CN103237302B

CN103237302B - A kind of heat transfer agent safety protecting method of Internet of Things electronic tag

Info

Publication number: CN103237302B
Application number: CN201310101860.XA
Authority: CN
Inventors: 胡祥义; 赵桂芬; 杜丽萍
Original assignee: BEIJING SCIENCE AND TECHNOLOGY INFORMATION INSTITUTE
Current assignee: BEIJING SCIENCE AND TECHNOLOGY INFORMATION INSTITUTE
Priority date: 2013-03-28
Filing date: 2013-03-28
Publication date: 2016-05-11
Anticipated expiration: 2033-03-28
Also published as: CN103237302A

Abstract

A kind of heat transfer agent safety protecting method of Internet of Things electronic tag, to adopt lightweight cryptographic algorithm and the single key key management technology of a kind of safety, set up respectively encryption system at RFID card reader end and Internet of Things authentication center end, heat transfer agent in RFID is carried out to twice signature and twice encryption, hold in Internet of Things authentication center, by the digital signature of the ciphertext of FID card reader heat transfer agent and RFID card reader heat transfer agent, carry out twice deciphering and twice signature verification, the heat transfer agent that prevents sensing layer leaks or is tampered, ensure the heat transfer agent transmission security of sensing layer, credible and complete, thereby, set up a kind of heat transfer agent security protection system of RFID of Internet-of-things.

Description

A kind of heat transfer agent safety protecting method of Internet of Things electronic tag

Technical field:

The present invention relates to information security field, is to utilize cryptographic technique to realize electronic tag: the transmission of RFID heat transfer agentCredible, safe and complete.

Background technology:

At present, the Internet of things system of some manufacturer's exploitations both at home and abroad, is all that the heat transfer agent of RFID is deposited with form expresslyStorage is in RFID, and the information in RFID easily leaks, or is tampered, and indivedual manufacturers adopt public-key technology as PKI,The heat transfer agent of RFID is signed and encrypted, and still, the cost that employing PKI technology is set up ca authentication center is higher,The speed that integrity verification is carried out to the heat transfer agent of RFID in ca authentication center is all slower, due to, RFID of Internet-of-things numberMeasure very hugely, ca authentication center can not meet ultra-large: the market of magnanimity RFID heat transfer agent integrity verification needsAsk, thereby, the application of PKI technology in RFID of Internet-of-things heat transfer agent safety protection field affected.

Summary of the invention:

A heat transfer agent safety protecting method for electronic tag is to adopt lightweight cryptographic algorithm: cryptography is simpleAnd Symmetric cryptography, the single key administrative skill of a kind of safety and chip hardware technology that encryption/decryption speed is fast, set up Internet of ThingsThe security protection system of RFID heat transfer agent;

If adopt under conventional single key administrative situation, set up RFID card reader end and add in RFID card reader intelligent card chipClose system writes in intelligent card chip: lightweight cryptographic algorithm, digest algorithm, one group of transmission security key, RFID Card ReaderThe mark of device end intelligent card chip, encryption and the digital signature protocol of RFID card reader heat transfer agent, in Internet of Things certificationIn heart encrypted card chip, set up Internet of Things authentication center end encryption system, in encrypted card chip, write: lightweight cryptographic algorithm,The storage that the transmission security key of digest algorithm, all corresponding RFID card reader ends, all correspondences are encrypted RFID signature key is closeThe mark of all RFID card reader end intelligent card chips of key, corresponding authentication center end, the encryption of RFID heat transfer agent andThe decrypt ciphertext of digital signature protocol, RFID heat transfer agent and signature verification agreement, RFID card reader heat transfer agent closeLiterary composition deciphering and signature verification agreement;

The encryption of RFID heat transfer agent and digital signature protocol, Internet of Things authentication center end encryption system is adjusted in encrypted cardProduce one group of random number with randomizer, the signature key using this group random number as RFID, by RFID sensingInformation is encrypted in advance and digital signature, then the signature key of RFID is encrypted to ciphertext with storage key, by the mark of RFIDKnowledge, the ciphertext of RFID heat transfer agent and these 3 groups of data of the digital signature of RFID heat transfer agent, be stored in RFID together in advanceIn, meanwhile, by these two groups of data of the signature key ciphertext of the mark of RFID and RFID, leave Internet of Things authentication center inIn the signature key database of end;

Encryption and the digital signature protocol of RFID card reader heat transfer agent, RFID card reader end encryption system, reads at RFIDIn card device end intelligent card chip, call randomizer and produce one group of random number, by this group random number as RFID Card ReaderThe signature key of device, the heat transfer agent of the RFID card reader that RFID card reader is read from RFID is encrypted and countsWord signature, generates the ciphertext of RFID card reader heat transfer agent and the digital signature of RFID card reader heat transfer agent, wherein:The heat transfer agent of RFID card reader comprises: the mark of RFID, the ciphertext of RFID heat transfer agent and RFID heat transfer agentThese 3 groups of data of digital signature, with the transmission security key in RFID card reader intelligent card chip, by the signature of RFID card readerSecret key encryption becomes ciphertext, then by the mark of the signature key ciphertext of RFID card reader, RFID card reader end intelligent card chip,These 4 groups of data of the digital signature of the ciphertext of RFID card reader heat transfer agent and RFID card reader heat transfer agent, send togetherGive Internet of Things authentication center;

The decrypt ciphertext of RFID card reader heat transfer agent and signature verification agreement, Internet of Things authentication center end encryption system, rootAccording to the mark of RFID card reader intelligent card chip, in Internet of Things authentication center encrypted card chip, take out corresponding RFID and readThe transmission security key of card device end, and with this transmission security key by the decrypt ciphertext of the signature key receiving, then with the signature after decipheringKey, deciphers the ciphertext of RFID card reader end heat transfer agent, and digital signature to RFID card reader end heat transfer agentCarry out signature verification, realize heat transfer agent secrecy transmission and the integrity verification of sensing layer RFID card reader;

The decrypt ciphertext of RFID heat transfer agent and signature verification agreement, when Internet of Things authentication center end has been confirmed to receiveAfter the heat transfer agent of RFID card reader end is credible, complete, Internet of Things authentication center end encryption system, according to the mark of RFIDKnow and select corresponding storage key, the decrypt ciphertext of the signature key of RFID is become expressly with this storage key, then with decipheringAfter the signature key of RFID, decipher the ciphertext of RFID heat transfer agent, and digital signature to RFID heat transfer agentCarry out signature verification, confirm the signature of RFID heat transfer agent whether credible, complete;

When RFID or RFID Card Reader tolerance are when larger, Internet of Things authentication center need to dispose more encrypted card equipment, comesStore the storage key of a large amount of corresponding RFID or the transmission security key of corresponding RFID card reader end;

Adopting in the single key administrative skill situation of a kind of safety, add at RFID card reader intelligent chip and Internet of Things authentication centerIn close the core of the card sheet, set up secrecy transmission and the integrity verification system of RFID of Internet-of-things sensing layer heat transfer agent, its methodTechnical characterictic is:

In RFID card reader intelligent card chip, set up RFID card reader end encryption system, in intelligent card chip, write:The mark of lightweight cryptographic algorithm, digest algorithm, RFID card reader intelligent card chip, a set of key seed table B, single key are closeEncryption and the digital signature protocol of key combination producing algorithm, RFID card reader heat transfer agent, in Internet of Things authentication center, end addsIn close the core of the card sheet, set up Internet of Things authentication center end encryption system, in encrypted card chip, write: lightweight cryptographic algorithm, pluckWant encryption and the digital signature association of algorithm, a set of key seed Table A, single key cipher key combinations generating algorithm, RFID heat transfer agentThe deciphering of the encryption of view, key seed table B element and digital signature protocol, RFID heat transfer agent and signature verification agreement,The deciphering of RFID card reader heat transfer agent and signature verification agreement, deposit at the hard disk of Internet of Things authentication center end certificate serverStorage district, by all RFID card reader of homologue networking certification center-side end intelligent card chip identification, key seed table B elementCiphertext and the digital signature of key seed table B element, corresponding one group of timestamp and the random number that generates storage key, oneRise and be stored in transmission security key database, meanwhile, by all homologue networking certification center-side RFID marks, RFID signatureThe ciphertext of key, corresponding one group of timestamp and the random number that generates storage key, be stored in storage key database together;

Adopt the single key administrative skill of a kind of safety: adopt the management method of three kinds of keys, the first key is: sign closeKey, signature key is used for setting up the encryption of RFID heat transfer agent and digital signature protocol or RFID card reader heat transfer agentEncrypt and digital signature protocol; The second key is: transmission security key, transmission security key, for ciphering signature key, ensures signatureThe exchanging safety of key; The third key is: storage key, storage key is for encrypting respectively the label of corresponding all RFIDName key, or encrypt the element of the key seed table of corresponding RFID card reader end generating transmission key, ensure the signature of RFIDKey, in the storage security of Internet of Things authentication center end, ensures the element of the key seed table of corresponding RFID card reader end,The storage security of Internet of Things authentication center end, wherein: transmission security key and storage key are all by one group of timestamp and random arrayThe single key cipher key combinations generating algorithm becoming, chooses the element of a set of key seed table B or Table A, by the element of selectingSynthetic one group of transmission security key or storage key;

In the time that the quantity of RFID or RFID card reader is very large, need to be in more not the adding of end administration of Internet of Things authentication centerClose card apparatus, the key seed of storing a large amount of corresponding RFID card reader end generating transmission keys, or storage is in a large number for addingThe storage key of close RFID signature key, or storage is a large amount of for encrypting depositing of corresponding RFID card reader end key seed table BStorage key;

The encryption of RFID heat transfer agent and digital signature protocol, Internet of Things authentication center end encryption system, uses encrypted card chipIn the signature key of RFID that generates, the heat transfer agent of RFID is encrypted and digital signature in advance, by the mark of RFIDKnowledge, the ciphertext of RFID heat transfer agent and the digital signature of RFID heat transfer agent, write in RFID in the lump, then according to single keyCipher key combinations generating algorithm, produces one group of storage key, and the signature key of RFID is encrypted to ciphertext, by the mark of RFID,The signature key ciphertext of RFID, and corresponding one group of timestamp and the random number that generates storage key, leave thing connection in the lump inIn the signature key database of net authentication center end;

Encryption and the digital signature protocol of key seed table B element, Internet of Things authentication center end encryption system, at encrypted cardIn chip, respectively by the element of corresponding RFID card reader end key seed table B, with single key cipher key combinations generating algorithm generationStorage key be encrypted and digital signature, and by mark, the key seed of corresponding RFID card reader intelligent card chipThe digital signature of the element ciphertext of table B, the element of key seed table B and the corresponding one group of timestamp that generates storage keyAnd random number, be stored in advance in the lump in the transmission security key database of Internet of Things authentication center end;

Encryption and the digital signature protocol of RFID card reader heat transfer agent, RFID card reader end encryption system, uses intelligent the core of the cardThe signature key of the RFID card reader generating in sheet, is encrypted the heat transfer agent of RFID card reader and digital signature rootAccording to single key cipher key combinations generating algorithm, produce one group of transmission security key, the signature key of RFID card reader is encrypted to ciphertext,Again by the heat transfer agent ciphertext of the mark of RFID card reader end intelligent card chip, RFID card reader, RFID card reader sensing letterThe digital signature, the signature key ciphertext of RFID card reader of breath, and one group of timestamp of corresponding generating transmission key and withMachine number, sends to Internet of Things authentication center together;

When Internet of Things authentication center receives RFID card reader end, the ciphertext of the RFID card reader heat transfer agent of sending andAfter the digital signature of RFID card reader heat transfer agent, first, to the key seed table B of corresponding record in transmission security key databaseElement ciphertext be decrypted and integrity verification, afterwards, the ciphertext of RFID card reader heat transfer agent is decrypted, andDigital signature to RFID card reader heat transfer agent is carried out signature verification, last, then carrying out to RFID heat transfer agent ciphertextDeciphering, and carries out signature verification to the digital signature of RFID heat transfer agent, realize sensing layer heat transfer agent secrecy transmission andIntegrity verification, thereby, a kind of sensing layer Information Security Defending System of RFID of Internet-of-things, all processes software set upRealize with combination of hardware mode, concrete grammar is as follows:

1, in RFID card reader, embed a smart card, smart card is hard as the encryption system of RFID card reader endPart equipment, that is: RFID card reader is connected with a smart card, and data are between the two transmitted in both directions, at RFID Card ReaderIn device end intelligent card chip, set up the encryption system of RFID card reader end, in intelligent card chip, write lightweight passwordEncryption and the digital signature protocol of algorithm, digest algorithm, single key cipher key combinations generating algorithm, RFID card reader heat transfer agent,And data writing: the mark of RFID card reader end intelligent card chip and the element of a set of key seed table Bi, i=1～n, nFor homologue networking certification center all RFID card reader quantity summation.

2, each RFID card reader end intelligent card chip has unique mark, and different between two, every RFIDCard reader is all corresponding one by one with the smart card embedding.

3, RFID is a kind of electronic tag, and the data in RFID, for writing in advance, are read by RFID card reader when workGet; The data of mainly depositing in RFID are: the mark of RFID, the essential information of corresponding article, as: the base of one bag of milk powderThis information, comprising: production firm's title of milk powder, date of manufacture, weight, ingredient composition, the grown place of batching, batchingProduction firm ..., each RFID has unique mark, and different between two; The sensing letter of definition: RFIDBreath is the essential information of article, and the heat transfer agent of RFID is signed and be encrypted to after ciphertext in advance, with the mark one of RFIDRise and be written in RFID; Definition: write in advance the mark of the RFID in RFID, ciphertext and the RFID of RFID heat transfer agentThese 3 groups of heat transfer agents that data are RFID card reader of the digital signature of heat transfer agent.

4, Internet of Things authentication center is made up of certificate server and encrypted card hardware device, at the pci interface of certificate serverUpper insertion encrypted card, the encryption system hardware device of end using encrypted card as Internet of Things authentication center, in the chip of encrypted card,Set up the encryption system of Internet of Things authentication center end, in encrypted card chip, write lightweight cryptographic algorithm, digest algorithm,Adding of the encryption of single key cipher key combinations generating algorithm, RFID heat transfer agent and digital signature protocol, key seed table B elementThe deciphering of close and digital signature protocol, RFID heat transfer agent ciphertext and signature verification agreement, RFID card reader heat transfer agent are closeDeciphering and the signature verification agreement of literary composition, and data writing: the element of a set of key seed Table A, hold in Internet of Things authentication centerThe hard-disc storage district of certificate server, by the unit of the key seed table Bi in all corresponding RFID card reader end intelligent card chipsElement, is stored in transmission security key database, and every record in this transmission security key database comprises field contents and is: 1. RFIDThe mark Ti of card reader end intelligent card chip, 2. key seed table Bi element ciphertext: Bi ', 3. key seed table BiThe digital signature of element is: the ciphertext of key seed table Bi element summary G1,4. one group of timestamp and random number, wherein:One group of timestamp and random number, as the Selecting All Parameters in single key cipher key combinations generating algorithm, choose the element of Table A,The element of selecting is synthesized to one group of storage key Ki, and carrys out the element of encryption key seed table Bi with this storage key Ki,And key seed table Bi element is carried out to digital signature;

By the signature key ciphertext of the mark Xj of RFID, RFID, and the corresponding ginseng of choosing that generates storage key KKjNumber is: one group of timestamp and random number, leave in the signature key database of Internet of Things authentication center end, wherein in the lump:The corresponding storage key KKj generating, is the signature key for encrypting RFID, i=1～n, and n is homologue networking certificationThe all RFID card reader of center-side quantity summation, j=1～m, m is all RFID numbers of homologue networking certification center-sideAmount summation.

5, the encryption system at RFID card reader end and Internet of Things authentication center two ends, the lightweight cryptographic algorithm of use, as:SM1, DES, RC5, SMS4, the digest algorithm of use, as: SHA-1, SM3, MD5, definition key length is 128 ratiosSpy, the summary info length of digest algorithm is: 128 bits or 256 bits.

6, adopt the single key administrative skill of a kind of safety to carry out the key management of lightweight password, set up RFID of Internet-of-things perceptionLayer heat transfer agent secrecy transmission and integrity verification system,

(1) signature key,

If: the signature key of RFID card reader is: CK, by the randomizer in RFID card reader end intelligent card chipThe random number that produces in real time one group of 128 bit, the signature key CK by this group random number as RFID card reader, to RFIDThe heat transfer agent of card reader is encrypted and digital signature, then the one group of transmission security key generating by single key cipher key combinations generating algorithmSK, carrys out ciphering signature ciphering key K, generates signature key ciphertext: CK ', and the choosing with generating transmission key SK by CK 'Get parameter: one group of timestamp and random number, send in the lump Internet of Things authentication center end, realize from RFID card reader endBetween Internet of Things authentication center end, the secure exchange of RFID card reader signature key CK;

If: the signature key of RFID is: CKK, write RFID heat transfer agent in RFID time, uses in Internet of Things certificationRandomizer in heart end encrypted card chip, produces the random number of one group of 128 bit, by this group random number as RFIDSignature key CKK, the heat transfer agent in RFID is encrypted and digital signature, then generates and calculate by single key password combinationMethod generates one group of storage key, encrypts the signature key CKK of RFID, generates signature key ciphertext: CKK ', wherein:Single key cipher key combinations generating algorithm that storage key KK is made up of one group of timestamp and random number, to a set of key seed tableThe element of A is chosen, and the element of selecting is merged into storage key KK, and by close the signature of the mark of RFID, RFIDKey ciphertext is: CKK ', generate storage key KK Selecting All Parameters: one group of timestamp and random number, be stored in thing in the lumpIn the signature key database at networking certification center, realize the safety of RFID signature key CKK at Internet of Things authentication center endStorage.

(2) transmission security key

If: transmission security key is: SK, encrypt the signature key CK of RFID card reader with transmission security key SK, initial at keyIn change process, by the randomizer in Internet of Things authentication center end encrypted card chip, generate one group of F1 byte random number,F1=1424 or 1680 bytes, by the random number composition of F1 byte, the key seed table Bi of a set of W × Y,

Wherein: the element of table Bi is Buv, u=0～w-1, v=0～y-1, Buv accounts for 0.5 byte, or 1 byte, W=89,Or 105, Y=16, or 32;

Key seed table Bi is left in RFID card reader end intelligent card chip, when operation RFID card reader heat transfer agentEncryption and when digital signature protocol, by single key cipher key combinations generating algorithm of one group of timestamp and random number composition, to keyPlant the element of sublist Bi and choose, by synthetic the Y a selecting element one group of transmission security key SK, wherein: Y=16, or 32;Every cover key seed table Bi is a corresponding RFID card reader end intelligent card chip, establishes: corresponding complete of Internet of Things authentication centerIn body RFID card reader intelligent chip, key seed table is respectively: B1, B2 ..., Bn, n is homologue networking certificationThe summation of all RFID card reader at center, wherein: Bd, Be (1≤d≤n, 1≤e≤n, the element of d ≠ e) all twoTwo differences;

For single key cipher key combinations generating algorithm and the key seed table Bi of generating transmission key SK, be all stored in correspondenceIn RFID card reader end intelligent card chip, and transmission security key after generating expressly do not go out the intelligent card chip of RFID card reader,Ensure storage and the security of operation of transmission security key at RFID card reader end;

In the chip of Internet of Things authentication center end encrypted card, the storage key Ki that adopts single key cipher key combinations generating algorithm to generate,Corresponding RFID card reader end is become to ciphertext for the aes encryption of the key seed table Bi of generating transmission key, and by key kindThe element of sublist Bi is with the form of ciphertext, respectively with the mark of corresponding RFID card reader end intelligent card chip and generateThe Selecting All Parameters of corresponding stored key K i is: one group of timestamp and random number, be stored in the transmission of authentication center's end together in advanceIn key database;

In the time that the key seed table Bi ciphertext of Internet of Things authentication center end is called, be in encrypted card chip, be decrypted into brightLiterary composition, the plaintext of all key seed table Bi elements does not go out encrypted card chip, ensures that all key seed table Bi elements are in certificationThe storage of center-side and security of operation, wherein: i=1～n, n is homologue networking certification center all RFID card reader numberAmount summation;

(3) storage key

If: for the storage key of encrypting RFID signature key be: KK, for encrypting corresponding RFID card reader end keyThe storage key of planting sublist Bi element is: K, and in procedure for cipher key initialization, in advance by Internet of Things authentication center end encrypted cardRandomizer in chip, generates one group of F2 byte random number, F2=1424 or 1680 bytes, by F2 byteRandom number composition, the key seed Table A of a set of W × Y,

Wherein: the element of Table A is Auv, u=0～w-1, v=0～y-1, Auv accounts for 0.5 byte, or 1 byte, W=89,Or 105, Y=16, or 32,

The element of Table A is left in Internet of Things authentication center encrypted card the core of the card sheet, with one group of timestamp and random number compositionSingle key cipher key combinations generating algorithm, the element of key seed Table A is chosen, by synthetic the Y a selecting element one groupStorage key K or KK;

If: total m of the signature key of RFID, also has m for encrypting the storage key of RFID signature key, that is:KK1, KK2 ..., KKm, use storage key KKj, by the signature key CKKj of RFID, be encrypted to ciphertext: CKK1 ',CKK2 ' ..., after CKKm ', be stored in the signature key database of authentication center's end;

If: for n altogether of the storage key Ki of the element of encryption key seed table Bi, that is: K1, K2 ..., Kn,By the aes encryption of all key seed table Bi, generate the ciphertext of key seed table Bi, that is: with corresponding storage key KiB1 ', B2 ' ..., Bn ', and Bi ' is stored in the transmission security key database of authentication center end, wherein: i=1～Nj=1～m, n is homologue networking certification center all RFID card reader quantity summation, m is in homologue networking certificationThe all RFID quantity of heart summation.

7, single key cipher key combinations generating algorithm, is by the Selecting All Parameters of one group of timestamp and random number composition, comes a set ofThe element of key seed table is chosen, and with timestamp, " OK " element of key seed table is chosen, and selects the capable Y of YThe sublist of the key seed table of row, then according to random number, " row " element of the key seed table to the capable Y row of Y is chosen,Select Y element, and a synthetic group key, wherein: Y=16 or 32, storage key K or KK and transmission security key SK areTo be produced in real time by single key cipher key combinations generating algorithm;

If timestamp is: 10 bit digital compositions, that is: " year " formed by 4 bit digital: XXX0～XXX9, that is:Get 0～9 year, " moon " be made up of 2 bit digital: get January～December, " day " be made up of 2 bit digital: get 1Day～31 days, " time " formed by 2 bit digital: get 0 o'clock～23 o'clock, as: 2013122819, represent 2013 12Month 19 points on the 28th;

Random number by Y=16 or, 32, binary number composition, in the time of Y=16 bit, every random number is 4Bit binary number, the numerical value of the binary data of every random number is 0～15, as: 0011,1010,0000 ..., 1111,0110, the numerical value of its binary data is: 3,10,0 ..., 15,6; WhenWhen Y=32 bit, the numerical value of the binary number of every random number is: 0～31, as: 00110,10100,00000 ..., 11111,01100, the numerical value of its binary data is: 6,20,0 ..., 31,12.

8, the concrete methods of realizing of single key cipher key combinations generating algorithm,

Key seed Table A is the same with the structure of table B, and the just element difference in table, taking Table A as example instruction book key set of cipher keyClose the concrete methods of realizing of generating algorithm,

In the time selecting Table A element to be 89 row 16 column element, that is: 89 × 16=1424 element, each element accounts for 1Byte, accounts for 1424 bytes altogether, in the time selecting Table A element to be 105 row 32 column element, that is: and 105 × 32=3360 unitElement, each element accounts for, and 0.5 byte accounts for 1680 bytes altogether;

(1) with 1st～10 row in " year " corresponding Table A of timestamp, totally 10 row, the in " moon " corresponding Table A11～22 row, totally 12 row, 23rd～53 row in " day " corresponding Table A, totally 31 row, " time " in corresponding Table A54th～77 row, totally 24 row, in the time selecting Table A element to be 89 row 16 column element, Table A also has 12 row elementsNot correspondent time; In the time selecting Table A element to be 105 row 32 column element, Table A also has not correspondent time of 28 row elements;

From the element of Table A, first select 4 row according to timestamp, its method is: from 1st～10 row of Table A totally 10 rowGet 1 row: with the numerical value of units in timestamp " year " numeral, as getting line number corresponding to " year " in Table A, as:Timestamp is: 2013XXXXXX: get the 4th row in Table A, totally 12 row, get 1 from 11st～22 row of Table AGo: with the numerical value of timestamp " moon " numeral, as getting " moon " corresponding " OK " in Table A, as: timestamp is:20XX11XXXX: get the 21st row in Table A, totally 31 row, get 1 row from 23rd～53 row of Table A: useThe numerical value of timestamp " day " numeral, as getting " day " corresponding " OK " in Table A, as: timestamp is: 20XXXX30XX,: get the 52nd row in Table A, totally 24 row, get 1 row from 54th～77 row of Table A: use timestamp " time "The numerical value of numeral, as getting in Table A " time " corresponding " OK ", as: timestamp is: 20XXXXXX21: get tableThe 74th row in A, then W-78+1 is capable selects by capable the 78th row～the W of Table A altogether, selects altogether Y capable, wherein:Y=16 or 32 row, composition: the sublist A1 of Y × Y Table A;

Wherein: the element of Table A 1 is: A_VV，v＝0～Y-1，A_VVAccount for 0.5 or 1 byte, Y=16 or 32;The element that the element that in Table A 1, the 5th row～the Y is capable is capable with the 78th row～the W of Table A is identical;

(2) establish: random number is: Q1, Q2 ..., QY, corresponding numerical value is respectively: L1, L2 ...,LY, in the time of Y=16,16 numerical value corresponding to random number are: between 0～15, use: L1, L2 ..., L16 is rightThe row of Table A 1 are chosen, and with the numerical value L1 of the 1st random number Q1, choose the L1+1 of Table A 1 the 1st row that is:The element of row, with the numerical value L2 of the 2nd random number Q2, chooses the element of the L2+1 row of Table A 1 the 2nd row ...,With the numerical value L16 of the 16th random number Q16, choose the element of the L16+1 row of Table A 1 the 16th row, select altogether 16Individual element; In the time of Y=32, the numerical value of 32 random numbers is: 0～31, use: and L1, L2 ..., L32, his-and-hers watches A1Row choose, that is: with the numerical value L1 of the 1st random number Q1, choose the unit of the L1+1 row of Table A 1 the 1st rowElement, with the numerical value L2 of the 2nd random number Q2, chooses the element of the L2+1 row of Table A 1 the 2nd row ..., useThe numerical value L32 of the 32nd random number Q32, chooses the element of the L32+1 row of Table A 1 the 32nd row, selects altogether 32Individual element;

Due to, the length of single key key is 128 bits, the Y group element of selecting from Table A is merged into one group of list key key,That is: be storage key, if the element of Table A is: 8 bits, Y=16,16 group elements of selecting from Table A are merged intoSingle key key be 128 bits, if the element of Table A is: 4 bits, Y=32,32 group elements of selecting from Table AThe single key key being merged into is also 128 bits.

9, the signature key CKK of signature key CK, the RFID of RFID card reader, transmission security key SK or two kinds of storages are closeThe length of key: K or KK, is all: the repetitive rate of 128, CK and CKK is: 1/2¹²⁸, substantially realize one-time pad;

Transmission security key SK, two kinds of storage key K or KK are to come key seed table by one group of timestamp and random numberThe element of A or B is chosen, by synthetic the Y a selecting element one group of transmission security key SK or two kinds of storage key: K orKK, if the random number in Selecting All Parameters is 16, the element of key seed Table A or B is 8 bits, timestamp be " year,Month, day, time " situation under, in one hour, the repetitive rate of transmission security key SK, two kinds of storage key: K or KK is:1/2⁶⁴; If the random number in Selecting All Parameters is 32, the element of key seed Table A or B is 4 bits, timestamp be " year,Month, day, time " situation under, in one hour, the repetitive rate of transmission security key SK, two kinds of storage key: K or KK is:1/2¹⁶⁰, transmission security key SK, two kinds of storage key: K or KK are also essentially one-time pad.

10, the encryption of RFID card reader heat transfer agent and digital signature protocol, RFID card reader is by the RFID reading in RFIDThe heat transfer agent of card reader, in the intelligent card chip of input RFID card reader end after, the encryption system of RFID card reader end,In RFID card reader end intelligent card chip, call digest algorithm the heat transfer agent of RFID card reader is carried out to " summary ",Obtain " summary " information L1 of RFID card reader heat transfer agent, then call in RFID card reader end intelligent card chip withMachine number generator, the random number of one group of 128 bit of generation, the signature key CK using this random number as RFID card reader," summary " the information L1 that encrypts RFID card reader heat transfer agent and RFID card reader heat transfer agent, obtains RFID Card ReaderThe digital signature of the ciphertext of device heat transfer agent and RFID card reader heat transfer agent is: the ciphertext of " summary " information L1, and in intelligenceCan the core of the card in sheet, produce one group of timestamp and random number, according to single key cipher key combinations generating algorithm, with this group timestamp and withMachine number, chooses the element of key key kind sublist Bi, selects the synthetic one group of transmission security key SKi of Y element, uses SKiThe signature key CK of RFID card reader is encrypted to ciphertext: CK ', last, by RFID card reader end intelligent card chipMark, the ciphertext of RFID card reader heat transfer agent, the digital signature of RFID card reader heat transfer agent, the label of RFID card readerOne group of timestamp of ciphertext CK ', the corresponding generating transmission key of name key and these 6 groups of sensing layer data of random number, one is concurrentGive Internet of Things authentication center end, wherein: i=1～n.

11, the encryption of RFID heat transfer agent and digital signature protocol, Internet of Things authentication center end encryption system, at encrypted cardIn chip, call random number transmitter and produce one group of 128 bit random number, the signature key by this group random number as RFIDCKK, " summary " V1 of the heat transfer agent to RFID and the heat transfer agent of RFID is encrypted, and obtains the sensing of RFIDThe digital signature of the heat transfer agent of information ciphertext and RFID, while producing one group in Internet of Things authentication center end encrypted card chipBetween stamp and random number, according to single key cipher key combinations generating algorithm, by this timestamp and random number to " key seed " Table AElement is chosen, and selects the synthetic one group of storage key KK of Y element, encrypts the label of RFID with this storage key KKName ciphering key KK, generate the signature key ciphertext of RFID: CKK ', and by the ciphertext of the mark of RFID, RFID heat transfer agentWith the digital signature of RFID heat transfer agent totally 3 groups of data write in RFID, meanwhile, by the mark of RFID, signature keyThe Selecting All Parameters of ciphertext CKK ', generation storage key KK: these 4 groups of data of timestamp and random number, are stored in Internet of Things and recognizeIn the signature key database of card center-side.

12, encryption and the digital signature protocol of key seed table B element, Internet of Things authentication center end encryption system, is encryptingIn the core of the card sheet, produce one group of timestamp and random number, according to single key cipher key combinations generating algorithm, by this group timestamp and random number,Element to key seed Table A is chosen, by synthetic the Y a selecting element one group of storage key Ki, close with this storageKey Ki carrys out the element of encryption key seed table Bi, obtains the element ciphertext Bi ' of key seed table Bi, and close with this storageKey Ki carries out digital signature to key seed table Bi element: to " summary " information G1 of key seed table Bi elementBe encrypted, obtain the ciphertext of key seed table Bi element " summary " information G1: digital signature, then by corresponding RFIDThe mark of card reader intelligent card chip, the element ciphertext of key seed table Bi be: the number of Bi ', key seed table Bi elementWord signature and corresponding one group of timestamp and the random number that generates storage key Ki, be stored in Internet of Things authentication center in the lumpIn the transmission security key database of end, wherein: i=1～n, Y=16, or 32.

13, the decrypt ciphertext of RFID card reader heat transfer agent and signature verification agreement, when Internet of Things authentication center end, receivesAfter 6 groups of sensing layer data that RFID card reader end sends, Internet of Things authentication center end encryption system, first, according to RFIDThe mark of card reader end intelligent card chip, in transmission security key database, location, to the record that should identify, will generate in recording" key seed " table Bi ciphertext of transmission security key is: table Bi ', the one group of timestamp that generates storage key and random number,And one group of timestamp of generating transmission key and random number, input in the lump in the encrypted card chip of Internet of Things authentication center end,In encrypted card chip, according to single key cipher key combinations generating algorithm, by the one group of timestamp and the random number that generate storage key,Element to Table A is chosen, and selects Y element synthetic storage key Ki, and use Ki is " close by generating transmission keyKey seed " table Bi element ciphertext: Bi ' deciphering, obtain the element of " key seed " table Bi expressly, use KiBi element digital signature is expressly decrypted, obtains element " summary " the information G1's of " key seed " table BiExpressly, then call digest algorithm the plaintext element of Bi made a summary, obtain " summary " information G2, by contrast G1 andWhether G2 identical? whether the element that judges key seed table Bi is tampered, if the element of key seed table Bi is not usurpedChange, according to single key cipher key combinations generating algorithm, with one group of timestamp and the random number of generating transmission key, his-and-hers watches Bi'sElement is expressly chosen, select Y element and synthesize transmission security key SKi, with SKi by the signature key of RFID card readerCiphertext CK ' deciphering, obtain the plaintext of signature key: CK, by CK deciphering RFID card reader heat transfer agent ciphertext andThe digital signature of RFID card reader heat transfer agent, obtains plaintext and the RFID card reader sensing of RFID card reader heat transfer agentThe plaintext of " summary " information L1 of information, then RFID card reader heat transfer agent is carried out to " summary " with digest algorithm,By contrast, whether L1 identical with L2 to " summary " information L2 of RFID card reader heat transfer agent? confirm RFIDWhether card reader end is credible, complete to the signature of RFID card reader heat transfer agent, wherein: i=1～n, at RFID Card ReaderIn the decrypt ciphertext of device heat transfer agent and signature verification agreement, deciphering and the label of the element ciphertext of key seed table B are also comprisedThe content of name indentification protocol.

14, the deciphering of RFID heat transfer agent ciphertext and signature verification agreement, Internet of Things authentication center end encryption system is according to RFIDMark, in signature key database location to the record that should identify, by record in signature key ciphertext:CKKj ', corresponding one group of timestamp and the random number that generates storage key, in the lump in the encrypted card chip of input authentication center-side,In encrypted card chip, according to single key cipher key combinations generating algorithm, by this group timestamp and random number, the element of Table A is enteredRow choose, select altogether Y element and synthesize one group of storage key KKj, with this storage key KKj by the ciphertext of signature keyThat is: CKKj ' deciphering, obtain expressly: CKKj, then with CKKj deciphering RFID heat transfer agent ciphertext and RFID sensing letterThe digital signature of breath, obtains the plaintext of RFID heat transfer agent and the summary info V1 of RFID heat transfer agent, then calculates with making a summaryMethod is carried out " summary " to RFID heat transfer agent, obtains " summary " information V2 of RFID heat transfer agent, by contrast V1Whether identical with V2, confirm the signature of RFID heat transfer agent whether credible, complete, wherein: j=1～m, m is rightAnswer all RFID quantity summations of Internet of Things authentication center.

15,, because the quantity of RFID of Internet-of-things and RFID card reader is very large, need to store at Internet of Things authentication center endData volume is also very large, and the element of every cover " key seed " table Bi of corresponding RFID card reader end generating transmission key accounts for1424 bytes or 1680 bytes of storage space, the signature key of every group of RFID accounts for 16 bytes of storage space, when RFID readsWhen the quantity of card device and RFID is more than one hundred million, the data volume that corresponding RFID and RFID reader device relate to, belongs to large dataCategory, produces the storage key becoming for a time by single key cipher key combinations generating algorithm, encrypt corresponding each RFID card reader" key seed " of the generating transmission key of end shown the element of Bi, or encrypts the signature key CKKj of each RFID, protectsThe storage peace that card leaves Internet of Things authentication center in holds element in " key seed " table Bi of all corresponding RFID card reader endsEntirely, the signature key that ensures to leave in all corresponding RFID of Internet of Things authentication center end is: CKK1, CKK2 ..., CKKmStorage security, do not need to purchase a large amount of encrypted card hardware devices, store " the key kind of the generating transmission key of magnanimitySon " element of table Bi, or two kinds of storage key: K or the KK of storage magnanimity, the construction that can greatly save authentication center becomesThis, make single Internet of Things authentication center can manage magnanimity RFID and RFID reader device, wherein: j=1～m, mFor all RFID quantity summations at homologue networking certification center, i=1～n, n is the summation of all RFID card reader.

16, adopt the single key administrative skill of a kind of safety to set up the strategy of various security protocols, based on smart card and encrypted cardChip is on believable basis, and encryption and the digital signature protocol of RFID card reader heat transfer agent, be in intelligent card chipComplete, the encryption of the encryption of RFID heat transfer agent and digital signature protocol, key seed table B element and digital signature protocol,Deciphering and the signature of the deciphering of RFID heat transfer agent ciphertext and signature verification agreement and RFID card reader heat transfer agent ciphertextIndentification protocol, is also to complete in the chip of encrypted card, is all the agreement based on " chip-scale ", safe.

17, the signature key of the signature key of RFID, RFID card reader, transmission security key and two kinds of storage key: K or KK,Be all to generate in the chip of smart card or encrypted card, expressly do not go out chip, the signature key of RFID, RFID card readerSignature key, transmission security key are all that form with ciphertext is in chip external memory and transmission;

(1) signature key of all RFID is to generate in encrypted card chip, and in encrypted card chip, is stored key and addsAfter close one-tenth ciphertext, be stored in ciphertext form in the signature key database of Internet of Things authentication center end, ensure all RFIDSignature key in the storage security of Internet of Things authentication center end;

(2) signature key of all RFID card reader is to generate in intelligent chip, and in intelligent card chip, is transmitted closeKey is encrypted to after ciphertext, and be transferred to Internet of Things authentication center end, and in encrypted card chip, be decrypted into expressly, thereby, protectCard is at signature key exchange and the security of operation of RFID end card device;

(3) transmission security key is to generate in RFID card reader end intelligent card chip, single key set of cipher key of generating transmission keyThe a set of key seed table Bi that closes generating algorithm and generating transmission key is to be also stored in intelligent card chip, at Internet of ThingsAuthentication center's end, single key cipher key combinations generating algorithm of generating transmission key is stored in encrypted card chip, generating transmission keyA set of " key seed " table Bi, be to be stored in the transmission security key database of Internet of Things authentication center end with ciphertext form,Ensure storage, exchange and the security of operation of transmission security key at RFID card reader end and Internet of Things authentication center end, wherein: i=1～n；

(4) two kinds of storage key: K or KK generate in the chip of encrypted card, generate two kinds of storage key: K orSingle key cipher key combinations generating algorithm of KK and a set of key seed Table A, be all stored in encrypted card chip, ensures two kinds of storagesThe storage of key: K or KK and security of operation.

18,, with the transmission security key of one time one change, encrypt the signature key of the RFID card reader becoming for a time, the RFID of generationCard reader signature key ciphertext also has randomness, and one time one change, also all belongs to one group of mess code, irregularities, code breaker withoutMethod is by the ciphertext of a large amount of RFID card reader signature keys of open acquisition, as decoding condition---and " repeating report " (used phaseMany parts of different plaintext message encryptions are become ciphertext message by same single key), decode the signature key of RFID card reader, or breakTranslate transmission security key, or decode the element of " key seed " table Bi of generating transmission key, wherein: i=1～n, n is completeThe summation of body RFID card reader;

With the storage key KK of one time one change, encrypt the signature key of the RFID becoming for a time, generate the signature of RFIDThe ciphertext of key also has randomness, and one time one change, also all belongs to one group of mess code, and code breaker cannot be by close the signature of RFIDThe ciphertext of key, as decoding condition---" repeating report " decodes the signature key of RFID, or decodes storage key;

With the storage key K of one time one change, encrypt " key seed " table Bi with random number character, the key of generationThe ciphertext Bi ' that plants sublist Bi also has randomness, also all belongs to one group of mess code, and code breaker cannot show Bi ', as brokenTranslate condition---" repeating report " decodes table Bi, or decodes storage key, wherein: i=1～n;

19, in the heat transfer agent of the RFID of thing network sensing layer transmission, carried out twice signature and encryption, first, be to use thingThe signature key of the RFID producing in networking certification center-side encrypted card, is encrypted the heat transfer agent of RFID and numeral is signedName, is written in RFID after the heat transfer agent of generation RFID card reader, when the heat transfer agent of RFID card reader is read by RFIDAfter card device is read, then be encrypted and digital signature by the signature key of RFID card reader end, generate RFID card reader sensingThe digital signature of the ciphertext of information and RFID card reader heat transfer agent;

At Internet of Things authentication center end, 6 groups of sensing layer data that transmission comes to RFID card reader end, carry out twice deciphering andFirst signature verification, is to produce corresponding RFID card reader end signature key with Internet of Things authentication center end, to RFID Card ReaderThe ciphertext of device heat transfer agent is decrypted, and the digital signature of RFID card reader heat transfer agent is carried out to signature verification, obtains RFIDThe plaintext of card reader heat transfer agent, and obtain the heat transfer agent integrity verification result of RFID card reader, then recognize with Internet of ThingsCard center-side produces the signature key of corresponding RFID, and the ciphertext of RFID heat transfer agent is decrypted, and RFID sensing is believedThe digital signature of breath is carried out signature verification, obtains the plaintext of RFID heat transfer agent, and obtains the integrality of RFID heat transfer agentThe result, thereby, prevent that the heat transfer agent of RFID or the heat transfer agent of RFID card reader from leaking, being tampered or cloning.

Claims

1. a heat transfer agent safety protecting method for Internet of Things electronic tag is to adopt lightweight cryptographic algorithm: passwordEstablishment is simple and encryption/decryption speed is fast Symmetric cryptography, the single key administrative skill of a kind of safety and chip hardware technology, set upThe security protection system of RFID of Internet-of-things heat transfer agent, implementation step is as follows:

If adopt under conventional single key administrative situation, set up RFID card reader end in RFID card reader intelligent card chipEncryption system writes in intelligent card chip: lightweight cryptographic algorithm, digest algorithm, one group of transmission security key, RFID readThe mark of card device end intelligent card chip, encryption and the digital signature protocol of RFID card reader heat transfer agent, authenticate at Internet of ThingsIn the encrypted card chip of center, set up Internet of Things authentication center end encryption system, in encrypted card chip, write: lightweight password is calculatedThe transmission security key of method, digest algorithm, all corresponding RFID card reader ends, all corresponding depositing of RFID signature key of encryptingAdding of the mark of all RFID card reader end intelligent card chips of storage key, corresponding authentication center end, RFID heat transfer agentDecrypt ciphertext and the signature verification agreement of close and digital signature protocol, RFID heat transfer agent, RFID card reader heat transfer agentDecrypt ciphertext and signature verification agreement;

In RFID card reader intelligent card chip, set up RFID card reader end encryption system, in intelligent card chip, write:The mark of lightweight cryptographic algorithm, digest algorithm, RFID card reader intelligent card chip, a set of key seed table B, single keyEncryption and the digital signature protocol of cipher key combinations generating algorithm, RFID card reader heat transfer agent, hold in Internet of Things authentication centerIn encrypted card chip, set up Internet of Things authentication center end encryption system, in encrypted card chip, write: lightweight cryptographic algorithm,The encryption of digest algorithm, a set of key seed Table A, single key cipher key combinations generating algorithm, RFID heat transfer agent and numeral are signedThe deciphering of the encryption of name agreement, key seed table B element and digital signature protocol, RFID heat transfer agent and signature verification associationDeciphering and the signature verification agreement of view, RFID card reader heat transfer agent, hold the hard of certificate server in Internet of Things authentication centerDisk storage district, by all RFID card reader of homologue networking certification center-side end intelligent card chip identification, key seed table BThe digital signature of the ciphertext of element and key seed table B element thereof, the corresponding one group of timestamp and random that generates storage keyNumber, is stored in transmission security key database together, meanwhile, and by all homologue networking certification center-side RFID marks, RFIDThe ciphertext of signature key, corresponding one group of timestamp and the random number that generates storage key, be stored in storage key database togetherIn;

Adopt the single key administrative skill of a kind of safety: adopt the management method of three kinds of keys, the first key is: sign closeKey, signature key is used for setting up encryption and digital signature protocol or the RFID card reader heat transfer agent of RFID heat transfer agentEncryption and digital signature protocol; The second key is: transmission security key, transmission security key, for ciphering signature key, ensures to signThe exchanging safety of name key; The third key is: storage key, storage key is for encrypting respectively corresponding all RFID'sSignature key, or encrypt the element of the key seed table of corresponding RFID card reader end generating transmission key, ensure RFID'sSignature key, in the storage security of Internet of Things authentication center end, ensures the element of the key seed table of corresponding RFID card reader end,In the storage security of Internet of Things authentication center end, wherein: transmission security key and storage key are all by one group of timestamp and random numberSingle key cipher key combinations generating algorithm of composition, chooses the element of a set of key seed table B or Table A, by what selectThe synthetic one group of transmission security key of element or storage key, single key cipher key combinations generating algorithm, is to key seed B with timestampOr " OK " element of Table A chooses, select the key seed B of the capable Y row of Y or the sublist of Table A, then according to randomNumber, chooses " row " element of the capable Y row of the sublist Y of key seed B or Table A, selects Y element, and closesBecome a group key, wherein: Y=16 or 32;

In the time that the quantity of RFID or RFID card reader is very large, need to be in more not the adding of end administration of Internet of Things authentication centerClose card apparatus, the key seed of storing a large amount of corresponding RFID card reader end generating transmission keys, or storage is in a large number for addingThe storage key of close RFID signature key, or storage is a large amount of for encrypting corresponding RFID card reader end key seed table B'sStorage key;

The encryption of RFID heat transfer agent and digital signature protocol, Internet of Things authentication center end encryption system, uses encrypted card chipIn the signature key of RFID that generates, the heat transfer agent of RFID is encrypted and digital signature in advance, by RFID'sMark, the ciphertext of RFID heat transfer agent and the digital signature of RFID heat transfer agent, write in RFID in the lump, then basisSingle key cipher key combinations generating algorithm, produces one group of storage key, the signature key of RFID is encrypted to ciphertext, by RFIDMark, the signature key ciphertext of RFID, and corresponding one group of timestamp and the random number that generates storage key, deposits in the lumpBe placed in the signature key database of Internet of Things authentication center end;

Encryption and the digital signature protocol of key seed table B element, Internet of Things authentication center end encryption system, is encrypting the core of the cardIn sheet, respectively by the element of corresponding RFID card reader end key seed table B, produce by single key cipher key combinations generating algorithmStorage key is encrypted and digital signature, and by mark, the key seed table of corresponding RFID card reader intelligent card chipThe digital signature of the element ciphertext of B, the element of key seed table B and the corresponding one group of timestamp that generates storage key andRandom number, is stored in the transmission security key database of Internet of Things authentication center end in the lump in advance;

Encryption and the digital signature protocol of RFID card reader heat transfer agent, RFID card reader end encryption system, uses smart cardThe signature key of the RFID card reader generating in chip, is encrypted the heat transfer agent of RFID card reader and digital signature,According to single key cipher key combinations generating algorithm, produce one group of transmission security key, the signature key of RFID card reader is encrypted to ciphertext,Again the heat transfer agent ciphertext of the mark of RFID card reader end intelligent card chip, RFID card reader, RFID card reader are passedThe digital signature of sense information, the signature key ciphertext of RFID card reader, and one group of timestamp of corresponding generating transmission keyAnd random number, send to together Internet of Things authentication center;

When Internet of Things authentication center receives RFID card reader end, the ciphertext of the RFID card reader heat transfer agent of sending andAfter the digital signature of RFID card reader heat transfer agent, first, to the key seed table of corresponding record in transmission security key databaseThe element ciphertext of B is decrypted and integrity verification, afterwards, the ciphertext of RFID card reader heat transfer agent is decrypted,And the digital signature of RFID card reader heat transfer agent is carried out to signature verification, last, then to RFID heat transfer agent ciphertextBe decrypted, and the digital signature of RFID heat transfer agent is carried out to signature verification, realize secret biography of heat transfer agent of sensing layerDefeated and integrity verification, thereby, a kind of sensing layer Information Security Defending System of RFID of Internet-of-things set up.

2. method according to claim 1 is characterized in that:

Adopt the single key administrative skill of a kind of safety to carry out the key management of lightweight password, set up RFID of Internet-of-things sensing layerHeat transfer agent secrecy transmission and integrity verification system,

(1) signature key,

If: the signature key of RFID card reader is: CK, with the signature key CK of RFID card reader, reads RFIDThe heat transfer agent of card device is encrypted and digital signature, then the one group of transmission security key generating by single key cipher key combinations generating algorithmSK, carrys out ciphering signature ciphering key K, generates signature key ciphertext: CK ', and by CK ' and generating transmission key SKSelecting All Parameters: one group of timestamp and random number, send in the lump Internet of Things authentication center end, realize from RFID Card ReaderBetween device end is held to Internet of Things authentication center, the secure exchange of RFID card reader signature key CK;

If: the signature key of RFID is: CKK, with the signature key CKK of RFID, to the sensing letter in RFIDBreath is encrypted and digital signature, then generates one group of storage key by single key password combination generating algorithm, encrypts RFID'sSignature key CKK, generate signature key ciphertext: CKK ', wherein: storage key KK be by one group of timestamp andSingle key cipher key combinations generating algorithm of random number composition, chooses the element of a set of key seed Table A, by what selectElement is merged into storage key KK, and by the signature key ciphertext of the mark of RFID, RFID: CKK ', generation are depositedThe Selecting All Parameters of storage key K K is: one group of timestamp and random number, be stored in the signature key of Internet of Things authentication center in the lumpIn database, realize the safety storing of RFID signature key CKK at Internet of Things authentication center end;

(2) transmission security key

If: transmission security key is: SK, encrypt the signature key CK of RFID card reader with transmission security key SK,

Key seed table Bi is left in RFID card reader end intelligent card chip, when operation RFID card reader sensing letterWhen the encryption of breath and digital signature protocol, by single key cipher key combinations generating algorithm of one group of timestamp and random number composition, to closeThe element of key kind sublist Bi is chosen, by synthetic the Y a selecting element one group of transmission security key SK, wherein: and Y=16,Or 32; Every cover key seed table Bi is a corresponding RFID card reader end intelligent card chip, establishes: Internet of Things authentication centerIn corresponding all RFID card reader intelligent chips, key seed table is respectively: B1, B2 ..., Bn, n be correspondenceThe summation of all RFID card reader of Internet of Things authentication center, wherein: Bd, Be (1≤d≤n, 1≤e≤n, d ≠ e)Element all different between two;

In the chip of Internet of Things authentication center end encrypted card, the storage key that adopts single key cipher key combinations generating algorithm to generateKi, becomes ciphertext by corresponding RFID card reader end for the aes encryption of the key seed table Bi of generating transmission key, and willThe element of key seed table Bi is with the form of ciphertext, respectively with the mark of corresponding RFID card reader end intelligent card chip,And the Selecting All Parameters that generates corresponding stored key K i: one group of timestamp and random number, be stored in certification together in advanceIn the transmission security key database of heart end;

(3) storage key

If: for the storage key of encrypting RFID signature key be: KK, close for encrypting corresponding RFID card reader endThe storage key of key kind sublist Bi element is: K,

The element of Table A is left in Internet of Things authentication center encrypted card the core of the card sheet, with one group of timestamp and random number compositionSingle key cipher key combinations generating algorithm, the element of key seed Table A is chosen, by synthetic the Y a selecting element oneGroup storage key K or KK, wherein: Y=16, or 32;

If: total m of the signature key of RFID, also there is m for encrypting the storage key of RFID signature key,That is: KK1, KK2 ..., KKm, use storage key KKj, by the signature key CKKj of RFID, be encrypted toCiphertext is: CKK1 ', CKK2 ' ..., after CKKm ', be stored in the signature key database of authentication center's endIn;

If: for n altogether of the storage key Ki of the element of encryption key seed table Bi, that is: K1, K2 ..., Kn,By the aes encryption of all key seed table Bi, generate the ciphertext of key seed table Bi, that is: with corresponding storage key KiB1 ', B2 ' ..., Bn ', and Bi ' is stored in the transmission security key database of authentication center end, wherein: i=1～Nj=1～m, n is homologue networking certification center all RFID card reader quantity summation, m is homologue networking certificationCenter all RFID quantity summation.

3. method according to claim 1 is characterized in that:

(1) single key cipher key combinations generating algorithm, is by the Selecting All Parameters of one group of timestamp and random number composition, comes oneThe element of cover key seed table is chosen, and with timestamp, " OK " element of key seed table is chosen, and selects YThe sublist of the key seed table of row Y row, then according to random number, " row " element of the key seed table to the capable Y row of Y entersRow is chosen, and selects Y element, and a synthetic group key, wherein: Y=16 or 32, storage key K or KK withTransmission security key SK is produced in real time by single key cipher key combinations generating algorithm;

If timestamp is: 10 bit digital compositions, that is: " year " formed by 4 bit digital: XXX0～XXX9,That is: get 0～9 year, " moon " be made up of 2 bit digital: get January～December, " day " be made up of 2 bit digital: get1～31, " time " formed by 2 bit digital: get 0 o'clock～23 o'clock, as: 2013122819, represent 2013 12Month 19 points on the 28th;

Random number by Y=16 or, 32, binary number composition, in the time of Y=16 bit, every random number is 4Bit binary number, the numerical value of the binary data of every random number is 0～15, as: 0011,1010,0000 ..., 1111,0110, the numerical value of its binary data is: 3,10,0 ..., 15,6; WhenWhen Y=32 bit, the numerical value of the binary number of every random number is: 0～31, as: 00110,10100,00000 ..., 11111,01100, the numerical value of its binary data is: 6,20,0 ..., 31,12;

(2) concrete methods of realizing of single key cipher key combinations generating algorithm,

With 1st～10 row in " year " corresponding Table A of timestamp, totally 10 row, the 11st in " moon " corresponding Table A～22 row, totally 12 row, 23rd～53 row in " day " corresponding Table A, totally 31 row, " time " the 54th in corresponding Table A～77 row, totally 24 row, in the time selecting Table A element to be 89 row 16 column element, Table A also has the not corresponding time of 12 row elementsStamp; In the time selecting Table A element to be 105 row 32 column element, Table A also has not correspondent time of 28 row elements;

If: random number is: Q1, Q2 ..., QY, corresponding numerical value is respectively: L1, L2 ..., LY, whenWhen Y=16,16 numerical value corresponding to random number are: between 0～15, use: L1, and L2 ..., L16, his-and-hers watches A1Row choose, that is: with the numerical value L1 of the 1st random number Q1, choose the unit of the L1+1 row of Table A 1 the 1st rowElement, with the numerical value L2 of the 2nd random number Q2, chooses the element of the L2+1 row of Table A 1 the 2nd row ..., useThe numerical value L16 of the 16th random number Q16, chooses the element of the L16+1 row of Table A 1 the 16th row, selects altogether 16Element; In the time of Y=32, the numerical value of 32 random numbers is: 0～31, use: and L1, L2 ..., L32, his-and-hers watches A1Row choose, that is: with the numerical value L1 of the 1st random number Q1, choose the unit of the L1+1 row of Table A 1 the 1st rowElement, with the numerical value L2 of the 2nd random number Q2, chooses the element of the L2+1 row of Table A 1 the 2nd row ..., useThe numerical value L32 of the 32nd random number Q32, chooses the element of the L32+1 row of Table A 1 the 32nd row, selects altogether 32Individual element;

Due to, the length of single key key is 128 bits, the Y group element of selecting from Table A is merged into one group of list key key,That is: be storage key, if the element of Table A is: 8 bits, Y=16,16 group elements of selecting from Table A are merged intoSingle key key be 128 bits, if the element of Table A is: 4 bits, Y=32,32 group elements of selecting from Table AThe single key key being merged into is also 128 bits;

(3) the signature key CKK of signature key CK, the RFID of RFID card reader, transmission security key SK or two kindsThe length of storage key: K or KK, is all: the repetitive rate of 128, CK and CKK is: 1/2¹²⁸, substantially realizeOne-time pad;

Transmission security key SK, two kinds of storage key K or KK are to come key seed by one group of timestamp and random numberThe element of Table A or B is chosen, and the Y a selecting element is synthesized to one group of transmission security key SK or two kinds of storage keys:K or KK, if the random number in Selecting All Parameters is 16, the element of key seed Table A or B is 8 bits, timestampIn situation for " year, month, day, time ", in one hour, transmission security key SK, two kinds of storage key: K or KKRepetitive rate be: 1/2⁶⁴; If the random number in Selecting All Parameters is 32, the element of key seed Table A or B is 4 bits,Timestamp is in the situation of " year, month, day, time ", in one hour, and transmission security key SK, two kinds of storage key: KOr the repetitive rate of KK is: 1/2¹⁶⁰, transmission security key SK, two kinds of storage key: K or KK are also essentially one-time pad.

4. method according to claim 1 is characterized in that:

Encryption and the digital signature protocol of RFID card reader heat transfer agent, RFID card reader will read in RFIDThe heat transfer agent of RFID card reader, in the intelligent card chip of input RFID card reader end after, the adding of RFID card reader endClose system, in RFID card reader end intelligent card chip, calls digest algorithm the heat transfer agent of RFID card reader is carried out" summary ", obtains " summary " information L1 of RFID card reader heat transfer agent, then calls RFID card reader end intelligent cardRandomizer in chip, the random number of one group of 128 bit of generation, the label using this random number as RFID card readerName ciphering key K, encrypts " summary " information L1 of RFID card reader heat transfer agent and RFID card reader heat transfer agent,Obtain the ciphertext of RFID card reader heat transfer agent and the digital signature of RFID card reader heat transfer agent: " summary " informationThe ciphertext of L1, in intelligent card chip, produces one group of timestamp and random number, according to single key cipher key combinations generating algorithm,By this group timestamp and random number, the element of key key kind sublist Bi is chosen, select the synthetic one group of biography of Y elementDefeated key SK i, be encrypted to ciphertext by the signature key CK of RFID card reader with SKi: CK ', and last, by RFIDThe number of the mark of card reader end intelligent card chip, the ciphertext of RFID card reader heat transfer agent, RFID card reader heat transfer agentOne group of timestamp of the ciphertext CK ' of the signature key of word signature, RFID card reader, corresponding generating transmission key and random numberThese 6 groups of sensing layer data, send to Internet of Things authentication center end, wherein: i=1～n in the lump.

5. method according to claim 1 is characterized in that:

(1) encryption of RFID heat transfer agent and digital signature protocol, Internet of Things authentication center end encryption system, at encrypted cardIn chip, call random number transmitter and produce one group of 128 bit random number, the signature key by this group random number as RFIDCKK, " summary " V1 of the heat transfer agent to RFID and the heat transfer agent of RFID is encrypted, and obtains RFID'sThe digital signature of the heat transfer agent of heat transfer agent ciphertext and RFID produces one in Internet of Things authentication center end encrypted card chipGroup timestamp and random number, according to single key cipher key combinations generating algorithm, show " key seed " by this timestamp and random numberThe element of A is chosen, and selects the synthetic one group of storage key KK of Y element, and with this storage key, KK encrypts RFIDSignature key CKK, generate RFID signature key ciphertext: CKK ', by the mark of RFID, RFID sensingTotally 3 groups of data of the digital signature of the ciphertext of information and RFID heat transfer agent writes in RFID, meanwhile, and by the mark of RFIDThe Selecting All Parameters of knowledge, signature key ciphertext CKK ', generation storage key KK: these 4 groups of data of timestamp and random number,Be stored in the signature key database of Internet of Things authentication center end;

(2) encryption and the digital signature protocol of key seed table B element, Internet of Things authentication center end encryption system, is addingIn close the core of the card sheet, produce one group of timestamp and random number, according to single key cipher key combinations generating algorithm, with this group timestamp and randomNumber, chooses the element of key seed Table A, by synthetic the Y a selecting element one group of storage key Ki, deposits with thisStorage key K i carrys out the element of encryption key seed table Bi, obtains the element ciphertext Bi ' of key seed table Bi, and deposits with thisStorage key K i carries out digital signature to key seed table Bi element: to " summary " information of key seed table Bi elementG1 is encrypted, and obtains the ciphertext of key seed table Bi element " summary " information G1: digital signature, then by correspondenceThe mark of RFID card reader intelligent card chip, the element ciphertext of key seed table Bi be: Bi ', key seed table Bi elementDigital signature and corresponding one group of timestamp and the random number that generates storage key Ki, be stored in the lump Internet of Things certificationIn the transmission security key database of center-side, wherein: i=1～n, Y=16, or 32;

(3) decrypt ciphertext of RFID card reader heat transfer agent and signature verification agreement, when Internet of Things authentication center end, receivesAfter 6 groups of sensing layer data that RFID card reader end sends, Internet of Things authentication center end encryption system, first, according to RFIDThe mark of card reader end intelligent card chip, in transmission security key database, location, to the record that should identify, will generate in recording" key seed " table Bi ciphertext of transmission security key is: table Bi ', the one group of timestamp that generates storage key and random number,And one group of timestamp of generating transmission key and random number, input in the lump in the encrypted card chip of Internet of Things authentication center end,In encrypted card chip, according to single key cipher key combinations generating algorithm, by the one group of timestamp and the random number that generate storage key,Element to Table A is chosen, and selects Y element synthetic storage key Ki, and use Ki is " close by generating transmission keyKey seed " table Bi element ciphertext: Bi ' deciphering, obtain the element of " key seed " table Bi expressly, use KiBi element digital signature is expressly decrypted, obtains element " summary " the information G1's of " key seed " table BiExpressly, then call digest algorithm the plaintext element of Bi made a summary, obtain " summary " information G2, by contrast G1 andWhether G2 identical? whether the element that judges key seed table Bi is tampered, if the element of key seed table Bi is not usurpedChange, according to single key cipher key combinations generating algorithm, with one group of timestamp and the random number of generating transmission key, his-and-hers watches Bi'sElement is expressly chosen, select Y element and synthesize transmission security key SKi, with SKi by close the signature of RFID card readerThe ciphertext CK ' deciphering of key, obtain the plaintext of signature key: CK, and by CK deciphering RFID card reader heat transfer agent ciphertextWith the digital signature of RFID card reader heat transfer agent, the plaintext and the RFID card reader that obtain RFID card reader heat transfer agent passThe plaintext of " summary " information L1 of sense information, then RFID card reader heat transfer agent is carried out to " summary " with digest algorithm,Obtain " summary " information L2 of RFID card reader heat transfer agent, whether L1 identical with L2 by contrast? confirm RFIDWhether card reader end is credible, complete to the signature of RFID card reader heat transfer agent, wherein: i=1～n, at RFID Card ReaderIn the decrypt ciphertext of device heat transfer agent and signature verification agreement, deciphering and the label of the element ciphertext of key seed table B are also comprisedThe content of name indentification protocol;

(4) deciphering of RFID heat transfer agent ciphertext and signature verification agreement, Internet of Things authentication center end encryption system basisThe mark of RFID, in signature key database, location is to the record that should identify, by the ciphertext of the signature key in recordThat is: CKKj ', corresponding one group of timestamp and random number, in the lump the encryption the core of the card of input authentication center-side that generates storage keyIn sheet, in encrypted card chip, according to single key cipher key combinations generating algorithm, by this group timestamp and random number, to Table AElement choose, select altogether Y element synthetic one group of storage key KKj, with this storage key, KKj will signThe ciphertext of key is: CKKj ' deciphering, obtain expressly: CKKj, closeer by CKKj deciphering RFID heat transfer agentThe digital signature of literary composition and RFID heat transfer agent, obtains the plaintext of RFID heat transfer agent and the summary of RFID heat transfer agent letterBreath V1, then RFID heat transfer agent is carried out to " summary " with digest algorithm, " summary " that obtain RFID heat transfer agent believedBreath V2, by contrast V1 whether identical with V2, confirm the signature of RFID heat transfer agent whether credible, complete,Wherein: j=1～m, m is all RFID quantity summations at homologue networking certification center.

6. method according to claim 1 is characterized in that:

Because the quantity of RFID of Internet-of-things and R1FID card reader is very large, need the number of storage at Internet of Things authentication center endAlso very large according to amount, the element of every cover " key seed " table Bi of corresponding RFID card reader end generating transmission key accounts for 1424Byte or 1680 bytes of storage space, the signature key of every group of R1FID accounts for 16 bytes of storage space, when RFID card readerWhen more than one hundred million with the quantity of RFID, the data volume that corresponding RFID and RFID reader device relate to, belongs to the model of large dataFarmland, produces the storage key becoming for a time by single key cipher key combinations generating algorithm, encrypt corresponding each RFID card reader endThe element of " key seed " table Bi of generating transmission key, or encrypt the signature key CKKj of each RFID, protectThe storage that card leaves Internet of Things authentication center in holds element in " key seed " table Bi of all corresponding RFID card reader endsSafety, ensure to leave in the signature key of all corresponding R1FID of Internet of Things authentication center end: CKK1, CKK2 ...,The storage security of CKKm, do not need to purchase a large amount of encrypted card hardware devices, stores the generating transmission key of magnanimityThe element of " key seed " table Bi, or two kinds of storage key: K or the KK of storage magnanimity, can save in certification greatlyThe construction cost of the heart, makes single Internet of Things authentication center can manage magnanimity RFID and RFID reader device, wherein:J=1～m, m is all RFID quantity summations at homologue networking certification center, i=1～n, n is all RFID Card ReadersThe summation of device.

7. method according to claim 1 is characterized in that:

(1) adopting the single key administrative skill of a kind of safety to set up the strategy of various security protocols, is based on smart card and encrypted cardChip be on believable basis, encryption and the digital signature protocol of RFID card reader heat transfer agent, be at intelligent card chipIn complete, the encryption of the encryption of RFID heat transfer agent and digital signature protocol, key seed table B element and digital signature associationView, the deciphering of RFID heat transfer agent ciphertext and the deciphering of signature verification agreement and RFID card reader heat transfer agent ciphertextWith signature verification agreement, be also to complete in the chip of encrypted card, be all the agreement based on " chip-scale ", safe;

(2) signature key of the signature key of RFID, RFID card reader, transmission security key and two kinds of storage key: K orKK, is to generate in the chip of smart card or encrypted card, does not expressly go out chip, and signature key, the RFID of RFID readSignature key, the transmission security key of card device is all that form with ciphertext is in chip external memory and transmission;

The signature key of all RFID is to generate in encrypted card chip, and in encrypted card chip, is stored secret key encryptionAfter ciphertext, be stored in ciphertext form in the signature key database of Internet of Things authentication center end, ensure the label of all RFIDName key is in the storage security of Internet of Things authentication center end;

The signature key of all RFID card reader is to generate in intelligent chip, and in intelligent card chip, is transmitted key and addsAfter close one-tenth ciphertext, be transferred to Internet of Things authentication center end, and in encrypted card chip, be decrypted into expressly, thereby, ensureSignature key exchange and the security of operation of RFID end card device;

Transmission security key is to generate in RFID card reader end intelligent card chip, and single key cipher key combinations of generating transmission key generatesA set of key seed table Bi of algorithm and generating transmission key, is to be also stored in intelligent card chip, in Internet of Things certificationHeart end, single key cipher key combinations generating algorithm of generating transmission key is stored in encrypted card chip, generating transmission key a set of" key seed " table Bi, is to be stored in the transmission security key database of Internet of Things authentication center end with ciphertext form, ensuresTransmission security key is at storage, exchange and the security of operation of RFID card reader end and Internet of Things authentication center end, wherein: i=1～n;

Two kinds of storage key: K or KK generate in the chip of encrypted card, generate two kinds of storage key: K or KKSingle key cipher key combinations generating algorithm and a set of key seed Table A, be all stored in encrypted card chip, ensure that two kinds of storages are closeThe storage of key: K or KK and security of operation.

8. method according to claim 1 is characterized in that:

With the transmission security key of one time one change, encrypt the signature key of the RFID card reader becoming for a time, the RFID of generationCard reader signature key ciphertext also has randomness, and one time one change, also all belongs to one group of mess code, irregularities, code breaker withoutMethod is by the ciphertext of a large amount of RFID card reader signature keys of open acquisition, as decoding condition-" repeating report ", wherein:" repeat report " and refer to that many parts of different plaintext message encryptions are become ciphertext message by the identical single key of use, decodes RFID and readThe signature key of card device, or decode transmission security key, or decode the element of " key seed " table Bi of generating transmission key, itsIn: i=1～n, n is the summation of all RFID card reader;

With the storage key KK of one time one change, encrypt the signature key of the RFID becoming for a time, generate the label of RFIDThe ciphertext of name key also has randomness, and one time one change, also all belongs to one group of mess code, and code breaker cannot be by the signature of RFIDThe ciphertext of key, decodes the signature key of RFID as decoding condition-" repeat report ", or it is close to decode storageKey;

With the storage key K of one time one change, encrypt " key seed " table Bi with random number character, the key kind of generationThe ciphertext Bi ' of sublist Bi also has randomness, also all belongs to one group of mess code, and code breaker cannot be by table Bi ', as decodingCondition-" repeating report " decoded table Bi, or decodes storage key, wherein: i=1～n.

9. method according to claim 1 is characterized in that:

In the heat transfer agent of the RFID of thing network sensing layer transmission, carried out twice signature and encryption, first, be to join with thingThe signature key of the RFID producing in net authentication center end encrypted card, is encrypted the heat transfer agent of RFID and numeral is signedName, is written in RFID after generating the heat transfer agent of RFID card reader, when the heat transfer agent of RFID card reader is by RFIDAfter card reader is read, then be encrypted and digital signature by the signature key of RFID card reader end, generate RFID card readerThe digital signature of the ciphertext of heat transfer agent and RFID card reader heat transfer agent;

At Internet of Things authentication center end, 6 groups of sensing layer data that transmission comes to RFID card reader end, carry out twice deciphering andSignature verification, first, is to produce corresponding RFID card reader end signature key with Internet of Things authentication center end, and RFID is readThe ciphertext of card device heat transfer agent is decrypted, and the digital signature of RFID card reader heat transfer agent is carried out to signature verification, obtainsThe plaintext of RFID card reader heat transfer agent, and obtain the heat transfer agent integrity verification result of RFID card reader, then use thingNetworking certification center-side produces the signature key of corresponding RFID, the ciphertext of RFID heat transfer agent is decrypted, to RFIDThe digital signature of heat transfer agent is carried out signature verification, obtains the plaintext of RFID heat transfer agent, and obtains RFID heat transfer agentIntegrity verification result, thereby, prevent the heat transfer agent of RFID or the heat transfer agent of RFID card reader leaks, quiltDistort or clone.