CN100375111C - Method for anti false verification based on identification technique in radio frequency, and anti false system - Google Patents

Method for anti false verification based on identification technique in radio frequency, and anti false system Download PDF

Info

Publication number
CN100375111C
CN100375111C CN 200510027605 CN200510027605A CN100375111C CN 100375111 C CN100375111 C CN 100375111C CN 200510027605 CN200510027605 CN 200510027605 CN 200510027605 A CN200510027605 A CN 200510027605A CN 100375111 C CN100375111 C CN 100375111C
Authority
CN
China
Prior art keywords
security
product
information
area
address
Prior art date
Application number
CN 200510027605
Other languages
Chinese (zh)
Other versions
CN1728162A (en
Inventor
王俊宇
昊 闵
Original Assignee
复旦大学
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 复旦大学 filed Critical 复旦大学
Priority to CN 200510027605 priority Critical patent/CN100375111C/en
Publication of CN1728162A publication Critical patent/CN1728162A/en
Application granted granted Critical
Publication of CN100375111C publication Critical patent/CN100375111C/en

Links

Abstract

本发明属于产品防伪技术领域,具体为一种基于射频识别技术的防伪系统及防伪验证方法。 The present invention belongs to the field of anti-counterfeiting technology, security system, particularly a radio frequency identification technology and security authentication method is based. 本发明中,防伪系统至少包括射频识别电子标签的存储器,读写器和防伪信息服务系统。 In the present invention, the security system comprising at least a memory, the reader and the security information service system of the radio frequency identification tag. 该存储器至少被划分为:基本信息区、数字签名区、防伪认证服务器地址索引区和产品历史区。 The memory is divided into at least: basic information area, a digital signature area, security authentication server address and index products Historic District area. 数字签名区存储制造商用私钥对产品基本信息提取并加密生成的数字签名,产品历史区记录物流跟踪信息的基本数据,防伪认证服务器地址索引区存储服务器的地址和地址偏移量,采用分级认证的方式。 Producing commercial digital signature private area stores basic information of the product and extracting the encrypted digital signature generated, the product stream trace history record area basic data, the security server authentication server address index area storing the address and the address offset, hierarchical certification The way. 本发明通过采用RFID自动识别技术、数字加密技术对商品进行唯一识别,且自身不易被仿冒,从而有效是解决商品防伪问题。 The present invention is automatically identified by using RFID technology, digital encryption technology unique identification of commodities, and is itself easy to counterfeit, so as to effectively solve the problem of security of goods.

Description

一种基于射频识别技术的防伪验证方法及防伪系统技术领域本发明属于产品防伪技术领域,具体涉及一种产品防伪验证方法及防伪系统,尤其涉及一种基于射频识别技术的防伪验证方法及防伪系统。 BACKGROUND based on RFID security authentication method and security system of the present invention belongs to the field of anti-counterfeiting technology, particularly relates to a product security system and a security authentication method, particularly to a method of security authentication and RFID technology based security system . 背景技术商品伪造问题正日益成为全球经济领域面临的严重问题,各国经济都不同程度受到假冒伪劣产品的侵扰。 BACKGROUND commodity counterfeiting problems are becoming serious problems facing the global economy, national economies have been suffering harassment fake and shoddy products. 商品伪造不仅出现在音乐,软件和贵重商品等领域,从食品、曰用消费品到生产资料,从钞票、有价证券到各种证件、证书,从技术含量低的产品到高新技术产品,都不同程度受到假冒伪劣产品的冲击。 Counterfeit goods not only in the field of music, software and other precious commodities, from food, to say with consumer goods production, from bank notes, securities to a variety of documents, certificates, from low-tech products to high-tech products, are different the degree of impact of fake and shoddy products. 目前世界上包装印刷的假冒制品仍在以每年至少20%的速度递增,假冒伪劣商品在世界市场上日趋泛滥,成为人类的公害。 Currently the world's packaging and printing counterfeit products is still growing at least 20% per year, the increasingly rampant counterfeit and shoddy goods on the world market and become human pollution. 目前常用的防伪技术主要是通过在商品和包装上附加物理特性或者通过数码防伪技术来区分假冒伪劣商品。 Currently used by the additional anti-counterfeiting technology is mainly in the physical characteristics of goods or the packaging and to distinguish counterfeit goods through digital security technology. 其中附加物理属性主要有纸基防伪技术、油墨基防伪技术、 全息防伪技术、凹版印刷防伪技术、电话电码防伪技术等,附加物理属性的防伪技术存在着成本较高、本身容易伪造的缺陷。 Wherein the additional physical properties of anti-counterfeiting technology mainly paper base, ink-based security technology, holographic anti-counterfeiting technology, security gravure printing technology, telephone technology, security codes, additional physical properties of anti-counterfeiting technology there is a high cost, easy to falsify defect itself. 数码防伪技术中常见的是"中心数码防伪技术", 编码由中心数据库完成,并将所有入网产品的防伪编码存储于中心数据库中,中心数据库把消费者査询时发送的编码于数据库编码进行对比,若库中存有该编码,语音提示为正牌产品编码,否则提示为编码错误,谨防假冒。 Digital security technology in common is the "center of digital security technology", coding is done by a central database, and in a central database, code sent when the central database to the consumer compared to a database query code for all network storage products, security code If the library there coding, voice prompts for the genuine product code, or suggestive of coding errors, Beware of imitations. 同一编码若再次査询,系统提示该编码己被査询过,谨防假冒。 If the same coding query again, suggesting that the coding system has been queried, guard against counterfeiting. 中心数码防伪技术是密码学与中心数据库结合型数码防伪系统。 Center for Digital anti-forgery technology is the combination of cryptography and the central database type digital security system. 这类系统的防伪编码直接在生产标识物的印刷厂或生产企业的生产线上产生,并直接覆盖在标识物上或喷印在产品上进入市场,防伪中心不存储编码,它只对消费者查询时发送来的编码进行验证,中心数据库只对验证过的编码进行记录并再次加密。 Such systems security code directly in the printing or production enterprises production line markers produced, and directly over the marker or printing on products entering the market, security center is not stored coding, only to consumer inquiries when the transmitted encoded authentication, only the central database record validated encoded and encrypted again. 生产企业自建防伪系统。 Manufacturers self-built security system. 这类系统的编码由企业自己产生并储存,消费者可以通过电话和互联网进行防伪査询。 Encoding such systems produced and stored by the enterprises themselves, consumers can be security check by telephone and the Internet. 数码防伪技术的缺陷在于-1)防伪标识本身的技术含量低:数码标识的标识物为防伪编码的载体,防伪编码是通过标识物标识在产品上。 Defects that digital security technology -1) and low-tech security identification itself: digital identification marker is a security code vector, the security code is identified by the product identifier. 标识物本身防伪功能非常有限,目前市场上大多数数码防伪标签本身容易被伪造,而且防伪标签并不精美,不适合作为包装要求精美的产品贴标。 Logo itself is very limited security features, currently on the market most of the digital security labels itself easily forged, and security labels is not fine, not suitable as a fine product labeling packaging requirements.

