Background
Radio Frequency Identification (RFID) technology is an automatic identification technology that can exchange data by using wireless signals. Radio frequency identification technology has many advantages over traditional automatic identification technologies such as bar codes, contact cards. For example, data may be read or written remotely, either directionally or non-directionally, without keeping the identified target visible; the data can be read through the external material, the electronic tags can be simultaneously processed when the electronic tags work in a severe environment; the amount of information that can be stored is large enough to physically locate objects via tags, and so on.
In the existing RFID system, the electronic tag and the RFID reader are transmitted through plaintext, once a hacker intercepts a unique ID in the tag, the tag can be forged to deceive the system, particularly in the technical field of ultrahigh frequency RFID, the working range of the system can reach 10 meters at most, and the transmission information is extremely easy to intercept.
Disclosure of Invention
In view of the above problems, an object of the present invention is to provide an RFID reader, an RFID system, and a block chain network, which can increase the security of the RFID system during data transmission.
An embodiment of the present invention provides an RFID reader, including: the system comprises an antenna, an analog front end connected with the antenna, a bus, an encryption and decryption chip and a processor; the analog front end, the encryption and decryption chip and the processor are all used for data transmission through buses; wherein:
the analog front end is used for receiving a public key, data to be processed and a first encryption string which are wirelessly sent by an electronic tag within a preset range through the antenna, and sending the data to be processed and the first encryption string to the encryption and decryption chip through the bus; the electronic tag performs hash operation on the data to be processed to obtain a first abstract, and the first abstract is encrypted according to a private key generated by the electronic tag to obtain the first encrypted string;
the encryption and decryption chip is used for decrypting the first encryption string according to the received public key to obtain a first abstract, carrying out hash operation on the received data to be processed to obtain a second abstract, and comparing the first abstract with the second abstract;
and the encryption and decryption chip is further used for transmitting the received data to be processed to the processor through the bus when the first abstract and the second abstract are determined to be the same.
Preferably, the analog front end comprises a modulation and demodulation circuit, a power management circuit, a filter, a power amplification circuit, a clock circuit and a power-on circuit; the modulation and demodulation circuit, the power management circuit, the filter, the power amplification circuit, the clock circuit and the power-on circuit are all connected to the bus; the antenna is connected with the modulation and demodulation circuit.
Preferably, the RFID reader further includes a control interface and a memory connected to the bus; the control interface is one of GPIO, Uart, SPI and IIC.
Preferably, the processor is further configured to perform identification processing on the data to be processed, and send returned data generated by the identification processing to the encryption and decryption chip through the bus;
the encryption and decryption chip is further configured to encrypt the returned data by using a public key sent by the electronic tag to generate a second encrypted string, and send the second encrypted string to the electronic tag through the bus, the analog front end, and the antenna, so that the electronic tag decrypts the second encrypted string according to a private key to obtain the returned data.
Preferably, the system further comprises an Ethernet module connected with the bus;
and the processor is further configured to, after the received data to be processed is summarized and written into an intelligent contract for processing, transmit the generated intelligent contract to a currently connected block chain network through the ethernet module.
Preferably, the ethernet module is further configured to receive a new block generation instruction sent by a background computer, and send the new block generation instruction to the encryption and decryption chip; wherein, the new block generation instruction comprises a block header of a block to be generated and a target value of a current block link network;
the encryption and decryption chip is further configured to try to generate a new block by continuously changing the random number in the block header, performing hash operation on the block header after each change, and comparing a result value obtained by the hash operation with the target value.
An embodiment of the present invention further provides an RFID system, including: the RFID reader-writer comprises an electronic tag, a background computer and the RFID reader-writer;
the electronic tag is used for sending a public key generated by the electronic tag, data to be processed and a first encryption string generated according to the data to be processed to the RFID reader after being awakened by the RFID reader; the electronic tag performs hash operation on the data to be processed to obtain a first abstract, and the first abstract is encrypted according to a private key generated by the electronic tag to obtain the first encrypted string;
the RFID reader is used for decrypting the first encryption string according to a public key corresponding to the electronic tag to obtain a first abstract, carrying out Hash operation on the received data to be processed to obtain a second abstract, comparing the first abstract with the second abstract, processing the received data to be processed when the first abstract is determined to be the same as the second abstract, and sending the processed data to a background computer.
Preferably, the RFID reader is further configured to perform identification processing on the data to be processed, encrypt returned data generated by the identification processing by using the public key, generate a second encryption string, and send the second encryption string to the electronic tag;
and the electronic tag is further configured to decrypt the second encrypted string according to the generated private key corresponding to the public key to obtain the returned data.
Preferably, the data to be processed includes a unique ID of the electronic tag.
The embodiment of the invention also provides a block chain network, which comprises at least two nodes connected through a distributed network; the at least two nodes comprise background computers and the RFID reader-writers;
the background computer is used for sending a new block generation instruction to the RFID reader-writer; wherein, the new block generation instruction comprises a block header of a block to be generated and a target value of a current block link network;
and the RFID reader-writer is used for trying to generate a new block by continuously changing the random number in the block head, carrying out hash operation on the block head after each change and comparing a result value obtained by the hash operation with the target value.
In summary, in the RIFD reader according to the embodiment of the present invention, the encryption/decryption chip is added to decrypt and verify the data transmitted by the electronic tag, and the returned data is encrypted according to the public key provided by the electronic tag, so that the communication between the electronic tag and the RFID reader is ensured to be safe and reliable, and the security problem caused by hijacking of the data is avoided.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Before further detailed description of the present invention, terms and terminology that may be involved in embodiments of the present invention are described.
The Block (Block) is a storage unit, each Block realizes linking (chain) through random hashing (also called hash algorithm), and the Block head (Block head) of the next Block contains the hash value of the previous Block, so that the blocks are successively connected to form a Block chain.
As shown in fig. 1, the block of bitcoin is composed of a block header and a transaction list contained in the block. The size of the block header is 80 bytes, and the block header is composed of a version number of 4 bytes, a Hash value of the last block of 32 bytes, a Merkle Root Hash of 32 bytes (generated by processing a transaction list contained in the block through a Merkle Tree algorithm), a time affix of 4 bytes (current time), a current difficulty value of 4 bytes, and a random number of 4 bytes. The block contains a transaction list appended to the block header, where the first transaction is a money base transaction, a special transaction for the miners to receive rewards and commission fees.
The difficulty value (difficuty) is an important reference index for miners during mining, and determines how many hash operations are required for the miners to generate a legal block. The blocks of bitcoins are generated approximately every 10 minutes, and if the generation of new blocks is to be maintained at substantially this rate under different full network power conditions, the difficulty value must be adjusted in response to changes in the full network power. In short, the difficulty value is set such that the new block generation rate is maintained at 10 minutes one regardless of the ore-cutting ability. The adjustment of difficulty occurs automatically in each complete node independently. Every 2016 blocks, all nodes will automatically adjust the difficulty according to a uniform formula, which is obtained by comparing the duration spent for the most recent 2016 blocks with the expected duration (the expected duration is 20160 minutes, i.e., two weeks, which is the total duration calculated at the generation rate of one block every 10 minutes), and adjusting (or making difficult or easy) accordingly according to the ratio of the actual duration to the expected duration. That is, the difficulty is increased if the rate of block generation is faster than 10 minutes and decreased if it is slower than 10 minutes.
This formula can be summarized in the form:
new difficulty value old difficulty value (past 2016 blocks spent long/20160 minutes)
The workload proves to have a target value. The Target value (Target) of the bitcoin workload certification is calculated as follows:
target value-maximum target value/difficulty value where the maximum target value is a constant value: 0x00000000 FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
The magnitude of the target value is inversely proportional to the stiffness value. The bitcoin workload justification is achieved in that the block hash value calculated by the miners must be less than the target value.
In the workload proving process, the node continuously changes the random number (namely the numerical value of the nonce) in the block head, and performs hash operation on the block head after each change, compares the result value with the target value of the current network, if the result value is smaller than the target value, the problem solving is successful, and the workload proving is completed.
The block chain (Blockchain) is characterized in that a plurality of nodes are related to each other by a string of nodes by using a cryptography method to generate a block, the block adopts a structure of a block head and a block body, data used for verifying the validity of recorded data in the block head and index data of a previous block are included in the block body, and the block body contains the recorded data within a certain time.
Functionally, a blockchain is a distributed database that is run by a group of distributed nodes and is used to store various records, such as records of virtual currency transactions. In terms of data structure, the blockchain includes a series of blocks, once a new block is added to the blockchain, the new block cannot be removed, and the blocks contain the recorded data for verifying the validity (anti-counterfeiting) of the recorded data and generating the next block.
Taking bitcoin as an example, the transaction of bitcoin depends on the confirmation of nodes in the running blockchain, when the bitcoin transaction is confirmed by a node for the first time, the corresponding transaction list is added to the latest block in the blockchain, the transaction is continuously confirmed by other nodes in the blockchain network to avoid transaction repetition, when the confirmation is obtained in enough blocks (namely, the transaction is recorded in blocks), the transaction is finally confirmed, and the transaction is not reversible.
Asymmetric encryption: two keys are required in the encryption process: public key (publickey) and private key (privatekey). The public key and the private key are a pair, and if the public key is used for encrypting data, only the corresponding private key can be used for decrypting the data; if the data is encrypted with a private key, it can only be decrypted with the corresponding public key.
An RFID reader of an embodiment of the present invention is described below.
Referring to fig. 2, an embodiment of the present invention provides an RFID reader, including: the system comprises an antenna 10, an analog front end 20 connected with the antenna 10, a bus 30, an encryption and decryption chip 40 and a processor 50; the analog front end 20, the encryption and decryption chip 40 and the processor 50 all perform data transmission through a bus; wherein:
the analog front end 20 is configured to receive, through the antenna 10, a public key, to-be-processed data, and a first encryption string wirelessly sent by an electronic tag within a predetermined range, and send the to-be-processed data and the first encryption string to the encryption and decryption chip through the bus 30; the electronic tag performs hash operation on the data to be processed to obtain a first abstract, and the first encrypted string is obtained by encrypting the first abstract according to a private key generated by the electronic tag.
In this embodiment, in application, when an electronic tag enters a radio frequency range of the RFID reader, the RFID reader wakes up the electronic tag. After the electronic tag is awakened, a public key, data to be processed and a first encryption string are sent in a wireless sending mode; the electronic tag performs hash operation on the data to be processed to obtain a first abstract, and the first encrypted string is obtained by encrypting the first abstract according to a private key generated by the electronic tag.
In this embodiment, the public key, the data to be processed, and the first encryption string sent by the electronic tag are received by the antenna 10 and transmitted to the analog front end 20, and after the analog front end 20 processes the public key, the data to be processed, and the first encryption string, the public key, the data to be processed, and the first encryption string are sent to the encryption and decryption chip 40 through the bus 30.
Specifically, the analog front end 20 includes a modulation and demodulation circuit 21, a power management circuit 22, a filter 23, a power amplification circuit 24, a clock circuit 25, and a power-on circuit 26; the modulation and demodulation circuit 21, the power management circuit 22, the filter 23, the power amplification circuit 24, the clock circuit 25 and the power-on circuit 26 are all connected to the bus; the antenna 10 is connected to the modulation circuit 21.
After receiving the data transmitted by the antenna 10, the data is demodulated by the adjusting and demodulating circuit 21, filtered by the filter 23, amplified by the power amplifying circuit 24, and transmitted to the bus 30. The power management circuit 22 and the power-on circuit 26 are used for implementing power management of the whole RFID reader, providing power for each circuit module, and controlling to be in a low power consumption state during standby and to be in a normal power consumption state during operation. The clock circuit 25 is used to generate clock signals for timing management.
It should be noted that, in this embodiment, after the electronic tag is activated for the first time, the public key and the private key are randomly generated only once, where the electronic tag sends the public key to the RFID reader at the same time when performing data transmission with the RFID reader each time.
It should be noted that the data to be processed includes a unique ID of the electronic tag.
It should be noted that the bus 30 is a common communication trunk line for transmitting information between various functional components of the RFID reader, and is a transmission line bundle composed of wires, and the bus may be divided into a data bus, an address bus, and a control bus according to the type of information to be transmitted, and is used for transmitting data, data addresses, and control signals, respectively. The bus is an internal structure, which is a common channel for the processor, the memory, the input and output devices to transmit information, and each component is connected through the bus 30, and the external devices are connected with the bus through the corresponding interface circuits, thereby forming the whole hardware system.
The encryption and decryption chip 40 is configured to decrypt the first encrypted string according to the received public key to obtain a first digest, perform hash operation on the received data to be processed to obtain a second digest, and compare the first digest with the second digest.
The encryption and decryption chip 40 is further configured to transmit the received data to be processed to the processor 50 through the bus when it is determined that the first digest is the same as the second digest.
In this embodiment, after receiving the public key, the data to be processed, and the first encryption string, the encryption and decryption chip 40 first decrypts the first encryption string by using the public key to obtain a first digest, then performs an operation on the data to be processed by using a hash algorithm to obtain a second digest, and then the encryption and decryption chip 40 compares the first digest with the second digest, where if the first digest is identical to the second digest, it indicates that the data to be processed has not been tampered, and the data communication is secure, the encryption and decryption chip 40 sends the data to be processed to the processor 50 for processing.
In this embodiment, the processor 50 has the following processing modes:
the processor 50 sends the data to be processed to a background computer, and the background computer responds or records, such as confirming the authority of the tag (access control), charging (such as swiping a meal card), or recording the position information of the object corresponding to the electronic tag, according to the data to be processed.
Secondly, the processor 50 generates return data according to the data to be processed, and transmits the return data to the electronic tag for writing.
In the second case, the processor 50 firstly sends the generated backhaul data to the encryption and decryption chip 40 through the bus 30, the encryption and decryption chip 40 encrypts the backhaul data by using the public key sent by the electronic tag to generate a second encryption string, and sends the second encryption string to the electronic tag through the bus 30, the analog front end 20 and the antenna 10, and the electronic tag decrypts the second encryption string according to its own private key to obtain the backhaul data, and writes the data in.
In summary, in the RIFD reader according to the embodiment of the present invention, the encryption/decryption chip 40 is added to decrypt and verify the data transmitted by the electronic tag, and encrypt the returned data according to the public key provided by the electronic tag, so that the communication between the electronic tag and the RFID reader is ensured to be safe and reliable, and the security problem caused by hijacking of the data is avoided.
Preferably, the RFID reader further includes a control interface 60 and a memory 70 connected to the bus; the control interface 60 is one of GPIO, Uart, SPI, and IIC.
Preferably, an ethernet module 80 connected to the bus 30;
the processor 50 is further configured to, after summarizing the received data to be processed and writing the data into an intelligent contract for processing, transmit the generated intelligent contract to a currently connected block chain network through the ethernet module 80.
In this embodiment, the RFID reader may also be connected to a blockchain network as a node of the blockchain network, where the RFID reader needs to have a function of an intelligent contract. In this way, the processor 50 may summarize the received data to be processed and write the summarized data into an intelligent contract, and then transmit the summarized data to the currently connected blockchain network through the ethernet module 80.
In this embodiment, the intelligent contracts are considered technically as network servers, except that these servers are not bridged over the internet using IP addresses, but rather over a blockchain network, on which specific contract programs can be run. But unlike a network server, all can see intelligent contracts because the code and state of these intelligent contracts are on the blocks of the blockchain (assuming that the blockchain is public). Moreover, unlike a network server, an intelligent contract does not rely on a particular hardware device, and in fact, the code of the intelligent contract is executed by all nodes participating in a mine. An intelligent contract is an assembly language programmed on a blockchain. Typically one will not write the bytecode itself, but will compile it from a higher level language, e.g. a proprietary language like Javascript in Solidity. These bytecodes do provide guidance to the functionality of the blockchain so that the code can easily interact with it, such as transferring cryptographic currency and recording events. The execution of the code is automatic: either performed successfully or all state changes are undone (including information already sent or received from the currently failed contract)
In this embodiment, the RFID reader writes the summarized data into an intelligent contract and publishes the intelligent contract to a corresponding blockchain network. Nodes in the blockchain network package and verify the validity of all intelligent contracts generated within a predetermined time period and attempt to generate a new block through the aforementioned workload proving process. When some node passes the workload certification, a new block is generated. The newly generated block is broadcast to the blockchain network, and if more than half of the nodes in the blockchain network verify the block (i.e. the block is added to its blockchain to indicate that the block is verified), the intelligent contracts in the block are recorded in the blockchain network.
Preferably, the ethernet module 80 is further configured to receive a new block generation instruction sent by a background computer, and send the new block generation instruction to the encryption and decryption chip; wherein, the new block generation instruction comprises a block header of a block to be generated and a target value of a current block link network;
the encryption and decryption chip 40 is further configured to try to generate a new block by continuously changing the random number in the block header, performing hash operation on the block header after each change, and comparing a result value obtained by the hash operation with the target value.
In this embodiment, since the encryption/decryption chip 40 has a hash operation function, the RFID reader/writer can be controlled to dig a mine when idle through the ethernet by setting a program in the background computer, so that the computing power of the encryption/decryption chip 40 is fully utilized.
Referring to fig. 3, a second embodiment of the present invention further provides an RFID system, including: the electronic tag 100, the background computer 300 and the RFID reader 200 as described above;
the electronic tag 100 is configured to send a public key generated by the electronic tag, data to be processed, and a first encrypted string generated according to the data to be processed to the RFID reader 200 after the electronic tag is awakened by the RFID reader; in the first encryption string, the electronic tag 100 performs hash operation on the data to be processed to obtain a first digest, and the first digest is encrypted according to a private key generated by the electronic tag 100 to obtain the first encryption string;
the RFID reader 200 is configured to decrypt the first encrypted string according to a public key corresponding to the electronic tag 100 to obtain a first digest, perform hash operation on the received data to be processed to obtain a second digest, compare the first digest with the second digest, process the received data to be processed when it is determined that the first digest is the same as the second digest, and send the processed data to the background computer 300.
Preferably, the RFID reader 200 is further configured to perform identification processing on the data to be processed, encrypt returned data generated by the identification processing by using the public key, generate a second encryption string, and send the second encryption string to the electronic tag 100;
the electronic tag 100 is further configured to decrypt the second encrypted string according to the generated private key corresponding to the public key, so as to obtain the returned data.
Preferably, the data to be processed includes a unique ID of the electronic tag 100.
The third embodiment of the present invention further provides a blockchain network, comprising at least two nodes connected by a distributed network; wherein, the at least two nodes include a background computer 300 and the RFID reader 200 as described above;
the background computer 300 is configured to send a new block generation instruction to the RFID reader; wherein, the new block generation instruction comprises a block header of a block to be generated and a target value of a current block link network;
the RFID reader 200 is configured to try to generate a new block by continuously changing the random number in the block header, performing hash operation on the block header after each change, and comparing a result value obtained by the hash operation with the target value.
In this embodiment, since the RFID reader 200 has a hash operation function, the RFID reader can be controlled to dig a mine when idle through the ethernet by setting a program in the background computer, so that the calculation power of the RFID reader 200 is fully utilized.
Illustratively, the computer program may be partitioned into one or more modules/units that are stored in the memory and executed by the processor to implement the invention. The one or more modules/units may be a series of computer program instruction segments capable of performing specific functions.
The Processor may be a Central Processing Unit (CPU), other general purpose Processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), an off-the-shelf Programmable Gate Array (FPGA) or other Programmable logic device, discrete Gate or transistor logic, discrete hardware components, etc. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
The memory may be used for storing the computer program and/or the module, and the processor may implement various functions of the block chain oriented dynamic hash calculation node by executing or executing the computer program and/or the module stored in the memory and calling data stored in the memory. The memory may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required by at least one function (such as a sound playing function, an image playing function, etc.), and the like; the storage data area may store data (such as audio data, a phonebook, etc.) created according to the use of the cellular phone, and the like. In addition, the memory may include high speed random access memory, and may also include non-volatile memory, such as a hard disk, a memory, a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), at least one magnetic disk storage device, a Flash memory device, or other volatile solid state storage device.
All or part of the flow of the method of the embodiments may be implemented by a computer program, which may be stored in a computer readable storage medium and executed by a processor, to instruct related hardware to implement the steps of the embodiments of the methods. Wherein the computer program comprises computer program code, which may be in the form of source code, object code, an executable file or some intermediate form, etc. The computer-readable medium may include: any entity or device capable of carrying the computer program code, recording medium, usb disk, removable hard disk, magnetic disk, optical disk, computer Memory, Read-Only Memory (ROM), Random Access Memory (RAM), electrical carrier wave signals, telecommunications signals, software distribution medium, and the like. It should be noted that the computer readable medium may contain content that is subject to appropriate increase or decrease as required by legislation and patent practice in jurisdictions, for example, in some jurisdictions, computer readable media does not include electrical carrier signals and telecommunications signals as is required by legislation and patent practice.
It should be noted that the above-described device embodiments are merely illustrative, where the units described as separate parts may or may not be physically separate, and the parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on multiple network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment. In addition, in the drawings of the embodiment of the apparatus provided by the present invention, the connection relationship between the modules indicates that there is a communication connection between them, and may be specifically implemented as one or more communication buses or signal lines. One of ordinary skill in the art can understand and implement it without inventive effort.
While the foregoing is directed to the preferred embodiment of the present invention, it will be understood by those skilled in the art that various changes and modifications may be made without departing from the spirit and scope of the invention.