CN106304046A - To the encryption of iBeacon broadcast, the method for authentication - Google Patents

To the encryption of iBeacon broadcast, the method for authentication Download PDF

Info

Publication number
CN106304046A
CN106304046A CN201510290512.0A CN201510290512A CN106304046A CN 106304046 A CN106304046 A CN 106304046A CN 201510290512 A CN201510290512 A CN 201510290512A CN 106304046 A CN106304046 A CN 106304046A
Authority
CN
China
Prior art keywords
base station
ibeacon
broadcast
ibeacon base
authentication code
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201510290512.0A
Other languages
Chinese (zh)
Other versions
CN106304046B (en
Inventor
陈晓华
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to CN201510290512.0A priority Critical patent/CN106304046B/en
Publication of CN106304046A publication Critical patent/CN106304046A/en
Application granted granted Critical
Publication of CN106304046B publication Critical patent/CN106304046B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/06Selective distribution of broadcast services, e.g. multimedia broadcast multicast service [MBMS]; Services to user groups; One-way selective calling services

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention discloses a kind of to the encryption of iBeacon broadcast, method for authenticating.The present invention increases extra Bluetooth broadcast bag i.e. by sending dynamic marks (ID) in the Bluetooth broadcast bag in addition to the original broadcast packet of iBeacon, efficiently solves the problem that iBeacon base station is rubbed by third party.By sending message authentication code (Message Authentication Code) or the digital signature of dynamically change in time in the broadcast packet in addition to the original broadcast packet of iBeacon, solve the problem that iBeacon base station is forged simultaneously.By described generation dynamic marks and the method generating message authentication code being combined, solve the problem that iBeacon base station signal is rubbed with and be forged.

Description

To the encryption of iBeacon broadcast, the method for authentication
Technical field
The present invention relates to the broadcast message approach that mobile device is used, particularly to a kind of iBeacon broadcast Encryption, method for authenticating.
Background technology
IBeacon is the neighborhood (proximity) that Apple issues jointly with iOS7 autumn in 2013 Location technology.The principle of iBeacon technology is that iBeacon base station is by super low-power consumption bluetooth (Bluetooth Low Energy) technology is to surrounding broadcast identification information, when mobile device (such as iPhone) listens to this identification information After, i.e. can determine that equipment location, thus be provided with and service targetedly, as pushed this locality to user Reward voucher, user is automatically signing in.
As it is shown in figure 1, be the unique ID structural representation comprised in iBeacon broadcast message in prior art. The message 101 of iBeacon base station broadcast, comprises a unique ID, and it is made up of three parts, is UUID respectively (Universally Unique Identifier) general unique identifier, Major, Minor (Major and Minor By iBeacon publisher's sets itself, it is all the identifier of 16).In general application, these three Divide information as address, indicate position concrete at one or scene from big to small, such as concrete at one Application in, UUID represents a chain lock catering companies, and Major indicates a city, and Minor represents The numbering in branch, the most just may indicate that this company concrete branch in this city.
But the message of iBeacon base station broadcast is in plain text, does not the most comprise other safety information, and this can cause two Problem:
The message of first, iBeacon base station broadcast can be rubbed use by anyone;Such as, if a chain lock surpasses The APP of city rival can identify the iBeacon base station arranged in shop in this supermarket, then when user enters When entering in shop, their APP just can be waken up, thus the commodity in themselves shop of sales promotion.
Its two, iBeacon base station can be forged easily;Such as, present user can be easily by downloading One should be used for simulating iBeacon base station, then arrange that the trade company of iBeacon base station just cannot really determine use Whether family is in shop, therefore, and it is also difficult to provide further service based on this.
Summary of the invention
For above-mentioned first problem, the present invention proposes in the bluetooth in addition to the original broadcast packet of iBeacon wide Broadcast the method sending dynamic marks (ID) in bag.For above-mentioned Second Problem, the present invention proposes and is removing Broadcast packet outside the original broadcast packet of iBeacon sends the message authentication code (Message of dynamically change in time Authentication Code) or the method for digital signature.When solving above two problem simultaneously, The present invention proposes to send dynamic marks and in time at the broadcast packet in addition to iBeacon original Bluetooth broadcast bag The message authentication code (Message Authentication Code) dynamically changed or the method for digital signature.
In view of this, it is an object of the invention to provide a kind of iBeacon broadcast encryption and the side of authentication Method, effectively prevent the defect that in prior art, the message of iBeacon base station broadcast can be rubbed by anyone, And the defect that iBeacon base station can be forged easily.
Based on the above-mentioned purpose present invention, the method to the encryption of iBeacon broadcast is proposed, from iBeacon base station Transmission Bluetooth broadcast bag is to receiving terminal, and its step includes:
In iBeacon base station,
Increasing extra Bluetooth broadcast bag, described extra Bluetooth broadcast bag includes the first dynamic marks;
At described receiving terminal,
Based on each described iBeacon base station, produce second identical with described first dynamic marks and dynamically mark Know, the most identical with described second dynamic marks according to described first dynamic marks, determine signal from IBeacon base station and the UUID of its correspondence, Major, Minor.
The present invention proposes the method to iBeacon broadcast authentication, sends Bluetooth broadcast from iBeacon base station Bag is to receiving terminal, and its step includes:
In iBeacon base station,
Increasing extra Bluetooth broadcast bag, described extra Bluetooth broadcast bag includes for each iBeacon base station One message authentication code Message Authentication Code;
At described receiving terminal,
Based on each described iBeacon base station, after receiving terminal receives described first message authentication code, with this First message authentication code from key corresponding to iBeacon base station and identical with described iBeacon base station bright Literary composition message generates the second message authentication code, described first message authentication code and described second message authentication code is entered Row compares,
If it is consistent, it is determined that the verity of message.
The present invention also proposes a kind of method to iBeacon broadcast authentication, sends indigo plant from iBeacon base station Tooth broadcast packet is to receiving terminal, and its step includes:
In iBeacon base station,
Increasing extra Bluetooth broadcast bag, described extra Bluetooth broadcast bag includes digital signature;
At described receiving terminal,
Based on each described iBeacon base station, after receiving terminal receives digital signature, come with this digital signature From PKI corresponding to described iBeacon base station and the clear-text message identical with base station, according to corresponding numeral label Name algorithm identifies the verity of signature.
The present invention also proposes a kind of to the encryption of iBeacon broadcast and the method for authentication, from iBeacon base station Transmission Bluetooth broadcast bag is to receiving terminal, and its step includes:
In iBeacon base station,
Increasing extra Bluetooth broadcast bag, described extra Bluetooth broadcast bag includes the first dynamic marks and for each First message authentication code of iBeacon base station;
At described receiving terminal,
Based on each described iBeacon base station, produce second identical with described first dynamic marks and dynamically mark Know, according to described first dynamic marks and described second dynamic marks the most identical determine signal from IBeacon base station and the UUID of its correspondence, Major, Minor;
With with this first message authentication code from key corresponding to iBeacon base station and with described iBeacon base Identical clear-text message of standing generates the second message authentication code, described first message authentication code and described second is disappeared Breath authentication code compares,
If it is consistent, it is determined that the verity of message.
The present invention also proposes a kind of to the encryption of iBeacon broadcast and the method for authentication, from iBeacon base station Transmission Bluetooth broadcast bag is to receiving terminal, and its step includes:
In iBeacon base station,
Increasing extra Bluetooth broadcast bag, described extra Bluetooth broadcast bag includes the first dynamic marks and digital signature;
At described receiving terminal,
Based on each described iBeacon base station, produce second identical with described first dynamic marks and dynamically mark Know, according to described first dynamic marks and described second dynamic marks the most identical determine signal from IBeacon base station and the UUID of its correspondence, Major, Minor;
With with this digital signature from PKI corresponding to described iBeacon base station and the plaintext identical with base station Message, identifies the verity of signature according to corresponding Digital Signature Algorithm
In certain embodiments, described extra Bluetooth broadcast bag,
The common broadcast bag obtained when being BLE scanning device Passive Scanning drive sweep,
Or (with), the Scan Response that during scanning device Active Scanning active scan, broadcasting equipment sends Scanning response broadcast packet.
In certain embodiments, described first dynamic marks changes the most at regular intervals, constitutes one Sequence, the dynamic marks sequence that each described iBeacon base station sends is different;Described first dynamic marks is logical Cross the pseudo random number that Generating Random Number generates.
In certain embodiments, the UUID originally sent iBeacon base station, Major, Minor are set to nothing The value of meaning, the most all of iBacon base station all uses a set of identical UUID, Major, Minor or make Identical with several sets;
By comprising real UUID, the information of Major, Minor generates cryptographic Hash;
Using the part or all of input as PRNG of described cryptographic Hash, save at a fixed time Point generates pseudo random number;