2) 査询率低;査询率低是目前数码防伪普遍存在的问题。 2) query rate is low; digital security query rate is a common problem. 商场、商店未提供査询工具,査询不方便;另外,査询成本过高,有些防伪公司利用声讯台作为消费者查询的主要平台,因为覆盖的范围窄,电话相对较少,加之高额声讯电话费用,导致査询率低, 目前许多防伪公司已经推出利用手机短信功能查询商品真伪的方法,査询率有望提高。 Shopping malls, stores did not provide query tool query is not convenient; In addition, the high cost of inquiries, some security companies use voice platform as a major platform for consumer inquiries, because of the narrow scope of coverage, relatively few phones, coupled with the high voice telephone charges, cause the query rate, many companies have introduced anti-counterfeiting method using a mobile phone text-messaging capabilities query the authenticity of goods, the query rate is expected to increase. 3) 标识方法单一:除了少数防伪公司实现了在生产线上直接打码外,绝大多数公司只用防伪标签一种标识方法,这样使得在数量庞大、高速流水线生产,低附加值的商品上无法应用,如饮料,小袋食品,巻烟等。 3) identify a single method: except for a few security company achieved a direct hit on the production line code, the vast majority of companies only method of identifying a security label, so that a large number of high-speed production lines, low value-added goods can not applications such as beverages, food pouch, Volume and smoke. 4) 机器无法识读:目前市场上能满足消费者查询的数码防伪标识,均无法进行机器读取,极大地阻碍了数码防伪技术的推广和应用。 4) The machine can not Read: Currently on the market to meet consumer digital identification security queries are unable to read the machine, which greatly hindered the promotion and application of digital security technology. 上述两类技术都未能从根本上解决技术容易被仿冒、重复使用包装以及识别麻烦等问题。 These two types of technology have not been able to solve the technical fundamentally easy to counterfeit, reusable packaging and identifying problems and other issues. 为了达到商品防伪的目的,需要解决如下问题:防伪标签的身份认证;商品生产者的不可抵赖性;标签本身的不可伪造性;防伪系统的安全性。 For the purpose of commodity security, the need to address the following issues: authentication security labels; non-repudiation of commodity producers; not counterfeit labels itself; the security of the security system. 另外,目前的防伪验证通常采用一级防伪服务器,随着防伪验证的自动化和防伪验证信息量的倍增,势必造成服务器的瘫痪,所以有必要寻求一种有效的解决方式来缓解主防伪服务器的压力。 In addition, the current security verification usually a security server, with the multiplication of security verification automation and security verification information is bound to cause paralysis of the server, it is necessary to find an effective solution to ease the pressure on the primary server security . 发明内容本发明的主要目的是提出一种基于射频识别(RFID)技术的防伪验证方法,通过结合产品的唯一编码技术、RFID自动识别技术、数字加密技术可以对商品进行唯一识别, 且自身不容易被仿冒,而且可以记录产品的流通历史,并对商品的来源和供应渠道进行跟踪,是解决商品防伪问题的一种有效途径;同时提出一种基于射频识别(RFID)技术的商品防伪系统,采用分级认证的方式,避免主服务器的数据堵塞,通过设置不同的基址,不同级别的偏移量和不同的偏移量的大小就可以使得地址索引指向不同地址的防伪认证服务器,这样做的好处在于可以避免所有需要进行防伪验证的产品访问同一个防伪服务器而造成的数据堵塞,并且便于对需要防伪的产品进行分类管理。 SUMMARY OF THE INVENTION The main object of the present invention is to propose a method of security verification a radio frequency identification (RFID) technology based on,, the RFID automatic identification technology, digital encryption techniques may be uniquely identified by a unique product coding technologies products, and is not itself readily counterfeiting, and can record the history of the circulation of goods, and to track the sources and channels of supply of goods is an effective way to solve the problem of counterfeit goods; at the same time propose a commodity security system based on radio frequency identification (RFID) technology, using authentication hierarchical manner, the master data server to avoid clogging by providing a different base address, offset and different size of the offset can be different levels of security such that the index points to an address different from the address of the authentication server, the benefits of doing so All that avoids the need for security verification of the product with a security server to access data caused by blockage, and ease the need for security of product category management. 本发明的目的是通过如下技术方案实现的:一种基于射频识别技术的防伪验证方法,射频识别电子标签的存储器至少被划分为:基本信息区、数字签名区和产品历史区;基本信息区,存储产品代码,即唯一编码,包括制造商代码和可区别单个物品的序列号;数字签名区,存储制造商用私钥对产品基本信息提取并加密生成的数字签名;产品历史区,记录物流跟踪信息的基本数据,在产品经过供应链中每一个预先设定的物流环节时,经过授权的读写器将在物流信息跟踪区写入操作的相关信息,如操作的时间,读写器的识别号(ID号)等: Object of the present invention is achieved by the following technical solutions: a security verification method based on radio frequency identification technology, radio frequency identification tag of the memory is divided into at least: basic information area, the digital signature region and product history region; basic information region, stores product code, i.e., the unique code includes the serial number and manufacturer code distinguishable single item; digital signature area, storing the private key of the commercial product manufactured basic information extracted and generated encrypted digital signature; product history area, tracking information recorded stream identification number of basic data, information related to each of a predetermined part stream, the authorized reader writes information tracking area in the product stream through the supply chain, such as operating time, the reader (ID number) or the like:

验证流程至少包括: .步骤一,标签初始化,基本信息唯一编码写入,生成数字签名,建立商品的历史文件;步骤二,在经过每一个预先设定的物流环节时,经过授权的读写器将在物流信息跟踪区写入操作的相关信息:步骤三,读写器读取电子标签,向可以信任的认证中心提出检验申请,认证中心通过解读数字签名,对物品身份进行数字认证,若数字签名相符则进行步骤四,若不相符则产生伪造产品报警;步骤四,査询产品历史区的信息,然后判断该产品的物流跟踪信息与预先设定的跟踪信息是否相符,相符则通过,不相符则产生伪造产品报警。 Verification process comprising at least: a step, label initialization, write basic information of the unique code, to generate a digital signature, establish a history file of goods; two step, when the stream through each link preset authorized reader Related information write operation in the area of ​​logistics information tracking: step three, the reader reads the tag, made an application for examination, certification centers by reading the digital signature to a trusted certification center, digital identity authentication of items, if digital step four is performed signatures match, if match is generated alarm counterfeit products; step four, the product history inquiry information area, and then determines the product stream trace information and tracking information are consistent with a preset, through consistent, not an alarm is generated consistent counterfeit products. 所述的数字签名通过数字指纹技术和"公共密钥技术"的组合来实现,在制造商处, 首先用HASH函数SHA-1生成产品编码的数字摘要,然后采用RSA算法用制造商的私有密钥对数字摘要进行加密,生成数字签名。 The digital signature by a combination of fingerprinting and "public key technology", at the manufacturer, with the first digital digest HASH function SHA-1 generates a product code, and then uses the RSA algorithm with the manufacturer's private secret key to encrypt digital digest, to generate a digital signature. 公共密钥技术使用一个公共密钥与一个私有密钥,其中公共密钥公开而私有密钥保密,私有密钥用于加密和签名,而公共密钥用于解密;制造商的私有密钥只能由制造商自己使用,公开密钥可以由多个验证机构使用。 Technology uses a public key a public key and a private key, wherein a public key and a private key is disclosed confidential private key for signing and encryption, and a public key for decryption; manufacturer private key only can be used by the manufacturers themselves, the public key can be used by more than one authentication mechanism. 所述的解读数字签名,对物品身份进行数字认证,至少包括-在进行防伪验证时,验证方使用HASH函数SHA-1生成产品唯一编码的数字摘要1, 同时利用RSA算法以制造商的公开密钥对数字签名进行解密操作,获得产品唯一编码的数字摘要2,如果数字摘要1与数字摘要2相同,则签名有效。 Interpretation of the digital signature, digital authentication identity of the article, at least comprising - security during authentication, the authenticator using digital digest HASH function SHA-1 generates a unique code to a product, while utilizing the RSA algorithm to the manufacturer's public encryption key to decrypt the digital signature operation, to obtain a unique code numbers summary of product 2, if the same digital digest 1 and 2 digital digest, the signature is valid. 所述的数字签名在写入电子标签的存储器后被锁定,以后只能进行读操作。 After the digital signature written in the memory of the electronic tag lock, only after the read operation. 所述公共密钥和私有密钥必须由指定的设备和安全系统产生。 The public and private keys must be generated by the specified device and security systems. 产品历史区的存储空间既可以进行读操作,也可以进行写操作。 Historic District of storage products can either be read, you can also write. 所述射频识别电子标签的存储器还包括防伪认证服务器(以下简称服务器)地址索引区,该地址索引区保存防伪认证服务器的IP地址以及IP地址的索引,通过上述索引, 可以指示保存产品检测信息文件的服务器地址,O级地址索引指的是直接标识防伪服务器的IP地址,1级及1级以上的地址索引则包含一个检索的基址和若干级的偏移量。 The electronic RFID security tag memory further comprises an authentication server (hereinafter referred to as server) address index area, the storage area IP address of the index address security authentication server and the IP address indexed by the index, product testing may indicate information file stored server address, O-level location identification index refers to a direct security server's IP address, level 1 level 1 and above contains the address index and the base address offset of several stages of a search. -种基于射频识别技术的防伪系统,至少包括电子标签的存储器、读写器和防伪信总服务系统;电子标签的存储器包含基本信息区、数字签名区、防伪认证服务器地址索'JI区和产品历史区;防伪信息服务系统包含产品检测信息文件和认证信息,记录的内容包括巾生产商录入的产品属性、标签的编码、标签的读取时W以及执行读操作的读W器 - kind of security system based on radio frequency identification technology, comprising at least a memory of the electronic tag, reader and security system overall service channels; basic information comprises electronic tag memory area, the digital signature area, security authentication server address search 'JI region and product historical region; product security information service system includes authentication information and detection information file, when reading the recorded content includes towels manufacturer input product attributes, encoded label, and performing a tag read operation W read W is

