Satellite ground terminal group batch access authentication method and device
By using distributed hash trees and aggregate signature technology, the problems of high signaling overhead, strong central dependence, and weak anti-tampering ability in satellite networks are solved, and efficient and secure batch access authentication of satellite ground terminal groups is achieved, which is suitable for large-scale concurrent access and dynamic self-organizing scenarios.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Applications(China)
- Current Assignee / Owner
- 上海霄元创新中心
- Filing Date
- 2026-04-20
- Publication Date
- 2026-07-14
AI Technical Summary
Existing satellite network ground terminal authentication technologies suffer from high signaling overhead, strong central dependence, and weak anti-tampering capabilities, making it difficult to achieve efficient and secure batch access authentication, especially in scenarios with large-scale concurrent access and dynamic self-organization.
A distributed hash tree construction and aggregate signature method is adopted. Peer discovery and logical sorting are performed through terminal near-field communication. Combined with the random verification mechanism on the satellite side, the terminal can independently generate the root hash without relying on a centralized node. Multiple cryptographic constraints are used to prevent the representative terminal from tampering with the member list. The satellite performs aggregate signature legality verification and random sampling.
It greatly alleviates the spectrum pressure and collision probability of the satellite-to-ground link, reduces the computational complexity and power consumption of the satellite, enhances the access flexibility and resilience in dynamic self-organizing scenarios, prevents malicious behavior of representative nodes, and achieves efficient and secure batch access authentication.
Smart Images

Figure CN122394637A_ABST
Abstract
Description
Technical Field
[0001] This invention belongs to the field of satellite communication security technology, and in particular relates to a method and device for batch access authentication of satellite ground terminal groups. Background Technology
[0002] Currently, satellite networks generally use a one-to-one handshake protocol based on public key infrastructure for access authentication of ground terminals. In this scheme, each terminal needs to independently complete at least 2 to 4 signaling interactions with the satellite to establish a security context. When a large number of terminals simultaneously initiate access within the satellite transit window, the uplink random access channel will experience severe collisions due to a large number of concurrent authentication requests, leading to a surge in retransmissions, an exponential increase in authentication latency, and even preventing some terminals from completing access within the transit window.
[0003] To alleviate signaling congestion, existing research has proposed several group authentication methods. For example, one approach is based on pre-distributed group keys, using a shared key to verify terminal identities in batches. However, pre-shared key schemes are vulnerable to internal attacks; if a terminal is compromised, the security of the entire group is compromised. Another approach utilizes ground base stations or fixed cluster heads as centralized control nodes, where the cluster head collects terminal information and initiates authentication with the satellite on behalf of the terminal. Such centralized schemes are feasible in static terrestrial networks, but in dynamic self-organizing scenarios, the failure or departure of the cluster head node can render the entire group unauthenticable, resulting in severely compromised reliability. More importantly, if the cluster head node is maliciously controlled, it can arbitrarily tamper with the member list and forge group identities, and existing schemes lack effective anti-tampering mechanisms, making them vulnerable to malicious actions by internal representative nodes.
[0004] In summary, existing satellite network ground terminal authentication technologies suffer from the following three shortcomings: High signaling overhead: The one-to-one handshake mode cannot adapt to large-scale concurrent access, and the satellite-to-ground link is prone to congestion. Strong central dependency: Group authentication often relies on fixed cluster heads or base stations, posing a single point of failure risk in dynamic self-organizing scenarios. Weak resistance to tampering: Once a representative node is compromised, it can easily forge the group identity, lacking strong cryptographic verification methods to verify the authenticity of the member list. Therefore, designing an efficient batch access authentication method in a decentralized, highly dynamic ground terminal environment that can significantly compress satellite-to-ground authentication signaling, resist malicious tampering by representative nodes, and not rely on complete tree reconstruction has become a pressing technical problem in this field. This invention addresses these technical needs. Summary of the Invention
[0005] To address the aforementioned issues, this invention proposes a method and apparatus for batch access authentication of satellite ground terminal groups. By constructing a distributed hash tree and using aggregated signatures to compress the uplink messages of terminal authentication requests, combined with a random verification mechanism on the satellite side that only samples a subset of terminals, the spectral pressure and collision probability of the satellite-to-ground link are significantly reduced. Verifying the legitimacy of the aggregated signature through a single bilinear pairing operation on the satellite, combined with bottom-up hash path reconstruction to verify only the sampled terminals, reduces onboard computational complexity, power consumption, and memory usage. A distributed collaborative approach, using near-field communication between terminals for peer discovery and logical sorting, exchanging hash values pairwise, and recursively calculating the parent node, enables terminals to independently generate the same root hash without relying on any centralized node, avoiding single points of failure and enhancing access flexibility and resilience in dynamic self-organizing scenarios. Multiple cryptographic constraints—each terminal using its private key to generate partial signatures for the member list, a representative terminal using additive homomorphism to aggregate into a single aggregated signature, and the satellite verifying the mathematical correspondence through bilinear pairing operations—ensure that the representative terminal cannot add illegal members or remove legitimate members from the member list, and that any tampering will cause the aggregated signature verification to fail.
[0006] The first aspect of the present invention provides a method for batch access authentication of satellite ground terminal groups, comprising: The ground terminal set performs time window synchronization through beacon signals broadcast by satellite, performs peer discovery and identity sorting through near-field communication, constructs an aggregate signature for group authentication to obtain a group authentication message, and the corresponding terminal sends the group authentication message to the satellite through a single satellite-to-ground link; The satellite receives the group authentication message and verifies the legality of the aggregate signature. After successful verification, it randomly selects some terminals in the group to issue challenge commands and compares the root hash with the information returned by the selected terminals to obtain the group session key and admission decision.