All or part of as dynamic marks using described random number, is sent by the broadcast packet of iBeacon base station.
In certain embodiments, described message authentication code or digital signature change in time, to prevent weight Put attack;
After described message authentication code is intercepting, in order to save space or to increase attack difficulty,
Or, in order to put down in a Bluetooth broadcast bag;
Described message authentication code or digital signature generate the key used, and are made in each described iBeacon base station All different.
In certain embodiments, generating a static ID for each iBeacon base station, it becomes the most in time Change, send together with message authentication code or digital signature, in order to indicate key that this message authentication code is corresponding or PKI that digital signature is corresponding and generate message authentication code or the cleartext information of digital signature;
After described static ID can be intercepting.
In certain embodiments, described first dynamic marks changes the most at regular intervals, constitutes one Sequence, the dynamic marks sequence that each described iBeacon base station sends is different;Described first dynamic marks is logical Cross the pseudo random number that Generating Random Number generates.
In certain embodiments, the UUID originally sent iBeacon base station, Major, Minor are set to nothing The value of meaning, the most all of iBacon base station all uses a set of identical UUID, Major, Minor or make Identical with several sets;
By comprising real UUID, the information of Major, Minor generates cryptographic Hash;
Using the part or all of input as PRNG of described cryptographic Hash, save at a fixed time Point generates pseudo random number;
All or part of as dynamic marks using described random number, is sent by the broadcast packet of iBeacon base station.
Beneficial effect:
The present invention increases extra Bluetooth broadcast bag i.e. by wide in the bluetooth in addition to the original broadcast packet of iBeacon Broadcast and bag sends dynamic marks (ID), efficiently solve the problem that iBeacon base station is rubbed by third party.Logical Cross the message authentication code sending dynamically change in time in the broadcast packet in addition to the original broadcast packet of iBeacon (Message Authentication Code) or digital signature, solve what iBeacon base station was forged simultaneously Problem.By described generation dynamic marks and the method generating message authentication code are combined, solve The problem that iBeacon base station signal is rubbed with and be forged.
Accompanying drawing explanation
Fig. 1 is the unique ID structural representation comprised in iBeacon broadcast message in prior art.
Fig. 2 is in one embodiment of the invention, iBeacon broadcast to be increased extra Bluetooth broadcast bag to include first The structural representation of dynamic marks.
Fig. 3 is in one embodiment of the invention, iBeacon broadcast to be increased extra Bluetooth broadcast bag to include message The structural representation of authentication code.
Fig. 4 is in one embodiment of the invention, iBeacon broadcast to be increased extra Bluetooth broadcast bag to include numeral The structural representation of signature.
Fig. 5 be in one embodiment of the invention to iBeacon broadcast encryption method schematic flow sheet (based on dynamic State identifies).
Fig. 6 be in one embodiment of the invention to iBeacon broadcast method for authenticating schematic flow sheet (based on disappearing Breath authentication code).
Fig. 7 be in one embodiment of the invention to iBeacon broadcast method for authenticating schematic flow sheet (based on number Word is signed).
Fig. 8 is the method flow signal in one embodiment of the invention to the encryption of iBeacon broadcast and authentication Figure.
Fig. 9 is the encryption of iBeacon broadcast and the method flow schematic diagram of authentication in one embodiment of the invention.
Detailed description of the invention
The most described receiving terminal can be handheld device, it is also possible to be server, and for the latter, it receives Information forwards typically receive the message of iBeacon base station via handheld device after and obtains.
It is wide to the extra bluetooth of iBeacon broadcast increase in one embodiment of the invention for refer to Fig. 2~Fig. 4 Broadcast the structural representation including dynamic marks, message authentication code, digital signature.
In the message of original iBeacon base station broadcast, comprising a unique ID, it is made up of three parts, point It not UUID (Universally Unique Identifier) general unique identifier, Major, Minor (Major With Minor by iBeacon publisher's sets itself, it is all the identifier of 16);On the basis of add Dynamic marks 201;Message authentication code 301 and digital signature 401.
Refer to Fig. 5 is to iBeacon broadcast encryption method schematic flow sheet in one embodiment of the invention (based on dynamic marks).
S501 in iBeacon base station,
S502 increases extra Bluetooth broadcast bag, and described extra Bluetooth broadcast bag includes the first dynamic marks;
S503 at described receiving terminal,
S504, based on each described iBeacon base station, produces second identical with described first dynamic marks and moves State identifies, the most identical with described second dynamic marks according to described first dynamic marks,
S505 determine signal from iBeacon base station and the UUID of its correspondence, Major, Minor.
Specifically, the method bag in order to solve the problem that iBeacon base station is rubbed by third party, in the present embodiment Include following a few part:
1) in the Bluetooth broadcast bag that iBeacon base station is extra, a dynamic marks 201 (ID) is sent, one Planting in the realization recommended, the length of this dynamic marks 201 is 16 bytes, to ensure the dynamic mark of different base station Knowing and be difficult to collide, this dynamic marks changes the most at regular intervals, thus constitutes a sequence, The dynamic marks sequence that each iBeacon base station sends is different;
2) aforementioned dynamic marks 201 can be a kind of pseudo random number or the pseudo random number of cryptography safety (Cryptographically secure pseudorandom number), the algorithm generating this pseudo random number is permissible It is the possible Generating Random Number in this field any, calculates including linear congruent algorithm, Mersenne-Twister Method, Xorshift algorithm or Yarrow algorithm etc.;
3) after aforementioned pseudo random number can be intercepting;
4) at receiving terminal, for each iBeacon base station, identical dynamic marks is produced, this dynamic marks Change with iBeacon base station synchronization in time, after receiving terminal receives the dynamic marks of base station, by this dynamic marks The dynamic marks produced with self compares, so that it is determined that signal from which iBeacon base station and it is right The UUID answered, Major, Minor;
5) UUID originally sent iBeacon base station, Major, Minor are set to insignificant value, such as All of iBacon base station all uses a set of identical UUID, Major, Minor or use a few set identical;
6) the Bluetooth broadcast bag that aforementioned iBeacon base station is extra, both can be BLE (Bluetooth Low Energy) the common broadcast bag obtained during scanning device Passive Scanning, it is also possible to be scanning device The Scan Response broadcast packet that during Active Scanning, broadcasting equipment sends.Scan Response broadcast packet Only just can send when central apparatus sends Scan Request (scan request), therefore, use Scan It is a kind of more energy-conservation method that Response broadcast packet sends aforesaid encryption with authentication information.
The first described dynamic marks obtains according to following method: by comprising real UUID, Major, The information of Minor generates cryptographic Hash;Using defeated as PRNG of described cryptographic Hash part or all of Entering, node generates pseudo random number at a fixed time;Completely or partially marking described random number as dynamic Know, the broadcast packet of iBeacon base station send.In one implementation, the input of aforementioned PRNG Can be but not limited to pseudo-random number seed, initialization vector (Initialization Vector), key, once Property numeral (Nonce) etc..
In order to solve the problem that iBeacon base station is forged, it is right in one embodiment of the invention for refer to Fig. 6 IBeacon broadcast method for authenticating schematic flow sheet (based on message authentication code).
S601 in iBeacon base station,
S602 increases extra Bluetooth broadcast bag, and described extra Bluetooth broadcast bag includes for each iBeacon base The the first message authentication code Message Authentication Code stood;
S603 at described receiving terminal,
S604 is based on each described iBeacon base station, after receiving terminal receives described first message authentication code, With with this first message authentication code from key corresponding to iBeacon base station and with described iBeacon base station phase Same clear-text message generates the second message authentication code, by described first message authentication code and described second message mirror Weighted code compares,
If S605 is consistent, it is determined that the verity of message.
It is below that in one embodiment of the invention one is preferred embodiment: 1) for each iBeacon base station Specific information, generation message authentication code (Message Authentication Code) or referred to as keyed hash (Keyed Hash), message authentication code mentioned here or make its generating algorithm of keyed hash can comprise any Cryptographic primitives (Cryptographic Primitives), such as cryptographic Hash function or from block encryption algorithm, Such as, HMAC, CBC-MAC, CCM, GCM etc.;
2) aforementioned messages authentication code changes in time, to prevent Replay Attack (replay attack);
3) after aforementioned messages authentication code can be intercepting, to save space or to increase attack difficulty;
4) sending this message authentication code in the Bluetooth broadcast bag that iBeacon base station is extra, this broadcast packet both may be used Obtain during to be BLE (Bluetooth Low Energy) scanning device Passive Scanning (drive sweep) Common broadcast bag, it is also possible to when being scanning device Active Scanning (active scan) broadcasting equipment send Scan Response (scanning response) broadcast packet;
5) after receiving terminal receives message authentication code, with this message authentication code from key corresponding to base station With the clear-text message identical with base station generates message authentication code, two message authentication codes are compared, if Unanimously, it is determined that the verity of message;
6) aforementioned messages authentication code generates the key used, and it is different that each iBeacon is used;
7) generating a static ID for each iBeacon base station, it does not changes over time, and message authentication Code sends together, in order to indicate the key and the plaintext letter of generation message authentication code that this message authentication code is corresponding Breath, the generating algorithm of static ID can be but not limited to various known informative abstract generating algorithm or Hash is calculated Method;
8) after aforementioned static ID can be intercepting.
In an example, by comprising UUID, the information of Major, Minor generates cryptographic Hash, takes this cryptographic Hash Part, as static ID, take another part of this cryptographic Hash plus timestamp information as message, use Hmac algorithm combines Key production information authentication code and intercepts, the same message of static ID that will ultimately generate Authentication code together sends in the Scan Response broadcast packet of iBeacon base station.Server receives by hands After static ID that holding equipment is submitted to and message authentication code, according to static ID, take out corresponding key and use and The identical method in base station obtains message, uses hmac algorithm and its message authentication code of corresponding cipher key calculation, Calculated message authentication code is compared with the authentication code received, if unanimously, then proves that information source is Reliably.
Equally, in order to solve the problem that iBeacon base station is forged, refer to, Fig. 7 is the present invention one enforcement To iBeacon broadcast method for authenticating schematic flow sheet (based on digital signature) in example.
S701 in iBeacon base station,
S702 increases extra Bluetooth broadcast bag, and described extra Bluetooth broadcast bag includes digital signature;
S703 at described receiving terminal,
S704 is based on each described iBeacon base station, after receiving terminal receives digital signature, with this numeral Sign from PKI corresponding to described iBeacon base station and the clear-text message identical with base station,
S705 identifies the verity of signature according to corresponding Digital Signature Algorithm.
It is below that in one embodiment of the invention one is preferred embodiment: 1) for each iBeacon base station Specific information, uses Digital Signature Algorithm, generates their digital signature, digital signature mentioned here Algorithm can be various feasible Digital Signature Algorithms, and the shortest digital signature (Short Signature) is calculated Method, such as, BLS (Boneh-Lynn-Shacham) algorithm, BB (Boneh-Boyen) algorithm, ZSS (Zhang-Safavi-Susilo) algorithm etc.;
2) aforementioned digital signature changes, in time to prevent Replay Attack (Replay Attack);
3) length of aforementioned digital signature determines less than or equal to 31 bytes, in order at a Bluetooth broadcast bag In put down;
4) sending this digital signature in the Bluetooth broadcast bag that iBeacon base station is extra, this broadcast packet is the most permissible Obtain when being BLE (Bluetooth Low Energy) scanning device Passive Scanning (drive sweep) Common broadcast bag, it is also possible to when being scanning device Active Scanning (active scan), broadcasting equipment sends Scan Response (scanning response) broadcast packet;
5) after receiving terminal receives digital signature, with this digital signature from PKI corresponding to base station and with The clear-text message that base station is identical, identifies the verity of signature according to concrete Digital Signature Algorithm;
6) the aforementioned digital signature private key of generating algorithm and PKI pair, each iBeacon base station is used Different;
7) generating a static ID for each iBeacon base station, it does not changes over time, and digital signature Send together, in order to indicate PKI corresponding to this digital signature and to generate the message of this digital signature, static The generating algorithm of ID can be but not limited to various known informative abstract generating algorithm or hash algorithm;
8) after aforementioned static ID can be intercepting.
In an example, by comprising UUID, the information of Major, Minor generates cryptographic Hash, takes this cryptographic Hash Part, as static ID, take another part of this cryptographic Hash plus timestamp information as message, use BLS algorithm combines private key and generates the short digital signature of 20 bytes, the same short signature of static ID that will ultimately generate Together send in the Scan Response broadcast packet of iBeacon base station.Server receives by handheld device After the static ID submitted to and short signature, according to static ID, take out corresponding PKI and use identical with base station Method obtains message, identifies the verity of short signature according to BLS algorithm.
The method of the use digital signature proposed here compared with the method for aforementioned use message authentication code, due to Use Asymmetric encryption, have two benefits: 1) receiving terminal when identifying the verity of message, use public affairs Key rather than shared key, it is to avoid the risk that key is compromised, its private key can be only present in iBeacon In base station;2) there is non repudiation (non-repudiation), i.e. digital signature be only possible to be to have private key A side sign and issue, therefore in the case of private key is not revealed, can be concluded that signature is from iBeacon base station.
In order to solve the problem that iBeacon base station signal is rubbed with and be forged simultaneously, can be by life described above Becoming dynamic marks and the method generating message authentication code to be combined, refer to Fig. 8 is one embodiment of the invention In to iBeacon broadcast encryption and authentication method flow schematic diagram.
S801 in iBeacon base station,
S802 increases extra Bluetooth broadcast bag, described extra Bluetooth broadcast bag include the first dynamic marks and for First message authentication code of each iBeacon base station;
S803 at described receiving terminal,
S804, based on each described iBeacon base station, produces second identical with described first dynamic marks and moves State identifies, according to described first dynamic marks and described second dynamic marks the most identical determine signal from IBeacon base station and the UUID of its correspondence, Major, Minor;
S805 with this first message authentication code from key corresponding to iBeacon base station and with described The identical clear-text message in iBeacon base station generates the second message authentication code, by described first message authentication code and institute State the second message authentication code to compare,
If S806 is consistent, it is determined that the verity of message.
As a kind of reference, said method can comprise following several part:
1) sending a dynamic marks (ID) in the Bluetooth broadcast bag that iBeacon base station is extra, this is dynamically marked Knowing and often change at regular intervals, thus constitute a sequence, it is dynamic that each iBeacon base station sends Mark sequence is different;
2) aforementioned dynamic marks can be a kind of pseudo random number or the pseudo random number of cryptography safety (Cryptographically secure pseudorandom number), the algorithm generating this pseudo random number is permissible It is the possible Generating Random Number in this field any, calculates including linear congruent algorithm, Mersenne-Twister Method, Xorshift algorithm, Yarrow algorithm etc.;
3) after aforementioned pseudo random number can be intercepting;
4) for the specific information in each base station or aforementioned dynamic marks, use key, generate message authentication code (Message Authentication Code) or referred to as keyed hash (Keyed Hash), mentioned here disappear Cease authentication code or make its generating algorithm of keyed hash can comprise any cryptographic primitives (Cryptographic Primitives), such as cryptographic Hash function or from block encryption algorithm, such as, HMAC, CBC-MAC, CCM, GCM etc.;
5) aforementioned messages authentication code changes in time, to prevent Replay Attack (replay attack);
6) after aforementioned messages authentication code can be intercepting, to save space or to increase attack difficulty;
7) in the Bluetooth broadcast bag that iBeacon base station is extra, aforementioned dynamic marks and message authentication are sent together Code, when this broadcast packet both can be BLE (Bluetooth Low Energy) scanning device Passive Scanning The common broadcast bag obtained, it is also possible to the Scan that when being scanning device Active Scanning, broadcasting equipment sends Response broadcast packet;
8) at receiving terminal, for each iBeacon base station, identical dynamic marks is produced, this dynamic marks Change with iBeacon base station synchronization in time, after receiving terminal receives the dynamic marks of base station, by this dynamic marks The dynamic marks produced with self compares, so that it is determined that signal is from which iBeacon base station and correspondence UUID, Major, Minor and message authentication code key;
9) after receiving terminal receives message authentication code, with this message authentication code from key corresponding to base station With the clear-text message identical with base station generates message authentication code, two message authentication codes are compared, if Unanimously, it is determined that the verity of message;
10) key of aforementioned messages authentication code generating algorithm, it is different that each iBeacon is used;
11) UUID originally sent iBeacon base station, Major, Minor are set to insignificant value, such as All of iBacon base station all uses a set of identical UUID, Major, Minor or use a few set identical.
In one implementation, by comprising true UUID, the information of Major, Minor generates cryptographic Hash, by this Kazakhstan The part or all of input as PRNG of uncommon value, node generates pseudorandom at a fixed time Number, all or part of as dynamic marks using this random number, take this cryptographic Hash all or part of plus time Between stab information generate message, use hmac algorithm combine key calculation message authentication code and intercept, will The dynamic marks ultimately generated with message authentication code together at the Scan Response broadcast packet of iBeacon base station Middle transmission.After server receives the dynamic marks and message authentication code submitted to by handheld device, comparison service Device end synchronizes the dynamic marks produced, and takes out corresponding message authentication code key, and uses identical with base station Method obtains message, uses hmac algorithm and its message authentication code of corresponding cipher key calculation, will be calculated Message authentication code compare with the authentication code received, if unanimously, then prove information source be reliable.Before The input stating PRNG can be but not limited to seed, initialization vector (Initialization Vector), key, digital one time (Nonce) etc..
Based on above-mentioned, in order to solve simultaneously iBeacon base station signal rubbed with and the problem that is forged, can be by Generation dynamic marks described above and the method generating digital signature are combined, and as a kind of reference, please join Examining Fig. 9 is the encryption of iBeacon broadcast and the method flow schematic diagram of authentication.
S901 in iBeacon base station,
S902 increases extra Bluetooth broadcast bag, and described extra Bluetooth broadcast bag includes the first dynamic marks and numeral Signature;
S903 at described receiving terminal,
S904, based on each described iBeacon base station, produces second identical with described first dynamic marks and moves State identifies, according to described first dynamic marks and described second dynamic marks the most identical determine signal from IBeacon base station and the UUID of its correspondence, Major, Minor;
S905 with this digital signature from PKI corresponding to described iBeacon base station and identical with base station Clear-text message, identifies the verity of signature according to corresponding Digital Signature Algorithm.
As a kind of reference, said method can comprise following several part:
1) sending a dynamic marks (ID) in the Bluetooth broadcast bag that iBeacon base station is extra, this is dynamically marked Knowing and often change at regular intervals, thus constitute a sequence, it is dynamic that each iBeacon base station sends Mark sequence is different;
2) aforementioned dynamic marks can be a kind of pseudo random number or the pseudo random number of cryptography safety (Cryptographically secure pseudorandom number), the algorithm generating this pseudo random number is permissible It is the possible Generating Random Number in this field any, calculates including linear congruent algorithm, Mersenne-Twister Method, Xorshift algorithm, Yarrow algorithm etc.;
3) after aforementioned pseudo random number can be intercepting;
4) for the specific information in each iBeacon base station or aforementioned dynamic marks, Digital Signature Algorithm is used, Generating digital signature, Digital Signature Algorithm mentioned here comprises various known Digital Signature Algorithm, especially It is short digital signature (Short Signature) algorithm, such as, BLS algorithm, BS algorithm, ZSS algorithm etc.;
5) aforementioned digital signature changes, in time to prevent Replay Attack (replay attack);
6) in the Bluetooth broadcast bag that iBeacon base station is extra, aforementioned dynamic marks and digital signature are sent together, Obtained when this broadcast packet both can be BLE (Bluetooth Low Energy) scanning device Passive Scanning Common broadcast bag, it is also possible to when being scanning device Active Scanning broadcasting equipment send Scan Response broadcast packet;
7) at receiving terminal, for each iBeacon base station, identical dynamic marks is produced, this dynamic marks Change with iBeacon base station synchronization in time, after receiving terminal receives the dynamic marks of base station, by this dynamic marks The dynamic marks produced with self compares, so that it is determined that signal is from which iBeacon base station and correspondence UUID, Major, Minor and the PKI of digital signature;
8) after receiving terminal receives digital signature, with this digital signature from PKI corresponding to base station and with The clear-text message that base station is identical, identifies the verity of signature according to concrete Digital Signature Algorithm;
9) the aforementioned digital signature private key of generating algorithm and PKI pair, each iBeacon base station is used Different;
10) UUID originally sent iBeacon base station, Major, Minor are set to insignificant value, such as All of iBacon base station all uses a set of identical UUID, Major, Minor or use a few set identical.
In one implementation, by comprising true UUID, the information of Major, Minor generates cryptographic Hash, by this Kazakhstan The part or all of input as PRNG of uncommon value, node generates pseudorandom at a fixed time Number, all or part of as dynamic marks using this random number, take this cryptographic Hash all or part of plus time Between stab information as message, use BLS algorithm to combine private key and generate the short digital signature of 20 bytes, will be final The dynamic marks generated together sends with digital signature in the Scan Response broadcast packet of iBeacon base station. After server receives the dynamic marks and digital signature submitted to by handheld device, comparison server end synchronizes to produce Raw dynamic marks, takes out corresponding digital signature PKI, and uses the method identical with base station to obtain message, The verity of short signature is identified according to BLS algorithm.The input of aforementioned PRNG can be but not limit In seed, initialization vector (Initialization Vector), key, digital one time (Nonce) etc..
All examples above-mentioned are used only to explanation, and become one to limit not, any possible combination It it is all situation to be expressed.

Claims (12)

1. to iBeacon broadcast encryption a method, from iBeacon base station send Bluetooth broadcast bag to Receiving terminal, its step includes:
In iBeacon base station,
Increasing extra Bluetooth broadcast bag, described extra Bluetooth broadcast bag includes the first dynamic marks;
At described receiving terminal,
Based on each described iBeacon base station, produce second identical with described first dynamic marks and dynamically mark Know, the most identical with described second dynamic marks according to described first dynamic marks, determine signal from IBeacon base station and the UUID of its correspondence, Major, Minor.
2. to iBeacon broadcast authentication a method, from iBeacon base station send Bluetooth broadcast bag to Receiving terminal, its step includes:
In iBeacon base station,
Increasing extra Bluetooth broadcast bag, described extra Bluetooth broadcast bag includes for each iBeacon base station One message authentication code Message Authentication Code;
At described receiving terminal,
Based on each described iBeacon base station, after receiving terminal receives described first message authentication code, with this First message authentication code from key corresponding to iBeacon base station and identical with described iBeacon base station bright Literary composition message generates the second message authentication code, described first message authentication code and described second message authentication code is entered Row compares,
If it is consistent, it is determined that the verity of message.
3. to iBeacon broadcast authentication a method, from iBeacon base station send Bluetooth broadcast bag to Receiving terminal, its step includes:
In iBeacon base station,
Increasing extra Bluetooth broadcast bag, described extra Bluetooth broadcast bag includes digital signature;
At described receiving terminal,
Based on each described iBeacon base station, after receiving terminal receives digital signature, come with this digital signature From PKI corresponding to described iBeacon base station and the clear-text message identical with base station, according to corresponding numeral label Name algorithm identifies the verity of signature.
4., to the encryption of iBeacon broadcast and a method for authentication, send bluetooth from iBeacon base station wide Broadcasting bag and arrive receiving terminal, its step includes:
In iBeacon base station,
Increasing extra Bluetooth broadcast bag, described extra Bluetooth broadcast bag includes the first dynamic marks and for each First message authentication code of iBeacon base station;
At described receiving terminal,
Based on each described iBeacon base station, produce second identical with described first dynamic marks and dynamically mark Know, according to described first dynamic marks and described second dynamic marks the most identical determine signal from IBeacon base station and the UUID of its correspondence, Major, Minor;
With with this first message authentication code from key corresponding to iBeacon base station and with described iBeacon base Identical clear-text message of standing generates the second message authentication code, described first message authentication code and described second is disappeared Breath authentication code compares,
If it is consistent, it is determined that the verity of message.
5., to the encryption of iBeacon broadcast and a method for authentication, send bluetooth from iBeacon base station wide Broadcasting bag and arrive receiving terminal, its step includes:
In iBeacon base station,
Increasing extra Bluetooth broadcast bag, described extra Bluetooth broadcast bag includes the first dynamic marks and digital signature;
At described receiving terminal,
Based on each described iBeacon base station, produce second identical with described first dynamic marks and dynamically mark Know, according to described first dynamic marks and described second dynamic marks the most identical determine signal from IBeacon base station and the UUID of its correspondence, Major, Minor;
With with this digital signature from PKI corresponding to described iBeacon base station and the plaintext identical with base station Message, identifies the verity of signature according to corresponding Digital Signature Algorithm.
6. according to iBeacon broadcast is encrypted and the side of authentication described in claim 4 or 5 Arbitrary Term Method, it is characterised in that described extra Bluetooth broadcast bag,
The common broadcast bag obtained when being BLE scanning device Passive Scanning drive sweep,
Or/and, the Scan Response that during scanning device Active Scanning active scan, broadcasting equipment sends Scanning response broadcast packet.
7. according to iBeacon broadcast is encrypted and the method for authentication described in claim 4 or 5, its Being characterised by, described first dynamic marks changes the most at regular intervals, constitutes a sequence, each The dynamic marks sequence that described iBeacon base station sends is different.
8. according to iBeacon broadcast is encrypted and the method for authentication described in claim 4 or 5, its It is characterised by,
Originally the UUID sent iBeacon base station, Major, Minor are set to insignificant value, the most all IBacon base station all use a set of identical UUID, Major, Minor or use a few set identical;
By comprising real UUID, the information of Major, Minor generates cryptographic Hash;
Using the part or all of input as PRNG of described cryptographic Hash, save at a fixed time Point generates pseudo random number;
All or part of as dynamic marks using described random number, is sent by the broadcast packet of iBeacon base station.
9., according to the method to iBeacon broadcast authentication described in Claims 2 or 3, its feature exists In,
Described message authentication code or digital signature change in time, to prevent Replay Attack;
Described message authentication code or digital signature generate the key used, and are made in each described iBeacon base station All different.
10., according to the method to iBeacon broadcast authentication described in Claims 2 or 3, its feature exists In,
Generating a static ID for each iBeacon base station, it does not changes over time, and message authentication code Or digital signature sends together, in order to indicate key that this message authentication code is corresponding or public affairs corresponding to digital signature Key and generate message authentication code or the cleartext information of digital signature;
After described static ID can be intercepting.
11. is according to claim 1 to iBeacon broadcast encryption method, it is characterised in that institute State the first dynamic marks to change the most at regular intervals, constitute a sequence, each described iBeacon base The dynamic marks sequence sent of standing is different.
12. is according to claim 1 to iBeacon broadcast encryption method, it is characterised in that
Originally the UUID sent iBeacon base station, Major, Minor are set to insignificant value, the most all IBacon base station all use a set of identical UUID, Major, Minor or use a few set identical;
By comprising real UUID, the information of Major, Minor generates cryptographic Hash;
Using the part or all of input as PRNG of described cryptographic Hash, save at a fixed time Point generates pseudo random number;
All or part of as dynamic marks using described random number, is sent by the broadcast packet of iBeacon base station.
CN201510290512.0A 2015-06-01 2015-06-01 Method for encrypting and authenticating iBeacon broadcast message Expired - Fee Related CN106304046B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510290512.0A CN106304046B (en) 2015-06-01 2015-06-01 Method for encrypting and authenticating iBeacon broadcast message

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510290512.0A CN106304046B (en) 2015-06-01 2015-06-01 Method for encrypting and authenticating iBeacon broadcast message

Publications (2)

Publication Number Publication Date
CN106304046A true CN106304046A (en) 2017-01-04
CN106304046B CN106304046B (en) 2020-01-07

Family

ID=57655433

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510290512.0A Expired - Fee Related CN106304046B (en) 2015-06-01 2015-06-01 Method for encrypting and authenticating iBeacon broadcast message

Country Status (1)

Country Link
CN (1) CN106304046B (en)

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109525940A (en) * 2018-12-18 2019-03-26 京信通信系统(中国)有限公司 Localization method, device and electronic equipment based on antenna
WO2019059903A1 (en) 2017-09-20 2019-03-28 Visa International Service Association Hands free interaction system and method
CN110113753A (en) * 2019-05-14 2019-08-09 苏州霞客说导览科技有限公司 A kind of anti-rub of the base station beacon uses method
CN110177000A (en) * 2019-05-21 2019-08-27 重庆邮电大学 A kind of encrypted transmission method of wearable device
CN110784529A (en) * 2019-10-22 2020-02-11 飞天诚信科技股份有限公司 Information pushing method and device, electronic device and computer readable storage medium
CN110798526A (en) * 2019-11-01 2020-02-14 美的集团股份有限公司 Intelligent household appliance message pushing method and system, electronic equipment and storage medium
CN111898164A (en) * 2020-07-02 2020-11-06 武汉纺织大学 Data integrity auditing method supporting tag block chain storage and query
CN115334486A (en) * 2022-10-18 2022-11-11 成都锐成芯微科技股份有限公司 Bluetooth communication method and Bluetooth system
CN115694599A (en) * 2021-07-31 2023-02-03 华为技术有限公司 Transmission method, system and related device

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101203025A (en) * 2006-12-15 2008-06-18 上海晨兴电子科技有限公司 Method for transmitting and receiving safe mobile message
CN102917313A (en) * 2012-10-17 2013-02-06 重庆邮电大学 Method suitable for broadcast authentication of wireless sensor network
CN104008498A (en) * 2014-06-18 2014-08-27 胡继强 IBeacon advertizing method and system
CN104202295A (en) * 2014-07-25 2014-12-10 苏州寻息电子科技有限公司 Beacon node based safeguard system and implementation method thereof

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101203025A (en) * 2006-12-15 2008-06-18 上海晨兴电子科技有限公司 Method for transmitting and receiving safe mobile message
CN102917313A (en) * 2012-10-17 2013-02-06 重庆邮电大学 Method suitable for broadcast authentication of wireless sensor network
CN104008498A (en) * 2014-06-18 2014-08-27 胡继强 IBeacon advertizing method and system
CN104202295A (en) * 2014-07-25 2014-12-10 苏州寻息电子科技有限公司 Beacon node based safeguard system and implementation method thereof

Cited By (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2019059903A1 (en) 2017-09-20 2019-03-28 Visa International Service Association Hands free interaction system and method
US11558741B2 (en) 2017-09-20 2023-01-17 Visa International Service Association Hands free interaction system and method
EP3685603A4 (en) * 2017-09-20 2020-08-12 Visa International Service Association Hands free interaction system and method
CN109525940B (en) * 2018-12-18 2021-10-22 京信网络系统股份有限公司 Positioning method and device based on antenna and electronic equipment
CN109525940A (en) * 2018-12-18 2019-03-26 京信通信系统(中国)有限公司 Localization method, device and electronic equipment based on antenna
CN110113753A (en) * 2019-05-14 2019-08-09 苏州霞客说导览科技有限公司 A kind of anti-rub of the base station beacon uses method
CN110177000A (en) * 2019-05-21 2019-08-27 重庆邮电大学 A kind of encrypted transmission method of wearable device
CN110784529A (en) * 2019-10-22 2020-02-11 飞天诚信科技股份有限公司 Information pushing method and device, electronic device and computer readable storage medium
CN110784529B (en) * 2019-10-22 2022-04-29 飞天诚信科技股份有限公司 Information pushing method and device, electronic device and computer readable storage medium
CN110798526A (en) * 2019-11-01 2020-02-14 美的集团股份有限公司 Intelligent household appliance message pushing method and system, electronic equipment and storage medium
CN111898164A (en) * 2020-07-02 2020-11-06 武汉纺织大学 Data integrity auditing method supporting tag block chain storage and query
CN111898164B (en) * 2020-07-02 2024-03-29 武汉纺织大学 Data integrity auditing method supporting label block chain storage and query
CN115694599A (en) * 2021-07-31 2023-02-03 华为技术有限公司 Transmission method, system and related device
WO2023011373A1 (en) * 2021-07-31 2023-02-09 华为技术有限公司 Transmission method and system, and related device
CN115694599B (en) * 2021-07-31 2024-06-18 华为技术有限公司 Transmission method, system and related device
CN115334486A (en) * 2022-10-18 2022-11-11 成都锐成芯微科技股份有限公司 Bluetooth communication method and Bluetooth system

Also Published As

Publication number Publication date
CN106304046B (en) 2020-01-07

Similar Documents

Publication Publication Date Title
CN106304046A (en) To the encryption of iBeacon broadcast, the method for authentication
US20190238340A1 (en) Method, apparatus, node, signature device and system for generating block of blockchain
Bao et al. A new chaotic system for image encryption
WO2008127446A3 (en) A method and apparatus for time-lapse cryptography
EP2779589A3 (en) Changing dynamic group VPN member reachability information
US20150019868A1 (en) Public encryption method based on user id
CN106161472A (en) A kind of method of data encryption, Apparatus and system
CN106612182A (en) Method for implementing SM2 white-box digital signature based on residue number system
DE60113678D1 (en) GENERATOR FOR PSEUDO RANDOM COUNTS
CN106934628A (en) The generation verification method and system of a kind of passive anti-fake two-dimension code
CN108989048A (en) Cryptographic key distribution method, device, equipment and storage medium
CN103731270A (en) Communication data encryption and decryption method based on BBS, RSA and SHA-1 encryption algorithm
CN110475249A (en) A kind of authentication method, relevant device and system
CN109068322A (en) Decryption method, system, mobile terminal, server and storage medium
CN108155987A (en) Group message sending method, method of reseptance and its system and communicating terminal
US9237010B2 (en) Secure transmission of a message
CN106330862A (en) Secure transmission method and system for dynamic password
CN110365662A (en) Business approval method and device
IL288054B2 (en) System and method for performing equality and less than operations on encrypted data with quasigroup operations
US20190169810A1 (en) Communication system
CN110213057A (en) SM9 digital signature collaboration generation method and system with product r parameter
CN103561024A (en) Data transmission method based on weighing instrument and remote server
CN113300999B (en) Information processing method, electronic device, and readable storage medium
CN104253691A (en) Logistics information transmission method, device and system
Yuan et al. An implementation of navigation message authentication with reserved bits for civil BDS anti-spoofing

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20200107

Termination date: 20210601