CN106304046A - To the encryption of iBeacon broadcast, the method for authentication - Google Patents
To the encryption of iBeacon broadcast, the method for authentication Download PDFInfo
- Publication number
- CN106304046A CN106304046A CN201510290512.0A CN201510290512A CN106304046A CN 106304046 A CN106304046 A CN 106304046A CN 201510290512 A CN201510290512 A CN 201510290512A CN 106304046 A CN106304046 A CN 106304046A
- Authority
- CN
- China
- Prior art keywords
- base station
- ibeacon
- broadcast
- ibeacon base
- authentication code
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/02—Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/06—Selective distribution of broadcast services, e.g. multimedia broadcast multicast service [MBMS]; Services to user groups; One-way selective calling services
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses a kind of to the encryption of iBeacon broadcast, method for authenticating.The present invention increases extra Bluetooth broadcast bag i.e. by sending dynamic marks (ID) in the Bluetooth broadcast bag in addition to the original broadcast packet of iBeacon, efficiently solves the problem that iBeacon base station is rubbed by third party.By sending message authentication code (Message Authentication Code) or the digital signature of dynamically change in time in the broadcast packet in addition to the original broadcast packet of iBeacon, solve the problem that iBeacon base station is forged simultaneously.By described generation dynamic marks and the method generating message authentication code being combined, solve the problem that iBeacon base station signal is rubbed with and be forged.
Description
Technical field
The present invention relates to the broadcast message approach that mobile device is used, particularly to a kind of iBeacon broadcast
Encryption, method for authenticating.
Background technology
IBeacon is the neighborhood (proximity) that Apple issues jointly with iOS7 autumn in 2013
Location technology.The principle of iBeacon technology is that iBeacon base station is by super low-power consumption bluetooth (Bluetooth Low
Energy) technology is to surrounding broadcast identification information, when mobile device (such as iPhone) listens to this identification information
After, i.e. can determine that equipment location, thus be provided with and service targetedly, as pushed this locality to user
Reward voucher, user is automatically signing in.
As it is shown in figure 1, be the unique ID structural representation comprised in iBeacon broadcast message in prior art.
The message 101 of iBeacon base station broadcast, comprises a unique ID, and it is made up of three parts, is UUID respectively
(Universally Unique Identifier) general unique identifier, Major, Minor (Major and Minor
By iBeacon publisher's sets itself, it is all the identifier of 16).In general application, these three
Divide information as address, indicate position concrete at one or scene from big to small, such as concrete at one
Application in, UUID represents a chain lock catering companies, and Major indicates a city, and Minor represents
The numbering in branch, the most just may indicate that this company concrete branch in this city.
But the message of iBeacon base station broadcast is in plain text, does not the most comprise other safety information, and this can cause two
Problem:
The message of first, iBeacon base station broadcast can be rubbed use by anyone;Such as, if a chain lock surpasses
The APP of city rival can identify the iBeacon base station arranged in shop in this supermarket, then when user enters
When entering in shop, their APP just can be waken up, thus the commodity in themselves shop of sales promotion.
Its two, iBeacon base station can be forged easily;Such as, present user can be easily by downloading
One should be used for simulating iBeacon base station, then arrange that the trade company of iBeacon base station just cannot really determine use
Whether family is in shop, therefore, and it is also difficult to provide further service based on this.
Summary of the invention
For above-mentioned first problem, the present invention proposes in the bluetooth in addition to the original broadcast packet of iBeacon wide
Broadcast the method sending dynamic marks (ID) in bag.For above-mentioned Second Problem, the present invention proposes and is removing
Broadcast packet outside the original broadcast packet of iBeacon sends the message authentication code (Message of dynamically change in time
Authentication Code) or the method for digital signature.When solving above two problem simultaneously,
The present invention proposes to send dynamic marks and in time at the broadcast packet in addition to iBeacon original Bluetooth broadcast bag
The message authentication code (Message Authentication Code) dynamically changed or the method for digital signature.
In view of this, it is an object of the invention to provide a kind of iBeacon broadcast encryption and the side of authentication
Method, effectively prevent the defect that in prior art, the message of iBeacon base station broadcast can be rubbed by anyone,
And the defect that iBeacon base station can be forged easily.
Based on the above-mentioned purpose present invention, the method to the encryption of iBeacon broadcast is proposed, from iBeacon base station
Transmission Bluetooth broadcast bag is to receiving terminal, and its step includes:
In iBeacon base station,
Increasing extra Bluetooth broadcast bag, described extra Bluetooth broadcast bag includes the first dynamic marks;
At described receiving terminal,
Based on each described iBeacon base station, produce second identical with described first dynamic marks and dynamically mark
Know, the most identical with described second dynamic marks according to described first dynamic marks, determine signal from
IBeacon base station and the UUID of its correspondence, Major, Minor.
The present invention proposes the method to iBeacon broadcast authentication, sends Bluetooth broadcast from iBeacon base station
Bag is to receiving terminal, and its step includes:
In iBeacon base station,
Increasing extra Bluetooth broadcast bag, described extra Bluetooth broadcast bag includes for each iBeacon base station
One message authentication code Message Authentication Code;
At described receiving terminal,
Based on each described iBeacon base station, after receiving terminal receives described first message authentication code, with this
First message authentication code from key corresponding to iBeacon base station and identical with described iBeacon base station bright
Literary composition message generates the second message authentication code, described first message authentication code and described second message authentication code is entered
Row compares,
If it is consistent, it is determined that the verity of message.
