CN101308546B - Radio frequency label data protection method of safe storage structure having multi-stage protection - Google Patents
Radio frequency label data protection method of safe storage structure having multi-stage protection Download PDFInfo
- Publication number
- CN101308546B CN101308546B CN2008100376743A CN200810037674A CN101308546B CN 101308546 B CN101308546 B CN 101308546B CN 2008100376743 A CN2008100376743 A CN 2008100376743A CN 200810037674 A CN200810037674 A CN 200810037674A CN 101308546 B CN101308546 B CN 101308546B
- Authority
- CN
- China
- Prior art keywords
- key
- tag
- district
- data
- radio
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Landscapes
- Lock And Its Accessories (AREA)
- Storage Device Security (AREA)
Abstract
Disclosed are a radio-frequency tag and a method for a safety storage structure with multi-level protection; the data storage structure of the radio-frequency tag comprises a key area, an authority control area and a storage block; the storage block is divided into a public data area and a private data area; the radio-frequency tag has an exclusive serial number and generates an exclusive root key, so that one tag has one key; the data in the tag is processed with signature authentication to realize multi-level protection of the data. The tag and the method described by the invention have the advantages that the serial number is exclusive and the generated root key is also exclusive, so that one tag has one key to greatly increase the difficulty in breaking through the tag and improve the security performance of the tags; for different applications, only the root key needs to be replaced to achieve compatibility so as to greatly simplify the key management difficulty, without losing the security performance of the tags.
Description
Technical field
The present invention relates to a kind of storage organization of radio-frequency (RF) tag, particularly a kind of is the band transmission encryption of transmission medium and the radio-frequency (RF) tag and the method thereof of the safe storage structure with multi-stage protection that access rights are controlled with the radio communication.
Background technology
The high-frequency electronic label is present most popular radio-frequency (RF) tag product; traditional radio-frequency (RF) tag is just simply encrypted the data in the communication process; and not data encryption or the protection to being stored in label inside; it is complicated and careful more that the safety management of the access key that this makes becomes; in case the losing of access key on certain link can be caused huge harm to total system.
Summary of the invention
Technical matters of the present invention is will provide a kind of the radio-frequency (RF) tag internal data is carried out signature authentication, has the radio-frequency (RF) tag and the method thereof of the safe storage structure of multi-stage protection effect.
In order to solve above technical matters; the invention provides a kind of radio-frequency (RF) tag and method thereof with safe storage structure of multi-stage protection; the data store organisation of this radio-frequency (RF) tag comprises key district, control of authority district and storage block; storage block is divided into public data district, private data district; the series number of this radio-frequency (RF) tag is unique, and the root key of dispersing out also is unique, realizes key of a label; data to label inside are carried out signature authentication, realize the multi-stage protection of data.
Described key district comprises Key0, Key1, Key2 and Key3, wherein:
Key1 is the read-only authority control to the public data district;
Key2 is the read right control to the private data district;
Key3 is the write permission control to the private data district;
Key0 is the modification control of authority to the private data district.
A kind of radio-frequency (RF) tag with safe storage structure of multi-stage protection, its job step is as follows:
1) searches radio-frequency (RF) tag;
2) use key K ey1, by the mifare1 algorithm, the access limit of authenticating tag?, do not change the 8th) step;
3) be to read user's public information and signing messages;
Does 4) the verify data signature pass through by self-defining signature algorithm?, do not change the 8th) step;
5) be to disperse key K ey2 or the Key3 that obtains control private data district with root key with label information and user's public information;
6) the key K ey2 or the Key3 in use private data district, by the mifare1 algorithm, the operating right in the private data district of authenticating tag?, do not change the 8th) step;
7) according to the data in application operating private data district;
8) finish.
Wherein, the flow process of mifare1 electronic tag identifying algorithm is:
1) card reader comprises electronic tag ID number by seeking the information of card command electron gain label;
2) card command is selected in transmission, makes operation subsequently all be appointed as this electronic tag;
3), make electronic tag return 4 byte random numbers by getting the random number order;
4) card reader goes out the cipher-text information (also being 4 bytes) of this 4 byte random number by the mifare1 algorithm computation, and one 4 byte random number of own simultaneously generation is issued electronic tag with this 8 byte ciphertext then, and label will be compared cipher-text information and authenticate this card reader;
5) label continues 4 byte random numbers that card reader is sent, by the cipher-text information of mifare1 algorithm computation 4 bytes, returns to card reader, allows the legitimacy of card reader authentication electronic tag.
More than finished the mutual authentication between electronic tag and the card reader, in follow-up operation to electronic tag, all data all can be carried out data encryption by the mifare1 algorithm.
Wherein, self-defined signature algorithm is a kind of in the multiple asymmetric arithmetic, and as ISA algorithm, SCB2 signature algorithm, oval algorithm, the selection of this algorithm is selected by system operator oneself.
Superior effect of the present invention is:
1) series number of radio-frequency (RF) tag of the present invention is unique, and therefore the root key of dispersing out also is unique, has really accomplished key of a label, has increased the difficulty that label is broken greatly, has improved the security performance of label;
2) for different application, only needing to change root key just can be to its compatibility, greatly the difficulty of streamlining management key and do not sacrifice the security performance of label.
Description of drawings
Fig. 1 is a data store organisation of the present invention;
Fig. 2 is a workflow diagram of the present invention;
The number in the figure explanation
1-key district; 2-control of authority district;
The 3-storage block.
Embodiment
See also shown in the accompanying drawing, the invention will be further described.
The invention provides a kind of radio-frequency (RF) tag and method thereof with safe storage structure of multi-stage protection; the data store organisation of this radio-frequency (RF) tag comprises key district 1, control of authority district 2 and storage block 3; storage block 3 is divided into public data district, private data district; the series number of this radio-frequency (RF) tag is unique; the root key of dispersing out also is unique; realize key of a label, the data of label inside are carried out signature authentication, realize the multi-stage protection of data.
The storage organization of radio-frequency (RF) tag as shown in Figure 1, the eeprom memory of this label constitutes by 32, and every comprises 16Bytes (128bit).Memory address is key district 1 from 0x00h-0x03h, deposits key0-key3 respectively, and authentication key can obtain certain operating right; The address is control of authority district 2 from 0x04h-0x06h, deposits A0-A23 respectively, i.e. 24 of address 0x08-0x1f correspondence storage block control authorities; Address 0x07 is manufacturer's piece, and it comprises IC manufacturer information and sequence number; Address 0x08-0x1f is a storage block of depositing user data.
Described key district comprises Key0, Key1, Key2 and Key3, wherein:
Key1 is the read-only authority control to the public data district;
Key2 is the read right control to the private data district;
Key3 is the write permission control to the private data district;
Key0 is the modification control of authority to the private data district.
Storage of subscriber data piece 3 is divided into public data district and private data district two parts; the public data district is divided into the digital signature district of user's public information district and production manufacturer again; user's public information district is used to deposit user's relevant information; the digital signature district of production manufacturer is used to deposit the digital signature of manufacturer to user's public information and label information; digital signature is the guarantee of label information and user profile integrality; it also is the important documents of production manufacturer non-repudiation; therefore in case just write and to change; but can authenticate for any focal pointe; therefore require data unconditionally to read; so the public data district has read only attribute; because the read-write properties of this label must have relevant key to protect, so come the public data district is carried out a read protection with key1.Key1 itself also is a public information, by obtaining the read right in public data district after the authentication.
The private data district is used to deposit user's private data, as application data etc.Therefore private data has two kinds of operations of read and write, carries out control of authority with key2-key3, and key2 and key3 are secret information, can make amendment after having the key0 authority.
As shown in Figure 2, the invention provides a kind of radio-frequency (RF) tag with safe storage structure of multi-stage protection, its job step is as follows:
1) searches radio-frequency (RF) tag;
2) use key K ey1, by the mifare1 algorithm, the access limit of authenticating tag?, do not change the 8th) step;
3) be to read user's public information and signing messages;
Does 4) the verify data signature pass through by self-defining signature algorithm?, do not change the 8th) step;
5) be to disperse key K ey2 or the Key3 that obtains control private data district with root key with label information and user's public information;
6) the key K ey2 or the Key3 in use private data district, by the mifare1 algorithm, the operating right in the private data district of authenticating tag?, do not change the 8th) step;
7) according to the data in application operating private data district;
8) finish.
In the meal sale system of dining room, in the hair fastener process, directly write in the electronic tag by the private data district access key key of SCB2 digital signature with this label, and the key of each card all is that key management system generates automatically, accomplish that really a card one is close, all mess card access keys all are different.
Use public-key cryptography key1 to authenticate the read-only authority of this electronic tag by the mifare1 algorithm before each consumption earlier, read the signing messages in the electronic tag, whether authenticate this electronic tag according to the signature algorithm of SCB2 then legal, the key key that obtains control private data district is dispersed with label information and user's public information in legal back with root key, and then authenticate the write permission in the private data district of this electronic tag again by the mifare1 algorithm with this key, then the depreciation operation is done in the private data district in the electronic tag, finished the one-time-consumption operation of withholing.
Wherein, signature algorithm can be done various changes according to the needs of using, and is not limited to SCB2 algorithm.
Claims (1)
1. radio-frequency (RF) tag data multilevel guard method with safe storage structure of multi-stage protection, the data store organisation of this radio-frequency (RF) tag comprises key district, control of authority district and storage block, storage block is divided into public data district, private data district, the series number of this radio-frequency (RF) tag is unique, the root key of dispersing out also is unique, realize key of a label, the data of label inside are carried out signature authentication, realize the multi-stage protection of data; Described key district comprises Key0, Key1, Key2 and Key3, wherein:
Key1 is the read-only authority control to the public data district;
Key2 is the read right control to the private data district;
Key3 is the write permission control to the private data district;
Key0 is the modification control of authority to the private data district
This guard method step is as follows:
1) searches radio-frequency (RF) tag;
2) use key K ey1, by the mifare1 algorithm, the access limit of authenticating tag?, do not change the 8th) step;
3) be to read user's public information and signing messages;
Does 4) the verify data signature pass through by self-defining signature algorithm?, do not change the 8th) step;
5) be to disperse key K ey2 or the Key3 that obtains control private data district with root key with label information and user's public information;
6) the key K ey2 or the Key3 in use private data district, by the mifare1 algorithm, the operating right in the private data district of authenticating tag?, do not change the 8th) step;
7) according to the data in application operating private data district;
8) finish.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2008100376743A CN101308546B (en) | 2008-05-20 | 2008-05-20 | Radio frequency label data protection method of safe storage structure having multi-stage protection |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2008100376743A CN101308546B (en) | 2008-05-20 | 2008-05-20 | Radio frequency label data protection method of safe storage structure having multi-stage protection |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101308546A CN101308546A (en) | 2008-11-19 |
| CN101308546B true CN101308546B (en) | 2011-04-20 |
Family
ID=40124991
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2008100376743A Active CN101308546B (en) | 2008-05-20 | 2008-05-20 | Radio frequency label data protection method of safe storage structure having multi-stage protection |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101308546B (en) |
Families Citing this family (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102402672A (en) * | 2010-09-14 | 2012-04-04 | 公安部第三研究所 | RFID (radio frequency identification) ultra-high-frequency safe air interface protocol applied to vehicle environments |
| CN102291241B (en) * | 2011-09-15 | 2014-01-22 | 重庆市城投金卡信息产业股份有限公司 | Encryption and decryption method and device for multi-data security module |
| CN104615955B (en) * | 2014-12-19 | 2018-04-27 | 中国印钞造币总公司 | A kind of data prevention method and device for transporting paper money bag electronic sealing |
| CN106096475B (en) * | 2016-06-03 | 2018-11-16 | 日立楼宇技术(广州)有限公司 | Card reading treating method and apparatus |
| CN106384066A (en) * | 2016-08-26 | 2017-02-08 | 易联(北京)物联网科技有限公司 | NFC tag locking method |
| WO2018046008A1 (en) * | 2016-09-12 | 2018-03-15 | 上海鼎利信息科技有限公司 | Storage design method of blockchain encrypted radio frequency chip |
| CN107070660B (en) * | 2017-03-03 | 2020-03-17 | 上海唯链信息科技有限公司 | Storage design method of block chain encryption radio frequency chip |
| CN107945843B (en) * | 2017-12-20 | 2023-10-03 | 广州市宝比万像科技有限公司 | User information management method, device, system, storage medium and computer equipment |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101027699A (en) * | 2004-08-13 | 2007-08-29 | 意大利电信股份公司 | Method and system for safety managing data stored on electronic label |
| JP2007293481A (en) * | 2006-04-24 | 2007-11-08 | Matsushita Electric Ind Co Ltd | Wireless tag system, wireless tag, and reader/writer |
| CN101159032A (en) * | 2007-10-16 | 2008-04-09 | 上海华申智能卡应用系统有限公司 | Radio frequency label memory structure controlled by transmit encrypt and accessing authority |
| CN101169833A (en) * | 2006-10-26 | 2008-04-30 | 富士通株式会社 | Information access system, reader/writer device and contactless information storage device |
-
2008
- 2008-05-20 CN CN2008100376743A patent/CN101308546B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101027699A (en) * | 2004-08-13 | 2007-08-29 | 意大利电信股份公司 | Method and system for safety managing data stored on electronic label |
| JP2007293481A (en) * | 2006-04-24 | 2007-11-08 | Matsushita Electric Ind Co Ltd | Wireless tag system, wireless tag, and reader/writer |
| CN101169833A (en) * | 2006-10-26 | 2008-04-30 | 富士通株式会社 | Information access system, reader/writer device and contactless information storage device |
| CN101159032A (en) * | 2007-10-16 | 2008-04-09 | 上海华申智能卡应用系统有限公司 | Radio frequency label memory structure controlled by transmit encrypt and accessing authority |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101308546A (en) | 2008-11-19 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101308546B (en) | Radio frequency label data protection method of safe storage structure having multi-stage protection | |
| WO2018046008A1 (en) | Storage design method of blockchain encrypted radio frequency chip | |
| CN106845304B (en) | A kind of method and system for realizing reader and smart-tag authentication in RFID system | |
| AU2004323883B2 (en) | RFID transponder information security methods systems and devices | |
| CN108377189A (en) | User's communication encrypting method, device, terminal device and storage medium on block chain | |
| CN102026187B (en) | Subscriber identification module and transmission method and system based on subscriber identification module | |
| CN104090853A (en) | Solid-state disc encryption method and system | |
| CN107070660A (en) | A kind of design Storage method of block chain encrypted radio-frequency chip | |
| CN108768990A (en) | It is a kind of that encryption method can search for based on block chain | |
| CN103413109A (en) | Bidirectional authentication method of radio frequency identification system | |
| CN101562040A (en) | High-security mobile memory and data processing method thereof | |
| CN101882197A (en) | RFID (Radio Frequency Identification Device) inquiring-response safety certificate method based on grading key | |
| CN109816383A (en) | A kind of block chain endorsement method, block chain wallet and block chain | |
| CN101159754A (en) | Internet application management system operating on intelligent mobile terminal | |
| EP2504946B1 (en) | Variable substitution data processing method | |
| CN104123506A (en) | Data access method and device and data encryption storage and access method and device | |
| CN108650254A (en) | A kind of encrypting and deciphering system for multi-tenant data | |
| CN105653986A (en) | Micro SD card-based data protection method and device | |
| CN108696518A (en) | User's communication encrypting method, device, terminal device and storage medium on block chain | |
| CN109687966A (en) | Encryption method and its system | |
| WO2007077601A1 (en) | Tag authentication system | |
| CN103138932A (en) | Allocation method of mifare card sector secret key and allocation system of mifare card sector secret key | |
| CN103218633A (en) | Radio frequency identification (RFID) safety authentication method | |
| CN103370718B (en) | Use the data guard method of distributed security key, equipment and system | |
| CN101739593B (en) | Safety certification method of medium access control codes of integrated circuit cards |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |