CN103237302A - Sensing information safety protection method for RFID (radio frequency identification) tags in Internet of Things - Google Patents
Sensing information safety protection method for RFID (radio frequency identification) tags in Internet of Things Download PDFInfo
- Publication number
- CN103237302A CN103237302A CN201310101860XA CN201310101860A CN103237302A CN 103237302 A CN103237302 A CN 103237302A CN 201310101860X A CN201310101860X A CN 201310101860XA CN 201310101860 A CN201310101860 A CN 201310101860A CN 103237302 A CN103237302 A CN 103237302A
- Authority
- CN
- China
- Prior art keywords
- key
- rfid
- card reader
- heat transfer
- signature
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Landscapes
- Storage Device Security (AREA)
Abstract
Disclosed is a sensing information safety protection method for RFID (radio frequency identification) tags in the Internet of Things. The method includes: adopting the lightweight cryptographic algorithm and the asymmetric-cipher cryptographic key management technology to respectively an encryption system at a RFID card reader end and an authentication center end of the Internet of Things, performing two-time signature and two-time encryption to sending information in RFID, and performing two-time decryption and two-time signature verification to a ciphertext and a digital signature of the sensing information of the RFID card reader to prevent the sensing information of a sensing layer from being leaked or tampered and guarantee confidentiality, reliability and completeness in transmission of the sensing information of the sensing layer so as to establish a sensing information safety protection system of the RFID of the Internet of Things.
Description
Technical field:
The present invention relates to information security field, is to utilize cryptographic technique to realize that electronic tag namely: the transmission of RFID heat transfer agent is credible, safe and complete.
Background technology:
At present, the Internet of things system of more domestic and international manufacturers' exploitations, all be that the heat transfer agent of RFID is stored among the RFID with form expressly, information in the RFID leaks easily, or distorted, indivedual manufacturers adopt public-key technology as PKI, the heat transfer agent of RFID is signed and encrypted, but, it is higher to adopt the PKI technology to set up the cost at ca authentication center, the speed that integrity verification is carried out to the heat transfer agent of RFID in the ca authentication center is all slower, because RFID of Internet-of-things quantity is very huge, the ca authentication center can not be satisfied namely ultra-large: the market demand of magnanimity RFID heat transfer agent integrity verification, thereby, influenced the application of PKI technology in RFID of Internet-of-things heat transfer agent safety protection field.
Summary of the invention:
A kind of heat transfer agent safety protecting method of electronic tag, be to adopt the lightweight cryptographic algorithm namely: single key cryptographic algorithm that cryptography is simple and encryption/decryption speed is fast, the single key administrative skill of a kind of safety and chip hardware technology, set up the security protection system of RFID of Internet-of-things heat transfer agent;
If adopt under single key administrative situation commonly used, in RFID card reader intelligent card chip, set up RFID card reader end encryption system, in intelligent card chip, write: the lightweight cryptographic algorithm, digest algorithm, one group of transmission security key, the sign of RFID card reader end intelligent card chip, encryption and the digital signature protocol of RFID card reader heat transfer agent, in Internet of Things authentication center encrypted card chip, set up Internet of Things authentication center end encryption system, in the encrypted card chip, write: the lightweight cryptographic algorithm, digest algorithm, the transmission security key of all corresponding RFID card reader ends, all corresponding storage keys of encrypting the RFID signature key, the sign of all RFID card reader end intelligent card chips of corresponding authentication center end, the encryption of RFID heat transfer agent and digital signature protocol, the decrypt ciphertext of RFID heat transfer agent and signature verification agreement, the decrypt ciphertext of RFID card reader heat transfer agent and signature verification agreement;
The encryption of RFID heat transfer agent and digital signature protocol, Internet of Things authentication center end encryption system, in encrypted card, call randomizer and produce one group of random number, with the signature key of this group random number as RFID, the RFID heat transfer agent is encrypted and digital signature in advance, with storage key the signature key of RFID is encrypted to ciphertext again, sign with RFID, these 3 groups of data of the digital signature of the ciphertext of RFID heat transfer agent and RFID heat transfer agent, be stored in the RFID in advance together, simultaneously, with the sign of RFID and these two groups of data of signature key ciphertext of RFID, leave in the signature key database of Internet of Things authentication center end;
Encryption and the digital signature protocol of RFID card reader heat transfer agent, RFID card reader end encryption system, in RFID card reader end intelligent card chip, call randomizer and produce one group of random number, with the signature key of this group random number as the RFID card reader, the heat transfer agent of the RFID card reader that the RFID card reader is read from RFID is encrypted and digital signature, generate the ciphertext of RFID card reader heat transfer agent and the digital signature of RFID card reader heat transfer agent, wherein: the heat transfer agent of RFID card reader comprises: the sign of RFID, these 3 groups of data of the digital signature of the ciphertext of RFID heat transfer agent and RFID heat transfer agent, with the transmission security key in the RFID card reader intelligent card chip, the signature key of RFID card reader is encrypted to ciphertext, again with the signature key ciphertext of RFID card reader, the sign of RFID card reader end intelligent card chip, these 4 groups of data of the digital signature of the ciphertext of RFID card reader heat transfer agent and RFID card reader heat transfer agent send to Internet of Things authentication center together;
The decrypt ciphertext of RFID card reader heat transfer agent and signature verification agreement, Internet of Things authentication center end encryption system, sign according to RFID card reader intelligent card chip, in Internet of Things authentication center encrypted card chip, take out the transmission security key of corresponding RFID card reader end, and with the decrypt ciphertext of this transmission security key with the signature key that receives, again with the signature key after the deciphering, decipher the ciphertext of RFID card reader end heat transfer agent, and the digital signature of RFID card reader end heat transfer agent carried out signature verification, the heat transfer agent that realizes sensing layer RFID card reader maintain secrecy transmission and integrity verification;
The decrypt ciphertext of RFID heat transfer agent and signature verification agreement, after having confirmed that when Internet of Things authentication center end the heat transfer agent of the RFID card reader end that receives is credible, complete, Internet of Things authentication center end encryption system, select corresponding storage key according to the sign of RFID, become expressly with the decrypt ciphertext of this storage key with the signature key of RFID, use the signature key of the RFID after deciphering again, decipher the ciphertext of RFID heat transfer agent, and the digital signature of RFID heat transfer agent carried out signature verification, confirm the signature of RFID heat transfer agent whether credible, complete;
When RFID or RFID Card Reader tolerance were big, Internet of Things authentication center need dispose more encrypted card equipment, stores the storage key of a large amount of corresponding RFID or the transmission security key of corresponding RFID card reader end;
Adopting under the single key administrative skill of a kind of safety situation, in RFID card reader intelligent chip and Internet of Things authentication center encrypted card chip, set up secret transmission and the integrity verification system of RFID of Internet-of-things sensing layer heat transfer agent, the technical characterictic of its method is:
In RFID card reader intelligent card chip, set up RFID card reader end encryption system, in intelligent card chip, write: the lightweight cryptographic algorithm, digest algorithm, the sign of RFID card reader intelligent card chip, one cover key seed table B, single key cipher key combinations generating algorithm, encryption and the digital signature protocol of RFID card reader heat transfer agent, in Internet of Things authentication center end encrypted card chip, set up Internet of Things authentication center end encryption system, in the encrypted card chip, write: the lightweight cryptographic algorithm, digest algorithm, one cover key seed Table A, single key cipher key combinations generating algorithm, the encryption of RFID heat transfer agent and digital signature protocol, encryption and the digital signature protocol of key seed table B element, the deciphering of RFID heat transfer agent and signature verification agreement, the deciphering of RFID card reader heat transfer agent and signature verification agreement, hard-disc storage district at Internet of Things authentication center end certificate server, with all RFID card reader of homologue networking certification center-side end intelligent card chip identification, the digital signature of the ciphertext of key seed table B element and key seed table B element thereof, corresponding one group of timestamp and the random number that generates storage key, be stored in together in the transmission security key database, simultaneously, with all RFID signs of homologue networking certification center-side, the ciphertext of RFID signature key, corresponding one group of timestamp and the random number that generates storage key is stored in the storage key database together;
Adopt the single key administrative skill of a kind of safety namely: the management method that adopts three kinds of keys, first kind of key is: signature key, signature key are used for setting up the encryption of RFID heat transfer agent and encryption and the digital signature protocol of digital signature protocol or RFID card reader heat transfer agent; Second kind of key is: transmission security key, and transmission security key is used for the ciphering signature key, guarantees the exchanging safety of signature key; The third key is: storage key, storage key is used for encrypting respectively the signature key of corresponding all RFID, or encrypt the element that corresponding RFID card reader end generates the key seed table of transmission security key, guarantee that the signature key of RFID is in the storage security of Internet of Things authentication center end, guarantee the element of the key seed table of corresponding RFID card reader end, storage security at Internet of Things authentication center end, wherein: single key cipher key combinations generating algorithm that transmission security key and storage key all are made up of one group of timestamp and random number, element to a cover key seed table B or Table A is chosen, with the synthetic one group of transmission security key of the element of selecting or storage key;
When the quantity of RFID or RFID card reader is very big, need be at the more encrypted card equipment of end administration of Internet of Things authentication center, store the key seed of a large amount of corresponding RFID card reader ends generation transmission security keys, or a large amount of storage keys that are used for encrypting the RFID signature key of storage, or a large amount of storage keys that are used for encrypting corresponding RFID card reader end key seed table B of storage;
The encryption of RFID heat transfer agent and digital signature protocol, Internet of Things authentication center end encryption system, signature key with the RFID that generates in the encrypted card chip, the heat transfer agent of RFID is encrypted and digital signature in advance, sign with RFID, the digital signature of the ciphertext of RFID heat transfer agent and RFID heat transfer agent, write among the RFID in the lump, again according to single key cipher key combinations generating algorithm, produce one group of storage key, the signature key of RFID is encrypted to ciphertext, sign with RFID, the signature key ciphertext of RFID, and corresponding one group of timestamp and the random number that generates storage key leave in the signature key database of Internet of Things authentication center end in the lump;
Encryption and the digital signature protocol of key seed table B element, Internet of Things authentication center end encryption system, in the encrypted card chip, respectively with the element of corresponding RFID card reader end key seed table B, the storage key that produces with single key cipher key combinations generating algorithm is encrypted and digital signature, and with the sign of the RFID card reader intelligent card chip of correspondence, the element ciphertext of key seed table B, the digital signature of the element of key seed table B, and corresponding one group of timestamp and the random number that generates storage key, be stored in advance in the lump in the transmission security key database of Internet of Things authentication center end;
Encryption and the digital signature protocol of RFID card reader heat transfer agent, RFID card reader end encryption system, signature key with the RFID card reader that generates in the intelligent card chip, the heat transfer agent of RFID card reader is encrypted and digital signature, according to single key cipher key combinations generating algorithm, produce one group of transmission security key, the signature key of RFID card reader is encrypted to ciphertext, again with the sign of RFID card reader end intelligent card chip, the heat transfer agent ciphertext of RFID card reader, the digital signature of RFID card reader heat transfer agent, the signature key ciphertext of RFID card reader, and corresponding one group of timestamp and the random number that generates transmission security key, send to Internet of Things authentication center together;
When Internet of Things authentication center receives RFID card reader end, after the ciphertext of the RFID card reader heat transfer agent of sending and the digital signature of RFID card reader heat transfer agent, at first, element ciphertext to the key seed table B of corresponding record in the transmission security key database is decrypted and integrity verification, afterwards, ciphertext to RFID card reader heat transfer agent is decrypted, and the digital signature of RFID card reader heat transfer agent carried out signature verification, at last, being decrypted RFID heat transfer agent ciphertext again, and the digital signature of RFID heat transfer agent carried out signature verification, the heat transfer agent that realizes sensing layer maintain secrecy transmission and integrity verification, thereby, a kind of sensing layer protecting information safety system of RFID of Internet-of-things set up, all processes realizes that with the software and hardware combination concrete grammar is as follows:
1, embed a smart card in the RFID card reader, with the encryption system hardware device of smart card as RFID card reader end, that is: the RFID card reader is connected with a smart card, data between the two are transmitted in both directions, in RFID card reader end intelligent card chip, set up the encryption system of RFID card reader end, in intelligent card chip, write the lightweight cryptographic algorithm, digest algorithm, single key cipher key combinations generating algorithm, encryption and the digital signature protocol of RFID card reader heat transfer agent, and write data: the element of the sign of RFID card reader end intelligent card chip and a cover key seed table Bi, i=1~n, n are homologue networking certification center all RFID card reader quantity summation.
2, each RFID card reader end intelligent card chip has unique sign, and different in twos, and every RFID card reader is all corresponding one by one with the smart card that embeds.
3, RFID is a kind of electronic tag, and the data among the RFID are read by the RFID card reader during work for writing in advance; The data of mainly depositing in the RFID are: the sign of RFID, the essential information of corresponding article, as: the essential information of one bag of milk powder, comprise: the grown place of production firm's title of milk powder, date of manufacture, weight, ingredient composition, batching, the production firm of batching ... each RFID has unique sign, and different in twos; Definition: the heat transfer agent of RFID is the essential information of article, the heat transfer agent of RFID be in advance signed and be encrypted to ciphertext after, be written among the RFID with the sign of RFID; Definition: write the sign of the RFID among the RFID, the ciphertext of RFID heat transfer agent and these 3 groups of heat transfer agents that data are the RFID card reader of digital signature of RFID heat transfer agent in advance.
4, Internet of Things authentication center is made up of certificate server and encrypted card hardware device, pci interface at certificate server inserts encrypted card, with the encryption system hardware device of encrypted card as Internet of Things authentication center end, in the chip of encrypted card, set up the encryption system of Internet of Things authentication center end, in the encrypted card chip, write the lightweight cryptographic algorithm, digest algorithm, single key cipher key combinations generating algorithm, the encryption of RFID heat transfer agent and digital signature protocol, encryption and the digital signature protocol of key seed table B element, the deciphering of RFID heat transfer agent ciphertext and signature verification agreement, deciphering and the signature verification agreement of RFID card reader heat transfer agent ciphertext, and write data: the element of a cover key seed Table A, hard-disc storage district at Internet of Things authentication center end certificate server, element with the key seed table Bi in all corresponding RFID card reader end intelligent card chips, be stored in the transmission security key database, every record in this transmission security key database comprises field contents: the 1. sign Ti of RFID card reader end intelligent card chip, 2. the ciphertext of key seed table Bi element namely: Bi ', 3. the digital signature of key seed table Bi element namely: the ciphertext of key seed table Bi element summary G1,4. one group of timestamp and random number, wherein: one group of timestamp and random number, as the parameter of choosing in single key cipher key combinations generating algorithm, element to Table A is chosen, with the synthetic one group of storage key Ki of the element of selecting, and come the element of encryption key seed table Bi with this storage key Ki, and key seed table Bi element is carried out digital signature;
Signature key ciphertext with sign Xj, the RFID of RFID, and corresponding generate storage key KKj choose parameter namely: one group of timestamp and random number, leave in the lump in the signature key database of Internet of Things authentication center end, wherein: the corresponding storage key KKj that generates, be that i=1~n, n are all RFID card reader of homologue networking certification center-side quantity summation for the signature key of encrypting RFID, j=1~m, m are all RFID quantity of homologue networking certification center-side summation.
5, the encryption system at RFID card reader end and Internet of Things authentication center two ends, the lightweight cryptographic algorithm that uses, as: SM1, DES, RC5, SMS4, the digest algorithm that uses, as: SHA-1, SM3, MD5, the definition key length is 128 bits, and the summary info length of digest algorithm is: 128 bits or 256 bits.
6, adopt the single key administrative skill of a kind of safety to carry out the key management of lightweight password, set up the secret transmission of RFID of Internet-of-things sensing layer heat transfer agent and integrity verification system,
(1) signature key,
If: the signature key of RFID card reader is: CK, produced the random number of one group of 128 bit in real time by the randomizer in the RFID card reader end intelligent card chip, with the signature key CK of this group random number as the RFID card reader, heat transfer agent to the RFID card reader is encrypted and digital signature, the one group of transmission security key SK that generates with single key cipher key combinations generating algorithm again, come ciphering signature ciphering key K, generate the signature key ciphertext namely: CK ', and with CK ' with generate transmission security key SK choose parameter namely: one group of timestamp and random number, send to Internet of Things authentication center end in the lump, realization is held from RFID card reader end to Internet of Things authentication center, the secure exchange of RFID card reader signature key CK;
If: the signature key of RFID is: CKK, when in RFID, writing the RFID heat transfer agent, use the randomizer in the Internet of Things authentication center end encrypted card chip, produce the random number of one group of 128 bit, with the signature key CKK of this group random number as RFID, heat transfer agent in the RFID is encrypted and digital signature, generate one group of storage key with single key password combination generating algorithm again, encrypt the signature key CKK of RFID, generate the signature key ciphertext namely: CKK ', wherein: single key cipher key combinations generating algorithm that storage key KK is made up of one group of timestamp and random number, element to a cover key seed Table A is chosen, the element of selecting is merged into storage key KK, and with the sign of RFID, the signature key ciphertext of RFID is namely: CKK ', what generate storage key KK chooses parameter namely: one group of timestamp and random number, be stored in the lump in the signature key database of Internet of Things authentication center, realize that RFID signature key CKK is in the safe storage of Internet of Things authentication center end.
(2) transmission security key
If: transmission security key is: SK, encrypt the signature key CK of RFID card reader with transmission security key SK, in procedure for cipher key initialization, by the randomizer in the Internet of Things authentication center end encrypted card chip, generate one group of F1 byte random number, F1=1424 or 1680 bytes are formed the random number of F1 byte, the key seed table Bi of one cover W * Y
Wherein: the element of table Bi is Bu v, u=0~W-1, and v=0~y-1, Bu v accounts for 0.5 byte, or 1 byte, W=89, or 105, Y=16, or 32;
Key seed table Bi is left in the RFID card reader end intelligent card chip, when the encryption that moves RFID card reader heat transfer agent and digital signature protocol, single key cipher key combinations generating algorithm with one group of timestamp and random number composition, element to key seed table Bi is chosen, with the synthetic one group of transmission security key SK of Y the element of selecting, wherein: Y=16, or 32; Every cover key seed table Bi is corresponding RFID card reader end intelligent card chip, if: the key seed table is respectively in all RFID card reader intelligent chips of Internet of Things authentication center correspondence: B1, B2 ..., Bn, n is the summation of all RFID card reader at homologue networking certification center, wherein: Bd, Be (1≤d or e≤n, d ≠ e), element all different in twos;
Be used for generating single key cipher key combinations generating algorithm and the key seed table Bi of transmission security key SK, all be stored in the corresponding RFID card reader end intelligent card chip, and the transmission security key after generating does not expressly go out the intelligent card chip of RFID card reader, guarantees that transmission security key is at storage and the security of operation of RFID card reader end;
In the chip of Internet of Things authentication center end encrypted card, the storage key Ki that adopts single key cipher key combinations generating algorithm to generate, the aes encryption that corresponding RFID card reader end is used for the key seed table Bi of generation transmission security key becomes ciphertext, and with the element of the key seed table Bi form with ciphertext, respectively with the sign of corresponding RFID card reader end intelligent card chip and generate corresponding stored key K i choose parameter namely: one group of timestamp and random number are stored in the transmission security key database of authentication center's end together in advance;
When the key seed table Bi ciphertext of Internet of Things authentication center end is called, be in the encrypted card chip, to be decrypted into expressly, the plaintext of all key seed table Bi elements does not go out the encrypted card chip, guarantee that all key seed table Bi elements are at storage and the security of operation of authentication center's end, wherein: i=1~n, n are homologue networking certification center all RFID card reader quantity summation;
(3) storage key
If: the storage key that is used for encryption RFID signature key is: KK, the storage key that is used for the corresponding RFID card reader end key seed table Bi element of encryption is: K, in procedure for cipher key initialization, in advance by the randomizer in the Internet of Things authentication center end encrypted card chip, generate one group of F2 byte random number, F2=1424 or 1680 bytes are formed the random number of F2 byte, the key seed Table A of one cover W * Y
Wherein: the element of Table A is Au v, u=0~w-1, and v=0~y-1, Au v accounts for 0.5 byte, or 1 byte, W=89, or 105, Y=16, or 32,
The element of Table A is left in the Internet of Things authentication center encrypted card the core of the card sheet, with single key cipher key combinations generating algorithm that one group of timestamp and random number are formed, the element of key seed Table A is chosen, with the synthetic one group of storage key K of Y the element of selecting or KK;
If: total m of the signature key of RFID, the storage key that then is used for encryption RFID signature key also has m, that is: KK1, KK2 ..., KKm, use storage key KKj, signature key CKKj with RFID, be encrypted to ciphertext namely: CKK1 ', CKK2 ' ..., behind the CKKm ', be stored in the signature key database of authentication center's end;
If: the storage key Ki that is used for the element of encryption key seed table Bi is total to n, that is: K1, K2 ..., Kn, with the storage key Ki of the correspondence aes encryption with all key seed table Bi, generate the ciphertext of key seed table Bi, that is: B1 ', B2 ' ..., Bn ', and Bi ' is stored in the transmission security key database of authentication center's end, wherein: i=1~n j=1~m, n is homologue networking certification center all RFID card reader quantity summation, and m is homologue networking certification center all RFID quantity summation.
7, single key cipher key combinations generating algorithm, it is the parameter of choosing by one group of timestamp and random number composition, come the element of a cover key seed table is chosen, with timestamp " OK " element of key seed table is chosen, select the sublist of the key seed table of the capable Y row of Y, again according to random number, " row " element to the key seed table of the capable Y of Y row is chosen, select Y element, an and synthetic group key, wherein: Y=i6 or 32, storage key K or KK and transmission security key SK are produced in real time by single key cipher key combinations generating algorithm;
If timestamp is: 10 bit digital are formed, that is: " year " formed namely by 4 bit digital: XXX0~XXX9, that is: got 0~9 year, " moon " is made up of namely 2 bit digital: get January~December, " day " is made up of namely 2 bit digital: got 1~31, " time " formed by 2 bit digital: got 0 o'clock~23 o'clock, as: 2013122819, represent point 28 days 19 December in 2013;
Random number by Y=16 or, 32, binary number is formed, when the Y=16 bit, every random number is 4 bit binary number, and the numerical value of the binary data of every random number is 0~15, as: 0011,1010,0000, ..., 1111,0110, the numerical value of its binary data is: 3,10,0, ..., 15,6; When the Y=32 bit, the numerical value of the binary number of every random number is: 0~31, as: 00110,10100,00000 ..., 11111,01100, the numerical value of its binary data is: 6,20,0 ..., 31,12.
8, the specific implementation method of single key cipher key combinations generating algorithm,
The key seed Table A is the same with the structure of table B, and just the element difference in the table is the specific implementation method of example instruction book key cipher key combinations generating algorithm with the Table A,
When selecting the Table A element to be 89 row, 16 column elements, that is: 89 * 16=1424 element, each element accounts for 1 byte, account for 1424 bytes altogether, when selecting the Table A element to be 105 row, 32 column elements, that is: 105 * 32=3360 element, each element accounts for, and 0.5 byte accounts for 1680 bytes altogether;
(1) with the row of the 1st~10 among " year " correspondence table A of timestamp, totally 10 go, among " moon " correspondence table A the 11st~22 row, totally 12 go the row of the 23rd~53 among " day " correspondence table A, totally 31 row, " time " row of the 54th~77 among the correspondence table A, totally 24 go, when selecting the Table A element to be 89 row, 16 column elements, Table A also has not correspondent time of 12 row elements; When selecting the Table A element to be 105 row, 32 column elements, Table A also has not correspondent time of 28 row elements;
From the element of Table A, select 4 row earlier according to timestamp, its method is: get 1 row namely totally 10 row from the 1st~10 row of Table A: with the numerical value of units in timestamp " year " numeral, as getting " year " corresponding line number in the Table A, as: timestamp is: 2013XXXXXX, then: get the row of the 4th in the Table A, get 1 row namely totally 12 row from the 11st~22 row of Table A: with the numerical value of timestamp " moon " numeral, as getting " moon " corresponding " OK " in the Table A, as: timestamp is: 20XX11XXXX, then: get the row of the 21st in the Table A, get 1 row namely totally 31 row from the 23rd~53 row of Table A: with the numerical value of timestamp " day " numeral, as getting " day " corresponding " OK " in the Table A, as: timestamp is: 20XXXX30XX, then: get the row of the 52nd in the Table A, from Table A the 54th~77 the row totally 24 the row get 1 the row namely: with timestamp " time " numeral numerical value, as get in the Table A " time " corresponding " OK ", as: timestamp is: 20XXXXXX21, then: get the row of the 74th in the Table A, capable altogether W-78+1 is capable selects with the 78th row~the W of Table A again, it is capable to select Y altogether, wherein: Y=16 or 32 row, form: the sublist A1 of Y * Y Table A;
Wherein: the element of Table A 1 is: A
v v, v=0~Y-1, A
v vAccount for 0.5 or 1 byte, Y=16 or 32; The element that the 78th row~the W of the element that the 5th row~the Y is capable in the Table A 1 and Table A is capable is identical;
(2) establish: random number is: Q1, and Q2 ..., QY, value corresponding is respectively: L1, L2, ..., LY is when Y=16,16 random number value corresponding are: between 0~15, with: L1, L2 ..., L16, the row of his-and-hers watches A1 are chosen, and with the numerical value L1 of the 1st random number Q1, choose the element of the L1+1 row of Table A 1 the 1st row that is:, numerical value L2 with the 2nd random number Q2, choose the element of the L2+1 row of Table A 1 the 2nd row ..., with the numerical value L16 of the 16th random number Q16, choose the element of the L16+1 row of Table A 1 the 16th row, select 16 elements altogether; When Y=32, the numerical value of 32 random numbers is: 0~31, use: L1, L2 ..., L32, the row of his-and-hers watches A1 are chosen, and with the numerical value L1 of the 1st random number Q1, choose the element of the L1+1 row of Table A 1 the 1st row that is:, numerical value L2 with the 2nd random number Q2, choose the element of the L2+1 row of Table A 1 the 2nd row ..., with the numerical value L32 of the 32nd random number Q32, choose the element of the L32+1 row of Table A 1 the 32nd row, select 32 elements altogether;
Because, the length of single key key is 128 bits, the Y group element of then selecting from Table A is merged into one group of single key key, that is: be storage key, if the element of Table A is: 8 bits, Y=16, single key key that 16 group elements of then selecting from Table A are merged into is 128 bits, if the element of Table A is: 4 bits, single key key that Y=32,32 group elements of then selecting from Table A are merged into also is 128 bits.
9, the length of the signature key CKK of signature key CK, the RFID of RFID card reader, transmission security key SK or two kinds of storage key: K or KK, all be: the repetition rate of 128, CK and CKK is: 1/2
128, realize one-time pad basically;
Transmission security key SK, two kinds of storage key K or KK, all be to come the element of key seed Table A or B is chosen by one group of timestamp and random number, with the synthetic one group of transmission security key SK of Y element selecting or two kinds of storage key: K or KK, if the random number of choosing in the parameter is 16, the element of key seed Table A or B is 8 bits, timestamp is under the situation of " year, month, day, time ", and in one hour, the repetition rate of transmission security key SK, two kinds of storage key: K or KK is: 1/2
64If the random number chosen in the parameter is 32, the element of key seed Table A or B is 4 bits, and timestamp is under the situation of " year, month, day, time ", and in one hour, the repetition rate of transmission security key SK, two kinds of storage key: K or KK is: 1/2
160, transmission security key SK, two kinds of storage key: K or KK also are essentially one-time pad.
10, encryption and the digital signature protocol of RFID card reader heat transfer agent, the RFID card reader will read the heat transfer agent of the RFID card reader among the RFID, after in the intelligent card chip of input RFID card reader end, the encryption system of RFID card reader end, in RFID card reader end intelligent card chip, call digest algorithm the heat transfer agent of RFID card reader is carried out " summary ", obtain " summary " information L1 of RFID card reader heat transfer agent, call the randomizer in the RFID card reader end intelligent card chip again, produce the random number of one group of 128 bit, with the signature key CK of this random number as the RFID card reader, encrypt " summary " information L1 of RFID card reader heat transfer agent and RFID card reader heat transfer agent, obtain the digital signature of the ciphertext of RFID card reader heat transfer agent and RFID card reader heat transfer agent namely: the ciphertext of " summary " information L1, in intelligent card chip, produce one group of timestamp and random number, according to single key cipher key combinations generating algorithm, with this group timestamp and random number, element to key key kind sublist Bi is chosen, select the synthetic one group of transmission security key SKi of Y element, with SKi the signature key CK of RFID card reader is encrypted to ciphertext namely: CK ', at last, sign with RFID card reader end intelligent card chip, the ciphertext of RFID card reader heat transfer agent, the digital signature of RFID card reader heat transfer agent, the ciphertext CK ' of the signature key of RFID card reader, corresponding one group of timestamp and these 6 groups of sensing layer data of random number that generate transmission security key, send to Internet of Things authentication center end in the lump, wherein: i=1~n.
11, the encryption of RFID heat transfer agent and digital signature protocol, Internet of Things authentication center end encryption system, in the encrypted card chip, call the random number transmitter and produce one group of 128 bit random number, with the signature key CKK of this group random number as RFID, " summary " V1 to the heat transfer agent of the heat transfer agent of RFID and RFID is encrypted, obtain the digital signature of the heat transfer agent of the heat transfer agent ciphertext of RFID and RFID, in Internet of Things authentication center end encrypted card chip, produce one group of timestamp and random number, according to single key cipher key combinations generating algorithm, with this timestamp and random number the element of " key seed " Table A is chosen, select the synthetic one group of storage key KK of Y element, encrypt the signature key CKK of RFID with this storage key KK, generate the signature key ciphertext of RFID namely: CKK ', sign with RFID, totally 3 groups of data of the digital signature of the ciphertext of RFID heat transfer agent and RFID heat transfer agent writes among the RFID, simultaneously, sign with RFID, signature key ciphertext CKK ', generate the parameter of choosing of storage key KK: these 4 groups of data of timestamp and random number are stored in the signature key database of Internet of Things authentication center end.
12, encryption and the digital signature protocol of key seed table B element, Internet of Things authentication center end encryption system, in the encrypted card chip, produce one group of timestamp and random number, according to single key cipher key combinations generating algorithm, with this group timestamp and random number, element to the key seed Table A is chosen, with the synthetic one group of storage key Ki of Y the element of selecting, come the element of encryption key seed table Bi with this storage key Ki, obtain the element ciphertext Bi ' of key seed table Bi, and come key seed table Bi element is carried out digital signature namely with this storage key Ki: " summary " the information G1 to key seed table Bi element is encrypted, obtain the ciphertext of key seed table Bi element " summary " information G1 namely: digital signature, again with the sign of the RFID card reader intelligent card chip of correspondence, the element ciphertext of key seed table Bi is namely: Bi ', the digital signature of key seed table Bi element, and corresponding one group of timestamp and the random number that generates storage key Ki, be stored in the lump in the transmission security key database of Internet of Things authentication center end, wherein: i=1~n, Y=16, or 32.
13, the decrypt ciphertext of RFID card reader heat transfer agent and signature verification agreement, when Internet of Things authentication center end, after receiving 6 groups of sensing layer data that RFID card reader end sends, Internet of Things authentication center end encryption system, at first, sign according to RFID card reader end intelligent card chip, the record of location to identifying in the transmission security key database, " key seed " that generate transmission security key in the record shown the Bi ciphertext namely: table Bi ', generate one group of timestamp and the random number of storage key, and the one group of timestamp and the random number that generate transmission security key, import in the lump in the encrypted card chip of Internet of Things authentication center end, in the encrypted card chip, according to single key cipher key combinations generating algorithm, with the one group of timestamp that generates storage key and random number, element to Table A is chosen, select Y element and synthetic storage key Ki, use Ki will generate transmission security key " key seed " table Bi the element ciphertext namely: Bi ' deciphers, obtain the element of " key seed " table Bi expressly, use the Bi element of Ki digital signature expressly to be decrypted, obtain the plaintext of element " summary " the information G1 of " key seed " table Bi, calling digest algorithm again makes a summary to the plaintext element of Bi, obtain " summary " information G2, whether G1 identical with G2 by contrast? judge whether the element of key seed table Bi is distorted, if the element of key seed table Bi is not distorted, then according to single key cipher key combinations generating algorithm, with the one group of timestamp that generates transmission security key and random number, the element of his-and-hers watches Bi is expressly chosen, select Y element and synthetic transmission security key SKi, with the ciphertext CK ' deciphering of SKi with the signature key of RFID card reader, obtain the plaintext of signature key namely: CK, digital signature with CK deciphering RFID card reader heat transfer agent ciphertext and RFID card reader heat transfer agent, obtain the plaintext of " summary " information L1 of the plaintext of RFID card reader heat transfer agent and RFID card reader heat transfer agent, with digest algorithm RFID card reader heat transfer agent is carried out " summary " again, obtain " summary " information L2 of RFID card reader heat transfer agent, whether L1 identical with L2 by contrast? confirm whether RFID card reader end is credible to the signature of RFID card reader heat transfer agent, complete, wherein: i=1~n, in the decrypt ciphertext and signature verification agreement of RFID card reader heat transfer agent, the deciphering of element ciphertext of key seed table B and the content of signature verification agreement have also been comprised.
14, the deciphering of RFID heat transfer agent ciphertext and signature verification agreement, Internet of Things authentication center end encryption system is according to the sign of RFID, the record of location to identifying in the signature key database, with the record in signature key ciphertext namely: CKKj ', corresponding one group of timestamp and the random number that generates storage key, in the lump in the encrypted card chip of input authentication center-side, in the encrypted card chip, according to single key cipher key combinations generating algorithm, with this group timestamp and random number, element to Table A is chosen, select Y element and synthetic one group of storage key KKj altogether, with this storage key KKj with the ciphertext of signature key namely: CKKj ' deciphering, obtain expressly namely: CKKj, decipher the digital signature of RFID heat transfer agent ciphertext and RFID heat transfer agent again with CKKj, obtain the plaintext of RFID heat transfer agent and the summary info V1 of RFID heat transfer agent, with digest algorithm the RFID heat transfer agent is carried out " summary " again, obtain " summary " information V2 of RFID heat transfer agent, whether V1 is identical with V2 by contrast, whether crediblely confirm the signature of RFID heat transfer agent, complete, wherein: j=1~m, m are all RFID quantity summations at homologue networking certification center.
15, because the quantity of RFID of Internet-of-things and RFID card reader is very big, end needs data quantity stored also very big in Internet of Things authentication center, the element that corresponding RFID card reader end generates every cover " key seed " table Bi of transmission security key accounts for 1424 bytes or 1680 bytes of storage space, the signature key of every group of RFID accounts for 16 bytes of storage space, when the quantity of RFID card reader and RFID is more than one hundred million, the data volume that corresponding RFID and RFID reader device relate to, the category that belongs to big data, produce the storage key of one time one change with single key cipher key combinations generating algorithm, " key seed " of encrypting the generation transmission security key of corresponding each RFID card reader end shows the element of Bi, or encrypt the signature key CKKj of each RFID, the storage security that element among " key seed " table Bi of all corresponding RFID card reader ends is held by Internet of Things authentication center is left in assurance in, assurance is left signature key that Internet of Things authentication center holds all corresponding RFID in namely: CKK1, CKK1, the storage security of CKKm, do not need to purchase a large amount of encrypted card hardware devices, " key seed " of storing the generation transmission security key of magnanimity shows the element of Bi, or two kinds of storage key: K or the KK of storage magnanimity, can save the construction cost of authentication center greatly, make single Internet of Things authentication center can manage magnanimity (as: 5~600,000,000) RFID and RFID reader device, wherein: j=1~m, i=1~n.
16, adopt the single key administrative skill of a kind of safety to set up the strategy of various security protocols, the chip that is based on smart card and encrypted card is on the believable basis, encryption and the digital signature protocol of RFID card reader heat transfer agent, be in intelligent card chip, to finish, the encryption of RFID heat transfer agent and digital signature protocol, encryption and the digital signature protocol of key seed table B element, the deciphering of RFID heat transfer agent ciphertext and signature verification agreement, and deciphering and the signature verification agreement of RFID card reader heat transfer agent ciphertext, also be in the chip of encrypted card, to finish, all be based on the agreement of " chip-scale ", safe.
17, the signature key of the signature key of RFID, RFID card reader, transmission security key and two kinds of storage key: K or KK, all be in the chip of smart card or encrypted card, to generate, expressly do not go out chip, the signature key of the signature key of RFID, RFID card reader, transmission security key all are that form with ciphertext is in chip external memory and transmission;
(1) signature key of all RFID is to generate in the encrypted card chip, and after being encrypted to ciphertext by storage key in the encrypted card chip, be stored in the ciphertext form in the signature key database of Internet of Things authentication center end, guarantee that the signature key of all RFID is in the storage security of Internet of Things authentication center end;
(2) signature key of all RFID card reader is to generate in intelligent chip, and after being transmitted secret key encryption in the intelligent card chip and becoming ciphertext, be transferred to Internet of Things authentication center end, and in the encrypted card chip, be decrypted into expressly, thereby, guarantee signature key exchange and security of operation at RFID end card device;
(3) transmission security key is to generate in RFID card reader end intelligent card chip, generate single key cipher key combinations generating algorithm of transmission security key and generate one of transmission security key and overlap key seed table Bi, also be to be stored in the intelligent card chip, hold in Internet of Things authentication center, the single key cipher key combinations generating algorithm that generates transmission security key is stored in the encrypted card chip, generate cover " key seed " table Bi of transmission security key, be to be stored in the transmission security key database of Internet of Things authentication center end with the ciphertext form, guarantee that transmission security key is in the storage of RFID card reader end and Internet of Things authentication center end, exchange and security of operation, wherein: i=1~n;
(4) two kinds of storage key: K or KK generate in the chip of encrypted card, generate single key cipher key combinations generating algorithm and the cover key seed Table A of two kinds of storage key: K or KK, all be stored in the encrypted card chip, guarantee storage and the security of operation of two kinds of storage key: K or KK.
18, transmission security key with one time one change, encrypt the signature key of the RFID card reader of one time one change, the RFID card reader signature key ciphertext that generates also has randomness, one time one change, also all belong to one group of mess code, irregularities, the code breaker can't be with the ciphertext of a large amount of RFID card reader signature keys of openly obtaining, as the decoding condition---" repeating newspaper " (using identical single key that many parts of different plaintext message encryptions are become the ciphertext message), decode the signature key of RFID card reader, or decode transmission security key, or decode the element of " key seed " table Bi that generates transmission security key, wherein: i=1~n, n are the summation of all RFID card reader;
Storage key KK with one time one change, encrypt the signature key of the RFID of one time one change, the ciphertext that generates the signature key of RFID also has randomness, one time one change, also all belong to one group of mess code, the code breaker can't be with the ciphertext of the signature key of RFID, as the decoding condition---and " repeating newspaper " decodes the signature key of RFID, perhaps decodes storage key;
Storage key K with one time one change, encrypt " key seed " table Bi with random number character, the ciphertext Bi ' of the key seed table Bi that generates also has randomness, also all belong to one group of mess code, the code breaker can't be with table Bi ', as the decoding condition---" repeating newspaper " decodes table Bi, perhaps decodes storage key, wherein: i=1~n;
19, in the heat transfer agent of the RFID of thing network sensing layer transmission, be carried out twice signature and encryption, at first, it is the signature key with the RFID that produces in the Internet of Things authentication center end encrypted card, the heat transfer agent of RFID is encrypted and digital signature, be written in the RFID after the heat transfer agent of generation RFID card reader, after the heat transfer agent of RFID card reader is read by the RFID card reader, be encrypted and digital signature by the signature key of RFID card reader end again, generate the ciphertext of RFID card reader heat transfer agent and the digital signature of RFID card reader heat transfer agent;
Hold in Internet of Things authentication center, 6 groups of sensing layer data that transmission comes to RFID card reader end, carry out twice deciphering and signature verification, at first, be to produce corresponding RFID card reader end signature key with Internet of Things authentication center end, ciphertext to RFID card reader heat transfer agent is decrypted, digital signature to RFID card reader heat transfer agent is carried out signature verification, obtain the plaintext of RFID card reader heat transfer agent, and obtain the heat transfer agent integrity verification result of RFID card reader, produce the signature key of corresponding RFID again with Internet of Things authentication center end, ciphertext to the RFID heat transfer agent is decrypted, digital signature to the RFID heat transfer agent is carried out signature verification, obtain the plaintext of RFID heat transfer agent, and obtain the integrity verification result of RFID heat transfer agent, thereby, prevent the heat transfer agent of RFID, or the heat transfer agent of RFID card reader leaks, distorted or cloned.
Claims (9)
1. the heat transfer agent safety protecting method of an Internet of Things electronic tag, be to adopt the lightweight cryptographic algorithm namely: single key cryptographic algorithm that cryptography is simple and encryption/decryption speed is fast, the single key administrative skill of a kind of safety and chip hardware technology, set up the security protection system of RFID of Internet-of-things heat transfer agent, implementation step is as follows:
If adopt under single key administrative situation commonly used, in RFID card reader intelligent card chip, set up RFID card reader end encryption system, in intelligent card chip, write: the lightweight cryptographic algorithm, digest algorithm, one group of transmission security key, the sign of RFID card reader end intelligent card chip, encryption and the digital signature protocol of RFID card reader heat transfer agent, in Internet of Things authentication center encrypted card chip, set up Internet of Things authentication center end encryption system, in the encrypted card chip, write: the lightweight cryptographic algorithm, digest algorithm, the transmission security key of all corresponding RFID card reader ends, all corresponding storage keys of encrypting the RFID signature key, the sign of all RFID card reader end intelligent card chips of corresponding authentication center end, the encryption of RFID heat transfer agent and digital signature protocol, the decrypt ciphertext of RFID heat transfer agent and signature verification agreement, the decrypt ciphertext of RFID card reader heat transfer agent and signature verification agreement;
The encryption of RFID heat transfer agent and digital signature protocol, Internet of Things authentication center end encryption system, in encrypted card, call randomizer and produce one group of random number, with the signature key of this group random number as RFID, the RFID heat transfer agent is encrypted and digital signature in advance, with storage key the signature key of RFID is encrypted to ciphertext again, sign with RFID, these 3 groups of data of the digital signature of the ciphertext of RFID heat transfer agent and RFID heat transfer agent, be stored in the RFID in advance together, simultaneously, with the sign of RFID and these two groups of data of signature key ciphertext of RFID, leave in the signature key database of Internet of Things authentication center end;
Encryption and the digital signature protocol of RFID card reader heat transfer agent, RFID card reader end encryption system, in RFID card reader end intelligent card chip, call randomizer and produce one group of random number, with the signature key of this group random number as the RFID card reader, the heat transfer agent of the RFID card reader that the RFID card reader is read from RFID is encrypted and digital signature, generate the ciphertext of RFID card reader heat transfer agent and the digital signature of RFID card reader heat transfer agent, wherein: the heat transfer agent of RFID card reader comprises: the sign of RFID, these 3 groups of data of the digital signature of the ciphertext of RFID heat transfer agent and RFID heat transfer agent, with the transmission security key in the RFID card reader intelligent card chip, the signature key of RFID card reader is encrypted to ciphertext, again with the signature key ciphertext of RFID card reader, the sign of RFID card reader end intelligent card chip, these 4 groups of data of the digital signature of the ciphertext of RFID card reader heat transfer agent and RFID card reader heat transfer agent send to Internet of Things authentication center together;
The decrypt ciphertext of RFID card reader heat transfer agent and signature verification agreement, Internet of Things authentication center end encryption system, sign according to RFID card reader intelligent card chip, in Internet of Things authentication center encrypted card chip, take out the transmission security key of corresponding RFID card reader end, and with the decrypt ciphertext of this transmission security key with the signature key that receives, again with the signature key after the deciphering, decipher the ciphertext of RFID card reader end heat transfer agent, and the digital signature of RFID card reader end heat transfer agent carried out signature verification, the heat transfer agent that realizes sensing layer RFID card reader maintain secrecy transmission and integrity verification;
The decrypt ciphertext of RFID heat transfer agent and signature verification agreement, after having confirmed that when Internet of Things authentication center end the heat transfer agent of the RFID card reader end that receives is credible, complete, Internet of Things authentication center end encryption system, select corresponding storage key according to the sign of RFID, become expressly with the decrypt ciphertext of this storage key with the signature key of RFID, use the signature key of the RFID after deciphering again, decipher the ciphertext of RFID heat transfer agent, and the digital signature of RFID heat transfer agent carried out signature verification, confirm the signature of RFID heat transfer agent whether credible, complete;
When RFID or RFID Card Reader tolerance were big, Internet of Things authentication center need dispose more encrypted card equipment, stores the storage key of a large amount of corresponding RFID or the transmission security key of corresponding RFID card reader end;
Adopting under the single key administrative skill of a kind of safety situation, in RFID card reader intelligent chip and Internet of Things authentication center encrypted card chip, set up secret transmission and the integrity verification system of RFID of Internet-of-things sensing layer heat transfer agent, the technical characterictic of its method is:
In RFID card reader intelligent card chip, set up RFID card reader end encryption system, in intelligent card chip, write: the lightweight cryptographic algorithm, digest algorithm, the sign of RFID card reader intelligent card chip, one cover key seed table B, single key cipher key combinations generating algorithm, encryption and the digital signature protocol of RFID card reader heat transfer agent, in Internet of Things authentication center end encrypted card chip, set up Internet of Things authentication center end encryption system, in the encrypted card chip, write: the lightweight cryptographic algorithm, digest algorithm, one cover key seed Table A, single key cipher key combinations generating algorithm, the encryption of RFID heat transfer agent and digital signature protocol, encryption and the digital signature protocol of key seed table B element, the deciphering of RFID heat transfer agent and signature verification agreement, the deciphering of RFID card reader heat transfer agent and signature verification agreement, hard-disc storage district at Internet of Things authentication center end certificate server, with all RFID card reader of homologue networking certification center-side end intelligent card chip identification, the digital signature of the ciphertext of key seed table B element and key seed table B element thereof, corresponding one group of timestamp and the random number that generates storage key, be stored in together in the transmission security key database, simultaneously, with all RFID signs of homologue networking certification center-side, the ciphertext of RFID signature key, corresponding one group of timestamp and the random number that generates storage key is stored in the storage key database together;
Adopt the single key administrative skill of a kind of safety namely: the management method that adopts three kinds of keys, first kind of key is: signature key, signature key are used for setting up the encryption of RFID heat transfer agent and encryption and the digital signature protocol of digital signature protocol or RFID card reader heat transfer agent; Second kind of key is: transmission security key, and transmission security key is used for the ciphering signature key, guarantees the exchanging safety of signature key; The third key is: storage key, storage key is used for encrypting respectively the signature key of corresponding all RFID, or encrypt the element that corresponding RFID card reader end generates the key seed table of transmission security key, guarantee that the signature key of RFID is in the storage security of Internet of Things authentication center end, guarantee the element of the key seed table of corresponding RFID card reader end, storage security at Internet of Things authentication center end, wherein: single key cipher key combinations generating algorithm that transmission security key and storage key all are made up of one group of timestamp and random number, element to a cover key seed table B or Table A is chosen, with the synthetic one group of transmission security key of the element of selecting or storage key;
When the quantity of RFID or RFID card reader is very big, need be at the more encrypted card equipment of end administration of Internet of Things authentication center, store the key seed of a large amount of corresponding RFID card reader ends generation transmission security keys, or a large amount of storage keys that are used for encrypting the RFID signature key of storage, or a large amount of storage keys that are used for encrypting corresponding RFID card reader end key seed table B of storage;
The encryption of RFID heat transfer agent and digital signature protocol, Internet of Things authentication center end encryption system, signature key with the RFID that generates in the encrypted card chip, the heat transfer agent of RFID is encrypted and digital signature in advance, sign with RFID, the digital signature of the ciphertext of RFID heat transfer agent and RFID heat transfer agent, write among the RFID in the lump, again according to single key cipher key combinations generating algorithm, produce one group of storage key, the signature key of RFID is encrypted to ciphertext, sign with RFID, the signature key ciphertext of RFID, and corresponding one group of timestamp and the random number that generates storage key leave in the signature key database of Internet of Things authentication center end in the lump;
Encryption and the digital signature protocol of key seed table B element, Internet of Things authentication center end encryption system, in the encrypted card chip, respectively with the element of corresponding RFID card reader end key seed table B, the storage key that produces with single key cipher key combinations generating algorithm is encrypted and digital signature, and with the sign of the RFID card reader intelligent card chip of correspondence, the element ciphertext of key seed table B, the digital signature of the element of key seed table B, and corresponding one group of timestamp and the random number that generates storage key, be stored in advance in the lump in the transmission security key database of Internet of Things authentication center end;
Encryption and the digital signature protocol of RFID card reader heat transfer agent, RFID card reader end encryption system, signature key with the RFID card reader that generates in the intelligent card chip, the heat transfer agent of RFID card reader is encrypted and digital signature, according to single key cipher key combinations generating algorithm, produce one group of transmission security key, the signature key of RFID card reader is encrypted to ciphertext, again with the sign of RFID card reader end intelligent card chip, the heat transfer agent ciphertext of RFID card reader, the digital signature of RFID card reader heat transfer agent, the signature key ciphertext of RFID card reader, and corresponding one group of timestamp and the random number that generates transmission security key, send to Internet of Things authentication center together;
When Internet of Things authentication center receives RFID card reader end, after the ciphertext of the RFID card reader heat transfer agent of sending and the digital signature of RFID card reader heat transfer agent, at first, element ciphertext to the key seed table B of corresponding record in the transmission security key database is decrypted and integrity verification, afterwards, ciphertext to RFID card reader heat transfer agent is decrypted, and the digital signature of RFID card reader heat transfer agent carried out signature verification, at last, being decrypted RFID heat transfer agent ciphertext again, and the digital signature of RFID heat transfer agent carried out signature verification, realize the secret transmission of heat transfer agent and the integrity verification of sensing layer, thereby, set up a kind of sensing layer protecting information safety system of RFID of Internet-of-things.
2. require described method it is characterized in that according to right 1:
Adopt the single key administrative skill of a kind of safety to carry out the key management of lightweight password, set up the secret transmission of RFID of Internet-of-things sensing layer heat transfer agent and integrity verification system,
(1) signature key,
If: the signature key of RFID card reader is: CK, signature key CK with the RFID card reader, heat transfer agent to the RFID card reader is encrypted and digital signature, the one group of transmission security key SK that generates with single key cipher key combinations generating algorithm again, come ciphering signature ciphering key K, generate the signature key ciphertext namely: CK ', and with CK ' with generate transmission security key SK choose parameter namely: one group of timestamp and random number, send to Internet of Things authentication center end in the lump, realization is held from RFID card reader end to Internet of Things authentication center, the secure exchange of RFID card reader signature key CK;
If: the signature key of RFID is: CKK, signature key CKK with RFID, heat transfer agent in the RFID is encrypted and digital signature, generate one group of storage key with single key password combination generating algorithm again, encrypt the signature key CKK of RFID, generate the signature key ciphertext namely: CKK ', wherein: single key cipher key combinations generating algorithm that storage key KK is made up of one group of timestamp and random number, element to a cover key seed Table A is chosen, the element of selecting is merged into storage key KK, and with the sign of RFID, the signature key ciphertext of RFID is namely: CKK ', what generate storage key KK chooses parameter namely: one group of timestamp and random number, be stored in the lump in the signature key database of Internet of Things authentication center, realize that RFID signature key CKK is in the safe storage of Internet of Things authentication center end;
(2) transmission security key
If: transmission security key is: SK, encrypt the signature key CK of RFID card reader with transmission security key SK,
Key seed table Bi is left in the RFID card reader end intelligent card chip, when the encryption that moves RFID card reader heat transfer agent and digital signature protocol, single key cipher key combinations generating algorithm with one group of timestamp and random number composition, element to key seed table Bi is chosen, with the synthetic one group of transmission security key SK of Y the element of selecting, wherein: Y=16, or 32; Every cover key seed table Bi is corresponding RFID card reader end intelligent card chip, if: the key seed table is respectively in all RFID card reader intelligent chips of Internet of Things authentication center correspondence: B1, B2 ..., Bn, n is the summation of all RFID card reader at homologue networking certification center, wherein: Bd, Be (1≤d or e≤n, d ≠ e), element all different in twos;
Be used for generating single key cipher key combinations generating algorithm and the key seed table Bi of transmission security key SK, all be stored in the corresponding RFID card reader end intelligent card chip, and the transmission security key after generating does not expressly go out the intelligent card chip of RFID card reader, guarantees that transmission security key is at storage and the security of operation of RFID card reader end;
In the chip of Internet of Things authentication center end encrypted card, the storage key Ki that adopts single key cipher key combinations generating algorithm to generate, the aes encryption that corresponding RFID card reader end is used for the key seed table Bi of generation transmission security key becomes ciphertext, and with the element of the key seed table Bi form with ciphertext, respectively with the sign of corresponding RFID card reader end intelligent card chip and generate corresponding stored key K i choose parameter namely: one group of timestamp and random number are stored in the transmission security key database of authentication center's end together in advance;
When the key seed table Bi ciphertext of Internet of Things authentication center end is called, be in the encrypted card chip, to be decrypted into expressly, the plaintext of all key seed table Bi elements does not go out the encrypted card chip, guarantee that all key seed table Bi elements are at storage and the security of operation of authentication center's end, wherein: i=1~n, n are homologue networking certification center all RFID card reader quantity summation;
(3) storage key
If: the storage key that is used for encryption RFID signature key is: KK, the storage key that is used for the corresponding RFID card reader end key seed table Bi element of encryption is: K,
The element of Table A is left in the Internet of Things authentication center encrypted card the core of the card sheet, with single key cipher key combinations generating algorithm that one group of timestamp and random number are formed, the element of key seed Table A is chosen, with the synthetic one group of storage key K of Y the element of selecting or KK, wherein: Y=16, or 32;
If: total m of the signature key of RFID, the storage key that then is used for encryption RFID signature key also has m, that is: KK1, KK2 ..., KKm, use storage key KKj, signature key CKKj with RFID, be encrypted to ciphertext namely: CKK1 ', CKK2 ' ..., behind the CKKm ', be stored in the signature key database of authentication center's end;
If: the storage key Ki that is used for the element of encryption key seed table Bi is total to n, that is: K1, K2 ..., Kn, with the storage key Ki of the correspondence aes encryption with all key seed table Bi, generate the ciphertext of key seed table Bi, that is: B1 ', B2 ' ..., Bn ', and Bi ' is stored in the transmission security key database of authentication center's end, wherein: i=1~n j=1~m, n is homologue networking certification center all RFID card reader quantity summation, and m is homologue networking certification center all RFID quantity summation.
3. require described method it is characterized in that according to right 1:
(1) single key cipher key combinations generating algorithm, it is the parameter of choosing by one group of timestamp and random number composition, come the element of a cover key seed table is chosen, with timestamp " OK " element of key seed table is chosen, select the sublist of the key seed table of the capable Y row of Y, again according to random number, " row " element to the key seed table of the capable Y of Y row is chosen, select Y element, an and synthetic group key, wherein: Y=16 or 32, storage key K or KK and transmission security key SK are produced in real time by single key cipher key combinations generating algorithm;
If timestamp is: 10 bit digital are formed, that is: " year " formed namely by 4 bit digital: XXX0~XXX9, that is: got 0~9 year, " moon " is made up of namely 2 bit digital: get January~December, " day " is made up of namely 2 bit digital: got 1~31, " time " formed by 2 bit digital: got 0 o'clock~23 o'clock, as: 2013122819, represent point 28 days 19 December in 2013;
Random number by Y=16 or, 32, binary number is formed, when the Y=16 bit, every random number is 4 bit binary number, and the numerical value of the binary data of every random number is 0~15, as: 0011,1010,0000, ..., 1111,0110, the numerical value of its binary data is: 3,10,0, ..., 15,6; When the Y=32 bit, the numerical value of the binary number of every random number is: 0~31, as: 00110,10100,00000 ..., 11111,01100, the numerical value of its binary data is: 6,20,0 ..., 31,12;
(2) the specific implementation method of single key cipher key combinations generating algorithm,
The key seed Table A is the same with the structure of table B, and just the element difference in the table is the specific implementation method of example instruction book key cipher key combinations generating algorithm with the Table A,
When selecting the Table A element to be 89 row, 16 column elements, that is: 89 * 16=1424 element, each element accounts for 1 byte, account for 1424 bytes altogether, when selecting the Table A element to be 105 row, 32 column elements, that is: 105 * 32=3360 element, each element accounts for, and 0.5 byte accounts for 1680 bytes altogether;
With the row of the 1st~10 among " year " correspondence table A of timestamp, totally 10 go, among " moon " correspondence table A the 11st~22 row, totally 12 go the row of the 23rd~53 among " day " correspondence table A, totally 31 row, " time " row of the 54th~77 among the correspondence table A, totally 24 go, when selecting the Table A element to be 89 row, 16 column elements, Table A also has not correspondent time of 12 row elements; When selecting the Table A element to be 105 row, 32 column elements, Table A also has not correspondent time of 28 row elements;
From the element of Table A, select 4 row earlier according to timestamp, its method is: get 1 row namely totally 10 row from the 1st~10 row of Table A: with the numerical value of units in timestamp " year " numeral, as getting " year " corresponding line number in the Table A, as: timestamp is: 2013XXXXXX, then: get the row of the 4th in the Table A, get 1 row namely totally 12 row from the 11st~22 row of Table A: with the numerical value of timestamp " moon " numeral, as getting " moon " corresponding " OK " in the Table A, as: timestamp is: 20XX11XXXX, then: get the row of the 21st in the Table A, get 1 row namely totally 31 row from the 23rd~53 row of Table A: with the numerical value of timestamp " day " numeral, as getting " day " corresponding " OK " in the Table A, as: timestamp is: 20XXXX30XX, then: get the row of the 52nd in the Table A, from Table A the 54th~77 the row totally 24 the row get 1 the row namely: with timestamp " time " numeral numerical value, as get in the Table A " time " corresponding " OK ", as: timestamp is: 20XXXXXX21, then: get the row of the 74th in the Table A, capable altogether W-78+1 is capable selects with the 78th row~the W of Table A again, it is capable to select Y altogether, wherein: Y=16 or 32 row, form: the sublist A1 of Y * Y Table A;
If: random number is: Q1, Q2 ..., QY, value corresponding is respectively: L1, L2, ..., LY is when Y=16,16 random number value corresponding are: between 0~15, with: L1, L2 ..., L16, the row of his-and-hers watches A1 are chosen, and with the numerical value L1 of the 1st random number Q1, choose the element of the L1+1 row of Table A 1 the 1st row that is:, numerical value L2 with the 2nd random number Q2, choose the element of the L2+1 row of Table A 1 the 2nd row ..., with the numerical value L16 of the 16th random number Q16, choose the element of the L16+1 row of Table A 1 the 16th row, select 16 elements altogether; When Y=32, the numerical value of 32 random numbers is: 0~31, use: L1, L2 ..., L32, the row of his-and-hers watches A1 are chosen, and with the numerical value L1 of the 1st random number Q1, choose the element of the L1+1 row of Table A 1 the 1st row that is:, numerical value L2 with the 2nd random number Q2, choose the element of the L2+1 row of Table A 1 the 2nd row ..., with the numerical value L32 of the 32nd random number Q32, choose the element of the L32+1 row of Table A 1 the 32nd row, select 32 elements altogether;
Because, the length of single key key is 128 bits, the Y group element of then selecting from Table A is merged into one group of single key key, that is: be storage key, if the element of Table A is: 8 bits, Y=16, single key key that 16 group elements of then selecting from Table A are merged into is 128 bits, if the element of Table A is: 4 bits, single key key that Y=32,32 group elements of then selecting from Table A are merged into also is 128 bits;
(3) length of the signature key CKK of signature key CK, the RFID of RFID card reader, transmission security key SK or two kinds of storage key: K or KK, all be: the repetition rate of 128, CK and CKK is: 1/2
128, realize one-time pad basically;
Transmission security key SK, two kinds of storage key K or KK, all be to come the element of key seed Table A or B is chosen by one group of timestamp and random number, with the synthetic one group of transmission security key SK of Y element selecting or two kinds of storage key: K or KK, if the random number of choosing in the parameter is 16, the element of key seed Table A or B is 8 bits, timestamp is under the situation of " year, month, day, time ", and in one hour, the repetition rate of transmission security key SK, two kinds of storage key: K or KK is: 1/2
64If the random number chosen in the parameter is 32, the element of key seed Table A or B is 4 bits, and timestamp is under the situation of " year, month, day, time ", and in one hour, the repetition rate of transmission security key SK, two kinds of storage key: K or KK is: 1/2
160, transmission security key SK, two kinds of storage key: K or KK also are essentially one-time pad.
4. require described method it is characterized in that according to right 1:
Encryption and the digital signature protocol of RFID card reader heat transfer agent, the RFID card reader will read the heat transfer agent of the RFID card reader among the RFID, after in the intelligent card chip of input RFID card reader end, the encryption system of RFID card reader end, in RFID card reader end intelligent card chip, call digest algorithm the heat transfer agent of RFID card reader is carried out " summary ", obtain " summary " information L1 of RFID card reader heat transfer agent, call the randomizer in the RFID card reader end intelligent card chip again, produce the random number of one group of 128 bit, with the signature key CK of this random number as the RFID card reader, encrypt " summary " information L1 of RFID card reader heat transfer agent and RFID card reader heat transfer agent, obtain the digital signature of the ciphertext of RFID card reader heat transfer agent and RFID card reader heat transfer agent namely: the ciphertext of " summary " information L1, in intelligent card chip, produce one group of timestamp and random number, according to single key cipher key combinations generating algorithm, with this group timestamp and random number, element to key key kind sublist Bi is chosen, select the synthetic one group of transmission security key SKi of Y element, with SKi the signature key CK of RFID card reader is encrypted to ciphertext namely: CK ', at last, sign with RFID card reader end intelligent card chip, the ciphertext of RFID card reader heat transfer agent, the digital signature of RFID card reader heat transfer agent, the ciphertext CK ' of the signature key of RFID card reader, corresponding one group of timestamp and these 6 groups of sensing layer data of random number that generate transmission security key, send to Internet of Things authentication center end in the lump, wherein: i=1~n.
5. require described method it is characterized in that according to right 1:
(1) encryption of RFID heat transfer agent and digital signature protocol, Internet of Things authentication center end encryption system, in the encrypted card chip, call the random number transmitter and produce one group of 128 bit random number, with the signature key CKK of this group random number as RFID, " summary " V1 to the heat transfer agent of the heat transfer agent of RFID and RFID is encrypted, obtain the digital signature of the heat transfer agent of the heat transfer agent ciphertext of RFID and RFID, in Internet of Things authentication center end encrypted card chip, produce one group of timestamp and random number, according to single key cipher key combinations generating algorithm, with this timestamp and random number the element of " key seed " Table A is chosen, select the synthetic one group of storage key KK of Y element, encrypt the signature key CKK of RFID with this storage key KK, generate the signature key ciphertext of RFID namely: CKK ', sign with RFID, totally 3 groups of data of the digital signature of the ciphertext of RFID heat transfer agent and RFID heat transfer agent writes among the RFID, simultaneously, sign with RFID, signature key ciphertext CKK ', generate the parameter of choosing of storage key KK: these 4 groups of data of timestamp and random number are stored in the signature key database of Internet of Things authentication center end;
(2) encryption and the digital signature protocol of key seed table B element, Internet of Things authentication center end encryption system, in the encrypted card chip, produce one group of timestamp and random number, according to single key cipher key combinations generating algorithm, with this group timestamp and random number, element to the key seed Table A is chosen, with the synthetic one group of storage key Ki of Y the element of selecting, come the element of encryption key seed table Bi with this storage key Ki, obtain the element ciphertext Bi ' of key seed table Bi, and come key seed table Bi element is carried out digital signature namely with this storage key Ki: to key seed table Bi element " summary;; information G1 is encrypted; obtain the ciphertext of key seed table Bi element " summary " information G1 namely: digital signature; again with the sign of the RFID card reader intelligent card chip of correspondence; the element ciphertext of key seed table Bi namely: Bi ', the digital signature of key seed table Bi element, and corresponding one group of timestamp and the random number that generates storage key Ki, be stored in the lump in the transmission security key database of Internet of Things authentication center end, wherein: i=1~n, Y=16, or 32;
(3) decrypt ciphertext of RFID card reader heat transfer agent and signature verification agreement, when Internet of Things authentication center end, after receiving 6 groups of sensing layer data that RFID card reader end sends, Internet of Things authentication center end encryption system, at first, sign according to RFID card reader end intelligent card chip, the record of location to identifying in the transmission security key database, " key seed " that generate transmission security key in the record shown the Bi ciphertext namely: table Bi ', generate one group of timestamp and the random number of storage key, and the one group of timestamp and the random number that generate transmission security key, import in the lump in the encrypted card chip of Internet of Things authentication center end, in the encrypted card chip, according to single key cipher key combinations generating algorithm, with the one group of timestamp that generates storage key and random number, element to Table A is chosen, select Y element and synthetic storage key Ki, use Ki will generate transmission security key " key seed " table Bi the element ciphertext namely: Bi ' deciphers, obtain the element of " key seed " table Bi expressly, use the Bi element of Ki digital signature expressly to be decrypted, obtain the plaintext of element " summary " the information G1 of " key seed " table Bi, calling digest algorithm again makes a summary to the plaintext element of Bi, obtain " summary " information G2, whether G1 identical with G2 by contrast? judge whether the element of key seed table Bi is distorted, if the element of key seed table Bi is not distorted, then according to single key cipher key combinations generating algorithm, with the one group of timestamp that generates transmission security key and random number, the element of his-and-hers watches Bi is expressly chosen, select Y element and synthetic transmission security key SKi, with the ciphertext CK ' deciphering of SKi with the signature key of RFID card reader, obtain the plaintext of signature key namely: CK, digital signature with CK deciphering RFID card reader heat transfer agent ciphertext and RFID card reader heat transfer agent, obtain the plaintext of " summary " information L1 of the plaintext of RFID card reader heat transfer agent and RFID card reader heat transfer agent, with digest algorithm RFID card reader heat transfer agent is carried out " summary " again, obtain " summary " information L2 of RFID card reader heat transfer agent, whether L1 identical with L2 by contrast? confirm whether RFID card reader end is credible to the signature of RFID card reader heat transfer agent, complete, wherein: i=1~n, in the decrypt ciphertext and signature verification agreement of RFID card reader heat transfer agent, the deciphering of element ciphertext of key seed table B and the content of signature verification agreement have also been comprised;
(4) deciphering of RFID heat transfer agent ciphertext and signature verification agreement, Internet of Things authentication center end encryption system is according to the sign of RFID, the record of location to identifying in the signature key database, with the record in signature key ciphertext namely: CKKj ', corresponding one group of timestamp and the random number that generates storage key, in the lump in the encrypted card chip of input authentication center-side, in the encrypted card chip, according to single key cipher key combinations generating algorithm, with this group timestamp and random number, element to Table A is chosen, select Y element and synthetic one group of storage key KKj altogether, with this storage key KKj with the ciphertext of signature key namely: CKKj ' deciphering, obtain expressly namely: CKKj, decipher the digital signature of RFID heat transfer agent ciphertext and RFID heat transfer agent again with CKKj, obtain the plaintext of RFID heat transfer agent and the summary info V1 of RFID heat transfer agent, with digest algorithm the RFID heat transfer agent is carried out " summary " again, obtain " summary " information V2 of RFID heat transfer agent, whether V1 is identical with V2 by contrast, whether crediblely confirm the signature of RFID heat transfer agent, complete, wherein: j=1~m, m are all RFID quantity summations at homologue networking certification center.
6. require described method it is characterized in that according to right 1:
Because the quantity of RFID of Internet-of-things and RFID card reader is very big, end needs data quantity stored also very big in Internet of Things authentication center, the element that corresponding RFID card reader end generates every cover " key seed " table Bi of transmission security key accounts for 1424 bytes or 1680 bytes of storage space, the signature key of every group of RFID accounts for 16 bytes of storage space, when the quantity of RFID card reader and RFID is more than one hundred million, the data volume that corresponding RFID and RFID reader device relate to, the category that belongs to big data, produce the storage key of one time one change with single key cipher key combinations generating algorithm, " key seed " of encrypting the generation transmission security key of corresponding each RFID card reader end shows the element of Bi, or encrypt the signature key CKKj of each RFID, the storage security that element among " key seed " table Bi of all corresponding RFID card reader ends is held by Internet of Things authentication center is left in assurance in, assurance is left signature key that Internet of Things authentication center holds all corresponding RFID in namely: CKK1, CKK1, ..., the storage security of CKKm, do not need to purchase a large amount of encrypted card hardware devices, " key seed " of storing the generation transmission security key of magnanimity shows the element of Bi, or two kinds of storage key: K or the KK of storage magnanimity, can save the construction cost of authentication center greatly, make single Internet of Things authentication center can manage magnanimity (as: 5~600,000,000) RFID and RFID reader device, wherein: j=1~m, i=1~n.
7. require described method it is characterized in that according to right 1:
(1) adopt the single key administrative skill of a kind of safety to set up the strategy of various security protocols, the chip that is based on smart card and encrypted card is on the believable basis, encryption and the digital signature protocol of RFID card reader heat transfer agent, be in intelligent card chip, to finish, the encryption of RFID heat transfer agent and digital signature protocol, encryption and the digital signature protocol of key seed table B element, the deciphering of RFID heat transfer agent ciphertext and signature verification agreement, and deciphering and the signature verification agreement of RFID card reader heat transfer agent ciphertext, also be in the chip of encrypted card, to finish, all be based on the agreement of " chip-scale ", safe;
(2) signature key of the signature key of RFID, RFID card reader, transmission security key and two kinds of storage key: K or KK, all be in the chip of smart card or encrypted card, to generate, expressly do not go out chip, the signature key of the signature key of RFID, RFID card reader, transmission security key all are that form with ciphertext is in chip external memory and transmission;
The signature key of all RFID is to generate in the encrypted card chip, and after being encrypted to ciphertext by storage key in the encrypted card chip, be stored in the ciphertext form in the signature key database of Internet of Things authentication center end, guarantee that the signature key of all RFID is in the storage security of Internet of Things authentication center end;
The signature key of all RFID card reader is to generate in intelligent chip, and after being transmitted secret key encryption in the intelligent card chip and becoming ciphertext, be transferred to Internet of Things authentication center end, and in the encrypted card chip, be decrypted into expressly, thereby, guarantee signature key exchange and security of operation at RFID end card device;
Transmission security key is to generate in RFID card reader end intelligent card chip, generate single key cipher key combinations generating algorithm of transmission security key and generate one of transmission security key and overlap key seed table Bi, also be to be stored in the intelligent card chip, hold in Internet of Things authentication center, the single key cipher key combinations generating algorithm that generates transmission security key is stored in the encrypted card chip, generate cover " key seed " table Bi of transmission security key, be to be stored in the transmission security key database of Internet of Things authentication center end with the ciphertext form, guarantee that transmission security key is in the storage of RFID card reader end and Internet of Things authentication center end, exchange and security of operation, wherein: i=1~n;
Two kinds of storage key: K or KK generate in the chip of encrypted card, generate single key cipher key combinations generating algorithm and the cover key seed Table A of two kinds of storage key: K or KK, all be stored in the encrypted card chip, guarantee storage and the security of operation of two kinds of storage key: K or KK.
8. require described method it is characterized in that according to right 1:
Transmission security key with one time one change, encrypt the signature key of the RFID card reader of one time one change, the RFID card reader signature key ciphertext that generates also has randomness, one time one change, also all belong to one group of mess code, irregularities, the code breaker can't be with the ciphertext of a large amount of RFID card reader signature keys of openly obtaining, as the decoding condition---" repeating newspaper " (using identical single key that many parts of different plaintext message encryptions are become the ciphertext message), decode the signature key of RFID card reader, or decode transmission security key, or decode the element of " key seed " table Bi that generates transmission security key, wherein: i=1~n, n are the summation of all RFID card reader;
Storage key KK with one time one change, encrypt the signature key of the RFID of one time one change, the ciphertext that generates the signature key of RFID also has randomness, one time one change, also all belong to one group of mess code, the code breaker can't be with the ciphertext of the signature key of RFID, as the decoding condition---and " repeating newspaper " decodes the signature key of RFID, perhaps decodes storage key;
Storage key K with one time one change, encrypt " key seed " table Bi with random number character, the ciphertext Bi ' of the key seed table Bi that generates also has randomness, also all belong to one group of mess code, the code breaker can't be with table Bi ', as the decoding condition---" repeating newspaper " decodes table Bi, perhaps decodes storage key, wherein: i=1~n.
9. require described method it is characterized in that according to right 1:
Heat transfer agent at the RFID of thing network sensing layer transmission, be carried out twice signature and encryption, at first, it is the signature key with the RFID that produces in the Internet of Things authentication center end encrypted card, the heat transfer agent of RFID is encrypted and digital signature, be written in the RFID after the heat transfer agent of generation RFID card reader, after the heat transfer agent of RFID card reader is read by the RFID card reader, be encrypted and digital signature by the signature key of RFID card reader end again, generate the ciphertext of RFID card reader heat transfer agent and the digital signature of RFID card reader heat transfer agent;
Hold in Internet of Things authentication center, 6 groups of sensing layer data that transmission comes to RFID card reader end, carry out twice deciphering and signature verification, at first, be to produce corresponding RFID card reader end signature key with Internet of Things authentication center end, ciphertext to RFID card reader heat transfer agent is decrypted, digital signature to RFID card reader heat transfer agent is carried out signature verification, obtain the plaintext of RFID card reader heat transfer agent, and obtain the heat transfer agent integrity verification result of RFID card reader, produce the signature key of corresponding RFID again with Internet of Things authentication center end, ciphertext to the RFID heat transfer agent is decrypted, digital signature to the RFID heat transfer agent is carried out signature verification, obtain the plaintext of RFID heat transfer agent, and obtain the integrity verification result of RFID heat transfer agent, thereby, prevent the heat transfer agent of RFID, or the heat transfer agent of RFID card reader leaks, distorted or cloned.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310101860.XA CN103237302B (en) | 2013-03-28 | 2013-03-28 | A kind of heat transfer agent safety protecting method of Internet of Things electronic tag |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310101860.XA CN103237302B (en) | 2013-03-28 | 2013-03-28 | A kind of heat transfer agent safety protecting method of Internet of Things electronic tag |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103237302A true CN103237302A (en) | 2013-08-07 |
| CN103237302B CN103237302B (en) | 2016-05-11 |
Family
ID=48885313
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310101860.XA Active CN103237302B (en) | 2013-03-28 | 2013-03-28 | A kind of heat transfer agent safety protecting method of Internet of Things electronic tag |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103237302B (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103971044A (en) * | 2014-05-07 | 2014-08-06 | 深圳市建设工程交易服务中心 | Radio frequency identification and digital signature integration device |
| CN104639543A (en) * | 2015-01-29 | 2015-05-20 | 南京三宝科技股份有限公司 | Method for checking legality of collected data of sensor based on radio frequency identification tag ID (identity) |
| CN106792686A (en) * | 2016-12-13 | 2017-05-31 | 广东工业大学 | A kind of RFID mutual authentication methods |
| CN107231231A (en) * | 2017-06-16 | 2017-10-03 | 深圳市盛路物联通讯技术有限公司 | A kind of method and system of terminal device secure accessing Internet of Things |
| CN109889341A (en) * | 2019-01-15 | 2019-06-14 | 思力科(深圳)电子科技有限公司 | Data processing method, electronic tag and radio-frequency card reader |
| CN110753066A (en) * | 2019-10-29 | 2020-02-04 | 北京计算机技术及应用研究所 | Internet of things identification method based on cryptographic technology |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20060107050A1 (en) * | 2004-11-17 | 2006-05-18 | Chih-Heng Shih | Method used by an access point of a wireless lan and related apparatus |
| WO2008095947A1 (en) * | 2007-02-06 | 2008-08-14 | Nokia Siemens Networks Gmbh & Co. Kg | Method for updating a key in a telecommunication system |
| CN101969438A (en) * | 2010-10-25 | 2011-02-09 | 胡祥义 | Method for realizing equipment authentication, data integrity and secrecy transmission for Internet of Things |
| CN102833260A (en) * | 2012-09-05 | 2012-12-19 | 胡祥义 | Password authentication method for internet of things by adopting security one-key management technology |
-
2013
- 2013-03-28 CN CN201310101860.XA patent/CN103237302B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20060107050A1 (en) * | 2004-11-17 | 2006-05-18 | Chih-Heng Shih | Method used by an access point of a wireless lan and related apparatus |
| WO2008095947A1 (en) * | 2007-02-06 | 2008-08-14 | Nokia Siemens Networks Gmbh & Co. Kg | Method for updating a key in a telecommunication system |
| CN101969438A (en) * | 2010-10-25 | 2011-02-09 | 胡祥义 | Method for realizing equipment authentication, data integrity and secrecy transmission for Internet of Things |
| CN102833260A (en) * | 2012-09-05 | 2012-12-19 | 胡祥义 | Password authentication method for internet of things by adopting security one-key management technology |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103971044A (en) * | 2014-05-07 | 2014-08-06 | 深圳市建设工程交易服务中心 | Radio frequency identification and digital signature integration device |
| CN104639543A (en) * | 2015-01-29 | 2015-05-20 | 南京三宝科技股份有限公司 | Method for checking legality of collected data of sensor based on radio frequency identification tag ID (identity) |
| CN106792686A (en) * | 2016-12-13 | 2017-05-31 | 广东工业大学 | A kind of RFID mutual authentication methods |
| CN106792686B (en) * | 2016-12-13 | 2020-01-07 | 广东工业大学 | RFID bidirectional authentication method |
| CN107231231A (en) * | 2017-06-16 | 2017-10-03 | 深圳市盛路物联通讯技术有限公司 | A kind of method and system of terminal device secure accessing Internet of Things |
| WO2018227685A1 (en) * | 2017-06-16 | 2018-12-20 | 深圳市盛路物联通讯技术有限公司 | Method and system for secure access of terminal device to internet of things |
| CN107231231B (en) * | 2017-06-16 | 2020-09-25 | 深圳市盛路物联通讯技术有限公司 | Method and system for terminal equipment to safely access Internet of things |
| CN109889341A (en) * | 2019-01-15 | 2019-06-14 | 思力科(深圳)电子科技有限公司 | Data processing method, electronic tag and radio-frequency card reader |
| CN110753066A (en) * | 2019-10-29 | 2020-02-04 | 北京计算机技术及应用研究所 | Internet of things identification method based on cryptographic technology |
| CN110753066B (en) * | 2019-10-29 | 2021-12-28 | 北京计算机技术及应用研究所 | Internet of things identification method based on cryptographic technology |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103237302B (en) | 2016-05-11 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103152362B (en) | Based on the large data files encrypted transmission method of cloud computing | |
| CN101969438B (en) | Method for realizing equipment authentication, data integrity and secrecy transmission for Internet of Things | |
| CN100423507C (en) | VPN system based on dynamic encryption algorithm | |
| CN101355422B (en) | Novel authentication mechanism for encrypting vector | |
| CN107257350B (en) | Offline authentication or payment method of wearable equipment | |
| JP5167374B2 (en) | Data encryption device and memory card | |
| CN103237302B (en) | A kind of heat transfer agent safety protecting method of Internet of Things electronic tag | |
| CN103488915B (en) | The resource encryption decryption method of the double secret key encryption that a kind of software and hardware combines | |
| CN102185694A (en) | Electronic file encrypting method and system based on fingerprint information | |
| CN109245881A (en) | A kind of photograph video cloud encryption storage method | |
| CN103684794A (en) | Communication data encryption and decryption method based on DES (Data Encryption Standard), RSA and SHA-1 (Secure Hash Algorithm) encryption algorithms | |
| CN111034115B (en) | Encryption system and method for expanding apparent size of true random number pool | |
| CN102138300A (en) | Message authentication code pre-computation with applications to secure memory | |
| CN102833075A (en) | Identity authentication and digital signature method based on three-layered overlapping type key management technology | |
| CN106161017A (en) | ID authentication safety management system | |
| CN101826961B (en) | Method, device and system for data transmission encryption and decryption | |
| CN106548353A (en) | A kind of commodity counterfeit prevention code is generated and verification method | |
| CN104618327A (en) | Realizing method for internet of things based on trusted operation order remote-control self-control device | |
| CN105306194A (en) | Multiple encryption method and multiple encryption system for encrypting file and/or communication protocol | |
| CN107332657A (en) | A kind of encryption method and system based on block chain digital signature | |
| CN102355352A (en) | Data confidentiality and integrity protection method | |
| CN102546156A (en) | Method, system and device for grouping encryption | |
| CN102833260A (en) | Password authentication method for internet of things by adopting security one-key management technology | |
| US10873448B2 (en) | Technique to generate symmetric encryption algorithms | |
| JP2011512562A (en) | Random encryption and decryption method for access and communication data |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |