CN102143488B - Method for safe communication between reader and electronic tag, reader and electronic tag - Google Patents

Method for safe communication between reader and electronic tag, reader and electronic tag Download PDF

Info

Publication number
CN102143488B
CN102143488B CN201010575476XA CN201010575476A CN102143488B CN 102143488 B CN102143488 B CN 102143488B CN 201010575476X A CN201010575476X A CN 201010575476XA CN 201010575476 A CN201010575476 A CN 201010575476A CN 102143488 B CN102143488 B CN 102143488B
Authority
CN
China
Prior art keywords
read write
write line
electronic tag
message
discriminating
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201010575476XA
Other languages
Chinese (zh)
Other versions
CN102143488A (en
Inventor
杜志强
曹军
铁满霞
张国强
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Iwncomm Co Ltd
Original Assignee
China Iwncomm Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Iwncomm Co Ltd filed Critical China Iwncomm Co Ltd
Priority to CN201010575476XA priority Critical patent/CN102143488B/en
Priority to PCT/CN2011/075915 priority patent/WO2012075797A1/en
Publication of CN102143488A publication Critical patent/CN102143488A/en
Application granted granted Critical
Publication of CN102143488B publication Critical patent/CN102143488B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/50Secure pairing of devices
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3271Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
    • H04L9/3273Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response for mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention provides a method for safe communication between a reader and an electronic tag, the reader and the electronic tag. The method for the safe communication between the reader and the electronic tag comprises the following steps that: 1) the reader and the electronic tag establish physical connection; and 2) the reader and the electronic tag establish a safety link. The invention provides a method for the safe communication between the reader and the electronic tag with higher safety, and the reader and the electronic tag for implementing the method.

Description

A kind of method of read write line and secure electronic label communication
Technical field
The invention belongs to network safety filed, relate to read write line and electronic tag that read write line and electronic tag in a kind of radio-frequency recognition system carry out the method for secure communication and realize the method.
Background technology
RFID (Radio Frequency Identificaton, RFID) technology is acknowledged as one of large important technology of 21 centurys ten as an advanced person's automatic identification and data collection technology, is also the main implementation technique of Internet of Things.At present, the RFID technology is applied in a lot of fields of society, on improve the human life quality, improve the performance of enterprises, enhancing public security is producing important impact.
Radio-frequency (RF) identification is as a kind of wireless technology, due to the wireless and broadcast characteristic in its communication process, subject to message and be ravesdropping, alter, forge, and entity the attack such as is hunted down, copies, need to introduce security mechanism and guarantee the fail safe of communicating by letter in communication process.
Summary of the invention
In order to solve the above-mentioned technical problem that exists in background technology, the invention provides the method for the higher read write line of a kind of fail safe and secure electronic label communication and realize read write line and the electronic tag of the method.
Technical solution of the present invention is: the invention provides a kind of method of read write line and secure electronic label communication, its special character is: said method comprising the steps of:
1) read write line and electronic tag are set up physical connection;
2) read write line and electronic tag are set up safety chain.
Above-mentioned steps 2) specific implementation is:
2.1.0) read write line has master key MK, label has wildcard PSK, and wildcard PSK is derived by calculating by the sign TID of master key MK and label;
2.1.1) read write line sends security parameter to label and obtain message, security parameter obtains the safety chain that message is used for starting read write line and label and sets up process;
2.1.2) after label received that the security parameter of read write line obtains message, label configurations security parameter response message sent to read write line, described security parameter response message comprises the security algorithm type that label is supported;
2.1.3) read write line is to label transmission discriminating request message, described discriminating request message comprises N rField, N rIt is the random number that read write line generates;
2.1.4) after label received the discriminating request message of read write line, if need to differentiate read write line, label generated random number N t, and utilize wildcard PSK to N r|| N tCalculation of integrity check code MIC 1, label returns differentiates request response to read write line, described discriminating request response comprises N r, N tAnd MIC 1, N wherein rBe Optional Field;
If label do not need read write line is differentiated, label utilizes wildcard PSK to N rCalculation of integrity check code MIC 1, and return and differentiate request response to read write line, described discriminating request response comprises N rAnd MIC 1, N wherein rBe Optional Field;
2.1.5) after read write line receives the discriminating request response that label returns, if message comprises N rAnd this N rWith read write line at step 2.1.3) in the random number N that generates rUnequal, read write line abandons this discriminating request response; If the discriminating request response comprises N rAnd this N rWith read write line at step 2.1.3) in the random number N that generates rEquate or differentiate that request response does not comprise N r, read write line utilizes the identifier TID of master key MK and label, derives PSK by MK||TID is calculated;
When read write line need to be differentiated label, read write line by PSK to N r|| N tRecomputate completeness check code MIC 1', and with MIC 1' with the discriminating request response received in MIC 1Relatively, if both unequal, read write line abandons this discriminating request response; If both equate, read write line thinks that label is legal, and read write line utilizes PSK to N tGenerate MIC 2, and sending discriminating response confirmation message to label, described discriminating response confirmation message comprises N t, MIC 2, N wherein tBe Optional Field;
When read write line does not need to differentiate label, read write line by PSK to N rRecomputate completeness check code MIC 1', and with MIC 1' with the discriminating request response received in MIC 1Relatively, if both unequal, read write line abandons this discriminating request response; If both equate, read write line thinks that label is legal;
2.1.6) after label receives the discriminating response confirmation message of read write line, if message comprises N tAnd this N tWith label at step 2.1.4) in the random number N that generates tUnequal, label is thought that read write line is illegal and is abandoned this discriminating response confirmation message; If differentiate that response confirmation message comprises N tAnd this N tWith label at step 2.1.4) in the random number N that generates tEquate or differentiate in response confirmation message not comprise N t, label utilizes PSK to N tRecomputate completeness check code MIC 2', with MIC 2' with the discriminating response confirmation message received in MIC 2Relatively;
Label is with MIC 2' with the discriminating response confirmation message received in MIC 2In the time of relatively, if unequal, label is thought that read write line is illegal and is abandoned this discriminating response confirmation message; If equate, label thinks that read write line is legal.
Above-mentioned steps 2.1.6) afterwards, read write line needs label is differentiated and label when also needing differentiate read write line, and label sends identification result message to read write line; If label thinks that read write line is legal, described discriminating response confirmation message comprises the discriminating success message; If label thinks that read write line is illegal, described discriminating response confirmation message comprises the discriminating failed message.
If read write line needs to differentiate with label and label also needs read write line is differentiated, at step 2.1.4) in, label utilizes N r, N tAnd PSK derives and the session key of read write line, at step 2.1.5) in, read write line utilizes N r, N tAnd PSK derives and the session key of label;
Label does not need read write line is differentiated if the read write line need are differentiated label, at step 2.1.4) in, label utilizes N rWith the session key of PSK derivation with read write line, at step 2.1.5) in, read write line utilizes N rWith the session key of PSK derivation with label.
Above-mentioned steps 2) specific implementation can also be:
2.2.0) read write line has master key MK, label has wildcard PSK, and wildcard PSK is derived by calculating by the sign TID of master key MK and label;
2.2.1) read write line sends security parameter to label and obtain message, security parameter obtains the safety chain that message is used for starting with label and sets up process;
2.2.2) after label received that the security parameter of read write line obtains message, label configurations security parameter response message sent to read write line, described security parameter response message comprises the security algorithm class that label is supported;
2.2.3) read write line is to label transmission discriminating activation message, discriminating activates message for the discrimination process of startup label to read write line;
2.2.4) after label receives that discriminating that read write line sends activates message, generate random number N t, and construct and differentiate that request message sends to read write line, comprise N in described discriminating request message t
2.2.5) after read write line received the discriminating request message that label returns, at first read write line utilized the identifier TID of master key MK and label, derives PSK by MK||TID is calculated, PSK is to N for recycling tCalculation of integrity check code MIC 1, read write line sends to label and differentiates request response, and described discriminating request response comprises N t, MIC 1, N wherein tBe Optional Field;
2.2.6) after label receives the discriminating request response that read write line returns, if message comprises N tAnd this N tWith label at step 2.2.4) in the random number N that generates tUnequal, label is thought that read write line is illegal and is abandoned this discriminating request response; If the discriminating request response comprises N tAnd with label at step 2.2.4) in the random number N that generates tEquate or differentiate that the request response kind does not comprise N t, label utilizes PSK to N tCalculation of integrity check code MIC 1', and with MIC 1' with the discriminating request response received in MIC 1Relatively, if unequal, label is thought that read write line is illegal and is abandoned this discriminating request response, if equate, label thinks that read write line is legal.
Above-mentioned steps 2.2.6) afterwards, label sends identification result message to read write line; If label thinks that read write line is legal, this message comprises the discriminating success message, if label thinks that read write line is illegal; This message comprises the discriminating failed message.
At step 2.2.5) in, read write line utilizes N tWith the session key of PSK derivation with label, at step 2.1.6) in, label utilizes N tWith the session key of PSK derivation with read write line.