编号、产品的环境信息等。 Number of environmental information and other products. 信息服务系统可以由可信的生产商或者第三方机构来负责维护,其特征在于:信息服务系统中设置N级防伪服务器,在电子标签的存储器中存储认证服务器的IP地址以及IP地址的索引;O级地址索引指的是直接标识防伪服务器的IP 地址,1级及1级以上的地址索引则包含一个检索的基址和若干级的偏移量,N级索引的商品防伪,可以通过访问基址指向的服务器,再参照N级的偏移量得到实际的防伪服务器的IP地址,通过上述索引,可以指示保存产品检测信息文件的防伪认证服务器地址。 Information service system may be responsible for the maintenance of the manufacturer or by a trusted third party, wherein: the information service system is provided N-level security server, the IP address and the index in memory of the electronic tag authentication server storing an IP address; O level location identification index refers to a direct security server's IP address, level 1 level 1 and above contains the address index and the base address offset of several stages of a search, N goods security level index can be accessed by a group access point to the server, referring again to obtain an N-stage offset the actual IP address of the security server by the index, the authentication server may indicate the address stored security product testing information file. 所述IP地址以及IP地址索引的数值事先由防伪系统的实施者来确定,地址索引在写入电子标签后被锁定,以后只能进行读操作。 The IP address and the IP address index value is determined in advance by the implementer of the security system, after writing the address of the index tag lock, only after the read operation. 采用RFID技术进行商品防伪和安全管理具有如下优势:1) 本身具有很好的防伪特性。 The use of RFID technology for security and security management product has the following advantages: 1) itself has good security features. 现有技术难以仿制,仿制设备或手段的成本高,对仿制者技术能力的要求非常高。 Difficult to imitate art, high-cost generic device or means, the requirements of imitators technical ability is very high. 芯片设计和制造技术是非常复杂的高尖端技术、必须具备高尖端的人才(培养期十五年以上)、昂贵的设计工具(几十万到上千力-美金)、巨额的设备投资(国际上一个晶圆厂的投资额通常是十亿美元,即便是买淘汰的生产线的投资是几亿人民币。)、复杂的技术壁垒及学习曲线(在半导体芯片制造领域的知识产权数量全球每年是几十万、在此领域经验很重要,新手成功率不高)。 Chip design and manufacturing technology is very complex, highly sophisticated technology, must have a highly sophisticated talent (training period of more than fifteen years), expensive design tools (force hundreds of thousands to thousands - of dollars), a huge investment in equipment (International investment on a wafer fab is usually one billion US dollars, even if the investment is to buy out the production line is hundreds of millions of yuan.), complex technical barriers and learning curve (the number of global semiconductor chip manufacturing in the field of intellectual property is a few per year thousands, experience is very important in this field, the novice success rate is not high). 2) 通过自动识别的手段可以提高工作效率,对于生产线的安全管理或者人员管理等具有独到的优势。 2) can improve efficiency by means of automatic identification, for security management or the personnel management and the like of the production line has unique advantages. 3) 因为是以数字形式传输数据,便于结合现有的互联网技术、信息安全技术等数字技术构造信息服务系统,便于信息处理。 3) Because the data is transmitted in digital form, to facilitate the binding of the prior art Internet, information security technology, digital technology information service system is configured to facilitate information processing. 基于RFID的防伪系统可以较好地解决传统防伪技术的识别手段落后、识别速率低等缺陷,而且本身不易被伪造。 RFID can solve the security system based on the recognition of anti-counterfeiting technology behind conventional means, identifying low defect rate, but is itself difficult to be forged. 附图说明图1为基于RFID的商品防伪系统框图; 图2为签名和认证过程示意图;图3为包含一级索引的RFID防伪系统数据流图; 图4为基于RFID的商品防伪系统工作流程图。 Figure 1 is a block diagram of a product security system based on RFID; FIG. 2 is a schematic view of a signature and authentication process; FIG. 3 is a data flow diagram RFID security system comprising an index; FIG. 4 is a flow chart of the product security system based on RFID . 具体实施方式以下结合附图详细说明本发明的技术方案。 DESCRIPTION aspect of the present invention are described below in conjunction with the accompanying drawings embodiments. 基于RFID的商品防伪系统框架如图l所示。 Product security system based on RFID framework as shown in FIG. L. 该系统包括RFID基本系统,企业应用程序和信息服务系统。 The system includes RFID basic systems, enterprise applications and information systems services. 其中RFID基本系统可以在授权的情况下对资源进行操作,信息服务系统包含产品检测信息和认证信息,记录的内容包括由生产商录入的产品属性,标 Wherein the basic RFID system of resources in the case of an authorized operator, information service system includes authentication information and detection information item, the recorded content comprising input product attributes provided by the manufacturer, standard

签的编码和读写器的编码以及标签的读取时间,产品的环境信息等,信息服务系统可以由可信的生产商或者第三方机构来负责维护。 Sign reading time coding and coding and label reader, environmental and other information products, information service system by a trusted manufacturer or third-party organization to be responsible for maintenance. 当商品在供应链中流、通时,授权的读写器将对电子标签进行读写操作,执行上述操作的读写器编号和操作时问等倌息将会记彔在电子标签的物流信息跟踪区中。 When 彔 logistics information in the electronic tag to track goods in the supply chain when flowing through the authorized electronic tag reader will read and write operations, the above-described operation is performed, and ask the reader ID information and the like will be referred to during operation groom area. 在电子标签初始化时,将标签芯片的存储器划分为若千个区。 When initializing the electronic tag, the tag chip memory is divided into zones, if one thousand. 本发明将电子标签存储器进行如下分区:基本信息区、数字签名区、防伪认证服务器地址索引区和产品历史区。 The invention will be electronic tag memory is partitioned as follows: basic information area, a digital signature area, security authentication server address and index products Historic District area. 1) 基本信息区,存储产品代码,包括制造商代码和可区别单个物品的序列号,是产品的唯一标识。 1) the basic information region storing product code, comprising a manufacturer code and a difference between a single item sequence number is a unique identifier of the product. 首先需要给每一个产品进行代码分配,编码规则可以根据通用的编码规则,或者根据行业的编码规则,建立对单品的唯一标识,将编码写入电子标签。 First, the need for the code assigned to each product, according to common coding rules coding rules, or according to the coding rules of the industry, the establishment of a single product that uniquely identifies the code into the electronic tag. 目前国际上针对单品的编码规则主要有EPC编码和UID编码等,但对于特殊商品的编码"I以由产品制造商自行设计。基本信息在建立电子标签和产品的关联之前被写入电子标签的存储器,并执行锁定操作,以后只能进行读操作。2) 数字签名区,存储制造商用私钥对产品基本信息进行数字签名。数字签名-般通过数字指纹技术和"公共密钥技术"的组合来实现,即先采用单向函数对产品的基本信息进行数字摘要的提取,然后用"公共密钥技术"算法进行加密。数字指纹只能保证信息的完整性,但不能完成身份认证。通过数字指纹只能保证信息在传输过程中没有被修改,带不能保证信息的来源。数字签名则不但可以实现数据的完整性和不可伪造性, 还能实现不可抵赖性,保证信息来自指定的发送者,这一点对于防伪来说十分重要,它可以保证产品来源的准确性。 Current international rules for coding a single product mainly the EPC and UID coding, but coding for special commodities "I order designed by the manufacturer of the product itself. The basic information is written to the tag before the tag and associated products memory, and locking operation, after only read .2) digital signature area, private storage product manufacturers use basic information digitally sign digital signature - like a digital fingerprint technology and "public key technology" combination thereof, that is, first one-way function for basic information about the product extracted digital digest, and then encrypted using the "public key technology" algorithm. digital fingerprint can only guarantee the integrity of the information, but can not complete the authentication through digital fingerprint can only guarantee that the information has not been modified during transmission, with no guarantee that the source of information. not only can realize the digital signature can not be forged and the integrity of the data, but also to achieve non-repudiation, to ensure that the information from specified senders it is very important for security, it can guarantee the accuracy of the source of the product. 字签名在写入后被锁定,以后只能进行读操作。所谓数字指纹是指通过某种算法对数据信息进行综合计算得到的一个固定长度的数字序列,它与内容高度相关。数字指纹能实现两个目的:数据完整性,如果数据块的内容被改变,则它的数字指纹也会改变;不可伪造性,信息伪造者很难伪造这样的数据信息,使它的指纹与真实信息的数据指纹一模一样。有许多算法能完成数李指纹计箅, 本发明采用SHA-1算法(见附注l)进行数字摘要的提取。典型的"公共密钥技术"有RSA算法和DSA(见附注2)等。公共密钥技术使用一个公共密钥与一个私有密钥,其中公共密钥公开而私有密钥保密。如果某人给你发送的信息使用你的公共密钥加密的,那么只有用你的私有密钥才能正确解密,其他人都无法做到. 反之,如果你用你的私有密钥对信息进行签名,那么其它人能用你的 Digital signature, after writing the lock, can only be read after the so-called digital signature is the digital sequence of a fixed length data computed comprehensive information through some algorithm, it is highly relevant to the content. Digital fingerprint can be realized two purposes: data integrity, if the contents of the data block is changed, then it will change the digital fingerprint; unforgeable data fingerprint information counterfeiter difficult to forge such data, it is true fingerprint information exactly. there are many algorithms to complete fingerprint count Lie grate, the present invention employs the SHA-1 algorithm (see note l) extracting the digital digest typical "public key technology" has the DSA and RSA algorithm (see Note 2), public key technology uses a public key and a private key, which the public key and private key public confidential information using your public key encryption If someone sends you, then just use your private key to decrypt correctly, others can not do. on the other hand, if you use your private key to sign the message, then the other person can use your 公共密钥来检验你的签名,只有你的签名才能通过验证,如果信息被修改或者使用别人的签名,那么检验就会失败。 Public key to verify your signature, your signature can only be verified if the information is modified or using someone else's signature, then the test will fail.

