CN106452516A - NFC security system for logistics distribution system - Google Patents

NFC security system for logistics distribution system Download PDF

Info

Publication number
CN106452516A
CN106452516A CN201610914476.5A CN201610914476A CN106452516A CN 106452516 A CN106452516 A CN 106452516A CN 201610914476 A CN201610914476 A CN 201610914476A CN 106452516 A CN106452516 A CN 106452516A
Authority
CN
China
Prior art keywords
label
uid
server
recipient
key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201610914476.5A
Other languages
Chinese (zh)
Inventor
刘莎
王俊宇
许妍
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Fudan University
Original Assignee
Fudan University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Fudan University filed Critical Fudan University
Priority to CN201610914476.5A priority Critical patent/CN106452516A/en
Publication of CN106452516A publication Critical patent/CN106452516A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04BTRANSMISSION
    • H04B5/00Near-field transmission systems, e.g. inductive or capacitive transmission systems
    • H04B5/70Near-field transmission systems, e.g. inductive or capacitive transmission systems specially adapted for specific purposes
    • H04B5/77Near-field transmission systems, e.g. inductive or capacitive transmission systems specially adapted for specific purposes for interrogation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04BTRANSMISSION
    • H04B5/00Near-field transmission systems, e.g. inductive or capacitive transmission systems
    • H04B5/70Near-field transmission systems, e.g. inductive or capacitive transmission systems specially adapted for specific purposes
    • H04B5/72Near-field transmission systems, e.g. inductive or capacitive transmission systems specially adapted for specific purposes for local intradevice communication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/045Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0869Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/126Applying verification of the received information the source of the received data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless
    • H04L2209/805Lightweight hardware, e.g. radio-frequency identification [RFID] or sensor

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)
  • Computer And Data Communications (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention belongs to the field of radio frequency identification and logistics, and provides a near field communication (NFC) security system for a logistics distribution system. According to the NFC security system provided by the invention, an NFC label is adhered on external packing to replace the traditional papery label, the system procedures comprise: initializing the system, generating an order and writing label information, transferring goods, and delivering and signing of the goods. In an order generation process, a server performs bidirectional identity authentication with a logistics company canvassing party and the label and generates certificates used in subsequent processes for the label and a receiving party; in a goods transfer process, a logistics company transfer party and the label perform bidirectional identity authentication in an offline state; and in a goods sing process, the receiving party and the label perform identity authentication in the offline state, and meanwhile the receiving party generates a digital signature, thereby realizing the accuracy and non-repudiation of delivery. The system provided by the invention guarantees the confidentiality, integrity, non manipulation, non repudiation of sign of information transmission; and can transfer and sign can be performed in the offline state.