[0007] Preferably, the step of obtaining the group authentication message further includes: Construct a distributed, self-organizing authentication environment based on time window synchronization; Each terminal in the ground terminal set is peer-to-peer discovered through a near-field communication link, and the terminals are logically sorted according to their globally unique identifiers to obtain a list of terminal members. Each terminal in the ground terminal set uses its own identity as a leaf node, exchanges hash values with neighboring nodes in pairs, recursively calculates the parent node using a preset group key, and iteratively updates the root hash of each terminal. Based on the terminal's private key and the root hash, a partial signature is generated through the corresponding terminal. All partial signatures are collected by the representative terminal and aggregated into a single aggregate signature to construct a group authentication message.
[0008] Preferably, the step of updating the root hash of each terminal further includes: Construct a hash value from the globally unique identifier and current timestamp of each terminal in the ground terminal set, and set the hash value as the data of the leaf node of the corresponding terminal; Terminals are arranged in ascending order according to their globally unique identifiers, and each terminal is paired up. If the number of terminals is odd, the last terminal will copy its own hash value to complete the tree structure. Neighboring terminals exchange hash results via near-field broadcast protocol and calculate the parent node value based on a preset group key. The calculation expression is as follows: In the formula, The default group key. , These are the hash values of the left and right nodes in the adjacent nodes, respectively.
[0009] Preferably, in the satellite ground terminal group batch access authentication method according to claim 1, the step of constructing the aggregate signature for group authentication further includes: Each terminal in the ground terminal set performs a hash operation on the message using its private key to obtain a hash result, and then maps the hash result to obtain a partial signature. The message includes a root hash, a list of terminal members, and a timestamp. The partial signature is sent to the representative terminal through each terminal; By collecting all partial signatures on behalf of the terminal, and utilizing the additive homomorphic property, all partial signatures are compressed into a single aggregate signature.
[0010] Preferably, the steps of obtaining the group session key and admission decision further include: Based on the group authentication message and public key library, the validity of the aggregated signature is verified to determine whether each terminal in the member list belongs to the pre-registered set. The satellite dynamically calculates the sample size k and randomly selects k terminals from the ground terminal set as the sampled terminal set. The satellite sends a challenge message to the sampled terminal set and receives the path proof data returned by each sampled terminal. Based on the path proof data, the hash path is reconstructed from bottom to top by satellite, and the reconstruction result is matched with the root hash. The group session key and access decision are obtained according to the matching result. The specific rules are as follows: if all matches are successful, access permission is granted and a group session key is derived; otherwise, a group rejection policy is implemented and abnormal terminals are marked.
[0011] Preferably, the step of the satellite sending a challenge message to the sampled terminal set further includes: The satellite calculates the sample size k based on the current remaining computing resources of the onboard processor and the historical trust score of the group, using a probability model that dynamically adjusts based on security level and system load. K random index values are generated by an encrypted random number generator, and k corresponding terminals are randomly selected from the member list as the terminal set to be sampled. Each of the randomly selected terminals in the cluster transmits path verification data directly back to the satellite via a satellite-to-ground link; The satellite performs cascaded hash operations layer by layer with the hash values of adjacent nodes, starting from the hash value of the leaf node, to obtain the hash value of the root node. Based on the hash value, a consistency comparison is performed with the root hash representing the terminal.
[0012] Preferably, the step of the satellite receiving the group authentication message and verifying the legality of the aggregate signature further includes: The satellite verifies the mathematical correspondence between the aggregate signature and the public key set of the member list through a bilinear pairing operation and outputs the verification result. If the verification is successful, the member list is recognized by all legitimate terminals in the list and has not been tampered with by the represented terminals; if the verification fails, the satellite directly rejects the access request.
[0013] Preferably, it also includes an access exception handling mechanism: The satellite maintains a dynamic blacklist database, storing the list of members whose verification failed and the identifiers of their representative terminals in the blacklist, and updating the corresponding trust scores. The trust score is calculated based on the sample size, and the trust score is inversely proportional to the probability of sampling. If, during the random inspection, it is found that the path proof returned by any terminal does not match the root hash, or if no return is received within the preset response timeout period, the satellite will terminate all access to the group and send an alarm to the ground control center.
[0014] Preferably, a monitoring mechanism is also included: The satellite periodically updates the group's temporary access key and requires representative terminals to update the root hash within a preset time step.
[0015] A second aspect of the present invention provides a satellite ground terminal group batch access authentication device, comprising: The terminal access module is used for ground terminal groups to synchronize time windows through beacon signals broadcast by satellite, perform peer discovery and identity sorting through near-field communication, construct aggregate signatures for group authentication to obtain group authentication messages, and the corresponding terminals send the group authentication messages to the satellite through a single satellite-to-ground link; The satellite access processing module is used to receive the group authentication message from the satellite and verify the legality of the aggregate signature. After the verification is successful, it randomly selects some terminals in the group to issue a challenge command and compares the root hash with the information returned by the selected terminals to obtain the group session key and admission decision.
[0016] Because the present invention adopts the above technical solution, it has the following advantages and positive effects compared with the prior art: By constructing a distributed hash tree and aggregating signatures to compress the terminal's authentication request into the uplink message, combined with the random verification mechanism on the satellite side that only samples a portion of the terminals, the spectrum pressure and collision probability of the satellite-to-ground link are greatly reduced.
[0017] By verifying the legitimacy of aggregate signatures through a single bilinear pairing operation on the satellite and combining bottom-up hash path reconstruction to verify only the sampled terminals, the technical effect of reducing onboard computational complexity is achieved, thereby reducing computational power consumption and memory usage.
[0018] By using near-field communication between terminals for peer discovery and logical sorting, exchanging hash values in pairs and recursively calculating the parent node in a distributed collaboration manner, the technology enables terminals to independently generate the same root hash without relying on any centralized node, avoiding single points of failure and enhancing access flexibility and resilience in dynamic self-organizing scenarios.
[0019] By using private keys to generate partial signatures for the member list at each terminal, using additive homomorphic properties to aggregate the signatures into a single aggregate signature at the representative terminal, and using bilinear pairing operations to verify the mathematical correspondence, the system achieves multiple cryptographic constraints, ensuring that the representative terminal cannot add illegal members or remove legal members from the member list, and that any tampering will cause the aggregate signature verification to fail.
[0020] By using a mechanism that includes the current timestamp and random challenge factor in the temporary key derivation and a one-time random number (Nonce) in the challenge command, the authentication credentials for each access are unique and old messages cannot be reused, effectively resisting replay attacks.
[0021] By randomly sampling some terminals via satellite, having the sampled terminals directly transmit the hash sequence of sibling nodes along the path from the leaf node to the root as path proof, and then reconstructing the hash path from bottom to top via satellite and comparing it with the root hash, the technical effect of preventing illegal terminals from providing correct path proof and triggering a rejection of the entire group if any terminal fails to verify is achieved.
[0022] By maintaining a dynamic blacklist database via satellite to record terminals that fail verification and their representative terminal identifiers, updating the corresponding trust scores, and dynamically adjusting the sample size for subsequent access checks based on the trust scores, the technical effect of adaptive security defense is achieved: the lower the trust score, the higher the probability of subsequent access checks.
[0023] By using a continuous monitoring mechanism that periodically updates the group's temporary access key via satellite and requires representative terminals to update the root hash within a preset time step, the technical effect of achieving a high degree of synchronization between the group authentication status and the actual ground topology and covering the entire lifecycle of security defense system before, during, and after access is achieved. Attached Figure Description
[0024] The specific embodiments of the present invention will be further described in detail below with reference to the accompanying drawings, wherein: Figure 1 This is the main flowchart of a batch access authentication method for satellite ground terminal groups in this invention; Figure 2 This is a flowchart of the tree structure construction process in this invention; Figure 3 This is a flowchart illustrating the signal interaction between the satellite and the terminal in this invention. Figure 4 This is a schematic diagram of random sampling and path verification in this invention. Detailed Implementation
[0025] The present invention will be further described in detail below with reference to the accompanying drawings and specific embodiments. The advantages and features of the present invention will become clearer from the following description and claims. It should be noted that the drawings are all in a very simplified form and use non-precise ratios, and are only used to facilitate and clarify the illustration of the embodiments of the present invention.
[0026] It should be noted that all directional indicators (such as up, down, left, right, front, back, etc.) in the embodiments of the present invention are only used to explain the relative positional relationship and movement of each component in a certain specific posture (as shown in the figure). If the specific posture changes, the directional indicator will also change accordingly.
[0027] First Embodiment See Figure 1 and Figure 3 The first aspect of the present invention provides a method for batch access authentication of satellite ground terminal groups, comprising: The ground terminal set synchronizes the time window through beacon signals broadcast by the satellite, performs peer discovery and identity sorting through near-field communication, constructs an aggregate signature for group authentication to obtain the group authentication message, and the corresponding terminal sends the group authentication message to the satellite through a single satellite-to-ground link; The satellite receives group authentication messages and verifies the legitimacy of aggregate signatures. After successful verification, it randomly selects some terminals in the group to issue challenge commands and compares the root hash with the information returned by the selected terminals to obtain the group session key and admission decision.
[0028] This scheme achieves a two-tiered collaborative mechanism—ground-based distributed aggregated signature single-reporting and satellite random sampling verification—to unify the high efficiency, low overhead, and tamper-proof and impersonation-proof properties of group batch access authentication. It solves the signaling congestion problem caused by long link delays and bandwidth limitations in traditional one-to-one authentication modes within satellite networks. The scheme employs a distributed self-organizing construction algorithm based on high-precision time window synchronization. Guided by satellite broadcast signals, a set of terminals within the same coverage area... The system enters a self-discovery cycle and performs logical sorting based on globally unique identifiers. Subsequently, the terminal set initiates a recursive computation process for the Distributed Message Authentication Code (MAC) tree. Each terminal, acting as a leaf node of the tree, first utilizes its local long-term key K. i A single access key is derived from the current access timestamp T and the random challenge factor R. The terminal performs an initial hash operation on the ID and its derived key to generate a basic MAC value as the leaf node. In each iteration, adjacent nodes calculate the parent node's value through a cascading approach: ,in This represents the depth of the tree. This recursive computation continues until a globally unique root hash is derived locally on all terminals. This approach ensures that the root hash serves as the digital fingerprint of the entire group's identity; any invalidity of a member's identity will cause a drastic change in the root hash. Simultaneously, to carry the identity trust of the entire group within a single signaling message, this scheme introduces an aggregate signature technique based on bilinear mapping. Within the group, each terminal utilizes its private key... For member list Root hash Perform partial signature generation. The terminal collects all partial signatures and uses additive homomorphism to compress them into a single aggregate signature. The process follows a bilinear pairwise equality verification: ,in For each terminal's public key, This is a system generator. This mathematical constraint ensures that a representative terminal cannot tamper with the member list without possessing all members' private keys. This design significantly reduces uplink load requirements, simplifying the authentication process from hundreds of handshakes to a single operation. The encapsulated message transmission significantly reduces the probability of collisions on the satellite access channel and improves the throughput of the satellite constellation under sudden large-scale access scenarios. When the satellite verification end receives the encapsulated message, it first calls the built-in hardware acceleration module to perform aggregate signature verification. If the aggregate signature equation holds, the proof list... The authenticity of the data was verified. Subsequently, the satellite entered a random sampling phase to balance computing resources. The satellite dynamically adjusted the sampling ratio based on the current load, randomly assigning members. Provide path proof The path proof is the set of hashes of all sibling nodes on the path from this node to the root node. Composition. After receiving the data, the satellite terminal performs a bottom-up reconstruction using the terminal's known identity information: Let... and recursively execute The satellite compares the final reconstructed values to see if they meet the requirements. This ensures the integrity of the audit. This direct feedback mode, which avoids direct connections to the terminal, guarantees the authenticity of the audit. The scheme employs an extremely strict access control strategy: if a single matching failure or response timeout occurs in the sampled data, the satellite will immediately determine that the group poses a security risk and execute a full group access denial command. Finally, the scheme also includes a dynamic lifecycle management mechanism. After the group passes initial authentication, the satellite will derive a temporary group session key based on the root hash. This is used for encryption of subsequent data transmission. If a ground terminal relocates, causing a group split, or a new node requests to join, the system supports partial updates based on a Merkle tree. If only nodes... The change, and the corresponding update cost is only The satellite only needs to receive and verify the affected branch hashes to update the global update. By combining the mathematical logic of distributed construction, aggregated signature verification, and random sampling path proof, this invention achieves an optimal balance between computational overhead, communication cost, and security strength, laying a solid technical foundation for the large-scale application of future space information networks.
[0029] This invention will be illustrated with a typical low-Earth orbit (LEO) satellite IoT access scenario. Imagine a disaster monitoring site in a remote area, with 100 terminals deployed. Due to their remote location, these terminals cannot access the internet via terrestrial base stations and must transmit data back through an LEO constellation. Because satellite transit time and bandwidth are limited, if each of these 100 terminals initiates an authentication handshake individually, it will cause severe signaling congestion. The following will demonstrate how this invention achieves efficient access through a distributed grouping strategy.
[0030] Group self-organization and time window synchronization phase. When the satellite enters the visible arc and broadcasts the beacon signal, the signal contains the current timestamp. Access window duration And the satellite's public key information. Ground terminal Upon receiving the beacon, the terminal uses its built-in high-precision temperature-compensated crystal oscillator for local clock alignment, ensuring that all members enter the same access cycle within microsecond-level errors. The terminal performs neighbor discovery via the near-field communication link. Each terminal is arranged in ascending order according to its own International Mobile Equipment Identity (IMEI), forming an ordered logical list. This sorting logic is crucial because any deviation in the order of nodes will lead to ambiguity in the calculation of the subsequent hash tree root value. Subsequently, each terminal uses a preset key derivation function, combined with the long-term root key... Calculate the temporary verification key for this access using the current satellite random factor. Iterative construction of a distributed MAC hash tree. In this embodiment, the terminal set adopts a bottom-up peer-to-peer computation model. Each terminal first independently calculates the MAC value of its leaf node. Next, based on the sorted logical positions, two adjacent terminals (such as...) and They exchanged their respective After receiving data from its neighbor, the terminal... and All will perform the same merge operation. ,in This is a pre-shared group identifier for this batch of terminals. In this way, the original 100 independent nodes are merged into 50 first-level parent nodes, then into 25 second-level parent nodes, and so on. After rounds of iteration, all terminals calculate a completely consistent root hash locally. This process does not have a fixed central control node; each node only needs to communicate with its neighbors, which greatly enhances the robustness of the system. Even if some terminals cannot communicate with the whole group due to terrain interference, they can be quickly restored through branch reconstruction. Figure 2 This demonstrates the logical evolution of a ground terminal set constructing a MAC tree through distributed collaboration, showcasing the layer-by-layer aggregation logic from leaf nodes to the root hash. It also covers the generation of aggregated signatures and the reporting of access requests. This is done to prove the member list. To ensure authenticity and prevent tampering by representative nodes, this embodiment employs an aggregate signature scheme based on bilinear mapping. Each terminal uses its private key to... Perform partial signature generation During this process, the system selects the terminal through an election mechanism. As representatives of this round of access, each terminal will Send to It uses the additive homomorphic property to aggregate them into a total signature. Subsequently, the representative of the terminal A concise access request packet is constructed, with its payload containing only: a root hash (32 bytes), a member list (represented by a compressed bitmap or digest), and an aggregate signature. Compared to the 100 independent identity requests in traditional schemes (involving thousands of bytes of signaling exchange), the encapsulated message of this invention greatly reduces uplink channel occupancy, allowing the satellite to complete the reception of the entire group's intent within a single random access slot. Figure 3 This is a flowchart illustrating the signaling sequence for satellite-to-ground group access authentication as described in this invention, depicting the interaction sequence between the ground representative terminal and the satellite. It also includes the verification and challenge sampling process on the satellite side. After receiving the request message from the representative terminal, the satellite first extracts the member list. The onboard security processing unit retrieves the publicly available parameters for the corresponding terminal from the list and executes the aggregation verification equation. The verification process is as follows. If the equation holds true, the satellite can be certain that these 100 terminals did indeed jointly sign the list, and that all IDs in the list are legitimate registered members. To further prevent replay attacks, the satellite initiates a random challenge procedure. Based on the current processor load, the satellite selects three audit terminals (e.g., ...) using a pseudo-random number generator. , , The system then issues a challenge command containing a random number (Nonce). The selected terminal must prove its existence in the hash tree. For example, it needs to send back the path proof it generated when building the MAC tree to the satellite. This refers to the hash value of its adjacent nodes in each iteration. Path matching and final admission decision. The satellite receives... Return Then, combined with what is known Information, simulating the hash iteration process of the ground segment. The satellite from... Initially, cascading hash operations are performed continuously with sibling nodes in the path proof until the top-level value is calculated. If the top-level value calculated by the satellite matches the value previously reported by the terminal... If the samples are completely identical and the nonce is timely enough, it proves that the terminal did indeed participate in the self-organizing construction on the ground, and its identity evidence is real-time and reliable. If all samples tested pass verification, the satellite will then transmit the results to... Issue a group access permission instruction and assign a temporary group session key, which can be used by... The derivation is then performed. Conversely, if any sample verification fails (for example, a terminal cannot provide the correct sibling node value, indicating that its ID may have been illegally impersonated), the satellite will determine that the entire group message is suspected of fraud and reject the access requests of all terminals in this instance. This mechanism compels ground terminals to verify each other during the self-organization phase to prevent unauthorized nodes from infiltrating. Figure 4This document details how the satellite verifies the integrity of the entire MAC tree by randomly selecting specific terminals and utilizing their provided sibling node hash values (path proofs). It also addresses group maintenance under dynamic coverage. Due to the extremely high speed of low-Earth orbit satellites, the system supports dynamic authentication based on branch updates when some terminals leave the coverage area or new terminals attempt to join. Newly joined terminals only need to request the current MAC tree structure from neighboring authenticated terminals and update the hash value of their respective branches. The representative terminal then only needs to report the branch change information and the new aggregate signature to the satellite, without replaying the complete authentication process for hundreds of terminals. This incremental update method keeps system maintenance overhead low. It perfectly meets the technical requirements of high dynamics and low latency in satellite communication, providing solid protocol support for building a large-scale integrated space-ground IoT access system.
[0031] See Figure 2 Preferably, the step of obtaining the group authentication message further includes: Construct a distributed, self-organizing authentication environment based on time window synchronization; Each terminal in the ground terminal set is peer-to-peer discovered through a near-field communication link, and the terminals are logically sorted according to their globally unique identifiers to obtain a list of terminal members. Each terminal in the ground terminal set uses its own identity as a leaf node, exchanges hash values with neighboring nodes in pairs, recursively calculates the parent node using a preset group key, and iteratively updates the root hash of each terminal. Based on the terminal's private key and root hash, a partial signature is generated through the corresponding terminal. All partial signatures are collected by the representative terminal and aggregated into a single aggregate signature to construct a group authentication message.
[0032] Through a four-step decentralized collaboration mechanism of time synchronization, near-field discovery and sorting, distributed tree building, and partial signature aggregation, the self-organized generation of group identity credentials, the extreme compression of uplink signaling, and the fixed signature length are achieved, laying a data foundation for efficient verification on the satellite side.
[0033] See Figure 2 Preferably, the step of updating the root hash of each terminal further includes: Construct a hash value from the globally unique identifier and current timestamp of each terminal in the ground terminal set, and set the hash value as the data of the leaf node of the corresponding terminal; Terminals are arranged in ascending order according to their globally unique identifiers, and each terminal is paired up. If the number of terminals is odd, the last terminal will copy its own hash value to complete the tree structure. Neighboring terminals exchange hash results via near-field broadcast protocol and calculate the parent node value based on a preset group key. The calculation expression is as follows: In the formula, The default group key. , These are the hash values of the left and right nodes in the adjacent nodes, respectively.
[0034] By employing a distributed iterative mechanism that binds leaf nodes to timestamps, sorts and pairs IDs, performs odd-number self-replication and completion, uses near-field broadcasting and swapping, and performs MAC recursive calculation, the technology enables all terminals to independently generate the same root hash without relying on a central node. This mechanism offers advantages such as replay resistance, forgery prevention, no single point of failure, and adaptability to any number of terminals, providing core support for the decentralized generation of group identity credentials.
[0035] Preferably, according to the satellite ground terminal group batch access authentication method of claim 1, the step of constructing the aggregate signature for group authentication further includes: Each terminal in the ground terminal set performs a hash operation on the message using its private key to obtain a hash result, and then maps the hash result to obtain a partial signature. The message includes the root hash, the terminal member list, and the timestamp. Each terminal sends a partial signature to the representative terminal; By collecting all partial signatures on behalf of the terminal, and utilizing the additive homomorphic property, all partial signatures are compressed into a single aggregate signature.
[0036] By leveraging the homomorphic property of addition, multiple partial signatures are compressed into a single aggregate signature, achieving a fixed signature length independent of the number of group members. This fundamentally solves the problem of signature length linearly increasing with the number of members in traditional schemes. Through cryptographic constraints—each terminal independently generating a partial signature using its own private key, and the representative terminal being unable to generate a valid aggregate signature independently—any attempt to add an illegal member or remove a legitimate member from the member list will result in aggregate signature verification failure, ensuring the authenticity and integrity of the member list. By having all terminals generate their own partial signatures, which are then aggregated by a representative terminal, the aggregate signature represents the collective recognition and endorsement of the member list and root hash by all terminals within the group. No terminal can subsequently deny its participation in the group authentication. By compressing multiple partial signatures into a single aggregate signature, the satellite can perform batch verification of all terminal signatures with a single verification operation, eliminating the need for individual decryption and verification of each terminal's signature, significantly improving onboard processing efficiency. By encapsulating the aggregate signature, as a core component of the group identity credential, along with the root hash and member list, into a single message, signaling congestion on the satellite-to-ground link is greatly alleviated.
[0037] See Figure 4 Preferably, the steps of obtaining the group session key and admission decision further include: Based on group authentication messages and public key stores, the validity of aggregated signatures is verified to determine whether each terminal in the member list belongs to the pre-registered set. The satellite dynamically calculates the sample size k and randomly selects k terminals from the ground terminal set as the sampled terminal set. The satellite sends a challenge message to the sampled terminal set and receives the path proof data returned by each sampled terminal. Based on path proof data, the hash path is reconstructed from bottom to top by satellite. The reconstruction result is matched with the root hash. The group session key and admission decision are obtained according to the matching result. The specific rules are: if all matches are successful, access permission is granted and the group session key is derived; otherwise, a group rejection policy is implemented and abnormal terminals are marked.
[0038] By performing aggregated signature legitimacy verification based on group authentication messages and a public key library, the technology achieves the effect of confirming whether all terminals in the member list belong to the pre-registered set with a single verification, eliminating the need to verify each terminal individually and significantly improving verification efficiency. It achieves the effect of reducing the number of sampling checks to ensure real-time processing when computing resources are limited, and increasing the number of sampling checks to ensure verification strength when security requirements are high, adaptively balancing security level and onboard computing overhead. By using a satellite to randomly select the set of terminals to be sampled using an encrypted random number generator, the technology achieves the effect of unpredictable sampling results and prevents attackers from preparing forged evidence in advance, ensuring the authenticity and representativeness of the sampling audit. By having the sampled terminals send back path proof data, and the satellite reconstructs the hash path from bottom to top and matches it with the root hash, the technology achieves the effect of verifying group integrity without requiring the satellite to reconstruct the entire hash tree, achieving the same security strength as global verification. By adopting a binary decision rule of opening if all matches are successful and rejecting the entire group if any fails, the technology achieves the effect of rejecting the entire group's access if any sampled terminal fails verification, preventing unauthorized terminals from infiltrating the network using group identities and increasing the threshold and cost of unauthorized access. By implementing a group-wide rejection policy and marking abnormal terminals when verification fails, the system achieves the technical effect of recording and tracing abnormal behavior, providing a data foundation for subsequent trust assessment and blacklist updates. Furthermore, by deriving a group session key based on the root hash after all matches are successful, the system ensures that legitimate groups obtain a unified data encryption key, guaranteeing the confidentiality of subsequent communications.
[0039] Preferably, the step of the satellite sending a challenge message to the sampled terminal set further includes: The satellite calculates the sample size k based on the current remaining computing resources of the onboard processor and the historical trust score of the group, using a probability model that dynamically adjusts based on security level and system load. A cryptographic random number generator generates k random index values, and k corresponding terminals are randomly selected from the member list as the sampled terminal set. Each of the randomly selected terminals in the cluster transmits path verification data directly back to the satellite via a satellite-to-ground link; The satellite starts from the hash value of the leaf node and performs cascaded hash operations with the hash values of adjacent nodes to obtain the hash value of the root node. Based on the hash value, a consistency comparison is performed with the root hash representing the terminal.
[0040] By using satellites to calculate the sample size based on the current computing resource availability of the onboard processor and the historical trust score of the group, a probabilistic model dynamically adjusted according to security level and system load is employed. This achieves the technical effect of adaptively adjusting the number of samples based on resource availability and trust score. An encrypted random number generator generates k random index values and randomly selects corresponding terminals from the member list as the sampled terminal set. This ensures the unpredictability of the selected terminals and prevents attackers from knowing the selected targets in advance and fabricating evidence, thus ensuring the authenticity and representativeness of the sampling audit. Each terminal in the sampled terminal set directly transmits path proof data back to the satellite via a satellite-to-ground link, bypassing the representative terminal. This protects the sampling response data from potential tampering or filtering by the representative terminal, ensuring the authenticity and reliability of the path proof data received by the satellite. Finally, the satellite performs cascaded hash operations, starting from the leaf node hash value and progressively connecting it to the hash values of adjacent nodes to obtain the root node hash value. This achieves the technical effect of completing the integrity verification of a single terminal with only hash operations, achieving the equivalent security strength of global verification with extremely low computational overhead. By comparing the root node hash value calculated layer by layer with the root hash reported by the representative terminal, the technical effect of accurately determining whether the sampled terminal truly participated in the group construction and whether there was any identity forgery can be achieved, providing a reliable basis for subsequent access decisions.
[0041] Preferably, the step of the satellite receiving the group authentication message and verifying the legitimacy of the aggregate signature further includes: The satellite verifies the mathematical correspondence between the aggregate signature and the public key set of the member list through a bilinear pairing operation and outputs the verification result. If the verification is successful, the member list is recognized by all legitimate terminals in the list and has not been tampered with by the represented terminals; if the verification fails, the satellite directly rejects the access request.
[0042] By verifying the mathematical correspondence between the aggregate signature and the public key set through a single bilinear pairing operation, the technical effects of decoupling verification complexity from the number of members, cryptographically proving the integrity of the member list, constraining the behavior of the representative terminal, saving resources by early rejection when verification fails, and quantifying the tamper resistance are achieved.
[0043] Preferably, it also includes an access exception handling mechanism: The satellite maintains a dynamic blacklist database, storing the list of members whose verification failed and the identifiers of their representative terminals in the blacklist, and updating the corresponding trust scores. Trust scores are calculated based on the sample size of the random inspection, achieving an inverse relationship between the trust score and the probability of random inspection. If, during the random inspection, it is found that the path proof returned by any terminal does not match the root hash, or if no return is received within the preset response timeout period, the satellite will terminate all access to the group and send an alarm to the ground control center.
[0044] By recording abnormal terminals in a dynamic blacklist database, achieving differentiated auditing with a trust score inversely proportional to the sampling probability, and triggering a full group rejection and sending an alarm when any terminal is abnormal, the system achieves full lifecycle security protection effects, including abnormal terminal isolation, trust-driven adaptive sampling, rapid circuit breaker defense, real-time security alerts, and continuous evolutionary defense.
[0045] Preferably, a monitoring mechanism is also included: The satellite periodically updates the group's temporary access key and requires representative terminals to update the root hash within a preset time step.
[0046] By periodically updating temporary access keys via satellite and requiring representative terminals to update the root hash within a preset time step, the system achieves full lifecycle security monitoring effects, including forward key security, synchronization of group status with ground topology, dynamic topology adaptive support, periodic rotation of session keys, automatic invalidation of offline terminals, and lightweight continuous authentication.
[0047] Second Embodiment A second aspect of the present invention provides a satellite ground terminal group batch access authentication device, comprising: The terminal access module is used for ground terminals to synchronize time windows through beacon signals broadcast by satellite, perform peer discovery and identity sorting through near-field communication, construct aggregate signatures for group authentication to obtain group authentication messages, and send the group authentication messages to the satellite through a single satellite-to-ground link. The satellite access processing module is used to receive group authentication messages from the satellite and verify the legitimacy of the aggregate signature. After successful verification, it randomly selects some terminals in the group to issue challenge commands and compares the root hash with the information returned by the selected terminals to obtain the group session key and admission decision.
[0048] By employing time window synchronization, near-field communication peer discovery and identity sorting, distributed hash tree construction, and aggregate signature generation, ground terminals can autonomously generate group identity credentials without relying on centralized nodes. Verifying the legitimacy of aggregate signatures through a single bilinear pairing operation, randomly sampling terminals and receiving their directly transmitted path proofs, and bottom-up reconstruction of hash paths compared with the root hash, achieves rapid auditing with computational overhead equivalent to global verification security strength. Through a group-wide rejection policy, dynamic blacklists and trust scoring mechanisms, and periodic key and root hash updates, comprehensive technical effects are achieved, including resistance to representative node tampering, resistance to replay attacks, trust-driven differentiated sampling, and continuous security defense throughout the entire lifecycle. The high-speed signaling receiving unit is used to receive and decapsulate group access request messages from ground representative terminals; the aggregation verification unit has a built-in hardware-level bilinear pairing operation acceleration module for real-time verification of aggregation signatures; the hash verification unit is responsible for high-speed hash comparison based on the path proof returned by random sampling; and the access control management unit is used to dynamically configure physical layer and link layer access control lists (ACLs) based on the verification results to realize batch and automated access management of ground terminal groups.
[0049] In the description of this application, it should be noted that the terms "inner" and "outer," etc., indicate the orientation or positional relationship based on the orientation or positional relationship shown in the accompanying drawings, or the orientation or positional relationship commonly used when the product is in use. They are used only for the convenience of describing this application and for simplifying the description, and do not indicate or imply that the device or element referred to must have a specific orientation, or be constructed and operated in a specific orientation. Therefore, they should not be construed as limitations on this application. Furthermore, the terms "first," "second," etc., are used only to distinguish descriptions and should not be construed as indicating or implying relative importance.
[0050] It should also be noted that, unless otherwise explicitly specified and limited, the terms "setup" and "connection" should be interpreted broadly. For example, they can refer to a fixed connection, a detachable connection, or an integral connection; they can refer to a direct connection or an indirect connection through an intermediate medium; and they can refer to the internal connection of two components. Those skilled in the art can understand the specific meaning of the above terms in this application based on the specific circumstances.
[0051] Those skilled in the art will clearly understand that, for the sake of convenience and brevity, the specific identification content executed by the system and device described above can be referred to the corresponding process in the foregoing method embodiments.
[0052] The embodiments of the present invention have been described in detail above with reference to the accompanying drawings, but the present invention is not limited to the above embodiments. Even if various changes are made to the present invention, if these changes fall within the scope of the claims of the present invention and their equivalents, they shall still fall within the protection scope of the present invention.
Claims
1. A method for batch access authentication of satellite ground terminal groups, characterized in that, include: The ground terminal set performs time window synchronization through beacon signals broadcast by satellite, performs peer discovery and identity sorting through near-field communication, constructs an aggregate signature for group authentication to obtain a group authentication message, and the corresponding terminal sends the group authentication message to the satellite through a single satellite-to-ground link; The satellite receives the group authentication message and verifies the legality of the aggregate signature. After successful verification, it randomly selects some terminals in the group to issue challenge commands and compares the root hash with the information returned by the selected terminals to obtain the group session key and admission decision.
2. The satellite ground terminal group batch access authentication method according to claim 1, characterized in that, The steps to obtain the group authentication message further include: Construct a distributed, self-organizing authentication environment based on time window synchronization; Each terminal in the ground terminal set is peer-to-peer discovered through a near-field communication link, and the terminals are logically sorted according to their globally unique identifiers to obtain a list of terminal members. Each terminal in the ground terminal set uses its own identity as a leaf node, exchanges hash values with neighboring nodes in pairs, recursively calculates the parent node using a preset group key, and iteratively updates the root hash of each terminal. Based on the terminal's private key and the root hash, a partial signature is generated through the corresponding terminal. All partial signatures are collected by the representative terminal and aggregated into a single aggregate signature to construct a group authentication message.
3. The satellite ground terminal group batch access authentication method according to claim 2, characterized in that, The steps of updating the root hash of each terminal further include: Construct a hash value from the globally unique identifier and current timestamp of each terminal in the ground terminal set, and set the hash value as the data of the leaf node of the corresponding terminal; Terminals are arranged in ascending order according to their globally unique identifiers, and each terminal is paired up. If the number of terminals is odd, the last terminal will copy its own hash value to complete the tree structure. Neighboring terminals exchange hash results via near-field broadcast protocol and calculate the parent node value based on a preset group key. The calculation expression is as follows: In the formula, The default group key. , These are the hash values of the left and right nodes in the adjacent nodes, respectively.
4. The satellite ground terminal group batch access authentication method according to claim 1, characterized in that, The steps of constructing the aggregate signature for group authentication further include: Each terminal in the ground terminal set performs a hash operation on the message using its private key to obtain a hash result, and then maps the hash result to obtain a partial signature. The message includes a root hash, a list of terminal members, and a timestamp. The partial signature is sent to the representative terminal through each terminal; By collecting all partial signatures on behalf of the terminal, and utilizing the additive homomorphic property, all partial signatures are compressed into a single aggregate signature.
5. The satellite ground terminal group batch access authentication method according to claim 1, characterized in that, The steps for obtaining group session keys and admission decisions further include: Based on the group authentication message and public key library, the validity of the aggregated signature is verified to determine whether each terminal in the member list belongs to the pre-registered set. The satellite dynamically calculates the sample size k and randomly selects k terminals from the ground terminal set as the sampled terminal set. The satellite sends a challenge message to the sampled terminal set and receives the path proof data returned by each sampled terminal. Based on the path proof data, the hash path is reconstructed from bottom to top by satellite, and the reconstruction result is matched with the root hash. The group session key and access decision are obtained according to the matching result. The specific rules are as follows: if all matches are successful, access permission is granted and a group session key is derived; otherwise, a group rejection policy is implemented and abnormal terminals are marked.
6. The satellite ground terminal group batch access authentication method according to claim 1, characterized in that, The steps of the satellite sending a challenge message to the sampled terminal set further include: The satellite calculates the sample size k based on the current remaining computing resources of the onboard processor and the historical trust score of the group, using a probability model that dynamically adjusts based on security level and system load. K random index values are generated by an encrypted random number generator, and k corresponding terminals are randomly selected from the member list as the terminal set to be sampled. Each of the randomly selected terminals in the cluster transmits path verification data directly back to the satellite via a satellite-to-ground link; The satellite performs cascaded hash operations layer by layer with the hash values of adjacent nodes, starting from the hash value of the leaf node, to obtain the hash value of the root node. Based on the hash value, a consistency comparison is performed with the root hash representing the terminal.
7. The satellite ground terminal group batch access authentication method according to claim 1, characterized in that, The step of the satellite receiving the group authentication message and verifying the legality of the aggregate signature further includes: The satellite verifies the mathematical correspondence between the aggregate signature and the public key set of the member list through a bilinear pairing operation and outputs the verification result. If the verification is successful, the member list is recognized by all legitimate terminals in the list and has not been tampered with by the represented terminals; if the verification fails, the satellite directly rejects the access request.
8. The satellite ground terminal group batch access authentication method according to claim 1, characterized in that, It also includes an access exception handling mechanism: The satellite maintains a dynamic blacklist database, storing the list of members whose verification failed and the identifiers of their representative terminals in the blacklist, and updating the corresponding trust scores. The trust score is calculated based on the sample size, and the trust score is inversely proportional to the probability of sampling. If, during the random inspection, it is found that the path proof returned by any terminal does not match the root hash, or if no return is received within the preset response timeout period, the satellite will terminate all access to the group and send an alarm to the ground control center.
9. The satellite ground terminal group batch access authentication method according to claim 1, characterized in that, It also includes a monitoring mechanism: The satellite periodically updates the group's temporary access key and requires representative terminals to update the root hash within a preset time step.
10. A satellite ground terminal group batch access authentication device, characterized in that, include: The terminal access module is used for ground terminal groups to synchronize time windows through beacon signals broadcast by satellite, perform peer discovery and identity sorting through near-field communication, construct aggregate signatures for group authentication to obtain group authentication messages, and the corresponding terminals send the group authentication messages to the satellite through a single satellite-to-ground link; The satellite access processing module is used to receive the group authentication message from the satellite and verify the legality of the aggregate signature. After the verification is successful, it randomly selects some terminals in the group to issue a challenge command and compares the root hash with the information returned by the selected terminals to obtain the group session key and admission decision.