Embodiment
In order to make purpose of the present invention, technical scheme and advantage clearer,, a kind of radio frequency system of the present invention, device and security processing are further elaborated below in conjunction with drawings and Examples.Should be appreciated that specific embodiment described herein only in order to explanation the present invention, and be not used in qualification the present invention.
The embodiment of the invention is by the sign authentication technique based on CPK, writing between instrument Writer, radio frequency card TAG, the card reader Reader three, the outstanding mutual discriminating that writes between instrument and the card reader, with the block encryption system, particularly the sign authentication technique of CPK block encryption system directly applies in the mutual discriminating that writes instrument and card reader, and digital signature and checking are provided, data encryption and deciphering etc., radio frequency card are just as the instrument of acting on behalf of that writes instrument.Owing to write instrument and card reader is active intelligent appliance, discriminating can be reciprocity mutually, can improve the degree of safety of radio frequency card thus greatly, greatly reduces the harsh requirement to radio frequency card simultaneously.
In applications such as stored value card, transportation cards, be afraid of that most the place that is replicated is: the UID territory, supplement territory, remaining sum territory with money.Because radio frequency card as the birth defect of wireless well-informed card Mifare in design, under the situation of not changing radio frequency card TAG structure, is difficult to solve this duplicating.
As shown in Figure 2, radio frequency system of the present invention comprises writing instrument Writer card reader Reader, and radio frequency card TAG;
Said write instrument Writer, card reader Reader and radio frequency card TAG comprise the UID territory respectively, supplement the territory with money, the remaining sum territory;
The UID territory of described radio frequency card, supplement the corresponding respectively linear feedback shift register (division circuit) that 3 32 grades of inter-stage moulds 2 are set in territory, remaining sum territory with money, remember LFSR respectively
1, LFSR
2, LFSR
3, as shown in table 1.
The LFSR table that show the 1UID territory, supplement the territory with money, the remaining sum territory is provided with
The territory |
Data |
Signature |
LFSR |
Output line |
UID |
6B |
18B |
32 grades |
32 grades |
Supplement with money |
6B |
18B |
32 grades |
32 grades |
Remaining sum |
6B |
18B |
32 grades |
32 grades |
Radio frequency system of the present invention also comprises CPK-key (perhaps being called CPK-chip), it is embedded into and writes instrument Writer and two devices of card reader Reader, make it have the function of block encryption system, preferably be the identification function of CPK block encryption system, the discriminating between radio frequency card TAG and the card reader Reader is concerned that the discriminating of changing into card reader Reader and writing between the instrument Writer concerns;
Described CPK identification function, number of patent application the applicant is: 200510002156.4, denomination of invention: " based on the key generation method of sign ", and number of patent application: 200610065663.7, denomination of invention: in the Chinese patent application of " based on the method for anti-counterfeit territory device of CPK electronic tag " detailed description is arranged, in this application, quoting in full this application number is 200510002156.4, denomination of invention: " based on the key generation method of sign ", and number of patent application: 200610065663.7, denomination of invention: the technical scheme content of differentiating about CPK in describing in " based on the method for anti-counterfeit territory device of CPK electronic tag ", and describe in detail no longer one by one in this application.
Described CPK-key is provided with three key k
1, k
2, k
3, deposit in after the encryption among the CPK-key, be respectively applied for load value data and balance data and and the encryption of the variable m of controlled variable.
Preferably, key k
1, k
2, k
3Length be 64bit (8B), the block encryption system is for can being block encryption systems such as AES, DES; More preferably, described block encryption system preferably is a CPK block encryption system, and CPK PKI length is 98bit (12B), and it cracks the 48bit (6B) that difficulty is equivalent to symmetric key.
Described CPK block cipher system, at application number be: 200510002156.4, denomination of invention: " based on the key generation method of sign ", and number of patent application: 200610065663.7, denomination of invention: in the Chinese patent application of " based on the method for anti-counterfeit territory device of CPK electronic tag " detailed description is arranged, in this application, quoting in full this application number is 200510002156.4, denomination of invention: " based on the key generation method of sign ", and number of patent application: 200610065663.7, denomination of invention: the technical scheme content of differentiating about CPK in describing in " based on the method for anti-counterfeit territory device of CPK electronic tag ", and describe in detail no longer one by one in this application.
The control of the feedback of described linear feedback shift register and the controlled parameter m of carry, the content of linear feedback shift register participates in the encryption and decryption processes such as digital signature of block encryption system.
In the prior art, radio frequency card, although particularly wireless well-informed card Mifare is provided with dynamic scrambler, but, product under its be a kind of discriminating thinking of " radio frequency card TAG reading card device Reader ", and the embodiment of the invention is under the discriminating thinking of " writing instrument Writer reading card device Reader ", scrambler does not just have much good, and all keys are differentiated, as identify discriminating, data are differentiated, duplicate discriminating etc., all rely on the block encryption system, particularly CPK block encryption system technology realizes, and all discriminatings are all carried out writing among instrument Writer or the card reader Reader of intelligence.
CPK block encryption system CPK signature technology is based on the signature of sign, and signature is short, and speed is fast.Signature length can be accomplished 18 bytes, and the signature time is not once waited from 2 milliseconds to 200 milliseconds with chip used difference, and the CPK chip cost is dozens of yuan RMB also, and cost is low.The CPK signature technology can improve the security of radio frequency system, widens its application prospect.
Feedback shift register occupation condition in radio frequency card TAG based on the CPK signature technology is as shown in table 2.
Table 2 feedback shift register is the resource occupation table in radio frequency card TAG
Variable name |
n
1 |
m
1 |
n
2 |
m
2 |
n
3 |
m
3 |
Length |
6B |
5B |
6B |
5B |
6B |
5B |
Signature |
18B |
|
18B |
|
18B |
|
The transmission of the variable of described controlled variable m is with block cipher system, particularly CPK block cipher system cipher mode carries out, the any secret information that sends by radio frequency card TAG, only write instrument Writer and card reader Reader can decipher, and emulation cryptanalysis machine and man-in-the-middle attack people have no way of finding out about it, and guarantee its security.
Preferably, described linear feedback shift register is many division circuits of feedback later;
Described digital signature changes with the variation of feedback shift register state.
The control of the controlled parameter m of feedback tap of the displacement of described linear feedback shift register, the 1st grade and the 32nd grade necessarily has tap, has 1 tap at least in the 2nd grade to the 31st grade, can constitute 2
30Hundred million kinds of different feedback relationships of-1=10.
Back 8 controls of the controlled parameter m of carry digit of described linear feedback shift register can constitute 2
8=256 kinds of different carry digits;
Preferably, the initial state of the linear feedback shift register among the described radio frequency card TAG is not to be the random state of " 0 " entirely; Begin feedback tap and work always from the input initial state, the eternal shuttling movement of linear feedback shift register from then on, in cycle period not repeatedly.
In a radio frequency card TAG, be provided with three shifting memories, three controlled variable m.The variable quantity of such three controlled variable m approximates (2
(30+8))
3=2
114≈ 10
34Plant, have less radio-frequency (RFID) device of same structure hardly.The diversity of less radio-frequency device effectively prevents to utilize the possibility of different card crime like this.
The private key of the digital signature in said write instrument and the card reader, data encryption key all are stored among the CPK-key; do not have CPK-key to utilize to write instrument and card reader is decrypted and rewrites UID, supplements with money and balance data, reach protection radio frequency system purpose of safety.
CPK-key is distributed to and respectively writes instrument (Writer) operator and each card reader (Reader) operator, inserts CPK-key during operation, to obtain the right of operation, helps audit, helps tracing responsibility after incident takes place.
At end-of-job, just extract CPK-key.CPK-key is very little, is beneficial to keeping.Do not have CPK-key write instrument (Writer) operator and card reader (Reader) operator just can't operate, do not need to be beneficial to management to writing instrument and card reader is taken care of especially.This input mode and the method for operation effectively prevent to utilize the possibility with the card crime;
Be example with the radio frequency card below, the safe handling process of radio frequency system of the present invention is described.
On radio frequency card, comprise 3 linear feedback shift register LFSR of 32 grades of bulls feedback independently each other
1, LFSR
2, LFSR
3, control UID territory among the radio frequency card TAG respectively, supplement the territory with money, the data in remaining sum territory.
The UID territory is subjected to linear feedback shift register LFSR
1Control, be used for the signature of UID;
Supplement the territory with money and be subjected to linear feedback shift register LFSR
2Control is used to write the signature of instrument Writer to load value data;
The remaining sum territory is subjected to linear feedback shift register LFSR
3Control is used to write the signature of card reader Reader to balance data.