Description

A kind of NFC security system for logistics distribution system
Technical field
The invention belongs to RF identification(RFID)Technology and logistlcs technology field, and in particular to a kind of for logistics distribution system System based near field communication(NFC)Security system.
Background technology
With the fast development of ecommerce, logistic industry plays more and more important effect.In traditional logistics industry In, there is the risk of userspersonal information's leakage in papery order, the address of user, contact method, name, particulars of goods etc. all may be used The people that paper labels can be seen obtains;During goods is signed for, there is easily personation, puppet with signature in artificial authentication Make, sign for the risk of denial.
Near field communication(NFC)The popularization of technology so that logistic industry is realized electronic certification and signs for being possibly realized. By introducing NFC label, sequence information is no longer printed on papery document, and is stored in label, only legal user The write that reads label information and enter row information can be just had permission with terminal, be prevented effectively from the leakage of information, while can pass through The method of electronic signature, it is to avoid sign for the situation of mistake, improves safety and the accuracy of logistics transportation.
Content of the invention
The purpose of the present invention is the deficiency for existing logistics system, proposes one kind and can realize privacy of user protection, prevent Only goods led by mistake, falsely claimed as one's own and signed for deny based near field communication(NFC)Security system, and devise for this The security protocol of system.
The present invention provide based near field communication(NFC)Security system, including NFC logistic label, server, send out Cargo interests, logistics company cargo collection side, logistics company transfer side, the logistics company person of sending with charge free and recipient, wherein:
The NFC logistic label replaces traditional paper labels, for storing sequence information, through safety certification, believes order Breath can only be read by logistics company staff and recipient, and goods can only be designated recipient and get, and store recipient Electronic signature;
The server is used for being managed logistics company information, label information, user profile, logistics sequence information;For thing Cargo collection side of stream company, transfer side and the person of sending with charge free, and NFC logistic label and user's issue and management public key certificate;
The delivery side provides the delivery side of logistics order, recipient information, and the goods for needing to transport;
The logistics company cargo collection side is responsible for receiving the goods that delivery side needs to transport, and generates NFC logistic label;
The logistics company transfer side is responsible for, by scanning NFC logistic label, registering and transport the goods through the relay centre; The logistics company person of sending with charge free is responsible for delivering to goods at specified recipient, checking consignee signature, reclaims NFC logistic label;
The recipient is authenticated to NFC logistic label, is confirmed logistics information and is signed electronically.
Above-mentioned based near field communication(NFC)Security system, specific operation workflow is:
(1)System initialization
In system initialization, server and label, logistics company, recipient share the necessary information of subsequent step, including each The unique identifier of side, certification key, public key and public key certificate etc.;
(2)Order is generated and label information write
Generate and label information write phase in order, server is set up by network and cargo collection side and communicated, cargo collection side and label Between communication is set up by NFC, server is set up by network and recipient and is communicated;Server and cargo collection side, label complete body Part differentiates, is that label and recipient issue offline certificate;
(3)On carriage of Cargo
During on carriage of Cargo, transfer side passes through foundation between NFC and label and communicates, and is carried out using offline mode and label two-way Certification, after certification success, label information is encrypted by the session key that both sides set up and is transferred to transfer side, and transfer side realizes Tracking and transport to the label and goods;
(4)Goods is sent with charge free and is signed for
Send with charge free in goods and sign for the stage, between recipient and label, communication is set up by NFC, offline two-way authentication is carried out, raw Becoming session key, and sequence information is transmitted with session key, after the completion of certification, electronic signature is produced by recipient, be stored in In the memorizer of label, then being read and verify the electronic signature by the person of sending with charge free, after being verified, addressee user is given by article, Label is reclaimed.
In the present invention, the different phase of security system operation corresponds to different security protocols.In each security protocol, The information that symmetric encipherment algorithm is responsible for realizing based on the certification of shared key, dialogue-based key is encrypted, rivest, shamir, adelman It is responsible for realizing the generation of public key certificate and checking, the authentication based on public key cryptosyst and information encryption, the generation of digital signature With checking, ensure that the confidentiality of information transfer, integrity, can not tamper.Differentiate to ensure that reading by bidirectional identification The take label identity legitimacy of person and the effectiveness of label, by digital signature, it is ensured that the non repudiation that signs for.This Bright privacy of user be can protect, it is to avoid the situation of mistake is signed for, safety and the accuracy of logistics transportation improved.
Description of the drawings
Fig. 1 is the NFC security system flow chart for logistics distribution system.
Fig. 2 is system initialization figure.
Fig. 3 is generated for order and is write protocol figure with label information.
Fig. 4 is protocol figure on carriage of Cargo.
Fig. 5 sends with charge free for goods and signs for protocol figure.
Specific embodiment
Below in conjunction with accompanying drawing, the present invention is described further:With reference to Fig. 1, the present invention specifically includes 4 steps:
Step 1:System initialization, with reference to Fig. 2, in system initialization, server and label, logistics company, recipient are shared The necessary information of subsequent step.Idiographic flow is:
(1)Server is obtained from label manufacturer and records the UID of each labelTAnd corresponding authentication symmetric key KTS
(2)Logistics company, including cargo collection side, transfer side and the person of sending with charge free, carries out identity registration, server and logistics in the server UID shares in companyC, KCS, YC, YSServer is presented to the certificate Cert of logistics companyC=SigS{UIDC, YC, PC};
(3)Phone number is registered by recipient in the server, shares UID with serverR, KRS, YR, YS.
Step 2:Order is generated and label information write, with reference to Fig. 3, is generated and label information write phase in order, clothes Business device and cargo collection side, label complete identity discriminating, are that label and recipient issue offline certificate.Order is generated and label information is write Enter including following flow process:
(1)Random number N S is produced by server1, NS2And it is sent to cargo collection side;
(2)Cargo collection side preserves NS1, by NS2It is sent to label;
(3)Label produces random number N T1, by NT1, NS2By the shared symmetric key K between serverTSIt is encrypted, will {NS2, NT1}KTS, UIDTIt is sent to cargo collection side;
(4)Cargo collection side produces random number N C1, by NC1, NS1By the shared symmetric key K between serverCSIt is encrypted, With its identity code UIDCAnd the information that label sends sends jointly to server;
(5)Server is according to UIDCSearch KCS, use KCSThe data of deciphering cargo collection side encryption, verify NS1, with this, cargo collection side is realized Certification, preserves NC1
Server is according to UIDTSearch KTS, use KTSThe data of deciphering tag encryption, verify NS2, certification is realized with this to label, is protected Deposit NT1
Server is generated and the session key S between cargo collection sideCS, using KCSEncryption UIDC, NC1, SCS
Server is generated and the session key S between labelTS, using KTSEncryption UIDT, NT1, STS.After encrypting twice above Information be sent to cargo collection side;
(6)Cargo collection side KCSThe Part I information that decryption services device sends, NC1, UIDC are to realize recognizing server for checking Card, preserves session key SCS.The Part II information that server is sent is sent to label;
(7)Label KTSThe information of deciphering cargo collection side transmission, verifies NT1, UIDTSo that the certification to server is realized, session is preserved Key STS
Label produces the public private key pair X for being only used for this orderT, YT, memorizer is write, uses session key STSEncryption NS2, UIDT And public key YT, it is sent to cargo collection side;
(8)Cargo collection side session key SCSEncryption NS1, UIDCAnd sequence information m, send together with the information for sending with label To server;
(9)Server session key SCSThe Part I information that deciphering cargo collection side sends, verifies NS1, to confirm cargo collection side Receive session key SCS, generate the order number P of the orderR
Server session key STSThe Part II information that deciphering cargo collection side sends, verifies NS2, to confirm that label receives Session key STS
Server uses its private key XSTo UIDT, YTSigned, generated the public key certificate Cert of labelT.Using session key STS To NT1, UIDT, O/No. PR, logistics company identification code PC, sequence information m, the public key Y of serverSAnd the public key card of label Book CertTIt is encrypted, is sent to cargo collection side;
(10)The information that server sends is transmitted to label by cargo collection side.Label session key STSAfter deciphering, NT is verified1With true Recognize freshness and the information source of information, by PR, PC, m, YS, CertTWrite memorizer;
So far, the label information write is finished.Shared key K of label server is preserved in memory block in labelTS, mark The unique identifier UID of labelT, the public private key pair X that only uses in this orderT, YT, O/No. PR, logistics company staff Identification code PC, sequence information m, the public key Y of serverSAnd the public key certificate Cert of labelT
(11)Server searches the UID of recipient according to the recipient information in sequence information mR, public key YRAnd shared certification pair Claim key KRS.Generate current time stamp TS, random number N S3, session key S with this communication of recipientRS.With certification key KRS Encryption TS, NS3, UIDR, SRS, it is sent to recipient;
(12)Recipient KRSReceive information is decrypted, verifies TSAnd UIDRTo determine freshness and the certification message of message Source.Use session key SRSTo NS3, UIDRIt is encrypted, is sent to server;
(13)Server session key SRSIt is decrypted, verifies NS3To carry out key confirmation.Server uses its private key XS, To UIDR, PR, YRSigned to generate public key certificate Cert of the recipient to the orderR, the certificate is able to demonstrate that and has public affairs Key YRRecipient have the certification right to the order;
Server session key SRSTo TS, UIDR, PR, m, CertRRecipient is sent to after being encrypted;
Recipient session key SRSIt is decrypted, verifies TS, UIDRTo confirm message freshness and certification message source.By order Number PR, sequence information m, public key certificate CertRStore;
So far, the order is generated and is finished.
Step 3:On carriage of Cargo, with reference to Fig. 4, during goods handling, logistics company transfer Fang Jun adopts offline certificate Mode is authenticated with label, and reads the sequence information in label, realizes tracking and transport to the label and goods.The step Rapid idiographic flow is as follows:
(1)Transfer side generates random number N C2, with UIDCLabel is sent jointly to, initiates the identifying procedure;
(2)Label generates random number N T2, using its private key XTTo UIDC, NC2Signed.By UIDT, label public key YT, public key Certificate CertT, NT2, SigT{UIDC, NC2It is sent to transfer side;
(3)Transfer side is first by the public key Y of serverS, the public key certificate of label is verified, verifies YTWith UIDTTie up Determine relation.Y is used afterwardsTTo the Sig that signsT{UIDC, NC2Verified, to confirm freshness the certification message source of the message;
Transfer side uses its private key XCTo UIDT, NT2Signed.By UIDC, logistics company identification code PC, public key YC, initial The public key certificate Cert for having obtained during changeC=SigS{UIDC, PC, YC, SigC{UIDT, NT2Send jointly to label;
(4)Label is first by the public key Y of serverS, the public key certificate of transfer side is verified, verifies YC, UIDCAnd work Make personnel identity PCBetween binding relationship;Y is used afterwardsCTo the Sig that signsC{UIDT, NT2Verified, to confirm the message Freshness certification message source;
Label generates the random number F for computing session keyTC, using the public key Y of transfer sideCTo UIDT, FTCAfter being encrypted It is sent to transfer side;
(5)Transfer side uses private key XCThe information sent by label is decrypted, and obtains FTC
Transfer side generates the random number F for computing session keyCT, using one-way function f, such as hash function, generate session close Key SCT=f(FTC, FCT);
Transfer side is using the public key Y of labelTTo UIDC, FTC, FCTLabel is sent to after being encrypted;
(6)Label uses private key XTThe information sent by transfer side is decrypted, and obtains FCT, verify FTCTo confirm the new of message Fresh property certification message source;
Label uses one-way function f, such as hash function, generates session key SCT=f(FTC, FCT);
Label uses session key SCTTo NC2, sequence information m be encrypted after send transfer side;
Transfer side session key SCTThe information sent by label is decrypted, and verifies NC2To realize freshness confirmation, data source Certification, session key confirms;
Transfer root realizes the transports at different levels of label and goods according to the recipient address information in sequence information m, according to order number PRRealize registration and the tracking to label and goods.
Step 4:Goods is sent with charge free and is signed for, and with reference to Fig. 5, sends with charge free in goods and signs for the stage, leads between recipient and label Crossing NFC and communication being set up, two-way authentication is carried out, session key is generated, and sequence information is transmitted with session key, certification is completed Afterwards electronic signature is produced by recipient, is stored in the memorizer of label, then read and verify the electronic signature by the person of sending with charge free, After being verified, article is given addressee user, label is reclaimed;The goods is sent with charge free and with the idiographic flow that signs for is:
(1)Recipient generates random number N R1, with UIDRLabel is sent jointly to, starts verification process;
(2)Label uses private key XTTo UIDR, NR1Signed, generated SigT{UIDR, NR1, in addition generate random number N T3
Label is by UIDT, public key YT, public key certificate CertT=SigS{UIDT, YT, NT3And SigT{UIDR, NR1It is sent to receipts Cargo interests;
(3)Recipient is first by the public key Y of serverS, the public key certificate of label is verified, verifies YTWith UIDTTie up Determine relation;Y is used afterwardsTTo the Sig that signsT{UIDR, NR1Verified, to confirm freshness the certification message source of the message;
Recipient uses its private key XRTo UIDT, NT3Signed;By UIDR, order number PR, public key YR, public key certificate CertR= SigS{UIDR, PR, YR, SigR{UIDT, NT3Send jointly to label;
(4)Label is first by the public key Y of serverS, the public key certificate of recipient is verified, verifies YR, UIDRAnd order Odd numbers PRBetween binding relationship;Afterwards with YR to the Sig that signsR{UIDR, NT3Verified, to confirm the freshness of the message And certification message source;
Label generates the random number F for computing session keyTR, using the public key Y of recipientRTo UIDT, FTRAfter being encrypted It is sent to recipient;
(5)Recipient uses private key XRThe information sent by label is decrypted, and obtains FTR
Recipient generates the random number F for computing session keyRT, using one-way function f, such as hash function, generate session close Key SRT=f(FTR, FRT);
Recipient is using the public key Y of labelTTo UIDR, FTR, FRTLabel is sent to after being encrypted;
(6)Label uses private key XTThe information sent by recipient is decrypted, and obtains FRT, verify FTRTo confirm the new of message Fresh property certification message source;
Label uses one-way function f, such as hash function, generates session key SRT=f(FTR, FRT);
Label uses session key SRTTo NR1, sequence information m is sent to recipient after being encrypted;
(7)Recipient session key SRTThe information sent by label is decrypted, and verifies NR1To realize freshness confirmation, number According to source certification, session key confirms;Whether the content of checking sequence information m is sent to the sequence information phase of recipient with server Meet;
Recipient uses private key XR, to UIDR, UIDT, order number PRSigned, as the proof that signs for;Using session key SRTTo NT3Encrypt with proof is signed for, be sent to label;
Label uses session key SRTThe information sent by recipient is decrypted, and verifies NT3, the freshness of confirmation simultaneously recognizes Card data source;
Label generates Sig_Seg=UIDR, PR, YR, CertR, UIDT, SigR{UIDR, UIDT, PRAs sign for prove data segment, Storage is in memory;
(8-12)Using the flow process with step 3 in specific embodiment(1)-(5)Similar operation, realizes the person of sending with charge free and label Certification and session key SCTThe negotiation of ` is generated;
(13)Label uses session key SCT` is to NC3It is encrypted with Sig_Seg and is sent to the person of sending with charge free;
The person of sending with charge free uses session key SCTThe information that ` is sent to label is decrypted, and verifies NC3To realize freshness confirmation, number According to source certification, session key confirms;
The person of sending with charge free utilizes the information in Sig_Seg, first by the public key Y of serverSThe public key certificate of checking recipient, confirms UIDR, YR, PRBetween binding relationship, then using public key YRThe Sig that signs is signed in checkingR{UIDR, UIDT, PRVerity, from And confirm addressee user authentication and sign for completing, goods is given addressee user and reclaims label.

Claims (6)

1. a kind of NFC security system for logistics distribution system, it is characterised in that including NFC logistic label, server, send out Cargo interests, logistics company cargo collection side, logistics company transfer side, the logistics company person of sending with charge free and recipient, wherein:
The NFC logistic label replaces traditional paper labels, for storing sequence information, through safety certification, believes order Breath can only be read by logistics company staff and recipient, and goods can only be designated recipient and get, and store recipient Electronic signature;
The server is used for being managed logistics company information, label information, user profile, logistics sequence information;For thing Cargo collection side of stream company, transfer side and the person of sending with charge free, and NFC logistic label and user's issue and management public key certificate;
The delivery side provides the delivery side of logistics order, recipient information, and the goods for needing to transport;
The logistics company cargo collection side is responsible for receiving the goods that delivery side needs to transport, and generates NFC logistic label;
The logistics company transfer side is responsible for, by scanning NFC logistic label, registering and transport the goods through the relay centre;
The logistics company person of sending with charge free is responsible for delivering to goods at specified recipient, checking consignee signature, reclaims NFC logistics mark Sign;
The recipient is authenticated to NFC logistic label, is confirmed logistics information and is signed electronically.
2. NFC security system according to claim 1, it is characterised in that the operation workflow of system is:
(One)System initialization
In system initialization, server and label, logistics company, recipient share the necessary information of subsequent step, including each The unique identifier of side, certification key, public key and public key certificate;
(Two)Order is generated and label information write
Generate and label information write phase in order, server is set up by network and cargo collection side and communicated, cargo collection side and label Between communication is set up by NFC, server is set up by network and recipient and is communicated;Server and cargo collection side, label complete body Part differentiates, is that label and recipient issue offline certificate;
(Three)On carriage of Cargo
During on carriage of Cargo, transfer side passes through foundation between NFC and label and communicates, and is carried out using offline mode and label two-way Certification, after certification success, label information is encrypted by the session key that both sides set up and is transferred to transfer side, and transfer side realizes Tracking and transport to the label and goods;
(Four)Goods is sent with charge free and is signed for
Send with charge free in goods and sign for the stage, between recipient and label, communication is set up by NFC, offline two-way authentication is carried out, raw Becoming session key, and sequence information is transmitted with session key, after the completion of certification, electronic signature is produced by recipient, be stored in In the memorizer of label, then being read and verify the electronic signature by the person of sending with charge free, after being verified, addressee user is given by article, Label is reclaimed.
3. NFC security system according to claim 2, it is characterised in that step(One)Idiographic flow be:
(1)Server is obtained from label manufacturer and records the UID of each labelTAnd corresponding authentication symmetric key KTS
(2)Logistics company, including cargo collection side, transfer side and the person of sending with charge free, carries out identity registration, server and logistics in the server UID shares in companyC, KCS, YC, YSServer is presented to the certificate Cert of logistics companyC=SigS{UIDC, YC, PC};
(3)Phone number is registered by recipient in the server, shares UID with serverR, KRS, YR, YS.
4. NFC security system according to claim 3, it is characterised in that step(Two)Idiographic flow be:
(1)Random number N S is produced by server1, NS2And it is sent to cargo collection side;
(2)Cargo collection side preserves NS1, by NS2It is sent to label;
(3)Label produces random number N T1, by NT1, NS2By the shared symmetric key K between serverTSIt is encrypted, will {NS2, NT1}KTS, UIDTIt is sent to cargo collection side;
(4)Cargo collection side produces random number N C1, by NC1, NS1By the shared symmetric key K between serverCSIt is encrypted, With its identity code UIDCAnd the information that label sends sends jointly to server;
(5)Server is according to UIDCSearch KCS, use KCSThe data of deciphering cargo collection side encryption, verify NS1, with this, cargo collection side is realized Certification, preserves NC1
Server is according to UIDTSearch KTS, use KTSThe data of deciphering tag encryption, verify NS2, certification is realized with this to label, is protected Deposit NT1
Server is generated and the session key S between cargo collection sideCS, using KCSEncryption UIDC, NC1, SCS
Server is generated and the session key S between labelTS, using KTSEncryption UIDT, NT1, STS;After above encryption twice Information is sent to cargo collection side;
(6)Cargo collection side KCSThe Part I information that decryption services device sends, NC1, UIDC are to realize recognizing server for checking Card, preserves session key SCS;The Part II information that server is sent is sent to label;
(7)Label KTSThe information of deciphering cargo collection side transmission, verifies NT1, UIDTSo that the certification to server is realized, session is preserved Key STS
Label produces the public private key pair X for being only used for this orderT, YT, memorizer is write, uses session key STSEncryption NS2, UIDT And public key YT, it is sent to cargo collection side;
(8)Cargo collection side session key SCSEncryption NS1, UIDCAnd sequence information m, send together with the information for sending with label To server;
(9)Server session key SCSThe Part I information that deciphering cargo collection side sends, verifies NS1, to confirm cargo collection side Receive session key SCS, generate the order number P of the orderR
Server session key STSThe Part II information that deciphering cargo collection side sends, verifies NS2, to confirm that label receives Session key STS
Server uses its private key XSTo UIDT, YTSigned, generated the public key certificate Cert of labelT;Using session key STS To NT1, UIDT, O/No. PR, logistics company identification code PC, sequence information m, the public key Y of serverSAnd the public key card of label Book CertTIt is encrypted, is sent to cargo collection side;
(10)The information that server sends is transmitted to label by cargo collection side;Label session key STSAfter deciphering, NT is verified1With true Recognize freshness and the information source of information, by PR, PC, m, YS, CertTWrite memorizer;
So far, the label information write is finished;Shared key K of label server is preserved in memory block in labelTS, label Unique identifier UIDT, the public private key pair X that only uses in this orderT, YT, O/No. PR, logistics company staff mark Know code PC, sequence information m, the public key Y of serverSAnd the public key certificate Cert of labelT
(11)Server searches the UID of recipient according to the recipient information in sequence information mR, public key YRAnd shared certification pair Claim key KRS;Generate current time stamp TS, random number N S3, session key S with this communication of recipientRS;With certification key KRS Encryption TS, NS3, UIDR, SRS, it is sent to recipient;
(12)Recipient KRSReceive information is decrypted, verifies TSAnd UIDRTo determine freshness and the certification message of message Source;Use session key SRSTo NS3, UIDRIt is encrypted, is sent to server;
(13)Server session key SRSIt is decrypted, verifies NS3To carry out key confirmation;Server uses its private key XS, To UIDR, PR, YRSigned to generate public key certificate Cert of the recipient to the orderR, the certificate is able to demonstrate that and has public affairs Key YRRecipient have the certification right to the order;
Server session key SRSTo TS, UIDR, PR, m, CertRRecipient is sent to after being encrypted;
Recipient session key SRSIt is decrypted, verifies TS, UIDRTo confirm message freshness and certification message source;By order Number PR, sequence information m, public key certificate CertRStore.
5. NFC security system according to claim 4, it is characterised in that step(Three)Idiographic flow be:
(1)Transfer side generates random number N C2, with UIDCLabel is sent jointly to, initiates the identifying procedure;
(2)Label generates random number N T2, using its private key XTTo UIDC, NC2Signed;By UIDT, label public key YT, public key Certificate CertT, NT2, SigT{UIDC, NC2It is sent to transfer side;
(3)Transfer side is first by the public key Y of serverS, the public key certificate of label is verified, verifies YTWith UIDTTie up Determine relation;Y is used afterwardsTTo the Sig that signsT{UIDC, NC2Verified, to confirm freshness the certification message source of the message;
Transfer side uses its private key XCTo UIDT, NT2Signed;By UIDC, logistics company identification code PC, public key YC, initial The public key certificate Cert for having obtained during changeC=SigS{UIDC, PC, YC, SigC{UIDT, NT2Send jointly to label;
(4)Label is first by the public key Y of serverS, the public key certificate of transfer side is verified, verifies YC, UIDCAnd work Make personnel identity PCBetween binding relationship;Y is used afterwardsCTo the Sig that signsC{UIDT, NT2Verified, to confirm the message Freshness certification message source;
Label generates the random number F for computing session keyTC, using the public key Y of transfer sideCTo UIDT, FTCAfter being encrypted It is sent to transfer side;
(5)Transfer side uses private key XCThe information sent by label is decrypted, and obtains FTC
Transfer side generates the random number F for computing session keyCT, using one-way function f, such as hash function, generate session close Key SCT=f(FTC, FCT);
Transfer side is using the public key Y of labelTTo UIDC, FTC, FCTLabel is sent to after being encrypted;
(6)Label uses private key XTThe information sent by transfer side is decrypted, and obtains FCT, verify FTCTo confirm the fresh of message Property certification message source;
Label uses one-way function f, such as hash function, generates session key SCT=f(FTC, FCT);
Label uses session key SCTTo NC2, sequence information m be encrypted after send transfer side;
Transfer side session key SCTThe information sent by label is decrypted, and verifies NC2To realize freshness confirmation, data source Certification, session key confirms;
Transfer root realizes the transports at different levels of label and goods according to the recipient address information in sequence information m, according to order number PR Realize registration and the tracking to label and goods.
6. NFC security system according to claim 5, it is characterised in that step(Four)Idiographic flow be
(1)Recipient generates random number N R1, with UIDRLabel is sent jointly to, starts verification process;
(2)Label uses private key XTTo UIDR, NR1Signed, generated SigT{UIDR, NR1, in addition generate random number N T3
Label is by UIDT, public key YT, public key certificate CertT=SigS{UIDT, YT, NT3And SigT{UIDR, NR1Be sent to and receive Side;
(3)Recipient is first by the public key Y of serverS, the public key certificate of label is verified, verifies YTWith UIDTTie up Determine relation;Y is used afterwardsTTo the Sig that signsT{UIDR, NR1Verified, to confirm freshness the certification message source of the message;
Recipient uses its private key XRTo UIDT, NT3Signed;By UIDR, order number PR, public key YR, public key certificate CertR= SigS{UIDR, PR, YR, SigR{UIDT, NT3Send jointly to label;
(4)Label is first by the public key Y of serverS, the public key certificate of recipient is verified, verifies YR, UIDRAnd order Odd numbers PRBetween binding relationship;Afterwards with YR to the Sig that signsR{UIDR, NT3Verified, to confirm the freshness of the message And certification message source;
Label generates the random number F for computing session keyTR, using the public key Y of recipientRTo UIDT, FTRAfter being encrypted It is sent to recipient;
(5)Recipient uses private key XRThe information sent by label is decrypted, and obtains FTR
Recipient generates the random number F for computing session keyRT, using one-way function f, such as hash function, generate session close Key SRT=f(FTR, FRT);
Recipient is using the public key Y of labelTTo UIDR, FTR, FRTLabel is sent to after being encrypted;
(6)Label uses private key XTThe information sent by recipient is decrypted, and obtains FRT, verify FTRTo confirm the fresh of message Property certification message source;
Label uses one-way function f, such as hash function, generates session key SRT=f(FTR, FRT);
Label uses session key SRTTo NR1, sequence information m is sent to recipient after being encrypted;
(7)Recipient session key SRTThe information sent by label is decrypted, and verifies NR1To realize freshness confirmation, number According to source certification, session key confirms;Whether the content of checking sequence information m is sent to the sequence information phase of recipient with server Meet;
Recipient uses private key XR, to UIDR, UIDT, order number PRSigned, as the proof that signs for;Using session key SRTTo NT3Encrypt with proof is signed for, be sent to label;
Label uses session key SRTThe information sent by recipient is decrypted, and verifies NT3, the freshness of confirmation simultaneously recognizes Card data source;
Label generates Sig_Seg=UIDR, PR, YR, CertR, UIDT, SigR{UIDR, UIDT, PRAs sign for prove data segment, Storage is in memory;
(8)-(12)Using with step(Three)In flow process(1)-(5)Operation, realize certification and the meeting of the person of sending with charge free and label Words key SCTThe negotiation of ` is generated;
(13)Label uses session key SCT` is to NC3It is encrypted with Sig_Seg and is sent to the person of sending with charge free;
The person of sending with charge free uses session key SCTThe information that ` is sent to label is decrypted, and verifies NC3To realize freshness confirmation, number According to source certification, session key confirms;
The person of sending with charge free utilizes the information in Sig_Seg, first by the public key Y of serverSThe public key certificate of checking recipient, confirms UIDR, YR, PRBetween binding relationship, then using public key YRThe Sig that signs is signed in checkingR{UIDR, UIDT, PRVerity, from And confirm addressee user authentication and sign for completing, goods is given addressee user and reclaims label.
CN201610914476.5A 2016-10-20 2016-10-20 NFC security system for logistics distribution system Pending CN106452516A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610914476.5A CN106452516A (en) 2016-10-20 2016-10-20 NFC security system for logistics distribution system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610914476.5A CN106452516A (en) 2016-10-20 2016-10-20 NFC security system for logistics distribution system

Publications (1)

Publication Number Publication Date
CN106452516A true CN106452516A (en) 2017-02-22

Family

ID=58175930

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610914476.5A Pending CN106452516A (en) 2016-10-20 2016-10-20 NFC security system for logistics distribution system

Country Status (1)

Country Link
CN (1) CN106452516A (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107437105A (en) * 2017-08-09 2017-12-05 哈尔滨工业大学 The safe express system of NFC and QR codes and application method of a kind of more role's whole scenes
CN108805486A (en) * 2017-05-02 2018-11-13 塔莱斯管理与服务德国有限责任公司 Method for handling freight container
CN112561422A (en) * 2020-12-04 2021-03-26 中国联合网络通信集团有限公司 Commodity transportation method, user side and key management platform based on internet unmanned aerial vehicle
CN113592346A (en) * 2021-08-11 2021-11-02 北京金和网络股份有限公司 Commodity circulation method and device
CN114357496A (en) * 2022-03-21 2022-04-15 杭州天谷信息科技有限公司 Goods transaction method, device, equipment and storage medium based on electronic contract
US12026492B2 (en) 2020-09-10 2024-07-02 Huawei Technologies Co., Ltd. Method and system for obtaining download information of application for managing IoT devices

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030144968A1 (en) * 2002-01-30 2003-07-31 Nec Corporation Logistic PKI service system, mobile terminal, logistic PKI service method used for the same, and recording medium in which corresponding program is recorded
US20070078797A1 (en) * 2005-10-11 2007-04-05 Electronics & Telecommunications Research Institute Method and system for parcel delivery in a ubiquitous environment and authenticaton server therefor
CN103353962A (en) * 2013-05-31 2013-10-16 广东科学技术职业学院 Express delivery logistics distribution management system
CN103401676A (en) * 2013-07-16 2013-11-20 中国人民解放军海军工程大学 Two-dimensional barcode-based logistics industry personal information privacy protection system and method
CN103530753A (en) * 2013-10-21 2014-01-22 北京邮电大学 Informatization express method capable of protecting privacy of client
CN105574692A (en) * 2015-12-02 2016-05-11 华南农业大学 Anonymous express information security system based on two-dimension code
CN106022673A (en) * 2016-05-05 2016-10-12 深圳市纽创信安科技开发有限公司 Logistics information security encryption method based on identity authentication and system based on identity authentication

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030144968A1 (en) * 2002-01-30 2003-07-31 Nec Corporation Logistic PKI service system, mobile terminal, logistic PKI service method used for the same, and recording medium in which corresponding program is recorded
US20070078797A1 (en) * 2005-10-11 2007-04-05 Electronics & Telecommunications Research Institute Method and system for parcel delivery in a ubiquitous environment and authenticaton server therefor
CN103353962A (en) * 2013-05-31 2013-10-16 广东科学技术职业学院 Express delivery logistics distribution management system
CN103401676A (en) * 2013-07-16 2013-11-20 中国人民解放军海军工程大学 Two-dimensional barcode-based logistics industry personal information privacy protection system and method
CN103530753A (en) * 2013-10-21 2014-01-22 北京邮电大学 Informatization express method capable of protecting privacy of client
CN105574692A (en) * 2015-12-02 2016-05-11 华南农业大学 Anonymous express information security system based on two-dimension code
CN106022673A (en) * 2016-05-05 2016-10-12 深圳市纽创信安科技开发有限公司 Logistics information security encryption method based on identity authentication and system based on identity authentication

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
宋清平: "NFC技术在物流业隐私保护和移动支付中的应用研究", 《无线互联科技》 *
徐树民等: "基于RFID系统的物流安全解决方案", 《计算机工程与设计》 *
黄春波等: "基于RFID标签安全物流信息系统模型研究", 《科技信息(科学教研)》 *

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108805486A (en) * 2017-05-02 2018-11-13 塔莱斯管理与服务德国有限责任公司 Method for handling freight container
CN108805486B (en) * 2017-05-02 2023-08-04 塔莱斯管理与服务德国有限责任公司 Method for handling freight containers
CN107437105A (en) * 2017-08-09 2017-12-05 哈尔滨工业大学 The safe express system of NFC and QR codes and application method of a kind of more role's whole scenes
CN107437105B (en) * 2017-08-09 2021-01-29 哈尔滨工业大学 Multi-role full-scene NFC and QR code safe express delivery system and use method
US12026492B2 (en) 2020-09-10 2024-07-02 Huawei Technologies Co., Ltd. Method and system for obtaining download information of application for managing IoT devices
CN112561422A (en) * 2020-12-04 2021-03-26 中国联合网络通信集团有限公司 Commodity transportation method, user side and key management platform based on internet unmanned aerial vehicle
CN113592346A (en) * 2021-08-11 2021-11-02 北京金和网络股份有限公司 Commodity circulation method and device
CN114357496A (en) * 2022-03-21 2022-04-15 杭州天谷信息科技有限公司 Goods transaction method, device, equipment and storage medium based on electronic contract

Similar Documents

Publication Publication Date Title
CN106452516A (en) NFC security system for logistics distribution system
CN105024824B (en) The generation and verification method and system of credible label based on rivest, shamir, adelman
CN102461231B (en) Program at radio mobile communication network registry radio mobile communication equipment
CN1588386B (en) System and method for realizing article information detection by radio frequency identification and mobile communication combination
CN103701610B (en) A kind of acquisition method and system for transmitting cipher key T K
CN103001773B (en) Fingerprint authentication system and fingerprint authentication method based on near field communication (NFC)
CN101589400B (en) Right management method, its system, server device used in the system, and information device terminal
CN104123624A (en) Confidential express method and system thereof
US11922743B2 (en) Logistics information processing method based on electronic lock, blockchain and waybill, and apparatus and device thereof
CN104320251B (en) A kind of offline seal information device, electronic signature management system and authentication method for using on-line authentication
CN101183439A (en) Electronic bill processing system and processing method
EP3128696B1 (en) Entity authentication method and device
CN103413159A (en) RFID electronic certificate off-line distinguishing and anti-counterfeiting implementation method and system based on CPK
US20140289129A1 (en) Method for secure contactless communication of a smart card and a point of sale terminal
CN101789068B (en) Card reader safety certification device and method
CN103914913A (en) Intelligent card application scene recognition method and system
JP2015162694A (en) Article authentication system, authentication server and article authentication method
WO2018227685A1 (en) Method and system for secure access of terminal device to internet of things
WO2013075547A1 (en) Product anti-forgery method and system, and product identity information generation method and device
CN110309663A (en) Privacy authenticating method and system based on block chain
JPH10135943A (en) Portable information storage medium, verification method and verification system
CN107609878A (en) A kind of safety certifying method and system of shared automobile
CN105682092B (en) Bidirectional authentication method based on short-distance wireless communication technology
CN105490814B (en) A kind of ticketing service real name identification method and system based on three-dimension code
CN108400874A (en) The method that the digital signature function of terminal is authenticated printed text is verified using seal

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WD01 Invention patent application deemed withdrawn after publication
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20170222