通过"公共密钥技术"和数字指纹技术的组合实现的数字签名具有如下特征:(1) 接收文件者能够核实发送文件者对文件的签名;(2)发送文件者在事后不能抵赖对文件的签名;(3)接收文件者不能伪造对文件的签名。 Characterized by a digital signature having the following composition "public key technology" fingerprinting and implemented: (1) receives transmitted document file to verify the signature on the document; (2) send the file by the file afterwards can not deny the signature; (3) to receive the file can not forge signatures on documents. 签名和认证的过程如图2所示,本发明采用SHA—1散列函数和RSA算法的组合进行产品的数字签名。 Signature and authentication process shown in FIG. 2, the present invention employs a combination of SHA-1 hash function and digitally signing RSA algorithm products. 在制造商处,首先用HASH函数SHA-l生成产品编码的数字摘要, 然后采用RSA算法用制造商的私有密钥对数字摘要进行加密,生成数字签名。 At the manufacturer, first generating HASH function SHA-l product encoded digital digest, and then using the RSA algorithm to encrypt digital digest with the private key of the manufacturer, generating a digital signature. 在电子标签上将同时保存数字签名和产品的编码。 While preserving digital signature and encoding products on the label on the electron. 在进行防伪验证时,验证方使用HASH函数SHA-1 生成产品ID号的数字摘要1,同时利用RSA算法以制造商的公开密钥对数字签名进行解密操作,获得产品ID号的数字摘要2,如果数字摘要1与数字摘要2相同,则签名有效。 During security authentication, the authenticator using digital digest HASH function SHA-1 generates a product ID No. 1, while using the RSA public key algorithm decryption manufacturer's digital signature, digital digest obtained product ID No. 2, If the same digital abstract digital abstract 1 and 2, the signature is valid. 制造商的密钥对(私有密钥和公开密钥)必须由指定的设备和安全系统产生。 Manufacturers must generate a key pair (private key and public key) specified by the equipment and safety systems. 制造商的私有密钥只能由制造商自己使用,必须保密。 Manufacturer of the private key can only be used by the manufacturers themselves, must remain confidential. 公开密钥可以由多个验证机构使用, 在分发公开密钥时,并不要求保密,但必须保持公开密钥的完整性。 The public key may be used by a plurality of authentication mechanisms, when distributing the public key does not require confidentiality, but must maintain the integrity of the public key. 即不能给攻击者任何替换密钥值的机会,因为这些密钥是一方所信赖的其它方的公开密钥,否则的话,下述形式的攻击就有可能会成功。 That can not give any chance to replace the key value of the attacker, because one of these keys are trusted by the public key of the other party, otherwise, the following forms of attack is likely to be successful. 假定验证系统A正在对由制造商B进行数字签名的产品进行验证,但这时,冒名顶替者伪造了信息并用自己的私人密钥签名,还用他的公开密钥代替了A系统所认为B的公开密钥,这样A系统(使用错误的公开密钥)对数字签名进行的检査当然认为是正确的。 A verification system is being assumed by the manufacturer of the product B digital signature is verified, but this time, the impostor falsified information and using their own private key signature, but also with his public key system instead of A think B the public key, so a system (using the wrong public key) to check the digital signature, of course, considered to be correct. 由此,冒名顶替者成功地伪装成了B,从而使得防伪系统失去了防伪的效果。 Thus, the successful impostor masquerading as B, so that the anti-counterfeiting security system loses effect. 认证是证明某人或者某对象身份的过程,是保证系统安全的重要措施。 Certification is proof of the identity of a person or an object, it is an important measure to ensure system security. 当服务器对外提供服务时,需要确认来访者的身份,以满足其需要,访问者有时也需要确认服务提供者的身份,以防上当受骗。 When the server to provide services, it is necessary to confirm the identity of visitors to meet their needs, visitors sometimes need to confirm the identity of the service provider, to prevent fraud. 3)防伪认证服务器地址索引区,该地址索引区保存防伪认证服务器的IP地址以及IP地址的索引,通过上述索引,可以指示保存产品检测信息文件的服务器地址。 3) security authentication server address area index, the area index address stored in the security authentication server IP address and the IP address indexed by the index, the storage server may indicate the address detection information item file. 所述地址索引可以包含O至N级。 The address index may comprise O to N level. O级索引指的是直接标识防伪服务器的IP地址,l级及l级以上的地址索引则包含一个检索的基址和若干级的偏移量,例如1级索引的商品防伪, 可以通过访问基址指向的服务器,再参照1级的偏移量得到实际的防伪服务器的IP地址,2级索引的商品防伪可以通过访问基址指向的服务器,而后参照l级的偏移量得到2级服务器的基址,再参照2级的偏移量得到实际的防伪服务器的IP地址,更多级别的索引以此类推。 O level direct identification index refers to the security server's IP address, and the above grade level l l contains the address index and the base address offset of several stages of a search, for example, commodity security level index is 1, can be accessed through base access point to the server, referring again to the offset stage 1 to get the actual IP address of the security server, the security level 2 index goods can be accessed through the base address points to the server, then the reference level offset to give l-level server 2 base address, referring again to obtain the offset level 2 is the actual IP address of the security server, the index and so more levels. 1级索引的防伪服务器地址查询如图3所示。 A security level index address query server 3 shown in FIG. 基址和索引的数值事先由防伪系统的实施者来确定,通过设置不同的基址,不同级别的偏移量和不同的偏移量的大小就可以使得地址索引指向不同地址的防伪认证服务器。 Base address and the index value is determined in advance by the implementer of the security system, by providing different base address, offset and different size of the offset can be different levels of security such that the index points to an address different from the address of the authentication server. 这样做的好处在于可以避免所有需要进行防伪验证的产品访问同一个防伪服务器而 The benefit of this is to avoid the need for all security verification of security products to access the same server

造成的数据堵塞,并且便于对需要防伪的产品进行分类管理。 Data caused by the blockage, the need for security and ease of product category management. 地址索引在写入电子标签后被锁定,以后只能进行读操作。 Address index, after writing the tag lock, can only be read after the operation. 4)产品历史区,记录物流跟踪信息的基本数据,在产品经过供应链中每一个预先设定的物流环节时'经过授权的读写器将在物流信息跟踪区写入操作的相关信息,如操作的时间,读写器的识别号(ID号)等。 4) the product history area, the recording track of basic data stream information, "an authorized reader writes information in the operation information of the tracking area when the stream of products through the supply chain each predetermined logistics chain, such as time identification number, an operation of the reader (ID number) or the like. 产品历史区的存储空间既可以进行读操作,也可以进行写操作。 Historic District of storage products can either be read, you can also write. 产品检测信息文件保存在防伪认证服务器的数据库中,产品检测信息可以由产品的编号进行索引,每一个产品都有一个对应的产品检测信息文件。 Product testing information file stored in the database server's security certification, product testing information can be indexed by a number of products, each product has a corresponding product testing information file. 每一个产品的检测信息文件至少应当包含三方面的信息,(l)产品的基本信息;(2)产品跟踪检测信息;(3)产品验证信息。 Each product detection information file should contain at least three messages, basic information (l) products; (2) product tracking detection information; (3) product verification information. 产品基本信息可以包括产品的生产日期,生产单位(更详细的,可以保存产品的生产者),产品外观(大小,颜色等),产品属性(材料,重量等),保质期,以及产品在物流过程中的特殊要求(如产品的保存温度,是否可以倒置等)。 Product Information may include the production date, production unit (more specifically, it is possible to save the producer), appearance (size, color, etc.), product attributes (material, weight, etc.), shelf life, and products in the logistics process the special requirements (such as the storage temperature of the product, whether in inversion). 产品跟踪检测信息主要标识产品所必须经过的物流环节,具体形式,最简单的,可以是读写器的ID号的排序。 The main product tracking detection information to identify the product stream must travel links, specific forms, the simplest, the ID number may be ordered reader. 根据产品的供应链设计,在真实产品必须经过的供应链的环节用授权的读写器进行验证操作,在产品检测信息中保存执行验证操作的读写器的编号和顺序,用来验证产品是否是通过正常渠道进行了运输和验证。 The design of the product supply chain, in a real product must be performed in the supply chain with the authorized reader verification operation, saving number and order of execution of the verification operation of the reader in the product detection information, to verify whether the product is transportation and verification is carried out through normal channels. 伪造的商品的一个共同特征是:假冒伪劣的产品混入了正常的供应链渠道,欺骗用户或消费者。 A common characteristic of counterfeit goods is: fake and shoddy products mixed with the normal supply chain channels, deceive users or consumers. 对供应链的验证和管理有利于防止伪造商品的进入,并有利于确定伪造商品进入的途径,对供应链运营商进行评估和监督。 Supply chain management and verification helps prevent counterfeit goods entering and contribute to identifying ways of counterfeit goods to enter, supply chain operators to evaluate and supervise. 产品验证信息记录产品被验证过的次数和时间,以及执行产品防伪验证的读写器ID 号码。 Product authentication information recording products have been verified and the number of times, and the ID number of the reader performs verification of security products. 这样有利于确定是否存在恶意的攻击行为。 This will help determine whether there is malicious attacks. 对于产品的防伪验证将分为两个部分, 一部分为数字签名的校验,另一部分为产品历史的追踪和比较。 For security verification product will be divided into two parts, one for the digital signature verification, the other part of the history of track and compare products. 数字签名的加解密采用1024位的RSA算法,签名的密钥对由指定的系统或者安全机构产生,数字加密的私有密钥由制造商保存,制造商在产品的电子标签上利用私有密钥产生数字签名,数字解密的生产商的公共密钥通过PKI系统的数字证书来发放。 Digital signature encryption and decryption using 1024-bit RSA algorithm, the signature key pair is generated by the system or security agencies designated, digitally encrypted private key is kept by the manufacturer, the manufacturer with a private key on the electronic label products produced digital signatures, digital public key to decrypt the manufacturer to issue a digital certificate PKI system. 使用公共密钥进行解密和签名可以通过授权的读写器或者通过可以信任的防伪认证机构来完成。 Using the public key to decrypt and signature can be done by an authorized reader or by the security certification body can trust. 进行防伪验证的授权读写器的拥有者要事先向可信的数字证书管理机构申领数字证书,证书中包含制造商的公共密钥。 Owner anti-counterfeiting verification of authorization reader to advance to a trusted digital certificate authority to apply for a digital certificate, the certificate contains a public key of the manufacturer. 公共密钥可以保存在与读写器相连的数据处理系统中,也可以保存在可以插入读写器指定接口的SIM卡中,此时读写器需要专门设计,可 Public keys can be stored in a data processing system connected to the reader, may be stored in the reader specified interface be inserted SIM card, in which case the reader requires special design,

以供防伪验证专用。 Dedicated for security verification. 通过第三方的防伪认证机构来进行防伪校验是指用户利用读写器读取电子标签的防伪信息后,通过通信网络向可信的第三方认证机构发出防伪校验的申请,由第三方的认证机构执行防伪验证的操作,并向用户返回验证的结果。 Refers to the security check using the security information of the user to read the electronic tag reader, issues a request to check the security of the trusted third party certification by a third party through a communications network security authentication mechanism, by a third party certification body to verify the implementation of anti-counterfeiting operations, and return the user to verify the result. 用户与第三方认证机构之间的联系方式可以包括短信,电话,电子邮件,可以通过建立专门用于防伪验证的通信协议或在用于防伪校验的读写器中设计专门的嵌入式软件来整合验证的各个步骤,简化验证过程,使得验证的过程细节对用户透明。 Contact between the user and the third party certification authority may include text messaging, phone, email, or can be designed specifically for embedded software in the reader for security verification through the establishment of a communication protocol specifically for security authentication integrate the various steps of the verification, the verification process simplified, so that the verification process transparent to the user details. 如果数字签名通过验证, 则认定产品的真实性,如果不一致,则发出警告信息。 If the digital signature is verified, the authenticity of the product recognized, if not, a warning message. 产品历史的追踪和比较的目的主要是控制产品的流通环节。 The purpose of tracing the history of the product and compare the main circulation control products. 其基本验证过程如下: 产品的制造商在产品生产完成后,登陆防伪验证服务器创建产品检测信息文件,登陆过程需要进行身份认证。 The basic verification process is as follows: manufacturer of the product after production is complete, the server creates the login security verification product testing information file, the login process requires authentication. 初次建立的产品检测信息包括产品的基本信息,产品跟踪检测信息。 The initial establishment of product testing information includes basic information, product tracking and detection information. 产品在经过供应链的各个环节(批发商,配送中心,第三方物流等)时,通过授权的读写器在电子标签的物流信息区写入物流跟踪信息,所述物流跟踪信息可以包括读写器的ID号码、写入时间、操作者信息等。 When the product through various supply chain (wholesalers, distribution center, third-party logistics, etc.), authorized by the reader is written in the stream area logistics information tag tracking information, tracking information may include the stream read 's ID number, write time, operator information. 防伪校验时,校验方将通过电子标签上的索引区的信息访问防伪验证服务器,将物流信息区的信息内容和防伪服务器上产品检测信息中预设的产品跟踪检测信息进行对比,比较内容包括授权读写器的ID号码以及写入的时间顺序,如果对比结果一致,则认定产品来源的合法性,如果不一致,则发出警告信息。 When the security check, the checksum method, the contents of the stream information and the information area detection information security servers product tracking detection information preset comparison, by comparing the contents of the authentication server information access security index area on the electronic tag authorization includes the ID number of the reader and the time sequence of writing, if the comparison result is consistent, it is to qualify the source of the product, if not, a warning message. 此外,产品验证信息将记录好产品进行肪伪验证的读写器的ID号码和验证的时间和次数,并可以根据验证方的要求提供其验证历史。 In addition, the product verification information and the recording time and the number of the ID number verified good fat products fake verification reader, and can provide its authentication history according to the requirements of the authenticator. 基于RFID的商品防伪系统工作流程如图4所示。 RFID-based workflow product security system shown in Figure 4. RFID电子标签在生产商处被附着在商品上,每个商品将被赋予唯一编码,商品的唯一编码以及生产商的数字签名将被写入标签的存储器,并完成锁定操作。 RFID tag at the manufacturer is attached on the goods, each item is assigned a unique code, the unique code of commodity manufacturers and digital signature to be written to the memory tag, and to complete the locking operation. 标签数字签名在标签初始化时实施,将标签ID码, 制造商代码及其它相关参数,用HASH算法进行处理,生成数字指纹码,并用非对称密钥的私有密钥进行数据加密,签名用私钥由指定的设备和安全系统产生,用于认证的根证书存放在可以信任的认证中心。 Digital signature when the tag label initialization embodiment, the tag ID code, a manufacturer code, and other relevant parameters, treated with a HASH algorithm to generate a digital fingerprint code, and data encryption with the private key of the asymmetric key, signed with the private key generated by the specified equipment and safety systems for authenticating the root certificate stored in the trusted certificate authorities. 用户可以使用手持式的读写器或者带RFID读写功能的手机读取电子标签,通过短信向可以信任的认证中心提出检验申请,认证中心通过解读数字签名,对物品身份进行数字认证,验证产品的真实性;厂商通过授权获得生产商的公共密钥,直接验证产品的真实性。 Users can use a hand-held reader or with RFID reader to read RFID-enabled mobile phones, made an application for examination, certification center via SMS by reading the digital signature to the trusted certification center for digital identity authentication items, verify that the product authenticity; manufacturers to obtain the public key authorized by the manufacturer directly to verify the authenticity of products. 此外,可以通过在标签上记录产品的流通历史, 并与防伪服务器上的产品检测信息进行比较,确定产品的流通过程是否符合规定,以补充验证产品来源的真实性。 In addition, it is possible, product testing and compared with information on the security server through the flow of history recorded on the product label, the product distribution process to determine whether compliance to complement verify the authenticity of the product origin. 上述基于RFID的商品防伪系统具有以下四个基本特征:1)通过产品编码对商品进行唯一标识。 Above has the following four basic characteristics of the product security system based on RFID: 1) to uniquely identify the product encoded by the product.

产品代码的内容至少包括生产商代码,产品类别代码和产品序列号,每一个商品将获得唯一的产品编码。 Content product code include at least the manufacturer code, product category code and product serial number, each item will get a unique product code. 在把电子标签贴到产品上之前,将上述代码写入电子标签的存储器,并进行锁定,使得没一个产品获得唯一的,不可修改的编码。 Before the electronic tag attached to the product, the above code written in a memory of the electronic tag, and locked so not only obtained a product can not be modified encoded. 2) 通过RFID技术进行产品自动识别。 2) products through RFID technology for automatic identification. 产品编码被存储在附着在产品上的电子标签的存储器中,电子标签可以通过与传感器的集成获取产品的环境信息,防伪识别过程中通过RFID读写器读取电子标签的信息, 并且可以通过RFID中间件过滤重复读取的电子标签,实现多目标识别,大大提高识别的效率。 Product code is stored in a memory attached to the product of the electronic tag, the electronic tag by the environmental information acquisition sensor integrated product, the electronic tag information read by the process of security identification RFID reader, RFID and can be middleware duplicate electronic tag read by filtration, multi-target recognition, greatly improve the recognition efficiency. 供应链中的各个厂商的RFID读写器在获得授权的情况下对电子标签进行读操作和灭活操作,读写器的授权信息保存在可信的信息服务系统中。 Authorization information supply chain various manufacturers of RFID reader and read operations kill operation, the reader is authorized in the case of electronic tag information stored in the trusted service system. 3) 采用数字签名保证数据安全性和不可抵赖性在电子标签上将保存制造商采用私钥签名的产品信息和产品唯一编号,数字签名将在制造商处写入电子标签,并进行锁定,使得其无法进行修改。 3) the use of digital signatures to ensure data security and non-repudiation signature using the private key product information and product unique number, digital signature will be written in the electronic tag manufacturer in the electronic tag will save manufacturers, and locked so it can not be modified. 进行防伪验证时,可以通过认证中心的公钥解密,并提取产品信息的HASH函数值,与标签内保存的HASH函数值进行比较,判断产品是否为该制造商生产。 When security verification, the public key can decrypt the authentication center, and extracts product information HASH function value, compared with the HASH value stored in the function label, that determine whether the product manufacturer. 4) 利用产品历史补充验证产品来源产品的原始信息和产品的环境要求等由生产商提供,信息服务系统在产品出厂时为每一个产品创建一个产品检测信息文件。 4) use of product history complement the original information and environmental requirements for products to verify the source of the product and other products provided by the manufacturer, information service system to create a product information file is detected in the factory for each product. 商品在整个物流过程中,经过授权的供应链厂商将利用RFID读写器在电子标签的产品历史区写入产品历史信息,包括读写器号和读写时间等。 Commodity throughout the logistics process, authorized supply chain vendors will use RFID reader product history information is written in the historic area of ​​electronic product labels, including reading and writing letters and reading and writing time. 可以事先在产品所经过的供应链中设定若干个监测点,将检测点的读写器编号列表将保存在认证中心的数据库中,防伪认证时,将比较物流信息跟踪区与认证中心的预设读写器编号及序列,如果物流信息跟踪区中包含经过授权的本产品必须经过的所有供应链厂商的读写器编号,同时符合生产商对产品运输和储存的要求,则认定为可信产品,否则发出防伪提示信息。 May be previously set in a number of monitoring points through which the product supply chain, the reader will be the detection point number list stored in the database in the authentication center when authentication security, the tracking area information stream comparing pre-authentication center reader set number and sequence, if the logistics information tracking area included in authorized product must go through all the supply chain vendors reader numbers, while in line with the manufacturer of the product transportation and storage requirements, identified as credible products, or issued security tips. 最后所应说明的是,以上实施例仅用以说明本发明的技术方案而非限制,尽管参照较佳实施例对本发明进行了详细说明,本领域的普通技术人员应当理解,可以对本发明的技术方案进行修改或者等同替换,而不脱离本发明技术方案的精神和范围,其均应涵盖在本发明的权利要求范围当中。 Finally, it should be noted that the above embodiments are intended to illustrate and not limit the present invention, although the present invention has been described in detail with reference to preferred embodiments, those of ordinary skill in the art should be understood that the techniques of the present invention program modifications or equivalent replacements without departing from the spirit and scope of the technical solutions of the present invention, which should be covered by the present invention as claimed in which the required range. 附注1、 RSA公钥密码系统是由Rivest、 Shamir和Adleman联合提出,RSA的基础是数论的欧拉定理,它的安全性依赖于大数的因数分解的困难性,被认为是到目前为止最有希望的一种公钥密码系统。 Notes 1, RSA public-key cryptosystem is jointly proposed by Rivest, Shamir and Adleman, RSA is the basis of Euler's theorem in number theory, and its security depends on the difficulty of factoring large numbers, is considered by far the most promising public-key cryptography. 见参考文献[l]、 [2]。 See Reference [l], [2]. 附注2、安全散列算法(SHA-1)是美国标准技术所NIST和美国国家安全局NSA — Note 2, Secure Hash Algorithm (SHA-1) is the US standard techniques NIST and the National Security Agency NSA -

起设计的一种散列函数(Hash),它设计是为了与数字签名标准DSS配套使用的,是目前所分析的Hash函数中最抗穷举攻击(包括生日攻击)的Hash函数。 From the design of a hashing function (Hash), which is designed for Digital Signature Standard DSS and supporting the use of Hash function is currently being analyzed in the most anti-brute-force attack (including the birthday attack) Hash function. 见参考文献[3]、 [4]、 [5]。 See reference [3], [4], [5]. 参考文献:[1] R丄.Rivest, A. Shamir, and LM Adleman, "A method for obtaining digital signatures and public-key cryptosystem."Communication of the ACM.1978.21: pp.120-126.[2] R丄.Rivest, A. Shamir, and LM Adleman, "On Digital Signatures and Public-Key Cryptsystems," MIT Laboratory for Computer Science, Technical Report, MIT/LCS/TR-212.Jan 1979.[3〗Federal Information Processing Standards (FIPS). Secure Hash Standard(SHA-l). Technical Report 180-1, National Institute of Standards and Technology (NIST), April 1995. supersedes FIPS PUT 180, 1993.[4] Alma Technologies. SHA-1 Cores, http:〃www.alma-tech.com[5] CAST Inc. AES and SHA-1 Crypto processor Cores, http:〃www.cast-inc.com References: [1] R Shang .Rivest, A. Shamir, and LM Adleman, ". A method for obtaining digital signatures and public-key cryptosystem" Communication of the ACM.1978.21:. Pp.120-126 [2] R Shang .Rivest, A. Shamir, and LM Adleman, "On Digital Signatures and Public-Key Cryptsystems," MIT Laboratory for Computer Science, Technical Report, MIT / LCS / TR-212.Jan 1979. [3〗 Federal Information Processing Standards (FIPS). Secure Hash Standard (SHA-l). Technical Report 180-1, National Institute of Standards and Technology (NIST), April 1995. supersedes FIPS PUT 180, 1993. [4] Alma Technologies. SHA-1 Cores, http: 〃www.alma-tech.com [5] CAST Inc. AES and SHA-1 Crypto processor Cores, http: 〃www.cast-inc.com

Claims (9)

1、一种基于射频识别技术的防伪验证方法,其特征在于,射频识别电子标签的存储器至少被划分为:基本信息区、数字签名区和产品历史区;基本信息区,存储产品代码,即唯一编码,包括制造商代码和可区别单个物品的序列号;数字签名区,存储制造商对产品基本信息的数字签名;产品历史区,记录物流跟踪信息的基本数据,在产品经过供应链中每一个预先设定的物流环节时,经过授权的读写器将在物流信息跟踪区写入操作的时间、读写器的识别号信息; 验证流程至少包括: 步骤一,标签初始化,基本信息唯一编码写入,生成数字签名,建立商品的历史文件; 步骤二,在经过每一个预先设定的物流环节时,经过授权的读写器将在物流信息跟踪区写入操作的相关信息; 步骤三,读写器读取电子标签,向可以信任的认证中心提出检验申请,认证 1, a security verification method based on radio frequency identification technology, wherein the radio frequency identification tag of the memory is divided into at least: basic information area, the digital signature region and product history region; basic information area, storing the product code, i.e., the only encoding, including a manufacturer code and a serial number can be distinguished individual articles; digital signature area, storing manufacturer of the digital basic information product signature; product history area, a recording stream trace basic data information, products through the supply chain each preset logistics chain, the authorized reader writes time information identification number, the reader is operating in the tracking area information stream; verification process comprising at least: a step, label initialization, write basic information of the unique code the digital signature is generated, the established history file of goods; two step, when the stream through each segment set in advance, the reader is authorized to write the relevant information in the stream information tracking operation area; step III read writer to read electronic tags, made an application for examination can be trusted Certificate Authority, certification 心通过解读数字签名,对物品身份进行数字认证,若数字签名相符则进行步骤四,若不相符则产生伪造产品报警; 步骤四,查询产品历史区的信息,然后判断该物流跟踪信息与预先设定的物流跟踪信息是否相符,相符则通过,不相符则产生伪造产品报警。 Heart of items identity by reading the digital signature digital certificates, four, if not consistent if the digital signature matches the step is generated counterfeit product warning; Step Four information, check product's historic district, and then determine the logistics tracking information and preset given the logistics tracking information are consistent, in line through, then produce counterfeit products do not match the alarm.
2、 根据权利要求l所述的防伪验证方法,其特征在于,所述的数字签名通过数字指纹技术和"公共密钥技术"的组合来实现,在制造商处,首先用HASH函数SHA-1生成产品编码的数字摘要,然后采用RSA算法用制造商的私有密钥对数字摘要进行加密,生成数字签名;公共密钥技术使用一个公共密钥与一个私有密钥,其中公共密钥公开而私有密钥保密,私有密钥用于加密和签名,而公共密钥用于解密;制造商的私有密钥只能由制造商自己使用,公开密钥可以由多个验证机构使用。 2. The security verification method according to claim l, wherein said digital signature by a combination of fingerprinting and "public key technology", at the manufacturer, first with HASH function SHA-1 generating a digital product encoded in the summary, and then using the RSA algorithm to encrypt the digital digest, a digital signature generated with a private key of the manufacturer; technique using a public key of a public key and a private key, wherein a public key and a private disclosed secret key, the private key is used for encryption and signing, while the public key is used to decrypt; manufacturer's private key can only be used by the manufacturers themselves, the public key can be used by more than one authentication mechanism.
3、 根据权利要求1所述的防伪验证方法,其特征在于,所述的解读数字签名,对物品身份进行数字认证,至少包括:在进行防伪验证时,验证方使用HASH函数SHA-1生成产品唯一编码的数字摘嬰i, 同时利用RSA算法以制造商的公开密钥对数字签名进行解密操作,获得产品唯-编码的数字摘要2,如果数字摘要1与数字摘要2相同,则签名有效。 3. The security verification method according to claim 1, wherein said digital signature interpretation of digital identity authentication articles, at least comprising: a security during authentication, the authenticator using HASH function SHA-1 generates a Product unique coded digital pick infant i, while using the RSA public key algorithm decryption manufacturer's digital signature, obtaining the only product - coded digital abstract 2, the same as if the digital digest digital abstract 2, the signature is valid.
4、 根据权利要求1或2所述的防伪验证方法,其特征在于,所述的数字签名在写入电子标签的存储器后被锁定,以后只能进行读操作。 4. The security verification method according to claim 1, characterized in that, after the digital signature written in the memory of the electronic tag lock, only after the read operation.
5、 根据权利要求2所述的防伪验证方法,其特征在于,所述公共密钥和私有密钥必须由指定的设备和安全系统产生。 5. The security verification method according to claim 2, characterized in that said public and private keys must be generated by the specified device and security systems.
6、 根据权利要求l所述的防伪验证方法,其特征在于,产品历史区的存储空间既可以进行读操作,也可以进行写操作。 6. The security verification method according to claim l, wherein the product history storage area may be either a read operation, a write operation may be performed.
7、 根据权利要求l所述的防伪验证方法,其特征在于,所述射频识别电子标签的存储器还包括防伪认证服务器地址索引区,该地址索引区保存防伪认证服务器的IP地址以及IP地址的索引,通过上述索引,可以指示保存产品检测信息文件的防伪认证服务器地址,O级地址索引指的是直接标识防伪认证服务器的IP地址,l级及l级以上的地址索引则包含一个检索的基址和若干级的偏移量。 7. The security verification method according to claim l, wherein the radio frequency identification tag further comprises a memory address index area security authentication server, the index area holding the index address is the IP address of the security authentication server and the IP address by the above-described index may indicate stored security authentication server address product detection information file, O-level location index is the IP address directly identifies the security authentication server, at least at level l and l-level address index contains the base address of a search and a plurality of offset levels.
8、 一种基于射频识别技术的防伪系统,其特征在于该防伪系统至少包括电子标签、 读写器和防伪信息服务系统;电子标签的存储器包含基本信息区、数字签名区、防伪认证服务器地址索引区和产品历史区;防伪信息服务系统包含产品检测信息文件和认证信息,记录的内容包括由生产商录入的产品属性、标签的编码、标签的读取时间以及执行读操作的读写器编号、产品的环境信息,防伪信息服务系统生产商或者第三方机构来负责维护;防伪信息服务系统中设置N级防伪认证服务器,在电子标签的存储器中存储防伪认证服务器的IP地址以及IP地址的索引;O级地址索引指的是直接标识防伪认证服务器的IP地址,1级及1级以上的地址索引则包含一个检索的基址和若干级的偏移量, N级索引的商品防伪,可以通过访问基址指向的服务器,再参照N级的偏移量得到 8. A security system based on radio frequency identification technology, which is characterized in that the security system comprises at least an electronic tag, reader and security information service system; memory of the electronic tag contains basic information area, the digital signature area, security authentication server address index product area and the history area; security information service system includes authentication information file and detecting the product information, including recording the ID reader reads the time entered by the manufacturer, product attributes, encoded label, and performing a tag read operation, environmental product information, security information service system manufacturer or a third-party agency to be responsible for maintenance; security service information system set up N-level security authentication server, the index IP address storage security authentication server and the IP address in the memory of the electronic tag; O level index address is the IP address of the authentication server security direct identification, level 1 and level above contains an address index and the base address offset of several stages of a search, N goods security level index can be accessed by base address points to the server, referring again to give N-level offset 实际的防伪认证服务器的IP地址,通过上述索引,可以指示保存产品检测信息文件的防伪认证服务器地址。 IP address of the actual security authentication server, through the index, you can instruct save security product testing authentication server address information file.
9、 根据权利要求8所述的基于射频识别技术的防伪系统,其特征在于:所述IP地址以及IP地址索引的数值事先由防伪系统的实施者来确定,地址索引在写入电子标签后被锁定,以后只能进行读操作。 9. The security system of claim 8 based on radio frequency identification technology claim, wherein: said IP address and an IP address index value is determined in advance by the implementer of the security system, the electronic tag is written in the address after the index locked, only read later.
CN 200510027605 2005-07-07 2005-07-07 Method for anti false verification based on identification technique in radio frequency, and anti false system CN100375111C (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN 200510027605 CN100375111C (en) 2005-07-07 2005-07-07 Method for anti false verification based on identification technique in radio frequency, and anti false system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN 200510027605 CN100375111C (en) 2005-07-07 2005-07-07 Method for anti false verification based on identification technique in radio frequency, and anti false system

Publications (2)

Publication Number Publication Date
CN1728162A CN1728162A (en) 2006-02-01
CN100375111C true CN100375111C (en) 2008-03-12

Family

ID=35927422

Family Applications (1)

Application Number Title Priority Date Filing Date
CN 200510027605 CN100375111C (en) 2005-07-07 2005-07-07 Method for anti false verification based on identification technique in radio frequency, and anti false system

Country Status (1)

Country Link
CN (1) CN100375111C (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101609138B (en) 2008-06-16 2011-12-07 苏州工业园区优频科技有限公司 Cargo tracking and monitoring system
CN102314662A (en) * 2011-09-23 2012-01-11 东华大学 Authorized distributor monitoring method based on mobile RFID
CN103971245A (en) * 2014-01-30 2014-08-06 四川谦泰仁投资管理有限公司 Combined encryption system for commodity electronic forgery proofing
CN104346731A (en) * 2013-08-06 2015-02-11 全联斯泰克科技有限公司 Method and device for generating and verifying anti-counterfeit electronic tag based on CPK (Combined Public Key)

Families Citing this family (52)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP4826274B2 (en) 2006-02-15 2011-11-30 富士ゼロックス株式会社 Document processing device
US20080143476A1 (en) * 2006-12-14 2008-06-19 The Hong Kong Polytechnic University Physimetric authentication of physical object by digital identification (DID)
CN101236611B (en) * 2007-02-02 2012-07-18 成都西谷曙光数字技术有限公司 Intelligent electronic label system
CN101277185B (en) 2007-03-28 2011-04-27 联想(北京)有限公司 Authentication method, system based on wireless identification as well as wireless identification, server
CN101075340B (en) 2007-03-28 2011-08-24 深圳先进技术研究院 Method and system for quarantining wooden packet
CN101247230B (en) 2008-02-28 2010-07-28 唐跃文 Anti-counterfeiting method based on non-contact IC card
JP2011518369A (en) 2008-03-27 2011-06-23 ジーイー・ヘルスケア・バイオサイエンス・バイオプロセス・コーポレイション How to prevent unauthorized use of disposable bioprocess parts
CN101369306B (en) 2008-08-29 2011-02-02 广东南方信息安全产业基地有限公司 Electronic label security system
WO2010066480A1 (en) 2008-12-10 2010-06-17 Siemens Aktiengesellschaft Method and system for supplying target information
CN101847199B (en) * 2009-03-24 2012-06-06 复旦大学 Security authentication method for radio frequency recognition system
CN101515334A (en) * 2009-04-07 2009-08-26 华中科技大学 Electronic tag data filtering method used for radio frequency identification middleware
CN101938740B (en) * 2009-07-02 2016-12-07 中兴通讯股份有限公司 A kind of tsunami warning system information issuing method and system
CN101765224A (en) * 2010-01-18 2010-06-30 彭保 Mutually unique mark implementation method for terminal of Internet of Things
CN102063633A (en) * 2010-03-26 2011-05-18 广州信睿网络科技有限公司 Anti-counterfeiting method based on radio frequency identification technology
CN102055587B (en) * 2010-04-01 2013-11-20 广州信睿网络科技有限公司 Digital signature method capable of being implemented on flow line
CN101872460A (en) * 2010-05-27 2010-10-27 上海华彩科技有限公司 Treatment method of RFID online anti-counterfeiting system based on dynamic anti-counterfeiting mark
CN101882197B (en) * 2010-05-31 2012-07-04 北京航空航天大学 RFID (Radio Frequency Identification Device) inquiring-response safety certificate method based on grading key
CN101945123A (en) * 2010-08-24 2011-01-12 刘彤 RFID mobile phone and combination key technology-based authenticity identification method
CN101980271A (en) * 2010-10-15 2011-02-23 银川市高新电子应用技术研究所 Radio frequency identification technology-based commodity anti-counterfeiting system and method, and anti-counterfeiting electronic device
CN102122340A (en) * 2010-11-16 2011-07-13 北京中电华大电子设计有限责任公司 Method for preventing radio from being exposed in radio frequency identification system
CN102542427A (en) * 2010-12-31 2012-07-04 贵州中烟工业有限责任公司 Cigarette after-sale tracking system with RFID (Radio Frequency Identification Device) and tracking method
CN102542510A (en) * 2010-12-31 2012-07-04 贵州中烟工业有限责任公司 Cigarette production process monitoring system with RFID (Radio Frequency Identification Device) and monitoring method
CN102227108B (en) * 2011-06-20 2014-04-02 复旦大学 Electronic pedigree single point generation method with credible processes and verification method thereof
CN102222284A (en) * 2011-06-28 2011-10-19 河海大学 Article anti-counterfeiting system and anti-counterfeiting authentication control method based on radio frequency identification technology
CN102509147A (en) * 2011-10-18 2012-06-20 哈尔滨大东方卷烟材料科技开发有限责任公司 No-chip electronic anti-counterfeit label based on radio frequency identification technology and manufacturing method of no-chip electronic anti-counterfeit label
CN102496114A (en) * 2011-11-22 2012-06-13 成都天钥科技有限公司 Method and system for product counterfeiting prevention and method and device for identity information generation
CN102542310A (en) * 2011-12-30 2012-07-04 威海逸云数字传媒有限公司 Painting and calligraphy source-tracing instrumented method adopting electronic picture seal
CN102779284B (en) * 2012-01-30 2015-05-20 张楠 RFID (radio frequency identification device) label integrating comprehensive functions such as merchandise anti-counterfeiting, logistics control and the like
CN102790676B (en) * 2012-03-20 2016-01-13 黄志军 A kind of with the identification of NFC functional mobile phone remote identity or false proof method
CN102622624B (en) * 2012-03-21 2016-02-03 重庆科技学院 A kind of commodity counterfeit prevention identification system and method
CN102663596A (en) * 2012-04-05 2012-09-12 焦林 Network sale system tracking commodity in whole process and sale method thereof
CN102708469A (en) * 2012-05-25 2012-10-03 宁波志清实业有限公司 Supervising and tracking system and method of gas valve during manufacturing and use
TWI474262B (en) * 2012-06-11 2015-02-21
EP2677473A1 (en) * 2012-06-21 2013-12-25 Nxp B.V. Production method, rfid transponder, authentication method, reader device and computer program product
CN102902995B (en) * 2012-09-28 2015-09-16 齐鲁工业大学 A kind of intelligent terminal control system
CN103985043A (en) * 2013-02-08 2014-08-13 江苏东仁网络科技有限公司 Electronic encryption label, false proof label system, and article false proof system and method
CN103413227B (en) * 2013-08-02 2016-12-28 四川航天系统工程研究所 Product anti-counterfeiting tracing system and the false proof implementation method reviewing examination thereof
CN104375846B (en) * 2013-08-14 2017-07-28 深圳正峰印刷有限公司 The production method and its generation device of ePrint Archive
CN103456323B (en) * 2013-08-15 2016-12-28 广东南方信息安全产业基地有限公司 A kind of CD burning and the method licensed
CN104809618B (en) * 2014-01-27 2018-02-13 上海高研明鉴信息技术有限公司 Antifake method for products based on electronic tag
CN103824202A (en) * 2014-03-21 2014-05-28 成都市易恒信科技有限公司 CPK (Combined Public Key) identification authentication technology based RFID (Radio Frequency Identification Device) and two-dimensional code composite truth-identification and anti-fake source-tracing method
CN104951837A (en) * 2014-03-31 2015-09-30 中国电信股份有限公司 Order generation method through short-distance wireless communication tag and system thereof
WO2015172352A1 (en) * 2014-05-15 2015-11-19 Seagate Technology Llc Storage device tampering detection
DE102015000895B3 (en) * 2015-01-23 2016-07-07 Giesecke & Devrient Gmbh Distributed editing of centrally encrypted data
CN104766107A (en) * 2015-03-06 2015-07-08 中国十七冶集团有限公司 System utilizing RFID electronic product code to collect data in BIM
CN104881791B (en) * 2015-06-02 2018-07-06 河北省科学院应用数学研究所 The efficient tracking source tracing method for having secret protection characteristic based on RFID
CN105187404B (en) * 2015-08-14 2019-01-25 罗周 A kind of document security querying method and device based on Cloud Server
CN105160374A (en) * 2015-10-14 2015-12-16 哈尔滨宇龙自动化有限公司 Network management system, RFID (Radio Frequency Identification) industrial recognizer and management method
CN105404907B (en) * 2015-10-27 2018-08-21 上海象形通讯科技股份有限公司 RFID electronic license plates generate system, method and Vehicle License Plate Recognition System, method
CN105844481A (en) * 2016-03-24 2016-08-10 胡金钱 System and method for performing digital signature and anticounterfeiting verification on contract
CN106599952A (en) * 2016-12-16 2017-04-26 广东优替信息科技股份有限公司 Method and device for acquiring article information based on electronic tag
CN107730276A (en) * 2017-09-30 2018-02-23 浙江鑫泊新能源科技有限公司 It is a kind of that retrospect is carried out to logistics with encrypted radio-frequency identification technology and packs fidelity method

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101609138B (en) 2008-06-16 2011-12-07 苏州工业园区优频科技有限公司 Cargo tracking and monitoring system
CN102314662A (en) * 2011-09-23 2012-01-11 东华大学 Authorized distributor monitoring method based on mobile RFID
CN102314662B (en) * 2011-09-23 2014-04-23 东华大学 Authorized distributor monitoring method based on mobile RFID
CN104346731A (en) * 2013-08-06 2015-02-11 全联斯泰克科技有限公司 Method and device for generating and verifying anti-counterfeit electronic tag based on CPK (Combined Public Key)
CN103971245A (en) * 2014-01-30 2014-08-06 四川谦泰仁投资管理有限公司 Combined encryption system for commodity electronic forgery proofing
CN103971245B (en) * 2014-01-30 2017-06-27 四川谦泰仁投资管理有限公司 A kind of combined ciphering system false proof for electronic article

Also Published As

Publication number Publication date
CN1728162A (en) 2006-02-01

Similar Documents

Publication Publication Date Title
US7992772B2 (en) Method and system for deterring product counterfeiting, diversion and piracy on a single system
US7273181B2 (en) Device and method for authenticating and securing transactions using RF communication
US8917159B2 (en) Fully secure item-level tagging
AU601935B2 (en) Public key/signature cryptosystem with enhanced digital signature certification
US9858569B2 (en) Systems and methods in support of authentication of an item
US8898086B2 (en) Systems and methods for transmitting financial account information
JP5190036B2 (en) System and method for electronic transmission, storage and retrieval of authenticated documents
JP2018516030A (en) ID management service using blockchain
EP1710764A1 (en) Authentication of products using identification tags
US6028938A (en) Secure electronic forms permitting layout revision
CN100369042C (en) Anti-counterfeit method and apparatus based on CPK electronic label
US7283630B1 (en) Verification of authenticity of goods by use of random numbers
CN100399737C (en) Method of data protection
US20050132194A1 (en) Protection of identification documents using open cryptography
US20080272882A1 (en) Verifying the ownership of an owner's authority in terms of product and service
DE60211841T2 (en) Device for updating and revoking the validity of a trade mark in a public-key infrastructure
Lehtonen et al. From identification to authentication–a review of RFID product authentication techniques
EP1645992A1 (en) Methods and systems for marking, tracking and authentication of products
DE10328328B4 (en) Product protection portal and method for checking the authenticity of products
CN101416246B (en) Method and systems for detecting counterfeited or stolen brand objects
EP2100263B1 (en) Controlling data access to and from an rfid device
US20080011841A1 (en) System and Method of Detecting Product Code Duplication and Product Diversion
JP2009508430A (en) Device, system and method for determining authenticity of items
WO2001099063A1 (en) Remote authentication system
US20050234823A1 (en) Systems and methods to prevent products from counterfeiting and surplus production also of tracking their way of distribution.

Legal Events

Date Code Title Description
C06 Publication
C10 Entry into substantive examination
C14 Grant of patent or utility model
CF01