CN102081744A - Path identification system and secure interaction method thereof - Google Patents
Path identification system and secure interaction method thereof Download PDFInfo
- Publication number
- CN102081744A CN102081744A CN2009102529216A CN200910252921A CN102081744A CN 102081744 A CN102081744 A CN 102081744A CN 2009102529216 A CN2009102529216 A CN 2009102529216A CN 200910252921 A CN200910252921 A CN 200910252921A CN 102081744 A CN102081744 A CN 102081744A
- Authority
- CN
- China
- Prior art keywords
- electronic tag
- card reader
- authentication
- track card
- carried out
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Devices For Checking Fares Or Tickets At Control Points (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses a secure interaction method for a path identification system. At a highway entrance, when a driveway card reader accesses an electronic label, the electronic label authenticates the driveway card reader; after the authentication is passed, the authentication information of the electronic label is written into the driveway card reader; on the highway, the electronic label stores the path information encrypted and broadcasted by a road base station; at the highway exit, when the driveway card reader accesses the electronic label, the electronic label authenticates the driveway card reader; and after the authentication is passed, the driveway card reader performs validity authentication on the electronic label according to the write-in authentication information, and performs validity judgment on the path information stored in the electronic label after the authentication is passed. The method encrypts and processes the overhead transmitted data so that the illegal or forged equipment cannot simulate or damage the reality and integrity of the data, and therefore, the security of the path identification system is greatly improved.
Description
Technical field
The present invention relates to the security technique of path identifying system, relate in particular to a kind of path identifying system and safety interacting method thereof.
Background technology
Along with rapid development of social economy, it is intelligent that expressway construction tends to gradually, and electronic charging (ETC, Electronic Toll Collection) technology is exactly typical case's representative of intelligent transportation application.Because the complicacy of freeway facility often adopts nation-building to combine with private investment in some provinces, the mode of income pro-rata.Yet along with the continuous construction of highway, road network becomes and becomes increasingly complex, and often has a lot of different paths from the outlet that enters the mouth, and these different paths may belong to different investors and have; Present Fare Collection System can't be judged the path of vehicle process, so can't be between each investor fair clearing of interests, and road network is complicated more, and problem is also serious more.
Problem at above existence, arise at the historic moment through recognition system in the road, its principal feature is exactly to have solved the mark problem of vehicle institute through the path on the basis of existing Fare Collection System, can judge the path of vehicle process exactly, thus the fair division of realization interests.Path identifying system mainly is made up of three parts, i.e. road side base station, track card reader, electronic tag.In the expressway access, the track card reader writes inlet information and electronic tag is set to duty to electronic tag; On highway, electronic tag receives the road of road side base station emission through information and preservation; At expressway exit, the track card reader is read routing information and is reported application system and is for further processing from electronic tag, and electronic tag is set to off working state subsequently.
In above-mentioned flow process, security is a very important problem.For example, if do not adopt safety practice in the system, the assailant on the way can use illegal card reader to do inlet setting again after inlet is got electronic tag, and the routing information in so original electronic tag will be wiped free of; Radiowave can be monitored in transmission course, and the assailant can launch identical routing information, thereby cause the routing information in the electronic tag untrue after listening to the routing information that road side base station sends on other path; In addition, the assailant also can forge electronic tag.Above-mentioned three kinds of attack patterns all can use to path identifying system and bring potential safety hazard, therefore, need provide a kind of solution that improves the path identifying system security.
Summary of the invention
In view of this, fundamental purpose of the present invention is to provide a kind of path identifying system and safety interacting method thereof, to improve the security of path identifying system.
For achieving the above object, technical scheme of the present invention is achieved in that
The invention provides a kind of safety interacting method of path identifying system, this method comprises:
At the entrance place, when the track card reader conducted interviews to electronic tag, described electronic tag carried out authentication to the track card reader, and after authentication was passed through, described track card reader write the authentication information of electronic tag;
In the high speed road, described electronic tag is stored the routing information of road side base station broadcast encryption;
At the exit place, when described track card reader conducted interviews to electronic tag, described electronic tag carried out authentication to the track card reader; After authentication was passed through, described track card reader was carried out the legitimacy authentication according to the authentication information that writes to electronic tag, and after authentication is passed through, the routing information of storing in the electronic tag was carried out legitimacy judge.
Described electronic tag carries out authentication to the track card reader, is specially:
The track card reader sends to electronic tag and reads board units sign OBUID instruction;
Described electronic tag module safe in utilization produces random number RA ND, and uses the visit sub-key that RAND is carried out cryptographic calculation generation message authentication code MAC, then OBUID and RAND is returned to the track card reader;
Described track card reader calculates the visit sub-key of described electronic tag according to the OBUID that receives, and use the visit sub-key calculate that the RAND that receives is carried out cryptographic calculation to generate MAC1, the track card reader is carried described MAC1 in the follow-up service order that is sent to electronic tag;
After described electronic tag received service order, the MAC that the MAC1 in the described service order and described electronic tag self are generated compared, if both equate, then respond described service order; If both are unequal, then do not respond described service order.
Described track card reader is carried out the legitimacy authentication to electronic tag, is specially:
Card reader module safe in utilization in track reads the random number RA ND that self stores, and uses encryption key that OBUID and RAND are carried out cryptographic calculation to obtain ANS as a result;
The track card reader obtains MAC2 by intercepting ANS, and RAND that reads and the MAC2 that intercepting obtains are sent to electronic tag, is preserved by described electronic tag;
The track card reader reads the OBUID of electronic tag, and reads RAND and MAC2 from electronic tag; Use encryption key that OBUID and RAND are carried out cryptographic calculation, obtain ANS1; ANS1 obtains MAC3 by intercepting;
The MAC2 that the track card reader will read from electronic tag compares with described MAC3; If both are equal, then authentication success; Otherwise, authentification failure.
Described electronic tag is stored the routing information of road side base station broadcast encryption, is specially:
Described road side base station carries out cryptographic calculation to routing information PA, obtains PA1; And current information of time RTC carried out cryptographic calculation, obtain RTC1;
Described road side base station is broadcasted PA1 and RTC1 at a certain time interval;
Described electronic tag is stored the PA1 and the RTC1 of broadcasting.
Described track card reader is carried out the legitimacy judgement to the routing information of electronic tag storage, is specially:
The outlet time T 2 of track card reader recorded electronic label, and read the entry time T1 of electronic tag, read the PA1 and the RTC1 that store in the electronic tag then, and use decruption key that PA1 and RTC1 are decrypted, obtain PA and RTC;
Described track card reader judges whether the PA that deciphering obtains is effective routing information, and judges whether the RTC that deciphering obtains satisfies: T1<RTC<T2; If PA is effective routing information, and T1<RTC<T2, think that then the PA that obtains of deciphering is legal; Otherwise, think that the PA that obtains of deciphering is illegal.
The present invention also provides a kind of path identifying system, and this system comprises: electronic tag, track card reader and road side base station, wherein,
Described electronic tag is used for when the track card reader conducts interviews to electronic tag the track card reader being carried out authentication; Also be used for the routing information of road side base station broadcast encryption being stored at the high speed road;
Described track card reader is used at the entrance place, after the authentication of described electronic tag is passed through, writes the authentication information of described electronic tag; At the exit place, by described authentication information described electronic tag is carried out the legitimacy authentication, and after authentication was passed through, the routing information that electronic tag is stored carried out the legitimacy judgement;
Described road side base station is used for the routing information at high speed road broadcast enciphering.
When described electronic tag carries out authentication to the track card reader, described track card reader is further used for, read the OBUID instruction to described electronic tag transmission, obtain OBUID and RAND from electronic tag, and calculate the visit sub-key of described electronic tag according to OBUID, use described visit sub-key that the RAND that obtains is carried out cryptographic calculation and generate MAC1, in the follow-up service order that is sent to electronic tag, carry described MAC1;
Accordingly, described electronic tag is further used for, receive read OBUID instruction after, module safe in utilization produces random number RA ND, and uses the visit sub-key that RAND is carried out cryptographic calculation to generate MAC, then OBUID and RAND are returned to the track card reader; After receiving service order, the MAC that the MAC1 in the service order and described electronic tag self are generated compares, if both equate, then respond described service order; If both are unequal, then do not respond described service order.
Electronic tag is being carried out legitimacy when authentication, described track card reader is further used for, and module safe in utilization reads the random number RA ND that self stores, and uses encryption key that OBUID and RAND are carried out cryptographic calculation to obtain ANS; ANS obtains MAC2 by intercepting, and RAND that reads and the MAC2 that intercepting obtains are sent to electronic tag; Described electronic tag is preserved after receiving RAND and MAC;
Described track card reader reads the OBUID of electronic tag, and reads RAND and MAC2 from electronic tag, uses encryption key that OBUID and RAND are carried out cryptographic calculation, obtains ANS1; ANS1 obtains MAC3 by intercepting; MAC2 that will read from electronic tag and described MAC3 compare; If both are equal, then authentication success; Otherwise, authentification failure.
Described road side base station is further used for, and routing information PA is carried out cryptographic calculation, and the result is designated as PA1; And current information of time RTC carried out cryptographic calculation, the result is designated as RTC1; At a certain time interval PA1 and RTC1 are broadcasted; Described electronic tag is stored the PA1 and the RTC1 of broadcasting.
Described track card reader is further used for, at the expressway exit place, and the outlet time T 2 of recorded electronic label, and read the entry time T1 of electronic tag, read the PA1 and the RTC1 that store in the electronic tag then, and use decruption key that PA1 and RTC1 are decrypted, obtain PA and RTC;
Judge whether the PA that deciphering obtains is effective routing information, and judge whether the RTC that deciphering obtains satisfies: T1<RTC<T2; If PA is effective routing information, and T1<RTC<T2, think that then the PA that obtains of deciphering is legal; Otherwise, think that the PA that obtains of deciphering is illegal.
A kind of path identifying system provided by the present invention and safety interacting method thereof, at the entrance place, when the track card reader conducted interviews to electronic tag, electronic tag carried out authentication to the track card reader, after authentication was passed through, the track card reader write the authentication information of electronic tag; In the high speed road, electronic tag is stored the routing information of road side base station broadcast encryption; At the exit place, when the track card reader conducted interviews to electronic tag, electronic tag carried out authentication to the track card reader; After authentication was passed through, the track card reader was carried out the legitimacy authentication according to the authentication information that writes to electronic tag, and after authentication is passed through, the routing information of storing in the electronic tag was carried out legitimacy judge.The present invention is based on the secure communication rule of security module encrypting and decrypting function, data to aerial transmission are carried out encryption, make equipment illegal or that forge can't simulate or destroy the authenticity and integrity of data, thus the security that has greatly improved path identifying system.
Description of drawings
Fig. 1 is the process flow diagram of the safety interacting method of a kind of path identifying system of the present invention;
Fig. 2 is the process flow diagram of electronic tag access authentication among the present invention;
Fig. 3 is the process flow diagram of electronic tag legitimacy authentication among the present invention;
Fig. 4 is the broadcasting of routing information among the present invention and the process flow diagram that reads;
Fig. 5 is the complete safe control flow chart of path identifying system among the present invention;
Fig. 6 is the composition structural representation of a kind of path identifying system of the present invention.
Embodiment
The technical solution of the present invention is further elaborated below in conjunction with the drawings and specific embodiments.
For improving the security of path identifying system, the safety interacting method of a kind of path identifying system provided by the present invention, encrypting and decrypting function based on security module, stipulate the processing mode of information interaction between the equipment, can identify the true and false of track card reader, electronic tag and routing information.Equipment in the path identifying system all disposes security module, wherein road side base station and track card reader can be by consumption safety authentication card (PSAM, realize that Purchase Secure Access Module) electronic tag can adopt the embedded-type security authentication module owing to the restriction of appointed condition or realize by software.This safety interacting method as shown in Figure 1, mainly may further comprise the steps:
Electronic tag can write when hair fastener by board units sign (OBUID, On Board Unit ID) disperses the visit sub-key of the security module obtain, when the track card reader was operated electronic tag, electronic tag carried out authentication by this sub-key to the visitor.After authentication was passed through, the track card reader write the authentication information of electronic tag, and electronic tag is set to duty and enters the expressway with vehicle subsequently.
Wherein, the idiographic flow of electronic tag access authentication, promptly electronic tag as shown in Figure 2, mainly may further comprise the steps the verification process of track card reader:
Step 201, track card reader send to electronic tag and read the OBUID instruction.
Step 202, electronic tag module safe in utilization produces the random number RA ND of 4 bytes, and adopts the visit sub-key that RAND is carried out the 3DES cryptographic calculation, generates the message authentication code (MAC, Message Authentication Code) of 4 bytes.
Wherein, 3DES is a kind of pattern of data encryption standards (DES, Data Encryption Standard) cryptographic algorithm.MAC is as the authenticity of checking instruction message.
Step 203, electronic tag sends to the track card reader in response with OBUID and RAND.
Step 204, track card reader read OBUID and the RAND that electronic tag returns, and calculate the visit sub-key of this electronic tag according to OBUID; The visit sub-key that employing calculates carries out the 3DES cryptographic calculation to the RAND that reads, and generates 4 byte MAC 1.
Wherein, the track card reader is consulted in advance according to algorithm needs and electronic tag that OBUID calculates the visit sub-key, perhaps disposes on OBUID in advance.
Step 205, the track card reader sends service order to electronic tag, and carries in this instruction and encrypt the MAC1 that produces in the step 204.
Step 206 after electronic tag receives service order, extracts MAC1, and the MAC that the MAC1 that extracts and electronic tag self computing obtain is compared.
Step 207 is according to comparative result, if both equate that then electronic tag responds this service order, otherwise does not respond.
By flow process shown in Figure 2, can judge the legitimacy of service order, because illegal track card reader can't produce correct visit sub-key, also just can not get legal MAC, thereby reduced the possibility that electronic tag is attacked by illegal track card reader.
The identifying procedure of electronic tag legitimacy as shown in Figure 3, mainly may further comprise the steps:
Step 301~302, in the expressway access, the track card reader sends to electronic tag and reads the OBUID instruction, obtains the OBUID of 4 bytes from electronic tag.
Step 303, card reader module safe in utilization in track reads the random number RA ND of 4 bytes of self storing; And use encryption key that OBUID and RAND are carried out the 3DES cryptographic calculation, obtain encrypted result (ANS, Answer).Preceding 4 bytes of ANS are as MAC.
Step 304, preceding 4 bytes of track card reader intercepting ANS obtain MAC, and RAND that reads and the MAC that intercepting obtains are sent to electronic tag.
After step 305, electronic tag receive RAND and MAC, be kept on the flash memory (FLASH) of self.
Step 306, at expressway exit, the track card reader reads the OBUID of electronic tag, and reads RAND and MAC from the FLASH of electronic tag, and RAND and the MAC that reads is designated as A.
Step 307, the track card reader is isolated RAND from A, with encryption key OBUID and RAND are carried out the 3DES cryptographic calculation, obtains ANS1 as a result.
Step 308, preceding 4 bytes of track card reader intercepting ANS1 are designated as MAC1.
Step 309, the track card reader is isolated MAC from A, and with step 308 in the MAC1 that obtains of intercepting compare; If both equate that then authentication success thinks that promptly electronic tag is legal; If both are unequal, then authentification failure thinks that promptly electronic tag is illegal.
Through flow process shown in Figure 3, all can have different encryption keys behind the each inlet of each electronic tag, whether and can't not decipher the result who obtains coupling through the electronic tag of legal inlet in outlet, thereby can judge whether electronic tag was on the way made revises or forges.Above-mentioned flow process can improve electronic tag security on the way effectively, prevents that its information from being altered or destroy.
The broadcasting of routing information and reading, and the legitimacy of routing information judges flow process, as shown in Figure 4, mainly may further comprise the steps:
Step 401, electronic tag is being set to duty in the expressway access.
Step 402, road side base station module safe in utilization is carried out the 3DES cryptographic calculation to routing information PA, and the result is designated as PA1; And current information of time RTC carried out the 3DES cryptographic calculation, the result is designated as RTC1.
Step 403, road side base station are broadcasted PA1 and RTC1 at a certain time interval.
Step 404, electronic tag is stored PA1 and RTC1 after the information that receives road side base station broadcasting.
Step 405~407, at expressway exit, the track card reader is the outlet time T 2 of recorded electronic label at first, and read the entry time T1 of electronic tag, read the PA1 and the RTC1 that store in the electronic tag then, and use decruption key that PA1 and RTC1 are decrypted, obtain real PA and RTC.
Wherein, the NOT logic that entry time T1 leaves electronic tag in is encrypted in the sector of (Mifare One) card, is write by the entrance lane card reader.
Judge whether the PA that deciphering obtains is effective routing information, and judge whether RTC that deciphering obtains whether between T1 and T2, promptly satisfies: T1<RTC<T2.If PA is effective routing information, and T1<RTC<T2, thinks that then the PA that obtains of deciphering is legal, and report application system and do further processing; Otherwise, think that the PA that obtains of deciphering is illegal, and the PA that obtains of deletion deciphering.
Lane system software can be safeguarded the set of an active path information, the corresponding road side base station of each paths information wherein, and this is integrated into and can obtains after the road side base station deployment finishes.If the PA that deciphering obtains is in this active path ensemble of communication effectively.
Because what the broadcasting of routing information was adopted is one-way communication, therefore can't prevent the Replay Attack on the road,, routing information be carried out the checking of temporal information in outlet by above-mentioned flow process, increase the difficulty of Replay Attack, thereby improved the reliability of routing information effectively.
Based on the authentication of above-mentioned electronic tag access authentication, electronic tag legitimacy and the broadcasting and the read operation of routing information, the whole security control flow process of path identifying system as shown in Figure 5, mainly may further comprise the steps:
Step 501, in the expressway access, the track card reader sends to electronic tag and reads the OBUID instruction.
Step 502~503, electronic tag produce the random number RA ND of 4 bytes, and RAND is encrypted generation 4 byte MAC, then OBUID and RAND are returned to the track card reader.
Step 504, track card reader use OBUID to calculate the visit sub-key of electronic tag, and use this visit sub-key that RAND is encrypted, and generate 4 byte MAC 1.
Step 505~506, the track card reader is got the RAND of 4 bytes, OBUID and RAND is encrypted obtain ANS as a result; Preceding 4 bytes of intercepting ANS are designated as MAC2; And RAND, MAC1 and MAC2 sent to electronic tag.
After step 507~508, electronic tag received RAND, MAC1 and MAC2, the MAC that MAC1 and self are generated compared, if both equate, then respond this instruction; If unequal, then do not respond.On the FLASH that electronic tag is kept at self with the RAND that receives and MAC2, finish the authentication of electronic tag reading card device this moment, and electronic tag is set to duty.
Step 509~510, road side base station carries out the 3DES cryptographic calculation respectively to routing information PA and current time information RTC, obtains PA1 and RTC1, and at a certain time interval PA1 and RTC1 is broadcasted.
Step 511, electronic tag is stored PA1 and RTC1 after the information that receives road side base station broadcasting.
Step 512~513, at expressway exit, the track card reader reads the OBUID of electronic tag, and will be kept at RAND and MAC2 taking-up among the electronic tag FLASH, is designated as A; From A, isolate RAND, OBUID and RAND encryption are obtained ANS1.It is pointed out that electronic tag need carry out authentication to the track card reader in exit in this step, concrete authentication process is identical with the authentication process of porch.
Step 514, preceding 4 bytes of track card reader intercepting ANS1 are designated as MAC3; From A, isolate MAC2, and MAC2 and MAC3 are compared.If both equate that then authentication success thinks that promptly electronic tag is legal; If both are unequal, then authentification failure thinks that promptly electronic tag is illegal.At this moment, promptly finish the verification process of electronic tag legitimacy.
Step 515, the outlet time T 2 of track card reader recorded electronic label, and read the entry time T1 of electronic tag, read the PA1 and the RTC1 that store in the electronic tag then.
Step 516, the track card reader uses decruption key that PA1 and RTC1 are decrypted, and obtains real PA and RTC, judges whether the PA that deciphering obtains is effective routing information, and judge whether RTC that deciphering obtains whether between T1 and T2, promptly satisfies: T1<RTC<T2.If PA is effective routing information, and T1<RTC<T2, thinks that then the PA that obtains of deciphering is legal, and report application system and do further processing; Otherwise, think that the PA that obtains of deciphering is illegal, and the PA that obtains of deletion deciphering.Finish the verification process of routing information this moment.
For realizing the safety interacting method of path identifying system in the invention described above, a kind of path identifying system provided by the present invention as shown in Figure 6, comprising: electronic tag 10, track card reader 20 and road side base station 30.Electronic tag 10 is used for when card reader 20 pairs of electronic tags 10 in track conduct interviews track card reader 20 being carried out authentication; Also be used for the routing information of road side base station 30 broadcast encryptions is stored.Track card reader 20 is used at the entrance place, after the authentication of electronic tag 10 is passed through, writes the authentication information of electronic tag 10; At the exit place, by authentication information electronic tag 10 is carried out the legitimacy authentication, and after authentication was passed through, the routing information that electronic tag 10 is stored carried out the legitimacy judgement.Road side base station 30 is used for the routing information at high speed road broadcast enciphering.
When 10 pairs of track card reader of electronic tag 20 are carried out authentication, track card reader 20 is further used for, read the OBUID instruction to electronic tag 10 transmissions, obtain OBUID and RAND from electronic tag 10, and calculate the visit sub-key of electronic tag 10 according to OBUID, use the visit sub-key that the RAND that obtains is carried out the 3DES cryptographic calculation, generate 4 byte MAC 1; In the follow-up service order that is sent to electronic tag 10, carry MAC1.Accordingly, electronic tag 10 is further used for, receive read OBUID instruction after, module safe in utilization produces the random number RA ND of 4 bytes, and use the visit sub-key that RAND is carried out the 3DES cryptographic calculation, and generate 4 byte MAC, then OBUID and RAND are returned to track card reader 20; After receiving service order, the MAC that the MAC1 in the service order and electronic tag 10 generated self compares, if both equate then response service instruction; If both are unequal, then not response service instruction.
When electronic tag 10 being carried out the legitimacy authentication, track card reader 20 is further used for, and at the place, expressway access, reads the OBUID instruction to electronic tag 10 transmissions, obtains OBUID; Module safe in utilization reads the random number RA ND of 4 bytes of self storing, and uses encryption key that OBUID and RAND are carried out the 3DES cryptographic calculation, obtains ANS; Preceding 4 bytes of intercepting ANS obtain MAC2, and RAND that reads and the MAC2 that intercepting obtains are sent to electronic tag 10; After electronic tag 10 receives RAND and MAC2, be kept among the flash memory FLASH of self.At the expressway exit place, track card reader 20 reads the OBUID of electronic tag 10, and reads RAND and MAC from the FLASH of electronic tag 10, and RAND and the MAC2 that reads is designated as A; From A, isolate RAND, use encryption key that OBUID and RAND are carried out the 3DES cryptographic calculation, obtain ANS1; Preceding 4 bytes of intercepting ANS1 are designated as MAC3; From A, isolate MAC2, and compare with MAC3; If both are equal, then authentication success; Otherwise, authentification failure.
Road side base station 30 is further used for, and routing information PA is carried out the 3DES cryptographic calculation, and the result is designated as PA1; And current information of time RTC carried out the 3DES cryptographic calculation, the result is designated as RTC1; At a certain time interval PA1 and RTC1 are broadcasted; The PA1 and the RTC1 of 10 pairs of broadcasting of electronic tag store.
In sum, the present invention is based on the secure communication rule of security module encrypting and decrypting function, data to aerial transmission are carried out encryption, make equipment illegal or that forge can't simulate or destroy the authenticity and integrity of data, thus the security that has greatly improved path identifying system.
The above is preferred embodiment of the present invention only, is not to be used to limit protection scope of the present invention.
Claims (10)
1. the safety interacting method of a path identifying system is characterized in that, this method comprises:
At the entrance place, when the track card reader conducted interviews to electronic tag, described electronic tag carried out authentication to the track card reader, and after authentication was passed through, described track card reader write the authentication information of electronic tag;
In the high speed road, described electronic tag is stored the routing information of road side base station broadcast encryption;
At the exit place, when described track card reader conducted interviews to electronic tag, described electronic tag carried out authentication to the track card reader; After authentication was passed through, described track card reader was carried out the legitimacy authentication according to the authentication information that writes to electronic tag, and after authentication is passed through, the routing information of storing in the electronic tag was carried out legitimacy judge.
2. according to the safety interacting method of the described path identifying system of claim 1, it is characterized in that described electronic tag carries out authentication to the track card reader, is specially:
The track card reader sends to electronic tag and reads board units sign OBUID instruction;
Described electronic tag module safe in utilization produces random number RA ND, and uses the visit sub-key that RAND is carried out cryptographic calculation generation message authentication code MAC, then OBUID and RAND is returned to the track card reader;
Described track card reader calculates the visit sub-key of described electronic tag according to the OBUID that receives, and use the visit sub-key calculate that the RAND that receives is carried out cryptographic calculation to generate MAC1, the track card reader is carried described MAC1 in the follow-up service order that is sent to electronic tag;
After described electronic tag received service order, the MAC that the MAC1 in the described service order and described electronic tag self are generated compared, if both equate, then respond described service order; If both are unequal, then do not respond described service order.
3. according to the safety interacting method of the described path identifying system of claim 2, it is characterized in that described track card reader is carried out the legitimacy authentication to electronic tag, is specially:
Card reader module safe in utilization in track reads the random number RA ND that self stores, and uses encryption key that OBUID and RAND are carried out cryptographic calculation to obtain ANS as a result;
The track card reader obtains MAC2 by intercepting ANS, and RAND that reads and the MAC2 that intercepting obtains are sent to electronic tag, is preserved by described electronic tag;
The track card reader reads the OBUID of electronic tag, and reads RAND and MAC2 from electronic tag; Use encryption key that OBUID and RAND are carried out cryptographic calculation, obtain ANS1; ANS1 obtains MAC3 by intercepting;
The MAC2 that the track card reader will read from electronic tag compares with described MAC3; If both are equal, then authentication success; Otherwise, authentification failure.
4. according to the safety interacting method of claim 1 or 2 or 3 described path identifying systems, it is characterized in that described electronic tag is stored the routing information of road side base station broadcast encryption, is specially:
Described road side base station carries out cryptographic calculation to routing information PA, obtains PA1; And current information of time RTC carried out cryptographic calculation, obtain RTC1;
Described road side base station is broadcasted PA1 and RTC1 at a certain time interval;
Described electronic tag is stored the PA1 and the RTC1 of broadcasting.
5. according to the safety interacting method of the described path identifying system of claim 4, it is characterized in that described track card reader is carried out the legitimacy judgement to the routing information of electronic tag storage, is specially:
The outlet time T 2 of track card reader recorded electronic label, and read the entry time T1 of electronic tag, read the PA1 and the RTC1 that store in the electronic tag then, and use decruption key that PA1 and RTC1 are decrypted, obtain PA and RTC;
Described track card reader judges whether the PA that deciphering obtains is effective routing information, and judges whether the RTC that deciphering obtains satisfies: T1<RTC<T2; If PA is effective routing information, and T1<RTC<T2, think that then the PA that obtains of deciphering is legal; Otherwise, think that the PA that obtains of deciphering is illegal.
6. a path identifying system is characterized in that, this system comprises: electronic tag, track card reader and road side base station, wherein,
Described electronic tag is used for when the track card reader conducts interviews to electronic tag the track card reader being carried out authentication; Also be used for the routing information of road side base station broadcast encryption being stored at the high speed road;
Described track card reader is used at the entrance place, after the authentication of described electronic tag is passed through, writes the authentication information of described electronic tag; At the exit place, by described authentication information described electronic tag is carried out the legitimacy authentication, and after authentication was passed through, the routing information that electronic tag is stored carried out the legitimacy judgement;
Described road side base station is used for the routing information at high speed road broadcast enciphering.
7. according to the described path identifying system of claim 6, it is characterized in that, when described electronic tag carries out authentication to the track card reader, described track card reader is further used for, read the OBUID instruction to described electronic tag transmission, obtain OBUID and RAND from electronic tag, and calculate the visit sub-key of described electronic tag according to OBUID, use described visit sub-key that the RAND that obtains is carried out cryptographic calculation and generate MAC1, in the follow-up service order that is sent to electronic tag, carry described MAC1;
Accordingly, described electronic tag is further used for, receive read OBUID instruction after, module safe in utilization produces random number RA ND, and uses the visit sub-key that RAND is carried out cryptographic calculation to generate MAC, then OBUID and RAND are returned to the track card reader; After receiving service order, the MAC that the MAC1 in the service order and described electronic tag self are generated compares, if both equate, then respond described service order; If both are unequal, then do not respond described service order.
8. according to the described path identifying system of claim 7, it is characterized in that, when electronic tag being carried out the legitimacy authentication, described track card reader is further used for, module safe in utilization reads the random number RA ND that self stores, and uses encryption key that OBUID and RAND are carried out cryptographic calculation to obtain ANS; ANS obtains MAC2 by intercepting, and RAND that reads and the MAC2 that intercepting obtains are sent to electronic tag; Described electronic tag is preserved after receiving RAND and MAC;
Described track card reader reads the OBUID of electronic tag, and reads RAND and MAC2 from electronic tag, uses encryption key that OBUID and RAND are carried out cryptographic calculation, obtains ANS1; ANS1 obtains MAC3 by intercepting; MAC2 that will read from electronic tag and described MAC3 compare; If both are equal, then authentication success; Otherwise, authentification failure.
9. according to claim 6 or 7 or 8 described path identifying systems, it is characterized in that described road side base station is further used for, routing information PA is carried out cryptographic calculation, the result is designated as PA1; And current information of time RTC carried out cryptographic calculation, the result is designated as RTC1; At a certain time interval PA1 and RTC1 are broadcasted; Described electronic tag is stored the PA1 and the RTC1 of broadcasting.
10. according to the described path identifying system of claim 9, it is characterized in that, described track card reader is further used for, at the expressway exit place, the outlet time T 2 of recorded electronic label, and read the entry time T1 of electronic tag, read the PA1 and the RTC1 that store in the electronic tag then, and use decruption key that PA1 and RTC1 are decrypted, obtain PA and RTC;
Judge whether the PA that deciphering obtains is effective routing information, and judge whether the RTC that deciphering obtains satisfies: T1<RTC<T2; If PA is effective routing information, and T1<RTC<T2, think that then the PA that obtains of deciphering is legal; Otherwise, think that the PA that obtains of deciphering is illegal.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009102529216A CN102081744A (en) | 2009-11-30 | 2009-11-30 | Path identification system and secure interaction method thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009102529216A CN102081744A (en) | 2009-11-30 | 2009-11-30 | Path identification system and secure interaction method thereof |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102081744A true CN102081744A (en) | 2011-06-01 |
Family
ID=44087699
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2009102529216A Pending CN102081744A (en) | 2009-11-30 | 2009-11-30 | Path identification system and secure interaction method thereof |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102081744A (en) |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104346836A (en) * | 2013-08-07 | 2015-02-11 | 航天信息股份有限公司 | Electronic toll collection method and system integrated with path identification function |
| CN104574531A (en) * | 2014-02-11 | 2015-04-29 | 深圳市金溢科技股份有限公司 | Method and system for toll administration through OBU (on board unit), RSU (road side unit) and background system |
| CN104579674A (en) * | 2014-08-08 | 2015-04-29 | 深圳市金溢科技股份有限公司 | Terminal security module and management method thereof, and vehicle charge management method and system thereof |
| CN105868806A (en) * | 2016-03-29 | 2016-08-17 | 广东联合电子服务股份有限公司 | Secondary release method of electronic tag and system |
| CN106295378A (en) * | 2016-08-26 | 2017-01-04 | 天津七二通信广播股份有限公司 | A kind of roadside unit being applied to path identifying system and safety method |
| CN106407819A (en) * | 2016-08-26 | 2017-02-15 | 天津七二通信广播股份有限公司 | Desktop unit and safety method applied to path identification system |
| CN106408673A (en) * | 2016-08-26 | 2017-02-15 | 天津七二通信广播股份有限公司 | Vehicle-mounted unit applied to path identification system and safe method of vehicle-mounted unit |
| CN107105045A (en) * | 2017-05-05 | 2017-08-29 | 恒鸿达科技有限公司 | A kind of convenient packaging process of Wired Security terminal firmware and system |
| CN114095190A (en) * | 2020-08-03 | 2022-02-25 | 北京无限感测科技有限公司 | Charging data protection method, device, special case processing terminal and storage medium |
| CN114187691A (en) * | 2021-12-07 | 2022-03-15 | 城市花园(北京)环境科技有限公司 | Magnetic card induction type intelligent equipment opening and closing control system |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1340794A (en) * | 2000-09-01 | 2002-03-20 | 交通部公路科学研究所 | Integrated electronic toll method for express way, bridge and tunnel |
| CN101013511A (en) * | 2007-02-01 | 2007-08-08 | 上海沣宇电子科技有限公司 | Multi-functional pass card of expressway and application method in route recognition system |
| WO2007147306A1 (en) * | 2006-06-13 | 2007-12-27 | Zte Corporation | A communication method between reader and label in the rfid system |
| CN101136069A (en) * | 2007-09-18 | 2008-03-05 | 深圳市金溢科技有限公司 | Issuing method of ETC electronic label |
-
2009
- 2009-11-30 CN CN2009102529216A patent/CN102081744A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1340794A (en) * | 2000-09-01 | 2002-03-20 | 交通部公路科学研究所 | Integrated electronic toll method for express way, bridge and tunnel |
| WO2007147306A1 (en) * | 2006-06-13 | 2007-12-27 | Zte Corporation | A communication method between reader and label in the rfid system |
| CN101013511A (en) * | 2007-02-01 | 2007-08-08 | 上海沣宇电子科技有限公司 | Multi-functional pass card of expressway and application method in route recognition system |
| CN101136069A (en) * | 2007-09-18 | 2008-03-05 | 深圳市金溢科技有限公司 | Issuing method of ETC electronic label |
Cited By (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104346836A (en) * | 2013-08-07 | 2015-02-11 | 航天信息股份有限公司 | Electronic toll collection method and system integrated with path identification function |
| CN104574531A (en) * | 2014-02-11 | 2015-04-29 | 深圳市金溢科技股份有限公司 | Method and system for toll administration through OBU (on board unit), RSU (road side unit) and background system |
| CN104579674B (en) * | 2014-08-08 | 2018-07-20 | 深圳市金溢科技股份有限公司 | Terminal security module and its management method, vehicle toll management method and system |
| CN104579674A (en) * | 2014-08-08 | 2015-04-29 | 深圳市金溢科技股份有限公司 | Terminal security module and management method thereof, and vehicle charge management method and system thereof |
| CN105868806B (en) * | 2016-03-29 | 2019-05-24 | 广东联合电子服务股份有限公司 | The secondary offering method and its system of electronic tag |
| CN105868806A (en) * | 2016-03-29 | 2016-08-17 | 广东联合电子服务股份有限公司 | Secondary release method of electronic tag and system |
| CN106407819A (en) * | 2016-08-26 | 2017-02-15 | 天津七二通信广播股份有限公司 | Desktop unit and safety method applied to path identification system |
| CN106408673A (en) * | 2016-08-26 | 2017-02-15 | 天津七二通信广播股份有限公司 | Vehicle-mounted unit applied to path identification system and safe method of vehicle-mounted unit |
| CN106295378A (en) * | 2016-08-26 | 2017-01-04 | 天津七二通信广播股份有限公司 | A kind of roadside unit being applied to path identifying system and safety method |
| CN107105045A (en) * | 2017-05-05 | 2017-08-29 | 恒鸿达科技有限公司 | A kind of convenient packaging process of Wired Security terminal firmware and system |
| CN107105045B (en) * | 2017-05-05 | 2020-05-05 | 恒鸿达科技有限公司 | Convenient filling method and system for wired security terminal firmware |
| CN114095190A (en) * | 2020-08-03 | 2022-02-25 | 北京无限感测科技有限公司 | Charging data protection method, device, special case processing terminal and storage medium |
| CN114187691A (en) * | 2021-12-07 | 2022-03-15 | 城市花园(北京)环境科技有限公司 | Magnetic card induction type intelligent equipment opening and closing control system |
| CN114187691B (en) * | 2021-12-07 | 2022-07-01 | 城市花园(北京)环境科技有限公司 | Magnetic card induction type intelligent equipment opening and closing control system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102081744A (en) | Path identification system and secure interaction method thereof | |
| CN103413159B (en) | A kind of RFID electronic certificate off-line false proof realization method and system of Jianzhen based on CPK | |
| CN102737260B (en) | Method and apparatus for identifying and verifying RFID privacy protection | |
| CN102882683B (en) | Synchronizable RFID (radio-frequency identification) security authentication method | |
| CN101369306B (en) | Electronic label security system | |
| WO2016029721A1 (en) | Security authentication method for hiding ultra high frequency electronic tag identifier | |
| CN106712962A (en) | Mobile RFID system bidirectional authentication method and system | |
| Toiruul et al. | An advanced mutual-authentication algorithm using AES for RFID systems | |
| CN100504908C (en) | Method and system for protecting radio frequency identification tag and reader data safety | |
| CN101882197B (en) | RFID (Radio Frequency Identification Device) inquiring-response safety certificate method based on grading key | |
| CN101847199A (en) | Security authentication method for radio frequency recognition system | |
| CN102855504A (en) | Method and device for ownership transfer of radio frequency identification (RFID) tag | |
| CN101271534A (en) | RFID label and reading device thereof, reading system and safety authentication method | |
| CN105450673A (en) | Security protocol authentication method based on mobile RFID system | |
| CN103152174A (en) | Data processing method, device and parking lot management system applied to parking lot | |
| CN104182786B (en) | The safety control of partition management is realized to ultrahigh frequency electronic tag storage region | |
| JPH10143695A (en) | Mutual authentication system, toll receiving system of toll road and mutual authentication method of toll receiving system | |
| CN102622624A (en) | Commodity anti-counterfeiting identification system and commodity anti-counterfeiting identification method | |
| CN102684872A (en) | Safety communication method for ultrahigh frequency radio-frequency identification air interface based on symmetrical encryption | |
| CN106911700A (en) | A kind of method that RFID label tag group proves | |
| CN106027237A (en) | Group based key array security authentication protocol in RFID (Radio Frequency Identification) system | |
| CN104700125A (en) | AES encryption and verification of ultra high frequency radio identification system | |
| Kim et al. | MARP: Mobile agent for RFID privacy protection | |
| CN103701785A (en) | Ownership transfer and key array-based RFID (radio frequency identification) security authentication method | |
| CN110492992A (en) | A kind of data encryption and transmission method based on radio RF recognition technology |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20110601 |