A digital certificate remote injection system and method based on satellite-ground dual-path cooperative empty writing
By employing a dual-channel collaborative architecture of terrestrial network and satellite broadcasting, along with Earth cloning geographic grid technology, the security vulnerabilities and network outage issues of remote digital credential injection were resolved, enabling reliable credential injection and geographically distributed verification in complex environments.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Applications(China)
- Current Assignee / Owner
- GALAXY XIYUN TECHNOLOGY CO LTD
- Filing Date
- 2026-04-27
- Publication Date
- 2026-06-19
Smart Images

Figure CN122248413A_ABST
Abstract
Description
Technical Field
[0001] This invention belongs to the field of network security technology, and specifically relates to a digital identity authentication system and method. Background Technology
[0002] Remote digital credential injection technology, also known as null write technology, is a key technology for securely writing digital credentials such as digital certificates, electronic identities, and digital currency wallets into the security chip of terminal devices via wireless communication. With the rapid development of the digital economy, emerging applications such as digital currencies, electronic certificates, IoT devices, and embodied intelligent agents have created an urgent need for secure remote injection of digital credentials.
[0003] Currently, the mainstream write-free solutions are mainly based on the eSIM remote SIM provisioning (RSP) technology in GSM Association Official Document SGP.22 – RSP Technical Specification (GSMA SGP.22). This technology establishes a secure channel through the operator's terrestrial network and sends credentials from the configuration server to the terminal security chip.
[0004] However, this solution relies entirely on a single terrestrial network link. When users are in remote mountainous areas, underground spaces, or other signal dead zones, the write operation is prone to failure. When attacked by fake base stations, the terminal security chip cannot distinguish whether the received credentials come from a genuine and authoritative source, posing a security risk of having fake credentials written into the system. Furthermore, existing technologies lack the ability to perceive the geographical distribution of backup nodes. When users back up credentials to multiple cloud service providers, it is impossible to determine whether these service providers are located in the same physical data center, creating a "false dispersion" vulnerability. In extreme cases where disasters cause terrestrial network outages, new devices cannot obtain initial credentials, resulting in complete failure of the authentication service.
[0005] It should be noted that the above description of the technical background is only for the purpose of providing a clear and complete explanation of the technical solutions of the present invention and facilitating understanding by those skilled in the art. It should not be assumed that the above technical solutions are known to those skilled in the art simply because they have been described in the background section of this invention. Summary of the Invention
[0006] In view of the shortcomings of the prior art, the present invention aims to solve the following key technical problems:
[0007] First, how to overcome the security vulnerability caused by single-link dependence. In existing technical solutions, the terminal security chip can only passively receive data from the terrestrial network channel and lacks an independent cross-verification mechanism, making it easy for fake base stations to forge empty write requests. This invention constructs a dual-channel collaborative architecture of terrestrial network and satellite broadcast, sending the same credential to the terminal through two independent physical paths. The terminal security chip then performs cross-verification, requiring attackers to compromise both links simultaneously to successfully forge the credential.
[0008] Second, how to solve the "false dispersion" problem during user backups? When users back up their credentials to multiple cloud service providers, existing technologies cannot disclose the true physical distribution of these providers. This invention introduces Earth cloning geographic grid technology, which converts node locations into anonymous fingerprints and calculates similarity, automatically detecting the risk of geographical overlap.
[0009] Third, how to address the need for credential injection in network outage environments. In remote areas or disaster sites, terrestrial network interruptions prevent new devices from obtaining credentials. This invention pre-issues temporary credentials via satellite broadcast and designs an autonomous decision function to enable terminals to automatically activate temporary credentials when the network is down, ensuring basic authentication capabilities.
[0010] This invention does not rely on global consortium blockchains or complex coordination among multiple departments. It focuses on the domestic trust environment and has the characteristics of strong applicability and high security.
[0011] The purpose of this invention is to overcome the shortcomings of the prior art and provide a remote injection system and method for digital credentials with dual-path collaborative empty writing between satellite and ground.
[0012] This invention discloses a remote injection system for digital credentials via dual-path collaborative writing, comprising: a credential preparation module configured to generate digital credentials and assign a Universally Unique Identifier (UUID) and a Number-once (nonce); a dual-path distribution module configured to simultaneously send the same encrypted credential data packet through a terrestrial network channel and a satellite broadcast channel; and a terminal security chip configured to receive data packets from the terrestrial and satellite broadcast channels respectively, decrypt them within a preset time window, compare the credential content, UUID, and nonce of the two data packets, and only write the credential into the security domain and return confirmation if they are completely identical; otherwise, the writing is rejected and an anomaly is reported.
[0013] Furthermore, the aforementioned terminal security chip also includes a dual-path hash chain comparison module, which uses the following mathematical algorithm to perform cross-validation:
[0014] Define a hash function
[0015] H:{0,1}* →{0,1} 256 (Equation 1)
[0016] It employs a 256-bit Secure Hash Algorithm (SHA-256 for short).
[0017] Calculation of data packets received by the terrestrial network channel
[0018] (Equation 2)
[0019] Calculation of data packets received from the satellite broadcast channel
[0020] (Equation 3)
[0021] Read the root hash value hroot preset in the chip;
[0022] Execute the decision function
[0023] f(hg,hs,hroot)=1 (Equation 4)
[0024] Only when hg=hs=hroot,
[0025] Otherwise, f=0,
[0026] Write permission is triggered only when f=1; otherwise, the difference vector is recorded.
[0027] Δ=hg⊕hs (Equation 5)
[0028] For audit purposes.
[0029] Furthermore, the aforementioned digital credential remote injection system also includes a geographically distributed verification module, which embeds an Earth clone geographic grid generation algorithm and is configured as follows:
[0030] Define H3 geographic indexing function
[0031] H3:(lat,lng,r)→G (Equation 6)
[0032] In the formula, lat is latitude, lng is longitude, r is resolution level, and G is hexagonal grid encoding;
[0033] Generate anonymous geographic fingerprints for each service node
[0034] (Equation 7)
[0035] In the formula, s is the random salt value.
[0036] Define the similarity function between two fingerprints
[0037] (Equation 8)
[0038] In the formula, L=256 is the fingerprint bit length, and Hamming is the Hamming distance;
[0039] When a user backs up to N nodes, the similarity matrix is calculated.
[0040] Mij=Sim(Φi,Φj) (Equation 9)
[0041] If Mij > θ, it is determined to be the same geographical risk area, and a warning is issued.
[0042] Furthermore, the aforementioned digital credential remote injection system also includes a satellite broadcast timing state machine module. This module employs a Deterministic Finite Automaton (DFA) model to define a set of states.
[0043] Q = {q0, q1, q2, q3} (Equation 10)
[0044] In the formula: q0, awaiting broadcast; q1, broadcasting; q2, confirmed; q3, timeout retransmission;
[0045] State transition function
[0046] (Equation 11)
[0047] Input symbol set
[0048] Σ={start,ack,timeout,retransmit} (Equation 12)
[0049] The transfer rules are as follows:
[0050] δ(q0,start)=q1 (Equation 13)
[0051] δ(q1,ack)=q2 (Equation 14)
[0052] δ(q1,timeout)=q3 (Equation 15)
[0053] δ(q3,retransmit)=q1 (Equation 16)
[0054] Any transition not covered by the above rules points to the abnormal absorption state q_err;
[0055] After receiving the data packet, the aforementioned terminal security chip verifies the legality of the state transition. If an illegal transition is detected, it is determined to be a replay attack and the data packet is discarded.
[0056] Furthermore, the above-mentioned dual-path distribution module uses independent encrypted session keys. The key negotiation process is respectively based on the Elliptic Curve Diffie-Hellman key exchange protocol / algorithm (Diffie-Hellman Key Exchange / Agreement Algorithm) and the Pre Shared Key mechanism;
[0057] The ground network channel uses the Elliptic Curve Diffie-Hellman (ECDH) protocol
[0058] (Equation 17)
[0059] In the formula, dchip is the chip private key, and Qserver is the server public key;
[0060] The satellite broadcast channel uses a pre-shared key
[0061] (Equation 18)
[0062] In the formula, PSK is the pre-shared key (Preshared Key) preset at the factory, and the encryption functions of both channels are
[0063] C = AES-256-GCM(K,plaintext) (Equation 19)
[0064] But use different initialization vectors IV.
[0065] Furthermore, the above-mentioned terminal security chip further includes a network-disconnected temporary credential activation module. The above-mentioned network-disconnected temporary credential activation module runs a threshold-based decision function:
[0066] Define the terminal state vector
[0067] x=[x1,x2,x3,x4] (Equation 20)
[0068] In the formula, x1∈{0,1} is the availability of the ground network; x2∈R+ is the current timestamp; x3∈R+ is the expiration time of the formal credential; x4∈R+ is the expiration time of the temporary credential;
[0069] Activation decision function
[0070] A(x)=1[x1=0 ∧ x2>x3-τ ∧ x2<x4] (Equation 21)
[0071] In the formula, τ = 3600×24×3, is the indicator function;
[0072] When A(x)=1, the temporary certificate is automatically activated; otherwise, the current state is maintained.
[0073] Furthermore, the aforementioned terminal security chip embeds a Merkle tree verification engine, which employs the following mathematical structure:
[0074] Define the complete voucher dataset for this empty write operation.
[0075] D = {d1, d2, ..., dn} (Equation 22)
[0076] Construct a Merkle tree T, with leaf nodes as
[0077] hi = H(di) (Equation 23)
[0078] The root node is hroot;
[0079] The terrestrial network channel data packets carry (hg, πg), where πg is the Merkel proof path from hg to hroot; the satellite broadcast channel data packets carry (hs, πs), where πs is the Merkel proof path from hs to hroot.
[0080] Verification function
[0081] Verify(hroot,h,π)=true (Equation 24)
[0082] MerklePathCheck(hroot,h,π) is true only; otherwise, it is false.
[0083] The acceptance conditions are as follows:
[0084] Verify(hroot,hg,πg)=true (Equation 25)
[0085] and
[0086] Verify(hroot,hs,πs)=true (Equation 26)
[0087] and
[0088] hg=hs (Equation 27)
[0089] Furthermore, the aforementioned terminal security chip also includes a digital credential revocation verification module, which uses a Bloom filter to achieve efficient revocation status query.
[0090] Define the Bloom filter B as having a length of m=2. 25 The bit vector is used with k=3 independent hash functions {H1,H2,H3};
[0091] Certificate serial number of revocation certificate inserted into Bloom filter
[0092] B[Hi(serial)]=1, (Equation 28)
[0093] When the terminal security chip verifies the validity of the credentials, it calculates...
[0094] isRevoked(serial)=B[H1(serial)] ∧ B[H2(serial)] ∧ B[H3(serial)] (Equation 29)
[0095] If the result is true, it is determined that the license has been revoked;
[0096] Regularly broadcast Bloom filter snapshots; local updates to the endpoint security chip.
[0097] Furthermore, the aforementioned remote digital credential injection system also includes a lightweight DAG evidence storage module, which adopts the following data structure:
[0098] Define a Directed Acyclic Graph (DAG).
[0099] G=(V,E) (Equation 30)
[0100] In the formula, each vertex vi∈V represents a record of an empty write operation; each edge eij∈E indicates that record vi references record vj as a historical dependency;
[0101] The hash value of the new record vnew is calculated as follows:
[0102] (Equation 31)
[0103] The Practical Byzantine Fault Tolerance (PBFT) consensus algorithm is used to confirm hnew, and the confirmation condition is at least Each node signs;
[0104] The generated evidence certificate after confirmation is
[0105] Cert=(hnew,timestamp,signature_set) (Equation 32)
[0106] For post-audit purposes.
[0107] This invention also discloses a remote injection method for digital credentials using a dual-path satellite-to-ground collaborative empty write method, comprising the following steps:
[0108] S1. Generate a digital credential and assign a universally unique identifier and a one-time random number; S2. Encrypt the credential package and send it simultaneously through a terrestrial network channel and a satellite broadcast channel; S3. The aforementioned terminal security chip receives both data streams, starts a timer, and waits for the other data stream; S4. Execute a dual-hash chain verification algorithm within the time window; S5. If true, execute a geographic distributed verification algorithm to check if backup nodes are located in the same H3 grid coding area; S6. If geographic verification passes, write the credential into the security domain of the aforementioned terminal security chip and return signature confirmation information; S7. After receiving confirmation, store the operation record in a lightweight evidence ledger using a DAG data structure and complete the final confirmation using PBFT consensus; S8. If the terrestrial network is interrupted and the formal credential is about to expire, execute the network disconnection decision function to activate a temporary credential.
[0109] The core advantage of this invention lies in its construction of a dual-path collaborative architecture of terrestrial network channel and satellite broadcast channel, with the terminal security chip performing independent triple hash cross-comparison. This fundamentally solves the security vulnerability of single-link empty writes to fake base station attacks. Attackers must simultaneously compromise two physically independent, key-isolated communication links and construct forged data with hash collisions to successfully deceive, greatly improving the security of remote injection of digital credentials.
[0110] The beneficial effects of this invention are as follows:
[0111] First, in terms of security, this invention constructs a dual-path collaborative architecture of terrestrial network channel and satellite broadcast channel. The terminal security chip cross-compares the data from the two paths. Attackers must simultaneously compromise two independent links and construct forged data with hash collisions in order to successfully deceive, which greatly enhances the ability to resist fake base station attacks.
[0112] Secondly, in terms of reliability, the dual channels serve as backups for each other, so if one channel fails, the other channel can still complete the injection. Furthermore, the timer mechanism supports differentiated strategies for single-channel timeout scenarios, effectively solving the problem of empty write failures caused by network interruptions in remote areas with signal blind spots or disaster sites.
[0113] Third, regarding geographical dispersion, this invention introduces Earth cloning geographic grid technology to generate anonymous geographic fingerprints and calculate similarity, enabling users to intuitively determine whether there is a risk of geographical overlap between nodes when backing up credentials, thus avoiding the risk of data loss caused by "false dispersion".
[0114] Fourth, in terms of emergency network outage response, this invention pre-issues temporary credentials via satellite broadcast. The terminal security chip runs an autonomous decision function to automatically activate the temporary credentials in the absence of network, enabling the device to maintain basic authentication capabilities even when the network is completely disconnected.
[0115] Fifth, in terms of evidence storage and auditing, this invention adopts a directed acyclic graph structure and a practical Byzantine fault-tolerant consensus mechanism, achieving immutable evidence storage with second-level confirmation without relying on a global consortium blockchain, thus meeting the compliance auditing requirements of scenarios such as finance and government affairs.
[0116] Sixth, in terms of compatibility, the terrestrial network channel of this invention is compatible with the GSMA SGP.22 standard, requiring no modification to the operator's existing infrastructure. The satellite broadcast channel, as an enhancement module, can be deployed independently. The overall solution is easy to implement and has controllable promotion costs.
[0117] In summary, the present invention is significantly superior to the prior art in terms of security, reliability, usability, and compliance. Attached Figure Description
[0118] Figure 1 This is a schematic diagram of a remote injection system for digital credentials with dual-path collaborative empty writing in one embodiment of the present invention.
[0119] Figure 2 This is a flowchart of a remote injection method for digital credentials using a dual-path collaborative empty writing system based on a satellite-to-ground system, according to an embodiment of the present invention.
[0120] The reference numerals in the above figures are as follows:
[0121] 10. Digital Credential Remote Injection System; 20. Root Trust Server; 100. Credential Preparation Module; 101. UUID Generator; 102. Random Number Generator; 200. Dual-Path Distribution Module; 210. Terrestrial Network Channel; 220. Satellite Broadcast Channel; 300. Terminal Security Chip; 310. Ground Receiving Unit; 320. Satellite Receiving Unit; 330. Temporary Buffer; 340. Timer; 350. Decryption Unit; 351. Ground Decryption Channel; 352. Satellite Decryption Channel; 360. Comparison Unit; 370. Writing Unit; 380. Security Domain; 381. Temporary Credential Storage Area; 382. Evidence Storage Area; 384. Credential Storage Area; 390. Anomaly Reporting Unit; 391. Private Key Signature Named Unit; 400, Dual-path Hash Chain Comparison Module; 410, Read-Only Memory; 420, First Hash Calculation Unit; 430, Second Hash Calculation Unit; 440, Comparator; 450, Difference Calculation Unit; 500, Geographically Distributed Verification Module; 600, Satellite Broadcast Sequential State Machine Module; 700, Merkle Tree Verification Engine; 800, Temporary Offline Certificate Activation Module; 900, Lightweight DAG Evidence Storage Module; 910, DAG Data Structure; 920, New Block Construction Unit; 940, PBFT Consensus Module; 950, Audit Interface; 1100, Digital Certificate Revocation Verification Module; 1110, Bloom Filter Memory; 1140, Verification Unit; 1141, AND Gate Array; S1 to S8 are steps. Detailed Implementation
[0122] To better understand this invention, the following embodiments are provided in conjunction with the accompanying drawings. It should be understood that the embodiments of this invention are for illustrative purposes only and not for limiting the invention; the scope of protection of this invention is defined solely by the claims. The embodiments provided are merely preferred embodiments and are not intended to limit the invention in any way. Those skilled in the art can make changes, equivalent substitutions, or modifications based on the content of this invention, resulting in different implementation methods. However, any changes and modifications, or equivalent substitutions, made to the method of this invention without departing from the inventive concept are within the scope of protection of this invention.
[0123] It should be noted that the following detailed descriptions are exemplary and intended to provide further illustration of the invention. Unless otherwise specified, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention pertains.
[0124] It should be noted that the terminology used herein is for the purpose of describing particular embodiments only and is not intended to limit the scope of exemplary embodiments according to the invention. As used herein, the singular form is intended to include the plural form as well, unless the context clearly indicates otherwise. Furthermore, it should be understood that when the terms “comprising” and / or “including” are used in this specification, they indicate the presence of features, steps, operations, and / or combinations thereof.
[0125] First, please refer to Figure 1 . Figure 1 This is a schematic diagram of a remote injection system 10 for digital credentials with dual-path collaborative empty writing, implemented using a satellite-ground dual-path system, according to an embodiment of the present invention. Figure 1 As shown, the remote injection system 10 for digital credentials with dual-path collaborative empty writing according to the present invention includes a credential preparation module 100, a dual-path distribution module 200, and a terminal security chip 300.
[0126] The aforementioned credential preparation module 100 generates digital credentials to be injected based on external business requests such as digital wallet opening or robot identity registration. Subsequently, it assigns a universally unique identifier (UUID) and a one-time random number (nonce) to this empty write operation. These two additional data are used for subsequent anti-replay attack and operation tracking.
[0127] The dual-path distribution module 200 is communicatively connected to the credential preparation module 100. After receiving the credential, UUID, and nonce, it encrypts them using the preset public key of the target terminal's security chip to form a ciphertext packet. This same ciphertext packet is then simultaneously transmitted to the target terminal via both the SM-DP+ interface of the terrestrial network channel 210 (e.g., the GSMA SGP.22 standard of an operator) and the forward link of the satellite broadcast channel 220 (e.g., broadcast from a low-Earth orbit satellite constellation). The data packets transmitted via the satellite broadcast channel 220 additionally encapsulate the unique identifier of the target terminal's security chip to allow non-target nodes to discard them.
[0128] The aforementioned terminal security chip 300 is embedded in the user terminal device and establishes a wireless communication connection with the aforementioned dual-path distribution module 200 through the aforementioned terrestrial network channel 210 and the aforementioned satellite broadcast channel 220. The terminal security chip 300 integrates a ground receiving unit 310 that continuously monitors the terrestrial network and a satellite receiving unit 320 that continuously monitors satellite broadcasts. When a data packet from either channel arrives first, it is stored in a temporary buffer 330, and a timer 340 is started to wait for another data packet within a preset time window (e.g., 30 seconds). If both data packets arrive within the window period, the decryption unit 350 is invoked to decrypt the data using the independent key for the corresponding channel. Then, the comparison unit 360 performs a triple comparison: comparing whether the content of the credential to be injected is the same, whether the UUID is the same, and whether the nonce is the same. Only when all comparison items are completely identical is the writing unit 370 writing the digital credential into the chip's secure domain 380 for persistent storage and returning a private key signature confirmation message to the dual-path distribution module 200. If any comparison item does not match or one of the paths fails to arrive within the window period, the write operation is rejected, and the hash difference between the two paths is recorded by the exception reporting unit 390 and reported to the dual-path distribution module 200 for security auditing.
[0129] The aforementioned terminal security chip 300 further includes a dual-path hash chain comparison module 400. This dual-path hash chain comparison module is data-connected to the comparison unit 360 and the writing unit 370 and performs cross-validation using the following mathematical algorithm:
[0130] Define a hash function
[0131] H:{0,1} * →{0,1} 256 (Equation 1)
[0132] Specifically, the SHA-256 algorithm is used;
[0133] Module 400 has a pre-installed read-only memory 410 for storing the root hash value hroot written by the root trust server when the chip is manufactured or first activated.
[0134] When the ground receiving unit 310 and satellite receiving unit 320 of the terminal security chip 300 receive the two data packets respectively, the dual-path hash chain comparison module 400 first calls the first hash calculation unit 420 to calculate the concatenation result of the ground network channel data packet data_ground and the one-time random number nonce.
[0135] (Equation 2)
[0136] Simultaneously, the second hash calculation unit 430 is invoked to calculate the concatenation result of the satellite broadcast channel data packet data_sat and the same nonce.
[0137] (Equation 3)
[0138] Then, comparator 440 executes the decision function f(hg, hs, hroot), which is defined as outputting a logic value of 1 if and only if hg equals hs and hs equals hroot, otherwise outputting 0;
[0139] When comparator 440 outputs 1, a trigger signal is sent to the write unit 370, allowing the credential to be written to the security field 380; when comparator 440 outputs 0, the write is rejected and the difference calculation unit 450 is triggered to calculate the difference vector.
[0140] Δ=hg⊕hs (Equation 5)
[0141] The result of the bitwise XOR operation of the two hash values is used to transmit the difference vector, along with the timestamp, back to the dual-path distribution module 200 via the anomaly reporting unit 390. This allows security analysts to determine whether a single-path data has been tampered with or both paths have been tampered with. If hg is equal to hroot but hs is different, it can be determined that the satellite broadcast channel has been attacked; otherwise, it can be determined that the terrestrial network channel has been attacked.
[0142] It is worth noting that the above-mentioned hroot is the hash value of the credential for this operation. It is pre-installed in the read-only memory 410 by the root trust server 20 through an offline security channel when the chip is manufactured or activated for the first time, and is used to perform a three-value comparison with the dual-path hash value.
[0143] In one embodiment of the present invention, when the ground network is completely unavailable but the satellite broadcast path still exists, the system can enter a "single-path emergency mode". This mode does not rely on a ground-based secondary challenge-response, but instead uses the factory-preset terminal-satellite shared root key K_root to perform security injection.
[0144] The server generates a one-time emergency session key.
[0145] (Equation 33)
[0146] In the formula, nonce_emerg is a random number generated by the server and broadcast via satellite.
[0147] The data to be written to the voucher (Data) is encrypted using K_emerg, with an added MAC anti-tampering layer, and then broadcast via satellite. Upon receiving the data, the terminal decrypts it using the locally calculated K_emerg and verifies the MAC. If verification is successful, the data is directly written to the voucher storage area. This mode only allows the writing of short-term temporary vouchers (e.g., no more than 7 days), and each terminal can trigger this mode a maximum of 3 times per 24 hours to reduce the risk of key abuse. Once the terrestrial network is restored, the terminal should proactively synchronize the single-channel emergency record within this window to the server for reconciliation and auditing.
[0148] The aforementioned digital credential remote injection system 10 also includes a geographic distributed verification module 500. This geographic distributed verification module 500 is deployed on the root trust server side and is data-connected to the credential preparation module 100 and the dual-path distribution module 200. The geographic distributed verification module 500 embeds an earth clone geographic grid generation unit, which calls the H3 geographic indexing function H3:(lat,lng,r) to convert the latitude and longitude coordinates of each cloud service node into a hexagonal grid code G, where the resolution level r is 9, corresponding to an average side length of approximately 0.6 kilometers.
[0149] Subsequently, the fingerprint calculation unit generates anonymous geographic fingerprints for each node.
[0150] (Equation 7)
[0151] In the formula, s is a random salt value, which is dynamically generated by the salt value generator during each backup operation.
[0152] When a user initiates a request through the terminal security chip 300 to back up the same digital credential to N different cloud service nodes, the similarity calculation unit of the geographically distributed verification module 500 receives the fingerprints Φ1, Φ2, …, ΦN of each node and runs the similarity function.
[0153] (Equation 8)
[0154] Calculate the pairwise similarity between all fingerprints, where L=256 is the fingerprint bit length, and Hamming is the Hamming distance calculation, which is performed by the Hamming distance circuit.
[0155] The obtained similarity results are input into the judgment unit to form Similarity matrix
[0156] Mij=Sim(Φi,Φj) (Equation 9)
[0157] The decision unit traverses the matrix.
[0158] If any fingerprint pair is found to satisfy Mij > θ, where θ is a preset threshold of 0.75, then the nodes are determined to be located in the same geographical risk area. The alarm output unit then sends a geographical risk warning message and a list of specific risk nodes to the terminal security chip 300 via the dual-path distribution module 200. Simultaneously, the backup operation is blocked, requiring the user to reselect at least one node located in a different H3 grid. Only when the Mij values of all fingerprint pairs are less than or equal to 0.75 does the determination unit output a pass signal, and the aforementioned geographically distributed verification module 500 allows the backup operation to continue. The anonymous geographical fingerprints, user confirmation identifiers, and timestamps of all nodes involved in this backup are packaged and sent to the lightweight DAG evidence storage module 900 for storage, in preparation for subsequent compliance audits.
[0159] The aforementioned digital credential remote injection system 10 also includes a satellite broadcast timing state machine module 600, which is deployed on the root trust server side and data connected to the satellite broadcast channel 220 of the dual-path distribution module 200.
[0160] The satellite broadcast timing state machine module 600 internally maintains a state register 610 to store the current state q corresponding to each terminal security chip 300. The state set Q is defined as {q0 waiting to broadcast, q1 broadcasting, q2 acknowledged, q3 timeout retransmission}, consisting of four deterministic states. Simultaneously, a state transition table 620 is stored, defining the input symbol set.
[0161] Σ={start,ack,timeout,retransmit} (Equation 12)
[0162] to state transition function
[0163] (Equation 11)
[0164] The mapping relationship;
[0165] The specific transfer rules are as follows:
[0166] δ(q0,start)=q1 (Equation 13)
[0167] δ(q1,ack)=q2 (Equation 14)
[0168] δ(q1,timeout)=q3 (Equation 15)
[0169] δ(q3,retransmit)=q1 (Equation 16)
[0170] Any transition not covered by the above rules points to the abnormal absorption state q_err;
[0171] When the root trust server initiates a new no-write operation, the state machine controller first sets the current state q of the corresponding terminal to q0 and records it in the state register 610. Then, it sends a start command to the satellite broadcast channel 220 to trigger the broadcast transmission and updates the state to q1. The satellite broadcast channel 220 broadcasts the encrypted credential packet along with the current state code q1 to the target terminal security chip 300. After receiving the data packet, the satellite receiving unit 320 of the terminal security chip 300 parses the state code in it. The terminal-side state verifier compares the locally maintained state copy with the received state code to see if it meets the requirements of a legitimate transfer path.
[0172] If the terminal's local state is q0 and it receives q1, the verification passes and the local state is updated to q1. If the root trust server's state machine controller receives a confirmation message (ack) from the terminal security chip 300, it transitions the state from q1 to q2 to complete the broadcast. If the timer 340 does not receive a confirmation within the preset window, it reports a timeout signal to the state machine controller, the state transitions from q1 to q3, and then the retransmission scheduler 640 sends a retransmit command to the satellite broadcast channel 220 according to the exponential backoff algorithm, and the state re-enters q1 for retransmission. If the terminal security chip 300 receives a state code indicating an illegal transition (e.g., the current terminal local state is q0 but the received state code is q2), the terminal-side state verifier determines it to be a replay attack or packet forgery, immediately discards the packet, and alerts the root trust server through the anomaly reporting unit 390.
[0173] The aforementioned dual-path distribution module 200 employs independent encrypted session keys to protect the terrestrial network channel 210 and the satellite broadcast channel 220 respectively. Specifically, it includes a terrestrial network channel key negotiation unit and a satellite broadcast channel key derivation unit. The terrestrial network channel key negotiation unit is built into the dual-path distribution module 200 and follows the elliptic curve Diffie-Hellman key exchange protocol / algorithm. Internally, it stores the public key Qserver corresponding to the root trust server's private key dserver.
[0174] When the terminal security chip 300 establishes a connection with the digital credential remote injection system 10 for the first time, the ground communication interface of the terminal security chip 300 sends its chip public key Qchip to the ground network channel key negotiation unit through the ground network channel 210. The ground network channel key negotiation unit then calls an elliptic curve multiplier to calculate the shared secret.
[0175] (Equation 34)
[0176] Meanwhile, the ground key calculator inside the terminal security chip 300 calculates...
[0177] (Equation 35)
[0178] Since the commutative law of elliptic curve scalar multiplication, Sground = Sground', holds, both parties subsequently call the Key Derivation Function (KDF) unit respectively, using...
[0179] KDF(Sground,nonceground)→Kground (Equation 36)
[0180] A 256-bit ground session key is obtained, where nonceground is a random number exchanged between the two parties. During encryption, the AES-256-GCM encryption engine uses Kground to encrypt the credential data packet to obtain the ciphertext Cground. Different data packets use different initialization vectors IVground, which are generated by the IV generator based on the counter pattern.
[0181] The satellite broadcast channel key derivation unit employs a pre-shared key mechanism. Internally, it stores a factory-preset 256-bit static pre-shared key (PSK) in a tamper-proof read-only memory. When satellite broadcasting is required, the satellite broadcast channel key derivation unit calls the HMAC-based Extract-and-Expand Key Derivation Function (HKDF), using the concatenated PSK, nonce from the current write operation, and UUID as input. It then executes the HKDF two-stage extraction-expanding process.
[0182] Phase 1
[0183] HKDF-Extract(PSK, salt)→PRK (Equation 37)
[0184] Use nonce as salt to generate a pseudo-random key PRK;
[0185] The second phase,
[0186] HKDF-Expand(PRK, info, L)→Ksat (Equation 38)
[0187] Output the 256-bit satellite session key Ksat with the UUID as the info information. When encrypting, another independent AES - 256 - GCM encryption engine uses Ksat to encrypt the same credential data packet to obtain the ciphertext Csat. Its initialization vector IVsat is generated by an independent IV generator based on the satellite broadcast frame counter.
[0188] Thus, the terrestrial network channel 210 and the satellite broadcast channel 220 use completely completely completely different Kground and Ksat, as well as independent IV spaces. Even if an attacker breaks one of the channels, they cannot decrypt the data of the other channel. The terminal security chip 300 is also internally configured with corresponding terrestrial key calculators and satellite key calculators, which independently calculate Kground and Ksat respectively, and call the terrestrial decryption channel 351 and the satellite decryption channel 352 in the decryption unit 350 to decrypt the ciphertexts Cground and Csat respectively.
[0189] The above digital credential remote injection system 10 further includes a disconnected network temporary credential activation module 800. The disconnected network temporary credential activation module 800 is deployed inside the terminal security chip 300 and is data - connected to the terrestrial receiving unit 310, the temporary cache 330, the writing unit 370, and the security domain 380.
[0190] The disconnected network temporary credential activation module 800 embeds a status vector register for storing the current decision - state vector of the terminal
[0191] x = [x1, x2, x3, x4] (Equation 20)
[0192] In the formula, x1 is collected in real - time by the network detection unit and is assigned 0 or 1, representing that the terrestrial network is unavailable or available respectively; x2 is the current Unix timestamp output by the real - time clock (Unix timestamp); x3 is the expiration timestamp of the formal credential read from the security domain 380; x4 is the expiration timestamp of the temporary credential read from the temporary cache 330.
[0193] The core of the disconnected network temporary credential activation module is a decision logic unit, which internally solidifies an activation decision function
[0194] A(x)=1[x1 = 0 ∧ x2>x3 - τ ∧ x2<x4] (Equation 21)
[0195] In the formula, τ is the value stored in the preset threshold register, taking 3600×24×3, that is, 259200 seconds, corresponding to three days; is an indicator function, which outputs 1 when all conditions in the brackets are simultaneously satisfied, otherwise outputs 0.
[0196] When the dual-path distribution module 200 sends a temporary credential packet to the terminal security chip 300 in advance via the satellite broadcast channel 220, the satellite receiving unit 320 receives it, the decryption unit 350 decrypts it, and stores the temporary credential in the temporary buffer 330. Simultaneously, the x4 (valid timestamp) included in the temporary credential is written into the corresponding field of the state vector register. At this time, the decision logic unit continuously executes the activation decision function in a polling cycle of T=60 seconds. When the terrestrial network in the area where the terminal is located is interrupted due to natural disasters or human error, the network detection unit detects a heartbeat packet. After the Packet times out, x1 is set from 1 to 0; the decision logic unit detects x1=0 in the next poll, and the current time x2 has entered the three-day time window before the expiration of the formal voucher, i.e., x2>x3-259200, and x2 has not exceeded the expiration time x4 of the temporary voucher. At this time, the indicator function outputs 1, the decision logic unit sends an activation signal to the writing unit 370, and the writing unit 370 then reads the temporary voucher from the temporary cache 330 and writes it into the temporary voucher storage area 381 in the security domain 380, while marking the current activation status as 1; the terminal security chip 3 00 Afterwards, the temporary credential is used for authentication until the ground network is restored. After the network detection unit detects that the network has been restored, it automatically sends a switching signal to the writing unit 370. The writing unit 370 reactivates the original formal credential and marks the temporary credential storage area 381 as pending cleanup. At the same time, it uploads the temporary credential usage log to the root trust server 10 through the restored ground network channel 210 for subsequent reissue of formal credential. If the network is restored before activation, x1 becomes 1 again, the decision logic unit automatically suppresses the activation signal output, and the temporary credential remains inactive until it expires or is explicitly cleaned up.
[0197] It is worth noting that, in a preferred embodiment, the activation time window τ of the temporary offline certificate is not fixed at 3 days, but is dynamically calculated by the terminal based on the current context. The terminal periodically collects the following parameters: terminal type identifier (type), such as mobile phone, vehicle unit, IoT sensor, shipborne terminal, etc.; geographic location (loc), such as obtained through Global Positioning System (GPS) / China's BeiDou Navigation Satellite System (BDS), which can infer whether it is in the ocean, mountains, urban areas, etc.; moving speed (v), obtained through GPS Doppler or accelerometer; and user configuration (user_pref), which the user can actively request to extend or shorten the window through the security interface.
[0198] For example, the decision rules are as follows: if loc determines the location to be in the open ocean (more than 50km from land) and type is a shipborne terminal, then τ = 30 days; if loc determines the location to be in a remote mountainous area and the base station signal strength is continuously 0 for more than 6 hours, then τ = 7 days; if v > 20km / h and the location is continuously within an urban area, then τ = 1 hour; in other scenarios, τ = 72 hours by default. In this way, users can actively extend τ to the maximum of 30 days or shorten it to the minimum of 1 hour through a security interface (such as entering a PIN code or biometric identification). All τ change records are retained in the terminal's local security log for future post-event auditing.
[0199] In one embodiment of the present invention, the terminal security chip 300 may embed a Merkle tree verification engine 700. This Merkle tree verification engine is connected in parallel with the dual-path hash chain comparison module 400 and serves as its alternative or supplementary verification path. The Merkle tree verification engine 700 internally includes a Merkle tree root register, a ground path verification unit, a satellite path verification unit, and a dual-path consistency comparator. The Merkle tree root register is pre-written by the root trust server 10 through an offline security channel during chip manufacturing or initial activation. The stored value, hroot, represents the complete credential dataset to be injected by the root trust server.
[0200] D = {d1, d2, ..., dn} (Equation 22)
[0201] The hash value of the root node calculated after constructing the Merkle tree T;
[0202] The construction process is as follows:
[0203] First, the leaf hash of each data block is calculated by the leaf node generator.
[0204] hi = H(di) (Equation 23)
[0205] In the formula, H is the SHA-256 hash function;
[0206] Then, the binary tree generator concatenates the hash values pairwise layer by layer and hashes them again until a single root hash hroot is obtained. When the ground receiving unit 310 of the terminal security chip 300 receives the ground network channel data packet, the data packet includes not only the encrypted credential data subset dg, but also a ground Merkel proof path πg. The ground path verification unit first uses the ground decryption channel 351 to decrypt and obtain the plaintext data block dg and its index position i in the complete dataset, and then calls the proof verifier to execute the verification function Verify(hroot, hg, πg). The specific algorithm is as follows:
[0207] Starting from the leaf node hg=H(dg), the hash of the parent node is calculated level by level upwards based on the hash value of each sibling node provided in πg, finally obtaining the computation root hcalc. If hcalc is equal to the value stored in the hroot register, the verification passes and outputs logic 1; otherwise, it outputs 0. At the same time, the satellite path verification unit processes the satellite broadcast channel data packets in the same way. This data packet carries the data subset ds and its Merkel proof path πs. After being decrypted by the satellite decryption channel 352, it is verified by the proof verifier to obtain the verification result. The dual-channel consistency comparator 740 receives two decrypted data blocks dg and ds and two verification results vg and vs. its internal consistency judgment logic is: if and only if vg=1 When vs=1 and the hash values of dg and ds are equal (i.e., H(dg)=H(ds)), the comparator outputs a write-allow signal to the write unit 370. If both verification results are true but the hash values of the two data blocks are different, it indicates that the two paths carry different subsets of data, but both are valid Merkle tree members. At this time, the comparator triggers the difference merging unit. The difference merging unit merges the two data blocks according to their index positions to restore a more complete credential dataset and then resubmits it for verification. If either verification result is false, the comparator immediately refuses to write and reports the path identifier of the verification failure and the location of the first mismatched node in πg or πs to the root trust server through the exception reporting unit 390, so as to locate whether the data packet is corrupted or maliciously tampered with.
[0208] It is worth noting that in Merkle tree mode, the aforementioned hroot must be pre-written into the terminal register via factory defaults or offline secure channels (such as dedicated lines or trusted media delivery), and must not be written online via terrestrial networks or satellite broadcasts, for the purpose of verifying fragmented credentials. This hroot remains unchanged throughout the entire lifecycle of the terminal and can serve scenarios involving the fragmentation and transmission of large amounts of credentials during multiple no-write operations.
[0209] The aforementioned remote digital credential injection system 10 also includes a digital credential revocation verification module 1100. This module 1100 is deployed within the terminal security chip 300 and is data-connected to the security domain 380, the ground receiving unit 310, and the writing unit 370. The digital credential revocation verification module 1100 embeds a Bloom filter memory 1110 for storing the latest revocation list Bloom filter snapshots periodically distributed by the root trust server via satellite broadcast channel 220.
[0210] The bit vector length of the Bloom filter memory 1110 is m=2. 25 That is, 33,554,432 bits, using k=3 independent hash functions {H1, H2, H3} provided by a hash function library. The three hash functions are derived from SHA-256 with different initial values, specifically as follows: The lower 20 bits The lower 20 bits The lower 20 bits.
[0211] A Bloom filter building block on the root trust server side periodically scans the set of certificate serial numbers for all revoked credentials.
[0212] R={serial1,serial2,…,serialm} (Equation 39)
[0213] For each serial number ∈ R, the insertion unit calculates three hash values sequentially.
[0214] pos_i=Hi(serial) mod m (Formula 40)
[0215] Then set the corresponding bit position of the Bloom filter to 1, and after all insertions are completed, Bloom filter B is formed.
[0216] The snapshot of Bloom filter B is broadcast to all online terminals via satellite broadcast channel 220 through dual-path distribution module 200. After being received by satellite receiving unit 320 of terminal security chip 300, it is written into Bloom filter memory 1110 by Bloom filter update unit. When terminal security chip 300 needs to verify whether a digital credential has been revoked, for example before writing unit 370 prepares to write a new credential into security domain 380 or before ground communication interface prepares to use existing credential for authentication, it calls verification unit 1140 to perform revocation check. Verification unit 1140 receives the certificate serial number serial_target of the credential to be verified and calculates three hash values in sequence.
[0217] pos_i'=Hi(serial_target) mod m (Equation 41)
[0218] Then, it checks whether the values at all three locations in the Bloom filter memory 1110 are all 1, that is, it executes the decision function.
[0219] isRevoked(serial)=B[H1(serial)] ∧ B[H2(serial)] ∧ B[H3(serial)] (Equation 29)
[0220] The logical AND operation is executed in parallel by the AND gate array 1141. If the result is true, the credential is determined to be revoked. The verification unit 1140 outputs a blocking signal to the writing unit 370 or the ground communication interface and triggers the exception reporting unit 390 to report the event of attempting to use a revoked credential to the root trust server 20. If at least one 0 exists in the three positions, it is determined to be unrevoked, and the operation is allowed to continue.
[0221] The false positive rate of this Bloom filter configuration
[0222] (Equation 42)
[0223] When m=2 25 k=3, expected number of entries n=10 5 When the false positive rate ε < 10 -6 With a false positive probability of one in a million, the terminal security chip may, in very rare cases, misjudge an unrevoked certificate as revoked, but will not misjudge a revoked certificate as unrevoked.
[0224] The root trust server 20 sends a full snapshot of the Bloom filter every 24 hours via satellite broadcast channel 220. At the same time, between two full snapshots, it sends an incremental update packet via the incremental update channel of satellite broadcast channel 220 to update the bits corresponding to the newly added revocation entries.
[0225] It is worth noting that, in one embodiment of the present invention, when the Bloom filter determines that a certain credential ID is in a revoked state, in order to ensure that legitimate credentials are not mistakenly rejected, the terminal executes the following two-level confirmation process:
[0226] Online backup query (highest priority): If any available network (terrestrial cellular, Wi-Fi, or satellite backhaul link) exists, immediately initiate an exact query to the designated Open Common Server Platform (OCSP) server to obtain the certified revocation status result. If confirmed as a false positive, add the credential ID to the locally maintained "false positive whitelist." Whitelist entries include the credential ID and server timestamp, and are signed by the server, valid for 24 hours.
[0227] Neighbor node broadcast query (no network): If there is no uplink communication capability at all, a query request is broadcast to nearby trusted terminals via short-range communication (Bluetooth, Wi-Fi Direct, Long Range radio (LoRa), etc.). If a nearby terminal holds the accurate status of the credential, it returns a signed response. If ≥2 independent responses are received and the results are consistent, the result is accepted.
[0228] Degradation mode: If the terminal continuously detects a false positive rate exceeding the threshold of 10⁻ 4If more than one false positive occurs out of every 10,000 queries (e.g., if more than one false positive occurs), the current Bloom filter version will be automatically paused, and the system will switch to an incremental update mode using a locally cached Certificate Revocation List (CRL) until a new generation Bloom filter is received. The Bloom filter generator (server) should include an expected upper bound (PFP) for false positives with each update, which the endpoint uses for monitoring and degradation decisions.
[0229] The aforementioned digital credential remote injection system 10 also includes a lightweight DAG evidence storage module 900. This module 900 is deployed on the root trust server and is data-connected to the credential preparation module 100, the dual-path distribution module 200, and the geographically distributed verification module 500. Internally, the lightweight DAG evidence storage module 900 maintains a directed acyclic graph (DAG) data structure 910, stored in persistent storage. Each vertex vi in the vertex set V of the DAG data structure 910 represents a record of an empty write operation. Each vertex vi includes a summary data field for this operation, including the operation timestamp, the unique identifier of the terminal security chip, the hash value of the injected digital credential, the UUID, the dual-path reception status, and the geographically distributed verification result. Each directed edge eij in the edge set E represents a vertex vi referencing vertex vj as its historical dependency.
[0230] After a null write operation is completed and confirmed by the terminal security chip 300, the new block construction unit 920 first obtains the complete operation log of this operation from the credential preparation module 100 and calculates the hash value.
[0231] (Equation 43)
[0232] In the formula, H adopts the SHA-256 algorithm, datanew is the content of the summary data field, hparent1, hparent2, etc. are the hash values of the latest set of leaf vertices or dependent vertices in the current DAG data structure 910, and the reference selector selects 2 to 4 parent vertices from the DAG data structure 910 according to the round-robin or maximum weight strategy to ensure the connectivity and redundancy of the graph structure.
[0233] The new block construction unit 920 packages the calculated hnew along with datanew and the parent vertex reference list to form a new vertex vnew, which is temporarily stored in the candidate pool. Subsequently, the PBFT consensus module 940 initiates the consensus process. The aforementioned PBFT consensus module includes a consensus network consisting of n=7 domestic trusted nodes. Each node runs the PBFT protocol stack. The master node selector uses a round-robin mechanism to select the master node of the current view from the 7 nodes. The master node encapsulates the new vertex vnew in the candidate pool into a pre-prepared message and broadcasts it to all other consensus nodes. Each consensus node executes a verification unit to check whether the parent vertex reference of vnew exists in the DAG data structure 910, whether hnew is calculated correctly, and whether the signature in datanew is valid.
[0234] When at least Once all nodes reach a consensus, the committing unit will formally write vnew into the DAG data structure 910 and generate a certificate of authenticity for this operation.
[0235] Cert=(hnew,timestamp,signature_set) (Equation 32)
[0236] In the formula, signature_set is the set of signatures that at least 5 consensus nodes use their respective private keys to sign hnew.
[0237] The evidence certificate Cert is returned to the terminal security chip 300 via the terrestrial network channel 210 through the dual-path distribution module 200 and stored in the evidence storage area 382 in the security domain 380. Simultaneously, the hash value of Cert is broadcast to all terminals across the network via the satellite broadcast channel 220 for subsequent audit verification. When a post-operation audit of a null write operation is required, the audit interface 950 receives the externally input hnew or the Cert reported by the terminal security chip 300, traverses the DAG data structure 910 from the vertex along the parent reference to trace the entire historical operation sequence, and uses the public key in the signature set to verify the validity of the signatures of each consensus node, thereby confirming that the operation has been legitimately agreed upon and cannot be tampered with. The aforementioned lightweight DAG evidence storage module 900 does not rely on a global consortium blockchain or Proof of Work (PoW) consensus; it relies solely on trusted domestic nodes using the PBFT algorithm to complete the final confirmation within seconds, meeting the domestic industry regulatory requirements for auditable and low-latency evidence storage.
[0238] It is worth noting that, in one embodiment of the present invention, the root trust server 20, as the core server entity of the system of the present invention, internally integrates and deploys a credential preparation module 100, a dual-path distribution module 200, a geographically distributed verification module 500, a satellite broadcast time-series state machine module 600, and a lightweight DAG evidence storage module 900. Specifically, the credential preparation module 100 is responsible for generating digital credentials and allocating UUIDs and nonces; the dual-path distribution module 200 is responsible for sending encrypted credential packets through the terrestrial network channel 210 and the satellite broadcast channel 220; the geographically distributed verification module 500 is responsible for detecting the geographical overlap risk of backup nodes; the satellite broadcast time-series state machine module 600 is responsible for preventing replay attacks during satellite broadcast state transitions; and the lightweight DAG evidence storage module 900 is responsible for storing operation records in a DAG data structure and confirming them through PBFT consensus.
[0239] It is worth noting that although the core innovation of this patent lies in its dual-path comparison and self-verification mechanism that does not rely on traditional Certificate Authorities (CAs), in order to be compatible with existing PKI infrastructure and meet the compliance requirements of finance, government affairs, and other sectors, the digital credential remote injection system of this invention also supports dual-mode operation:
[0240] Mode A employs pre-built hroot or dual-path hash chain self-verification without relying on any external CA. Mode B maintains two sets of trust anchors: a built-in self-verification anchor for the dual-path comparison process; and a CA root certificate store storing industry-standard root CA certificates (such as ISO 21188 "Public key infrastructure implementation and policy framework for financial services", GlobalSign, etc.).
[0241] In this mode, the credential data issued by the server may optionally include a chain of CA-signed certificates. The terminal's decision logic is as follows: if the dual-path comparison is successful (hash matching), the result is trusted first; if only one path is available due to network reasons, the comparison falls back to traditional CA verification to check whether the certificate chain carried by the data can be verified by the local CA root certificate store and whether it has expired or been revoked.
[0242] In this way, administrators can configure policies to choose to use Mode A, Mode B, or Mode B only as a fallback verification method when Mode A fails. This design ensures that the system can transition smoothly without abandoning existing PKI investments.
[0243] Please refer to Figure 2 . Figure 2 This is a flowchart of a remote injection method for digital credentials using a dual-path collaborative empty write mechanism according to an embodiment of the present invention. Figure 2As shown, the above-mentioned remote injection method for digital credentials includes the following steps: S1, the root trust server 20 generates a digital credential and assigns a universally unique identifier (UUID) and a one-time random number (nonce); S2, the credential packet is encrypted and simultaneously transmitted through the terrestrial network channel 210 and the satellite broadcast channel 220; S3, the terminal security chip 300 receives the two data streams, starts a timer Tmax=30 seconds, and waits for the other data stream; S4, within the time window, a dual-path hash chain verification algorithm is executed: f(hg,hs,hroot)=1, only when hg=hs=hr S5. If f=1, execute the geographically distributed verification algorithm to check whether the backup nodes are located in the same H3 grid coding area; S6. If the geographical verification is successful, write the credential into the security domain 380 of the terminal security chip 300 and return the signature confirmation information; S7. After receiving the confirmation, the root trust server 20 stores the operation record in the lightweight evidence storage ledger in the DAG data structure and uses PBFT consensus to complete the final confirmation; S8. If the ground network is interrupted and the formal credential is about to expire, execute the network disconnection decision function A(x) to activate the temporary credential.
[0244] For example, Ms. Li, a citizen, applied to open a digital currency wallet through a mobile banking app. She needed to securely inject the digital wallet certificate issued by the central bank into the phone's security chip 300.
[0245] Step S1: The credential preparation module 100 of the root trust server 20 first applies for and obtains Ms. Li's digital currency wallet certificate from the central bank. Then, the UUID generator 101 generates a globally unique operation identifier UUID, and the random number generator 102 generates a one-time random number nonce. These three pieces of data—wallet certificate, UUID, and nonce—are concatenated into a complete raw data block M, ready to proceed to the next step of encryption and transmission.
[0246] Step S2: After receiving data block M, the dual-path distribution module 200 simultaneously encrypts and transmits it through two independent channels. On the terrestrial network channel 210, the digital credential remote injection system negotiates a shared key with Ms. Li's mobile phone chip using the elliptic curve Diffie-Hellman key exchange protocol / algorithm. This key is then used to encrypt M into ciphertext Cground, which is sent to Ms. Li's mobile phone via the operator's 5G network. On the satellite broadcast channel 220, the system uses the shared key pre-installed on the mobile phone chip to derive a session key using the HKDF algorithm. This key is used to encrypt the same M into ciphertext Csat, which is then broadcast to Ms. Li's mobile phone via a low-Earth orbit satellite. The two encryption paths use completely different key systems, and the two transmissions are synchronized in time, with a time difference controlled within 1 millisecond.
[0247] Step S3: The terminal security chip 300 in Ms. Li's mobile phone starts listening. When the ground receiving unit 310 receives Cground first, it stores it in the temporary buffer 330, and at the same time, the timer 340 starts a 30-second countdown. Subsequently, the satellite receiving unit 320 receives Csat and also stores it in the temporary buffer 330. The timer 340 detects that both channels have arrived, stops the countdown, and records the time difference between the arrival of the two channels. If only one channel arrives within 30 seconds, the timer will time out, reject the write operation, and report an exception.
[0248] Step S4: The decryption unit 350 decrypts Cground and Csat using their respective keys to obtain dataground and datasat. The dual-path hash chain comparison module 400 calculates hash values hg and hs for the two data paths respectively. Then, the comparator 440 compares these two hash values with the root hash hroot pre-stored in the chip's read-only memory 410. If hg, hs, and hroot are completely equal, the verification passes, and a write permission signal is output. If they are not equal, the difference calculation unit 450 calculates the difference Δ between the two hash values, and the anomaly reporting unit 390 reports the difference to the root trust server 20 for security auditing and attack tracing.
[0249] Step S5: This step is only performed in the credential backup scenario. It is automatically skipped in this initial application scenario, and the process proceeds directly to step S6. In the backup scenario, the aforementioned geographically distributed verification module 500 calculates the H3 geogrid code for each backup node, generates anonymous fingerprints, and then compares the similarity between the fingerprints. If the similarity exceeds 0.75, it indicates that the two backup nodes are located in the same geographically risky area, and the system will issue a warning and require the user to change nodes.
[0250] Step S6: After receiving the verification pass signal, the writing unit 370 writes the digital wallet certificate to the credential storage area 384 of the security domain 380. After writing, the private key signing unit 391 uses the chip's private key to sign the digest information of this operation using the Elliptic Curve Digital Signature Algorithm (ECDSA) to generate a confirmation message Sig. This confirmation message is sent back to the root trust server 20 through the terrestrial network channel 210, proving that Ms. Li's mobile phone has successfully received and written the digital wallet certificate.
[0251] Step S7: After receiving the confirmation message, the root trust server 20 packages the operation record into a new vertex, calculates its hash value hnew, and references the two existing parent vertices in the DAG. Then, the PBFT consensus module 940 runs the consensus process among seven trusted domestic nodes. When at least five nodes reach a consensus, the new vertex is officially written into the DAG, generating a certificate of evidence, Cert. This Cert is returned to Ms. Li's mobile phone for storage and simultaneously synchronized to the central bank's evidence storage platform, forming an immutable audit evidence chain.
[0252] Step S8: If Ms. Li enters a network-free area such as a subway station, and her official wallet certificate is about to expire, this step will pre-issue a temporary credential via satellite broadcast, which will be automatically activated when the terrestrial network is interrupted. After detecting the lack of network, the network detection unit sets x1 in the state vector to 0. The decision logic unit executes the decision function A(x), where τ = 72 hours. When the three conditions of no network, the current time being within the 72-hour window before the official credential expires, and the temporary credential not yet expired are simultaneously met, the decision function outputs 1, and the writing unit 370 activates the temporary credential. Ms. Li can then use the temporary wallet for small-amount offline payments. After the network is restored at the exit station, the temporary credential automatically expires, the official certificate is reactivated, and the usage record is automatically uploaded for settlement.
[0253] The embodiments of the present invention described above can be implemented in various hardware, software codes, or combinations thereof. For example, embodiments of the present invention can also be program code executing the above methods in a Digital Signal Processor (DSP). The present invention can also relate to various functions executed by a computer processor, digital signal processor, microprocessor, or Field Programmable Gate Array (FPGA). The processor described above can be configured to perform specific tasks according to the present invention, which are accomplished by executing machine-readable software code or firmware code defining the specific methods disclosed in the present invention. The software code or firmware code can be developed into different programming languages and different formats or forms. The software code can also be compiled for different target platforms. However, the different code styles, types, and languages of the software code performing tasks according to the present invention and other types of configuration code do not depart from the spirit and scope of the present invention.
[0254] Therefore, those skilled in the art will recognize that although embodiments of the present invention have been shown and described in detail herein, many other variations or modifications conforming to the principles of the present invention can be directly determined or derived from the disclosure of the present invention without departing from the spirit and scope of the invention. Therefore, the scope of the present invention should be understood and recognized as covering all such other variations or modifications.
Claims
1. A remote injection system for digital credentials with dual-path satellite-to-ground collaborative empty writing, comprising: A voucher preparation module is configured to generate digital vouchers and assign a universally unique identifier and a one-time random number (nonce). A dual-path distribution module is configured to send the same encrypted credential data packet simultaneously through terrestrial network channels and satellite broadcast channels; A terminal security chip is configured to receive data packets from a terrestrial network channel and a satellite broadcast channel, respectively. After decryption within a preset time window, it compares the credential content, universal unique identifier, and one-time random number of the two data streams. Only when they are completely consistent will the credential be written into the security domain and an acknowledgment be returned; otherwise, the writing will be rejected and an anomaly will be reported.
2. The remote digital credential injection system according to claim 1, characterized in that, The terminal security chip also includes a dual-path hash chain comparison module, which performs cross-validation using the following mathematical algorithm: Define a hash function H:{0,1} * →{0,1} 256 It adopts SHA-256; Calculation of data packets received by the terrestrial network channel ; Calculation of data packets received from the satellite broadcast channel ; Read the root hash value hroot preset in the terminal security chip; The decision function f(hg,hs,hroot) is executed if hg=hs=hroot; otherwise f=0. Write permission is triggered only when f=1; otherwise, the difference vector Δ=hg⊕hs is recorded for auditing.
3. The remote digital credential injection system according to claim 1, characterized in that, The terminal security chip also includes a temporary credential activation module for network outages, which runs a threshold-based decision function: Define a terminal state vector x = [x1, x2, x3, x4], where x1 ∈ {0, 1} represents the availability of the terrestrial network; x2 ∈ R+ represents the current timestamp; x3 ∈ R+ represents the expiration time of the formal credential; and x4 ∈ R+ represents the expiration time of the temporary credential. Activate the decision function A(x) = 1[x1 = 0 ∧ x2 > x3 - τ ∧ x2 < x4], where τ = 3600×24×3. is the indicator function; When A(x)=1, the temporary certificate is automatically activated; otherwise, the current state is maintained.
4. The remote digital credential injection system according to claim 1, characterized in that, The terminal security chip also includes a digital credential revocation verification module, which uses a Bloom filter to achieve efficient revocation status query. Define the Bloom filter B as having a length of m=2. 25 The bit vector is used with k=3 independent hash functions {H1,H2,H3}; The certificate serial number of the revocation certificate is inserted into the Bloom filter B[Hi(serial)]=1. ; When the terminal security chip verifies the validity of the credential, it calculates isRevoked(serial) = B[H1(serial)] ∧ B[H2(serial)] ∧ B[H3(serial)]. If the result is true, it is determined that the credential has been revoked. Regularly broadcast Bloom filter snapshots; Local updates to the endpoint security chip.
5. The remote digital credential injection system according to claim 1, characterized in that, It also includes a geographic distributed verification module, which embeds an Earth clone geographic grid generation algorithm and is configured as follows: Define the H3 geographic index function H3:(lat,lng,r)→G, where lat is the latitude, lng is the longitude, r is the resolution level, and G is the hexagonal grid encoding. Generate anonymous geographic fingerprints for each service node In the formula, s is the random salt value; Define the similarity function between two fingerprints In the formula, L=256, which is the fingerprint bit length, and Hamming is the Hamming distance; When a user backs up to N nodes, the similarity matrix Mij=Sim(Φi,Φj) is calculated; if there exists Mij>θ, it is determined to be the same geographical risk area, and a warning is issued.
6. The remote digital credential injection system according to claim 1, characterized in that: It also includes a satellite broadcast timing state machine module, which adopts a deterministic finite state automaton model and defines a state set Q={q0,q1,q2,q3}. In the formula, q0 represents the data to be broadcast; q1 represents the data being broadcast; q2 represents the data being confirmed; and q3 represents the data being retransmitted after a timeout. State transition function ; Input symbol set Σ={start,ack,timeout,retransmit}; The transfer rules are δ(q0,start)=q1; δ(q1,ack)=q2; δ(q1,timeout)=q3; δ(q3,retransmit)=q1; Any transition not covered by the above rules points to the abnormal absorption state q_err; After receiving the data packet, the terminal security chip verifies the legality of the state transition. If an illegal transition is detected, it is determined to be a replay attack and the data packet is discarded.
7. The remote digital credential injection system according to claim 1, characterized in that, It also includes a lightweight DAG evidence storage module, which adopts the following data structure: Define a directed acyclic graph G=(V,E), where each vertex vi∈V represents a record of an empty write operation; Each edge eij∈E represents a record vi referencing record vj as a historical dependency; The hash value of the new record vnew is calculated as follows: ; The PBFT consensus algorithm is used to confirm hnew, and the confirmation condition is at least Each node signs; The generated evidence certificate after confirmation is Cert=(hnew,timestamp,signature_set), for subsequent auditing.
8. The remote digital credential injection system according to claim 2, characterized in that, The terminal security chip embeds a Merkle tree verification engine, which employs the following mathematical structure: Define the complete voucher dataset for this empty write operation as D={d1,d2,…,dn}; Construct a Merkle tree T, with leaf nodes hi=H(di) and root node hroot; The terrestrial network channel data packets carry (hg, πg), where πg is the Merkel proof path from hg to hroot; The satellite broadcast channel data packet carries (hs, πs), where πs is the Merkel proof path from hs to hroot; The verification function Verify(hroot,h,π) is true only if MerklePathCheck(hroot,h,π) is true; otherwise, it is false. The acceptance condition is that Verify(hroot,hg,πg)=true and Verify(hroot,hs,πs)=true and hg=hs.
9. The remote injection system for digital credentials according to any one of claims 1 to 8, characterized in that: The dual-path distribution module uses independent encrypted session keys, and the key negotiation process is based on the elliptic curve Diffie-Hellman key exchange protocol / algorithm and the pre-shared key mechanism, respectively. The terrestrial network channel uses the ECDH protocol. In the formula, dchip is the chip's private key and Qserver is the server's public key; The satellite broadcast channel uses a pre-shared key. In the formula, PSK is the factory-preset pre-shared key, and the encryption function for both channels is C=AES-256-GCM(K,plaintext), but they use different initialization vectors IV.
10. A method for remotely injecting digital credentials based on the remote digital credential injection system according to any one of claims 1 to 9, comprising the following steps: S1. Generate a digital voucher and assign a universally unique identifier and a one-time random number; S2, an encrypted credential package, is sent simultaneously via terrestrial network channels and satellite broadcast channels; S3. The terminal security chip receives two data streams, starts a timer, and waits for the other data stream. S4. Execute the dual-path hash chain verification algorithm within the time window: S5. If true, execute the geographically distributed verification algorithm to check whether the backup nodes are located in the same H3 grid coding area; S6. If the geographical verification is successful, the credentials are written into the security domain of the terminal security chip, and signature confirmation information is returned. S7. After receiving confirmation, store the operation record in a lightweight evidence ledger using a DAG data structure, and use PBFT consensus to complete the final confirmation. S8. If the terrestrial network is interrupted and the formal certificate is about to expire, execute the network interruption decision function to activate the temporary certificate.