The present invention also proposes a kind of method to iBeacon broadcast authentication, sends indigo plant from iBeacon base station
Tooth broadcast packet is to receiving terminal, and its step includes:
In iBeacon base station,
Increasing extra Bluetooth broadcast bag, described extra Bluetooth broadcast bag includes digital signature;
At described receiving terminal,
Based on each described iBeacon base station, after receiving terminal receives digital signature, come with this digital signature
From PKI corresponding to described iBeacon base station and the clear-text message identical with base station, according to corresponding numeral label
Name algorithm identifies the verity of signature.
The present invention also proposes a kind of to the encryption of iBeacon broadcast and the method for authentication, from iBeacon base station
Transmission Bluetooth broadcast bag is to receiving terminal, and its step includes:
In iBeacon base station,
Increasing extra Bluetooth broadcast bag, described extra Bluetooth broadcast bag includes the first dynamic marks and for each
First message authentication code of iBeacon base station;
At described receiving terminal,
Based on each described iBeacon base station, produce second identical with described first dynamic marks and dynamically mark
Know, according to described first dynamic marks and described second dynamic marks the most identical determine signal from
IBeacon base station and the UUID of its correspondence, Major, Minor;
With with this first message authentication code from key corresponding to iBeacon base station and with described iBeacon base
Identical clear-text message of standing generates the second message authentication code, described first message authentication code and described second is disappeared
Breath authentication code compares,
If it is consistent, it is determined that the verity of message.
The present invention also proposes a kind of to the encryption of iBeacon broadcast and the method for authentication, from iBeacon base station
Transmission Bluetooth broadcast bag is to receiving terminal, and its step includes:
In iBeacon base station,
Increasing extra Bluetooth broadcast bag, described extra Bluetooth broadcast bag includes the first dynamic marks and digital signature;
At described receiving terminal,
Based on each described iBeacon base station, produce second identical with described first dynamic marks and dynamically mark
Know, according to described first dynamic marks and described second dynamic marks the most identical determine signal from
IBeacon base station and the UUID of its correspondence, Major, Minor;
With with this digital signature from PKI corresponding to described iBeacon base station and the plaintext identical with base station
Message, identifies the verity of signature according to corresponding Digital Signature Algorithm
In certain embodiments, described extra Bluetooth broadcast bag,
The common broadcast bag obtained when being BLE scanning device Passive Scanning drive sweep,
Or (with), the Scan Response that during scanning device Active Scanning active scan, broadcasting equipment sends
Scanning response broadcast packet.
In certain embodiments, described first dynamic marks changes the most at regular intervals, constitutes one
Sequence, the dynamic marks sequence that each described iBeacon base station sends is different;Described first dynamic marks is logical
Cross the pseudo random number that Generating Random Number generates.
In certain embodiments, the UUID originally sent iBeacon base station, Major, Minor are set to nothing
The value of meaning, the most all of iBacon base station all uses a set of identical UUID, Major, Minor or make
Identical with several sets;
By comprising real UUID, the information of Major, Minor generates cryptographic Hash;
Using the part or all of input as PRNG of described cryptographic Hash, save at a fixed time
Point generates pseudo random number;
All or part of as dynamic marks using described random number, is sent by the broadcast packet of iBeacon base station.
In certain embodiments, described message authentication code or digital signature change in time, to prevent weight
Put attack;
After described message authentication code is intercepting, in order to save space or to increase attack difficulty,
Or, in order to put down in a Bluetooth broadcast bag;
Described message authentication code or digital signature generate the key used, and are made in each described iBeacon base station
All different.
In certain embodiments, generating a static ID for each iBeacon base station, it becomes the most in time
Change, send together with message authentication code or digital signature, in order to indicate key that this message authentication code is corresponding or
PKI that digital signature is corresponding and generate message authentication code or the cleartext information of digital signature;
After described static ID can be intercepting.
In certain embodiments, described first dynamic marks changes the most at regular intervals, constitutes one
Sequence, the dynamic marks sequence that each described iBeacon base station sends is different;Described first dynamic marks is logical
Cross the pseudo random number that Generating Random Number generates.
In certain embodiments, the UUID originally sent iBeacon base station, Major, Minor are set to nothing
The value of meaning, the most all of iBacon base station all uses a set of identical UUID, Major, Minor or make
Identical with several sets;
By comprising real UUID, the information of Major, Minor generates cryptographic Hash;
Using the part or all of input as PRNG of described cryptographic Hash, save at a fixed time
Point generates pseudo random number;
All or part of as dynamic marks using described random number, is sent by the broadcast packet of iBeacon base station.
Beneficial effect:
The present invention increases extra Bluetooth broadcast bag i.e. by wide in the bluetooth in addition to the original broadcast packet of iBeacon
Broadcast and bag sends dynamic marks (ID), efficiently solve the problem that iBeacon base station is rubbed by third party.Logical
Cross the message authentication code sending dynamically change in time in the broadcast packet in addition to the original broadcast packet of iBeacon
(Message Authentication Code) or digital signature, solve what iBeacon base station was forged simultaneously
Problem.By described generation dynamic marks and the method generating message authentication code are combined, solve
The problem that iBeacon base station signal is rubbed with and be forged.
Accompanying drawing explanation
Fig. 1 is the unique ID structural representation comprised in iBeacon broadcast message in prior art.
Fig. 2 is in one embodiment of the invention, iBeacon broadcast to be increased extra Bluetooth broadcast bag to include first
The structural representation of dynamic marks.
Fig. 3 is in one embodiment of the invention, iBeacon broadcast to be increased extra Bluetooth broadcast bag to include message
The structural representation of authentication code.
Fig. 4 is in one embodiment of the invention, iBeacon broadcast to be increased extra Bluetooth broadcast bag to include numeral
The structural representation of signature.
Fig. 5 be in one embodiment of the invention to iBeacon broadcast encryption method schematic flow sheet (based on dynamic
State identifies).
Fig. 6 be in one embodiment of the invention to iBeacon broadcast method for authenticating schematic flow sheet (based on disappearing
Breath authentication code).
Fig. 7 be in one embodiment of the invention to iBeacon broadcast method for authenticating schematic flow sheet (based on number
Word is signed).
Fig. 8 is the method flow signal in one embodiment of the invention to the encryption of iBeacon broadcast and authentication
Figure.
Fig. 9 is the encryption of iBeacon broadcast and the method flow schematic diagram of authentication in one embodiment of the invention.
Detailed description of the invention
The most described receiving terminal can be handheld device, it is also possible to be server, and for the latter, it receives
Information forwards typically receive the message of iBeacon base station via handheld device after and obtains.
It is wide to the extra bluetooth of iBeacon broadcast increase in one embodiment of the invention for refer to Fig. 2~Fig. 4
Broadcast the structural representation including dynamic marks, message authentication code, digital signature.
In the message of original iBeacon base station broadcast, comprising a unique ID, it is made up of three parts, point
It not UUID (Universally Unique Identifier) general unique identifier, Major, Minor (Major
With Minor by iBeacon publisher's sets itself, it is all the identifier of 16);On the basis of add
Dynamic marks 201;Message authentication code 301 and digital signature 401.
Refer to Fig. 5 is to iBeacon broadcast encryption method schematic flow sheet in one embodiment of the invention
(based on dynamic marks).
S501 in iBeacon base station,
S502 increases extra Bluetooth broadcast bag, and described extra Bluetooth broadcast bag includes the first dynamic marks;
S503 at described receiving terminal,
S504, based on each described iBeacon base station, produces second identical with described first dynamic marks and moves
State identifies, the most identical with described second dynamic marks according to described first dynamic marks,
S505 determine signal from iBeacon base station and the UUID of its correspondence, Major, Minor.
Specifically, the method bag in order to solve the problem that iBeacon base station is rubbed by third party, in the present embodiment
Include following a few part:
1) in the Bluetooth broadcast bag that iBeacon base station is extra, a dynamic marks 201 (ID) is sent, one
Planting in the realization recommended, the length of this dynamic marks 201 is 16 bytes, to ensure the dynamic mark of different base station
Knowing and be difficult to collide, this dynamic marks changes the most at regular intervals, thus constitutes a sequence,
The dynamic marks sequence that each iBeacon base station sends is different;
2) aforementioned dynamic marks 201 can be a kind of pseudo random number or the pseudo random number of cryptography safety
(Cryptographically secure pseudorandom number), the algorithm generating this pseudo random number is permissible
It is the possible Generating Random Number in this field any, calculates including linear congruent algorithm, Mersenne-Twister
Method, Xorshift algorithm or Yarrow algorithm etc.;
3) after aforementioned pseudo random number can be intercepting;
4) at receiving terminal, for each iBeacon base station, identical dynamic marks is produced, this dynamic marks
Change with iBeacon base station synchronization in time, after receiving terminal receives the dynamic marks of base station, by this dynamic marks
The dynamic marks produced with self compares, so that it is determined that signal from which iBeacon base station and it is right
The UUID answered, Major, Minor;
5) UUID originally sent iBeacon base station, Major, Minor are set to insignificant value, such as
All of iBacon base station all uses a set of identical UUID, Major, Minor or use a few set identical;
6) the Bluetooth broadcast bag that aforementioned iBeacon base station is extra, both can be BLE (Bluetooth Low
Energy) the common broadcast bag obtained during scanning device Passive Scanning, it is also possible to be scanning device
The Scan Response broadcast packet that during Active Scanning, broadcasting equipment sends.Scan Response broadcast packet
Only just can send when central apparatus sends Scan Request (scan request), therefore, use Scan
It is a kind of more energy-conservation method that Response broadcast packet sends aforesaid encryption with authentication information.
The first described dynamic marks obtains according to following method: by comprising real UUID, Major,
The information of Minor generates cryptographic Hash;Using defeated as PRNG of described cryptographic Hash part or all of
Entering, node generates pseudo random number at a fixed time;Completely or partially marking described random number as dynamic
Know, the broadcast packet of iBeacon base station send.In one implementation, the input of aforementioned PRNG
Can be but not limited to pseudo-random number seed, initialization vector (Initialization Vector), key, once
Property numeral (Nonce) etc..
In order to solve the problem that iBeacon base station is forged, it is right in one embodiment of the invention for refer to Fig. 6
IBeacon broadcast method for authenticating schematic flow sheet (based on message authentication code).
S601 in iBeacon base station,
S602 increases extra Bluetooth broadcast bag, and described extra Bluetooth broadcast bag includes for each iBeacon base
The the first message authentication code Message Authentication Code stood;
S603 at described receiving terminal,
S604 is based on each described iBeacon base station, after receiving terminal receives described first message authentication code,
With with this first message authentication code from key corresponding to iBeacon base station and with described iBeacon base station phase
Same clear-text message generates the second message authentication code, by described first message authentication code and described second message mirror
Weighted code compares,
If S605 is consistent, it is determined that the verity of message.
It is below that in one embodiment of the invention one is preferred embodiment: 1) for each iBeacon base station
Specific information, generation message authentication code (Message Authentication Code) or referred to as keyed hash
(Keyed Hash), message authentication code mentioned here or make its generating algorithm of keyed hash can comprise any
Cryptographic primitives (Cryptographic Primitives), such as cryptographic Hash function or from block encryption algorithm,
Such as, HMAC, CBC-MAC, CCM, GCM etc.;
2) aforementioned messages authentication code changes in time, to prevent Replay Attack (replay attack);
3) after aforementioned messages authentication code can be intercepting, to save space or to increase attack difficulty;
4) sending this message authentication code in the Bluetooth broadcast bag that iBeacon base station is extra, this broadcast packet both may be used
Obtain during to be BLE (Bluetooth Low Energy) scanning device Passive Scanning (drive sweep)
Common broadcast bag, it is also possible to when being scanning device Active Scanning (active scan) broadcasting equipment send
Scan Response (scanning response) broadcast packet;
5) after receiving terminal receives message authentication code, with this message authentication code from key corresponding to base station
With the clear-text message identical with base station generates message authentication code, two message authentication codes are compared, if
Unanimously, it is determined that the verity of message;
6) aforementioned messages authentication code generates the key used, and it is different that each iBeacon is used;
7) generating a static ID for each iBeacon base station, it does not changes over time, and message authentication
Code sends together, in order to indicate the key and the plaintext letter of generation message authentication code that this message authentication code is corresponding
Breath, the generating algorithm of static ID can be but not limited to various known informative abstract generating algorithm or Hash is calculated
Method;
8) after aforementioned static ID can be intercepting.
In an example, by comprising UUID, the information of Major, Minor generates cryptographic Hash, takes this cryptographic Hash
Part, as static ID, take another part of this cryptographic Hash plus timestamp information as message, use
Hmac algorithm combines Key production information authentication code and intercepts, the same message of static ID that will ultimately generate
Authentication code together sends in the Scan Response broadcast packet of iBeacon base station.Server receives by hands
After static ID that holding equipment is submitted to and message authentication code, according to static ID, take out corresponding key and use and
The identical method in base station obtains message, uses hmac algorithm and its message authentication code of corresponding cipher key calculation,
Calculated message authentication code is compared with the authentication code received, if unanimously, then proves that information source is
Reliably.
Equally, in order to solve the problem that iBeacon base station is forged, refer to, Fig. 7 is the present invention one enforcement
To iBeacon broadcast method for authenticating schematic flow sheet (based on digital signature) in example.
S701 in iBeacon base station,
S702 increases extra Bluetooth broadcast bag, and described extra Bluetooth broadcast bag includes digital signature;
S703 at described receiving terminal,
S704 is based on each described iBeacon base station, after receiving terminal receives digital signature, with this numeral
Sign from PKI corresponding to described iBeacon base station and the clear-text message identical with base station,
S705 identifies the verity of signature according to corresponding Digital Signature Algorithm.
It is below that in one embodiment of the invention one is preferred embodiment: 1) for each iBeacon base station
Specific information, uses Digital Signature Algorithm, generates their digital signature, digital signature mentioned here
Algorithm can be various feasible Digital Signature Algorithms, and the shortest digital signature (Short Signature) is calculated
Method, such as, BLS (Boneh-Lynn-Shacham) algorithm, BB (Boneh-Boyen) algorithm,
ZSS (Zhang-Safavi-Susilo) algorithm etc.;
2) aforementioned digital signature changes, in time to prevent Replay Attack (Replay Attack);
3) length of aforementioned digital signature determines less than or equal to 31 bytes, in order at a Bluetooth broadcast bag
In put down;
4) sending this digital signature in the Bluetooth broadcast bag that iBeacon base station is extra, this broadcast packet is the most permissible
Obtain when being BLE (Bluetooth Low Energy) scanning device Passive Scanning (drive sweep)
Common broadcast bag, it is also possible to when being scanning device Active Scanning (active scan), broadcasting equipment sends
Scan Response (scanning response) broadcast packet;
5) after receiving terminal receives digital signature, with this digital signature from PKI corresponding to base station and with
The clear-text message that base station is identical, identifies the verity of signature according to concrete Digital Signature Algorithm;
6) the aforementioned digital signature private key of generating algorithm and PKI pair, each iBeacon base station is used
Different;
7) generating a static ID for each iBeacon base station, it does not changes over time, and digital signature
Send together, in order to indicate PKI corresponding to this digital signature and to generate the message of this digital signature, static
The generating algorithm of ID can be but not limited to various known informative abstract generating algorithm or hash algorithm;
8) after aforementioned static ID can be intercepting.
In an example, by comprising UUID, the information of Major, Minor generates cryptographic Hash, takes this cryptographic Hash
Part, as static ID, take another part of this cryptographic Hash plus timestamp information as message, use
BLS algorithm combines private key and generates the short digital signature of 20 bytes, the same short signature of static ID that will ultimately generate
Together send in the Scan Response broadcast packet of iBeacon base station.Server receives by handheld device
After the static ID submitted to and short signature, according to static ID, take out corresponding PKI and use identical with base station
Method obtains message, identifies the verity of short signature according to BLS algorithm.
The method of the use digital signature proposed here compared with the method for aforementioned use message authentication code, due to
Use Asymmetric encryption, have two benefits: 1) receiving terminal when identifying the verity of message, use public affairs
Key rather than shared key, it is to avoid the risk that key is compromised, its private key can be only present in iBeacon
In base station;2) there is non repudiation (non-repudiation), i.e. digital signature be only possible to be to have private key
A side sign and issue, therefore in the case of private key is not revealed, can be concluded that signature is from iBeacon base station.
In order to solve the problem that iBeacon base station signal is rubbed with and be forged simultaneously, can be by life described above
Becoming dynamic marks and the method generating message authentication code to be combined, refer to Fig. 8 is one embodiment of the invention
In to iBeacon broadcast encryption and authentication method flow schematic diagram.
S801 in iBeacon base station,
S802 increases extra Bluetooth broadcast bag, described extra Bluetooth broadcast bag include the first dynamic marks and for
First message authentication code of each iBeacon base station;
S803 at described receiving terminal,
S804, based on each described iBeacon base station, produces second identical with described first dynamic marks and moves
State identifies, according to described first dynamic marks and described second dynamic marks the most identical determine signal from
IBeacon base station and the UUID of its correspondence, Major, Minor;
S805 with this first message authentication code from key corresponding to iBeacon base station and with described
The identical clear-text message in iBeacon base station generates the second message authentication code, by described first message authentication code and institute
State the second message authentication code to compare,
If S806 is consistent, it is determined that the verity of message.
As a kind of reference, said method can comprise following several part:
1) sending a dynamic marks (ID) in the Bluetooth broadcast bag that iBeacon base station is extra, this is dynamically marked
Knowing and often change at regular intervals, thus constitute a sequence, it is dynamic that each iBeacon base station sends
Mark sequence is different;
2) aforementioned dynamic marks can be a kind of pseudo random number or the pseudo random number of cryptography safety
(Cryptographically secure pseudorandom number), the algorithm generating this pseudo random number is permissible
It is the possible Generating Random Number in this field any, calculates including linear congruent algorithm, Mersenne-Twister
Method, Xorshift algorithm, Yarrow algorithm etc.;
3) after aforementioned pseudo random number can be intercepting;
4) for the specific information in each base station or aforementioned dynamic marks, use key, generate message authentication code
(Message Authentication Code) or referred to as keyed hash (Keyed Hash), mentioned here disappear
Cease authentication code or make its generating algorithm of keyed hash can comprise any cryptographic primitives (Cryptographic
Primitives), such as cryptographic Hash function or from block encryption algorithm, such as, HMAC, CBC-MAC,
CCM, GCM etc.;
5) aforementioned messages authentication code changes in time, to prevent Replay Attack (replay attack);
6) after aforementioned messages authentication code can be intercepting, to save space or to increase attack difficulty;
7) in the Bluetooth broadcast bag that iBeacon base station is extra, aforementioned dynamic marks and message authentication are sent together
Code, when this broadcast packet both can be BLE (Bluetooth Low Energy) scanning device Passive Scanning
The common broadcast bag obtained, it is also possible to the Scan that when being scanning device Active Scanning, broadcasting equipment sends
Response broadcast packet;
8) at receiving terminal, for each iBeacon base station, identical dynamic marks is produced, this dynamic marks
Change with iBeacon base station synchronization in time, after receiving terminal receives the dynamic marks of base station, by this dynamic marks
The dynamic marks produced with self compares, so that it is determined that signal is from which iBeacon base station and correspondence
UUID, Major, Minor and message authentication code key;
9) after receiving terminal receives message authentication code, with this message authentication code from key corresponding to base station
With the clear-text message identical with base station generates message authentication code, two message authentication codes are compared, if
Unanimously, it is determined that the verity of message;
10) key of aforementioned messages authentication code generating algorithm, it is different that each iBeacon is used;
11) UUID originally sent iBeacon base station, Major, Minor are set to insignificant value, such as
All of iBacon base station all uses a set of identical UUID, Major, Minor or use a few set identical.
In one implementation, by comprising true UUID, the information of Major, Minor generates cryptographic Hash, by this Kazakhstan
The part or all of input as PRNG of uncommon value, node generates pseudorandom at a fixed time
Number, all or part of as dynamic marks using this random number, take this cryptographic Hash all or part of plus time
Between stab information generate message, use hmac algorithm combine key calculation message authentication code and intercept, will
The dynamic marks ultimately generated with message authentication code together at the Scan Response broadcast packet of iBeacon base station
Middle transmission.After server receives the dynamic marks and message authentication code submitted to by handheld device, comparison service
Device end synchronizes the dynamic marks produced, and takes out corresponding message authentication code key, and uses identical with base station
Method obtains message, uses hmac algorithm and its message authentication code of corresponding cipher key calculation, will be calculated
Message authentication code compare with the authentication code received, if unanimously, then prove information source be reliable.Before
The input stating PRNG can be but not limited to seed, initialization vector (Initialization
Vector), key, digital one time (Nonce) etc..
Based on above-mentioned, in order to solve simultaneously iBeacon base station signal rubbed with and the problem that is forged, can be by
Generation dynamic marks described above and the method generating digital signature are combined, and as a kind of reference, please join
Examining Fig. 9 is the encryption of iBeacon broadcast and the method flow schematic diagram of authentication.
S901 in iBeacon base station,
S902 increases extra Bluetooth broadcast bag, and described extra Bluetooth broadcast bag includes the first dynamic marks and numeral
Signature;
S903 at described receiving terminal,
S904, based on each described iBeacon base station, produces second identical with described first dynamic marks and moves
State identifies, according to described first dynamic marks and described second dynamic marks the most identical determine signal from
IBeacon base station and the UUID of its correspondence, Major, Minor;
S905 with this digital signature from PKI corresponding to described iBeacon base station and identical with base station
Clear-text message, identifies the verity of signature according to corresponding Digital Signature Algorithm.
As a kind of reference, said method can comprise following several part:
1) sending a dynamic marks (ID) in the Bluetooth broadcast bag that iBeacon base station is extra, this is dynamically marked
Knowing and often change at regular intervals, thus constitute a sequence, it is dynamic that each iBeacon base station sends
Mark sequence is different;
2) aforementioned dynamic marks can be a kind of pseudo random number or the pseudo random number of cryptography safety
(Cryptographically secure pseudorandom number), the algorithm generating this pseudo random number is permissible
It is the possible Generating Random Number in this field any, calculates including linear congruent algorithm, Mersenne-Twister
Method, Xorshift algorithm, Yarrow algorithm etc.;
3) after aforementioned pseudo random number can be intercepting;
4) for the specific information in each iBeacon base station or aforementioned dynamic marks, Digital Signature Algorithm is used,
Generating digital signature, Digital Signature Algorithm mentioned here comprises various known Digital Signature Algorithm, especially
It is short digital signature (Short Signature) algorithm, such as, BLS algorithm, BS algorithm, ZSS algorithm etc.;
5) aforementioned digital signature changes, in time to prevent Replay Attack (replay attack);
6) in the Bluetooth broadcast bag that iBeacon base station is extra, aforementioned dynamic marks and digital signature are sent together,
Obtained when this broadcast packet both can be BLE (Bluetooth Low Energy) scanning device Passive Scanning
Common broadcast bag, it is also possible to when being scanning device Active Scanning broadcasting equipment send Scan
Response broadcast packet;
7) at receiving terminal, for each iBeacon base station, identical dynamic marks is produced, this dynamic marks
Change with iBeacon base station synchronization in time, after receiving terminal receives the dynamic marks of base station, by this dynamic marks
The dynamic marks produced with self compares, so that it is determined that signal is from which iBeacon base station and correspondence
UUID, Major, Minor and the PKI of digital signature;
8) after receiving terminal receives digital signature, with this digital signature from PKI corresponding to base station and with
The clear-text message that base station is identical, identifies the verity of signature according to concrete Digital Signature Algorithm;
9) the aforementioned digital signature private key of generating algorithm and PKI pair, each iBeacon base station is used
Different;
10) UUID originally sent iBeacon base station, Major, Minor are set to insignificant value, such as
All of iBacon base station all uses a set of identical UUID, Major, Minor or use a few set identical.
In one implementation, by comprising true UUID, the information of Major, Minor generates cryptographic Hash, by this Kazakhstan
The part or all of input as PRNG of uncommon value, node generates pseudorandom at a fixed time
Number, all or part of as dynamic marks using this random number, take this cryptographic Hash all or part of plus time
Between stab information as message, use BLS algorithm to combine private key and generate the short digital signature of 20 bytes, will be final
The dynamic marks generated together sends with digital signature in the Scan Response broadcast packet of iBeacon base station.
After server receives the dynamic marks and digital signature submitted to by handheld device, comparison server end synchronizes to produce
Raw dynamic marks, takes out corresponding digital signature PKI, and uses the method identical with base station to obtain message,
The verity of short signature is identified according to BLS algorithm.The input of aforementioned PRNG can be but not limit
In seed, initialization vector (Initialization Vector), key, digital one time (Nonce) etc..
All examples above-mentioned are used only to explanation, and become one to limit not, any possible combination
It it is all situation to be expressed.
Claims (12)
1. to iBeacon broadcast encryption a method, from iBeacon base station send Bluetooth broadcast bag to
Receiving terminal, its step includes:
In iBeacon base station,
Increasing extra Bluetooth broadcast bag, described extra Bluetooth broadcast bag includes the first dynamic marks;
At described receiving terminal,
Based on each described iBeacon base station, produce second identical with described first dynamic marks and dynamically mark
Know, the most identical with described second dynamic marks according to described first dynamic marks, determine signal from
IBeacon base station and the UUID of its correspondence, Major, Minor.
2. to iBeacon broadcast authentication a method, from iBeacon base station send Bluetooth broadcast bag to
Receiving terminal, its step includes:
In iBeacon base station,
Increasing extra Bluetooth broadcast bag, described extra Bluetooth broadcast bag includes for each iBeacon base station
One message authentication code Message Authentication Code;
At described receiving terminal,
Based on each described iBeacon base station, after receiving terminal receives described first message authentication code, with this
First message authentication code from key corresponding to iBeacon base station and identical with described iBeacon base station bright
Literary composition message generates the second message authentication code, described first message authentication code and described second message authentication code is entered
Row compares,
If it is consistent, it is determined that the verity of message.
3. to iBeacon broadcast authentication a method, from iBeacon base station send Bluetooth broadcast bag to
Receiving terminal, its step includes:
In iBeacon base station,
Increasing extra Bluetooth broadcast bag, described extra Bluetooth broadcast bag includes digital signature;
At described receiving terminal,
Based on each described iBeacon base station, after receiving terminal receives digital signature, come with this digital signature
From PKI corresponding to described iBeacon base station and the clear-text message identical with base station, according to corresponding numeral label
Name algorithm identifies the verity of signature.
4., to the encryption of iBeacon broadcast and a method for authentication, send bluetooth from iBeacon base station wide
Broadcasting bag and arrive receiving terminal, its step includes:
In iBeacon base station,
Increasing extra Bluetooth broadcast bag, described extra Bluetooth broadcast bag includes the first dynamic marks and for each
First message authentication code of iBeacon base station;
At described receiving terminal,
Based on each described iBeacon base station, produce second identical with described first dynamic marks and dynamically mark
Know, according to described first dynamic marks and described second dynamic marks the most identical determine signal from
IBeacon base station and the UUID of its correspondence, Major, Minor;
With with this first message authentication code from key corresponding to iBeacon base station and with described iBeacon base
Identical clear-text message of standing generates the second message authentication code, described first message authentication code and described second is disappeared
Breath authentication code compares,
If it is consistent, it is determined that the verity of message.
5., to the encryption of iBeacon broadcast and a method for authentication, send bluetooth from iBeacon base station wide
Broadcasting bag and arrive receiving terminal, its step includes:
In iBeacon base station,
Increasing extra Bluetooth broadcast bag, described extra Bluetooth broadcast bag includes the first dynamic marks and digital signature;
At described receiving terminal,
Based on each described iBeacon base station, produce second identical with described first dynamic marks and dynamically mark
Know, according to described first dynamic marks and described second dynamic marks the most identical determine signal from
IBeacon base station and the UUID of its correspondence, Major, Minor;
With with this digital signature from PKI corresponding to described iBeacon base station and the plaintext identical with base station
Message, identifies the verity of signature according to corresponding Digital Signature Algorithm.
6. according to iBeacon broadcast is encrypted and the side of authentication described in claim 4 or 5 Arbitrary Term
Method, it is characterised in that described extra Bluetooth broadcast bag,
The common broadcast bag obtained when being BLE scanning device Passive Scanning drive sweep,
Or/and, the Scan Response that during scanning device Active Scanning active scan, broadcasting equipment sends
Scanning response broadcast packet.
7. according to iBeacon broadcast is encrypted and the method for authentication described in claim 4 or 5, its
Being characterised by, described first dynamic marks changes the most at regular intervals, constitutes a sequence, each
The dynamic marks sequence that described iBeacon base station sends is different.
8. according to iBeacon broadcast is encrypted and the method for authentication described in claim 4 or 5, its
It is characterised by,
Originally the UUID sent iBeacon base station, Major, Minor are set to insignificant value, the most all
IBacon base station all use a set of identical UUID, Major, Minor or use a few set identical;
By comprising real UUID, the information of Major, Minor generates cryptographic Hash;
Using the part or all of input as PRNG of described cryptographic Hash, save at a fixed time
Point generates pseudo random number;
All or part of as dynamic marks using described random number, is sent by the broadcast packet of iBeacon base station.
9., according to the method to iBeacon broadcast authentication described in Claims 2 or 3, its feature exists
In,
Described message authentication code or digital signature change in time, to prevent Replay Attack;
Described message authentication code or digital signature generate the key used, and are made in each described iBeacon base station
All different.
10., according to the method to iBeacon broadcast authentication described in Claims 2 or 3, its feature exists
In,
Generating a static ID for each iBeacon base station, it does not changes over time, and message authentication code
Or digital signature sends together, in order to indicate key that this message authentication code is corresponding or public affairs corresponding to digital signature
Key and generate message authentication code or the cleartext information of digital signature;
After described static ID can be intercepting.
11. is according to claim 1 to iBeacon broadcast encryption method, it is characterised in that institute
State the first dynamic marks to change the most at regular intervals, constitute a sequence, each described iBeacon base
The dynamic marks sequence sent of standing is different.
12. is according to claim 1 to iBeacon broadcast encryption method, it is characterised in that
Originally the UUID sent iBeacon base station, Major, Minor are set to insignificant value, the most all
IBacon base station all use a set of identical UUID, Major, Minor or use a few set identical;
By comprising real UUID, the information of Major, Minor generates cryptographic Hash;
Using the part or all of input as PRNG of described cryptographic Hash, save at a fixed time
Point generates pseudo random number;
All or part of as dynamic marks using described random number, is sent by the broadcast packet of iBeacon base station.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510290512.0A CN106304046B (en) | 2015-06-01 | 2015-06-01 | Method for encrypting and authenticating iBeacon broadcast message |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510290512.0A CN106304046B (en) | 2015-06-01 | 2015-06-01 | Method for encrypting and authenticating iBeacon broadcast message |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106304046A true CN106304046A (en) | 2017-01-04 |
CN106304046B CN106304046B (en) | 2020-01-07 |
Family
ID=57655433
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510290512.0A Expired - Fee Related CN106304046B (en) | 2015-06-01 | 2015-06-01 | Method for encrypting and authenticating iBeacon broadcast message |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106304046B (en) |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109525940A (en) * | 2018-12-18 | 2019-03-26 | 京信通信系统(中国)有限公司 | Localization method, device and electronic equipment based on antenna |
WO2019059903A1 (en) | 2017-09-20 | 2019-03-28 | Visa International Service Association | Hands free interaction system and method |
CN110113753A (en) * | 2019-05-14 | 2019-08-09 | 苏州霞客说导览科技有限公司 | A kind of anti-rub of the base station beacon uses method |
CN110177000A (en) * | 2019-05-21 | 2019-08-27 | 重庆邮电大学 | A kind of encrypted transmission method of wearable device |
CN110784529A (en) * | 2019-10-22 | 2020-02-11 | 飞天诚信科技股份有限公司 | Information pushing method and device, electronic device and computer readable storage medium |
CN110798526A (en) * | 2019-11-01 | 2020-02-14 | 美的集团股份有限公司 | Intelligent household appliance message pushing method and system, electronic equipment and storage medium |
CN111898164A (en) * | 2020-07-02 | 2020-11-06 | 武汉纺织大学 | Data integrity auditing method supporting tag block chain storage and query |
CN115334486A (en) * | 2022-10-18 | 2022-11-11 | 成都锐成芯微科技股份有限公司 | Bluetooth communication method and Bluetooth system |
CN115694599A (en) * | 2021-07-31 | 2023-02-03 | 华为技术有限公司 | Transmission method, system and related device |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101203025A (en) * | 2006-12-15 | 2008-06-18 | 上海晨兴电子科技有限公司 | Method for transmitting and receiving safe mobile message |
CN102917313A (en) * | 2012-10-17 | 2013-02-06 | 重庆邮电大学 | Method suitable for broadcast authentication of wireless sensor network |
CN104008498A (en) * | 2014-06-18 | 2014-08-27 | 胡继强 | IBeacon advertizing method and system |
CN104202295A (en) * | 2014-07-25 | 2014-12-10 | 苏州寻息电子科技有限公司 | Beacon node based safeguard system and implementation method thereof |
-
2015
- 2015-06-01 CN CN201510290512.0A patent/CN106304046B/en not_active Expired - Fee Related
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101203025A (en) * | 2006-12-15 | 2008-06-18 | 上海晨兴电子科技有限公司 | Method for transmitting and receiving safe mobile message |
CN102917313A (en) * | 2012-10-17 | 2013-02-06 | 重庆邮电大学 | Method suitable for broadcast authentication of wireless sensor network |
CN104008498A (en) * | 2014-06-18 | 2014-08-27 | 胡继强 | IBeacon advertizing method and system |
CN104202295A (en) * | 2014-07-25 | 2014-12-10 | 苏州寻息电子科技有限公司 | Beacon node based safeguard system and implementation method thereof |
Cited By (16)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2019059903A1 (en) | 2017-09-20 | 2019-03-28 | Visa International Service Association | Hands free interaction system and method |
US11558741B2 (en) | 2017-09-20 | 2023-01-17 | Visa International Service Association | Hands free interaction system and method |
EP3685603A4 (en) * | 2017-09-20 | 2020-08-12 | Visa International Service Association | Hands free interaction system and method |
CN109525940B (en) * | 2018-12-18 | 2021-10-22 | 京信网络系统股份有限公司 | Positioning method and device based on antenna and electronic equipment |
CN109525940A (en) * | 2018-12-18 | 2019-03-26 | 京信通信系统(中国)有限公司 | Localization method, device and electronic equipment based on antenna |
CN110113753A (en) * | 2019-05-14 | 2019-08-09 | 苏州霞客说导览科技有限公司 | A kind of anti-rub of the base station beacon uses method |
CN110177000A (en) * | 2019-05-21 | 2019-08-27 | 重庆邮电大学 | A kind of encrypted transmission method of wearable device |
CN110784529A (en) * | 2019-10-22 | 2020-02-11 | 飞天诚信科技股份有限公司 | Information pushing method and device, electronic device and computer readable storage medium |
CN110784529B (en) * | 2019-10-22 | 2022-04-29 | 飞天诚信科技股份有限公司 | Information pushing method and device, electronic device and computer readable storage medium |
CN110798526A (en) * | 2019-11-01 | 2020-02-14 | 美的集团股份有限公司 | Intelligent household appliance message pushing method and system, electronic equipment and storage medium |
CN111898164A (en) * | 2020-07-02 | 2020-11-06 | 武汉纺织大学 | Data integrity auditing method supporting tag block chain storage and query |
CN111898164B (en) * | 2020-07-02 | 2024-03-29 | 武汉纺织大学 | Data integrity auditing method supporting label block chain storage and query |
CN115694599A (en) * | 2021-07-31 | 2023-02-03 | 华为技术有限公司 | Transmission method, system and related device |
WO2023011373A1 (en) * | 2021-07-31 | 2023-02-09 | 华为技术有限公司 | Transmission method and system, and related device |
CN115694599B (en) * | 2021-07-31 | 2024-06-18 | 华为技术有限公司 | Transmission method, system and related device |
CN115334486A (en) * | 2022-10-18 | 2022-11-11 | 成都锐成芯微科技股份有限公司 | Bluetooth communication method and Bluetooth system |
Also Published As
Publication number | Publication date |
---|---|
CN106304046B (en) | 2020-01-07 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106304046A (en) | To the encryption of iBeacon broadcast, the method for authentication | |
US20190238340A1 (en) | Method, apparatus, node, signature device and system for generating block of blockchain | |
Bao et al. | A new chaotic system for image encryption | |
WO2008127446A3 (en) | A method and apparatus for time-lapse cryptography | |
EP2779589A3 (en) | Changing dynamic group VPN member reachability information | |
US20150019868A1 (en) | Public encryption method based on user id | |
CN106161472A (en) | A kind of method of data encryption, Apparatus and system | |
CN106612182A (en) | Method for implementing SM2 white-box digital signature based on residue number system | |
DE60113678D1 (en) | GENERATOR FOR PSEUDO RANDOM COUNTS | |
CN106934628A (en) | The generation verification method and system of a kind of passive anti-fake two-dimension code | |
CN108989048A (en) | Cryptographic key distribution method, device, equipment and storage medium | |
CN103731270A (en) | Communication data encryption and decryption method based on BBS, RSA and SHA-1 encryption algorithm | |
CN110475249A (en) | A kind of authentication method, relevant device and system | |
CN109068322A (en) | Decryption method, system, mobile terminal, server and storage medium | |
CN108155987A (en) | Group message sending method, method of reseptance and its system and communicating terminal | |
US9237010B2 (en) | Secure transmission of a message | |
CN106330862A (en) | Secure transmission method and system for dynamic password | |
CN110365662A (en) | Business approval method and device | |
IL288054B2 (en) | System and method for performing equality and less than operations on encrypted data with quasigroup operations | |
US20190169810A1 (en) | Communication system | |
CN110213057A (en) | SM9 digital signature collaboration generation method and system with product r parameter | |
CN103561024A (en) | Data transmission method based on weighing instrument and remote server | |
CN113300999B (en) | Information processing method, electronic device, and readable storage medium | |
CN104253691A (en) | Logistics information transmission method, device and system | |
Yuan et al. | An implementation of navigation message authentication with reserved bits for civil BDS anti-spoofing |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20200107 Termination date: 20210601 |