The method also comprises the secure access process, and namely read write line and label can utilize the session key of derivation to be encrypted transmission to the conversation message between read write line and label.
The specific implementation of secure access process is:
3.1) read write line structure is to the operational order of label, utilizes session key and cryptographic algorithm to be encrypted the operational order of label and forms encrypt data ER, read write line is with the load of ER as secure access message, and structure secure access message sends to label;
3.2) after label receives the secure access message of read write line, at first resolve described secure access message and obtain its load, to obtain read write line to the operational order of label after the load deciphering, label is according to the operational order tectonic response data of read write line to label, and after this response data is encrypted, the load as the secure access response message sends to read write line;
3.3) after read write line receives the secure access response message that label sends, described secure access response message is resolved and its load is decrypted obtain label to the response data of read write line operational order.
The present invention also provides a kind of read write line, and its special character is: described read write line has
Set up the function of physical connection with electronic tag; And
Set up the function of safety chain with electronic tag.
A kind of form of described read write line is:
Described read write line has master key MK;
Described read write line can send security parameter to label and obtain message;
Described read write line receives can send to label after the security parameter response message of label and differentiates request message, and described discriminating request message comprises N rField, N rIt is the random number that read write line generates;
Described read write line can judge the N that whether comprises that differentiates in request response after receiving the discriminating request response of label rAnd this N rThe N that whether generates with described read write line rEquate, if differentiate that request response comprises N rAnd this N rWith the N that generates with described read write line rUnequal, described read write line abandons this discriminating request response; If the discriminating request response comprises N rAnd this N rN with described read write line generation rEquate or differentiate that request response does not comprise N r, described read write line utilizes the identifier TID of master key MK and label, derives PSK by MK||TID is calculated;
When described read write line need to be differentiated label, read write line can be by PSK to N r|| N tRecomputate completeness check code MIC 1', and with MIC 1' with the MIC that differentiates in request response 1Relatively, if both unequal, described read write line abandons this discriminating request response; If both equate, described read write line thinks that label is legal, and read write line utilizes PSK to N tGenerate MIC 2, and sending discriminating response confirmation message to label, described discriminating response confirmation message comprises N t, MIC 2, N wherein tBe Optional Field;
Described when writing device and not needing to differentiate label when reading, described read write line by PSK to N rRecomputate completeness check code MIC 1', and with MIC 1' with the MIC that differentiates in request response 1Relatively, if both unequal, described read write line abandons this discriminating request response; If both equate, described read write line thinks that label is legal;
The another kind of form of described read write line is:
Described read write line has master key MK;
Described read write line can send security parameter to label and obtain message, and security parameter obtains message and sets up process for the safety chain that starts with label;
Described read write line is received after the security parameter response message of label to send to label and is differentiated and activate message, differentiates that activating message is used for starting label to the discrimination process of read write line;
After described read write line is received the discriminating request message of label, can utilize the identifier TID of master key MK and label, derive PSK by MK||TID is calculated, PSK is to N for recycling tCalculation of integrity check code MIC 1, and sending the discriminating request response to label, described discriminating request response comprises N t, MIC 1, N wherein tBe Optional Field.
The present invention also provides a kind of electronic tag, and its special character is: described electronic tag has
Set up the function of physical connection with read write line; And
Set up the function of safety chain with read write line.
A kind of form of described label is:
Described label has wildcard PSK;
After described label receives that the security parameter of read write line obtains message, can construct the security parameter response message and send to read write line, described security parameter response message comprises the security algorithm type that label is supported;
After described label was received the discriminating request message of read write line, if need to differentiate read write line, described label can generate random number N t, and utilize wildcard PSK to N r|| N tCalculation of integrity check code MIC 1, label returns differentiates request response to read write line, described discriminating request response comprises N r, N tAnd MIC 1, wherein, N rThe random number that read write line generates, N rBe Optional Field;
If described label do not need read write line is differentiated, described label can utilize wildcard PSK to N rCalculation of integrity check code MIC 1, and return and differentiate request response to read write line, described discriminating request response comprises N r, MIC 1, N wherein rBe Optional Field;
Described label can judge to differentiate in response confirmation message whether comprise N after receiving the discriminating response confirmation message of read write line tAnd this N tRandom number N with described label generation tWhether equate, if differentiate that response confirmation message comprises N tAnd this N tRandom number N with described label generation tUnequal, described label is thought that read write line is illegal and is abandoned this discriminating response confirmation message; If differentiate that response confirmation message comprises N tAnd this N tRandom number N with the label generation tEquate or differentiate that response confirmation message does not comprise N t, described label utilizes PSK to N tRecomputate completeness check code MIC 2', with MIC 2' with the discriminating response confirmation message received in MIC 2Relatively;
Described label can be with MIC 2' with the MIC that differentiates in response confirmation message 2Relatively, if unequal, described label is thought that read write line is illegal and is abandoned this discriminating response confirmation message; If equate, described label thinks that read write line is legal.
A kind of form of described label is:
Described label has wildcard PSK;
After described label receives that the security parameter of read write line obtains message, can construct the security parameter response message and send to read write line, described security parameter response message comprises the security algorithm class that label is supported;
Described label can generate random number N after receiving that the discriminating of read write line transmission activates message t, and construct and differentiate that request message sends to read write line, comprise N in described discriminating request message t
Described label can judge to differentiate in the request response whether comprise N after receiving the discriminating request response of read write line tAnd this N tRandom number N with described label generation tWhether equate, if the request response of discriminating comprises N tAnd this N tThe random number N that is becoming with described label tUnequal, described label is thought that read write line is illegal and is abandoned this discriminating request response; If the discriminating request response comprises N tAnd the random number N with the label generation tEquate or differentiate that the request response kind does not comprise N t, label utilizes PSK to N tCalculation of integrity check code MIC 1', and with MIC 1' with the discriminating request response received in MIC 1Relatively, if unequal, described label is thought that read write line is illegal and is abandoned this discriminating request response, if equate, described label thinks that read write line is legal.
The present invention has the following advantages:
Set up by the safety chain between read write line and label the legitimacy that process is guaranteed the communication counterpart identity, and when needed for read write line and label negotiate session key, thereby set up the secure communications links between read write line and label.In addition, the present invention also has following advantage: 1) reduction system realizes cost, and safety chain method for building up provided by the invention does not need the background data base support, and system realizes that cost is lower; 2) improve the efficient set up safety chain, safety chain method for building up provided by the invention need not Query Database in setting up the process of link, and identification efficiency is higher.
In addition, this law is bright also can utilize safety chain to set up to negotiate in process session key read write line to be encrypted the form of rear load as secure access message to the operational order of label, realize the confidentiality of communication data in read write line access tag process, thereby further guaranteed the fail safe of communicating by letter between read write line and label.
Description of drawings
Fig. 1 is the schematic flow sheet of read write line provided by the present invention and secure electronic label communication method;
Fig. 2 is that the safety chain between read write line and label is set up process the first embodiment schematic diagram;
Fig. 3 is that the safety chain between read write line and label is set up process the second embodiment schematic diagram;
Fig. 4 is that read write line provided by the present invention is to the secure access process schematic diagram of label.
Embodiment
Before read write line and label communication, read write line has master key MK, and label has shared key PSK, and shared key PSK is derived by calculating by the sign TID of master key and label.
Referring to Fig. 1, specific implementation process of the present invention comprises:
1. the process of setting up of physical connection:
Read write line (label) is initiated the physical connection of handshake procedure foundation and label (read write line).
2. the process of setting up of safety chain:
Referring to Fig. 2, the process of setting up of safety chain comprises the following steps:
(1) read write line sends security parameter to label and obtains message, and security parameter obtains message and sets up process for the safety chain that starts read write line and label.
(2) after the security parameter of receiving read write line obtained message, label configurations security parameter response message sent to read write line, and this security parameter response message comprises the security algorithm type that label is supported.
(3) read write line sends to label and differentiates request message, the discrimination process of beginning read write line to label, and this message comprises N rField, N rIt is the random number that read write line generates.
(4) after label was received the discriminating request message of read write line, if need to differentiate read write line, label generated random number N t, and utilize wildcard PSK to N r|| N tCalculation of integrity check code MIC 1, label returns differentiates request response to read write line, this discriminating request response comprises N r, N tAnd MIC 1, N wherein rBe Optional Field; If label do not need read write line is differentiated, label utilizes wildcard PSK to N rCalculation of integrity check code MIC 1, and return and differentiate request response to read write line, this discriminating request response comprises N r, MIC 1, N wherein rBe Optional Field.
In this step, alternatively, if the read write line need are differentiated by label and label also needs to differentiate to read write line, label can utilize N r, N tAnd PSK derives and the session key of read write line; If only need read write line to do unidirectional discriminating to label, when namely label did not need read write line is differentiated, label can utilize N rWith the session key of PSK derivation with read write line.
(5) after read write line is received the discriminating request response that label returns, if message comprises N rAnd this N rThe random number N that generates in step (3) with read write line rUnequal, read write line abandons this discriminating request response; If the discriminating request response comprises N rAnd this N rThe random number N that generates in step (3) with read write line rEquate or differentiate that request response does not comprise N r, read write line utilizes the identifier TID of master key MK and label, derives PSK by MK||TID is calculated.When read write line need to be differentiated label, read write line by PSK to N r|| N tRecomputate completeness check code MIC 1', and with MIC 1' with the discriminating request response received in MIC 1Relatively, if both unequal, read write line abandons this discriminating request response; If both equate, read write line thinks that label is legal, and read write line utilizes PSK to N tGenerate MIC 2, and sending discriminating response confirmation message to label, this message comprises N t, MIC 2, N wherein tBe Optional Field.When read write line does not need to differentiate label, read write line by PSK to N rRecomputate completeness check code MIC 1', and with MIC 1' with the discriminating request response received in MIC 1Relatively, if both unequal, read write line abandons this discriminating request response; If both equate, read write line thinks that label is legal.
In this step, alternatively, if read write line is differentiated label and label when also needing read write line is also differentiated, read write line can utilize N r, N tAnd PSK derives and the session key of label; If only need read write line to do unidirectional discriminating to label, when namely label did not need read write line is differentiated, read write line can utilize N rWith the session key of PSK derivation with label.
(6) after label is received the discriminating response confirmation message of read write line, if message comprises N tAnd this N tThe random number N that generates in step (4) with label tUnequal, label is thought that read write line is illegal and is abandoned this discriminating response confirmation message; If differentiate that response confirmation message comprises N tAnd this N tThe random number N that generates in step (4) with label tEquate or differentiate that response confirmation message does not comprise N t, label utilizes PSK to N tRecomputate completeness check code MIC 2', with MIC 2' with the discriminating response confirmation message received in MIC 2Relatively, if unequal, label is thought that read write line is illegal and is abandoned this discriminating response confirmation message; If equate, label thinks that read write line is legal.During two-way discriminating, be that read write line needs label is differentiated and label when also needing differentiate read write line, label can send identification result message to read write line, if label thinks that read write line is legal, this message comprises the discriminating success message, if label thinks that read write line is illegal, this message comprises the discriminating failed message.Wherein, identification result message is optional.
Referring to Fig. 3, another implementation method that safety chain is set up process comprises the following steps:
(1) read write line sends security parameter to label and obtains message, and security parameter obtains message and sets up process for the safety chain that starts with label.
(2) after the security parameter of receiving read write line obtained message, label configurations security parameter response message sent to read write line, and this security parameter response message comprises the security algorithm type that label is supported.
(3) read write line sends to label and differentiates activation message, differentiates that activating message is used for starting label to the discrimination process of read write line.
(4) after the discriminating that sends of the read write line received of label activates message, generate random number N t, and construct and differentiate that request message sends to read write line, comprise N in this message t
(5) read write line is received be the discriminating request message that returns of label after, at first read write line utilizes the identifier TID of master key MK and label, derives PSK by MK||TID is calculated, PSK is to N for recycling tCalculation of integrity check code MIC 1, read write line sends to label and differentiates request response, and this message comprises N t, MIC 1, N wherein tBe Optional Field.In this step, alternatively, read write line can utilize N tWith the session key of PSK derivation with label.
(6) label is received be the discriminating request response returned of read write line after, if message comprises N tAnd this N tThe random number N that generates in step (4) with label tUnequal, label is thought that read write line is illegal and is abandoned this discriminating request response; If the discriminating request response comprises N tAnd the random number N that generates in step (4) with label tEquate or differentiate that the request response kind does not comprise N t, label utilizes PSK to N tCalculation of integrity check code MIC 1', and with MIC 1' with the discriminating request response received in MIC 1Relatively, if unequal, label is thought that read write line is illegal and is abandoned this discriminating request response; If equate, label thinks that read write line is legal.Label can send identification result message to read write line, if label thinks that read write line is legal, this message comprises the discriminating success message, if label thinks that read write line is illegal, this message comprises the discriminating failed message.Wherein, identification result message is optional.In addition, in this step, alternatively, label can utilize N tWith the session key of PSK derivation with read write line.
The present invention has the following advantages: set up by the safety chain between read write line and label the legitimacy that process is guaranteed the communication counterpart identity, and when needed for read write line and label negotiate session key, thereby set up secure communications links between read write line and label.In addition, the present invention also has following advantage: 1) reduction system realizes cost, and safety chain method for building up provided by the invention does not need the background data base support, and system realizes that cost is lower; 2) improve the efficient set up safety chain, safety chain method for building up provided by the invention need not Query Database in setting up the process of link, and identification efficiency is higher.
Referring to Fig. 4, for the confidentiality that realizes communicating by letter between read write line and label, the present invention comprises that also following read write line is to the secure access process of label.
3. secure access process
After safety chain is successfully established, the addressable label data of read write line, when read write line and labeling requirement secure communication, if read write line and label have been derived the session key of sharing, read write line and label can utilize shared session key to be encrypted transmission to conversation message, referring to Fig. 4, detailed process is as follows:
(1) operational order of read write line structure to label, read write line can be read command, write order etc. to the operational order of label.Utilize session key and cryptographic algorithm that read write line is encrypted the operational order of label and form encrypt data ER, read write line is with the load of ER as secure access message, and structure secure access message sends to label;
(2) after label is received the secure access message of read write line, at first resolve this message and obtain its load, to obtain read write line to the operational order of label after the load deciphering, label is according to these operational order tectonic response data, and after this response data is encrypted, the load as the secure access response message sends to read write line;
(3) after read write line is received the secure access response message of label transmission, this response message is resolved and its load is decrypted the acquisition label to the response data of read write line operational order.
The session key that secure access process of the present invention is utilized safety chain to set up to negotiate in process is encrypted read write line the form of rear load as secure access message to the operational order of label, realize the confidentiality of communication data in read write line access tag process, thereby further guaranteed the fail safe of communicating by letter between read write line and label.
The present invention also provides a kind of read write line, and described read write line has the function of setting up physical connection with electronic tag; And set up the function of safety chain with electronic tag.This read write line has two kinds of forms, a kind ofly is: described read write line has master key MK; Described read write line can send security parameter to label and obtain message; Described read write line receives can send to label after the security parameter response message of label and differentiates request message, and described discriminating request message comprises N rField, N rIt is the random number that read write line generates; Described read write line can judge the N that whether comprises that differentiates in request response after receiving the discriminating request response of label rAnd this N rThe N that whether generates with described read write line rEquate, if differentiate that request response comprises N rAnd this N rWith the N that generates with described read write line rUnequal, described read write line abandons this discriminating request response; If the discriminating request response comprises N rAnd this N rN with described read write line generation rEquate or differentiate that request response does not comprise N r, described read write line utilizes the identifier TID of master key MK and label, derives PSK by MK||TID is calculated; When described read write line need to be differentiated label, read write line can be by PSK to N r|| N tRecomputate completeness check code MIC 1', and with MIC 1' with the MIC that differentiates in request response 1Relatively, if both unequal, described read write line abandons this discriminating request response; If both equate, described read write line thinks that label is legal, and read write line utilizes PSK to N tGenerate MIC 2, and sending discriminating response confirmation message to label, described discriminating response confirmation message comprises N t, MIC 2, N wherein tBe Optional Field; Described when writing device and not needing to differentiate label when reading, described read write line by PSK to N rRecomputate completeness check code MIC 1', and with MIC 1' with the MIC that differentiates in request response 1Relatively, if both unequal, described read write line abandons this discriminating request response; If both equate, described read write line thinks that label is legal.Another kind is: described read write line has master key MK; Described read write line can send security parameter to label and obtain message, and security parameter obtains message and sets up process for the safety chain that starts with label; Described read write line is received after the security parameter response message of label to send to label and is differentiated and activate message, differentiates that activating message is used for starting label to the discrimination process of read write line; After described read write line is received the discriminating request message of label, can utilize the identifier TID of master key MK and label, derive PSK by MK||TID is calculated, PSK is to N for recycling tCalculation of integrity check code MIC 1, and sending the discriminating request response to label, described discriminating request response comprises N t, MIC 1, N wherein tBe Optional Field.
The present invention also provides a kind of electronic tag, and described electronic tag has the function of setting up physical connection with read write line; And set up the function of safety chain with read write line.The corresponding read write line of this electronic tag also has two kinds of forms, a kind ofly is: described label has wildcard PSK; After described label receives that the security parameter of read write line obtains message, can construct the security parameter response message and send to read write line, described security parameter response message comprises the security algorithm type that label is supported; After described label was received the discriminating request message of read write line, if need to differentiate read write line, described label can generate random number N t, and utilize wildcard PSK to N r|| N tCalculation of integrity check code MIC 1, label returns differentiates request response to read write line, described discriminating request response comprises N r, N tAnd MIC 1, wherein, N rThe random number that read write line generates, N rBe Optional Field; If described label do not need read write line is differentiated, described label can utilize wildcard PSK to N rCalculation of integrity check code MIC 1, and return and differentiate request response to read write line, described discriminating request response comprises N r, MIC 1, N wherein rBe Optional Field; Described label can judge to differentiate in response confirmation message whether comprise N after receiving the discriminating response confirmation message of read write line tAnd this N tRandom number N with described label generation tWhether equate, if differentiate that response confirmation message comprises N tAnd this N tRandom number N with described label generation tUnequal, described label is thought that read write line is illegal and is abandoned this discriminating response confirmation message; If differentiate that response confirmation message comprises N tAnd this N tRandom number N with the label generation tEquate or differentiate that response confirmation message does not comprise N t, described label utilizes PSK to N tRecomputate completeness check code MIC 2', with MIC 2' with the discriminating response confirmation message received in MIC 2Relatively; Described label can be with MIC 2' with the MIC that differentiates in response confirmation message 2Relatively, if unequal, described label is thought that read write line is illegal and is abandoned this discriminating response confirmation message; If equate, described label thinks that read write line is legal.Another kind is: described label has wildcard PSK; After described label receives that the security parameter of read write line obtains message, can construct the security parameter response message and send to read write line, described security parameter response message comprises the security algorithm class that label is supported; Described label can generate random number N after receiving that the discriminating of read write line transmission activates message t, and construct and differentiate that request message sends to read write line, comprise N in described discriminating request message tDescribed label can judge to differentiate in the request response whether comprise N after receiving the discriminating request response of read write line tAnd this N tRandom number N with described label generation tWhether equate, if the request response of discriminating comprises N tAnd this N tThe random number N that is becoming with described label tUnequal, described label is thought that read write line is illegal and is abandoned this discriminating request response; If the discriminating request response comprises N tAnd the random number N with the label generation tEquate or differentiate that the request response kind does not comprise N t, label utilizes PSK to N tCalculation of integrity check code MIC 1', and with MIC 1' with the discriminating request response received in MIC 1Relatively, if unequal, described label is thought that read write line is illegal and is abandoned this discriminating request response, if equate, described label thinks that read write line is legal.

Claims (12)

1. the method for a read write line and secure electronic label communication is characterized in that: said method comprising the steps of:
1) read write line and electronic tag are set up physical connection;
2) read write line and electronic tag are set up safety chain:
2.1.0) read write line has master key MK, electronic tag has wildcard PSK, and wildcard PSK is derived by calculating by the sign TID of master key MK and electronic tag;
2.1.1) read write line sends security parameter to electronic tag and obtain message, security parameter obtains the safety chain that message is used for starting read write line and electronic tag and sets up process;
2.1.2) after electronic tag received that the security parameter of read write line obtains message, electronic tag structure security parameter response message sent to read write line, described security parameter response message comprises the security algorithm type that electronic tag is supported;
2.1.3) read write line is to electronic tag transmission discriminating request message, described discriminating request message comprises N rField, N rIt is the random number that read write line generates;
2.1.4) after electronic tag received the discriminating request message of read write line, if need to differentiate read write line, electronic tag generated random number N t, and utilize wildcard PSK to N r|| N tCalculation of integrity check code MIC 1, electronic tag returns differentiates request response to read write line, described discriminating request response comprises N r, N tAnd MIC 1, N wherein rBe Optional Field;
If electronic tag do not need read write line is differentiated, electronic tag utilizes wildcard PSK to N rCalculation of integrity check code MIC 1, and return and differentiate request response to read write line, described discriminating request response comprises N rAnd MIC 1, N wherein rBe Optional Field;
2.1.5) after read write line receives the discriminating request response that electronic tag returns, if message comprises N rAnd this N rWith read write line at step 2.1.3) in the random number N that generates rUnequal, read write line abandons this discriminating request response; If the discriminating request response comprises N rAnd this N rWith read write line at step 2.1.3) in the random number N that generates rEquate or differentiate that request response does not comprise N r, read write line utilizes the identifier TID of master key MK and electronic tag, derives PSK by MK||TID is calculated;
When read write line need to be differentiated electronic tag, read write line by PSK to N r|| N tRecomputate completeness check code MIC 1', and with MIC 1' with the discriminating request response received in MIC 1Relatively, if both unequal, read write line abandons this discriminating request response; If both equate, read write line thinks that electronic tag is legal, and read write line utilizes PSK to N tGenerate MIC 2, and sending discriminating response confirmation message to electronic tag, described discriminating response confirmation message comprises N t, MIC 2, N wherein tBe Optional Field;
When read write line does not need to differentiate electronic tag, read write line by PSK to N rRecomputate completeness check code MIC 1', and with MIC 1' with the discriminating request response received in MIC 1Relatively, if both unequal, read write line abandons this discriminating request response; If both equate, read write line thinks that electronic tag is legal;
2.1.6) after electronic tag receives the discriminating response confirmation message of read write line, if message comprises N tAnd this N tWith electronic tag at step 2.1.4) in the random number N that generates tUnequal, electronic tag is thought that read write line is illegal and is abandoned this discriminating response confirmation message; If differentiate that response confirmation message comprises N tAnd this N tWith electronic tag at step 2.1.4) in the random number N that generates tEquate or differentiate that response confirmation message does not comprise N t, electronic tag utilizes PSK to N tRecomputate completeness check code MIC 2', with MIC 2' with the discriminating response confirmation message received in MIC 2Relatively;
Electronic tag is with MIC 2' with the discriminating response confirmation message received in MIC 2In the time of relatively, if unequal, electronic tag is thought that read write line is illegal and is abandoned this discriminating response confirmation message; If equate, electronic tag thinks that read write line is legal.
2. the method for read write line according to claim 1 and secure electronic label communication, it is characterized in that: described step 2.1.6) afterwards, read write line needs electronic tag is differentiated and electronic tag when also needing differentiate read write line, and electronic tag sends identification result message to read write line; If electronic tag thinks that read write line is legal, described discriminating response confirmation message comprises the discriminating success message; If electronic tag thinks that read write line is illegal, described discriminating response confirmation message comprises the discriminating failed message.
3. the method for read write line according to claim 2 and secure electronic label communication, is characterized in that: if read write line needs to differentiate with electronic tag and electronic tag also needs read write line is differentiated, at step 2.1.4) in, electronic tag utilizes N r, N tAnd PSK derives and the session key of read write line, at step 2.1.5) in, read write line utilizes N r, N tAnd PSK derives and the session key of electronic tag;
Electronic tag does not need read write line is differentiated if the read write line need are differentiated electronic tag, at step 2.1.4) in, electronic tag utilizes N rWith the session key of PSK derivation with read write line, at step 2.1.5) in, read write line utilizes N rWith the session key of PSK derivation with electronic tag.
4. the method for read write line according to claim 3 and secure electronic label communication, is characterized in that: if read write line needs to differentiate with electronic tag and electronic tag also needs read write line is differentiated, at step 2.1.4) in, electronic tag utilizes N r, N tAnd PSK derives and the session key of read write line, at step 2.1.5) in, read write line utilizes N r, N tAnd PSK derives and the session key of electronic tag;
Electronic tag does not need read write line is differentiated if the read write line need are differentiated electronic tag, at step 2.1.4) in, electronic tag utilizes N rWith the session key of PSK derivation with read write line, at step 2.1.5) in, read write line utilizes N rWith the session key of PSK derivation with electronic tag.
5. the method for read write line according to claim 4 and secure electronic label communication, it is characterized in that: described step 2.1.6), electronic tag utilizes N tWith the session key of PSK derivation with read write line.
6. the method for according to claim 1 and 2 or 3 or 4 or 5 described read write lines and secure electronic label communication, it is characterized in that: the method for described read write line and secure electronic label communication also comprises the secure access process, and namely read write line and electronic tag can utilize the session key of derivation to be encrypted transmission to the conversation message between read write line and electronic tag.
7. the method for read write line according to claim 6 and secure electronic label communication, it is characterized in that: the specific implementation of described secure access process is:
3.1) read write line structure is to the operational order of electronic tag, utilize session key and cryptographic algorithm to be encrypted the operational order of electronic tag and form encrypt data ER, read write line is with the load of ER as secure access message, and structure secure access message sends to electronic tag;
3.2) after electronic tag receives the secure access message of read write line, at first resolve described secure access message and obtain its load, to obtain read write line to the operational order of electronic tag after the load deciphering, electronic tag is according to the operational order tectonic response data of read write line to electronic tag, and after this response data is encrypted, the load as the secure access response message sends to read write line;
3.3) after read write line receives the secure access response message that electronic tag sends, described secure access response message is resolved and its load is decrypted the electron gain label to the response data of read write line operational order.
8. the method for a read write line and secure electronic label communication is characterized in that: said method comprising the steps of:
1) read write line and electronic tag are set up physical connection;
2) read write line and electronic tag are set up safety chain:
2.2.0) read write line has master key MK, electronic tag has wildcard PSK, and wildcard PSK is derived by calculating by the sign TID of master key MK and electronic tag;
2.2.1) read write line sends security parameter to electronic tag and obtain message, security parameter obtains the safety chain that message is used for starting with electronic tag and sets up process;
2.2.2) after electronic tag received that the security parameter of read write line obtains message, electronic tag structure security parameter response message sent to read write line, described security parameter response message comprises the security algorithm class that electronic tag is supported;
2.2.3) read write line is to electronic tag transmission discriminating activation message, discriminating activates message for the discrimination process of startup electronic tag to read write line;
2.2.4) after electronic tag receives that discriminating that read write line sends activates message, generate random number N t, and construct and differentiate that request message sends to read write line, comprise N in described discriminating request message t
2.2.5) after read write line received the discriminating request message that electronic tag returns, at first read write line utilized the identifier TID of master key MK and electronic tag, derives PSK by MK||TID is calculated, PSK is to N for recycling tCalculation of integrity check code MIC 1, read write line sends to electronic tag and differentiates request response, and described discriminating request response comprises N t, MIC 1, N wherein tBe Optional Field;
2.2.6) after electronic tag receives the discriminating request response that read write line returns, if message comprises N tAnd this N tWith electronic tag at step 2.2.4) in the random number N that generates tUnequal, electronic tag is thought that read write line is illegal and is abandoned this discriminating request response; If the discriminating request response comprises N tAnd with electronic tag at step 2.2.4) in the random number N that generates tEquate or differentiate that the request response kind does not comprise N t, electronic tag utilizes PSK to N tCalculation of integrity check code MIC 1', and with MIC 1' with the discriminating request response received in MIC 1Relatively, if unequal, electronic tag is thought that read write line is illegal and is abandoned this discriminating request response, if equate, electronic tag thinks that read write line is legal.
9. the method for read write line according to claim 8 and secure electronic label communication is characterized in that: described step 2.2.6) afterwards, electronic tag sends identification result message to read write line; If electronic tag thinks that read write line is legal, this message comprises the discriminating success message, if electronic tag thinks that read write line is illegal; This message comprises the discriminating failed message.
10. the method for read write line according to claim 9 and secure electronic label communication, is characterized in that: at step 2.2.5) in, read write line utilizes N tWith the session key of PSK derivation with electronic tag.
11. the method for according to claim 8-10 described read write lines of arbitrary claim and secure electronic label communication, it is characterized in that: the method for described read write line and secure electronic label communication also comprises the secure access process, and namely read write line and electronic tag can utilize the session key of derivation to be encrypted transmission to the conversation message between read write line and electronic tag.
12. the method for read write line according to claim 11 and secure electronic label communication is characterized in that: the specific implementation of secure access process is:
3.1) read write line structure is to the operational order of electronic tag, utilize session key and cryptographic algorithm to be encrypted the operational order of electronic tag and form encrypt data ER, read write line is with the load of ER as secure access message, and structure secure access message sends to electronic tag;
3.2) after electronic tag receives the secure access message of read write line, at first resolve described secure access message and obtain its load, to obtain read write line to the operational order of electronic tag after the load deciphering, electronic tag is according to the operational order tectonic response data of read write line to electronic tag, and after this response data is encrypted, the load as the secure access response message sends to read write line;
3.3) after read write line receives the secure access response message that electronic tag sends, described secure access response message is resolved and its load is decrypted the electron gain label to the response data of read write line operational order.
CN201010575476XA 2010-12-06 2010-12-06 Method for safe communication between reader and electronic tag, reader and electronic tag Active CN102143488B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201010575476XA CN102143488B (en) 2010-12-06 2010-12-06 Method for safe communication between reader and electronic tag, reader and electronic tag
PCT/CN2011/075915 WO2012075797A1 (en) 2010-12-06 2011-06-20 Method for secure communications between reader and radio frequency identification, reader and radio frequency identification

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201010575476XA CN102143488B (en) 2010-12-06 2010-12-06 Method for safe communication between reader and electronic tag, reader and electronic tag

Publications (2)

Publication Number Publication Date
CN102143488A CN102143488A (en) 2011-08-03
CN102143488B true CN102143488B (en) 2013-06-12

Family

ID=44410653

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201010575476XA Active CN102143488B (en) 2010-12-06 2010-12-06 Method for safe communication between reader and electronic tag, reader and electronic tag

Country Status (2)

Country Link
CN (1) CN102143488B (en)
WO (1) WO2012075797A1 (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103379487B (en) * 2012-04-11 2018-08-24 西安西电捷通无线网络通信股份有限公司 Air-interface security method and apparatus
CN104573769B (en) * 2015-01-22 2017-11-14 大唐微电子技术有限公司 Data read-write method, contactless chip production method and chip card production method
CN106203221A (en) * 2016-02-19 2016-12-07 珠海晶通科技有限公司 A kind of quick search RFID tag identifier (TID) method
CN110492992A (en) * 2019-07-22 2019-11-22 哈尔滨工程大学 A kind of data encryption and transmission method based on radio RF recognition technology
CN110598810A (en) * 2019-08-19 2019-12-20 成都理工大学 Data writing and reading method of electronic tag

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060267769A1 (en) * 2005-05-30 2006-11-30 Semiconductor Energy Laboratory Co., Ltd. Terminal device and communication system
CN101159549A (en) * 2007-11-08 2008-04-09 西安西电捷通无线网络通信有限公司 Bidirectional access authentication method
US20080129447A1 (en) * 2006-12-04 2008-06-05 Electronics And Telecommunications Research Institute Electronic tag for protecting privacy and method of protecting privacy using the same
CN101271534A (en) * 2008-03-25 2008-09-24 华南理工大学 RFID label and reading device thereof, reading system and safety authentication method
CN101329720A (en) * 2008-08-01 2008-12-24 西安西电捷通无线网络通信有限公司 Anonymous bidirectional authentication method based on pre-sharing cipher key
CN101645899A (en) * 2009-05-27 2010-02-10 西安西电捷通无线网络通信有限公司 Bidirectional authentication method and system based on symmetric encipherment algorithm
CN101783732A (en) * 2010-03-12 2010-07-21 西安西电捷通无线网络通信股份有限公司 Offline mutual authentication method and system based on pre-shared key
CN101853409A (en) * 2010-05-24 2010-10-06 中兴通讯股份有限公司 RFID (Radio Frequency Identification) system, reader and data transmission method

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101038630A (en) * 2006-12-15 2007-09-19 北京航空航天大学 False proof identification module of RFID liquor products
CN101051903A (en) * 2007-03-30 2007-10-10 中山大学 RFID random key two-way certifying method accord with EPC C1G2 standard

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060267769A1 (en) * 2005-05-30 2006-11-30 Semiconductor Energy Laboratory Co., Ltd. Terminal device and communication system
US20080129447A1 (en) * 2006-12-04 2008-06-05 Electronics And Telecommunications Research Institute Electronic tag for protecting privacy and method of protecting privacy using the same
CN101159549A (en) * 2007-11-08 2008-04-09 西安西电捷通无线网络通信有限公司 Bidirectional access authentication method
CN101271534A (en) * 2008-03-25 2008-09-24 华南理工大学 RFID label and reading device thereof, reading system and safety authentication method
CN101329720A (en) * 2008-08-01 2008-12-24 西安西电捷通无线网络通信有限公司 Anonymous bidirectional authentication method based on pre-sharing cipher key
CN101645899A (en) * 2009-05-27 2010-02-10 西安西电捷通无线网络通信有限公司 Bidirectional authentication method and system based on symmetric encipherment algorithm
CN101783732A (en) * 2010-03-12 2010-07-21 西安西电捷通无线网络通信股份有限公司 Offline mutual authentication method and system based on pre-shared key
CN101853409A (en) * 2010-05-24 2010-10-06 中兴通讯股份有限公司 RFID (Radio Frequency Identification) system, reader and data transmission method

Also Published As

Publication number Publication date
WO2012075797A1 (en) 2012-06-14
CN102143488A (en) 2011-08-03

Similar Documents

Publication Publication Date Title
CN102014386B (en) Entity authentication method and system based on symmetrical code algorithm
CN106712962B (en) Bidirectional authentication method and system for mobile RFID system
CN100559393C (en) RFID label and reader thereof, reading system and safety certifying method
CN1838163B (en) Universal electronic stamping system implementation method based on PKI
CN102143488B (en) Method for safe communication between reader and electronic tag, reader and electronic tag
CN102737260B (en) Method and apparatus for identifying and verifying RFID privacy protection
CN102646203B (en) RFID (Radio Frequency Identification Device) data transmission and authentication system and method
CN101976363B (en) Hash function based RFID (Radio Frequency Identification Devices) authentication method
CN101950367B (en) RFID system introducing agent device and two-way authentification method thereof
CN102026180A (en) M2M transmission control method, device and system
CN108601001B (en) RFID group authentication method for accelerating annular segmentation
CN104184733A (en) RFID lightweight-class bidirectional authentication method based on CRC coding
CN103916848A (en) Data backup and recovery method and system for mobile terminal
CN102711109A (en) Method for performing identity authentication on mobile terminal
CN102594550A (en) RFID internal mutual authentication safety protocol based on secret key array
CN104579688B (en) It is a kind of based on Hash function can synchronized update key RFID mutual authentication method
CN101925060A (en) Entity identification method and system of energy-constrained network
CN101378313B (en) Method for establishing safety association, user equipment and network side equipment
KR100680272B1 (en) Rfid authentication system and its method
CN109788465B (en) Bidirectional identity authentication method based on radio frequency identification for block chain
WO2023142441A1 (en) Tag-based money receiving qr code payment method and payment device
CN104065483B (en) Identity-based cryptograph (IBC) classified using method of electronic communication identities
CN110827459A (en) Encrypted two-dimensional code identity authentication system
CN111046413B (en) RFID communication method and system
CN102122341B (en) Power consumption processing method for encryption and authentication of ultrahigh-frequency passive electronic tag

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
EE01 Entry into force of recordation of patent licensing contract
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20110803

Assignee: Shenzhen mingwah Aohan Smart Card Co. Ltd.

Assignor: Anxi Dianjietong Wireless Network Communications Co.,Ltd.

Contract record no.: 2018610000008

Denomination of invention: Method for safe communication between reader and electronic tag, reader and electronic tag

Granted publication date: 20130612

License type: Common License

Record date: 20180319

EE01 Entry into force of recordation of patent licensing contract
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20110803

Assignee: Shenzhen mingwah Aohan Smart Card Co. Ltd.

Assignor: Anxi Dianjietong Wireless Network Communications Co.,Ltd.

Contract record no.: 2018610000009

Denomination of invention: Method for safe communication between reader and electronic tag, reader and electronic tag

Granted publication date: 20130612

License type: Common License

Record date: 20180320

Application publication date: 20110803

Assignee: Shenzhen mingwah Aohan Smart Card Co. Ltd.

Assignor: Anxi Dianjietong Wireless Network Communications Co.,Ltd.

Contract record no.: 2018610000010

Denomination of invention: Method for safe communication between reader and electronic tag, reader and electronic tag

Granted publication date: 20130612

License type: Common License

Record date: 20180322