm therein.
CN201710287976.5A 2017-04-27 2017-04-27 Method for protecting personal privacy information in express by applying dynamic encryption mechanism Active CN107104969B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710287976.5A CN107104969B (en) 2017-04-27 2017-04-27 Method for protecting personal privacy information in express by applying dynamic encryption mechanism

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710287976.5A CN107104969B (en) 2017-04-27 2017-04-27 Method for protecting personal privacy information in express by applying dynamic encryption mechanism

Publications (2)

Publication Number Publication Date
CN107104969A CN107104969A (en) 2017-08-29
CN107104969B true CN107104969B (en) 2020-12-25

Family

ID=59657956

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710287976.5A Active CN107104969B (en) 2017-04-27 2017-04-27 Method for protecting personal privacy information in express by applying dynamic encryption mechanism

Country Status (1)

Country Link
CN (1) CN107104969B (en)

Families Citing this family (23)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107809436B (en) * 2017-11-10 2020-04-21 北京世纪鼎点软件有限公司 Authority authentication method, encryption method, device and system for network video access
CN107798373B (en) * 2017-11-24 2020-09-29 成都智元汇信息技术股份有限公司 Two-dimensional code anti-copying method and system
CN108596534A (en) * 2018-03-19 2018-09-28 南京交通职业技术学院 It is a kind of protection privacy information net purchase send method with charge free
CN108616533B (en) * 2018-04-27 2021-02-19 正方软件股份有限公司 Sensitive data encryption method and device
CN108710931B (en) * 2018-05-07 2021-08-17 中共中央办公厅电子科技学院 Mailing address information privacy protection method based on two-dimensional code
CN108681853B (en) * 2018-05-11 2021-01-26 创新先进技术有限公司 Logistics information transmission method, system and device based on block chain
CN109492427A (en) * 2018-10-17 2019-03-19 航天信息股份有限公司 Online shopping method and device
CN109409133A (en) * 2018-11-12 2019-03-01 泰康保险集团股份有限公司 Call method, device and electronic equipment
CN109711199A (en) * 2019-01-04 2019-05-03 杭州卓凯科技有限公司 Shipping platform order information encryption method on line
CN109800588B (en) * 2019-01-24 2021-07-16 工业和信息化部装备工业发展中心 Dynamic bar code encryption method and device and dynamic bar code decryption method and device
CN110414901A (en) * 2019-07-31 2019-11-05 广东工业大学 App-based express delivery user privacy information protection method and device
CN110474693A (en) * 2019-08-20 2019-11-19 武汉飞沃科技有限公司 A kind of optical mode block encryption method, optical mode block identifying method and identification device
CN111126920A (en) * 2019-12-27 2020-05-08 山东爱城市网信息技术有限公司 Method, device and medium for generating electronic express bill based on block chain
CN113780708A (en) * 2020-11-03 2021-12-10 北京京东振世信息技术有限公司 Information configuration method and device for distribution bill
CN113191121B (en) * 2021-04-14 2024-07-19 上海东普信息科技有限公司 Express bill number generation method, device, equipment and storage medium
CN113064564A (en) * 2021-05-13 2021-07-02 上海寻梦信息技术有限公司 Logistics surface single printing method, device, equipment and storage medium
CN113645582B (en) * 2021-06-03 2023-05-12 北京航空航天大学 Logistics privacy protection system based on ciphertext policy attribute base key encapsulation
CN114357505B (en) * 2021-12-10 2025-03-14 阿里巴巴(中国)有限公司 Logistics data encryption and decryption method, device and storage medium
CN114338247B (en) * 2022-03-15 2022-05-27 中国信息通信研究院 Data transmission method and apparatus, electronic device, storage medium, and program product
CN114723366A (en) * 2022-04-11 2022-07-08 支付宝(杭州)信息技术有限公司 Method and apparatus for delivering objects
CN115694864A (en) * 2022-06-08 2023-02-03 重庆工业职业技术学院 Express information encryption method based on improved AES algorithm and QR code
TWI818662B (en) * 2022-08-08 2023-10-11 精誠資訊股份有限公司 Encrypted system and method for sending non-physical ticket transaction messages
CN117834690A (en) * 2023-12-21 2024-04-05 深圳市紫光照明技术股份有限公司 Intelligent switch control method, device, equipment and storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2003128254A (en) * 2001-10-22 2003-05-08 Ntt Data Corp Delivery assistance system using computer and slip output system
CN101692636A (en) * 2009-10-27 2010-04-07 中山爱科数字科技有限公司 Data element and coordinate algorithm-based method and device for encrypting mixed data
CN103401676A (en) * 2013-07-16 2013-11-20 中国人民解放军海军工程大学 Two-dimensional barcode-based logistics industry personal information privacy protection system and method
CN104166923A (en) * 2014-07-22 2014-11-26 南京邮电大学 Text-message distribution system capable of identifying encrypted bar code and realization method thereof
CN105719120A (en) * 2016-04-25 2016-06-29 成都蓉科联创科技有限责任公司 Method for encrypting privacy information on express waybills

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2003128254A (en) * 2001-10-22 2003-05-08 Ntt Data Corp Delivery assistance system using computer and slip output system
CN101692636A (en) * 2009-10-27 2010-04-07 中山爱科数字科技有限公司 Data element and coordinate algorithm-based method and device for encrypting mixed data
CN103401676A (en) * 2013-07-16 2013-11-20 中国人民解放军海军工程大学 Two-dimensional barcode-based logistics industry personal information privacy protection system and method
CN104166923A (en) * 2014-07-22 2014-11-26 南京邮电大学 Text-message distribution system capable of identifying encrypted bar code and realization method thereof
CN105719120A (en) * 2016-04-25 2016-06-29 成都蓉科联创科技有限责任公司 Method for encrypting privacy information on express waybills

Also Published As

Publication number Publication date
CN107104969A (en) 2017-08-29

Similar Documents

Publication Publication Date Title
CN107104969B (en) Method for protecting personal privacy information in express by applying dynamic encryption mechanism
CN104933371B (en) Logistics personal information intimacy protection system based on multi-layer security Quick Response Code
CN110428293B (en) Data processing method, device, storage medium and equipment for electronic bill
CN106453268B (en) A method of realizing express delivery secret protection in logistics progress
CN105719120B (en) A method of encryption express delivery list privacy information
CN107437159B (en) Intelligent express delivery system, method and device for whole-process privacy protection
US8560457B2 (en) Enhanced network server authentication using a physical out-of-band channel
US8833648B1 (en) Dynamic credit card security code via mobile device
CN105354693A (en) Logistics industry-oriented system and method for cascade protection of user privacy information
CN103401676B (en) Method based on the logistics personal information intimacy protection system of Quick Response Code
CN105966111A (en) Express waybill with privacy information protection function
CN105574692A (en) Anonymous express information security system based on two-dimension code
CN108090723A (en) The express delivery management method and system of a kind of anti-information leakage
CN105554032A (en) A real-name verification method and verification system based on express delivery
CN108664798B (en) Information encryption method and device
CN107180328B (en) A logistics method based on QR two-dimensional code
CN105321054A (en) Logistic receiving and dispatching method and system capable of protecting privacy
US8291239B2 (en) Method and system for authenticating senders and recipients in a carrier system and providing receipt of specified content by a recipient
CN108710931B (en) Mailing address information privacy protection method based on two-dimensional code
CN105787682A (en) Logistics business information processing method, related device, and related system
CN108763937B (en) A method and device for processing distribution document generation, distribution and promotion information
WO2014124351A1 (en) Method and system for postal services incorporating electronic mail options
CN106339925A (en) Public service platform of new media
US9177281B2 (en) Systems and methods for a secure shipping label
TW201342298A (en) Email delivery authentication method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant