CN207884641U - Physics voucher including encryption key pair - Google Patents

Physics voucher including encryption key pair Download PDF

Info

Publication number
CN207884641U
CN207884641U CN201820035452.7U CN201820035452U CN207884641U CN 207884641 U CN207884641 U CN 207884641U CN 201820035452 U CN201820035452 U CN 201820035452U CN 207884641 U CN207884641 U CN 207884641U
Authority
CN
China
Prior art keywords
code
voucher
physics
physics voucher
key pair
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201820035452.7U
Other languages
Chinese (zh)
Inventor
弗兰斯·伦德贝里
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Assa Abloy Ltd
Original Assignee
Assa Abloy Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Assa Abloy Ltd filed Critical Assa Abloy Ltd
Application granted granted Critical
Publication of CN207884641U publication Critical patent/CN207884641U/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G09EDUCATION; CRYPTOGRAPHY; DISPLAY; ADVERTISING; SEALS
    • G09CCIPHERING OR DECIPHERING APPARATUS FOR CRYPTOGRAPHIC OR OTHER PURPOSES INVOLVING THE NEED FOR SECRECY
    • G09C5/00Ciphering apparatus or methods not provided for in the preceding groups, e.g. involving the concealment or deformation of graphic data such as designs, written or printed messages
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/69Identity-dependent
    • H04W12/77Graphical identity

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Lock And Its Accessories (AREA)

Abstract

The utility model is related to a kind of physics vouchers including encryption key pair.Provide a kind of physics voucher comprising:First code is machine readable optical code, wherein the first code includes the public key of encryption key pair;And second code, it is machine readable optical code, wherein the second code includes the private key of encryption key pair.Second code is covered by opaque covering.Opaque covering can be irreversibly removed at least partly to manifest second code.First code is not provided with any opaque covering.

Description

Physics voucher including encryption key pair
Technical field
The utility model is related to physics voucher and correlation technique, computer program and computer program products, wherein should be with Card includes the public key and private key of encryption key pair.
Background technology
Currently, this concept of Internet of Things IoT is associated with rapidly.In IoT, a large amount of electronic equipment both provides Network insertion.Network insertion can be used for the equipment and carry out data reporting and/or allow to control the equipment by another equipment.
By IoT, number of devices will greatly increase.Everyone will be responsible for more and more equipment.Problem is how to configure All these equipment, especially because being usually not intended to need to provide user interface for each equipment.In addition it is also necessary to pacify Full property is to ensure not having unauthorized user access device.
Utility model content
The purpose of this utility model is to provide the improvement flexibilities of public key and Private key distribution mode.
Provide a kind of physics voucher comprising:First code is machine readable optical code, wherein the first generation Code includes the public key of encryption key pair;And second code, it is machine readable optical code, wherein the second code includes The private key of encryption key pair.Second code is covered by opaque covering.Opaque covering can be irreversible at least partly Ground is removed to manifest second code.First code is not provided with any opaque covering.
Opaque covering can be the covering that can be removed by user scrapes.
Machine readable optical code can be matrix bar code.
Physics voucher may be implemented as card.
First code and second code are both printed codes.
In general, unless otherwise explicitly defined herein, all terms otherwise used in claims will be according to it in skill Ordinary meaning in art field explains.Unless expressly stated otherwise, otherwise it is all to " one/one kind/element, device, The reference of component, equipment, step etc. " is explained as referring in element, device, component, equipment, step etc. at least to be disclosedly One example.Unless explicitly stated otherwise, otherwise any method disclosed herein the step of not necessarily in disclosed exact sequence To execute.
Description of the drawings
The utility model is described by way of example referring now to the drawings, in the accompanying drawings:
Fig. 1 is the schematic diagram for showing the environment that can apply embodiment proposed in this paper;
Fig. 2A to Fig. 2 B is the physics for respectively illustrating Fig. 1 with opaque covering and without opaque covering The schematic diagram of voucher;
Fig. 3 is the signal for the voucher provider for showing the physics voucher for providing Fig. 1 according to one embodiment Figure;
Fig. 4 is the flow chart for showing the physics voucher for providing Fig. 1 according to one embodiment;
Fig. 5 is the schematic diagram of the component for the voucher provider for showing Fig. 3 according to one embodiment;And
Fig. 6 shows an example of the computer program product including computer readable device.
Specific implementation mode
The utility model is more fully described hereinafter with reference to attached drawing now, in the accompanying drawings, shows that this practicality is new The certain embodiments of type.However, the utility model can be implemented in many different forms, and it should not be construed and be limited In embodiment set forth herein;On the contrary, these embodiments are provided as example, so that present disclosure will be It is thorough and complete, and the scope of the utility model is fully conveyed to those skilled in the art.It is identical through specification Number refers to identical element.
Embodiment proposed in this paper is related to physics voucher, which includes:Include the first optical code of public key And the second optical code comprising corresponding private key.Second optical code is covered by removable opaque covering.It uses The physics voucher can use and (manifest) public key by key pair (and physics voucher obtained from) and target device It is associated to control access to which.Then target device is protected so that only just allow further to access by providing private key Target device.In this way, physics voucher can be distributed in any suitable manner, and recipient is it is believed that only The second optical code is not manifested also, third party cannot access target device.This provided to the user intrinsic trust and Regard.Moreover, the second optical code can be read by smart phone (or similar devices), then the smart phone is (or similar Equipment) it can be communicated with target device, to eliminate or reduce the needs that target device provides the user interface of own.
Fig. 1 is the schematic diagram for showing the environment that can apply embodiment proposed in this paper.Physics voucher 1 includes first Code 10 and second code 11.Physics voucher 1 is also referred to as key bill.First code 10 and second code 11 are both machines The readable optical code of device, for example, matrix bar code such as QR (quick response), PDF (portable data file) 417, A Zite Gram or one-dimensional bar code such as UPC (Universial Product Code), EAN (European Product Number), code 39 or code 128.First Code 10 and second code 11 can even is that the machine readable printed text using optical character identification (OCR).However, item The reliability of shape code is more suitable for optical apparatus reading, and matrix bar code can potentially indicate bigger than one-dimensional bar code Number.
With connection or integrated camera/scanner code reader 2 can read first code 10 and the second generation Code 11.Code reader 2 may, for example, be smart phone, tablet computer, general-purpose computer or electronic lock.
Code reader 2 can be communicated by communication link 4 with target device 3.Communication link 4 can be for example originally Ground link reduces eavesdropping risk by bluetooth or BLE (Bluetooth Low Energy).Alternatively, communication link 4 can be in wide area network Such as on internet, to allow the telecommunication between code reader 2 and target device 3.
Target device 3 is to control any suitable equipment accessed to it using physics voucher 1.For example, target device can To be the equipment in Internet of Things (IoT) environment.Note that physics voucher 1 can optionally be configured for multiple target devices 3, Wherein, each target device will work as described herein.For example, there may be several targets of the lock as building to set Standby 3, all these target devices 3 can be controlled using physics voucher 1.
Fig. 2A to Fig. 2 B is the Fig. 1 respectively illustrated with opaque covering 12 and without opaque covering 12 The schematic diagram of physics voucher 1.Physics voucher 1 can be provided for example in the form of card, to allow such as passing in target device The simple regulation of middle offer is provided, and allows for example easily to distribute in mail.If distributing physics voucher in mail, Then mail can be sent by the registered mail with limited delivering, so that it is guaranteed that recipient is strictly desired reception Person.
With reference first to Fig. 2A, physics voucher 1 includes first code 10 and second code 11.As described above, first code 10 It is both machine readable optical code with second code 11.Both first code 10 and second code 11 both are set to can not The code of change.For example, both first code 10 and second code 11 can be printed codes.
First code 10 includes the public key of encryption key pair, and second code 11 includes the private key of identical encryption key pair. First code 10 may include other data in addition to public key, and second code 11 may include other numbers in addition to private key According to.
Second code 11 in Fig. 2A is covered by opaque covering 12.Opaque covering 12 can be by user at least portion Ground is divided irreversibly to remove, to manifest second code 11.In this way, anyone can be by checking opaque covering The situation of object 12 checks whether the second code 12 of physics voucher 1 has exposed.
As long as second code 11 can be manifested, there is no need to be completely removed by user for opaque covering 12.
Opaque covering 12 can be so-called scraping covering, similar to the covering applied in scraping lottery ticket.So Afterwards, it can be dismantled by user's scratch-off surface.
In one embodiment, opaque covering 12 is using the form with many pasters linearly perforated, setting At so that it is practically impossible to attach paster again to cover second code 11.
First code 10 is not provided with any opaque covering, and therefore can read, and executes and appoints without user What opens (such as scraping) action.
In fig. 2b, opaque covering 12 has been removed, and thus second code 11 is visible, and can be read by code Device 2 is read to read.
Several embodiments will now be described to illustrate that in the cards some are beneficial using physics voucher proposed in this paper Aspect.A to Fig. 2 B describes embodiment referring to Figures 1 and 2.
First embodiment is related to configuring electronic lock, wherein therefore electronic lock is target device 3.In this embodiment, Electronic lock will be installed in this green emerald green family.This is older for green kingfisher, and inadaptable using electronic equipment, and such as intelligence is electric Words and computer.
As described above, electronic lock has been delivered physics voucher 1.Electronic lock is installed by setter.Once electronic lock is by physics It installs, then setter uses the software application (also referred to as app) in his/her smart phone to be read as code reader 2 Take the first code 10 of physics voucher 1.The public key of the key pair of app extracts physicals voucher 1 in code reader 2.
Then, the app in code reader 2 is communicated (such as passing through BLE) with electronic lock 3 so that electronic lock 3 is arranged The owner.The owner is identified by means of public key.
After the owner is arranged in electronic lock 3, the code reader for only private key being used to provide certification can match Set electronic lock.
Setter by physics voucher give it is green it is emerald green this and leave.Green emerald green this gives physics voucher 1 to her daughter Anna now To configure electronic lock.
Anna removes the physics covering 12 of physics voucher 1 to manifest second code 11.Anna uses her intelligence electricity The app in (another example as code reader 2) is talked about to read the second code 11 of physics voucher 1.Code reader 2 with The private key of the key pair of this mode extracts physical voucher 1.
Then, the app in the smart phone 2 of Anna is communicated (such as passing through BLE) with electronic lock 3, to use private key (such as by by digital signature applications in the data provided by electronic lock) is come certification oneself.It is for example logical and if only if electronic lock 3 It crosses when possessing the private key with public key match using public key verifications signature to verify the app, electronic lock 3 allows the intelligence electricity of Anna The setting in app modification electronic locks 3 in words 2.Electronic lock 3 for example may be configured to be arranged now the new owner (for example, The smart phone of Anna) and new key devices are installed, for example, the green emerald green key card that this can be used.
Since Anna and emerald green these of Bi can check that opaque covering 12 is not damaged also, so they can determine not There are other people to access electronic lock.
In similar with first embodiment but second embodiment applied to any target device, physics voucher can be with It is used to configure new electronic equipment, i.e. target device 3 in an identical manner.Target device 3 for example during fabrication with physics The public key of the key pair of voucher is associated.Physics voucher 1 can be provided in the box comprising target device 3.Target device can Only to be configured (for example, via as smart phone described in first embodiment) by providing private key.With this side Formula, the covering 12 in second code by verifying physics voucher 1 is complete, can ensure that nobody had previously matched to user Set the equipment.
In addition, if user needs to configure multiple target devices but do not have time or wish to execute the task, can incite somebody to action The physics voucher of all these target devices is supplied to third party, to allow third party to execute the task of configuration target device.
In the variant of second embodiment, physics voucher 1 provides in the registered mail with limited delivering.This allows to supply Quotient is answered to firmly believe that only specific people permits access to configure target device.
Second embodiment can be used for any suitable electronic equipment.This is in each family and user to more and more It is particularly suitable in the responsible Internet of Things concept of electronic equipment.
In addition, in this second embodiment, since target device, mesh can be configured using the app of smart phone Marking device can be not provided with any user interface.
In the third embodiment, physics voucher 1 is used as access voucher (the fallback access that retract credential).It is, for example, possible to use the method for the prior art or configuring mesh by means of the first physics voucher as described above Marking device.Then, the second physics voucher may be configured to allow to access, and be come as described above using the public key of the second physics voucher It is configured.
It is then possible to the second physics voucher is stored in safe place, and if user forgets Password or with it Its mode has lost the access rights to target device, then user can obtain the second physics voucher, and removal is opaque to be covered The second code 11 (for example, using the app on smart phone) of the exposure of cover material 12 and the second physics voucher of use, to weight Newly it is able to access to configure target device.
At this point, if there is user available third physics voucher, third physics voucher may be configured to use the The first code 10 (including public key) of three physics vouchers accesses to provide new rollback.
Usually, by providing public key and capped private key on same physics voucher, the case where not damaging trust Lower configuration target device becomes very convenient.User can trust has used private key to carry out target device without either party Control, for example, obtaining ownership control.In other words, can be inferred that in the recipient of physics voucher has been made even if public key With but in the case that nobody sees private key, public key can be used before anyone sees corresponding private key.
Physics voucher can be produced in batches in advance, and each physics voucher can use public affairs as described above when needed Key comes associated with particular target device.
Fig. 3 is the signal for the voucher provider 5 for showing the physics voucher for providing Fig. 1 according to one embodiment Figure.
Voucher provider 5 is for providing and (manufacturing) the physics voucher 1 from voucher blank 15.Voucher blank 15 neither has There is first code 10 also not have second code 11.
Voucher blank can be manufactured in a manner of being difficult to forge, such as bank money.It is, for example, possible to use such as water The technologies such as print, special paper, hologram ensure that without other people the voucher blank of forgery can be manufactured and seem by voucher The physics voucher of provider manufacture.This improve when people receive the physics of the second code including first code and covering with Degree of belief when card, because the personnel can trust nobody and can use the voucher provider of personal code.
For being supplied to each voucher blank 15 of voucher provider 5, voucher provider to print first code 10 and second Code 11 simultaneously further provides opaque covering 12 in second code 11.
Fig. 4 is the flow chart for showing the physics voucher for providing and (manufacturing) Fig. 1 according to one embodiment. This method is executed in the voucher provider of Fig. 3.
In the step 40 for obtaining key pair, the acquisition of voucher provider includes the encryption key pair of public key and private key.
The acquisition can be based on the voucher provider for generating key pair.Key pair can be based on generating random number, this is random Number comes from hardware-implemented special random number generator.Alternatively, pseudo random number can be used.Real random number provides Higher safety, and can be realized for this purpose using specific hardware.Many integrated circuits are such as from north The nRF52 of Europe semiconductor has such specialized hardware.By generating key pair in voucher provider, key pair need not be with Any mode carries out the communication for being possible to potentially be ravesdropping.Therefore, voucher provider may be configured so that key pair or The private key of at least key pair exists only in physics voucher sheet.In addition to as second under opaque covering on physics voucher Except a part for code, private key is not necessarily present in Anywhere.Voucher provider can be not provided with network insertion, to reduce Any attacker is able to access the risk of private key.
In one embodiment, private key is firstly generated, and public key is calculated based on private key.
In the step 42 for providing first code, voucher provider provides first code in voucher blank can as machine Read optical code, wherein first code includes public key.This can be for example by printing first code come complete in voucher blank At.
In the step 44 for providing second code, voucher provider provides second code in voucher blank space can as machine Read optical code, wherein second code includes private key.This can be for example by printing second code come complete in voucher blank At.
Note that the sequence executed in step 42 and 44 is not important.
In the step 46 for providing opaque covering, voucher provider provides opaque covering on the second optical code Object, opaque covering can irreversibly be removed by user, and first code is not provided with any opaque covering.
Fig. 5 is the schematic diagram of the component for the voucher provider 5 for showing Fig. 3 according to one embodiment.Processor 60 Using being able to carry out the suitable central processing unit (CPU) of the software instruction stored in memory 64 67, multiprocessor, micro-control One or more of device processed, digital signal processor (DSP), application-specific integrated circuit etc. arbitrary combination (its thus can be Computer program product) it provides.Processor 60 may be configured to execute the method described above with reference to Fig. 4.
Memory 64 can be the arbitrary combination of random access memory (RAM) and read-only memory (ROM).Memory 64 Further include permanent memory, such as can be the memory of magnetic memory, optical memory, solid-state memory or even Remote Installation In any individual one or combination.
Data storage 66 is also configured to for reading and/or storing number during executing software instruction in processor 60 According to.Data storage 66 can be the arbitrary combination of random access memory (RAM) and read-only memory (ROM).
Voucher provider 5 includes still optionally further the I/O interfaces 62 for being communicated with other external entities.It can replace Selection of land, I/O interfaces 62 further include user interface.
Printing machine 61 includes the component for the readable optical code of printing press in voucher blank.Printing machine 61 further includes Component for providing opaque covering on the second optical code.
The other component of voucher provider 5 is omitted, in order to avoid obscure concept proposed in this paper.
Fig. 6 shows an example of the computer program product including computer readable device.It is computer-readable at this In equipment, computer program 91 can be stored, which can be such that processor executes according to embodiment party described herein The method of formula.In this example, computer program product is such as CD (compact disk) or DVD (digital versatile disc) or Blu-ray disc CD.As described above, computer program product can also be included in the computer program product of memory such as Fig. 5 of equipment In 64.Although computer program 91 is shown schematically as the track on shown CD herein, computer program can To be stored to be suitable for any way of computer program product, solid-state memory, such as universal serial bus such as can be removed (USB) driver.
The utility model is described above primarily with several embodiments.However, as those skilled in the art are easy reason It solves, the other embodiment other than embodiments disclosed above is equally possible to be limited by appended patent claims In fixed the scope of the utility model.

Claims (8)

1. a kind of physics voucher (1), including:
First code (10) is machine readable optical code, wherein the first code includes the public key of encryption key pair; And
Second code (11) is machine readable optical code, wherein the second code includes the private of the encryption key pair Key;
Wherein, the second code (11) is covered by opaque covering (12), and the opaque covering (12) can be at least Partly irreversibly be removed to manifest the second code (11), and the first code (10) be not provided with it is any Opaque covering.
2. physics voucher (1) according to claim 1, wherein the opaque covering (12) is can to pass through user The covering for scraping and removing.
3. physics voucher (1) according to claim 1 or 2, wherein the machine readable optical code is matrix stripe shape Code.
4. physics voucher (1) according to claim 1 or 2, wherein the physics voucher is implemented as card.
5. physics voucher (1) according to claim 3, wherein the physics voucher is implemented as card.
6. the physics voucher (1) according to claims 1 or 2 or 5, wherein the first code and the second code two Person is printed code.
7. physics voucher (1) according to claim 3, wherein the first code and the second code are both Printed code.
8. physics voucher (1) according to claim 4, wherein the first code and the second code are both Printed code.
CN201820035452.7U 2017-12-11 2018-01-09 Physics voucher including encryption key pair Active CN207884641U (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
EP17206424.8 2017-12-11
EP17206424 2017-12-11

Publications (1)

Publication Number Publication Date
CN207884641U true CN207884641U (en) 2018-09-18

Family

ID=60654848

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201820035452.7U Active CN207884641U (en) 2017-12-11 2018-01-09 Physics voucher including encryption key pair

Country Status (2)

Country Link
CN (1) CN207884641U (en)
WO (1) WO2019115469A1 (en)

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2509275A1 (en) * 2011-04-04 2012-10-10 Buntinx Method and system for authenticating entities by means of mobile terminals

Also Published As

Publication number Publication date
WO2019115469A1 (en) 2019-06-20

Similar Documents

Publication Publication Date Title
US20210226798A1 (en) Authentication in ubiquitous environment
CN101296241B (en) Method for improving identity authentication security based on password card
NZ537305A (en) Passport authentication and verification with machine readable data and chip held biometric certificate
US20140331302A1 (en) Method for securing an electronic document
CN104881648A (en) Fingerprint verification system arranged in valid identity card
CN103020574A (en) OTP (One Time Password) equipment and method combining photographing and bar code indentifying technologies
WO2017021738A1 (en) Puf based mobile user passport identification system and method
EP2930663A1 (en) Electronic circuit chip for an RFID tag with a read-only-once functionality
CN113570387A (en) Artwork tracing method based on block chain and electronic equipment
EP2770484A1 (en) Reader for a document, method for reading a data object and computer program product
US20070061868A1 (en) One-time password client
DE102021127716A1 (en) SECURE IDENTIFICATION OF A PCB
CN207884641U (en) Physics voucher including encryption key pair
CN101304315A (en) Method for improving identification authentication security based on password card
Atanasiu et al. Biometric passports (ePassports)
EP4162646A2 (en) Blockchain supported banknote
EP2774074B1 (en) Document, process for authenticating a user, more particularly for releasing a smart-card function, and computer system
JP3636898B2 (en) Information card and information card system
CN101304316B (en) Method for improving identification authentication security based on password card
CN101304317B (en) Method for improving identification authentication security based on password card
CN109146022A (en) Method and system based on living things feature recognition identity information
CN101304422A (en) Method for improving identification authentication security based on password card
EP2234030B1 (en) Chip card, computer system, method for activating a chip card and method for personalising a chip card
EP1746529A1 (en) Smart card and method and system for authentication thereof
EP3061041B1 (en) Document with contactless chip card interface and electronic system

Legal Events

Date Code Title Description
GR01 Patent grant
GR01 Patent grant