CN107231231A - A kind of method and system of terminal device secure accessing Internet of Things - Google Patents
A kind of method and system of terminal device secure accessing Internet of Things Download PDFInfo
- Publication number
- CN107231231A CN107231231A CN201710462756.1A CN201710462756A CN107231231A CN 107231231 A CN107231231 A CN 107231231A CN 201710462756 A CN201710462756 A CN 201710462756A CN 107231231 A CN107231231 A CN 107231231A
- Authority
- CN
- China
- Prior art keywords
- ciphertext
- internet
- heat transfer
- frid
- transfer agent
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 53
- 239000011551 heat transfer agent Substances 0.000 claims abstract description 201
- 238000001629 sign test Methods 0.000 claims abstract description 52
- 230000005540 biological transmission Effects 0.000 claims abstract description 32
- 238000012545 processing Methods 0.000 description 21
- 230000008569 process Effects 0.000 description 19
- 238000005516 engineering process Methods 0.000 description 8
- 238000003860 storage Methods 0.000 description 8
- 230000006870 function Effects 0.000 description 6
- 238000010168 coupling process Methods 0.000 description 4
- 238000005859 coupling reaction Methods 0.000 description 4
- 230000009471 action Effects 0.000 description 3
- 230000008901 benefit Effects 0.000 description 3
- 230000008859 change Effects 0.000 description 3
- 230000008878 coupling Effects 0.000 description 3
- 238000002834 transmittance Methods 0.000 description 3
- 238000013475 authorization Methods 0.000 description 2
- 238000004891 communication Methods 0.000 description 2
- 238000007726 management method Methods 0.000 description 2
- 238000004519 manufacturing process Methods 0.000 description 2
- 238000012544 monitoring process Methods 0.000 description 2
- 238000012163 sequencing technique Methods 0.000 description 2
- 238000004364 calculation method Methods 0.000 description 1
- 230000001010 compromised effect Effects 0.000 description 1
- 238000013480 data collection Methods 0.000 description 1
- 238000013523 data management Methods 0.000 description 1
- 230000007812 deficiency Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000005672 electromagnetic field Effects 0.000 description 1
- 230000014759 maintenance of location Effects 0.000 description 1
- 239000000463 material Substances 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 210000003516 pericardium Anatomy 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 238000001228 spectrum Methods 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H04B5/77—
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0822—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
Abstract
The present invention is applied to Internet of things system information security field, and there is provided a kind of method and system of terminal device secure accessing Internet of Things.Methods described includes:The first heat transfer agent of FRID labels is read, one group of random number is called as signature key, and encrypts the signature key, the first ciphertext is obtained;Call the mark of the FRID labels, send the mark and first ciphertext of the FRID labels to Internet of things system authentication center;First heat transfer agent is encrypted, the second ciphertext is obtained, and generate the digital signature of first heat transfer agent;Send second ciphertext and with the digital signature to the Internet of things system authentication center.FRID card reader is encrypted twice to sent information in the present embodiment, it is ensured that the safety transmission of information;The digital signature of the first heat transfer agent is generated, it is convenient that sign test subsequently is carried out to it, further ensure the security of the information received by Internet of things system authentication center.
Description
Technical field
The embodiment of the present invention belongs to Internet of things system information security field, more particularly to a kind of terminal device secure accessing thing
The method and system of networking.
Background technology
Internet of Things ITO (Internet of Things) is that all items are passed through REID (Radio
Frequency Identification, RFID), infrared inductor, global positioning system, the sensing equipment such as laser scanner,
According to the agreement of agreement, connected with internet, enter row information exchange and communicate, realize Weigh sensor, positioning, tracking,
Monitoring and management.Wherein, REID is a kind of automatic identification technology progressively moved to maturity from the eighties.Its source
In radio communication technology, it is identified by radio wave, combines modern computer intelligent control, Intelligent Recognition, contour
New technology work application electromagnetic field spectrum frequency, identification information specific is transmitted with noncontact, no visual, highly reliable mode.In recent years by
In the increasingly mature of large scale integrated circuit technology so that the volume of radio-frequency recognition system is greatly reduced, so that it is entered
Practical stage, and be widely used in technology of Internet of things.
Internet of Things application can be divided into sensing network, transmission network, three layers of application network, and system application flow can divide
For:Equipment or object are identified first, then realized to described equipment or object progress Weigh sensor, Weigh sensor
The task and purpose of method are just to provide on various articles, equipment even transportable biological information;In order to realize this
One purpose, can adhere to the letter that specification is store in RFID tag, RFID tag and has interoperability in various equipment or object
Breath, when needing these equipment or object access Internet of things system, equipment or thing are attached to by RFID card reader scanning
RFID tag on body, reads necessary information to be accessed in Internet of things system from the RFID tag.
Equipment or article are accessed with utilizing bar code by equipment access network by the method for Internet of things system by FRID technologies
Network, which is compared, has advantages below:During using FRID labels, data can be read through exterior material without observability requirement to label,
Therefore it can be worked under severe operating environment, service life is longer, information can be read simultaneously in bigger reading distance range
And multiple electronic tags can be read simultaneously, the time needed for reading and writing data is short.Although using RFID tag in Internet of things system
The various advantages of Shi Yongyou, but using heat transfer agent in RFID card reader acquisition RFID tag to be accessed during Internet of things system,
The heat transfer agent read directly is sent into Internet of things system to be verified, the guarantor to heat transfer agent is not present during this
Shield, accordingly, there exist heat transfer agent leakage or the danger being tampered.
The content of the invention
In view of the deficiencies in the prior art, the embodiments of the invention provide a kind of terminal device secure accessing Internet of Things
Method and system, it is intended in the method for solving existing terminal device access Internet of things system, the heat transfer agent of FRID labels
Easily it is compromised or distorts, so that it cannot be guaranteed that the problem of heat transfer agent is safe.
There is provided a kind of method of terminal device secure accessing Internet of Things, the terminal for first aspect of the embodiment of the present invention
The method of equipment safety access Internet of Things includes:
The first heat transfer agent of FRID labels is read, one group of random number is called as signature key, the signature is encrypted close
Key, obtains the first ciphertext;
Call the mark of the FRID labels, send the mark and first ciphertext of the FRID labels to Internet of Things system
Unite authentication center;
First heat transfer agent is encrypted, the second ciphertext is obtained, and generate the digital signature of first heat transfer agent;
Second ciphertext and the digital signature are sent to the Internet of things system authentication center, so that the Internet of Things
First ciphertext, the second ciphertext and the digital signature are decrypted and sign test at net system authentication center.
Preferably, the first heat transfer agent of the reading FRID labels, calls one group of random number as signature key, encryption
The signature key, obtains the first ciphertext, specifically includes:
The first heat transfer agent of FRID labels is read, calls randomizer to produce one group of random number, will be described random
Number is used as signature key;
Call the key prestored to encrypt the signature key, generate the first ciphertext.
Preferably, encryption first heat transfer agent, obtains the second ciphertext, and generate first heat transfer agent
Digital signature, is specifically included:
Lightweight cryptographic algorithm is called, first heat transfer agent is encrypted into the second ciphertext;
Digest algorithm is called, the number of first heat transfer agent is generated by the digest algorithm and the signature key
Word is signed.
Preferably, in the transmission second ciphertext and the digital signature into the Internet of things system certification
The heart so that the Internet of things system authentication center first ciphertext, the second ciphertext and the digital signature are decrypted and
After sign test, in addition to:
The mandate access information that Internet of things system authentication center sends is received, according to the mandate access information connection FRID
Terminal device belonging to label is to Internet of Things.
Preferably, the method for the terminal device secure accessing Internet of things system also includes:
Internet of things system authentication center receives and stored the mark and first for the FRID labels that the FRID card reader is sent
Ciphertext;And receive the second ciphertext and digital signature that the FRID card reader is sent;
Internet of things system authentication center decrypts first ciphertext and obtains signature key, and decrypts second ciphertext and obtain
First heat transfer agent;
Internet of things system authentication center is entered by first heat transfer agent and the signature key to the digital signature
Row sign test, obtains sign test result, and judge whether to send mandate access information to the FRID Card Readers according to the sign test result
Device.
There is provided a kind of system of terminal device secure accessing Internet of Things, the terminal for the second aspect of the embodiment of the present invention
The system of equipment safety access Internet of Things includes:FRID card reader, Internet of things system authentication center, wherein, the FRID Card Readers
Device includes:
First ciphering unit, the first heat transfer agent for reading FRID labels calls one group of random number close as signing
Key, encrypts the signature key, obtains the first ciphertext;
First transmitting element, the mark for calling the FRID labels sends the marks of the FRID labels and described
First ciphertext is to Internet of things system authentication center;
Second ciphering unit, for encrypting first heat transfer agent, obtains the second ciphertext, and generate first sensing
The digital signature of information;
Second transmitting element, for sending second ciphertext and the digital signature to the Internet of things system certification
Center, so that first ciphertext, the second ciphertext and the digital signature are decrypted for the Internet of things system authentication center
And sign test.
Preferably, first ciphering unit, is specifically included:
Signature key generation module, the first heat transfer agent for reading FRID labels, calls randomizer to produce
One group of random number, regard the random number as signature key;
Signature key encrypting module, the key prestored for calling encrypts the signature key, generates the first ciphertext.
Preferably, second ciphering unit, is specifically included:
Second ciphertext generation module, for calling lightweight cryptographic algorithm, encrypts first heat transfer agent close into second
Text;
Digital signature generation module, for calling digest algorithm, is given birth to by the digest algorithm and the signature key
Into the digital signature of first heat transfer agent.
Preferably, the FRID card reader also includes:
Terminal device access unit, the mandate access information for receiving the transmission of Internet of things system authentication center, according to institute
State and authorize the terminal device belonging to access information connection FRID labels to Internet of Things.
There is provided in Internet of things system certification described in a kind of Internet of things system authentication center for the third aspect of the embodiment of the present invention
Pericardium is included:
Receiving unit, mark and the first ciphertext for receiving and storing the FRID labels that the FRID card reader is sent;
And receive the second ciphertext and digital signature that the FRID card reader is sent;
Decryption unit, signature key is obtained for decrypting first ciphertext, is decrypted second ciphertext and is obtained the first biography
Feel information;
Authorize access information generation unit, for by first heat transfer agent and the signature key to the numeral
Signature carries out sign test, obtains sign test result;Judge whether to send according to the sign test result and authorize access information to the FRID
Card reader.
In embodiments of the present invention, FRID card reader is received after the first heat transfer agent of FRID labels, call one group with
Machine number generates first as the signature key corresponding with the first heat transfer agent of FRID labels after the signature key is encrypted
Ciphertext and the mark of the FRID labels are sent collectively to Internet of Things authentication center, are protected due to having carried out encryption to it before sending
The signature key is demonstrate,proved to be not modified in transmission process, and has been corresponded with the FRID labels;FRID card reader pair
The first heat transfer agent encryption the second ciphertext of generation obtained, and digital signature corresponding with first heat transfer agent is generated, with
Continue Internet of things system authentication center after an action of the bowels and corresponding signature key is selected to received according to the mark of the FRID labels
Information carries out sign test.Encryption system is formed in FRID card reader one end during this, to first before the first heat transfer agent is sent
Heat transfer agent and signature key are encrypted respectively, and encryption twice ensure that the safety transmission of information;Generate the first heat transfer agent
Digital signature, it is convenient that sign test subsequently is carried out to it, further ensure the information received by Internet of things system authentication center
Security.
Brief description of the drawings
Fig. 1 is FRID labels and FRID card reader operation principle schematic diagrams in the prior art;
Fig. 2 is a kind of flow chart of the method for terminal device secure accessing Internet of Things that first embodiment of the invention is provided;
Fig. 3 is a kind of flow chart of the method for terminal device secure accessing Internet of Things that second embodiment of the invention is provided;
Fig. 4 is a kind of flow chart of the method for terminal device secure accessing Internet of Things that third embodiment of the invention is provided;
Fig. 5 is a kind of information exchange signal for terminal device secure accessing Internet of Things that fourth embodiment of the invention is provided
Figure;
Fig. 6 is a kind of structural frames of the system for terminal device secure accessing Internet of Things that fourth embodiment of the invention is provided
Figure;
Embodiment
In order to make the purpose , technical scheme and advantage of the present invention be clearer, it is right below in conjunction with drawings and Examples
The present invention is further elaborated.It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, and
It is not used in the restriction present invention.
In order to illustrate technical solutions according to the invention, illustrated below by specific embodiment.
Embodiment one:
Internet of Things is passed by information such as radio frequency identification (RFID), infrared inductor, global positioning system, laser scanners
Feel equipment, by the agreement of agreement, any article is connected with internet, enter row information and exchange and communicate, to realize intellectuality
A kind of network concept of identification, positioning, tracking, monitoring and management.Wherein radio RF recognition technology general principle is to utilize to penetrate
Frequency signal and Space Coupling (inductance or electromagnetic coupled) transmission characteristic, realize the automatic identification to being identified object.Less radio-frequency
Identifying system is made up of electronic tag and the part of read write line (card reader) two as shown in figure 1, in its practical application, electronics mark
Label are attached to the surface or inside of identified object, and when the object passes through read write line sphere of action with label, read write line can
To be realized with the information of storage inside cordless reading electronic labels or by tentation data write-in electronic tag to band mark
Sign object automatic identification and the function of automatic data collection.The information being collected into is sent to data management system (thing by read write line
Networked system) it is that can be achieved various objects passing through network connection.But the information being collected into is sent to thing in read write line
There is the possibility that data leak or data are tampered during networked system, therefore, provide in the first embodiment of the invention
A kind of method of terminal device secure accessing Internet of Things, as shown in Fig. 2 wherein:
Step S21, reads the first heat transfer agent of FRID labels, calls one group of random number as signature key, encrypts institute
Signature key is stated, the first ciphertext is obtained;
In the step, the scanning of FRID card reader will access the RFID tag adhered on the terminal device of Internet of Things, read
The heat transfer agent included in RFID tag, i.e. the first heat transfer agent, first heat transfer agent include title, the type of terminal device
Number, terminal device for exclusive identification code, the opening information such as authority.According to first heat transfer agent, RFID is called to read
One group of random number in randomizer in card device, it is corresponding with first heat transfer agent to set the random number
Signature key.Because random number has randomness, all there is certain difference in the random number produced every time, therefore, be read in RFID
, can be with using a random number as the signature key of the heat transfer agent of group first when card device reads one group of first heat transfer agent
The first heat transfer agent is set to be corresponded with signature key.The signature key is sent to the authentication center of Internet of things system, uses
In checking subsequently to the true uniqueness of the first heat transfer agent.
In order to avoid signature key is tampered during sending to Internet of things system, the signature key is carried out first
Encryption is to generate the first ciphertext.The public key of the Internet of things system prestored is called to carry out the signature key during encryption
Encryption;The public key of the Internet of things system is stored in advance in the RFID card reader.Utilize the Internet of things system prestored
Public key the signature key is encrypted the first ciphertext of generation, sending the process of first ciphertext to Internet of things system
Even if in first ciphertext obtained by lack of competence terminal, because lack of competence terminal can not know the private key of Internet of things system, because
This, can not also obtain the information of the signature key in the first ciphertext, it is ensured that signature key in information exchanging process safety,
Uniqueness.
Preferably, the first heat transfer agent of the reading FRID labels, calls one group of random number as signature key, encryption
The signature key, obtains the first ciphertext, specifically includes:
The first heat transfer agent of FRID labels is read, calls randomizer to produce one group of random number, will be described random
Number is used as signature key;
Call the key prestored to encrypt the signature key, generate the first ciphertext.
Specifically, it is first in order that being capable of the carry out information transmission of safety between FRID card reader and Internet of Things authentication center
Encryption system first is set up in FRID card reader one end, when FRID card reader reads heat transfer agent, is called in encryption system
One group of random number that randomizer is produced, using the random number as corresponding with the first heat transfer agent that this reads
Signature key, the signature key is used for the follow-up sign test to the first heat transfer agent after processing.For the signature key of generation
Call the key prestored in encryption system that it is encrypted, generate the first ciphertext, during follow-up is transmitted
First ciphertext is sent, to ensure security of the signature key in information exchanging process.
Step S22, calls the mark of the FRID labels, send the mark and first ciphertext of the FRID labels to
Internet of things system authentication center;
In the step, after to signature key encryption the first ciphertext of generation, the mark of the FRID labels, the mark are called
Know for carrying out uniquely tagged to the FRID labels, and mark is generated together when FRID labels are generated, the mark is solid
It is scheduled on immutable in FRID labels.Can be merely when generating the mark of FRID labels be sorted using digital size is generated
The generation time of FRID labels and place, can also be combined the mark of generation FRID labels by the mark of FRID labels, such as right
The FRID labels produced in different company can mark the exclusive mark of company first, when then marking the generation of FRID labels again
Between, it can be in sequence labeled in behind the exclusive mark of company for the label that the same time generates and finally constitute FRID
The mark of label.When FRID labels are generated generate its mark, and identified be fixed on it is immutable in FRID labels, i.e.,
The uniquely tagged to FRID labels is formed, when by this FRID label VAS application -to-terminal service equipment and terminal device is connected to Internet of Things
After in net system, you can carry out unique mark to the terminal device in Internet of things system.
In the step, Internet of Things authentication center is arrived during the mark of FRID labels and the first ciphertext are sent, so as to follow-up thing
Networked system authentication center, which receives, calls the first corresponding ciphertext to carry out sign test to it during with the FRID label informations.
Step S23, encrypts first heat transfer agent, obtains the second ciphertext, and generate the number of first heat transfer agent
Word is signed;
In the step, in order that obtained the first heat transfer agent of FRID card reader be capable of safety be sent to Internet of things system
Authentication center, sets up encryption system at FRID card reader end first, and first heat transfer agent is encrypted.
Preferably, encryption first heat transfer agent, obtains the second ciphertext, and generate first heat transfer agent
Digital signature, is specifically included:
Lightweight cryptographic algorithm is called, the heat transfer agent is encrypted into the second ciphertext;
Digest algorithm is called, first heat transfer agent is encrypted with life by the digest algorithm and the signature key
Into the digital signature of the heat transfer agent.
Specifically, the first heat transfer agent obtained for FRID card reader, calls and is stored in advance in FRID card reader one end
Encryption system in lightweight cryptographic algorithm it is encrypted, lightweight cryptographic algorithm has that execution efficiency is high, calculate money
Source consumption is few, the features such as adaptable, and the lightweight cryptographic algorithm can be RC4 algorithms or block cipher in stream cipher
PRESENT algorithms in algorithm etc., are not limited herein;Can the first heat transfer agent that FRID card reader is obtained is encrypted
First heat transfer agent is judged in advance, if the first acquired heat transfer agent is not high for security requirement, or
Need that quickly it is encrypted, then the RC4 in the stream cipher prestored in FRID card reader encryption systems can be called to calculate
It is encrypted method, and for example FRID card reader is obtained to individual first heat transfer agent, it is necessary to enter in a short time to it simultaneously
Row processing, and the first heat transfer agent obtained is general to security requirement when carrying out message transmission, then can both call
RC4 algorithms in stream cipher are encrypted.If the first heat transfer agent that FRID card reader is obtained requires high in information transmission
Security, but can then call the PRESENT algorithms in block cipher that fortune is encrypted without particular/special requirement processing time
Calculate, to ensure its security.Further, the digest algorithm in FRID card reader encryption systems is called to believe from the described first sensing
Breath one hashed value of generation, digital signature is generated after the hashed value of generation is encrypted by signature key.
In the step, when the first heat transfer agent is encrypted, judged by the first heat transfer agent to acquisition,
Suitable lightweight encryption algorithm is selected, on the premise of transmission, FRID Card Readers can be improved safely ensureing the first heat transfer agent
Device is to the treatment effeciency of the first heat transfer agent received, and while the first heat transfer agent is encrypted, generation the
The digital signature of one heat transfer agent, to facilitate follow-up Internet of things system authentication center to the first heat transfer agent after the encryption of reception
Judgement and sign test.
Step S24, send the identifying of the FRID labels, second ciphertext and and the digital signature to the thing
Networked system authentication center, so that the Internet of things system authentication center solves to second ciphertext and the digital signature
Close and sign test.
In the step, FRID card reader will encrypt obtained the second ciphertext of the first heat transfer agent, digital signature and with institute
The mark for stating the corresponding FRID labels of heat transfer agent is sent to Internet of things system authentication center together.In transmission process, if
FRID card reader obtains the first heat transfer agent of multiple FRID labels and it is handled simultaneously, then according to presetting
Transmission rule to many parts handle after the first heat transfer agent be transmitted.
Alternatively, the rule set in advance that sends can be for by the power of the signal of the first acquired heat transfer agent
To send the first heat transfer agent after processing to Internet of Things authentication center;When the signal of first heat transfer agent is stronger, in certain journey
Illustrate that it is easier by access Internet of things system on degree, processing first is easily accessed the terminal device of Internet of things system, Ke Yijie
About the stand-by period of subsequent terminal equipment access, improve the access efficiency of access Internet of things system.The transmission set in advance
Rule can also be:The time-sequencing of the first heat transfer agent obtained according to FRID card reader senses to send first after processing
Information is to Internet of Things authentication center;On the FRID labels for a certain terminal device that FRID card reader is got for the very first time
First heat transfer agent, can be carried out such as step S21- steps S23 processing to it, relative to the end of rear acquisition immediately after the acquisition
The first heat transfer agent on the FRID labels of end equipment, can earlier transmission processing after result into Internet of things system certification
The heart, so as to reduce the processing task backlog of FRID card reader one end.Certainly sent also according to situation alternate selection above two
Rule.What kind of is specifically selected, which send rule, to be selected according to actual conditions, do not limited herein.In the step,
, can be according to reality when sending mark, the second ciphertext and the digital signature of FRID labels to the Internet of things system authentication center
The rule that border situation selection is sent, can both meet the need for terminal device quickly accesses Internet of things system or can reduce FRID readings
The task quantity of the first pending heat transfer agent of card device one end.
FRID card reader one end is set after encryption system, the first heat transfer agent for receiving FRID labels in the present embodiment,
Call the one group of random number produced in randomizer close as the signature corresponding with the first heat transfer agent of FRID labels
Key, the mark that the first ciphertext and the FRID labels are generated after the signature key is encrypted is sent collectively in Internet of Things certification
The heart, ensures that the signature key is not modified in transmission process due to having carried out encryption to it before sending, and with it is described
FRID labels are corresponded;For the terminal device of the Internet of things system to be accessed received, will from the terminal device pair
The first heat transfer agent encryption the second ciphertext of generation obtained in the FRID labels answered, and generate corresponding with first heat transfer agent
Digital signature, be sent to the identifying of the FRID labels, described second when Internet of things system authentication center is judged
Ciphertext and the digital signature are sent together, so as to mark of the follow-up Internet of things system authentication center according to the FRID labels
Corresponding signature key is selected to carry out sign test to received information.Encryption system is formed during this in FRID card reader one end
System, the first heat transfer agent and signature key are encrypted respectively before the first heat transfer agent is sent, and encryption twice ensure that letter
The safety transmission of breath;The digital signature of the first heat transfer agent is generated, it is convenient that sign test subsequently is carried out to it, further ensure Internet of Things
The security of information received by net system authentication center.
Embodiment two:
Fig. 3 shows a kind of flow of the method for terminal device secure accessing Internet of Things that second embodiment of the invention is provided
Figure, methods described as shown in Figure 3 includes:
Step S31, reads the first heat transfer agent of FRID labels, calls one group of random number as signature key, encrypts institute
Signature key is stated, the first ciphertext is obtained;
Step S32, calls the mark of the FRID labels, sends the mark and first ciphertext to Internet of things system
Authentication center;
Step S33, encrypts first heat transfer agent, obtains the second ciphertext, and generate the number of first heat transfer agent
Word is signed;
Step S34, send the identifying of the FRID labels, second ciphertext and and the digital signature to the thing
Networked system authentication center, so that the Internet of things system authentication center solves to second ciphertext and the digital signature
Close and sign test;
Wherein, step 31- steps 34 distinguish corresponding with step 21- steps 24 in embodiment one, will not be repeated here.
Step S35, receives the mandate access information that Internet of things system authentication center sends, according to the mandate access information
The terminal device belonging to FRID labels is connected to Internet of things system.
In the step, authorization terminal is sent by rear to received authentification of message in Internet of things system authentication center
Equipment access Internet of things system mandate access information, FRID card reader receive it is described mandate access information after call with it is described
The mark of the corresponding FRID labels of access information is authorized, is selected by the mark of the FRID labels and confirms that corresponding terminal is set
Standby access.The terminal device of Internet of things system authentication center to be accessed is confirmed by the mark of FRID labels, reduced
The probability of wrong access.
Embodiment three:
Fig. 4 shows a kind of flow of the method for terminal device secure accessing Internet of Things that third embodiment of the invention is provided
Figure, details are as follows:
Step S41, Internet of things system authentication center receives and stored the mark for the FRID labels that the FRID card reader is sent
Know and the first ciphertext;And receive the second ciphertext and digital signature that the FRID card reader is sent;
In the step, Internet of things system authentication center receives the mark and for the FRID labels that the FRID card reader is sent
One ciphertext, and the mark and the first ciphertext of the FRID labels are stored in memory, in the mark to the FRID labels
When being stored with the first ciphertext, analyze the mark of the FRID labels, according to the FRID labels mark it is different classes of
Classification is stored.For example on areal terminal device accompanying label according to the manufacturer of the mark of FRID labels not
Classified with storage of being classified, or according to the equipment accompanying by FRID labels;Specifically to Internet of things system authentication center
The classification storage method of the first heat transfer agent after the processing received is not limited.The mark of FRID labels is contributed to quickly
The mark for finding the FRID labels to be called, and then the corresponding signature key of quick calling.
Step S42, Internet of things system authentication center decrypts first ciphertext and obtains signature key, and decrypts described second
Ciphertext obtains the first heat transfer agent;
Specifically, the decryption of Internet of Things authentication center is received the first ciphertext and the second ciphertext, respectively obtain signature key
With the first heat transfer agent, the FRID for being collectively stored in Internet of things system authentication center with the first ciphertext is called to mark first before decryption
The mark of label and be sent collectively to the second ciphertext Internet of things system authentication center FRID labels mark, contrast the two whether
Unanimously, when the two is consistent, illustrate that the first ciphertext and the second ciphertext to be decrypted belongs to the information of a FRID label.Then
The first ciphertext and the second ciphertext that belong to a FRID label are decrypted again.
Step S43, Internet of things system authentication center is by first heat transfer agent and the signature key to the number
Word signature carries out sign test, obtains sign test result, and judge whether to send mandate access information described according to the sign test result
FRID card reader.
Specifically, decryption is obtained after the first heat transfer agent and signature key, is called and is stored in advance in Internet of things system certification
The digest algorithm at center calculates one group of hashed value of first heat transfer agent, is clear describe referred to here as the hashed value
For the first hashed value;Sign test is carried out to the digital signature by the signature key and equally draws one group of hashed value, is called
Second hashed value;Contrast the first hashed value whether identical with the second hashed value, when the two is identical, illustrate and the second hashed value pair
The digital signature answered is generated by the first heat transfer agent corresponding with the first hashed value, and first heat transfer agent is being passed
It is not tampered with during passing, so as to complete the sign test to the digital signature.It is raw when first heat transfer agent is not tampered with
The mandate incoming instruction of Internet of things system is accessed into the corresponding FRID labels of first heat transfer agent are authorized, and sends described
Incoming instruction is authorized to FRID card reader, to ensure the access Internet of things system of the FRID tag securities.
Internet of things system center is to the firstth ciphertext, the second ciphertext and the digital signature that receive in the embodiment of the present invention
It is decrypted respectively and sign test, first determines whether whether the first ciphertext and the second ciphertext belong to the letter of a FRID label during decryption
Breath, is then decrypted, it is ensured that the signature key and the first heat transfer agent after decryption are corresponding again;Because digital signature is represented
The feature of file, file is in the event of changing, and digital signature will also change, therefore by the sign test to digital signature,
Both it ensure that digital signature and the first heat transfer agent came from same FRID labels, the first heat transfer agent of the receiving can ensure that again
Integrality and primitiveness.So as to reaffirm the security of the first heat transfer agent transmittance process.
Example IV:
Fig. 5 shows a kind of information exchange figure of above-mentioned terminal device secure accessing Internet of things system, and details are as follows:
In step s 51, FRID card reader obtains the first heat transfer agent in FRID labels, and calls one group of random number work
For signature key;
FRID card reader passes through scanning or sense for the terminal device of Internet of things system to be accessed in embodiments of the present invention
Know that FRID labels obtain the first heat transfer agent, one group of random number work is then obtained from the randomizer in FRID card reader
For signature key corresponding with the first acquired heat transfer agent.
In step S52, FRID card reader encrypts the signature key and obtains the first ciphertext, and calls the mark of FRID labels
Know;
FRID card reader is encrypted to the signature key by the key prestored and obtained in the embodiment of the present invention
First ciphertext, to ensure security of the signature key in information exchanging process;Then the mark of FRID labels is called, it is described
The mark of FRID labels is used to carry out uniquely tagged to FRID labels.
In step S53, FRID card reader sends the FRID labels and first ciphertext to Internet of things system certification
Center;
FRID card reader is with Internet of things system authentication center by wireless connection, and alternatively, above-mentioned wireless connection can be
Based on infrared, bluetooth, Wireless Fidelity (Wireless-Fidelity, Wi-Fi), ZigBee protocol (Zigbee) or chirp agreement
Connection, wherein, above-mentioned chirp agreement is a kind of Internet of Things fidonetFido of lightweight, based on above-mentioned chirp agreement propagate data be
Chirp data, above-mentioned chirp data only comprising minimum expense load, transmission directional arrow, simple nonuniqueness address and
It is suitable to verify and be a kind of lightweight, propagate extensive packet.Certainly, FRID card reader can also pass through other sides
Formula is connected with Internet of things system authentication center, is not construed as limiting herein.
In step S54, Internet of things system authentication center receives and stores the mark and described first of the FRID labels
Ciphertext;
In step S55, FRID card reader is encrypted to first heat transfer agent and obtains the second ciphertext, and generates institute
State the digital signature of the first heat transfer agent;
FRID card reader is encrypted and obtains the second ciphertext first to the first acquired heat transfer agent in the present embodiment, and
The digital signature of first heat transfer agent is obtained, wherein described first passes information by FRID card reader by scanning or perceiving
FRID labels are obtained.Specific ciphering process can refer to above-mentioned steps S23 implementation process, and here is omitted.
In step S56, FRID card reader sends the FRID labels, second ciphertext and the digital signature to thing
Networked system authentication center;Information exchanging process is repeated no more with reference to the implementation process of above-mentioned steps 53 in the step.
In step S57, stored the first ciphertext is decrypted by Internet of Things authentication center, and the second ciphertext to receiving and
Digital signature is decrypted and sign test;Sign test by when generation authorize access information;
In the embodiment of the present invention, Internet of things system authentication center decrypts the first ciphertext and obtains signature key first, then solves
Close second ciphertext obtains the first heat transfer agent, and digital signature is entered by resulting the first signature key and the first heat transfer agent
Row sign test, to confirm the primitiveness of the first heat transfer agent.To the digital signature sign test by when, generate authorization terminal equipment
Access the mandate access information of Internet of Things authentication center.
In step S58, Internet of things system authentication center, which sends, authorizes access information to FRID card reader;
In step S59, FRID card reader is according to received mandate access information, connection terminal device to Internet of Things
System.
As can be seen here, in the embodiment of the present invention, by being sensed to acquired first at FRID card reader end and signing close
Key is encrypted respectively, and obtains the signature key of the first heat transfer agent, then sends the information after encryption and digital signature
Decryption twice is carried out to Internet of things system authentication center, then by Internet of things system authentication center and to the sign test of digital signature, than
Bag saves security when FRID card reader carries out information transmission to the first heat transfer agent of acquisition, it is ensured that terminal device secure accessing
Internet of things system.
It should be understood that in embodiments of the present invention, the size of the sequence number of above-mentioned each process is not meant to the elder generation of execution sequence
Afterwards, the execution sequence of each process should be determined with its function and internal logic, the implementation process structure without tackling the embodiment of the present invention
Limited into any.
Embodiment five:
Fig. 6 shows that fifth embodiment of the invention provides a kind of structural frames of the system of terminal device secure accessing Internet of Things
Figure, for convenience of description, illustrate only the part related to the embodiment of the present invention.
As shown in fig. 6, a kind of system of terminal device secure accessing Internet of things system includes:FRID card reader 61,
Internet of things system authentication center 62, wherein the FRID card reader includes:First ciphering unit 611, the first transmitting element 612,
Second ciphering unit 613, the second transmitting element 614, wherein:
First ciphering unit 611, the first heat transfer agent for reading FRID labels calls one group of random number as signature
Key, encrypts the signature key, obtains the first ciphertext;
Specifically, FRID card reader scanning will access the RFID tag adhered on the terminal device of Internet of Things, read RFID
The heat transfer agent included in label, i.e. the first heat transfer agent, the title of first heat transfer agent including terminal device, model,
Terminal device for exclusive identification code, the opening information such as authority.According to the first heat transfer agent, call in RFID card reader
Randomizer in one group of random number, set the random number close for the signature corresponding with first heat transfer agent
Key.Because random number has randomness, all there is certain difference in the random number produced every time, therefore, be read in RFID card reader
When getting one group of first heat transfer agent, using a random number as the signature key of the heat transfer agent of group first, first can be made
Heat transfer agent is corresponded with signature key.The signature key is sent to the authentication center of Internet of things system, for follow-up
Checking to the true uniqueness of the first heat transfer agent.
In order to avoid signature key is tampered during sending to Internet of things system, the signature key is carried out first
Encryption is to generate the first ciphertext.The public key of the Internet of things system prestored is called to carry out the signature key during encryption
Encryption;The public key of the Internet of things system is stored in advance in the RFID card reader.Utilize the Internet of things system prestored
Public key the signature key is encrypted the first ciphertext of generation, sending the process of first ciphertext to Internet of things system
Even if in first ciphertext obtained by lack of competence terminal, because lack of competence terminal can not know the private key of Internet of things system, because
This, can not also obtain the information of the signature key in the first ciphertext, it is ensured that signature key in information exchanging process safety,
Uniqueness.
Preferably, first ciphering unit 612, is specifically included:
Signature key generation module, the first heat transfer agent for reading FRID labels, calls randomizer to produce
One group of random number, regard the random number as signature key;
Signature key encrypting module, the key prestored for calling encrypts the signature key, generates the first ciphertext.
Specifically, it is first in order that being capable of the carry out information transmission of safety between FRID card reader and Internet of Things authentication center
Encryption system first is set up in FRID card reader one end, when FRID card reader reads heat transfer agent, is called in encryption system
One group of random number that randomizer is produced, using the random number as corresponding with the first heat transfer agent that this reads
Signature key, the signature key is used for the follow-up sign test to the first heat transfer agent after processing.For the signature key of generation
Call the key prestored in encryption system that it is encrypted, generate the first ciphertext, during follow-up is transmitted
First ciphertext is sent, to ensure security of the signature key in information exchanging process.
First transmitting element 612, the mark for calling the FRID labels sends mark and the institute of the FRID labels
The first ciphertext is stated to Internet of things system authentication center;
Specifically, after to signature key encryption the first ciphertext of generation, the mark of the FRID labels, the mark are called
For carrying out uniquely tagged to the FRID labels, and mark is generated together when FRID labels are generated, the mark is fixed
It is immutable in FRID labels.Can be merely when generating the mark of FRID labels be sorted using digital size is generated
The generation time of FRID labels and place, can also be combined the mark of generation FRID labels by the mark of FRID labels, such as right
The FRID labels produced in different company can mark the exclusive mark of company first, when then marking the generation of FRID labels again
Between, it can be in sequence labeled in behind the exclusive mark of company for the label that the same time generates and finally constitute FRID
The mark of label.When FRID labels are generated generate its mark, and identified be fixed on it is immutable in FRID labels, i.e.,
The uniquely tagged to FRID labels is formed, in terminal device during this FRID label is applied to and terminal device is connected to thing
After in networked system, you can carry out unique mark to the terminal device in Internet of things system.
Arrive Internet of Things authentication center, in the mark of FRID labels and the first ciphertext being sent in the embodiment of the present invention with after an action of the bowels
Continuous things system net authentication center, which receives, calls the first corresponding ciphertext to carry out it during with the FRID label informations
Sign test.
Second ciphering unit 613, for encrypting first heat transfer agent, obtains the second ciphertext, and generate described first
The digital signature of heat transfer agent;
In order that obtained the first heat transfer agent of FRID card reader be capable of safety be sent to Internet of things system authentication center,
Encryption system is set up at FRID card reader end first, first heat transfer agent is encrypted.
Preferably, second ciphering unit 613, is specifically included:
Second ciphertext generation module, for calling lightweight cryptographic algorithm, encrypts first heat transfer agent close into second
Text;
Digital signature generation module, for calling digest algorithm, is given birth to by the digest algorithm and the signature key
Into the digital signature of first heat transfer agent.
Specifically, the first heat transfer agent obtained for FRID card reader, calls and is stored in advance in FRID card reader one end
Encryption system in lightweight cryptographic algorithm it is encrypted, lightweight cryptographic algorithm has that execution efficiency is high, calculate money
Source consumption is few, the features such as adaptable, and the lightweight cryptographic algorithm can be RC4 algorithms or block cipher in stream cipher
PRESENT algorithms in algorithm etc., are not limited herein;Can the first heat transfer agent that FRID card reader is obtained is encrypted
First heat transfer agent is judged in advance, if the first acquired heat transfer agent is not high for security requirement, or
Need that quickly it is encrypted, then the RC4 in the stream cipher prestored in FRID card reader encryption systems can be called to calculate
It is encrypted method, and for example FRID card reader is obtained to individual first heat transfer agent, it is necessary to enter in a short time to it simultaneously
Row processing, and the first heat transfer agent obtained is general to security requirement when carrying out message transmission, then can both call
RC4 algorithms in stream cipher are encrypted.If the first heat transfer agent that FRID card reader is obtained requires high in information transmission
Security, but can then call the PRESENT algorithms in block cipher that fortune is encrypted without particular/special requirement processing time
Calculate, to ensure its security.Further, the digest algorithm in FRID card reader encryption systems is called to believe from the described first sensing
Breath one hashed value of generation, digital signature is generated after the hashed value of generation is encrypted by signature key.
In the embodiment of the present invention when the first heat transfer agent is encrypted, carried out by the first heat transfer agent to acquisition
Judge, select suitable lightweight encryption algorithm, on the premise of transmission, FRID can be improved safely ensureing the first heat transfer agent
Card reader is given birth to the treatment effeciency of the first heat transfer agent received, and while the first heat transfer agent is encrypted
Into the digital signature of the first heat transfer agent, to facilitate follow-up Internet of things system authentication center to the first sensing after the encryption of reception
The judgement of information and sign test.
Second transmitting element 614, for sending second ciphertext and the digital signature to the Internet of things system
Authentication center, so that the Internet of things system authentication center is carried out to first ciphertext, the second ciphertext and the digital signature
Decryption and sign test.
In the step, FRID card reader will encrypt obtained the second ciphertext of the first heat transfer agent, digital label and with institute
The mark for stating the corresponding FRID labels of heat transfer agent is sent to Internet of things system authentication center together.In transmission process, if
FRID card reader obtains the first heat transfer agent of multiple FRID labels and it is handled simultaneously, then according to presetting
Transmission rule to many parts handle after the first heat transfer agent be transmitted.
Alternatively, the rule set in advance that sends can be for by the power of the signal of the first acquired heat transfer agent
To send the first heat transfer agent after processing to Internet of Things authentication center;When the signal of first heat transfer agent is stronger, in certain journey
Illustrate that it is easier by access Internet of things system on degree, processing first is easily accessed the terminal device of Internet of things system, Ke Yijie
About the stand-by period of subsequent terminal equipment access, improve the access efficiency of access Internet of things system.The transmission set in advance
Rule can also be:The time-sequencing of the first heat transfer agent obtained according to FRID card reader senses to send first after processing
Information is to Internet of Things authentication center;On the FRID labels for a certain terminal device that FRID card reader is got for the very first time
First heat transfer agent, can be carried out such as step S21- steps S23 processing to it, relative to the end of rear acquisition immediately after the acquisition
The first heat transfer agent on the FRID labels of end equipment, can earlier transmission processing after result into Internet of things system certification
The heart, so as to reduce the processing task backlog of FRID card reader one end.Certainly sent also according to situation alternate selection above two
Rule.What kind of is specifically selected, which send rule, to be selected according to actual conditions, do not limited herein.In the step,
, can be according to reality when sending mark, the second ciphertext and the digital signature of FRID labels to the Internet of things system authentication center
The rule that border situation selection is sent, can both meet the need for terminal device quickly accesses Internet of things system or can reduce FRID readings
The task quantity of the first pending heat transfer agent of card device one end.
FRID card reader one end is set after encryption system, the first heat transfer agent for receiving FRID labels in the present embodiment,
Call the one group of random number produced in randomizer close as the signature corresponding with the first heat transfer agent of FRID labels
Key, the mark that the first ciphertext and the FRID labels are generated after the signature key is encrypted is sent collectively in Internet of Things certification
The heart, ensures that the signature key is not modified in transmission process due to having carried out encryption to it before sending, and with it is described
FRID labels are corresponded;For the terminal device of the Internet of things system to be accessed received, will from the terminal device pair
The first heat transfer agent encryption the second ciphertext of generation obtained in the FRID labels answered, and generate corresponding with first heat transfer agent
Digital signature, be sent to the identifying of the FRID labels, described second when Internet of things system authentication center is judged
Ciphertext and the digital signature are sent together, so as to mark of the follow-up Internet of things system authentication center according to the FRID labels
Corresponding signature key is selected to carry out sign test to received information.Encryption system is formed during this in FRID card reader one end
System, the first heat transfer agent and signature key are encrypted respectively before the first heat transfer agent is sent, and encryption twice ensure that letter
The safety transmission of breath;The digital signature of the first heat transfer agent is generated, it is convenient that sign test subsequently is carried out to it, further ensure Internet of Things
The security of information received by net system authentication center.
Optionally, the FRID card reader, in addition to:
Terminal device access unit, the mandate access information for receiving the transmission of Internet of things system authentication center, according to institute
State and authorize the terminal device belonging to access information connection FRID labels to Internet of things system.
In the present embodiment, received authentification of message is sent and authorized eventually by rear in Internet of things system authentication center
End equipment accesses the mandate access information of Internet of things system, and FRID card reader is called and institute after receiving the mandate access information
The mark for authorizing the corresponding FRID labels of access information is stated, is selected by the mark of the FRID labels and confirms corresponding terminal
The access of equipment.The terminal device of Internet of things system authentication center to be accessed is confirmed by the mark of FRID labels, subtracted
The probability of wrong access is lacked.
The Internet of things system authentication center includes:Receiving unit 621, decryption unit 622, mandate access information generation are single
Member 623, wherein:
Receiving unit 621, the mark and first for receiving and storing the FRID labels that the FRID card reader is sent is close
Text;And receive the second ciphertext and digital signature that the FRID card reader is sent;
In the embodiment of the present invention, Internet of things system authentication center receives the mark for the FRID labels that the FRID card reader is sent
Know and the first ciphertext, and the mark and the first ciphertext of the FRID labels are stored in memory, to the FRID labels
Mark and the first ciphertext when being stored, analyze the mark of the FRID labels, according to the FRID labels mark not
Generic classification is stored.For example on areal terminal device accompanying label is according to the production of the mark of FRID labels
The different storages of being classified of producer, or classified according to the equipment accompanying by FRID labels;Specifically Internet of things system is recognized
The classification storage method of the first heat transfer agent after the processing that card center is received is not limited.The mark of FRID labels is helped
In the mark for quickly finding the FRID labels to be called, and then the corresponding signature key of quick calling.
Decryption unit 622, signature key is obtained for decrypting first ciphertext, is decrypted second ciphertext and is obtained first
Heat transfer agent;
In the embodiment of the present invention, the first ciphertext and the second ciphertext that the decryption of Internet of Things authentication center is received are respectively obtained
Signature key and the first heat transfer agent, call and are collectively stored in Internet of things system authentication center with the first ciphertext first before decryption
FRID labels mark and be sent collectively to the second ciphertext Internet of things system authentication center FRID labels mark, contrast
Whether the two consistent, when the two is consistent, illustrates that the first ciphertext and the second ciphertext to be decrypted belongs to FRID label
Information.Then the first ciphertext and the second ciphertext that belong to a FRID label are decrypted again.
Authorize access information generation unit 623, for by first heat transfer agent and the signature key to described
Digital signature carries out sign test, obtains sign test result;Judge whether to send according to the sign test result and authorize access information described in
FRID card reader.
During the present invention is implemented, decryption is obtained after the first heat transfer agent and signature key, is called and is stored in advance in Internet of Things system
The digest algorithm of system authentication center calculates one group of hashed value of first heat transfer agent, is clear describe referred to here as described
Hashed value is the first hashed value;Sign test is carried out to the digital signature by the signature key and equally draws one group of hashed value,
It is called the second hashed value;Contrast the first hashed value whether identical with the second hashed value, when the two is identical, illustrate to dissipate with second
The corresponding digital signature of train value is generated by the first heat transfer agent corresponding with the first hashed value, and the first sensing letter
Breath is not tampered with transmittance process, so as to complete the sign test to the digital signature.Do not usurped in first heat transfer agent
When changing, generation authorizes the mandate incoming instruction that the corresponding FRID labels of first heat transfer agent access Internet of things system, and
The mandate incoming instruction is sent to FRID card reader, to ensure the access Internet of things system of the FRID tag securities.
Internet of things system center is to the firstth ciphertext, the second ciphertext and the digital signature that receive in the embodiment of the present invention
It is decrypted respectively and sign test, first determines whether whether the first ciphertext and the second ciphertext belong to the letter of a FRID label during decryption
Breath, is then decrypted, it is ensured that the signature key and the first heat transfer agent after decryption are corresponding again;Because digital signature is represented
The feature of file, file is in the event of changing, and digital signature will also change, therefore by the sign test to digital signature,
Both it ensure that digital signature and the first heat transfer agent came from same FRID labels, the first heat transfer agent of the receiving can ensure that again
Integrality and primitiveness.So as to reaffirm the security of the first heat transfer agent transmittance process.
Those of ordinary skill in the art are it is to be appreciated that the list of each example described with reference to the embodiments described herein
Member and algorithm steps, can be realized with the combination of electronic hardware or computer software and electronic hardware.These functions are actually
Performed with hardware or software mode, depending on the application-specific and design constraint of technical scheme.Professional and technical personnel
Described function can be realized using distinct methods to each specific application, but this realization is it is not considered that exceed
The scope of the present invention.
It is apparent to those skilled in the art that, for convenience and simplicity of description, the system of foregoing description,
The specific work process of device and unit, may be referred to the corresponding process in preceding method embodiment, will not be repeated here.
, can be with several embodiments provided herein, it should be understood that disclosed systems, devices and methods
Realize by another way.For example, device embodiment described above is only schematical, for example, the unit
Divide, only a kind of division of logic function there can be other dividing mode when actually realizing, such as multiple units or component
Another system can be combined or be desirably integrated into, or some features can be ignored, or do not perform.It is another, it is shown or
The coupling each other discussed or direct-coupling or communication connection can be the indirect couplings of device or unit by some interfaces
Close or communicate to connect, can be electrical, machinery or other forms.
The unit illustrated as separating component can be or may not be it is physically separate, it is aobvious as unit
The part shown can be or may not be physical location, you can with positioned at a place, or can also be distributed to multiple
On NE.Some or all of unit therein can be selected to realize the mesh of this embodiment scheme according to the actual needs
's.
In addition, each functional unit in each embodiment of the invention can be integrated in a processing unit, can also
That unit is individually physically present, can also two or more units it is integrated in a unit.
If the function is realized using in the form of SFU software functional unit and is used as independent production marketing or in use, can be with
It is stored in a computer read/write memory medium.Understood based on such, technical scheme is substantially in other words
The part contributed to prior art or the part of the technical scheme can be embodied in the form of software product, the meter
Calculation machine software product is stored in a storage medium, including some instructions are to cause a computer equipment (can be individual
People's computer, server, or network equipment etc.) perform all or part of step of each of the invention embodiment methods described.
And foregoing storage medium includes:USB flash disk, mobile hard disk, read-only storage (ROM, Read-Only Memory), arbitrary access are deposited
Reservoir (RAM, Random Access Memory), magnetic disc or CD etc. are various can be with the medium of store program codes.
The foregoing is only a specific embodiment of the invention, but protection scope of the present invention is not limited thereto, any
Those familiar with the art the invention discloses technical scope in, change or replacement can be readily occurred in, should all be contained
Cover within protection scope of the present invention.Therefore, protection scope of the present invention described should be defined by scope of the claims.
Claims (10)
1. a kind of method of terminal device secure accessing Internet of Things, it is characterised in that the terminal device secure accessing Internet of Things
Method include:
The first heat transfer agent of FRID labels is read, calls one group of random number as signature key, encrypts the signature key, obtain
To the first ciphertext;
The mark of the FRID labels is called, the mark and first ciphertext for sending the FRID labels are recognized to Internet of things system
Card center;
First heat transfer agent is encrypted, the second ciphertext is obtained, and generate the digital signature of first heat transfer agent;
Second ciphertext and the digital signature are sent to the Internet of things system authentication center, so that the Internet of Things system
First ciphertext, the second ciphertext and the digital signature are decrypted and sign test for system authentication center.
2. the method for terminal device secure accessing Internet of Things according to claim 1, it is characterised in that the reading FRID
First heat transfer agent of label, calls one group of random number as signature key, encrypts the signature key, obtain the first ciphertext,
Specifically include:
The first heat transfer agent of FRID labels is read, calls randomizer to produce one group of random number, the random number is made
For signature key;
Call the key prestored to encrypt the signature key, generate the first ciphertext.
3. the method for terminal device secure accessing Internet of Things according to claim 1, it is characterised in that described in the encryption
First heat transfer agent, obtains the second ciphertext, and generates the digital signature of first heat transfer agent, specifically includes:
Lightweight cryptographic algorithm is called, first heat transfer agent is encrypted into the second ciphertext;
Digest algorithm is called, the numeral for generating first heat transfer agent by the digest algorithm and the signature key is signed
Name.
4. the method for the terminal device secure accessing Internet of Things according to claim any one of 1-3, it is characterised in that in institute
Transmission second ciphertext and the digital signature are stated to the Internet of things system authentication center, so that the Internet of things system
Authentication center first ciphertext, the second ciphertext and the digital signature are decrypted and sign test after, in addition to:
The mandate access information that Internet of things system authentication center sends is received, according to the mandate access information connection FRID labels
Affiliated terminal device is to Internet of Things.
5. the method for terminal device secure accessing Internet of Things according to claim 4, it is characterised in that the terminal device
The method of secure accessing Internet of Things also includes:
Internet of things system authentication center receives and stored the mark and the first ciphertext for the FRID labels that the FRID card reader is sent;
And receive the second ciphertext and digital signature that the FRID card reader is sent;
Internet of things system authentication center decrypts first ciphertext and obtains signature key, and decrypts second ciphertext and obtain first
Heat transfer agent;
Internet of things system authentication center is tested the digital signature by first heat transfer agent and the signature key
Label, obtain sign test result, and judge whether to send mandate access information to the FRID card reader according to the sign test result.
6. a kind of system of terminal device secure accessing Internet of Things, it is characterised in that the terminal device secure accessing Internet of Things
System include:FRID card reader, Internet of things system authentication center, wherein the FRID card reader includes:
First ciphering unit, the first heat transfer agent for reading FRID labels calls one group of random number as signature key, plus
The close signature key, obtains the first ciphertext;
First transmitting element, the mark for calling the FRID labels sends the mark and described first of the FRID labels
Ciphertext is to Internet of things system authentication center;
Second ciphering unit, for encrypting first heat transfer agent, obtains the second ciphertext, and generate first heat transfer agent
Digital signature;
Second transmitting element, for sending second ciphertext and the digital signature into the Internet of things system certification
The heart so that the Internet of things system authentication center first ciphertext, the second ciphertext and the digital signature are decrypted and
Sign test.
7. the system of terminal device secure accessing Internet of Things according to claim 6, it is characterised in that first encryption
Unit is specifically included:
Signature key generation module, the first heat transfer agent for reading FRID labels calls randomizer to produce one group
Random number, regard the random number as signature key;
Signature key encrypting module, the key prestored for calling encrypts the signature key, generates the first ciphertext.
8. the system of terminal device secure accessing Internet of Things according to claim 6, it is characterised in that second encryption
Unit is specifically included:
Second ciphertext generation module, for calling lightweight cryptographic algorithm, encrypts first heat transfer agent into the second ciphertext;
Digital signature generation module, for calling digest algorithm, institute is generated by the digest algorithm and the signature key
State the digital signature of the first heat transfer agent.
9. the system of the terminal device secure accessing Internet of Things according to claim any one of 6-8, it is characterised in that described
FRID card reader also includes:
Terminal device access unit, the mandate access information for receiving the transmission of Internet of things system authentication center, is awarded according to described
The terminal device belonging to access information connection FRID labels is weighed to Internet of Things.
10. a kind of Internet of things system authentication center, it is characterised in that the Internet of things system authentication center includes:
Receiving unit, mark and the first ciphertext for receiving and storing the FRID labels that the FRID card reader is sent;And connect
Receive the second ciphertext and digital signature that the FRID card reader is sent;
Decryption unit, signature key is obtained for decrypting first ciphertext, is decrypted second ciphertext and is obtained the first sensing letter
Breath;
Authorize access information generation unit, for by first heat transfer agent and the signature key to the digital signature
Sign test is carried out, sign test result is obtained;Judge whether to send according to the sign test result and authorize access information to the FRID Card Readers
Device.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710462756.1A CN107231231B (en) | 2017-06-16 | 2017-06-16 | Method and system for terminal equipment to safely access Internet of things |
PCT/CN2017/093224 WO2018227685A1 (en) | 2017-06-16 | 2017-07-17 | Method and system for secure access of terminal device to internet of things |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710462756.1A CN107231231B (en) | 2017-06-16 | 2017-06-16 | Method and system for terminal equipment to safely access Internet of things |
Publications (2)
Publication Number | Publication Date |
---|---|
CN107231231A true CN107231231A (en) | 2017-10-03 |
CN107231231B CN107231231B (en) | 2020-09-25 |
Family
ID=59935129
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710462756.1A Active CN107231231B (en) | 2017-06-16 | 2017-06-16 | Method and system for terminal equipment to safely access Internet of things |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN107231231B (en) |
WO (1) | WO2018227685A1 (en) |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109982309A (en) * | 2019-03-19 | 2019-07-05 | 湘潭大学 | Building microgrid electricity consumption data secure transmission technique based on RFID certification and Hybrid Encryption |
CN110049019A (en) * | 2019-03-26 | 2019-07-23 | 合肥工业大学 | The medical internet of things equipment of active safety identifies and monitoring method |
CN111132152A (en) * | 2019-12-16 | 2020-05-08 | 成都三零瑞通移动通信有限公司 | RFID (radio frequency identification) tag authentication method based on multi-layer secret key system |
WO2020215679A1 (en) * | 2019-04-25 | 2020-10-29 | 苏州车付通信息科技有限公司 | System for encrypted communication between rfid tag and reader-writer |
CN112702305A (en) * | 2019-10-23 | 2021-04-23 | 中电智能科技有限公司 | System access authentication method and device |
CN112804214A (en) * | 2020-12-31 | 2021-05-14 | 四川瑞霆电力科技有限公司 | Perception layer data secure access method and system based on intelligent Internet of things |
CN113965617A (en) * | 2021-08-26 | 2022-01-21 | 天地融科技股份有限公司 | Taxi taking method, device and system based on Internet of things |
WO2022141600A1 (en) * | 2020-12-31 | 2022-07-07 | 华为技术有限公司 | Authentication method and communication apparatus |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102833260A (en) * | 2012-09-05 | 2012-12-19 | 胡祥义 | Password authentication method for internet of things by adopting security one-key management technology |
CN103237302A (en) * | 2013-03-28 | 2013-08-07 | 北京市科学技术情报研究所 | Sensing information safety protection method for RFID (radio frequency identification) tags in Internet of Things |
KR101721510B1 (en) * | 2016-11-14 | 2017-04-11 | 에스지에이솔루션즈 주식회사 | An Authentication Method for Privacy Protection in RFID Systems |
US20170132504A1 (en) * | 2015-11-06 | 2017-05-11 | Bank Of America Corporation | Radio Frequency Identification Activation |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102801722B (en) * | 2012-08-09 | 2016-08-03 | 福建物联天下信息科技股份有限公司 | Internet of Things authentication method and system |
US10063374B2 (en) * | 2015-05-31 | 2018-08-28 | Massachusetts Institute Of Technology | System and method for continuous authentication in internet of things |
-
2017
- 2017-06-16 CN CN201710462756.1A patent/CN107231231B/en active Active
- 2017-07-17 WO PCT/CN2017/093224 patent/WO2018227685A1/en active Application Filing
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102833260A (en) * | 2012-09-05 | 2012-12-19 | 胡祥义 | Password authentication method for internet of things by adopting security one-key management technology |
CN103237302A (en) * | 2013-03-28 | 2013-08-07 | 北京市科学技术情报研究所 | Sensing information safety protection method for RFID (radio frequency identification) tags in Internet of Things |
US20170132504A1 (en) * | 2015-11-06 | 2017-05-11 | Bank Of America Corporation | Radio Frequency Identification Activation |
KR101721510B1 (en) * | 2016-11-14 | 2017-04-11 | 에스지에이솔루션즈 주식회사 | An Authentication Method for Privacy Protection in RFID Systems |
Non-Patent Citations (1)
Title |
---|
胡祥义等: "基于轻量级加密技术建立物联网感知层信息安全的解决方案", 《网络安全技术与应用》 * |
Cited By (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109982309A (en) * | 2019-03-19 | 2019-07-05 | 湘潭大学 | Building microgrid electricity consumption data secure transmission technique based on RFID certification and Hybrid Encryption |
CN110049019A (en) * | 2019-03-26 | 2019-07-23 | 合肥工业大学 | The medical internet of things equipment of active safety identifies and monitoring method |
CN110049019B (en) * | 2019-03-26 | 2020-09-01 | 合肥工业大学 | Active and safe medical Internet of things equipment identification and monitoring method |
WO2020215679A1 (en) * | 2019-04-25 | 2020-10-29 | 苏州车付通信息科技有限公司 | System for encrypted communication between rfid tag and reader-writer |
CN112702305A (en) * | 2019-10-23 | 2021-04-23 | 中电智能科技有限公司 | System access authentication method and device |
CN112702305B (en) * | 2019-10-23 | 2023-05-16 | 中电智能科技有限公司 | System access authentication method and device |
CN111132152A (en) * | 2019-12-16 | 2020-05-08 | 成都三零瑞通移动通信有限公司 | RFID (radio frequency identification) tag authentication method based on multi-layer secret key system |
CN111132152B (en) * | 2019-12-16 | 2023-04-07 | 成都三零瑞通移动通信有限公司 | RFID (radio frequency identification) tag authentication method based on multi-layer secret key system |
CN112804214A (en) * | 2020-12-31 | 2021-05-14 | 四川瑞霆电力科技有限公司 | Perception layer data secure access method and system based on intelligent Internet of things |
WO2022141600A1 (en) * | 2020-12-31 | 2022-07-07 | 华为技术有限公司 | Authentication method and communication apparatus |
CN113965617A (en) * | 2021-08-26 | 2022-01-21 | 天地融科技股份有限公司 | Taxi taking method, device and system based on Internet of things |
Also Published As
Publication number | Publication date |
---|---|
CN107231231B (en) | 2020-09-25 |
WO2018227685A1 (en) | 2018-12-20 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107231231A (en) | A kind of method and system of terminal device secure accessing Internet of Things | |
CN104217230B (en) | The safety certifying method of hiding ultrahigh frequency electronic tag identifier | |
CN102831529B (en) | A kind of commodity information identification method based on radio frequency and system | |
Juels | RFID security and privacy: A research survey | |
CN102136079B (en) | Dynamic authentication method between reader and tag card and implementing device thereof | |
CN101111853B (en) | Device, method and system of control of data exchange | |
US8917159B2 (en) | Fully secure item-level tagging | |
CN101847199B (en) | Security authentication method for radio frequency recognition system | |
CN104115442A (en) | RFID bidirectional authentication method based on asymmetric secret key and Hash function | |
CN102622624B (en) | A kind of commodity counterfeit prevention identification system and method | |
Damghani et al. | Investigating attacks to improve security and privacy in RFID systems using the security bit method | |
CN103532718A (en) | Authentication method and authentication system | |
CN101945123A (en) | RFID mobile phone and combination key technology-based authenticity identification method | |
CN101488179A (en) | Authentication method and apparatus for wireless radio frequency recognition system | |
CN202870898U (en) | Radio frequency-based commodity information identification system | |
CN104700125A (en) | AES encryption and verification of ultra high frequency radio identification system | |
CN108694344A (en) | A kind of cryptography electronic label | |
Rong et al. | RFID security | |
CN106712952B (en) | Radio frequency tag security identification method and system | |
KR100848791B1 (en) | Tag data recording and obtaining method which security verification are capable, tag data recording and obtaining apparatus | |
CN201654814U (en) | RFID (Radio Frequency Identification) system capable of safely communicating between tag reader-writer and tag | |
CN106778939A (en) | Electronic tag sensor-based system | |
CN102867260A (en) | Bluetooth-based commodity information identification method and system | |
CN109064197A (en) | A kind of supply chain opening registration and Verification System and method based on block chain | |
Bilal | Addressing security and privacy issues in low-cost RFID systems |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |