The receiving/transmission method of a kind of RFID of highly effective and safe and system thereof
Technical field
The present invention relates to RFID communication technical field, relate in particular to receiving/transmission method and the system thereof of a kind of RFID of highly effective and safe.
Background technology
Existing rfid system forms (as shown in Figure 1) by electronic tag, read write line and RFID application software. Current rfid system security both domestic and external aspect, adopts operator password when read write line operation electronic tag; The data communication of read write line and RFID application software adopts cipher mode. This security mechanism is only based upon read write line and electronic tag, or between read write line and RFID application software, this three is not closely connected together. The personnel of normal operations electronic tag can see the operator password of electronic tag from interface, and the possibility that password is revealed is very large. If the operator password of read write line operation electronic tag has been revealed, the read write line that assailant can take out same type is so according to the data of this change of secret code electronic tag, and obviously such security need to improve.
Summary of the invention
The technical problem to be solved in the present invention, is receiving/transmission method and the system thereof of the RFID that highly effective and safe is provided, solves the safety issue of existing RFID.
The present invention is achieved in that
A receiving/transmission method of the RFID of highly effective and safe, described method is applied to RFID application software, read write line and electronic tag, comprises the steps:
Common tag ciphertext is sent to read write line by electronic tag;
The common tag ciphertext of receiving is sent to RFID application software by read write line;
RFID application software obtains after described common tag ciphertext, read write line is initiated to legitimacy certification, if read write line authentification failure is not processed described common tag ciphertext;
If read write line certification is passed through, whether the inquiry of RFID application software prestores same label ciphertext, if do not had, no longer described electronic tag is operated; Otherwise successful smart-tag authentication result is sent to read write line, read write line is received after the successful result of smart-tag authentication, RFID application software is initiated to legitimacy certification, if RFID application software authentification failure, read write line is not processed the successful result of smart-tag authentication;
If RFID application software authentication success, the operator password of read write line deciphering common tag ciphertext electron gain label, read write line, in the time of the order of operation electronic tag of receiving RFID application software, utilizes described operator password to carry out corresponding operating to electronic tag.
Further, described electronic tag operational order comprise change common tag ciphertext order, access the order of privately owned label ciphertext or change the order of privately owned label ciphertext.
Further, the concrete steps that read write line carries out legitimacy certification to RFID application software are:
Legitimacy authentication command and the first random number are sent to RFID application software by read write line, and be encrypted in conjunction with the first random number and read write line authenticate key, generates certification the first encrypted result;
RFID application software receives legitimacy authentication command and the first random number, is encrypted in conjunction with the first random number and RFID application software authenticate key, generates the second encrypted result, and the second encrypted result is sent to read write line;
Read write line receives the second encrypted result, the second encrypted result and the first encrypted result are compared whether identical, if identical, the information receiving from RFID application software described in reader processing; Otherwise read write line is not processed the described information receiving from RFID application software.
Further, the concrete steps that common tag ciphertext, legitimacy authentication command and the first random number are sent to RFID application software by read write line are: read write line is first by after common tag ciphertext, legitimacy authentication command and the first random number encryption, again the data after encrypting are sent to RFID application software, RFID application software first will obtain described common tag ciphertext, legitimacy authentication command and the first random number after the data deciphering of receiving;
The concrete steps that the second encrypted result is sent to read write line by RFID application software are: after RFID application software is first encrypted the second encrypted result, again the data after encrypting are sent to read write line, read write line obtains the second described encrypted result after deciphering the data of receiving.
Further, the concrete steps that RFID application software is carried out legitimacy certification to read write line are:
Legitimacy authentication command and the second random number are sent to read write line by RFID application software, and be encrypted in conjunction with described random number and RFID application software authenticate key, generates certification the 3rd encrypted result;
Read write line receives after described legitimacy authentication command and the second random number, is encrypted in conjunction with the second random number and read write line authenticate key, generates the 4th encrypted result, and the 4th encrypted result is sent to RFID application software;
Whether RFID application software receives the 4th encrypted result, the 4th encrypted result and the 3rd encrypted result are compared identical, if identical, RFID application software is processed the described information receiving from read write line; Otherwise RFID application software is not processed the described information receiving from read write line.
Further, the concrete steps that successful smart-tag authentication result, legitimacy authentication command and the second random number are sent to read write line by described RFID application software are: RFID application software is first by after successful smart-tag authentication result, legitimacy authentication command and the second accidental enciphering, again the data after encrypting are sent to read write line, read write line decipher the successful result of smart-tag authentication described in obtaining after the data of receiving, legitimacy authentication command and second random;
The concrete steps that the 4th encrypted result is sent to RFID application software by read write line are: after read write line is first encrypted the 4th encrypted result, again the data after encrypting are sent to RFID application software, RFID application software first will obtain the 4th described encrypted result after the data deciphering of receiving.
And the invention provides the system of a kind of RFID of highly effective and safe, comprise RFID application software elements, read write line unit and electronic tag unit, described electronic tag unit includes one and sends the data transmit-receive module and of data for storing the privately owned memory module of private information for the common memory means, of storing common tag ciphertext for receiving, and it is characterized in that:
Described read write line unit comprises with lower module:
Tag operational module, for carrying out communication with electronic tag;
And host interface module, for carrying out communication with RFID application software elements;
Described RFID application software elements comprises with lower module:
User tag ciphertext memory module, for storing label ciphertext to be certified;
And read write line interface module, for carrying out communication with read write line interface.
Further, described read write line unit also comprises the first encryption and decryption module, obtains operator password for encrypting the data of transmission, the data of deciphering reception and deciphering common tag ciphertext;
Described RFID application software elements also comprises the second encryption and decryption module, conciliates the data of connecting airtight receipts for the data of encrypting transmission.
Further, described read write line unit also comprises first and gets random number module, for generation of random number.
Further, described RFID application software elements also comprises second and gets random number module, for generation of random number.
Tool of the present invention has the following advantages: after operator password is encrypted, be put in electronic tag, and by carrying out verification with the label ciphertext that is pre-stored in RFID application software, avoided the leakage of operator password, prevent that electronic tag data is tampered and clones. Read while write and between device and RFID, carry out mutual safety certification, effectively by electronic tag, read write line together with the triplicity of RFID application software, improved security.
Brief description of the drawings
The present invention is further illustrated in conjunction with the embodiments with reference to the accompanying drawings.
Fig. 1 is existing rfid system structural representation.
Fig. 2 is system architecture schematic diagram of the present invention.
Detailed description of the invention
As shown in Figure 2, in the present invention's one preferred embodiment, the system of a kind of RFID of highly effective and safe, comprises electronic tag unit 1, read write line unit 2 and RFID application software elements 3. Electronic tag unit 1 comprises common memory means 10, data transmit-receive module 11 and privately owned memory module 12; Read write line unit 2 comprises tag operational module 20, host interface module 21, the first encryption and decryption module 22 and first and gets random number module 23; RFID application software elements 3 comprises read write line interface module 30, user tag ciphertext memory module 31, the second encryption and decryption module 32 and second and gets random number module 33.
Common memory means 10 is connected with data transmit-receive module 11 respectively with privately owned memory module 12. In common memory means 10, store common tag ciphertext, common tag ciphertext is for the certification of label legitimacy, and read write line unit 2 is receiving after the 1 legitimacy certification of electronic tag unit, the operator password adopting while utilizing the first encryption and decryption module 22 to decrypt operation electronic tag unit 1. If data transmit-receive module 11 receives the order of the common tag ciphertext that reads common memory means 10, just can read without operator password. Privately owned memory module 12 is stored private information. If data transmit-receive module 11 receives the order of the common tag ciphertext that writes common memory means 10, need to use correct operator password just can write; If data transmit-receive module 11 receives the order of the privately owned memory module 12 of access (read or write), only have and use correct operator password and the corresponding command could access the data of the privately owned memory module 12 under privately owned pattern.
In the time that this preferred embodiment is worked, first the common tag ciphertext in common memory means 10 is sent to read write line unit 2 by the data transmit-receive module 11 of electronic tag unit 1; The tag operational module 20 of read write line unit 2 receives that, after common tag ciphertext, common tag ciphertext is sent to RFID application software elements 3 by host interface module 21; The read write line interface module 30 of RFID application software elements 3 receives after common tag ciphertext, whether inquiring user label ciphertext memory module 31 prestores same label ciphertext, if do not had, electronic tag is illegal, the not electronic tag of native system certification, RFID application software elements 3 no longer operates described electronic tag. Below just completed the certification to electronic tag unit 1 legitimacy. If user tag ciphertext memory module 31 prestores same label ciphertext, successful smart-tag authentication result is sent to read write line unit 2 by read write line interface module 30, and read write line unit 2 utilizes the first encryption and decryption module 22 to decipher the operator password of common tag ciphertext electron gain tag unit 1 after receiving the successful result of smart-tag authentication. Operator password is encrypted as common tag ciphertext like this, can't see real operator password in RFID application software elements 3, only have and distribute the personnel of electronic tag operator password to know real password, avoided the leakage of operator password, increased the security of operator password. The AES of common tag ciphertext can be any one, as long as real operator password enciphering hiding can be got up.
In the time that RFID application software elements 3 need to read user profile, first the order of operation electronic tag unit 1 is sent to host interface module 21 by the read write line interface module 30 of RFID application software elements 3, this order is sent to tag operational module 20 by host interface module 21, this order and operator password are sent to data transmit-receive module 11 by tag operational module 20, data transmit-receive module 11 carries out verification to operator password, if operator password is correct, respond this order, the user profile in privately owned memory module 12 is sent to tag operational module 20. User profile is sent to host interface module 21 by tag operational module 20, host interface module 21 sends to user profile read write line interface module 30 again, RFID application software elements 3 gets user profile, can realize the management to user's electronic tag and the object that adheres to thereof.
In the time that RFID application software elements 3 is changed the user profile of privately owned memory module 12 or the common tag ciphertext of common memory means 10, first the order of change user profile and user profile to be changed or the order of change common tag ciphertext and common tag ciphertext to be changed are sent to host interface module 21 by the read write line interface module 30 of RFID application software elements 3, this order and data are sent to tag operational module 20 by host interface module 21, tag operational module 20 is by this order, data and operator password send to data transmit-receive module 11, data transmit-receive module 11 carries out verification to operator password, if operator password is correct, respond this order, according to order, data are write to common memory means 10 or privately owned memory module 12, realize the amendment to user profile in electronic tag unit 1 or common tag ciphertext.
The present embodiment also authenticates RFID application software elements 3 and read write line unit 2 mutually, comprises certification and RFID application software elements 3 certification to read write line unit 2 of read write line unit 2 to RFID application software elements 3. read write line unit 2 is specially in read write line unit 2 and receives after the information of RFID application software elements 3 certification of RFID application software elements 3, the information here can be the order of the above-mentioned privately owned memory module 12 in reading electronic labels unit 1, the order of change user profile and user profile to be changed, the order of change common tag ciphertext and common tag ciphertext or other order and data to be changed, read write line unit 2 is not directly processed information, but first by after the information cache of RFID application software elements 3, read write line unit 2 is got by legitimacy authentication command and first the first random number that random number module 23 obtains and is sent to read write line interface module 30, and the first encryption and decryption module 22 is encrypted in conjunction with the first random number and read write line authenticate key, generate certification the first encrypted result, read write line interface module 30 receives legitimacy authentication command and the first random number, the second encryption and decryption module 32 is encrypted in conjunction with the first random number and RFID application software authenticate key, generate the second encrypted result, and the second encrypted result is sent to read write line unit 2 by read write line interface module 30, whether read write line unit 2 receives the second encrypted result, the second encrypted result and the first encrypted result are compared identical, if identical, the information receiving from RFID application software elements 3 is processed in read write line unit 2, otherwise the information receiving from RFID application software elements 3 is not processed in read write line unit 2. read write line unit 2 all uses the authenticate key of self to authenticate mutually in the information that receives RFID application software elements 3 like this, the information only just RFID application software elements 3 being sended in the time that authenticate key is consistent is processed, prevent the operation of illegal RFID application software elements 3 to read write line unit 2, increased the security of read write line unit 2. in the present embodiment, read write line unit 2 occurs in after the order of every or data that RFID application software elements 3 sends to read write line unit 2 certification of RFID application software elements 3, and security is the highest like this. in other embodiments, above-mentioned read write line unit 2 can be that system is while just having worked to the certification of RFID application software elements 3, read write line unit 2 just sends legitimacy authentication command and the first random number authenticates to RFID application software elements 3, certification no longer authenticates RFID application software elements 3 after by the rear data that receive again RFID application software elements 3 or order, can greatly reduce like this time of system flow work, but exist certification by rear RFID application software elements 3 be replaced and read write line unit 2 also can with the risk of its normal communication.
RFID application software elements 3 is specially RFID application software elements Unit 3 to the certification of read write line unit 2 and receives after the information of read write line unit 2, the information here can be above-mentioned common tag ciphertext, user profile or other order or data, RFID application software elements 3 is not directly processed this information, but first by after information cache, legitimacy authentication command and second is got to the second random number that random number module 33 obtains and send to read write line unit 2, and use the second encryption and decryption module 32 to be encrypted in conjunction with the second random number and RFID application software authenticate key, generate certification the 3rd encrypted result, read write line unit 2 receives legitimacy authentication command and random number, is encrypted in conjunction with the second random number and read write line authenticate key, generates the 4th encrypted result, and the 4th encrypted result is sent to RFID application software elements 3, whether RFID application software elements 3 receives the 4th encrypted result, the 4th encrypted result and the 3rd encrypted result are compared identical, if identical, RFID application software elements 3 is processed the information of receiving from read write line unit 2, otherwise RFID application software elements 3 is not processed the information of receiving from read write line unit 2. RFID application software elements 3 all uses the authenticate key of self to authenticate mutually in the information that receives Unit 2, read write line unit like this, the information only just read write line unit 2 being sended in the time of key agreement is processed, the information that prevents illegal read write line unit 2 returns to RFID application software elements 3, has increased the security of RFID application software elements 3. in the present embodiment, RFID application software elements 3 occurs in after the order of every or data that read write line unit 2 sends to RFID application software elements 3 certification of read write line unit 2, and security is the highest like this. in other embodiments, above-mentioned RFID application software elements 3 can be that system is while just having worked to the certification of read write line unit 2, RFID application software elements 3 just sends legitimacy authentication command and the first random number authenticates to read write line unit 2, certification no longer authenticates read write line unit 2 after by the rear data that again receive read write line unit 2 or order, can greatly reduce like this time of system flow work, but exist certification by rear read write line unit 2 be replaced and RFID application software elements 3 also can with the risk of its normal communication.
In the present embodiment, communication between RFID application software elements 3 and read write line unit 2 is used encryption communication, when RFID application software elements 3 sends the order of the above-mentioned privately owned memory module 12 in reading electronic labels unit 1, order and user profile to be changed, the order of change common tag ciphertext and common tag ciphertext, the second encrypted result or other order and the data to be changed of change user profile are all first encrypted these orders or data, after the data of encryption are received in read write line unit 2, deciphering obtains order or data. In the time that read write line unit 2 sends above-mentioned user profile, the 4th encrypted result or other orders or data, read write line unit 2 send to RFID application software elements 3 after all utilizing the first encryption and decryption module 22 will these data post commands to encrypt, and RFID utilizes the second encryption and decryption module 32 deciphering to obtain order or data after receiving the data of encryption. Communication between RFID application software elements 3 and read write line unit 2 is used encryption communication, has avoided the leakage of data on data circuit.
After operator password being encrypted in the present embodiment, only have and distribute the personnel of electronic tag operator password to know real operator password, and the personnel of normal operations electronic tag cannot obtain real electronic tag operator password, have greatly improved the security of operator password. Read write line and RFID application software are carried out to mutual certification simultaneously, avoided the illegal replacement of RFID application software or read write line. Also between RFID application software and read write line, use encryption communication, avoided the leakage of data on communication line, promoted the security of system communication. The present embodiment effectively by electronic tag, read write line together with the triplicity of RFID application software, the security that has improved system, has solved the outstanding safety issue of existing rfid system.
Although more than described the specific embodiment of the present invention; but being familiar with those skilled in the art is to be understood that; our described specific embodiment is illustrative; instead of for the restriction to scope of the present invention; those of ordinary skill in the art are in equivalent modification and the variation done according to spirit of the present invention, all should be encompassed in the scope that claim of the present invention protects.