CN107231231A - A kind of method and system of terminal device secure accessing Internet of Things - Google Patents

A kind of method and system of terminal device secure accessing Internet of Things Download PDF

Info

Publication number
CN107231231A
CN107231231A CN201710462756.1A CN201710462756A CN107231231A CN 107231231 A CN107231231 A CN 107231231A CN 201710462756 A CN201710462756 A CN 201710462756A CN 107231231 A CN107231231 A CN 107231231A
Authority
CN
China
Prior art keywords
ciphertext
internet
heat transfer
frid
transfer agent
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201710462756.1A
Other languages
Chinese (zh)
Other versions
CN107231231B (en
Inventor
杜光东
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Shenglu IoT Communication Technology Co Ltd
Original Assignee
Shenzhen Shenglu IoT Communication Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Shenglu IoT Communication Technology Co Ltd filed Critical Shenzhen Shenglu IoT Communication Technology Co Ltd
Priority to CN201710462756.1A priority Critical patent/CN107231231B/en
Priority to PCT/CN2017/093224 priority patent/WO2018227685A1/en
Publication of CN107231231A publication Critical patent/CN107231231A/en
Application granted granted Critical
Publication of CN107231231B publication Critical patent/CN107231231B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • H04B5/77
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0822Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Abstract

The present invention is applied to Internet of things system information security field, and there is provided a kind of method and system of terminal device secure accessing Internet of Things.Methods described includes:The first heat transfer agent of FRID labels is read, one group of random number is called as signature key, and encrypts the signature key, the first ciphertext is obtained;Call the mark of the FRID labels, send the mark and first ciphertext of the FRID labels to Internet of things system authentication center;First heat transfer agent is encrypted, the second ciphertext is obtained, and generate the digital signature of first heat transfer agent;Send second ciphertext and with the digital signature to the Internet of things system authentication center.FRID card reader is encrypted twice to sent information in the present embodiment, it is ensured that the safety transmission of information;The digital signature of the first heat transfer agent is generated, it is convenient that sign test subsequently is carried out to it, further ensure the security of the information received by Internet of things system authentication center.

Description

A kind of method and system of terminal device secure accessing Internet of Things
Technical field
The embodiment of the present invention belongs to Internet of things system information security field, more particularly to a kind of terminal device secure accessing thing The method and system of networking.
Background technology
Internet of Things ITO (Internet of Things) is that all items are passed through REID (Radio Frequency Identification, RFID), infrared inductor, global positioning system, the sensing equipment such as laser scanner, According to the agreement of agreement, connected with internet, enter row information exchange and communicate, realize Weigh sensor, positioning, tracking, Monitoring and management.Wherein, REID is a kind of automatic identification technology progressively moved to maturity from the eighties.Its source In radio communication technology, it is identified by radio wave, combines modern computer intelligent control, Intelligent Recognition, contour New technology work application electromagnetic field spectrum frequency, identification information specific is transmitted with noncontact, no visual, highly reliable mode.In recent years by In the increasingly mature of large scale integrated circuit technology so that the volume of radio-frequency recognition system is greatly reduced, so that it is entered Practical stage, and be widely used in technology of Internet of things.
Internet of Things application can be divided into sensing network, transmission network, three layers of application network, and system application flow can divide For:Equipment or object are identified first, then realized to described equipment or object progress Weigh sensor, Weigh sensor The task and purpose of method are just to provide on various articles, equipment even transportable biological information;In order to realize this One purpose, can adhere to the letter that specification is store in RFID tag, RFID tag and has interoperability in various equipment or object Breath, when needing these equipment or object access Internet of things system, equipment or thing are attached to by RFID card reader scanning RFID tag on body, reads necessary information to be accessed in Internet of things system from the RFID tag.
Equipment or article are accessed with utilizing bar code by equipment access network by the method for Internet of things system by FRID technologies Network, which is compared, has advantages below:During using FRID labels, data can be read through exterior material without observability requirement to label, Therefore it can be worked under severe operating environment, service life is longer, information can be read simultaneously in bigger reading distance range And multiple electronic tags can be read simultaneously, the time needed for reading and writing data is short.Although using RFID tag in Internet of things system The various advantages of Shi Yongyou, but using heat transfer agent in RFID card reader acquisition RFID tag to be accessed during Internet of things system, The heat transfer agent read directly is sent into Internet of things system to be verified, the guarantor to heat transfer agent is not present during this Shield, accordingly, there exist heat transfer agent leakage or the danger being tampered.
The content of the invention
In view of the deficiencies in the prior art, the embodiments of the invention provide a kind of terminal device secure accessing Internet of Things Method and system, it is intended in the method for solving existing terminal device access Internet of things system, the heat transfer agent of FRID labels Easily it is compromised or distorts, so that it cannot be guaranteed that the problem of heat transfer agent is safe.
There is provided a kind of method of terminal device secure accessing Internet of Things, the terminal for first aspect of the embodiment of the present invention The method of equipment safety access Internet of Things includes:
The first heat transfer agent of FRID labels is read, one group of random number is called as signature key, the signature is encrypted close Key, obtains the first ciphertext;
Call the mark of the FRID labels, send the mark and first ciphertext of the FRID labels to Internet of Things system Unite authentication center;
First heat transfer agent is encrypted, the second ciphertext is obtained, and generate the digital signature of first heat transfer agent;
Second ciphertext and the digital signature are sent to the Internet of things system authentication center, so that the Internet of Things First ciphertext, the second ciphertext and the digital signature are decrypted and sign test at net system authentication center.
Preferably, the first heat transfer agent of the reading FRID labels, calls one group of random number as signature key, encryption The signature key, obtains the first ciphertext, specifically includes:
The first heat transfer agent of FRID labels is read, calls randomizer to produce one group of random number, will be described random Number is used as signature key;
Call the key prestored to encrypt the signature key, generate the first ciphertext.
Preferably, encryption first heat transfer agent, obtains the second ciphertext, and generate first heat transfer agent Digital signature, is specifically included:
Lightweight cryptographic algorithm is called, first heat transfer agent is encrypted into the second ciphertext;
Digest algorithm is called, the number of first heat transfer agent is generated by the digest algorithm and the signature key Word is signed.
Preferably, in the transmission second ciphertext and the digital signature into the Internet of things system certification The heart so that the Internet of things system authentication center first ciphertext, the second ciphertext and the digital signature are decrypted and After sign test, in addition to:
The mandate access information that Internet of things system authentication center sends is received, according to the mandate access information connection FRID Terminal device belonging to label is to Internet of Things.
Preferably, the method for the terminal device secure accessing Internet of things system also includes:
Internet of things system authentication center receives and stored the mark and first for the FRID labels that the FRID card reader is sent Ciphertext;And receive the second ciphertext and digital signature that the FRID card reader is sent;
Internet of things system authentication center decrypts first ciphertext and obtains signature key, and decrypts second ciphertext and obtain First heat transfer agent;
Internet of things system authentication center is entered by first heat transfer agent and the signature key to the digital signature Row sign test, obtains sign test result, and judge whether to send mandate access information to the FRID Card Readers according to the sign test result Device.
There is provided a kind of system of terminal device secure accessing Internet of Things, the terminal for the second aspect of the embodiment of the present invention The system of equipment safety access Internet of Things includes:FRID card reader, Internet of things system authentication center, wherein, the FRID Card Readers Device includes:
First ciphering unit, the first heat transfer agent for reading FRID labels calls one group of random number close as signing Key, encrypts the signature key, obtains the first ciphertext;
First transmitting element, the mark for calling the FRID labels sends the marks of the FRID labels and described First ciphertext is to Internet of things system authentication center;
Second ciphering unit, for encrypting first heat transfer agent, obtains the second ciphertext, and generate first sensing The digital signature of information;
Second transmitting element, for sending second ciphertext and the digital signature to the Internet of things system certification Center, so that first ciphertext, the second ciphertext and the digital signature are decrypted for the Internet of things system authentication center And sign test.
Preferably, first ciphering unit, is specifically included:
Signature key generation module, the first heat transfer agent for reading FRID labels, calls randomizer to produce One group of random number, regard the random number as signature key;
Signature key encrypting module, the key prestored for calling encrypts the signature key, generates the first ciphertext.
Preferably, second ciphering unit, is specifically included:
Second ciphertext generation module, for calling lightweight cryptographic algorithm, encrypts first heat transfer agent close into second Text;
Digital signature generation module, for calling digest algorithm, is given birth to by the digest algorithm and the signature key Into the digital signature of first heat transfer agent.
Preferably, the FRID card reader also includes:
Terminal device access unit, the mandate access information for receiving the transmission of Internet of things system authentication center, according to institute State and authorize the terminal device belonging to access information connection FRID labels to Internet of Things.
There is provided in Internet of things system certification described in a kind of Internet of things system authentication center for the third aspect of the embodiment of the present invention Pericardium is included:
Receiving unit, mark and the first ciphertext for receiving and storing the FRID labels that the FRID card reader is sent; And receive the second ciphertext and digital signature that the FRID card reader is sent;
Decryption unit, signature key is obtained for decrypting first ciphertext, is decrypted second ciphertext and is obtained the first biography Feel information;
Authorize access information generation unit, for by first heat transfer agent and the signature key to the numeral Signature carries out sign test, obtains sign test result;Judge whether to send according to the sign test result and authorize access information to the FRID Card reader.
In embodiments of the present invention, FRID card reader is received after the first heat transfer agent of FRID labels, call one group with Machine number generates first as the signature key corresponding with the first heat transfer agent of FRID labels after the signature key is encrypted Ciphertext and the mark of the FRID labels are sent collectively to Internet of Things authentication center, are protected due to having carried out encryption to it before sending The signature key is demonstrate,proved to be not modified in transmission process, and has been corresponded with the FRID labels;FRID card reader pair The first heat transfer agent encryption the second ciphertext of generation obtained, and digital signature corresponding with first heat transfer agent is generated, with Continue Internet of things system authentication center after an action of the bowels and corresponding signature key is selected to received according to the mark of the FRID labels Information carries out sign test.Encryption system is formed in FRID card reader one end during this, to first before the first heat transfer agent is sent Heat transfer agent and signature key are encrypted respectively, and encryption twice ensure that the safety transmission of information;Generate the first heat transfer agent Digital signature, it is convenient that sign test subsequently is carried out to it, further ensure the information received by Internet of things system authentication center Security.
Brief description of the drawings
Fig. 1 is FRID labels and FRID card reader operation principle schematic diagrams in the prior art;
Fig. 2 is a kind of flow chart of the method for terminal device secure accessing Internet of Things that first embodiment of the invention is provided;
Fig. 3 is a kind of flow chart of the method for terminal device secure accessing Internet of Things that second embodiment of the invention is provided;
Fig. 4 is a kind of flow chart of the method for terminal device secure accessing Internet of Things that third embodiment of the invention is provided;
Fig. 5 is a kind of information exchange signal for terminal device secure accessing Internet of Things that fourth embodiment of the invention is provided Figure;
Fig. 6 is a kind of structural frames of the system for terminal device secure accessing Internet of Things that fourth embodiment of the invention is provided Figure;
Embodiment
In order to make the purpose , technical scheme and advantage of the present invention be clearer, it is right below in conjunction with drawings and Examples The present invention is further elaborated.It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, and It is not used in the restriction present invention.
In order to illustrate technical solutions according to the invention, illustrated below by specific embodiment.
Embodiment one:
Internet of Things is passed by information such as radio frequency identification (RFID), infrared inductor, global positioning system, laser scanners Feel equipment, by the agreement of agreement, any article is connected with internet, enter row information and exchange and communicate, to realize intellectuality A kind of network concept of identification, positioning, tracking, monitoring and management.Wherein radio RF recognition technology general principle is to utilize to penetrate Frequency signal and Space Coupling (inductance or electromagnetic coupled) transmission characteristic, realize the automatic identification to being identified object.Less radio-frequency Identifying system is made up of electronic tag and the part of read write line (card reader) two as shown in figure 1, in its practical application, electronics mark Label are attached to the surface or inside of identified object, and when the object passes through read write line sphere of action with label, read write line can To be realized with the information of storage inside cordless reading electronic labels or by tentation data write-in electronic tag to band mark Sign object automatic identification and the function of automatic data collection.The information being collected into is sent to data management system (thing by read write line Networked system) it is that can be achieved various objects passing through network connection.But the information being collected into is sent to thing in read write line There is the possibility that data leak or data are tampered during networked system, therefore, provide in the first embodiment of the invention A kind of method of terminal device secure accessing Internet of Things, as shown in Fig. 2 wherein:
Step S21, reads the first heat transfer agent of FRID labels, calls one group of random number as signature key, encrypts institute Signature key is stated, the first ciphertext is obtained;
In the step, the scanning of FRID card reader will access the RFID tag adhered on the terminal device of Internet of Things, read The heat transfer agent included in RFID tag, i.e. the first heat transfer agent, first heat transfer agent include title, the type of terminal device Number, terminal device for exclusive identification code, the opening information such as authority.According to first heat transfer agent, RFID is called to read One group of random number in randomizer in card device, it is corresponding with first heat transfer agent to set the random number Signature key.Because random number has randomness, all there is certain difference in the random number produced every time, therefore, be read in RFID , can be with using a random number as the signature key of the heat transfer agent of group first when card device reads one group of first heat transfer agent The first heat transfer agent is set to be corresponded with signature key.The signature key is sent to the authentication center of Internet of things system, uses In checking subsequently to the true uniqueness of the first heat transfer agent.
In order to avoid signature key is tampered during sending to Internet of things system, the signature key is carried out first Encryption is to generate the first ciphertext.The public key of the Internet of things system prestored is called to carry out the signature key during encryption Encryption;The public key of the Internet of things system is stored in advance in the RFID card reader.Utilize the Internet of things system prestored Public key the signature key is encrypted the first ciphertext of generation, sending the process of first ciphertext to Internet of things system Even if in first ciphertext obtained by lack of competence terminal, because lack of competence terminal can not know the private key of Internet of things system, because This, can not also obtain the information of the signature key in the first ciphertext, it is ensured that signature key in information exchanging process safety, Uniqueness.
Preferably, the first heat transfer agent of the reading FRID labels, calls one group of random number as signature key, encryption The signature key, obtains the first ciphertext, specifically includes:
The first heat transfer agent of FRID labels is read, calls randomizer to produce one group of random number, will be described random Number is used as signature key;
Call the key prestored to encrypt the signature key, generate the first ciphertext.
Specifically, it is first in order that being capable of the carry out information transmission of safety between FRID card reader and Internet of Things authentication center Encryption system first is set up in FRID card reader one end, when FRID card reader reads heat transfer agent, is called in encryption system One group of random number that randomizer is produced, using the random number as corresponding with the first heat transfer agent that this reads Signature key, the signature key is used for the follow-up sign test to the first heat transfer agent after processing.For the signature key of generation Call the key prestored in encryption system that it is encrypted, generate the first ciphertext, during follow-up is transmitted First ciphertext is sent, to ensure security of the signature key in information exchanging process.
Step S22, calls the mark of the FRID labels, send the mark and first ciphertext of the FRID labels to Internet of things system authentication center;
In the step, after to signature key encryption the first ciphertext of generation, the mark of the FRID labels, the mark are called Know for carrying out uniquely tagged to the FRID labels, and mark is generated together when FRID labels are generated, the mark is solid It is scheduled on immutable in FRID labels.Can be merely when generating the mark of FRID labels be sorted using digital size is generated The generation time of FRID labels and place, can also be combined the mark of generation FRID labels by the mark of FRID labels, such as right The FRID labels produced in different company can mark the exclusive mark of company first, when then marking the generation of FRID labels again Between, it can be in sequence labeled in behind the exclusive mark of company for the label that the same time generates and finally constitute FRID The mark of label.When FRID labels are generated generate its mark, and identified be fixed on it is immutable in FRID labels, i.e., The uniquely tagged to FRID labels is formed, when by this FRID label VAS application -to-terminal service equipment and terminal device is connected to Internet of Things After in net system, you can carry out unique mark to the terminal device in Internet of things system.
In the step, Internet of Things authentication center is arrived during the mark of FRID labels and the first ciphertext are sent, so as to follow-up thing Networked system authentication center, which receives, calls the first corresponding ciphertext to carry out sign test to it during with the FRID label informations.
Step S23, encrypts first heat transfer agent, obtains the second ciphertext, and generate the number of first heat transfer agent Word is signed;
In the step, in order that obtained the first heat transfer agent of FRID card reader be capable of safety be sent to Internet of things system Authentication center, sets up encryption system at FRID card reader end first, and first heat transfer agent is encrypted.
Preferably, encryption first heat transfer agent, obtains the second ciphertext, and generate first heat transfer agent Digital signature, is specifically included:
Lightweight cryptographic algorithm is called, the heat transfer agent is encrypted into the second ciphertext;
Digest algorithm is called, first heat transfer agent is encrypted with life by the digest algorithm and the signature key Into the digital signature of the heat transfer agent.
Specifically, the first heat transfer agent obtained for FRID card reader, calls and is stored in advance in FRID card reader one end Encryption system in lightweight cryptographic algorithm it is encrypted, lightweight cryptographic algorithm has that execution efficiency is high, calculate money Source consumption is few, the features such as adaptable, and the lightweight cryptographic algorithm can be RC4 algorithms or block cipher in stream cipher PRESENT algorithms in algorithm etc., are not limited herein;Can the first heat transfer agent that FRID card reader is obtained is encrypted First heat transfer agent is judged in advance, if the first acquired heat transfer agent is not high for security requirement, or Need that quickly it is encrypted, then the RC4 in the stream cipher prestored in FRID card reader encryption systems can be called to calculate It is encrypted method, and for example FRID card reader is obtained to individual first heat transfer agent, it is necessary to enter in a short time to it simultaneously Row processing, and the first heat transfer agent obtained is general to security requirement when carrying out message transmission, then can both call RC4 algorithms in stream cipher are encrypted.If the first heat transfer agent that FRID card reader is obtained requires high in information transmission Security, but can then call the PRESENT algorithms in block cipher that fortune is encrypted without particular/special requirement processing time Calculate, to ensure its security.Further, the digest algorithm in FRID card reader encryption systems is called to believe from the described first sensing Breath one hashed value of generation, digital signature is generated after the hashed value of generation is encrypted by signature key.
In the step, when the first heat transfer agent is encrypted, judged by the first heat transfer agent to acquisition, Suitable lightweight encryption algorithm is selected, on the premise of transmission, FRID Card Readers can be improved safely ensureing the first heat transfer agent Device is to the treatment effeciency of the first heat transfer agent received, and while the first heat transfer agent is encrypted, generation the The digital signature of one heat transfer agent, to facilitate follow-up Internet of things system authentication center to the first heat transfer agent after the encryption of reception Judgement and sign test.
Step S24, send the identifying of the FRID labels, second ciphertext and and the digital signature to the thing Networked system authentication center, so that the Internet of things system authentication center solves to second ciphertext and the digital signature Close and sign test.
In the step, FRID card reader will encrypt obtained the second ciphertext of the first heat transfer agent, digital signature and with institute The mark for stating the corresponding FRID labels of heat transfer agent is sent to Internet of things system authentication center together.In transmission process, if FRID card reader obtains the first heat transfer agent of multiple FRID labels and it is handled simultaneously, then according to presetting Transmission rule to many parts handle after the first heat transfer agent be transmitted.
Alternatively, the rule set in advance that sends can be for by the power of the signal of the first acquired heat transfer agent To send the first heat transfer agent after processing to Internet of Things authentication center;When the signal of first heat transfer agent is stronger, in certain journey Illustrate that it is easier by access Internet of things system on degree, processing first is easily accessed the terminal device of Internet of things system, Ke Yijie About the stand-by period of subsequent terminal equipment access, improve the access efficiency of access Internet of things system.The transmission set in advance Rule can also be:The time-sequencing of the first heat transfer agent obtained according to FRID card reader senses to send first after processing Information is to Internet of Things authentication center;On the FRID labels for a certain terminal device that FRID card reader is got for the very first time First heat transfer agent, can be carried out such as step S21- steps S23 processing to it, relative to the end of rear acquisition immediately after the acquisition The first heat transfer agent on the FRID labels of end equipment, can earlier transmission processing after result into Internet of things system certification The heart, so as to reduce the processing task backlog of FRID card reader one end.Certainly sent also according to situation alternate selection above two Rule.What kind of is specifically selected, which send rule, to be selected according to actual conditions, do not limited herein.In the step, , can be according to reality when sending mark, the second ciphertext and the digital signature of FRID labels to the Internet of things system authentication center The rule that border situation selection is sent, can both meet the need for terminal device quickly accesses Internet of things system or can reduce FRID readings The task quantity of the first pending heat transfer agent of card device one end.
FRID card reader one end is set after encryption system, the first heat transfer agent for receiving FRID labels in the present embodiment, Call the one group of random number produced in randomizer close as the signature corresponding with the first heat transfer agent of FRID labels Key, the mark that the first ciphertext and the FRID labels are generated after the signature key is encrypted is sent collectively in Internet of Things certification The heart, ensures that the signature key is not modified in transmission process due to having carried out encryption to it before sending, and with it is described FRID labels are corresponded;For the terminal device of the Internet of things system to be accessed received, will from the terminal device pair The first heat transfer agent encryption the second ciphertext of generation obtained in the FRID labels answered, and generate corresponding with first heat transfer agent Digital signature, be sent to the identifying of the FRID labels, described second when Internet of things system authentication center is judged Ciphertext and the digital signature are sent together, so as to mark of the follow-up Internet of things system authentication center according to the FRID labels Corresponding signature key is selected to carry out sign test to received information.Encryption system is formed during this in FRID card reader one end System, the first heat transfer agent and signature key are encrypted respectively before the first heat transfer agent is sent, and encryption twice ensure that letter The safety transmission of breath;The digital signature of the first heat transfer agent is generated, it is convenient that sign test subsequently is carried out to it, further ensure Internet of Things The security of information received by net system authentication center.
Embodiment two:
Fig. 3 shows a kind of flow of the method for terminal device secure accessing Internet of Things that second embodiment of the invention is provided Figure, methods described as shown in Figure 3 includes:
Step S31, reads the first heat transfer agent of FRID labels, calls one group of random number as signature key, encrypts institute Signature key is stated, the first ciphertext is obtained;
Step S32, calls the mark of the FRID labels, sends the mark and first ciphertext to Internet of things system Authentication center;
Step S33, encrypts first heat transfer agent, obtains the second ciphertext, and generate the number of first heat transfer agent Word is signed;
Step S34, send the identifying of the FRID labels, second ciphertext and and the digital signature to the thing Networked system authentication center, so that the Internet of things system authentication center solves to second ciphertext and the digital signature Close and sign test;
Wherein, step 31- steps 34 distinguish corresponding with step 21- steps 24 in embodiment one, will not be repeated here.
Step S35, receives the mandate access information that Internet of things system authentication center sends, according to the mandate access information The terminal device belonging to FRID labels is connected to Internet of things system.
In the step, authorization terminal is sent by rear to received authentification of message in Internet of things system authentication center Equipment access Internet of things system mandate access information, FRID card reader receive it is described mandate access information after call with it is described The mark of the corresponding FRID labels of access information is authorized, is selected by the mark of the FRID labels and confirms that corresponding terminal is set Standby access.The terminal device of Internet of things system authentication center to be accessed is confirmed by the mark of FRID labels, reduced The probability of wrong access.
Embodiment three:
Fig. 4 shows a kind of flow of the method for terminal device secure accessing Internet of Things that third embodiment of the invention is provided Figure, details are as follows:
Step S41, Internet of things system authentication center receives and stored the mark for the FRID labels that the FRID card reader is sent Know and the first ciphertext;And receive the second ciphertext and digital signature that the FRID card reader is sent;
In the step, Internet of things system authentication center receives the mark and for the FRID labels that the FRID card reader is sent One ciphertext, and the mark and the first ciphertext of the FRID labels are stored in memory, in the mark to the FRID labels When being stored with the first ciphertext, analyze the mark of the FRID labels, according to the FRID labels mark it is different classes of Classification is stored.For example on areal terminal device accompanying label according to the manufacturer of the mark of FRID labels not Classified with storage of being classified, or according to the equipment accompanying by FRID labels;Specifically to Internet of things system authentication center The classification storage method of the first heat transfer agent after the processing received is not limited.The mark of FRID labels is contributed to quickly The mark for finding the FRID labels to be called, and then the corresponding signature key of quick calling.
Step S42, Internet of things system authentication center decrypts first ciphertext and obtains signature key, and decrypts described second Ciphertext obtains the first heat transfer agent;
Specifically, the decryption of Internet of Things authentication center is received the first ciphertext and the second ciphertext, respectively obtain signature key With the first heat transfer agent, the FRID for being collectively stored in Internet of things system authentication center with the first ciphertext is called to mark first before decryption The mark of label and be sent collectively to the second ciphertext Internet of things system authentication center FRID labels mark, contrast the two whether Unanimously, when the two is consistent, illustrate that the first ciphertext and the second ciphertext to be decrypted belongs to the information of a FRID label.Then The first ciphertext and the second ciphertext that belong to a FRID label are decrypted again.
Step S43, Internet of things system authentication center is by first heat transfer agent and the signature key to the number Word signature carries out sign test, obtains sign test result, and judge whether to send mandate access information described according to the sign test result FRID card reader.
Specifically, decryption is obtained after the first heat transfer agent and signature key, is called and is stored in advance in Internet of things system certification The digest algorithm at center calculates one group of hashed value of first heat transfer agent, is clear describe referred to here as the hashed value For the first hashed value;Sign test is carried out to the digital signature by the signature key and equally draws one group of hashed value, is called Second hashed value;Contrast the first hashed value whether identical with the second hashed value, when the two is identical, illustrate and the second hashed value pair The digital signature answered is generated by the first heat transfer agent corresponding with the first hashed value, and first heat transfer agent is being passed It is not tampered with during passing, so as to complete the sign test to the digital signature.It is raw when first heat transfer agent is not tampered with The mandate incoming instruction of Internet of things system is accessed into the corresponding FRID labels of first heat transfer agent are authorized, and sends described Incoming instruction is authorized to FRID card reader, to ensure the access Internet of things system of the FRID tag securities.
Internet of things system center is to the firstth ciphertext, the second ciphertext and the digital signature that receive in the embodiment of the present invention It is decrypted respectively and sign test, first determines whether whether the first ciphertext and the second ciphertext belong to the letter of a FRID label during decryption Breath, is then decrypted, it is ensured that the signature key and the first heat transfer agent after decryption are corresponding again;Because digital signature is represented The feature of file, file is in the event of changing, and digital signature will also change, therefore by the sign test to digital signature, Both it ensure that digital signature and the first heat transfer agent came from same FRID labels, the first heat transfer agent of the receiving can ensure that again Integrality and primitiveness.So as to reaffirm the security of the first heat transfer agent transmittance process.
Example IV:
Fig. 5 shows a kind of information exchange figure of above-mentioned terminal device secure accessing Internet of things system, and details are as follows:
In step s 51, FRID card reader obtains the first heat transfer agent in FRID labels, and calls one group of random number work For signature key;
FRID card reader passes through scanning or sense for the terminal device of Internet of things system to be accessed in embodiments of the present invention Know that FRID labels obtain the first heat transfer agent, one group of random number work is then obtained from the randomizer in FRID card reader For signature key corresponding with the first acquired heat transfer agent.
In step S52, FRID card reader encrypts the signature key and obtains the first ciphertext, and calls the mark of FRID labels Know;
FRID card reader is encrypted to the signature key by the key prestored and obtained in the embodiment of the present invention First ciphertext, to ensure security of the signature key in information exchanging process;Then the mark of FRID labels is called, it is described The mark of FRID labels is used to carry out uniquely tagged to FRID labels.
In step S53, FRID card reader sends the FRID labels and first ciphertext to Internet of things system certification Center;
FRID card reader is with Internet of things system authentication center by wireless connection, and alternatively, above-mentioned wireless connection can be Based on infrared, bluetooth, Wireless Fidelity (Wireless-Fidelity, Wi-Fi), ZigBee protocol (Zigbee) or chirp agreement Connection, wherein, above-mentioned chirp agreement is a kind of Internet of Things fidonetFido of lightweight, based on above-mentioned chirp agreement propagate data be Chirp data, above-mentioned chirp data only comprising minimum expense load, transmission directional arrow, simple nonuniqueness address and It is suitable to verify and be a kind of lightweight, propagate extensive packet.Certainly, FRID card reader can also pass through other sides Formula is connected with Internet of things system authentication center, is not construed as limiting herein.
In step S54, Internet of things system authentication center receives and stores the mark and described first of the FRID labels Ciphertext;
In step S55, FRID card reader is encrypted to first heat transfer agent and obtains the second ciphertext, and generates institute State the digital signature of the first heat transfer agent;
FRID card reader is encrypted and obtains the second ciphertext first to the first acquired heat transfer agent in the present embodiment, and The digital signature of first heat transfer agent is obtained, wherein described first passes information by FRID card reader by scanning or perceiving FRID labels are obtained.Specific ciphering process can refer to above-mentioned steps S23 implementation process, and here is omitted.
In step S56, FRID card reader sends the FRID labels, second ciphertext and the digital signature to thing Networked system authentication center;Information exchanging process is repeated no more with reference to the implementation process of above-mentioned steps 53 in the step.
In step S57, stored the first ciphertext is decrypted by Internet of Things authentication center, and the second ciphertext to receiving and Digital signature is decrypted and sign test;Sign test by when generation authorize access information;
In the embodiment of the present invention, Internet of things system authentication center decrypts the first ciphertext and obtains signature key first, then solves Close second ciphertext obtains the first heat transfer agent, and digital signature is entered by resulting the first signature key and the first heat transfer agent Row sign test, to confirm the primitiveness of the first heat transfer agent.To the digital signature sign test by when, generate authorization terminal equipment Access the mandate access information of Internet of Things authentication center.
In step S58, Internet of things system authentication center, which sends, authorizes access information to FRID card reader;
In step S59, FRID card reader is according to received mandate access information, connection terminal device to Internet of Things System.
As can be seen here, in the embodiment of the present invention, by being sensed to acquired first at FRID card reader end and signing close Key is encrypted respectively, and obtains the signature key of the first heat transfer agent, then sends the information after encryption and digital signature Decryption twice is carried out to Internet of things system authentication center, then by Internet of things system authentication center and to the sign test of digital signature, than Bag saves security when FRID card reader carries out information transmission to the first heat transfer agent of acquisition, it is ensured that terminal device secure accessing Internet of things system.
It should be understood that in embodiments of the present invention, the size of the sequence number of above-mentioned each process is not meant to the elder generation of execution sequence Afterwards, the execution sequence of each process should be determined with its function and internal logic, the implementation process structure without tackling the embodiment of the present invention Limited into any.
Embodiment five:
Fig. 6 shows that fifth embodiment of the invention provides a kind of structural frames of the system of terminal device secure accessing Internet of Things Figure, for convenience of description, illustrate only the part related to the embodiment of the present invention.
As shown in fig. 6, a kind of system of terminal device secure accessing Internet of things system includes:FRID card reader 61, Internet of things system authentication center 62, wherein the FRID card reader includes:First ciphering unit 611, the first transmitting element 612, Second ciphering unit 613, the second transmitting element 614, wherein:
First ciphering unit 611, the first heat transfer agent for reading FRID labels calls one group of random number as signature Key, encrypts the signature key, obtains the first ciphertext;
Specifically, FRID card reader scanning will access the RFID tag adhered on the terminal device of Internet of Things, read RFID The heat transfer agent included in label, i.e. the first heat transfer agent, the title of first heat transfer agent including terminal device, model, Terminal device for exclusive identification code, the opening information such as authority.According to the first heat transfer agent, call in RFID card reader Randomizer in one group of random number, set the random number close for the signature corresponding with first heat transfer agent Key.Because random number has randomness, all there is certain difference in the random number produced every time, therefore, be read in RFID card reader When getting one group of first heat transfer agent, using a random number as the signature key of the heat transfer agent of group first, first can be made Heat transfer agent is corresponded with signature key.The signature key is sent to the authentication center of Internet of things system, for follow-up Checking to the true uniqueness of the first heat transfer agent.
In order to avoid signature key is tampered during sending to Internet of things system, the signature key is carried out first Encryption is to generate the first ciphertext.The public key of the Internet of things system prestored is called to carry out the signature key during encryption Encryption;The public key of the Internet of things system is stored in advance in the RFID card reader.Utilize the Internet of things system prestored Public key the signature key is encrypted the first ciphertext of generation, sending the process of first ciphertext to Internet of things system Even if in first ciphertext obtained by lack of competence terminal, because lack of competence terminal can not know the private key of Internet of things system, because This, can not also obtain the information of the signature key in the first ciphertext, it is ensured that signature key in information exchanging process safety, Uniqueness.
Preferably, first ciphering unit 612, is specifically included:
Signature key generation module, the first heat transfer agent for reading FRID labels, calls randomizer to produce One group of random number, regard the random number as signature key;
Signature key encrypting module, the key prestored for calling encrypts the signature key, generates the first ciphertext.
Specifically, it is first in order that being capable of the carry out information transmission of safety between FRID card reader and Internet of Things authentication center Encryption system first is set up in FRID card reader one end, when FRID card reader reads heat transfer agent, is called in encryption system One group of random number that randomizer is produced, using the random number as corresponding with the first heat transfer agent that this reads Signature key, the signature key is used for the follow-up sign test to the first heat transfer agent after processing.For the signature key of generation Call the key prestored in encryption system that it is encrypted, generate the first ciphertext, during follow-up is transmitted First ciphertext is sent, to ensure security of the signature key in information exchanging process.
First transmitting element 612, the mark for calling the FRID labels sends mark and the institute of the FRID labels The first ciphertext is stated to Internet of things system authentication center;
Specifically, after to signature key encryption the first ciphertext of generation, the mark of the FRID labels, the mark are called For carrying out uniquely tagged to the FRID labels, and mark is generated together when FRID labels are generated, the mark is fixed It is immutable in FRID labels.Can be merely when generating the mark of FRID labels be sorted using digital size is generated The generation time of FRID labels and place, can also be combined the mark of generation FRID labels by the mark of FRID labels, such as right The FRID labels produced in different company can mark the exclusive mark of company first, when then marking the generation of FRID labels again Between, it can be in sequence labeled in behind the exclusive mark of company for the label that the same time generates and finally constitute FRID The mark of label.When FRID labels are generated generate its mark, and identified be fixed on it is immutable in FRID labels, i.e., The uniquely tagged to FRID labels is formed, in terminal device during this FRID label is applied to and terminal device is connected to thing After in networked system, you can carry out unique mark to the terminal device in Internet of things system.
Arrive Internet of Things authentication center, in the mark of FRID labels and the first ciphertext being sent in the embodiment of the present invention with after an action of the bowels Continuous things system net authentication center, which receives, calls the first corresponding ciphertext to carry out it during with the FRID label informations Sign test.
Second ciphering unit 613, for encrypting first heat transfer agent, obtains the second ciphertext, and generate described first The digital signature of heat transfer agent;
In order that obtained the first heat transfer agent of FRID card reader be capable of safety be sent to Internet of things system authentication center, Encryption system is set up at FRID card reader end first, first heat transfer agent is encrypted.
Preferably, second ciphering unit 613, is specifically included:
Second ciphertext generation module, for calling lightweight cryptographic algorithm, encrypts first heat transfer agent close into second Text;
Digital signature generation module, for calling digest algorithm, is given birth to by the digest algorithm and the signature key Into the digital signature of first heat transfer agent.
Specifically, the first heat transfer agent obtained for FRID card reader, calls and is stored in advance in FRID card reader one end Encryption system in lightweight cryptographic algorithm it is encrypted, lightweight cryptographic algorithm has that execution efficiency is high, calculate money Source consumption is few, the features such as adaptable, and the lightweight cryptographic algorithm can be RC4 algorithms or block cipher in stream cipher PRESENT algorithms in algorithm etc., are not limited herein;Can the first heat transfer agent that FRID card reader is obtained is encrypted First heat transfer agent is judged in advance, if the first acquired heat transfer agent is not high for security requirement, or Need that quickly it is encrypted, then the RC4 in the stream cipher prestored in FRID card reader encryption systems can be called to calculate It is encrypted method, and for example FRID card reader is obtained to individual first heat transfer agent, it is necessary to enter in a short time to it simultaneously Row processing, and the first heat transfer agent obtained is general to security requirement when carrying out message transmission, then can both call RC4 algorithms in stream cipher are encrypted.If the first heat transfer agent that FRID card reader is obtained requires high in information transmission Security, but can then call the PRESENT algorithms in block cipher that fortune is encrypted without particular/special requirement processing time Calculate, to ensure its security.Further, the digest algorithm in FRID card reader encryption systems is called to believe from the described first sensing Breath one hashed value of generation, digital signature is generated after the hashed value of generation is encrypted by signature key.
In the embodiment of the present invention when the first heat transfer agent is encrypted, carried out by the first heat transfer agent to acquisition Judge, select suitable lightweight encryption algorithm, on the premise of transmission, FRID can be improved safely ensureing the first heat transfer agent Card reader is given birth to the treatment effeciency of the first heat transfer agent received, and while the first heat transfer agent is encrypted Into the digital signature of the first heat transfer agent, to facilitate follow-up Internet of things system authentication center to the first sensing after the encryption of reception The judgement of information and sign test.
Second transmitting element 614, for sending second ciphertext and the digital signature to the Internet of things system Authentication center, so that the Internet of things system authentication center is carried out to first ciphertext, the second ciphertext and the digital signature Decryption and sign test.
In the step, FRID card reader will encrypt obtained the second ciphertext of the first heat transfer agent, digital label and with institute The mark for stating the corresponding FRID labels of heat transfer agent is sent to Internet of things system authentication center together.In transmission process, if FRID card reader obtains the first heat transfer agent of multiple FRID labels and it is handled simultaneously, then according to presetting Transmission rule to many parts handle after the first heat transfer agent be transmitted.
