Authentication method and device of positioning data, equipment and readable storage medium

By digitally signing the terminal's location data using the SIM card's secure element and authenticating it with blockchain, the problem of poor location data accuracy is solved, achieving higher accuracy and security for location data.

CN122372998APending Publication Date: 2026-07-10CHINA MOBILE FINANCIAL TECHNOLOGY CO LTD +1

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
CHINA MOBILE FINANCIAL TECHNOLOGY CO LTD
Filing Date
2026-04-17
Publication Date
2026-07-10

AI Technical Summary

Technical Problem

The accuracy of location data in existing technologies is poor, mainly because the APIs of mobile devices are easily tampered with by external data, resulting in the generation of invalid location data.

Method used

The location data of the terminal is digitally signed using the security element of the SIM card to generate a trusted location credential, and then authenticated through blockchain to ensure the accuracy of the location data.

Benefits of technology

By generating unforgeable digital fingerprints at the hardware level and using blockchain smart contracts for automated verification, the accuracy of location data is improved and data tampering is prevented.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN122372998A_ABST
    Figure CN122372998A_ABST
Patent Text Reader

Abstract

This application discloses a method, apparatus, device, and readable storage medium for authenticating location data, applied to a terminal equipped with a SIM card. Upon receiving a location authentication request, the technical solution of this application transmits the terminal's location data to the secure unit of the SIM card for digital signing, thereby obtaining a signature result. A trusted location credential is then generated based on the signature result and the location data. The trusted location credential is then authenticated using blockchain, thereby determining the accuracy of the location data through the authentication result, thus improving the accuracy of the location data.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This application relates to the interdisciplinary field of information security and mobile communication technology, specifically to a method, apparatus, device, and readable storage medium for authenticating location data. Background Technology

[0002] With the widespread adoption of Location-Based Services (LBS), verifying the authenticity of user locations has become crucial in numerous scenarios such as attendance, logistics, insurance, and check-in. In related technologies, location data authentication typically employs either pure software or dedicated hardware methods. Pure software authentication relies on standard location services provided by the operating system, while dedicated hardware authentication uses a built-in security chip. Both methods depend on the Application Programming Interface (API) provided by the mobile device's operating system. However, because mobile device APIs are easily tampered with by external data, when an API is modified, invalid locations may be generated, resulting in poor accuracy of the location data. Summary of the Invention

[0003] This application provides a method, apparatus, device, and readable storage medium for authenticating location data, which solves the problem of poor accuracy of location data in related technologies.

[0004] Firstly, a method for authenticating location data is provided, applied to a terminal equipped with a SIM card, the method comprising:

[0005] Upon receiving a location authentication request, the location data of the terminal is transmitted to the security unit of the SIM card. The location data includes the latitude and longitude coordinates and timestamp obtained by the terminal during positioning. The timestamp is the timestamp when the terminal generates the latitude and longitude coordinates.

[0006] The system receives a signature result transmitted by the security unit of the SIM card, wherein the signature result is a signature obtained by the security unit of the SIM card digitally signing the location data based on an encryption key;

[0007] Based on the signature result and the location data, a trusted location credential is generated, and the trusted location credential is uploaded to the blockchain for authentication. The trusted location credential is used to authenticate the location data.

[0008] The authentication result sent by the blockchain is received, wherein the authentication result is obtained by the blockchain authenticating the location data based on the trusted location credential, and the authentication result is used to indicate whether the location data is valid.

[0009] Optionally, the encryption key is a key generated by the security unit of the SIM card based on a preset encryption algorithm, and the encryption key includes a public key and a private key;

[0010] The signature result is the result obtained by the security unit of the SIM card using the private key to digitally sign the first hash value;

[0011] Wherein, the first hash value is the hash value obtained by the security unit of the SIM card through hash calculation of the spliced ​​location data by randomly generating a first random number and a second random number, and the spliced ​​location data is the location data obtained by the security unit of the SIM card by splicing the latitude and longitude coordinates and the timestamp.

[0012] Optionally, the step of generating a trusted location credential based on the signature result and the location data, and uploading the trusted location credential to the blockchain for authentication, includes:

[0013] Receive the first random number and the second random number sent by the security unit of the SIM card;

[0014] A trusted location credential is generated based on the latitude and longitude coordinates, the timestamp, the first random number, the second random number, and the signature result.

[0015] Based on the bidirectional web page transmission protocol of the SIM card certificate authentication, the trusted location credential is uploaded to a target node in the blockchain for authentication. The blockchain includes multiple nodes, and the target node is any one of the multiple nodes.

[0016] Optionally, the authentication result is the result obtained by the target node comparing the second hash value and the third hash value after receiving the trusted location credential based on a preset smart contract. The preset smart contract is used to trigger the authentication process of the trusted location credential in the target node.

[0017] The second hash value is the hash value obtained by the target node decrypting and verifying the signature result based on the public key;

[0018] The third hash value is the hash value obtained by the target node through hash calculation of the latitude and longitude coordinates and the timestamp using the first random number and the second random number.

[0019] Wherein, if the second hash value is the same as the third hash value, the authentication result indicates that the location data is valid; if the second hash value is different from the third hash value, the authentication result indicates that the location data is invalid.

[0020] Optionally, the public key is determined by the target node based on the identity and binding relationship of the SIM card, and the identity and binding relationship of the SIM card are obtained after the secure unit of the SIM card is uploaded to the target node for storage;

[0021] The SIM card's identity identifier includes the integrated circuit card identification code and / or the International Mobile Subscriber Identity Code corresponding to the SIM card; the binding relationship is the binding relationship obtained by the SIM card's security unit binding the SIM card's identity identifier with the public key.

[0022] Optionally, after receiving the authentication result sent by the blockchain, the method further includes:

[0023] If the authentication result indicates that the location data is valid, a storage request is sent to the target node. The storage request is used to request the storage of the second hash value, the identity identifier of the SIM card, the timestamp, the authentication result, and the geographical range identifier in the target node. The geographical range identifier is an identifier obtained by the target node by fuzzing the latitude and longitude coordinates.

[0024] If the authentication result indicates that the location data is invalid, a deletion request is sent to the target node, the deletion request being used to request the deletion of the trusted location credential in the target node.

[0025] Secondly, this application provides a location data authentication device for a terminal, wherein the terminal is equipped with a SIM card, and the device includes:

[0026] The transmission module is used to transmit the location data of the terminal to the security unit of the SIM card when a location authentication request is received. The location data includes the latitude and longitude coordinates and timestamp obtained by the terminal for positioning. The timestamp is the timestamp when the terminal generates the latitude and longitude coordinates.

[0027] The first receiving module is used to receive the signature result transmitted by the security unit of the SIM card, wherein the signature result is the signature result obtained by the security unit of the SIM card digitally signing the location data based on the encryption key;

[0028] A generation module is used to generate a trusted location credential based on the signature result and the location data, and to upload the trusted location credential to the blockchain for authentication. The trusted location credential is used to authenticate the location data.

[0029] The second receiving module is used to receive the authentication result sent by the blockchain, wherein the authentication result is the authentication result obtained by the blockchain authenticating the location data based on the trusted location credential, and the authentication result is used to indicate whether the location data is valid.

[0030] Thirdly, this application also provides an electronic device, including a processor, a memory, and a computer program stored in the memory and executable on the processor, wherein the computer program, when executed by the processor, implements the steps of the method described in the first aspect above.

[0031] Fourthly, this application also provides a computer-readable storage medium storing a computer program that, when executed by a processor, implements the steps of the method described in the first aspect above.

[0032] Fifthly, this application also provides a computer program product, including computer instructions that, when executed by a processor, implement the steps of the method described in the first aspect above.

[0033] This application discloses a method, apparatus, device, and readable storage medium for authenticating location data, applied to a terminal equipped with a SIM card. The method includes: upon receiving a location authentication request, transmitting the location data of the terminal to a secure unit of the SIM card, the location data including latitude and longitude coordinates and a timestamp obtained by the terminal during positioning, wherein the timestamp is the timestamp when the terminal generated the latitude and longitude coordinates; receiving a signature result transmitted by the secure unit of the SIM card, wherein the signature result is a signature result obtained by the secure unit of the SIM card digitally signing the location data based on an encryption key; generating a trusted location credential based on the signature result and the location data, and uploading the trusted location credential to a blockchain for authentication, the trusted location credential being used to authenticate the location data; and receiving an authentication result sent by the blockchain, wherein the authentication result is an authentication result obtained by the blockchain authenticating the location data based on the trusted location credential, the authentication result being used to indicate whether the location data is valid. The technical solution of this application, upon receiving a location authentication request, transmits the terminal's location data to the secure unit of the SIM card for digital signing to obtain a signature result. Based on the signature result and the location data, a trusted location certificate is generated. The trusted location certificate is then authenticated through blockchain, thereby determining the accuracy of the location data based on the authentication result, thus improving the accuracy of the location data. Attached Figure Description

[0034] To more clearly illustrate the technical solution of this application, the drawings used in the description of this application will be briefly introduced below. Obviously, the drawings described below are only some embodiments of this application. For those skilled in the art, other drawings can be obtained based on these drawings without creative effort.

[0035] Figure 1 A flowchart illustrating a location data authentication method provided in an embodiment of this application;

[0036] Figure 2 This is a schematic diagram of the structure of a location data authentication device provided in an embodiment of this application;

[0037] Figure 3 This is a schematic diagram of the structure of an electronic device provided in an embodiment of this application. Detailed Implementation

[0038] The technical solutions of the embodiments of this application will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are only some embodiments of this application, not all embodiments. Based on the embodiments of this application, all other embodiments obtained by those skilled in the art without creative effort are within the scope of protection of this application.

[0039] The terms "first," "second," etc., used in the embodiments of this application are used to distinguish similar objects and are not necessarily used to describe a specific order or sequence. Furthermore, the terms "comprising" and "having," and any variations thereof, are intended to cover non-exclusive inclusion. For example, a process, method, system, product, or device that includes a series of steps or units is not necessarily limited to those steps or units explicitly listed, but may include other steps or units not explicitly listed or inherent to these processes, methods, products, or devices. Additionally, the use of "and / or" in this application indicates at least one of the connected objects, such as A and / or B and / or C, representing seven possibilities: including A alone, B alone, C alone, and the presence of both A and B, both B and C, both A and C, and the presence of A, B, and C.

[0040] See Figure 1 , Figure 1 This is a flowchart illustrating the location data authentication method provided in an embodiment of this application. The location data authentication method is applied to a terminal, which is equipped with a SIM card. Figure 1 As shown, the following steps may be included:

[0041] Step 101: Upon receiving a location authentication request, the location data of the terminal is transmitted to the security unit of the SIM card. The location data includes the latitude and longitude coordinates and timestamp obtained by the terminal during positioning. The timestamp is the timestamp when the terminal generates the latitude and longitude coordinates.

[0042] In this embodiment, the SIM card is a Super SIM card, an enhanced SIM card that adds "application capabilities" and "service access" to the basic SIM card, enabling data transmission and processing. In this embodiment, the Super SIM card is installed in the terminal and used to encrypt and sign the terminal's location data. The SIM card's Security Element (SE) can encrypt and sign the location data sent by the terminal, meaning it can process the data according to predefined rules.

[0043] Specifically, the location data includes latitude and longitude coordinates and a timestamp obtained by the terminal during positioning. The location data can be obtained from location sources such as the Global Positioning System (GPS), BeiDou, cellular network base stations, and Wi-Fi, acquiring the current raw latitude and longitude coordinates L and the precise timestamp T. The location data is encrypted by transmitting it to the secure unit of the SIM card.

[0044] Step 102: Receive the signature result transmitted by the security unit of the SIM card, wherein the signature result is the signature result obtained by the security unit of the SIM card digitally signing the location data based on the encryption key.

[0045] In this embodiment, the SIM card's security unit digitally signs the location data using a preset encryption key to obtain a signature result Sig. After generating the signature result, it returns the signature result to the terminal. Specifically, in this embodiment, the SIM card's security unit can generate a key pair of asymmetric cryptographic algorithms using a hardware cryptographic engine, wherein the key pair is an encryption key.

[0046] It should be noted that the encryption key may include a public key Pub_Key and a private key Pri_Key. The private key Pri_Key cannot be exported or read from the SE under any circumstances, and all its operations are performed internally by the SE, thereby further ensuring the security of the encrypted data.

[0047] Step 103: Generate a trusted location credential based on the signature result and the location data, and upload the trusted location credential to the blockchain for authentication. The trusted location credential is used to authenticate the location data.

[0048] In this embodiment, a trusted location credential is generated based on the signature result and location data returned by the security unit of the SIM card. The trusted location credential includes the signature result and location data. For example, the trusted location credential includes the original latitude and longitude coordinates L, the precise timestamp T, and the signature result Sig.

[0049] Therefore, the trusted location credential is uploaded to the blockchain for authentication. The blockchain is a decentralized distributed ledger that is block-based, immutable, secure, and reliable. It combines distributed storage, peer-to-peer transmission, consensus mechanisms, and cryptography technologies to record transactions and information through a continuously growing chain of data blocks, ensuring data security and transparency. In this embodiment, the trusted location credential can be uploaded to any node in the blockchain, thereby allowing the nodes to store the credential and authenticate the location data.

[0050] As described above, this embodiment completes the high-security cryptographic signature operation within the terminal hardware, while placing the verification logic on the blockchain and automating it through smart contracts, thus achieving the best balance between security and efficiency.

[0051] Step 104: Receive the authentication result sent by the blockchain, wherein the authentication result is the authentication result obtained by the blockchain authenticating the location data based on the trusted location credential, and the authentication result is used to indicate whether the location data is valid.

[0052] In this embodiment, the authentication result obtained by the nodes in the blockchain authenticating the location data is received. Specifically, the authentication result indicates whether the location data is valid. For example, if the location data has been tampered with externally, the authentication result will indicate that the location data is invalid, thus determining that the terminal's location is invalid. For instance, a user uses a terminal for attendance tracking, and because the user is late, they tamper with the terminal's location data to claim they are at the company. However, by verifying the trusted location credentials, the user's tampering behavior can be detected, thus confirming that the attendance tracking location is invalid.

[0053] The technical solution of this embodiment aims to overcome the shortcomings of the prior art. It utilizes the built-in security unit of the Super SIM card as a root of trust to generate an unforgeable "digital fingerprint" (signature result) for the original location data at the hardware level. Then, it uses a blockchain smart contract to automatically verify the validity of the fingerprint and records the verification result as an immutable evidence.

[0054] The technical solution of this application, upon receiving a location authentication request, transmits the terminal's location data to the secure unit of the SIM card for digital signing to obtain a signature result. Based on the signature result and the location data, a trusted location certificate is generated. The trusted location certificate is then authenticated through blockchain, thereby determining the accuracy of the location data based on the authentication result, thus improving the accuracy of the location data.

[0055] In some feasible implementations, optionally, the encryption key is a key generated by the security unit of the SIM card based on a preset encryption algorithm, and the encryption key includes a public key and a private key;

[0056] The signature result is the result obtained by the security unit of the SIM card using the private key to digitally sign the first hash value;

[0057] Wherein, the first hash value is the hash value obtained by the security unit of the SIM card through hash calculation of the spliced ​​location data by randomly generating a first random number and a second random number, and the spliced ​​location data is the location data obtained by the security unit of the SIM card by splicing the latitude and longitude coordinates and the timestamp.

[0058] In this embodiment, during the process of signing the location data through the security unit of the SIM card, the security unit of the SIM card first generates a key pair of asymmetric cryptographic algorithms (public key Pub_Key and private key Pri_Key) based on a preset encryption algorithm.

[0059] The SIM card's secure unit combines the received raw latitude and longitude coordinates L and timestamp T, and performs a hash operation using the first random number S and the second random number SEID: the hash algorithm is used to calculate the first hash value H of the combined data (the specific calculation formula is: H=Hash(L||T||S||SEID)), and this first hash value H serves as the unique "fingerprint" of the data.

[0060] After obtaining the first hash value, the cryptographic engine inside the security unit SE is called to perform a digital signature operation on the first hash value H using the generated, non-exportable private key Pri_Key, to obtain the signature result Sig (the specific calculation formula is: Sig=Sign(Pri_Key,H)).

[0061] It should be noted that the operation of the SIM card's security unit is performed by the application in the terminal sending the received raw latitude and longitude coordinates L and timestamp T to the security unit SE of the Super SIM card via specific APDU instructions. Specifically, the first and second random numbers are used to determine the key group index. The APDU instructions for obtaining the random numbers are shown in Table 1.

[0062] Table 1 APDU head Command (hex) meaning CLA 0x00 Encrypted transmission using security level 00 INS 0x84 P1 00 P2 00 data xx Does not exist Lc xx Does not exist Le 08 Expected return data length

[0063] Examples of obtaining random numbers through commands are as follows: The execution command includes: 0084000008, and the response command includes: 09B32F1CFE6345F8.

[0064] The second random number, SEID, is used for unique identification of the SIM card. The APDU instruction design for obtaining SEID is shown in Table 2.

[0065] Table 2 APDU head Command (hex) meaning CLA 0x80 Encrypted transmission using security level 01 INS 0xCA P1 00 P2 44 data xx Does not exist Lc xx Does not exist Le 00 Expected return data length

[0066] The following is an example of obtaining the second random number SEID through instructions: The execution instruction includes: 80CA004400, and the response instruction includes: 22960004100000008386.

[0067] In this embodiment, a non-forgeable digital fingerprint is generated for the original location data at the hardware level through the security unit of the SIM card, thereby preventing data tampering and improving data security.

[0068] Optionally, the step of generating a trusted location credential based on the signature result and the location data, and uploading the trusted location credential to the blockchain for authentication, includes:

[0069] Receive the first random number and the second random number sent by the security unit of the SIM card;

[0070] A trusted location credential is generated based on the latitude and longitude coordinates, the timestamp, the first random number, the second random number, and the signature result.

[0071] Based on the bidirectional web page transmission protocol of the SIM card certificate authentication, the trusted location credential is uploaded to a target node in the blockchain for authentication. The blockchain includes multiple nodes, and the target node is any one of the multiple nodes.

[0072] In this embodiment, the terminal obtains the first random number and the second random number sent by the security unit of the SIM card, and outputs the generated signature Sig to the terminal application. At this point, a trusted location credential (containing L, T, S, SEID, and Sig) guaranteed by the hardware security chip is packaged.

[0073] The terminal application sends the trusted location credentials (including L, T, S, SEID, Sig) to a node in the blockchain network via the network. To ensure the security of the transmission process, a two-way authentication HTTPS channel based on the Super SIM card certificate can be used first to ensure that the data is not eavesdropped or tampered with during transmission.

[0074] It should be noted that after obtaining the trusted location credential, the terminal uploads the trusted location credential to the target node in the blockchain to authenticate the location data. The target node is any one of the multiple nodes in the blockchain, and the target node includes storage space for storing the received trusted location credential.

[0075] Optionally, the authentication result is the result obtained by the target node comparing the second hash value and the third hash value after receiving the trusted location credential based on a preset smart contract. The preset smart contract is used to trigger the authentication process of the trusted location credential in the target node.

[0076] The second hash value is the hash value obtained by the target node decrypting and verifying the signature result based on the public key;

[0077] The third hash value is the hash value obtained by the target node through hash calculation of the latitude and longitude coordinates and the timestamp using the first random number and the second random number.

[0078] Wherein, if the second hash value is the same as the third hash value, the authentication result indicates that the location data is valid; if the second hash value is different from the third hash value, the authentication result indicates that the location data is invalid.

[0079] In this embodiment, after the target node of the blockchain receives a trusted location credential, a pre-defined smart contract is triggered to receive and process the location credential. The pre-defined smart contract is an automatically executing program written on the blockchain; after being triggered, it automatically executes pre-defined logic.

[0080] Specifically, it includes the following logic:

[0081] Identity Verification: Based on the identity identifier in the credential, retrieve the corresponding public key Pub_Key registered on the blockchain. Hash Calculation: Recalculate the third hash value H' based on the received original latitude and longitude coordinates L and timestamp T (the specific calculation formula is: third hash value H' = Hash(L||T||S||SEID)). Signature Verification: Decrypt and verify the received signature Sig using the retrieved public key Pub_Key to obtain its original hash value, i.e., the second hash value H_decrypted.

[0082] Consistency check: Determine whether the recalculated third hash value H' is completely identical to the decrypted second hash value H_decrypted. If they are identical, it proves that: the data has not been tampered with since signing (integrity); and the data was indeed signed by the holder of the corresponding private key Pri_Key (authenticity). If they are inconsistent, the verification fails.

[0083] Therefore, if the second hash value and the third hash value are the same, the authentication result indicates that the location data is valid; if the second hash value and the third hash value are different, the authentication result indicates that the location data is invalid.

[0084] This embodiment adopts the "hash on-chain, raw data off-chain" model, which utilizes the immutability of blockchain to ensure the verifiability of credentials, while avoiding the public exposure of users' precise location privacy.

[0085] Optionally, the public key is determined by the target node based on the identity and binding relationship of the SIM card, and the identity and binding relationship of the SIM card are obtained after the secure unit of the SIM card is uploaded to the target node for storage;

[0086] The SIM card's identity identifier includes the integrated circuit card identification code and / or the International Mobile Subscriber Identity Code corresponding to the SIM card; the binding relationship is the binding relationship obtained by the SIM card's security unit binding the SIM card's identity identifier with the public key.

[0087] In this embodiment, the SIM card's identity identifier includes the Integrated Circuit Card Identifier (ICCID) and / or the International Mobile Subscriber Identity (IMSI) corresponding to the SIM card. For example, either the ICCID or the IMSI can be used alone as the SIM card's identity identifier. In other embodiments, the ICCID and the IMSI can be concatenated to form the SIM card's identity identifier.

[0088] Specifically, the SIM card's security unit binds the super SIM card's unique identifier to its corresponding public key (Pub_Key) and registers this binding relationship on the blockchain. This step establishes a trusted foundation for subsequent signature verification. Upon receiving the SIM card's identifier and the binding relationship, the target node on the blockchain can then authenticate the location data.

[0089] Optionally, after receiving the authentication result sent by the blockchain, the method further includes:

[0090] If the authentication result indicates that the location data is valid, a storage request is sent to the target node. The storage request is used to request the storage of the second hash value, the identity identifier of the SIM card, the timestamp, the authentication result, and the geographical range identifier in the target node. The geographical range identifier is an identifier obtained by the target node by fuzzing the latitude and longitude coordinates.

[0091] If the authentication result indicates that the location data is invalid, a deletion request is sent to the target node, the deletion request being used to request the deletion of the trusted location credential in the target node.

[0092] In this embodiment, after authentication is completed, the target node in the blockchain returns the authentication result to the terminal. If the authentication result indicates that the location data is valid, a storage request is sent to the target node. The smart contract permanently writes the key information of this location authentication, including the transaction hash (second hash value), identity identifier, timestamp T, authentication result, and geographical range identifier, into the distributed ledger of the blockchain. For privacy protection, the original latitude and longitude coordinates L may not be directly uploaded to the chain; instead, only its hash value or a vague geographical range identifier is uploaded to the chain, while the original data is stored off-chain for auditing purposes.

[0093] If the authentication result indicates that the location data is invalid, a deletion request is sent to the target node, the transaction is discarded or a failure log is recorded, and the trusted location credential is deleted to prevent the leakage of user information.

[0094] In this embodiment, any authorized participant can publicly verify the authenticity of any location-based evidence by entering the transaction hash or user identity through a blockchain explorer or dedicated query interface. The verification process does not rely on the original service provider's backend database; it only requires re-verifying the signature using the public key recorded on the blockchain, thus achieving true decentralized trust.

[0095] The technical solution of this application, upon receiving a location authentication request, transmits the terminal's location data to the secure unit of the SIM card for digital signing to obtain a signature result. Based on the signature result and the location data, a trusted location certificate is generated. The trusted location certificate is then authenticated through blockchain, thereby determining the accuracy of the location data based on the authentication result, thus improving the accuracy of the location data.

[0096] like Figure 2 As shown, Figure 2This is a structural diagram of a location data authentication device provided in an embodiment of this application, applied to a terminal, which includes a SIM card. Figure 2 As shown, the location data authentication device 200 includes:

[0097] The transmission module 210 is used to transmit the location data of the terminal to the security unit of the SIM card when a location authentication request is received. The location data includes the latitude and longitude coordinates and timestamp obtained by the terminal for positioning. The timestamp is the timestamp when the terminal generates the latitude and longitude coordinates.

[0098] The first receiving module 220 is used to receive the signature result transmitted by the security unit of the SIM card, wherein the signature result is the signature result obtained by the security unit of the SIM card digitally signing the location data based on the encryption key;

[0099] The generation module 230 is used to generate a trusted location certificate based on the signature result and the location data, and to upload the trusted location certificate to the blockchain for authentication. The trusted location certificate is used to authenticate the location data.

[0100] The second receiving module 240 is used to receive the authentication result sent by the blockchain, wherein the authentication result is the authentication result obtained by the blockchain authenticating the location data based on the trusted location credential, and the authentication result is used to indicate whether the location data is valid.

[0101] Optionally, the encryption key is a key generated by the security unit of the SIM card based on a preset encryption algorithm, and the encryption key includes a public key and a private key;

[0102] The signature result is the result obtained by the security unit of the SIM card using the private key to digitally sign the first hash value;

[0103] Wherein, the first hash value is the hash value obtained by the security unit of the SIM card through hash calculation of the spliced ​​location data by randomly generating a first random number and a second random number, and the spliced ​​location data is the location data obtained by the security unit of the SIM card by splicing the latitude and longitude coordinates and the timestamp.

[0104] Optionally, the generation module 230 includes:

[0105] A receiving submodule is configured to receive the first random number and the second random number sent by the security element of the SIM card;

[0106] A generation submodule is used to generate a trusted location credential based on the latitude and longitude coordinates, the timestamp, the first random number, the second random number, and the signature result.

[0107] The authentication submodule is used to upload the trusted location credential to a target node in the blockchain for authentication based on the bidirectional web page transmission protocol of the SIM card certificate authentication. The blockchain includes multiple nodes, and the target node is any one of the multiple nodes.

[0108] Optionally, the authentication result is the result obtained by the target node comparing the second hash value and the third hash value after receiving the trusted location credential based on a preset smart contract. The preset smart contract is used to trigger the authentication process of the trusted location credential in the target node.

[0109] The second hash value is the hash value obtained by the target node decrypting and verifying the signature result based on the public key;

[0110] The third hash value is the hash value obtained by the target node through hash calculation of the latitude and longitude coordinates and the timestamp using the first random number and the second random number.

[0111] Wherein, if the second hash value is the same as the third hash value, the authentication result indicates that the location data is valid; if the second hash value is different from the third hash value, the authentication result indicates that the location data is invalid.

[0112] Optionally, the public key is determined by the target node based on the identity and binding relationship of the SIM card, and the identity and binding relationship of the SIM card are obtained after the secure unit of the SIM card is uploaded to the target node for storage;

[0113] The SIM card's identity identifier includes the integrated circuit card identification code and / or the International Mobile Subscriber Identity Code corresponding to the SIM card; the binding relationship is the binding relationship obtained by the SIM card's security unit binding the SIM card's identity identifier with the public key.

[0114] Optional, also includes:

[0115] The first request module is used to send a storage request to the target node when the authentication result indicates that the location data is valid. The storage request is used to request the storage of the second hash value, the identity identifier of the SIM card, the timestamp, the authentication result and the geographical range identifier in the target node. The geographical range identifier is an identifier obtained by the target node by fuzzing the latitude and longitude coordinates.

[0116] The second request module is used to send a deletion request to the target node when the authentication result indicates that the location data is invalid. The deletion request is used to request the deletion of the trusted location credential in the target node.

[0117] The technical solution of this application, upon receiving a location authentication request, transmits the terminal's location data to the secure unit of the SIM card for digital signing to obtain a signature result. Based on the signature result and the location data, a trusted location certificate is generated. The trusted location certificate is then authenticated through blockchain, thereby determining the accuracy of the location data based on the authentication result, thus improving the accuracy of the location data.

[0118] This application also provides an electronic device. Please refer to [link to relevant documentation]. Figure 3 The electronic device may include a processor 301, a memory 302, and a program 3021 stored in the memory 302 and capable of running on the processor 301.

[0119] When program 3021 is executed by processor 301, it can achieve the following: Figure 1 Any step in the corresponding method embodiment:

[0120] Upon receiving a location authentication request, the location data of the terminal is transmitted to the security unit of the SIM card. The location data includes the latitude and longitude coordinates and timestamp obtained by the terminal during positioning. The timestamp is the timestamp when the terminal generates the latitude and longitude coordinates.

[0121] The system receives a signature result transmitted by the security unit of the SIM card, wherein the signature result is a signature obtained by the security unit of the SIM card digitally signing the location data based on an encryption key;

[0122] Based on the signature result and the location data, a trusted location credential is generated, and the trusted location credential is uploaded to the blockchain for authentication. The trusted location credential is used to authenticate the location data.

[0123] The authentication result sent by the blockchain is received, wherein the authentication result is obtained by the blockchain authenticating the location data based on the trusted location credential, and the authentication result is used to indicate whether the location data is valid.

[0124] Optionally, the encryption key is a key generated by the security unit of the SIM card based on a preset encryption algorithm, and the encryption key includes a public key and a private key;

[0125] The signature result is the result obtained by the security unit of the SIM card using the private key to digitally sign the first hash value;

[0126] Wherein, the first hash value is the hash value obtained by the security unit of the SIM card through hash calculation of the spliced ​​location data by randomly generating a first random number and a second random number, and the spliced ​​location data is the location data obtained by the security unit of the SIM card by splicing the latitude and longitude coordinates and the timestamp.

[0127] Optionally, the step of generating a trusted location credential based on the signature result and the location data, and uploading the trusted location credential to the blockchain for authentication, includes:

[0128] Receive the first random number and the second random number sent by the security unit of the SIM card;

[0129] A trusted location credential is generated based on the latitude and longitude coordinates, the timestamp, the first random number, the second random number, and the signature result.

[0130] Based on the bidirectional web page transmission protocol of the SIM card certificate authentication, the trusted location credential is uploaded to a target node in the blockchain for authentication. The blockchain includes multiple nodes, and the target node is any one of the multiple nodes.

[0131] Optionally, the authentication result is the result obtained by the target node comparing the second hash value and the third hash value after receiving the trusted location credential based on a preset smart contract. The preset smart contract is used to trigger the authentication process of the trusted location credential in the target node.

[0132] The second hash value is the hash value obtained by the target node decrypting and verifying the signature result based on the public key;

[0133] The third hash value is the hash value obtained by the target node through hash calculation of the latitude and longitude coordinates and the timestamp using the first random number and the second random number.

[0134] Wherein, if the second hash value is the same as the third hash value, the authentication result indicates that the location data is valid; if the second hash value is different from the third hash value, the authentication result indicates that the location data is invalid.

[0135] Optionally, the public key is determined by the target node based on the identity and binding relationship of the SIM card, and the identity and binding relationship of the SIM card are obtained after the secure unit of the SIM card is uploaded to the target node for storage;

[0136] The SIM card's identity identifier includes the integrated circuit card identification code and / or the International Mobile Subscriber Identity Code corresponding to the SIM card; the binding relationship is the binding relationship obtained by the SIM card's security unit binding the SIM card's identity identifier with the public key.

[0137] Optionally, after receiving the authentication result sent by the blockchain, the method further includes:

[0138] If the authentication result indicates that the location data is valid, a storage request is sent to the target node. The storage request is used to request the storage of the second hash value, the identity identifier of the SIM card, the timestamp, the authentication result, and the geographical range identifier in the target node. The geographical range identifier is an identifier obtained by the target node by fuzzing the latitude and longitude coordinates.

[0139] If the authentication result indicates that the location data is invalid, a deletion request is sent to the target node, the deletion request being used to request the deletion of the trusted location credential in the target node.

[0140] The technical solution of this application, upon receiving a location authentication request, transmits the terminal's location data to the secure unit of the SIM card for digital signing to obtain a signature result. Based on the signature result and the location data, a trusted location certificate is generated. The trusted location certificate is then authenticated through blockchain, thereby determining the accuracy of the location data based on the authentication result, thus improving the accuracy of the location data.

[0141] This application also provides a computer-readable storage medium storing a computer program. When executed by a processor, this computer program implements the various processes of the above-described location data authentication embodiments and achieves the same technical effects. To avoid repetition, it will not be described again here. The computer-readable storage medium may be a read-only memory (ROM), a random access memory (RAM), a magnetic disk, or an optical disk, etc.

[0142] This application also provides a computer program product, which is stored in a storage medium and executed by at least one processor to implement the various processes of the above-described location data authentication method embodiment, and can achieve the same technical effect. To avoid repetition, it will not be described again here.

[0143] It should be noted that, in this document, the terms "comprising," "including," or any other variations thereof are intended to cover non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements includes not only those elements but also other elements not expressly listed, or elements inherent to such a process, method, article, or apparatus. Unless otherwise specified, an element defined by the phrase "comprising one..." does not exclude the presence of other identical elements in the process, method, article, or apparatus that includes that element.

[0144] Through the above description of the embodiments, those skilled in the art can clearly understand that the methods of the above embodiments can be implemented by means of software plus necessary general-purpose hardware platforms. Of course, they can also be implemented by hardware, but in many cases the former is a better implementation method. Based on this understanding, the technical solution of this application, in essence, or the part that contributes to the prior art, can be embodied in the form of a software product. This computer software product is stored in a storage medium (such as ROM / RAM, magnetic disk, optical disk), and includes several instructions to cause a communication device (which may be a mobile phone, computer, server, air conditioner, or network device, etc.) to execute the methods described in the various embodiments of this application.

[0145] The embodiments of this application have been described above with reference to the accompanying drawings. However, this application is not limited to the specific embodiments described above. The specific embodiments described above are merely illustrative and not restrictive. Those skilled in the art can make many other forms under the guidance of this application without departing from the spirit and scope of the claims, and all of these forms are within the protection scope of this application.

Claims

1. A method for authenticating location data, characterized in that, Applied to a terminal, wherein the terminal is equipped with a SIM card, the method includes: Upon receiving a location authentication request, the location data of the terminal is transmitted to the security unit of the SIM card. The location data includes the latitude and longitude coordinates and timestamp obtained by the terminal during positioning. The timestamp is the timestamp when the terminal generates the latitude and longitude coordinates. The system receives a signature result transmitted by the security unit of the SIM card, wherein the signature result is a signature obtained by the security unit of the SIM card digitally signing the location data based on an encryption key; Based on the signature result and the location data, a trusted location credential is generated, and the trusted location credential is uploaded to the blockchain for authentication. The trusted location credential is used to authenticate the location data. The authentication result sent by the blockchain is received, wherein the authentication result is obtained by the blockchain authenticating the location data based on the trusted location credential, and the authentication result is used to indicate whether the location data is valid.

2. The method according to claim 1, characterized in that, The encryption key is a key generated by the security unit of the SIM card based on a preset encryption algorithm, and the encryption key includes a public key and a private key; The signature result is the result obtained by the security unit of the SIM card using the private key to digitally sign the first hash value; Wherein, the first hash value is the hash value obtained by the security unit of the SIM card through hash calculation of the spliced ​​location data by randomly generating a first random number and a second random number, and the spliced ​​location data is the location data obtained by the security unit of the SIM card by splicing the latitude and longitude coordinates and the timestamp.

3. The method according to claim 2, characterized in that, The step of generating a trusted location credential based on the signature result and the location data, and uploading the trusted location credential to the blockchain for authentication, includes: Receive the first random number and the second random number sent by the security unit of the SIM card; A trusted location credential is generated based on the latitude and longitude coordinates, the timestamp, the first random number, the second random number, and the signature result. Based on the bidirectional web page transmission protocol of the SIM card certificate authentication, the trusted location credential is uploaded to a target node in the blockchain for authentication. The blockchain includes multiple nodes, and the target node is any one of the multiple nodes.

4. The method according to claim 3, characterized in that, The authentication result is the result obtained by the target node comparing the second hash value and the third hash value after receiving the trusted location credential based on the preset smart contract. The preset smart contract is used to trigger the authentication process of the trusted location credential in the target node. The second hash value is the hash value obtained by the target node decrypting and verifying the signature result based on the public key; The third hash value is the hash value obtained by the target node through hash calculation of the latitude and longitude coordinates and the timestamp using the first random number and the second random number. Wherein, if the second hash value is the same as the third hash value, the authentication result indicates that the location data is valid; if the second hash value is different from the third hash value, the authentication result indicates that the location data is invalid.

5. The method according to claim 4, characterized in that, The public key is determined by the target node based on the identity and binding relationship of the SIM card. The identity and binding relationship of the SIM card are obtained after the secure unit of the SIM card is uploaded to the target node for storage. The SIM card's identity identifier includes the integrated circuit card identification code and / or the International Mobile Subscriber Identity Code corresponding to the SIM card; the binding relationship is the binding relationship obtained by the SIM card's security unit binding the SIM card's identity identifier with the public key.

6. The method according to claim 5, characterized in that, After receiving the authentication result sent by the blockchain, the method further includes: If the authentication result indicates that the location data is valid, a storage request is sent to the target node. The storage request is used to request the storage of the second hash value, the identity identifier of the SIM card, the timestamp, the authentication result, and the geographical range identifier in the target node. The geographical range identifier is an identifier obtained by the target node by fuzzing the latitude and longitude coordinates. If the authentication result indicates that the location data is invalid, a deletion request is sent to the target node, the deletion request being used to request the deletion of the trusted location credential in the target node.

7. A location data authentication device, characterized in that, Applied to a terminal, wherein the terminal is equipped with a SIM card, the device includes: The transmission module is used to transmit the location data of the terminal to the security unit of the SIM card when a location authentication request is received. The location data includes the latitude and longitude coordinates and timestamp obtained by the terminal for positioning. The timestamp is the timestamp when the terminal generates the latitude and longitude coordinates. The first receiving module is used to receive the signature result transmitted by the security unit of the SIM card, wherein the signature result is the signature result obtained by the security unit of the SIM card digitally signing the location data based on the encryption key; A generation module is used to generate a trusted location credential based on the signature result and the location data, and to upload the trusted location credential to the blockchain for authentication. The trusted location credential is used to authenticate the location data. The second receiving module is used to receive the authentication result sent by the blockchain, wherein the authentication result is the authentication result obtained by the blockchain authenticating the location data based on the trusted location credential, and the authentication result is used to indicate whether the location data is valid.

8. An electronic device, characterized in that, include: A processor, a memory, and a program stored in the memory and executable on the processor, wherein the program, when executed by the processor, implements the steps of the method as described in any one of claims 1 to 6.

9. A computer-readable storage medium, characterized in that, The computer-readable storage medium stores a computer program that, when executed by a processor, implements the steps of the method as described in any one of claims 1 to 6.

10. A computer program product, characterized in that, Includes computer instructions that, when executed by a processor, implement the steps of the method as described in any one of claims 1 to 6.