Linear feedback shift register LFSR
1Line of displacement and UID territory writing line connect together;
Linear feedback shift register LFSR
2Line of displacement with supplement the territory writing line with money and connect together;
Linear feedback shift register LFSR
3Line of displacement and remaining sum territory writing line line connect together, as shown in Figure 2.
Whenever the UID territory or supplement the territory with money or remaining sum is supplemented the territory with money when " writing " operation takes place, activate the displacement of corresponding linear feedback shift register respectively, up to " writing " EO.
Preferably, the content of TAG neutral line feedback shift register can not be imported from the external world, and its initial value is not to be complete any number of zero, and when " writing " action did not take place, it is motionless that the linear feedback shift register state keeps.Because the content of linear feedback shift register participates in signature, when writing action, just cause that its content is ensued variation with the linear feedback shift register displacement, signature also changes, and realizes disposable signature with this:
1) Enterprise of enterprise signs to the UID territory:
Wherein, SIG is a signature agreement, enterprise
-1Be the signature private key of enterprise, sign
1Be the signed codevector of enterprise to UID, UID+LFSR
1Expression is with UID and the shifting memory content LFSR of TAG
1Tie up.
Described SIG signature agreement is the signature agreement of CPK system, is implemented by CPK-key;
Preferably, described signature agreement is the signature agreement of CPK block cipher system, and CPK PKI length is 98bit (12B), and it cracks the 48bit (6B) that difficulty is equivalent to symmetric key, is implemented by CPK-key.
2) write instrument Writer to supplementing the territory signature with money:
Wherein, SIG is a signature agreement, Writer
-1Be the signature private key that writes instrument, sign
2Be to write instrument to load value data data
1Signed codevector, data
1+ UID+LFSR
2Expression is with load value data data
1UID and linear feedback shift register content LFSR with TAG
2Tie up.
Described SIG signature agreement can be the signature agreement of various block encryption systems such as AES, DES, is implemented by CPK-key;
Preferably, described signature agreement is the signature agreement of CPK block cipher system, and CPK PKI length is 98bit (12B), and it cracks the 48bit (6B) that difficulty is equivalent to symmetric key, is implemented by CPK-key.
3) card reader Reader signs to the remaining sum territory:
Wherein, SIG is a signature agreement, Reader
-1Be the signature private key of card reader, sign
3Be that card reader is to balance data data
2Signed codevector, data
1+ data
2+ UID+LFSR
3Expression is with balance data data
2UID, load value data data with TAG
1, shifting memory content LFSR
3Tie up.
Described SIG signature agreement is the signature agreement of CPK system, is implemented by CPK-key;
Preferably, described signature agreement is the signature agreement of CPK block cipher system, and CPK PKI length is 98bit (12B), and it cracks the 48bit (6B) that difficulty is equivalent to symmetric key, is implemented by CPK-key.
Described radio frequency card also comprises controlled variable m, and the tap relation of described three linear feedback shift registers and number of steps are by the controlled variable m control of linear feedback shift register.
Preferably, the preceding 32bit of controlled variable m, corresponding one by one with 32 feedback taps of linear feedback shift register, if ' 1 ', feedback tap works, if ' 0 ', this tap is then inoperative.
The number of steps of back 1B (8bit) the decision linear feedback shift register of controlled variable m.
The initial value of controlled variable m defines at random, but the 1st and the 32nd of m is fixed as 1, contains one " 1 " at least in middle 30, and the content of back 8bit can not " complete 0 ".
Controlled variable m CPK key K
3Encryption obtains the n of 6B (48bit), i.e. E
K3(m)=and n, m and n are charged among the radio frequency card TAG.
M is used for the inner encryption of radio frequency card TAG;
N is used to send to the other side and is decrypted.
Then use key K writing instrument Writer and card reader Reader in advance
3Deciphering is obtained m, i.e. D
K3(n)=m.
Wherein E represents to encrypt, and D represents deciphering, and used cipher system is can be various block encryption systems such as existing AES, DES, K
3Be to add, decipher used key, all encryptions, decryption acts are all carried out in CPK-key.
Preferably, used block encryption system is the CPK block cipher system, and CPK PKI length is 98bit (12B), and it cracks the 48bit (6B) that difficulty is equivalent to symmetric key, is implemented by CPK-key.
Preferably, n is signed, though then password cracking can not arbitrarily palm off.
Describe the security processing of the radio frequency system of the embodiment of the invention below in detail, wherein, UID is defined by the Manufacturer of producer, and writes among the TAG, and offers the Enterprise of enterprise.
As shown in Figure 3, the security processing of the radio frequency system of the embodiment of the invention comprises the following steps:
Step S100 by CPK-key, utilizes the block cipher system encryption method, and UID is carried out safe handling;
CPK-key inserted write instrument Writer, utilize the variable m of CPK block cipher system the controlled variable that generates at random
1Use K
3Encrypt n
1, and UID signature obtained signed codevector sign
1, with m
1, n
1, sing
1Write among the radio frequency card TAG, and offer other and respectively write instrument Writer
i
Among the described step S100, utilize the CPK system to generate signature sign
1, controlled variable n
1, m
1, and write among the radio frequency card TAG, and offer other and respectively write instrument Writer
iDetailed process as follows:
Step 110, enterprise writes instrument Writer and reads linear feedback shift register state LFSR among the TAG earlier
1, enterprise utilizes the instrument Writer that writes that inserts CPK-key that UID is signed, promptly
Wherein SIG is a signature agreement, enterprise
-1Be the signature private key of enterprise, UID+LFSR1 is UID and linear feedback shift register state LFSR
1Binding, sign
1Be the signed codevector of enterprise to UID.
Described SIG signature agreement is the signature agreement of CPK system, is implemented by CPK-key;
CPK PKI length is 98bit (12B), and it cracks the 48bit (6B) that difficulty is equivalent to symmetric key.
Step S120, KMC (KMC) is provided with data encryption key K
1, K
2, K
3, and write among all CPK-key, wherein, K
1Be used for the encryption of load value data, K
2Be used for the encryption of balance data, K
3Be used for the encryption of parameter m.
Step S130 is for each radio frequency card TAG generates three couples of n
i, m
i, n wherein
i=E
K3(m
i), m wherein
1, n
1Be used for the UID territory; m
2, n
2Be used to supplement with money the territory; m
3, n
3Be used for the remaining sum territory.
Step S140, the enterprise sign that will sign
1, the variable m of three pairs of controlled variable
iAnd n
i, write among the radio frequency card TAG, what offer other writes instrument Writer
iOr card reader Writer
j
Step S200, the CPK-key embedding is write instrument Writer and two devices of card reader Reader, make it have the identification function of CPK cipher system, write instrument Writer the load value data among the radio frequency card TAG is carried out safe handling, card reader Reader carries out safe handling to the balance data among the TAG.
The CPK-key embedding is write instrument Writer and two devices of card reader Reader, make it have the identification function of CPK system, write instrument Writer load value data is carried out safe handling, card reader Reader carries out safe handling to the balance data in the radio frequency card, like this, the discriminating that just relation of the discriminating between radio frequency card TAG and the card reader Reader can be changed into card reader Reader and write between the instrument Writer concerns.
Write for the instrument Writer for one, can dispose several operators, each bright operator has CPK-key, when having only the CPK-key that inserts the operator, just can open and write the instrument Writer line operate of going forward side by side.Operations of operators is audited in writing instrument Writer.
Among the described step S200, write instrument Writer the load value data among the radio frequency card TAG is carried out safe handling.Comprise the steps:
Step S211 writes instrument Writer and utilizes CPK-key, the unique identification UID of radio frequency card TAG is verified, i.e. SIG
-1 Enterprise(UID+LFSR
1)=sign
1';
Wherein, SIG
-1Be indentification protocol, described indentification protocol CPK indentification protocol is implemented by CPK-key;
CPK PKI length is 98bit (12B), and it cracks the 48bit (6B) that difficulty is equivalent to symmetric key.
In the CPK cipher system based on sign, enterprise's name is exactly a PKI, and sign ' is to UID+LFSR
1Identifying code, if sign=sign ', then the checking pass through.
When supplementing with money, if balance data is arranged in the radio frequency card, then again balance data is verified, comprise step S212 and step S213:
If step S212 is the K of the remaining sum numeric field data among the radio frequency card TAG
2Encrypt, then utilize K
2Balance data is decrypted, obtains balance data, be i.e. D
K2(code
2)=data
2
Wherein, D represents deciphering, and code is a password, data
2It is the balance data after the deciphering.
Used encryption system is can be various block encryption systems such as existing AES, DES, K
3Be to add, decipher used key, all encryptions, decryption acts are all carried out in CPK-key.
CPK PKI length is 98bit (12B), and it cracks the 48bit (6B) that difficulty is equivalent to symmetric key.
Step S213 writes instrument Writer the balance data that deciphering from radio frequency card TAG obtains is verified, be i.e. SIG
-1 Writeri(data
2)=sign
3';
Wherein, SIG
-1Be indentification protocol, described indentification protocol is the CPK indentification protocol, is implemented by CPK-key; CPK PKI length is 98bit (12B), and it cracks the 48bit (6B) that difficulty is equivalent to symmetric key.
Writer is the PKI that writes instrument, sign
3' be identifying code to balance data, if sign
3=sign
3', then checking is passed through.
Step S214, writing instrument Writer supplements with money radio frequency card TAG, then cause " writing " action, excite the shifting function of the linear feedback shift register among the TAG, write instrument Writer and from radio frequency card TAG, read earlier linear feedback shift register state LFSR
2, utilize the CPK system to sign to load value data by CPK-key, promptly
Wherein, SIG is a signature agreement, Writer
-1Be the signature private key that writes instrument, sign
2Be to write instrument to load value data data
1Signed codevector, data
1+ UID+LFSR
2Expression load value data data
1UID, shifting memory content LFSR with TAG
2Binding.
Described SIG signature agreement is the CPK signature agreement, is implemented by CPK-key.
Step S215 with writing the load value data of instrument Writer to radio frequency card TAG, utilizes the block cipher system encryption method to encrypt by CPK-key, i.e. E
K1(data
1)=code
1
Wherein, E represents to encrypt data
1Be load value data code
1It is password.
Used block cipher system is can be various block cipher systems such as existing AES, DES, K
1Load value data is added, deciphers used key, and all encryptions, decryption acts are all carried out in CPK-key.
Preferably, used cipher system can be the AES/DES block cipher system.
If the operation of supplementing with money is at unique identification UID, load value data data1, balance data data2, linear feedback shift register LFSR
2The basis on carry out, in the then described step 214, write instrument Writer radio frequency card TAG supplemented with money, then excite linear feedback shift register LFSR
2Shifting function, utilize the block encryption system to sign to load value data by CPK-key, specifically comprise the steps:
Step S2141 writes instrument Writer and sends " writing " order, and perhaps action is write in the territory of supplementing with money of radio frequency card, linear feedback shift register LFSR
2Begin operation;
Step S2142 writes the linear feedback shift register LFSR that instrument Writer accepts radio frequency card TAG output
2Currency (being designated as 1 attitude) and the password n of the controlled variable that sends
2Write instrument Writer with n
2M is obtained in deciphering
2: D
K3(n
2)=m
2, use m
2Preceding 30 definite linear feedback shift register LFSR
2Feedback relationship, back 8 definite carry digits;
Step S2143 writes the linear feedback shift register LFSR of instrument Writer and radio frequency card
2On 1 attitude basis, walk m
2In the step, be designated as 2 attitudes;
Step S2144, radio frequency card TAG output load value data data
1
Step S2145 writes instrument Writer and verify load value data data on 2 attitude
1
Step S2146 writes instrument Writer and sends a t1 (t1=0..31);
Step S2147, the linear feedback shift register LFSR of radio frequency card
2Output t1 position rise 5 bit.
Step S2148 writes instrument Writer and checks 5 bit, if to would send t2 (t2=0..31);
Step S2149, the linear feedback shift register LFSR of radio frequency card
2Output t2 position rise 5 bit;
Step S21410 writes instrument Writer and checks, if right, then sends t3 (t3=0..31);
Step S21411, the linear feedback shift register LFSR of radio frequency card
25 bit that output t3 rises the position;
If all question and answer have all been passed through, then carry out next step, otherwise withdraw from process.
Step S21412, the linear feedback shift register LFSR2 of the radio frequency card m that on 2 attitudes, moves
2Step is designated as 3 attitudes, and m again moves
2Step is designated as 4 attitudes, with the value addition that will supplement with money, obtains the load value data SUM after the addition
2
Step S21413, write instrument Writer on 4 attitudes to the load value data SUM after the addition
2Signature:
Step S21414 writes instrument Writer with signed codevector sign
2Write among the radio frequency card TAG;
Step S21415, the linear feedback shift register of radio frequency card TAG is stepping m on 1 attitude
2Step is designated as 2 attitudes, and m again moves
2In the step, be designated as 3 attitudes.
The next round process is carried out since 3 attitudes like this, and radio frequency card TAG sends 3 attitudes; Write instrument Writer like this and just on 4 attitudes, verify, and on 5 attitudes, sign.Whole process has been advanced and one has been taken turns, nonsensical empty information such as aerial 1 attitude that sends, 3 attitudes, 5 attitudes, and the information that really is used in signature then is that 2 attitudes, 4 attitudes, 6 attitudes etc. but do not expose.
Like this, the transmission of the variable of controlled variable is carried out in the dislocation mode, and the variable of the controlled variable of really enabling is not exposed in this communication.
For card reader Reader, it can be a plurality of card reader Reader.When inserting CPK-key, open the card reader Reader line operate of going forward side by side.
Among the described step S200, card reader Reader carries out safe handling to the balance data among the radio frequency card TAG, comprises checking and signature, deciphering and encryption etc., comprises the steps:
Step S221, card reader Reader utilizes CPK-key, the UID among the radio frequency card TAG is verified, i.e. SIG
-1 Enterprise(UID+LFSR
1)=sign
1';
Card reader Reader is to the checking of UID, and instrument Writer is identical to the checking of UID with writing among the step S211, therefore describes in detail no longer one by one.
Step S222 has utilized K if supplement the territory among the radio frequency card TAG with money
1Encrypt, card reader Reader then to the territory of supplementing with money of radio frequency card TAG, utilizes CPK-key, by corresponding K
3Load value data is decrypted the load value data after obtaining deciphering, i.e. D
K1(code
1)=data
1Wherein D represents deciphering, code
1Be password, data
1It is the load value data after the deciphering.Used block encryption system is can be various block encryption systems such as existing AES, DES, perhaps CPK block cipher system, K
1Be that load value data is added, deciphers used key, all encryptions, decryption acts are all carried out in CPK-key.
Step S223, card reader Reader verify the load value data that deciphering obtains, i.e. SIG
-1 Writer(data
1+ UID+LFSR
2)=sign
2';
Wherein, SIG
-1Be indentification protocol, described indentification protocol is the CPK indentification protocol, is implemented by CPK-key, and writer is the PKI that writes instrument, sign
2' be to write the identifying code of instrument to the load value data signature, if sign
2=sign
2', then checking is passed through.
Step S224, card reader Reader verify the existing balance data from radio frequency card TAG, i.e. SIG
-1 Readeri(data
2+ data
1+ UID+LFSR
3)=sign
3';
Wherein, SIG
-1Be indentification protocol, described indentification protocol is the CPK indentification protocol, is implemented reader by CPK-key
iBe the PKI of card reader, sign
3' be identifying code to existing balance data, here, balance data with load value data data
1, UID, shifting memory state LFSR
3If binding is sign
3=sign
3', then checking is passed through.
Step S225, card reader Reader carries out " writing " operation to the balance data among the radio frequency card TAG, then excites the shifting function of linear feedback shift register, by CPK-key, balance data is signed, promptly
Wherein, SIG is a signature agreement, and data2 is new balance data, with load value data data1, UID, new shifting memory state LFSR
3Binding is by the private key reader of card reader with oneself
-1Signature.Signature carries out in CPK-key, and signed codevector is write among the TAG.
Described signature agreement is the CPK signature agreement.
Step S226 when remaining sum is verified, if the balance data among the radio frequency card TAG is encrypted, then with the balance data in the radio frequency card, utilizes the deciphering in advance of block encryption system by CPK-key, obtains the balance data in the radio frequency card, i.e. D
K2(code
2)=data
2
Wherein D is a decryption protocol, and card reader Reader reads the password code of balance data from radio frequency card TAG
2, decrypt balance data data with key K 2
2Decryption oprerations is carried out in CPK-key.
Step S227 encrypts new balance data if desired, then utilizes the block encryption system to encrypt by CPK-key, and writes among the radio frequency card TAG, i.e. E
K2(data
2)=code
2
Wherein E is a cryptographic protocol, and balance data data2 is through k
2The password code that encrypts
2Cryptographic operation carries out in CPK-key, with the password code after encrypting
2Write among the TAG.
Among the described step S225, excite the shifting function of linear feedback shift register, balance data is signed, specifically comprise the steps: by CPK-key
Step S2251, card reader Reader send " writing " order, and perhaps action is write in the remaining sum territory of radio frequency card, and linear feedback shift register carries out shifting function;
Step S2252, card reader Reader accept the linear feedback shift register LFSR of radio frequency card TAG output
3Currency (being designated as 1 attitude) and the password n of the controlled variable that sends
3Card reader Reader is with n
3M is obtained in deciphering
3: D
K3(n
3)=m
3, use m
3Preceding 30 definite linear feedback shift register LFSR
3Feedback relationship, back 8 definite carry digits.
Step S2253, the linear feedback shift register LFSR of card reader Writer and radio frequency card
3M moves on 1 attitude basis
3In the step, be designated as 2 attitudes;
Step S2254, radio frequency card TAG output remaining sum territory data2;
Step S2255, card reader Reader verifies balance data on 2 attitudes;
Step S2256, card reader Reader send a t1 (t1=0..32);
Step S2257, the linear feedback shift register LFSR of radio frequency card
35 bit that output t1 rises the position.
Step S2258, card reader Reader checks, if right, then sends t2;
Step S2259, the linear feedback shift register LFSR of radio frequency card
35 bit that output t2 rises the position;
Step S22510, card reader Reader checks, if right, then sends t3;
Step S22511, the linear feedback shift register LFSR of radio frequency card
35 bit that output t3 rises the position;
If 3 times question and answer are all correct, then enter next process, otherwise withdraw from process.
Step S22512, the linear feedback shift register LFSR of radio frequency card
3M moves on 2 attitudes
3Step is designated as 3 attitudes, and m again moves
3Step is designated as 4 attitudes, operates SUM as a result after obtaining operating with remaining sum
3
Step S22513, card reader Reader on 4 attitudes to SUM
3Signature, promptly
Step S22514, card reader Reader is with signed codevector sign
3Write among the radio frequency card TAG;
Step S22515, the linear feedback shift register LFSR of radio frequency card TAG
3M goes further on 1 attitude
3Step is designated as 2 attitudes, and m goes further
3Step is designated as 3 attitudes, and then the next round linear feedback is since 3 attitudes.
Like this, when the UID territory, supplement with money in territory, the remaining sum territory and any change to take place, replace, when duplicating, just cause and write action, excite the shifting function of linear feedback shift register simultaneously, the content of signature is changed, it is invalid that the signature that duplicates just becomes.This disposable signature is to rely on the line of displacement of linear feedback shift register LFSR to realize, shifting function changes the state of shifting memory, the change of state is signed needed just, because legal operator has the ability of signature again, do not influence its legitimacy, but the ability that illegal operation person does not then sign again.
The present invention is based on the security processing of radio frequency system of the digital signature of CPK, can effectively differentiate UID and data;
In the present invention, the anti-problem of duplicating of radio frequency card RFID has turned to and has prevented the duplicating in the displacement control with linear feedback shift register of linear feedback shift register content, if the content of linear feedback shift register can not former state read or can not former state write into, so just can be in case duplicated, therefore, also will consider anti-probe attack in the present invention, the present invention is by utilizing CPK-key, utilize the block encryption system to carry out safe handling, thereby address this problem.
By the present invention as can be seen, the present invention can effectively finish the safe handling to radio frequency card in general sense, promptly on the radio frequency card basis, utilize with card, differently stick into capable various duplicating, below further analyze the present invention and can resist Ghost and easy card and dissect and attack.
Design a kind of easy card, its design is identical with this card, and the different just states of feedback shift register can be imported from the external world.Can easy card become the legal card identical with this card so?
At first buy a card of supplementing 1000 yuan with money;
With UID number information reproduction to easy card; Promptly duplicate UID number, operating personnel to the signature of UID, the controlled variable of feedback shift register.
Equally, with load value data information and balance data information reproduction to easy card.
Because it is close that the feedback shift register controlled variable has added, can not decipher, because can not decipher controlled variable, wait when using next time and to differentiate and can't pass, must expose.
If want to obtain the controlled variable m of real feedback shift register, the just essential chip of dissecting, if controlled variable m is readable, so can infinite copy supplementing with money is 1000 legal easy card; If can not read, though dissected also of no use.Therefore, An Quan key ties up in the protection of controlled variable m of feedback shift register.
In conjunction with the drawings to the description of the specific embodiment of the invention, others of the present invention and feature are conspicuous to those skilled in the art.
More than specific embodiments of the invention are described and illustrate it is exemplary that these embodiment should be considered to it, and be not used in and limit the invention, the present invention should make an explanation according to appended claim.