Alternatively, the rule set in advance that sends can be for by the power of the signal of the first acquired heat transfer agent To send the first heat transfer agent after processing to Internet of Things authentication center;When the signal of first heat transfer agent is stronger, in certain journey Illustrate that it is easier by access Internet of things system on degree, processing first is easily accessed the terminal device of Internet of things system, Ke Yijie About the stand-by period of subsequent terminal equipment access, improve the access efficiency of access Internet of things system.The transmission set in advance Rule can also be:The time-sequencing of the first heat transfer agent obtained according to FRID card reader senses to send first after processing Information is to Internet of Things authentication center;On the FRID labels for a certain terminal device that FRID card reader is got for the very first time First heat transfer agent, can be carried out such as step S21- steps S23 processing to it, relative to the end of rear acquisition immediately after the acquisition The first heat transfer agent on the FRID labels of end equipment, can earlier transmission processing after result into Internet of things system certification The heart, so as to reduce the processing task backlog of FRID card reader one end.Certainly sent also according to situation alternate selection above two Rule.What kind of is specifically selected, which send rule, to be selected according to actual conditions, do not limited herein.In the step, , can be according to reality when sending mark, the second ciphertext and the digital signature of FRID labels to the Internet of things system authentication center The rule that border situation selection is sent, can both meet the need for terminal device quickly accesses Internet of things system or can reduce FRID readings The task quantity of the first pending heat transfer agent of card device one end.
FRID card reader one end is set after encryption system, the first heat transfer agent for receiving FRID labels in the present embodiment, Call the one group of random number produced in randomizer close as the signature corresponding with the first heat transfer agent of FRID labels Key, the mark that the first ciphertext and the FRID labels are generated after the signature key is encrypted is sent collectively in Internet of Things certification The heart, ensures that the signature key is not modified in transmission process due to having carried out encryption to it before sending, and with it is described FRID labels are corresponded;For the terminal device of the Internet of things system to be accessed received, will from the terminal device pair The first heat transfer agent encryption the second ciphertext of generation obtained in the FRID labels answered, and generate corresponding with first heat transfer agent Digital signature, be sent to the identifying of the FRID labels, described second when Internet of things system authentication center is judged Ciphertext and the digital signature are sent together, so as to mark of the follow-up Internet of things system authentication center according to the FRID labels Corresponding signature key is selected to carry out sign test to received information.Encryption system is formed during this in FRID card reader one end System, the first heat transfer agent and signature key are encrypted respectively before the first heat transfer agent is sent, and encryption twice ensure that letter The safety transmission of breath;The digital signature of the first heat transfer agent is generated, it is convenient that sign test subsequently is carried out to it, further ensure Internet of Things The security of information received by net system authentication center.
Optionally, the FRID card reader, in addition to:
Terminal device access unit, the mandate access information for receiving the transmission of Internet of things system authentication center, according to institute State and authorize the terminal device belonging to access information connection FRID labels to Internet of things system.
In the present embodiment, received authentification of message is sent and authorized eventually by rear in Internet of things system authentication center End equipment accesses the mandate access information of Internet of things system, and FRID card reader is called and institute after receiving the mandate access information The mark for authorizing the corresponding FRID labels of access information is stated, is selected by the mark of the FRID labels and confirms corresponding terminal The access of equipment.The terminal device of Internet of things system authentication center to be accessed is confirmed by the mark of FRID labels, subtracted The probability of wrong access is lacked.
The Internet of things system authentication center includes:Receiving unit 621, decryption unit 622, mandate access information generation are single Member 623, wherein:
Receiving unit 621, the mark and first for receiving and storing the FRID labels that the FRID card reader is sent is close Text;And receive the second ciphertext and digital signature that the FRID card reader is sent;
In the embodiment of the present invention, Internet of things system authentication center receives the mark for the FRID labels that the FRID card reader is sent Know and the first ciphertext, and the mark and the first ciphertext of the FRID labels are stored in memory, to the FRID labels Mark and the first ciphertext when being stored, analyze the mark of the FRID labels, according to the FRID labels mark not Generic classification is stored.For example on areal terminal device accompanying label is according to the production of the mark of FRID labels The different storages of being classified of producer, or classified according to the equipment accompanying by FRID labels;Specifically Internet of things system is recognized The classification storage method of the first heat transfer agent after the processing that card center is received is not limited.The mark of FRID labels is helped In the mark for quickly finding the FRID labels to be called, and then the corresponding signature key of quick calling.
Decryption unit 622, signature key is obtained for decrypting first ciphertext, is decrypted second ciphertext and is obtained first Heat transfer agent;
In the embodiment of the present invention, the first ciphertext and the second ciphertext that the decryption of Internet of Things authentication center is received are respectively obtained Signature key and the first heat transfer agent, call and are collectively stored in Internet of things system authentication center with the first ciphertext first before decryption FRID labels mark and be sent collectively to the second ciphertext Internet of things system authentication center FRID labels mark, contrast Whether the two consistent, when the two is consistent, illustrates that the first ciphertext and the second ciphertext to be decrypted belongs to FRID label Information.Then the first ciphertext and the second ciphertext that belong to a FRID label are decrypted again.
Authorize access information generation unit 623, for by first heat transfer agent and the signature key to described Digital signature carries out sign test, obtains sign test result;Judge whether to send according to the sign test result and authorize access information described in FRID card reader.
During the present invention is implemented, decryption is obtained after the first heat transfer agent and signature key, is called and is stored in advance in Internet of Things system The digest algorithm of system authentication center calculates one group of hashed value of first heat transfer agent, is clear describe referred to here as described Hashed value is the first hashed value;Sign test is carried out to the digital signature by the signature key and equally draws one group of hashed value, It is called the second hashed value;Contrast the first hashed value whether identical with the second hashed value, when the two is identical, illustrate to dissipate with second The corresponding digital signature of train value is generated by the first heat transfer agent corresponding with the first hashed value, and the first sensing letter Breath is not tampered with transmittance process, so as to complete the sign test to the digital signature.Do not usurped in first heat transfer agent When changing, generation authorizes the mandate incoming instruction that the corresponding FRID labels of first heat transfer agent access Internet of things system, and The mandate incoming instruction is sent to FRID card reader, to ensure the access Internet of things system of the FRID tag securities.
Internet of things system center is to the firstth ciphertext, the second ciphertext and the digital signature that receive in the embodiment of the present invention It is decrypted respectively and sign test, first determines whether whether the first ciphertext and the second ciphertext belong to the letter of a FRID label during decryption Breath, is then decrypted, it is ensured that the signature key and the first heat transfer agent after decryption are corresponding again;Because digital signature is represented The feature of file, file is in the event of changing, and digital signature will also change, therefore by the sign test to digital signature, Both it ensure that digital signature and the first heat transfer agent came from same FRID labels, the first heat transfer agent of the receiving can ensure that again Integrality and primitiveness.So as to reaffirm the security of the first heat transfer agent transmittance process.
Those of ordinary skill in the art are it is to be appreciated that the list of each example described with reference to the embodiments described herein Member and algorithm steps, can be realized with the combination of electronic hardware or computer software and electronic hardware.These functions are actually Performed with hardware or software mode, depending on the application-specific and design constraint of technical scheme.Professional and technical personnel Described function can be realized using distinct methods to each specific application, but this realization is it is not considered that exceed The scope of the present invention.
It is apparent to those skilled in the art that, for convenience and simplicity of description, the system of foregoing description, The specific work process of device and unit, may be referred to the corresponding process in preceding method embodiment, will not be repeated here.
, can be with several embodiments provided herein, it should be understood that disclosed systems, devices and methods Realize by another way.For example, device embodiment described above is only schematical, for example, the unit Divide, only a kind of division of logic function there can be other dividing mode when actually realizing, such as multiple units or component Another system can be combined or be desirably integrated into, or some features can be ignored, or do not perform.It is another, it is shown or The coupling each other discussed or direct-coupling or communication connection can be the indirect couplings of device or unit by some interfaces Close or communicate to connect, can be electrical, machinery or other forms.
The unit illustrated as separating component can be or may not be it is physically separate, it is aobvious as unit The part shown can be or may not be physical location, you can with positioned at a place, or can also be distributed to multiple On NE.Some or all of unit therein can be selected to realize the mesh of this embodiment scheme according to the actual needs 's.
In addition, each functional unit in each embodiment of the invention can be integrated in a processing unit, can also That unit is individually physically present, can also two or more units it is integrated in a unit.
If the function is realized using in the form of SFU software functional unit and is used as independent production marketing or in use, can be with It is stored in a computer read/write memory medium.Understood based on such, technical scheme is substantially in other words The part contributed to prior art or the part of the technical scheme can be embodied in the form of software product, the meter Calculation machine software product is stored in a storage medium, including some instructions are to cause a computer equipment (can be individual People's computer, server, or network equipment etc.) perform all or part of step of each of the invention embodiment methods described. And foregoing storage medium includes:USB flash disk, mobile hard disk, read-only storage (ROM, Read-Only Memory), arbitrary access are deposited Reservoir (RAM, Random Access Memory), magnetic disc or CD etc. are various can be with the medium of store program codes.
The foregoing is only a specific embodiment of the invention, but protection scope of the present invention is not limited thereto, any Those familiar with the art the invention discloses technical scope in, change or replacement can be readily occurred in, should all be contained Cover within protection scope of the present invention.Therefore, protection scope of the present invention described should be defined by scope of the claims.

Claims (10)

1. a kind of method of terminal device secure accessing Internet of Things, it is characterised in that the terminal device secure accessing Internet of Things Method include:
The first heat transfer agent of FRID labels is read, calls one group of random number as signature key, encrypts the signature key, obtain To the first ciphertext;
The mark of the FRID labels is called, the mark and first ciphertext for sending the FRID labels are recognized to Internet of things system Card center;
First heat transfer agent is encrypted, the second ciphertext is obtained, and generate the digital signature of first heat transfer agent;
Second ciphertext and the digital signature are sent to the Internet of things system authentication center, so that the Internet of Things system First ciphertext, the second ciphertext and the digital signature are decrypted and sign test for system authentication center.
2. the method for terminal device secure accessing Internet of Things according to claim 1, it is characterised in that the reading FRID First heat transfer agent of label, calls one group of random number as signature key, encrypts the signature key, obtain the first ciphertext, Specifically include:
The first heat transfer agent of FRID labels is read, calls randomizer to produce one group of random number, the random number is made For signature key;
Call the key prestored to encrypt the signature key, generate the first ciphertext.
3. the method for terminal device secure accessing Internet of Things according to claim 1, it is characterised in that described in the encryption First heat transfer agent, obtains the second ciphertext, and generates the digital signature of first heat transfer agent, specifically includes:
Lightweight cryptographic algorithm is called, first heat transfer agent is encrypted into the second ciphertext;
Digest algorithm is called, the numeral for generating first heat transfer agent by the digest algorithm and the signature key is signed Name.
4. the method for the terminal device secure accessing Internet of Things according to claim any one of 1-3, it is characterised in that in institute Transmission second ciphertext and the digital signature are stated to the Internet of things system authentication center, so that the Internet of things system Authentication center first ciphertext, the second ciphertext and the digital signature are decrypted and sign test after, in addition to:
The mandate access information that Internet of things system authentication center sends is received, according to the mandate access information connection FRID labels Affiliated terminal device is to Internet of Things.
5. the method for terminal device secure accessing Internet of Things according to claim 4, it is characterised in that the terminal device The method of secure accessing Internet of Things also includes:
Internet of things system authentication center receives and stored the mark and the first ciphertext for the FRID labels that the FRID card reader is sent; And receive the second ciphertext and digital signature that the FRID card reader is sent;
Internet of things system authentication center decrypts first ciphertext and obtains signature key, and decrypts second ciphertext and obtain first Heat transfer agent;
Internet of things system authentication center is tested the digital signature by first heat transfer agent and the signature key Label, obtain sign test result, and judge whether to send mandate access information to the FRID card reader according to the sign test result.
6. a kind of system of terminal device secure accessing Internet of Things, it is characterised in that the terminal device secure accessing Internet of Things System include:FRID card reader, Internet of things system authentication center, wherein the FRID card reader includes:
First ciphering unit, the first heat transfer agent for reading FRID labels calls one group of random number as signature key, plus The close signature key, obtains the first ciphertext;
First transmitting element, the mark for calling the FRID labels sends the mark and described first of the FRID labels Ciphertext is to Internet of things system authentication center;
Second ciphering unit, for encrypting first heat transfer agent, obtains the second ciphertext, and generate first heat transfer agent Digital signature;
Second transmitting element, for sending second ciphertext and the digital signature into the Internet of things system certification The heart so that the Internet of things system authentication center first ciphertext, the second ciphertext and the digital signature are decrypted and Sign test.
7. the system of terminal device secure accessing Internet of Things according to claim 6, it is characterised in that first encryption Unit is specifically included:
Signature key generation module, the first heat transfer agent for reading FRID labels calls randomizer to produce one group Random number, regard the random number as signature key;
Signature key encrypting module, the key prestored for calling encrypts the signature key, generates the first ciphertext.
8. the system of terminal device secure accessing Internet of Things according to claim 6, it is characterised in that second encryption Unit is specifically included:
Second ciphertext generation module, for calling lightweight cryptographic algorithm, encrypts first heat transfer agent into the second ciphertext;
Digital signature generation module, for calling digest algorithm, institute is generated by the digest algorithm and the signature key State the digital signature of the first heat transfer agent.
9. the system of the terminal device secure accessing Internet of Things according to claim any one of 6-8, it is characterised in that described FRID card reader also includes:
Terminal device access unit, the mandate access information for receiving the transmission of Internet of things system authentication center, is awarded according to described The terminal device belonging to access information connection FRID labels is weighed to Internet of Things.
10. a kind of Internet of things system authentication center, it is characterised in that the Internet of things system authentication center includes:
Receiving unit, mark and the first ciphertext for receiving and storing the FRID labels that the FRID card reader is sent;And connect Receive the second ciphertext and digital signature that the FRID card reader is sent;
Decryption unit, signature key is obtained for decrypting first ciphertext, is decrypted second ciphertext and is obtained the first sensing letter Breath;
Authorize access information generation unit, for by first heat transfer agent and the signature key to the digital signature Sign test is carried out, sign test result is obtained;Judge whether to send according to the sign test result and authorize access information to the FRID Card Readers Device.
CN201710462756.1A 2017-06-16 2017-06-16 Method and system for terminal equipment to safely access Internet of things Active CN107231231B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201710462756.1A CN107231231B (en) 2017-06-16 2017-06-16 Method and system for terminal equipment to safely access Internet of things
PCT/CN2017/093224 WO2018227685A1 (en) 2017-06-16 2017-07-17 Method and system for secure access of terminal device to internet of things

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710462756.1A CN107231231B (en) 2017-06-16 2017-06-16 Method and system for terminal equipment to safely access Internet of things

Publications (2)

Publication Number Publication Date
CN107231231A true CN107231231A (en) 2017-10-03
CN107231231B CN107231231B (en) 2020-09-25

Family

ID=59935129

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710462756.1A Active CN107231231B (en) 2017-06-16 2017-06-16 Method and system for terminal equipment to safely access Internet of things

Country Status (2)

Country Link
CN (1) CN107231231B (en)
WO (1) WO2018227685A1 (en)

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109982309A (en) * 2019-03-19 2019-07-05 湘潭大学 Building microgrid electricity consumption data secure transmission technique based on RFID certification and Hybrid Encryption
CN110049019A (en) * 2019-03-26 2019-07-23 合肥工业大学 The medical internet of things equipment of active safety identifies and monitoring method
CN111132152A (en) * 2019-12-16 2020-05-08 成都三零瑞通移动通信有限公司 RFID (radio frequency identification) tag authentication method based on multi-layer secret key system
WO2020215679A1 (en) * 2019-04-25 2020-10-29 苏州车付通信息科技有限公司 System for encrypted communication between rfid tag and reader-writer
CN112702305A (en) * 2019-10-23 2021-04-23 中电智能科技有限公司 System access authentication method and device
CN112804214A (en) * 2020-12-31 2021-05-14 四川瑞霆电力科技有限公司 Perception layer data secure access method and system based on intelligent Internet of things
CN113965617A (en) * 2021-08-26 2022-01-21 天地融科技股份有限公司 Taxi taking method, device and system based on Internet of things
WO2022141600A1 (en) * 2020-12-31 2022-07-07 华为技术有限公司 Authentication method and communication apparatus

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102833260A (en) * 2012-09-05 2012-12-19 胡祥义 Password authentication method for internet of things by adopting security one-key management technology
CN103237302A (en) * 2013-03-28 2013-08-07 北京市科学技术情报研究所 Sensing information safety protection method for RFID (radio frequency identification) tags in Internet of Things
KR101721510B1 (en) * 2016-11-14 2017-04-11 에스지에이솔루션즈 주식회사 An Authentication Method for Privacy Protection in RFID Systems
US20170132504A1 (en) * 2015-11-06 2017-05-11 Bank Of America Corporation Radio Frequency Identification Activation

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102801722B (en) * 2012-08-09 2016-08-03 福建物联天下信息科技股份有限公司 Internet of Things authentication method and system
US10063374B2 (en) * 2015-05-31 2018-08-28 Massachusetts Institute Of Technology System and method for continuous authentication in internet of things

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102833260A (en) * 2012-09-05 2012-12-19 胡祥义 Password authentication method for internet of things by adopting security one-key management technology
CN103237302A (en) * 2013-03-28 2013-08-07 北京市科学技术情报研究所 Sensing information safety protection method for RFID (radio frequency identification) tags in Internet of Things
US20170132504A1 (en) * 2015-11-06 2017-05-11 Bank Of America Corporation Radio Frequency Identification Activation
KR101721510B1 (en) * 2016-11-14 2017-04-11 에스지에이솔루션즈 주식회사 An Authentication Method for Privacy Protection in RFID Systems

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
胡祥义等: "基于轻量级加密技术建立物联网感知层信息安全的解决方案", 《网络安全技术与应用》 *

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109982309A (en) * 2019-03-19 2019-07-05 湘潭大学 Building microgrid electricity consumption data secure transmission technique based on RFID certification and Hybrid Encryption
CN110049019A (en) * 2019-03-26 2019-07-23 合肥工业大学 The medical internet of things equipment of active safety identifies and monitoring method
CN110049019B (en) * 2019-03-26 2020-09-01 合肥工业大学 Active and safe medical Internet of things equipment identification and monitoring method
WO2020215679A1 (en) * 2019-04-25 2020-10-29 苏州车付通信息科技有限公司 System for encrypted communication between rfid tag and reader-writer
CN112702305A (en) * 2019-10-23 2021-04-23 中电智能科技有限公司 System access authentication method and device
CN112702305B (en) * 2019-10-23 2023-05-16 中电智能科技有限公司 System access authentication method and device
CN111132152A (en) * 2019-12-16 2020-05-08 成都三零瑞通移动通信有限公司 RFID (radio frequency identification) tag authentication method based on multi-layer secret key system
CN111132152B (en) * 2019-12-16 2023-04-07 成都三零瑞通移动通信有限公司 RFID (radio frequency identification) tag authentication method based on multi-layer secret key system
CN112804214A (en) * 2020-12-31 2021-05-14 四川瑞霆电力科技有限公司 Perception layer data secure access method and system based on intelligent Internet of things
WO2022141600A1 (en) * 2020-12-31 2022-07-07 华为技术有限公司 Authentication method and communication apparatus
CN113965617A (en) * 2021-08-26 2022-01-21 天地融科技股份有限公司 Taxi taking method, device and system based on Internet of things

Also Published As

Publication number Publication date
CN107231231B (en) 2020-09-25
WO2018227685A1 (en) 2018-12-20

Similar Documents

Publication Publication Date Title
CN107231231A (en) A kind of method and system of terminal device secure accessing Internet of Things
CN104217230B (en) The safety certifying method of hiding ultrahigh frequency electronic tag identifier
CN102831529B (en) A kind of commodity information identification method based on radio frequency and system
Juels RFID security and privacy: A research survey
CN102136079B (en) Dynamic authentication method between reader and tag card and implementing device thereof
CN101111853B (en) Device, method and system of control of data exchange
US8917159B2 (en) Fully secure item-level tagging
CN101847199B (en) Security authentication method for radio frequency recognition system
CN104115442A (en) RFID bidirectional authentication method based on asymmetric secret key and Hash function
CN102622624B (en) A kind of commodity counterfeit prevention identification system and method
Damghani et al. Investigating attacks to improve security and privacy in RFID systems using the security bit method
CN103532718A (en) Authentication method and authentication system
CN101945123A (en) RFID mobile phone and combination key technology-based authenticity identification method
CN101488179A (en) Authentication method and apparatus for wireless radio frequency recognition system
CN202870898U (en) Radio frequency-based commodity information identification system
CN104700125A (en) AES encryption and verification of ultra high frequency radio identification system
CN108694344A (en) A kind of cryptography electronic label
Rong et al. RFID security
CN106712952B (en) Radio frequency tag security identification method and system
KR100848791B1 (en) Tag data recording and obtaining method which security verification are capable, tag data recording and obtaining apparatus
CN201654814U (en) RFID (Radio Frequency Identification) system capable of safely communicating between tag reader-writer and tag
CN106778939A (en) Electronic tag sensor-based system
CN102867260A (en) Bluetooth-based commodity information identification method and system
CN109064197A (en) A kind of supply chain opening registration and Verification System and method based on block chain
Bilal Addressing security and privacy issues in low-cost RFID systems

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant