CN109522979B

CN109522979B - Chip card manufacturing method and system based on wireless communication technology and SAM technology

Info

Publication number: CN109522979B
Application number: CN201811173595.5A
Authority: CN
Inventors: 程诗猛; 董逢华
Original assignee: Wuhan Tianyu Information Industry Co Ltd
Current assignee: Wuhan Tianyu Information Industry Co Ltd
Priority date: 2018-10-09
Filing date: 2018-10-09
Publication date: 2022-06-03
Anticipated expiration: 2038-10-09
Also published as: CN109522979A

Abstract

The invention discloses a chip card manufacturing method and system based on a wireless communication technology and an SAM technology, and relates to the technical field of chip card manufacturing. The communication mode between the chip card read-write head of the existing chip card manufacturing equipment and the control computer is changed from slip ring type cable connection to the adoption of LoRa and GFSK wireless communication, so that all advantages of the rotary platform type card manufacturing equipment are reserved, and the factors of production faults caused by signal interference, poor contact and the like are thoroughly solved, thereby greatly improving the production efficiency; the SAM technology is adopted to solve the data security problem in the card making link of the chip card, thereby improving the production efficiency and reliability and ensuring the data security.

Description

Chip card manufacturing method and system based on wireless communication technology and SAM technology

Technical Field

The invention relates to the field, in particular to a chip card manufacturing method and a chip card manufacturing system based on a wireless communication technology and an SAM technology.

Background

The traditional chip card manufacturing equipment needs to meet the requirement of mass production, one equipment is provided with a plurality of chip card read-write heads (about 30 in general), the read-write heads are generally fixed, the chip card transmission mode is large in size, multiple in driving motors and complex in wiring, and the motors, control signal cables, read-write head communication cables and the like are mutually staggered and mutually interfered (space radiation interference, power conduction interference and the like), so that the equipment failure rate is high, and the production efficiency is low.

At present, most of the improved rotary platform type card making equipment is adopted, the number of read-write heads can be up to 64, the volume is greatly reduced, the wiring is greatly simplified, the interference is greatly reduced, the equipment failure rate is greatly reduced, and the production efficiency is greatly improved. The read-write head is arranged on the rotating wheel, and the read-write head is connected with a communication cable between the control computer through a slip ring. However, in this slip ring connection method, after the device works for a long time, the slip ring spring plate is mechanically worn to cause poor contact, so that production failure occurs and production efficiency is affected.

Disclosure of Invention

The invention aims to overcome the defects of the background technology and provides a method and a system for manufacturing a chip card based on a wireless communication technology and an SAM technology, which improve the production efficiency and reliability and ensure the data security.

The invention provides a chip card manufacturing method based on a wireless communication technology and an SAM technology, which comprises the following steps:

a LoRa gateway is arranged between the server and the executing mechanism component, and a LoRa node is arranged on the chip card read-write head; the server is transferred through an LoRa gateway and is communicated with the execution mechanism assembly in an LoRa mode; the server is transferred through the LoRa gateway and communicates with the LoRa nodes in a LoRa mode and a GFSK mode;

an encryption machine is arranged in the server, and SAM security modules are arranged in the execution mechanism component, the LoRa gateway and the LoRa node; the encryptor is used for executing random number fetching operation and encryption/decryption operation in the server, and storing a key and a session key derived from the key; the SAM security module is used for executing random number fetching operation and encryption/decryption operation, and storing a key and a session key derived from the key;

the communication between the server and the execution mechanism assembly is carried out in a mode of ciphertext + consistency check code MIC, and the ciphertext + consistency check code MIC is transferred through the LoRa gateway; the server sends the card writing data to the LoRa node in a mode of ciphertext + consistency check code MIC, and the card writing data is transferred through the LoRa gateway; the communication between the server and the LoRa node is carried out in a mode of ciphertext + consistency check code MIC, and the communication is transferred through the LoRa gateway;

the server transmits an execution instruction to the execution mechanism component through the transfer of the LoRa gateway, and the execution mechanism component transmits the chip card to be produced to the read-write head of the chip card;

the server sends the card writing data to the LoRa node through the transfer of the LoRa gateway, and the LoRa node controls the read-write head of the chip card to write the card writing data into the chip card;

the chip card manufacturing equipment comprises 64 chip card read-write heads at most, and each read-write head is provided with a LoRa node; dividing the LoRa nodes on the chip card manufacturing equipment into eight node groups by taking every eight LoRa nodes as a group, wherein the eight node groups are represented as LoRa node groups y, and y is 1-8;

nodes in the LoRa node group 1 to the LoRa node group 8 are represented by a node x, where x is y1 to y8, and y is 1 to 8.

On the basis of the scheme, the method specifically comprises the following steps:

the server transmits an execution instruction to the execution mechanism component through the transfer of the LoRa gateway;

the LoRa gateway receives an action instruction issued by the server through the local area network, starts a LoRa sending function and informs the executing mechanism component;

the executing mechanism component receives an action instruction issued by the LoRa gateway, makes a corresponding action, and transmits the chip card to be produced to the read-write head of the chip card of the corresponding LoRa node;

the server transmits a frame of card writing data to the LoRa node through the transfer of the LoRa gateway;

the LoRa gateway receives card writing data issued by the server, starts a GFSK sending function, forwards the card writing data to all LoRa nodes in parallel, and waits for the completion of card writing operation of the LoRa nodes;

the LoRa node group 1 starts a LoRa sending function and reports a card writing state;

the LoRa gateway starts a parallel LoRa receiving function;

the LoRa gateway receives the card writing state reported by the LoRa node group 1;

the LoRa gateway forwards the card writing state reported by the LoRa node group 1 to the server through the local area network;

the LoRa gateway starts a LoRa sending function and issues a card writing state fetching instruction to the LoRa node group 2;

the LoRa gateway starts a parallel LoRa receiving function; meanwhile, the LoRa node group 2 has started the LoRa receiving function of the LoRa communication module;

after receiving a card fetching and writing state instruction issued by the loRa gateway, the LoRa node group 2 starts a loRa sending function and reports a card writing state;

the LoRa gateway receives the card writing state reported by the LoRa node group 2;

the LoRa gateway forwards the card writing state reported by the LoRa node group 2 to the server through the local area network;

repeating the operations until the last LoRa node group 8 finishes reporting the card writing state to the server;

repeating the operations until all the card writing data are sent;

the server sends corresponding action execution instructions to the execution mechanism component through the LoRa gateway according to the received card writing state;

the LoRa gateway starts a LoRa sending function and forwards an execution instruction to the execution mechanism component;

the actuating mechanism subassembly starts loRa and receives the function, receives the executive instruction that loRa gateway forwarded, carries out corresponding action, transports the card to certified products draw-in groove and waste product draw-in groove respectively.

On the basis of the scheme, an encryption machine is arranged in the server, and SAM security modules are arranged in the execution mechanism component, the LoRa gateway and the LoRa node; the encryptor is used for executing random number fetching operation and encryption/decryption operation of the server, and storing a secret key and a session secret key derived from the secret key; the SAM security module is used for random number fetching operation and encryption/decryption operation of the execution mechanism component, the LoRa gateway and the LoRa node, storing a key and a session key derived from the key, and specifically comprises the following steps:

in the system initialization stage, the secret keys are respectively led into the encryption machine and each SAM security module;

the server and the LoRa gateway mutually authenticate the identity; and deriving the key to obtain respective session key;

the server is transferred by the LoRa gateway and mutually authenticated with the execution mechanism component; and respectively deriving a key to obtain respective session keys;

the server performs mutual identity authentication with each LoRa node in sequence through the transfer of the LoRa gateway; and each performs key derivation to obtain a respective session key.

On the basis of the scheme, the server and the LoRa gateway perform mutual identity authentication; and deriving the key to obtain the respective session key, wherein the execution steps are as follows:

the server host computer takes a gateway random number rnd _ gw of 16 bytes from the encryption machine and encapsulates an authen _ gw JSON object;

receiving the 'authen _ gw' JSON object of the server PULL _ RESP by the LoRa gateway, and decoding by base 64;

then verifying the correctness of a consistency check code MIC of the authen _ gw, and if the MIC is correct, recognizing the legality of the server and the correctness of the authen _ gw.data, wherein the authen _ gw.data is an object data item of the authen _ gw;

the SAM security module decrypts the srnd _ gw to obtain an rnd _ gw, wherein the srnd _ gw is a gateway random number ciphertext, and the rnd _ gw is a gateway random number plaintext;

the method comprises the steps that an LoRa gateway SAM security module uses rnd _ gw to disperse AppKey _ W and NwkKey _ W respectively to obtain session keys AppSKey _ W and NwkSKey _ W, wherein the AppKey _ W is a gateway encryption key, and the NwkKey _ W is a gateway MIC key;

the server receives a 'resp _ gw' JSON object of the LoRa gateway PUSH _ DATA, and performs base64 decoding firstly;

the encryptor respectively disperses AppKey _ W and NwkKey _ W with own rnd _ gw to obtain session keys AppSKey _ W and NwkSKey _ W:

and then verifying the correctness of the consistency check code MIC of the 'resp _ gw' and decrypting the srnd _ gw, and if the MIC1 is MIC and the rnd _ gw1 is rnd _ gw, recognizing the legality of the LoRa gateway, wherein the MIC1 is MIC which means that the consistency check code MIC1 obtained by encryption calculation is consistent with the actually received consistency check code MIC, and the rnd _ gw1 is rnd _ gw which means that the gateway random number rnd _ gw1 obtained by decryption of the srnd _ gw by the encryption machine is consistent with the gateway random number rnd _ gw generated by the encryption machine.

On the basis of the scheme, the server is transferred through the LoRa gateway and mutually authenticated with the execution mechanism component; and respectively deriving a key to obtain respective session keys, wherein the execution steps specifically comprise:

the server host takes a 16-byte execution mechanism component random number rnd _ d from the encryption machine, and encapsulates an "authen _ device" JSON object:

receiving the JSON object of the 'authen _ device' of the server PULL _ RESP by the LoRa gateway, and decoding by base 64;

then verifying the correctness of a consistency check code MIC of the authen _ device, if the MIC is correct, forwarding a base64 decoding of authen _ device.data to an execution mechanism component in a LoRa manner without parsing, wherein the authen _ device.data is an object data item of the authen _ device;

the execution mechanism component receives base64 decoding of authen _ device.data, and verifies the consistency check code mic _ d of the execution mechanism component data:

if the calculated execution mechanism component data consistency check code mic _ d1 is consistent with the actually received execution mechanism component data consistency check code mic _ d, the legitimacy of the server is approved and srnd _ d is valid, the srnd _ d is decrypted to obtain rnd _ d, wherein the srnd _ d is a random number ciphertext of the execution mechanism component, and the rnd _ d is a random number plaintext of the execution mechanism component;

the SAM security module of the execution mechanism component respectively disperses an AppKey _ D and an NwkKey _ D by using rnd _ D to obtain session keys AppSKey _ D and NwkSKey _ D, wherein the AppKey _ D is an encryption key of the execution mechanism component, and the NwKey _ D is an MIC key of the execution mechanism component;

the SAM security module encrypts rnd _ d and generates a corresponding MIC:

reporting the random ciphertext srnd _ dd of the current execution mechanism component and the consistency check code mic _ dd of the execution mechanism component to an LoRa gateway by the execution mechanism component in a LoRa way;

the LoRa gateway encapsulates a 'resp _ device' JSON object;

the server receives a 'resp _ device' JSON object of the LoRa gateway PUSH _ DATA, performs base64 decoding firstly, and verifies the correctness of mic _ gw, wherein the mic _ gw is a gateway consistency check code;

the encryptor respectively disperses AppKey _ D and NwkKey _ D with rnd _ D to obtain session keys AppSKey _ D and NwkSKey _ D:

and then verifying the correctness of the mic _ dd and decrypting the srnd _ dd, and if the mic _ dd1 is mic _ dd and the rnd _ dd1 is rnd _ dd, the legitimacy of the executable mechanism component is determined, wherein the mic _ dd1 is mic _ dd, which indicates that the calculated execution mechanism component consistency check code mic _ dd1 is consistent with the received execution mechanism component consistency check code mic _ dd.

On the basis of the scheme, the server is transferred by the LoRa gateway and performs identity authentication with each LoRa node in sequence; and respectively deriving a key to obtain respective session keys, wherein the execution steps specifically comprise:

the mutual identity authentication between the server and each LoRa node and the derivation of the session key are respectively carried out, and the following specific steps are carried out for the mutual identity authentication between the server and one of the LoRa nodes and the derivation of the session key:

the server host respectively takes two groups of node random numbers rnd _ n1 and rnd _ n2 of 16 bytes from the encryption machine, and encapsulates an authen _ node11 JSON object;

receiving a JSON object of 'authen _ node 11' of the server PULL _ RESP by the LoRa gateway, and decoding by base 64;

then verifying the correctness of a consistency check code MIC of the "authen _ node 11", if the MIC is correct, forwarding base64 decoding of authen _ node11.data to the LoRa node11 in a LoRa way without parsing, wherein authen _ node11.data is an object data item of authen _ node 11;

the LoRa node11 receives the decoded base64 of authen _ node11.data, and verifies mic _ n1 and mic _ n2 respectively, wherein mic _ n1 is a node consistency check code corresponding to a node random number rnd _ n1, and mic _ n2 is a consistency check code corresponding to a node random number rnd _ n 2;

if mic _ n11 is mic _ n1 and mic _ n22 is mic _ n2, the server is approved to be legal and srnd _ n1 and srnd _ n2 are valid, srnd _ n1 and srnd _ n2 are decrypted respectively to obtain rnd _ n1 and rnd _ n2, where mic _ n11 is the consistency check code calculated by node11, mic _ n1 is the received consistency check code, mic _ n22 is the consistency check code calculated by node11, mic _ n2 is the received consistency check code, and srnd _ n1 and srnd _ n2 are node random numbers;

the SAM security module of the LoRa node11 respectively disperses an AppKey _ N and an NwkKey _ N by rnd _ N1 to obtain session keys AppSKey _ N and NwkSKey _ N, wherein the AppKey _ N is a write card data encryption key, and the NwkKey _ N is a write card data MIC key;

the SAM security module of the LoRa node11 disperses AppKey _ N1 and NwkKey _ N1 respectively by rnd _ N2 to obtain session keys AppSKey _ N1 and NwkSKey _ N1, wherein the AppKey _ N1 is an encryption key of a node group 1, and the NwkKey _ N1 is an MIC key of the node group 1;

the SAM security module encrypts rnd _ n1 and rnd _ n2 and generates mic _ n111 and mic _ n222, wherein mic _ n111 is a consistency check code corresponding to rnd _ n1, and mic _ n222 is a consistency check code corresponding to rnd _ n 2; the LoRa node11 reports srnd _ n111+ mic _ n111+ srnd _ n222+ mic _ n222 to the LoRa gateway in an LoRa manner, wherein srnd _ n111 is a random number ciphertext obtained by the SAM security module encrypting rnd _ n1, and srnd _ n222 is a random number ciphertext obtained by the SAM security module encrypting rnd _ n 2;

the LoRa gateway encapsulates a "resp _ node 11" JSON object:

the server receives a 'resp _ node 11' JSON object of the LoRa gateway PUSH _ DATA, performs base64 decoding and verifies the correctness of mic _ gw, wherein the mic _ gw is a gateway consistency check code;

the encryption equipment respectively disperses AppKey _ N and NwkKey _ N by using a random number rnd _ N1 of the encryption equipment to obtain session keys AppSKey _ N and NwkSKey _ N;

the encryptor disperses AppKey _ N1 and NwkKey _ N1 respectively with own rnd _ N2 to obtain session keys AppSKey _ N1 and NwkSKey _ N1;

then, the correctness of mic _ n111 and mic _ n222 is verified and srnd _ n111 and srnd _ n222 are decrypted, and if mic _ n111 and mic _ n222 are correct, rnd _ n1111 ═ rnd _ n111 and rnd _ n2222 ═ rnd _ n222, the legitimacy of the LoRa node11 is approved, where rnd _ n1111 ═ rnd _ n111 indicates that the decrypted node random number rnd _ n1111 matches the received node random number rnd _ n111, and rnd _ n2222 ═ rnd _ n222 indicates that the decrypted node random number rnd _ n2222 matches the received node random number rnd _ n 222.

On the basis of the scheme, the communication between the server and the execution mechanism assembly is carried out in a mode of ciphertext + consistency check code MIC, and the communication is transferred through the LoRa gateway; the server sends the card writing data to the LoRa node in a mode of ciphertext + consistency check code MIC, and the card writing data is transferred through the LoRa gateway; the communication between the server and the LoRa node is carried out in a mode of ciphertext + consistency check code MIC, and is transferred through the LoRa gateway, and the method specifically comprises the following steps:

the server encrypts the write card data by using an application session key AppSKey to generate a write card data cipher text, then uses a network session key NwkSKey to carry out MIC signature on the write card data cipher text, and then transfers the write card data cipher text and the MIC together through the LoRa gateway and sends the write card data cipher text and the MIC to the LoRa node;

the LoRa node receives the write card data ciphertext and the MIC signature transferred by the LoRa gateway, firstly, the network session key NwkSKey is used for verifying the correctness and the integrity of the data, then, the application session key AppSKey is used for decrypting the write card data ciphertext, and then, the card is written;

the LoRa node firstly encrypts a write card state by using an application session key AppSKey to generate a write card state ciphertext, then uses a network session key NwkSKey to carry out MIC signature on the write card state ciphertext, and then transfers the write card state ciphertext and the MIC together through a LoRa gateway and reports the transfer to a server;

the server receives the card writing state ciphertext and the MIC signature transferred by the LoRa gateway, firstly verifies the correctness and the integrity of data by using a network session key NwkSKey, then decrypts the card writing state ciphertext by using an application session key AppSKey, and then issues a corresponding action execution instruction to the execution mechanism component according to the card writing state.

On the basis of the above scheme, when the key is respectively imported into the encryption machine and each SAM secure module in the system personalization stage:

the keys imported into the encryptor include: AppKey _ w, NwkKey _ w, AppKey _ W, NwkKey _ W, AppKey _ d, NwkKey _ d, AppKey _ D, NwkKey _ D, AppKey _ N1 to AppKey _ N64, NwkKey _ N1 to NwkKey _ N64, AppKey _ N, NwkKey _ N, AppKey _ N1 to AppKey _ N8, and NwkKey _ N1 to NwkKey _ N8;

the key imported into the SAM security module of the LoRa gateway includes: AppKey _ W, NwkKey _ W, AppKey _ W, and NwkKey _ W;

importing keys within a SAM security module of an actuator component includes: AppKey _ D, NwkKey _ D, AppKey _ D, and NwkKey _ D;

the key imported into the SAM security module of the LoRa node includes: AppKey _ nx, NwkKey _ nx, AppKey _ N, NwkKey _ N, AppKey _ Ny, and NwkKey _ Ny;

the derived session key within the encryptor includes: AppSKey _ W, NwkSKey _ W, AppKey _ D, NwkKey _ D, AppSKey _ N, NwkSKey _ N, AppSKey _ N1-AppSKey _ N8 and NwkSKey _ N1-NwkSKey _ N8;

the session key derived within the SAM security module of the LoRa gateway includes: AppSKey _ W and NwkSKey _ W;

the session key derived within the SAM security module of the actuator component comprises: AppSKey _ D and NwkSKey _ D;

the session key derived within the SAM security module of LoRa node x includes: AppSKey _ N, NwkSKey _ N, AppSKey _ Nx and NwkSKey _ Nx.

On the basis of the above scheme, the specific characteristics of the LoRa gateway are as follows:

the LoRa gateway comprises an ARM processor, an SAM security module, an Ethernet/WiFi module, a LoRa gateway communication module, a LoRa communication module and an antenna;

the LoRa gateway and the server are in a special local area network, and the LoRa gateway communicates with the server through an Ethernet port or a WiFi mode; the communication between the LoRa gateway and the server follows MQTT protocol;

the LoRa gateway communication module adopts an SX1301 chip of Semtech company;

the LoRa communication module adopts an SX1268 chip of Semtech company;

the communication between the LoRa gateway and the actuator component is the LoRa communication based on an SX1268 chip;

the communication between the LoRa gateway and the LoRa node is GFSK communication based on an SX1268 chip and LoRa communication based on an SX1301 chip, wherein the GFSK communication adopts the following steps: the carrier frequency is 505.3MHz, and the communication speed is 300 kbps; the LoRa communication adopts: the bandwidth BW is 125kHz and the spreading factor SF is 7.

On the basis of the above scheme, the communication characteristics and the execution steps between the LoRa gateway and the LoRa node are specifically as follows:

the microprocessors of all the LoRa nodes inform the LoRa communication module based on the SX1268 chip to switch to a GFSK receiving state, and wait for receiving card writing data issued by the LoRa gateway;

an ARM processor of the LoRa gateway informs a LoRa communication module based on an SX1268 chip to issue card writing data ciphertexts and a consistency check code MIC to all LoRa nodes in a GFSK sending mode;

the ARM processor of the LoRa gateway informs a LoRa gateway module based on an SX1301 chip to switch to an 8-path parallel LoRa receiving mode so as to wait for a card writing state ciphertext and a consistency check code MIC reported by a LoRa node group 1;

after the LoRa node receives the card writing data ciphertext and the MIC verification code issued by the LoRa gateway, the ARM processor informs the SAM security module to verify the correctness and the integrity of the card writing instruction and decrypt the card writing data ciphertext; then, the chip card read-write module is informed to write the card;

the ARM processor receives the card writing state returned by the chip card reading and writing module, informs the SAM security module of encrypting the card writing state and calculates a consistency check code MIC;

8 nodes of the LoRa node group 1 report a card writing state ciphertext and a consistency check code MIC to a LoRa gateway in a LoRa sending mode;

switching the LoRa communication modules of other node groups except the LoRa node group 1 to a LoRa receiving mode, and waiting for receiving a card fetching and writing state instruction issued by the LoRa gateway;

after receiving the card writing state ciphertexts and the MIC verification codes reported by the 8 nodes of the LoRa node group 1, the LoRa gateway forwards the card writing state reported by the LoRa node group 1 to a server through a local area network in a TCP/IP or WiFi mode;

an ARM processor of the LoRa gateway informs a LoRa communication module based on an SX1268 chip to switch to a LoRa sending mode, and sends a card writing state command ciphertext and a consistency check code MIC to a LoRa node group 2;

switching an LoRa gateway communication module SX1301 of the LoRa gateway to an 8-path parallel LoRa receiving mode, and waiting for a card writing state reported by a receiving node group 2;

8 nodes of the node group 2 receive the card-taking and writing state ciphertext and the MIC verification code issued by the LoRa gateway, verify the correctness and the integrity of the card-taking and writing state ciphertext and decrypt the card-taking and writing state ciphertext and the MIC verification code;

8 nodes of the node group 2 report a card writing state ciphertext and an MIC verification code to an LoRa gateway in a LoRa sending mode;

the LoRa gateway forwards the card writing state reported by the LoRa node group 2 to the server through the local area network in a TCP/IP or WiFi mode;

and repeating the operation until the LoRa gateway grouping sequentially receives the card writing states returned by all the LoRa nodes.

On the basis of the scheme, the server is communicated with the execution mechanism assembly in an LoRa mode through LoRa gateway transfer, and the execution steps are specifically as follows:

the LoRa gateway receives an execution instruction sent to the execution mechanism component by the server through an Ethernet port or a WiFi mode;

transferring an execution instruction to an execution mechanism assembly in a LoRa sending mode based on an SX1268 chip;

the LoRa gateway receives the execution state reported by the execution mechanism component in a LoRa receiving mode based on the SX1268 chip;

and transferring the execution state of the execution mechanism component to the server in an Ethernet port or WiFi mode.

On the basis of the scheme, the server communicates with the LoRa nodes in a LoRa mode and a GFSK mode through LoRa gateway transfer, and the execution steps specifically include:

the LoRa gateway receives APDU card writing data issued by the server to the LoRa node through an Ethernet port or a WiFi mode;

then, card data are transferred to the LoRa node in a GFSK sending mode based on an SX1268 chip;

the LoRa gateway receives the card writing state reported by the LoRa node group 1 in an SX1301 chip-based 8-way parallel LoRa receiving mode;

the LoRa gateway transfers the card writing state reported by the LoRa node group 1 to the server in an Ethernet port or WiFi mode

The LoRa gateway sends a card writing state instruction to the LoRa node group 2 in a LoRa sending mode based on an SX1268 chip;

the LoRa gateway receives the card writing state reported by the LoRa node group 2 in an SX1301 chip-based 8-channel parallel LoRa receiving mode;

the LoRa gateway transfers the card writing state reported by the LoRa node group 2 to the server in an Ethernet port or WiFi mode;

and repeating the steps, and sequentially receiving the card writing states reported by all the LoRa nodes by the LoRa gateway grouping.

On the basis of the scheme, the specific characteristics of the actuating mechanism assembly are as follows:

the execution mechanism component comprises an ARM processor, an SAM security module, a LoRa communication module based on an SX1268 chip of Semtech company, an antenna and an execution mechanism component;

the communication between the actuator component and the LoRa gateway is based on the LoRa communication of the SX1268 chip;

the execution mechanism component receives the execution instruction forwarded by the LoRa gateway in a LoRa receiving mode;

the ARM processor informs the SAM security module to verify the correctness and the integrity of the execution instruction and decrypt an execution instruction ciphertext; then informing the executing mechanism component to do corresponding action;

the ARM processor informs the SAM security module of the encryption execution state and calculates a consistency check code MIC;

and the execution mechanism component reports an execution state ciphertext and a consistency check code MIC to the LoRa gateway in a LoRa sending mode.

On the basis of the above scheme, the specific characteristics of the LoRa node are as follows:

the chip card manufacturing equipment comprises a plurality of LoRa nodes; every eight nodes are a group and are respectively called as a node group 1, a node group 2 and a node group 8;

the LoRa node comprises a microprocessor, an SAM security module, a LoRa communication module and an antenna based on an SX1268 chip of Semtech corporation, a chip card read-write module and a chip card read-write head; the antenna of the LoRa node is integrated on the PCB;

all LoRa nodes receive a write card data ciphertext and a consistency check code MIC transferred by the LoRa gateway in parallel in a GFSK receiving mode based on an SX1268 chip;

the ARM processor informs the SAM security module to verify the correctness and the integrity of the card writing instruction and decrypt a card writing data ciphertext; then, the chip card read-write module is informed to write the card;

the LoRa nodes report the card writing state ciphertext and the consistency check code MIC to the LoRa gateway in a group mode in a LoRa sending mode;

and the LoRa gateway groups and sequentially receives the card writing state ciphertext and the MIC verification code reported by each LoRa node group in an 8-path parallel LoRa receiving mode based on an SX1301 chip.

On the basis of the scheme, LoRa communication between the server and the execution mechanism assembly is a mode of ciphertext + consistency check code MIC, and is transferred through a LoRa gateway, and the execution steps specifically comprise:

the server encapsulates a command _ device JSON object:

the LoRa gateway receives a command _ device JSON object of the server PULL _ RESP, and performs base64 decoding firstly;

then verifying the correctness of a one-time check code MIC of the command _ device, if the MIC is correct, forwarding a base64 decoding of command _ device.data to an execution mechanism component in a LoRa way without analysis, wherein the command _ device.data is an object data item of the command _ device;

the execution mechanism component receives base64 decoding of command _ device.data, and verifies mic _ d:

if the mic _ d1 is mic _ d, the COMMAND is valid, the COMMAND is decrypted to obtain a COMMAND code COMMAND, wherein the mic _ d1 is mic _ d, which indicates that the consistency check code mic _ d1 obtained by calculation is consistent with the received mic _ d;

the execution mechanism component executes the action specified by the COMMAND code COMMAND and reports the executed STATUS code STATUS to the server;

the SAM security module encrypts the state code STATUS to obtain a state code ciphertext STATUS and generates a mic _ sta, wherein the mic _ sta is a consistency check code of the STATUS;

the execution mechanism component reports status + mic _ sta to the LoRa gateway in a LoRa way;

the LoRa gateway encapsulates a 'status _ device' JSON object;

the server receives a JSON object of status _ device of the LoRa gateway PUSH _ DATA, performs base64 decoding firstly, and verifies the correctness of the mic _ gw;

the encryption machine firstly generates a mic _ sta1 by using a key of the encryption machine, and if the mic _ sta1 is mic _ sta, the state is decrypted to obtain a state code STATUS, wherein the mic _ sta1 is a state code consistency check code generated by the key of the encryption machine, and the mic _ sta1 is mic _ sta which indicates that the state code consistency check code mic _ sta1 generated by the key of the encryption machine is consistent with the mic _ sta;

and the server obtains the execution state STATUS reported by the execution mechanism assembly.

On the basis of the scheme, the server issues the mode that the card writing data to the LoRa node is ciphertext + consistency check code MIC, and the card writing data is transferred through the LoRa gateway, and the execution steps specifically comprise:

a server encapsulates a 'c _ apdu _ x' JSON object;

receiving a JSON object of 'c _ apdu _ x' of the server PULL _ RESP by the LoRa gateway, and decoding by base 64;

then verifying the correctness of the MIC, if the MIC is correct, forwarding the base64 decoding of c _ apdu _ x.data to the LoRa node in a GFSK mode without parsing, wherein the c _ apdu _ x.data is an object data item of the c _ apdu _ x;

the LoRa node receives base64 decoding of c _ apdu _ x.data, and verifies mic _ ap a priori, wherein the mic _ apdu is a consistency check code of c _ apdu _ x;

if mic _ ap is mic _ APDU, C _ APDU _ x is valid, and C _ APDU _ x is decrypted to obtain C _ APDU, wherein mic _ ap is a consistency check code obtained by calculation, and mic _ APDU is a received consistency check code;

the LoRa node chip card read-write module sends the C _ APDU to the chip card to complete card writing operation;

reporting the R _ APDU returned by the chip card to a server by 8 nodes of the LoRa node group 1;

the SAM security module encrypts the R _ APDU and generates mic _ R _ x _1, wherein the mic _ R _ x _1 is a response frame consistency check code, x represents the serial number of the node in the LoRa node group 1, and x is 11-18;

the nodes 11 to 18 report r _ apdu _ x _1+ mic _ r _ x _1 to the LoRa gateway in an LoRa manner, wherein r _ apdu _ x _1 is a response frame data element;

the LoRa gateway encapsulates R _ APDUs returned by the 8 LoRa nodes in the first group into a 'R _ APDU _ 1' JSON object;

the server receives a JSON object of 'r _ apdu _ 1' of the LoRa gateway PUSH _ DATA, performs base64 decoding firstly, and verifies the correctness of mic _ gw _1, wherein the mic _ gw _1 is a gateway consistency check code;

the encryption machine firstly generates mic _ rr _1 by using a key of the encryption machine, if mic _ rr _1 is mic _ r _1, r _ apdu _1 is valid, and r _ apdu _1 is decrypted, wherein mic _ r _1 is a received response frame consistency check code;

so far, the server receives the execution state R _ APDU reported by the LoRa node group 1.

On the basis of the scheme, LoRa communication between the server and the LoRa nodes is a mode of ciphertext + consistency check code MIC, and is transferred through the LoRa gateway, and the execution steps are as follows:

the server prepares R _ APDU responses of 8 nodes of a LoRa node group y, and encapsulates a 'get _ y' JSON object, wherein y is 1-8:

receiving a PULL _ RESP 'of a server by the LoRa gateway, wherein y is 1-8' JSON object, and decoding by base 64;

then verifying the correctness of the MIC, if the MIC is correct, forwarding base64 decoding of get _ y.data to a LoRa node group y in a LoRa mode without parsing, wherein the get _ y.data is a data item of a get _ y object;

the LoRa node receives base64 decoding of get _ y.data, and verifies mic _ get _ y, wherein the mic _ get _ y is a consistency check code of a 'get _ y' object;

if mic _ get1_ y is mic _ get _ y, the object get _ y is valid, get _ y is decrypted to obtain a get _ command item of the object get _ y, wherein mic _ get1_ y is mic _ get _ y and means that the consistency check code mic _ get1_ y of the calculated object get _ y is consistent with the received consistency check code mic _ get _ y; 8 nodes of the LoRa node group y report R _ APDU returned by the chip card to the server respectively;

the SAM security module encrypts the R _ APDU and generates mic _ R _ x _ y, wherein y is 1-8, x is y 1-y 8, and mic _ R _ x _ y is a consistency check code of the R _ APDU;

reporting R _ APDU _ x _ y + mic _ R _ x _ y to a LoRa gateway by 8 nodes of a LoRa node group y in a LoRa mode, wherein R _ APDU _ x _ y is an R _ APDU ciphertext of the node x, and mic _ R _ x _ y is an R _ APDU consistency check code of the node x;

the LoRa gateway encapsulates the returned state of 8 nodes of 8 LoRa nodes of the y-th group into a 'r _ apdu _ x _ y' JSON object;

the server receives a JSON object of 'r _ apdu _ x _ y' of the LoRa gateway PUSH _ DATA, performs base64 decoding firstly, and verifies the correctness of mic _ gw, wherein the mic _ gw is a gateway consistency check code;

the encryption machine firstly generates mic _ rr _ x _ y by using a key of the encryption machine, if mic _ rr _ x _ y is mic _ r _ x _ y, an object of 'r _ apdu _ x _ y' is valid, the r _ apdu _ x _ y received by the server is valid, and r _ apdu _ x _ y is decrypted, wherein the mic _ rr _ x _ y is mic _ r _ x _ y, which means that the consistency check code mic _ rr _ x _ y generated by the encryption machine by using the key of the encryption machine is consistent with the consistency check code mic _ r _ x _ y received by the server;

so far, the server receives the execution state R _ APDU reported by 8 nodes of the y-th group of LoRa nodes.

On the basis of the scheme, the chip card comprises a smart card, an electronic tag, an MCU and an M2M card.

The invention also discloses a chip card making system based on the wireless communication technology, which comprises the following steps:

the server comprises a server host, an encryption machine and a fingerprint collector;

the loRa gateway, the loRa gateway includes: the system comprises an ARM processor, an SAM security module, an LoRa gateway communication module and antenna, an LoRa communication module and antenna and an Ethernet/WiFi module;

an actuator assembly, the actuator assembly comprising: the system comprises an ARM processor, an SAM security module, a LoRa communication module, an antenna and an execution mechanism;

loRa node, the loRa node includes: microprocessor, SAM security module, loRa communication module and antenna, chip card read-write module and chip card read-write head.

On the basis of the scheme, the system comprises a plurality of LoRa nodes; every 8 LoRa nodes are a LoRa node group, and the card writing state is reported in parallel.

Compared with the prior art, the invention has the following advantages:

the communication mode between the chip card read-write head of the existing chip card manufacturing equipment and the control computer is changed from slip ring type cable connection to the adoption of LoRa and GFSK wireless communication, so that all advantages of the rotary platform type card manufacturing equipment are reserved, and the factors of production faults caused by signal interference, poor contact and the like are thoroughly solved, thereby greatly improving the production efficiency; the SAM technology is adopted to solve the data security problem in the card making link of the chip card, thereby improving the production efficiency and reliability and ensuring the data security.

Drawings

FIG. 1 is a schematic flow chart of a chip card manufacturing method based on wireless communication technology and SAM technology according to an embodiment of the present invention;

FIG. 2 is a functional block diagram of a chip card manufacturing system based on wireless communication technology and SAM technology according to an embodiment of the present invention;

FIG. 3 is a timing diagram illustrating a card writing process of one frame of APDU data according to an embodiment of the present invention;

FIG. 4 is a NAK diagram illustrating parallel card writing of star network nodes according to an embodiment of the present invention;

FIG. 5 is a diagram illustrating a parallel card writing ACK of a first group of nodes of a star network according to an embodiment of the present invention;

fig. 6 is a schematic diagram of a parallel card writing ACK in a star network node group according to an embodiment of the present invention;

FIG. 7 is a schematic diagram of a serial card writing ACK between star network node groups according to an embodiment of the present invention;

FIG. 8 is a diagram of an internal framework of a node communication chip SX1268 according to an embodiment of the present invention;

fig. 9 is a schematic diagram of a receiving function of a gateway communication chip SX1301 according to an embodiment of the present invention.

The system comprises a server 1, a server 11, a server host 12, an encryption machine 13, a fingerprint collector 2, a LoRa gateway 21, an ARM processor 22, a SAM security module 23, a LoRa gateway communication module 231, an antenna 24, a LoRa communication module 241, an antenna 25, an Ethernet/WiFi module 3, a LoRa node 31, a microprocessor 32, a SAM security module 33, a LoRa communication module 331, an antenna 34, a chip card read-write module 35, a chip card read-write head 4, an execution mechanism component 41, an ARM processor 42, a SAM security module 43, a LoRa communication module 431-antenna 44.

Detailed Description

Interpretation of terms:

LoRa: LoRa is a technology dedicated to radio modem, also known as Long Range radio frequency (Long Range), issued by Semtch corporation, which combines digital spreading, digital signal processing, and forward error correction coding techniques, using a high spreading factor to transmit small volumes of data across a wide Range of radio spectrum.

FSK (Frequency-shift keying) is the Frequency of a carrier wave that is unmodulated with a digital signal. The FSK modulation mode has the main advantages of easy realization and better anti-noise and anti-attenuation performances.

GFSK (gaussian frequency Shift Keying) is a technique in which the spectral width of a signal is limited by a gaussian low-pass filter before modulation. The method has the characteristics of constant amplitude envelope, power spectrum concentration, narrow frequency spectrum and the like which are desired by a wireless communication system.

In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.

Example one

The embodiment of the invention provides a chip card manufacturing method based on a wireless communication technology and an SAM technology, and the working flow of the chip card manufacturing method is shown in figure 1 and comprises the following steps:

s1, powering on the equipment, and logging in the server by the fingerprint of an operator;

s2, mutual identity authentication between the server and the LoRa gateway; and performing key dispersion respectively to obtain respective session keys;

s3, mutual identity authentication between the server (transferred by LoRa gateway) and the execution mechanism component; and performing key dispersion respectively to obtain respective session keys;

s4, the server (transferred by the LoRa gateway) sequentially performs mutual identity authentication with each LoRa node; and performing key dispersion respectively to obtain respective session keys; it should be noted that S2-S4 is performed only once when the computer is powered on;

s5, the server (through LoRa gateway transfer) sends corresponding action command to the executive mechanism component, the executive mechanism component executes corresponding action, and transmits the chip card to be produced to the corresponding read-write head of the chip card;

s6, the server (through transfer in the LoRa gateway) issues a frame of card writing ciphertext data and an MIC verification code to all LoRa nodes, the LoRa gateway issues data in a mode of sending GFSK/505.3MHz/300kbps, except the last frame, each frame of data is a fixed-length data packet, and the data length is 0xF9(5 bytes of APDU command header ciphertext +0xF0 APDU data ciphertext +4 bytes of MIC code); if the last frame is less than 0xF9, the last frame is a variable-length data packet;

s7, verifying the correctness of communication according to the CRC and the validity and the integrity of the data according to the MIC code by the LoRa node, and decrypting the card writing data ciphertext;

s8, writing card writing data into the chip card by the LoRa node;

s9, reporting the card writing state by the first group of 8 nodes in a manner of LoRa/frequency point 1x/BW125kHz/SF 7;

s10, the server (through the transfer of the LoRa gateway) sends the write card status instruction to the LoRa node in a grouping and sequential (parallel in group and serial between groups) mode of sending LoRa/500kHz/SF 5;

s11, the LoRa nodes (transferred by the LoRa gateway) report the card writing state to the server in turn in a way of sending packets in a LoRa/125kHz/SF7 mode;

s12, returning to the step S10 to continue the operation until all the nodes report the card writing state;

s13, returning to the step S6 to continue the operations until all card writing operations are completed;

s14, according to the card writing state, the server (transferred by the LoRa gateway) issues corresponding action instructions to the executing mechanism assembly, and the executing mechanism assembly places the cards into the genuine card slots and the waste card slots respectively.

S15, returning to step S5 to continue the operation until all cards in the batch (team) are produced.

In the above steps, the chip card comprises a smart card, an electronic tag, an MCU, an M2M card and the like.

Spread spectrum communications have the following advantages:

1. the transmission power density is low, and interference to other equipment is not easy to cause;

2. the confidentiality is high, and the possibility of interception is extremely low;

3. the anti-interference capability is strong, and the anti-interference performance has strong inhibition capability on same frequency interference and various noises;

4. has excellent anti-multipath fading performance.

The spread spectrum communication has the excellent performance characteristics of strong anti-interference performance, good concealment and good confidentiality, so that the spread spectrum communication is widely applied to various fields.

The LoRa technology greatly improves the reliability and the remote transmission capability of data transmission in the environment with complex installation environment, strong blocking capability and same-path interference.

The wireless communication system has the advantages that the LoRa wireless communication technology is adopted, the license-free frequency band is utilized, free wireless communication is realized, the installation process is simple, wiring in advance is not needed, the mobility is good, the communication cost is low, the communication distance is long, the power consumption is low, and the anti-interference capability is strong.

Example two

The embodiment of the invention provides a chip card making system based on a wireless communication technology and an SAM technology. The function division is as shown in fig. 2, and the following components are included:

the server 1 includes: server host 11, encryptor 12 and fingerprint collector 13.

The LoRa gateway 2 includes: ARM processor 21, SAM security module 22, LoRa gateway communication module 23 and antenna 231, LoRa communication module 24 and antenna 241 and Ethernet/WiFi module 25.

The actuator assembly 4 includes: ARM processor 41, SAM security module 42, LoRa communication module 43, and antenna 431 and actuator 44.

The LoRa node 3 includes: microprocessor 31, SAM security module 32, LoRa communication module 33, antenna 331, chip card read/write module 34, and chip card read/write head 35.

A chip card making device may comprise a plurality of chip card read/write modules, typically 32 or 64.

In order to improve the communication efficiency, the card writing state is reported in parallel by every 8 LoRa nodes, and the 8 LoRa nodes are called a LoRa node group, namely a LoRa node group 1(LoRa nodes 11-18) -a LoRa node group 4(LoRa nodes 41-48) or a LoRa node group 1-a LoRa node group 8(LoRa nodes 81-88).

The dashed line box in fig. 2 is a functional schematic diagram of a control portion of one card-making device, and one server can control a plurality of card-making devices.

EXAMPLE III

As shown in fig. 3, the card writing timing sequence of a frame of data according to an embodiment of the present invention includes the following steps:

all LoRa nodes SX1268 switch to a GFSK/505.3MHz/300kbps receiving state and wait for receiving APDU card writing data sent by a LoRa gateway;

the LoRa gateway SX1268 sends a frame of APDU card writing data at GFSK/505.3MHz/300kbps, and the maximum air transmission time of the frame of data is about 16.5 ms; then, switching the LoRa gateway SX1301 to a LoRa/frequency band 1/BW125kHz 8-path parallel receiving mode, and waiting for receiving a card writing state reported by a LoRa node group 1;

the LoRa node receives APDU card writing data and starts a chip card reading and writing module to write cards; after card writing is finished, the LoRa node group 1SX1268 starts a LoRa/each node frequency point/BW 125kHz/SF7 mode to send a card writing state;

after receiving the 8-way card writing state reported by the LoRa node group 1, the LoRa gateway SX1301 starts SX1268 to send a card writing state fetching instruction to the LoRa node group 2 in a LoRa/500.5MHz/BW500kHz/SF5(62.5kbps) sending mode; then, switching the LoRa gateway SX1301 to a LoRa/frequency band 2/BW125kHz 8-path parallel receiving mode, and waiting for receiving a card writing state reported by a LoRa node group 2;

at this time, the LoRa node group 2SX1268 has started the receiving mode LoRa/500.5MHz/BW500kHz/SF5 to wait for receiving the instruction issued by the LoRa gateway; after receiving a card reading and writing state instruction issued by the LoRa gateway, the LoRa node group 2SX1268 starts a sending mode of LoRa/each node frequency point/BW 125kHz/SF7 to report a card writing state to the LoRa gateway;

repeating the above operations until:

after receiving the 8-way card writing state reported by the LoRa node group 7, the LoRa gateway SX1301 starts SX1268 to send a card writing state fetching instruction to the LoRa node group 8 in a LoRa/501.7MHz/BW500kHz/SF5(62.5kbps) sending mode; then, switching the LoRa gateway SX1301 to a LoRa/frequency band 8/BW125kHz 8-path parallel receiving mode, and waiting for receiving the card writing state reported by the LoRa node group 8;

at this time, the loRa node group 8SX1268 starts a receiving mode of LoRa/501.7MHz/BW500kHz/SF5 to wait for receiving the instruction issued by the LoRa gateway; after receiving a card fetching and writing state instruction issued by the LoRa gateway, the LoRa node group 8SX1268 starts a sending mode of LoRa/each node frequency point/BW 125kHz/SF7 to report a card writing state to the LoRa gateway;

after receiving the 8-way card writing state reported by the LoRa node group 8, the LoRa gateway SX1301 forwards the card writing state of the LoRa node to a server;

completing the card writing process of one frame of APDU data; and then starting the issuing process of the card writing data of the APDU of the next frame.

Example four

Mutual identity authentication and derivation of session keys between the server and the LoRa gateway, the execution steps are specifically as follows:

the server takes a random number rnd _ gw of 16 bytes from the encryption machine and encapsulates an "authen _ gw" JSON object:

data is base64 encoding of srnd _ gw:

srnd_gw＝aes128_encrypt(AppKey_w,rnd_gw)

MIC is base64 code for MIC:

cmac＝aes128_cmac(NwkKey_w,"authen_gw"|srnd_gw)

MIC＝cmac[0..3]

then verifying the correctness of the MIC, and if the MIC is correct, recognizing the legality of the server and the correctness of authen _ gw.data;

the SAM security module decrypts srnd _ gw to obtain rnd _ gw:

rnd_gw＝aes128_decrypt(AppKey_w,srnd_gw)

the LoRa gateway SAM security module uses rnd _ gw to respectively disperse AppKey _ W and NwkKey _ W to obtain session keys AppSKey _ W and NwkSKey _ W:

AppSKey_W＝aes128_encrypt(AppKey_W,rnd_gw)

NwkSKey_W＝aes128_encrypt(NwkKey_W,rnd_gw)

the LoRa gateway encapsulates a "resp _ gw" JSON object:

base64 encoding where resp _ gw.data is srnd _ gw 1:

srnd_gw1＝aes128_encrypt(AppSKey_w,rnd_gw)

MIC is the MIC base64 code:

cmac＝aes128_cmac(NwkSKey_w,"resp_gw"|srnd_gw1)

MIC＝cmac[0..3]

AppSKey_W＝aes128_encrypt(AppKey_W,rnd_gw)

NwkSKey_W＝aes128_encrypt(NwkKey_W,rnd_gw)

then, the correctness of the MIC is verified and srnd _ gw1 is decrypted, if MIC1 is MIC and rnd _ gw1 is rnd _ gw, then the legitimacy of the LoRa gateway is approved:

cmac＝aes128_cmac(NwkSKey_w,"resp_gw"|srnd_gw1)

MIC1＝cmac[0..3]

rnd_gw1＝aes128_decrypt(AppSKey_w,srnd_gw1)

EXAMPLE five

Mutual identity authentication and derivation of session keys between the server and the execution mechanism components are specifically performed by the following steps:

the server takes a random number rnd _ d of 16 bytes from the encryption machine and encapsulates an "authen _ device" JSON object:

data is base64 encoding of srnd _ d + mic _ d:

srnd_d＝aes128_encrypt(AppKey_d,rnd_d)

cmac_d＝aes128_cmac(NwkKey_d,srnd_d)

mic_d＝cmac_d[0..3]

MIC is base64 code for MIC:

cmac＝aes128_cmac(NwkSKey_W,“authen_device”|srnd_d|mic_d)

MIC＝cmac[0..3]

the MIC is then verified for correctness, and if the MIC is correct, base64 decoding authen _ device. data is forwarded to the actuator component in the manner of LoRa without parsing.

The execution mechanism component receives base64 decoding of authen _ device.data, and verifies a priori mic _ d:

cmac_d1＝aes128_cmac(NwkKey_d,srnd_d)

mic_d1＝cmac_d[0..3]

if mic _ d1 equals mic _ d, then the server is approved to be legitimate and srnd _ d is valid, and srnd _ d is decrypted to get rnd _ d:

rnd_d＝aes128_decrypt(AppKey_d,srnd_d)

the SAM security module of the execution mechanism component respectively disperses AppKey _ D and NwkKey _ D by rnd _ D to obtain session keys AppSKey _ D and NwkSKey _ D:

AppSKey_D＝aes128_encrypt(AppKey_D,rnd_d)

NwkSKey_D＝aes128_encrypt(NwkKey_D,rnd_d)

the SAM security module encrypts rnd _ d and generates mic:

srnd_dd＝aes128_encrypt(AppSKey_D,rnd_d)

cmac_dd＝aes128_cmac(NwkSKey_D,srnd_d)

mic_dd＝cmac_dd[0..3]

and the execution mechanism component reports the srnd _ dd + mic _ dd to the LoRa gateway in a LoRa mode.

The LoRa gateway encapsulates a "resp _ device" JSON object:

data is base64 coding of srnd _ dd + mic _ dd, and the LoRa gateway does not analyze srnd _ dd and mic _ dd and only does base64 coding.

Mic is base64 code for mic _ gw, which is generated by the LoRa gateway:

cmac_gw＝aes128_cmac(NwkSKey_w,"resp_device"|srnd_dd|mic_dd)

mic_gw＝cmac[0..3]

the server receives a JSON object of 'resp _ device' of the LoRa gateway PUSH _ DATA, performs base64 decoding firstly, and verifies the correctness of the mic _ gw;

AppSKey_D＝aes128_encrypt(AppKey_D,rnd_d)

NwkSKey_D＝aes128_encrypt(NwkKey_D,rnd_d)

then, verifying the correctness of mic _ dd and decrypting srnd _ dd, if mic _ dd1 is mic _ dd and rnd _ dd1 is rnd _ dd, the legitimacy of the executable mechanism component is determined:

cmac_dd1＝aes128_cmac(NwkSKey_D,srnd_dd)

mic_dd1＝cmac_dd1[0..3]

rnd_dd1＝aes128_decrypt(AppSKey_D,srnd_dd)

EXAMPLE six

Mutual identity authentication and derivation of session keys between the server and each LoRa node specifically comprise the following steps:

the server performs mutual authentication and session key derivation with each LoRa node, and the following is a specific step of performing mutual authentication and session key derivation between the server and one LoRa node (node 11) (the step of performing mutual authentication and session key derivation between other nodes and the server is the same as that):

the server takes two sets of 16-byte random numbers rnd _ n1 and rnd _ n2 from the encryptor, respectively, and encapsulates an "authen _ node 1" JSON object:

wherein authen _ node11.data is base64 encoding of srnd _ n1+ mic _ n1+ srnd _ n2+ mic _ n2:

srnd_n1＝aes128_encrypt(AppKey_n11,rnd_n1)

cmac_n1＝aes128_cmac(NwkKey_n11,srnd_n1)

mic_n1＝cmac_n1[0..3]

srnd_n2＝aes128_encrypt(AppKey_N1,rnd_n2)

cmac_n2＝aes128_cmac(NwkKey_N1,srnd_n2)

mic_n2＝cmac_n2[0..3]

authen _ nodeb 11.MIC is the base64 code for MIC:

cmac＝aes128_cmac(NwkSKey_W,“authen_node1”|srnd_n1|mic_n1|srnd_n2|mic_n2)

MIC＝cmac[0..3]

the MIC is then verified for correctness, and if the MIC is correct, base64 decoding of authen _ nodeb 11.data is forwarded to the LoRa node11 in LoRa manner without parsing.

The LoRa node11 receives base64 decoding of authen _ node11.data, and verifies mic _ n1 and mic _ n2 respectively:

cmac_n11＝aes128_cmac(NwkKey_n11,srnd_n1)

mic_n11＝cmac_n11[0..3]

cmac_n22＝aes128_cmac(NwkKey_N1,srnd_n2)

mic_n22＝cmac_n22[0..3]

if mic _ n11 is mic _ n1 and mic _ n22 is mic _ n2, then the legitimacy of the server is approved and srnd _ n1 and srnd _ n2 are valid, and srnd _ n1 and srnd _ n2 are decrypted to get rnd _ n1 and rnd _ n2:

rnd_n1＝aes128_decrypt(AppKey_n11,srnd_n1)

rnd_n2＝aes128_decrypt(AppKey_N1,srnd_n2)

the SAM security module of the LoRa node11 disperses AppKey _ N and NwkKey _ N with rnd _ N1 to obtain session keys AppSKey _ N and NwkKey _ N, respectively:

AppSKey_N＝aes128_encrypt(AppKey_N,rnd_n1)

NwkSKey_N＝aes128_encrypt(NwkKey_N,rnd_n1)

the SAM security module of the LoRa node1 disperses AppKey _ N1 and NwkKey _ N1 with rnd _ N2 to obtain session keys AppSKey _ N1 and NwkKey _ N1:

AppSKey_N1＝aes128_encrypt(AppKey_N1,rnd_n2)

NwkSKey_N1＝aes128_encrypt(NwkKey_N1,rnd_n2)

the SAM security module encrypts rnd _ n1 and rnd _ n2 and generates mic _ n111 and mic _ n 222:

srnd_n111＝aes128_encrypt(AppSKey_N,rnd_n1)

cmac_n111＝aes128_cmac(NwkSKey_N,srnd_n1)

mic_n111＝cmac_n111[0..3]

srnd_n222＝aes128_encrypt(AppSKey_N1,rnd_n2)

cmac_n222＝aes128_cmac(NwkSKey_N1,srnd_n2)

mic_n222＝cmac_n222[0..3]

and the LoRa node1 reports srnd _111+ mic _111+ srnd _222+ mic _222 to the LoRa gateway in a LoRa way.

The LoRa gateway encapsulates a "resp _ node 11" JSON object:

wherein, resp _ node11.data is base64 coding of srnd _111+ mic _111+ srnd _222+ mic _222, and the LoRa gateway does not analyze and only does base64 coding.

Mic is base64 code for mic _ gw, which is generated by the LoRa gateway:

cmac_gw＝aes128_cmac(NwkSKey_w,"resp_node11"|srnd_111|mic_111|srnd_222|mic_222)

mic_gw＝cmac[0..3]

the server receives a JSON object of 'resp _ node 11' of the LoRa gateway PUSH _ DATA, performs base64 decoding firstly, and verifies the correctness of the mic _ gw;

the encryptor disperses AppKey _ N and NwkKey _ N respectively with own rnd _ N1 to obtain session keys AppSKey _ N and NwkSKey _ N:

AppSKey_N＝aes128_encrypt(AppKey_N,rnd_n1)

NwkSKey_N＝aes128_encrypt(NwkKey_N,rnd_n1)

the encryptor disperses AppKey _ N1 and NwkKey _ N1 with its own rnd _ N2 to obtain session keys AppSKey _ N1 and NwkKey _ N1, respectively:

AppSKey_N1＝aes128_encrypt(AppKey_N1,rnd_n2)

NwkSKey_N1＝aes128_encrypt(NwkKey_N1,rnd_n2)

then, verifying the correctness of mic _ n111 and mic _ n222 and decrypting srnd _ n111 and srnd _ n222, if mic _ n111 and mic _ n222 are correct, rnd _ n1111 ═ rnd _ n111 and rnd _ n2222 ═ rnd _ n222, then the legitimacy of LoRa node1 is approved:

cmac_n1111＝aes128_cmac(NwkSKey_N,srnd_n111)

mic_n1111＝cmac_n1111[0..3]

rnd_n1111＝aes128_decrypt(AppSKey_N,srnd_n111)

cmac_n2222＝aes128_cmac(NwkSKey_N1,srnd_n222)

mic_n2222＝cmac_n2222[0..3]

rnd_n2222＝aes128_decrypt(AppSKey_N1,srnd_n222)。

example seven:

the LoRa communication between the server and the execution mechanism assembly is a mode of ciphertext + consistency check code MIC, and is transferred through a LoRa gateway, and the execution steps are as follows:

the server encapsulates a command _ device JSON object:

the COMMAND _ device.data is a base64 code of COMMAND + mic _ d, and the COMMAND is a COMMAND code which is issued by the server to the execution mechanism component:

command＝aes128_encrypt(AppSKey_D,COMMAND)

cmac_d＝aes128_cmac(NwkSKey_D,command)

mic_d＝cmac_d[0..3]

MIC is base64 code of MIC:

cmac＝aes128_cmac(NwkSKey_W,“command_device”|command|mic_d)

MIC＝cmac[0..3]

the MIC is then verified for correctness, and if the MIC is correct, base64 decoding command _ device. data is forwarded to the actuator component in LoRa without parsing.

cmac_d1＝aes128_cmac(NwkSKey_D,command)

mic_d1＝cmac_d[0..3]

if mic _ d1 is mic _ d, the COMMAND is valid, and the COMMAND is decrypted to obtain COMMAND:

COMMAND＝aes128_decrypt(AppSKey_D,command)

the executing mechanism component executes the action specified by the COMMAND and reports the executed STATUS code to the server:

the SAM security module encrypts STATUS and generates mic _ sta:

status＝aes128_encrypt(AppSKey_D,STATUS)

cmac_sta＝aes128_cmac(NwkSKey_D,status)

mic_sta＝cmac_sta[0..3]

and the execution mechanism component reports status + mic _ sta to the LoRa gateway in a LoRa manner.

The LoRa gateway encapsulates a "status _ device" JSON object:

data is base64 encoding of status + mic _ sta, and the LoRa gateway does not parse status and mic _ sta, and only does base64 encoding.

status _ device. mic is base64 code for mic _ gw, which is generated by the LoRa gateway:

cmac_gw＝aes128_cmac(NwkSKey_W,"status_device"|status|mic_sta)

mic_gw＝cmac_gw[0..3]

the encryptor first generates a mic _ sta1 with its own key, and if the mic _ sta1 is mic _ sta, the encryptor determines that the received status is correct, and decrypts the status:

cmac_sta1＝aes128_cmac(NwkSKey_D,status)

mic_sta1＝cmac_sta1[0..3]

STATUS＝aes128_decrypt(AppSKey_D,status)

Example eight:

the LoRa communication between the server and the LoRa node is a mode of ciphertext + consistency check code MIC, and is transferred through the LoRa gateway, and the execution steps are as follows:

the server prepares R _ APDU responses of 8 nodes (nodes y 1-y 8) of the yy set of LoRa nodes, and encapsulates a 'get _ x _ y' JSON object:

wherein, x is a 2-byte C _ APDU serial number, y is a LoRa node group serial number (02-08), such as: get _0001_02, c _ apdu _0100_08, etc.;

get _ x _ y.data base64 encoding which is get _ r _ apdu + mic _ get:

get_r_apdu＝aes128_encrypt(AppSKey_Ny,“get_”|x|“_”|y)

cmac_get＝aes128_cmac(NwkSKey_Ny,get_r_apdu)

mic_get＝cmac_get[0..3]

MIC is the MIC base64 code:

cmac＝aes128_cmac(NwkSKey_W,“get_x_y”|get_r_apdu)

MIC＝cmac[0..3]

the LoRa gateway receives a JSON object of 'get _ x _ y' of the server PULL _ RESP, and performs base64 decoding firstly;

and then verifying the correctness of the MIC, and if the MIC is correct, forwarding base64 decoding of get _ x _ y.data to the y-th group of LoRa nodes in a LoRa way without parsing.

The LoRa node receives base64 decoding of get _ x _ y.data, and verifies that mic _ get:

cmac_get1＝aes128_cmac(NwkSKey_Ny,get_r_apdu)

mic_get1＝cmac_get1[0..3]

if mic _ get1 is mic _ get, get _ r _ apdu is valid, and decrypting get _ x _ y results in get _ command:

get_command＝aes128_decrypt(AppSKey_Ny,get_r_apdu)

8 nodes (nodes y 1-y 8) of the y-th group of LoRa nodes report the R _ APDU returned by the chip card to the server:

the SAM security module encrypts R _ APDU and generates mic _ R:

r_apdu＝aes128_encrypt(AppSKey_Ny,x|z|R_APDU)

cmac_r＝aes128_cmac(NwkSKey_Ny,r_apdu)

mic_r＝cmac_r[0..3]

wherein, x is the serial number of the C _ APDU of 2 bytes, such as 0001, 0100, etc.;

z is a node number of 1 byte, and z is y1 to y8(y is 2 to 8).

And 8 nodes (nodes y 1-y 8) of the y-th group of LoRa nodes report r _ apdu + mic _ r to the LoRa gateway in a LoRa mode respectively.

The LoRa gateway packages the returned states of 8 nodes (nodes y 1-y 8) of 8 LoRa nodes in the y-th group into a 'r _ apdu' JSON object:

wherein, r _ apdu _ x _ y.data is base64 coding of r _ apdu, r _ apdu _ x _ y.mic is base64 coding of mic _ r, and the LoRa gateway does not analyze r _ apdu and mic _ r and only does base64 coding.

Mic is base64 encoding of mic _ gw, generated by the LoRa gateway:

cmac_gw＝

mic_gw＝cmac_gw[0..3]

the server receives a JSON object of 'r _ apdu _ x _ y' of the LoRa gateway PUSH _ DATA, performs base64 decoding firstly, and verifies the correctness of mic _ gw;

the encryption machine first generates mic _ rr with its own secret key, if mic _ rr is mic _ r, it indicates that received r _ apdu is correct, decrypts r _ apdu:

cmac_rr＝aes128_cmac(NwkSKey_Ny,r_apdu)

mic_rr＝cmac_rr[0..3]

x|z|R_APDU＝aes128_decrypt(AppSKey_Ny,r_apdu)

so far, the server receives the execution state R _ APDU reported by 8 nodes (nodes y 1-y 8) of the y-th group of LoRa nodes.

Example nine

An embodiment of the present invention provides a schematic diagram of parallel card writing in a GFSK (star-shaped mesh) mode, as shown in fig. 4, which is specifically described as follows:

the server encapsulates a "c _ apdu _ x" JSON object:

wherein x is a C _ APDU sequence number of 2 bytes, such as: c _ apdu _0001, c _ apdu _0100, etc.;

c _ APDU _ x.data is base64 code of C _ APDU + mic _ APDU, and C _ APDU is an APDU card writing data issued by the server to the LoRa node:

c_apdu＝aes128_encrypt(AppSKey_N,x|C_APDU)

cmac_apdu＝aes128_cmac(NwkSKey_N,c_apdu)

mic_apdu＝cmac_apdu[0..3]

MIC is the MIC base64 code:

cmac＝aes128_cmac(NwkSKey_W,“c_apdu_x”|c_apdu|mic_apdu)

MIC＝cmac[0..3]

and then verifying the correctness of the MIC, and if the MIC is correct, forwarding the base64 decoding of c _ apdu _ x.data to all LoRa nodes in a mode of sending by GFSK/505.3MHz/300kbps without analysis.

Example ten

In the embodiment of the present invention, a schematic diagram of a card writing state of an LoRa node group 1 is taken in parallel in a star network LoRa manner, as shown in fig. 5, which is specifically described as follows:

as for the previous example, the LoRa node receives the base64 decode of c _ apdu _ x.data issued by the LoRa gateway in the GFSK/505.3MHz/300kbps receiving manner, and verifies that the mic _ apdu:

cmac_ap＝aes128_cmac(NwkSKey_N,c_apdu)

mic_ap＝cmac_ap[0..3]

if mic _ ap is mic _ APDU, C _ APDU is valid, and C _ APDU is decrypted to obtain C _ APDU:

x|C_APDU＝aes128_decrypt(AppSKey_N,c_apdu)

and the LoRa node chip card read-write module sends the C _ APDU to the chip card to complete the card writing operation.

The 8 LoRa nodes (nodes 11-18) of the LoRa node group 1 respectively report the R _ APDU returned by the chip card to the server:

the SAM security module encrypts R _ APDU and generates mic _ R:

r_apdu＝aes128_encrypt(AppSKey_N1,x|y|R_APDU)

cmac_r＝aes128_cmac(NwkSKey_N1,r_apdu)

mic_r＝cmac_r[0..3]

y is a node number of 1 byte, and y is 11-18.

8 LoRa nodes (nodes 11-18) of LoRa node group 1 report r _ apdu + mic _ r to the LoRa gateway in the way of LoRa/frequency point y/BW125kHz/SF7 respectively.

The LoRa gateway receives R _ APDU reported by 8 LoRa nodes of the LoRa node group 1 in a way of parallel receiving of 8 paths of LoRa/frequency band 1/BW125kHz, and encapsulates the R _ APDU into an 'R _ APDU' JSON object:

wherein, r _ apdu _ x _01.data is base64 coding of r _ apdu, r _ apdu _ x _01.mic is base64 coding of mic _ r, and the LoRa gateway does not analyze r _ apdu and mic _ r and only does base64 coding.

r _ apdu _ x _01.MIC is base64 encoding of MIC _ gw, MIC _ gw is the MIC signature generated by the LoRa gateway:

cmac_gw＝

mic_gw＝cmac_gw[0..3]

the server receives a JSON object of 'r _ apdu _ x _ 01' of the LoRa gateway PUSH _ DATA, performs base64 decoding firstly, and verifies the correctness of mic _ gw;

cmac_rr＝aes128_cmac(NwkSKey_N1,r_apdu)

mic_rr＝cmac_rr[0..3]

x|y|R_APDU＝aes128_decrypt(AppSKey_N1,r_apdu)

so far, the server receives the execution state R _ APDU reported by 8 nodes in the LoRa node group 1.

EXAMPLE eleven

In the embodiment of the present invention, a schematic card writing state diagram of each LoRa node group (excluding LoRa node group 1) is taken in parallel in a star network LoRa manner, as shown in fig. 6, which is specifically described as follows:

the server prepares an R _ APDU response of a C _ APDU with the sequence number k of the LoRa node group x, and encapsulates a 'get _ y _ x' JSON object:

wherein, k is a C _ APDU serial number of 2 bytes, and x is a LoRa node group serial number (x is 02-08), such as: get _0001_02, c _ apdu _0100_08, etc.;

get _ k _ x.data base64 encoding which is get _ r _ apdu + mic _ get:

get_r_apdu＝aes128_encrypt(AppSKey_Nx,“get_”|k|“_”|x)

cmac_get＝aes128_cmac(NwkSKey_Nx,get_r_apdu)

mic_get＝cmac_get[0..3]

get _ k _ x.mic is the MIC base64 encoding:

cmac＝aes128_cmac(NwkSKey_W,“get_k_x”|get_r_apdu)

MIC＝cmac[0..3]

the LoRa gateway receives a JSON object of 'get _ k _ x' of the server PULL _ RESP, and performs base64 decoding firstly;

and then verifying the correctness of the MIC, if the MIC is correct, forwarding base64 decoding of get _ k _ x.data to a LoRa node group x in a manner of sending LoRa/center frequency x/BW500kHz/SF5 without parsing, wherein: the center frequency x is 500.3MHz + (x-1) × 200kHz, x is 2,3, 8.

The LoRa node group x receives base64 decoding of get _ k _ x.data, and verifies mic _ get:

cmac_get1＝aes128_cmac(NwkSKey_Nx,get_r_apdu)

mic_get1＝cmac_get1[0..3]

if mic _ get1 is mic _ get, get _ r _ apdu is valid, and decrypting get _ k _ x results in get _ command:

get_command＝aes128_decrypt(AppSKey_Nx,get_r_apdu)

8 nodes (nodes x 1-x 8) of the LoRa node group x respectively report R _ APDU returned by the chip card to a server:

the SAM security module encrypts R _ APDU and generates mic _ R:

r_apdu＝aes128_encrypt(AppSKey_Nx,k|y|R_APDU)

cmac_r＝aes128_cmac(NwkSKey_Nx,r_apdu)

mic_r＝cmac_r[0..3]

wherein k is the serial number of the C _ APDU of 2 bytes, such as 0001, 0100, etc.;

y is a node number of 1 byte, such as 21-28, 31-38.. 81-88, etc.

And (3) reporting r _ apdu + mic _ r to the LoRa gateway by 8 nodes (nodes x 1-x 8) of the LoRa node group x in a LoRa/frequency point xy/BW125kHz/SF7 mode respectively.

Wherein: frequency points xy are 470.3MHz + (x-1) × 1.6MHz + (y-1) × 200kHz, x is 2-8, and y is 1-8.

The LoRa gateway receives the card writing state returned by 8 LoRa nodes of the LoRa node group x in a way of receiving the LoRa/frequency band x/BW125kHz, and encapsulates the card writing state into a 'r _ apdu' JSON object:

wherein, r _ apdu _ k _ x.data is base64 coding of r _ apdu, r _ apdu _ k _ x.mic is base64 coding of mic _ r, and the LoRa gateway does not analyze r _ apdu and mic _ r and only does base64 coding.

MIC is base64 code for MIC _ gw, MIC _ gw is the MIC verification code generated by the LoRa gateway:

cmac_gw＝

mic_gw＝cmac_gw[0..3]

the server receives a JSON object of 'r _ apdu _ k _ x' of the LoRa gateway PUSH _ DATA, performs base64 decoding firstly, and verifies the correctness of the mic _ gw;

cmac_rr＝aes128_cmac(NwkSKey_Nx,r_apdu)

mic_rr＝cmac_rr[0..3]

k|y|R_APDU＝aes128_decrypt(AppSKey_Nx,r_apdu)

so far, the server receives the execution state R _ APDU reported by 8 nodes in the LoRa node group x.

Example twelve

In the embodiment of the present invention, a schematic diagram of a card writing state of each LoRa node group is serially taken in a manner of a star network LoRa, as shown in fig. 7, which is specifically described as follows:

as described in the above examples nine, ten and eleven:

firstly, the LoRa gateway sends a frame of APDU card writing data to all LoRa nodes in parallel in a GFSK/505.3MHz/300kbps sending mode;

after receiving APDU card writing data issued by the LoRa gateway in a GFSK/505.3MHz/300kbps receiving mode, the LoRa node starts card writing operation;

after card writing is finished, the LoRa node group 1 reports a card writing state to the LoRa gateway in a LoRa/frequency point 1y/BW125kHz/SF7 mode; wherein, frequency point 1y is 470.3MHz + (y-1) × 200kHz, and y is 1-8;

the LoRa gateway receives the card writing status reported by 8 nodes of the LoRa node group 1 in a manner of parallel receiving of 8 paths of LoRa/frequency band 1/BW125kHz (wherein the frequency band 1 supports frequency points 11 to 18).

Then, the LoRa gateway sends a command of writing card status to the node group 2 in a mode of sending LoRa/500.5MHz/BW500kHz/SF 5;

8 nodes of the node group 2 receive a card fetching and writing state instruction issued by an LoRa gateway in a manner of receiving LoRa/500.5MHz/BW500kHz/SF 5;

then, reporting the card writing state to an LoRa gateway by the LoRa node group 2 in a LoRa/frequency point 2y/BW125kHz/SF7 mode; wherein, the frequency point 2y is 471.9MHz + (y-1) 200kHz, and the y is 1-8;

the LoRa gateway receives the card writing status reported by 8 nodes of the LoRa node group 2 in a manner of parallel receiving of 8 paths of LoRa/frequency band 2/BW125kHz (wherein the frequency band 2 supports frequency points 21 to 28).

And the like in sequence until:

the LoRa gateway sends a card writing state fetching instruction to the node group 8 in a mode of sending LoRa/501.7MHz/BW500kHz/SF 5;

8 nodes of the node group 8 receive a card fetching and writing state instruction issued by an LoRa gateway in a manner of receiving LoRa/501.7MHz/BW500kHz/SF 5;

then 8 nodes (nodes 81-88) of the LoRa node group 8 report the card writing state to the LoRa gateway in a LoRa/frequency point 8y/BW125kHz/SF7 mode;

wherein, the frequency points 8y ═ 481.5MHz + (y-1) × 200kHz, y ═ 1-8;

the LoRa gateway receives the card writing status reported by 8 nodes of the LoRa node group 8 in a manner of parallel receiving of 8 channels of LoRa/band 8/BW125kHz 8 (wherein, the band 8 supports frequency point 81 to frequency point 88).

EXAMPLE thirteen

An internal frame diagram of SX1268 according to an embodiment of the present invention, as shown in fig. 8, is specifically described as follows:

SX1268 is an RF chip with a novel LoRa spread spectrum technology and is released by Semtech corporation, and has the advantages of low power consumption, large capacity, long transmission distance and strong anti-interference capability.

SX1268 is a low-if transceiver for half-duplex transmission. The received radio frequency signal is first amplified by a Low Noise Amplifier (LNA). The LNA input is single ended for ease of design and reduced use of external devices. The signal is then converted to differential form to improve second order linearity and harmonic rejection. The signal is then converted to an Intermediate Frequency (IF) to output in-phase and quadrature (I & Q) signals. Data conversion is then performed by a pair of Sigma-Delta analog-to-digital converters (ADCs), with all subsequent signal processing and demodulation being performed in the digital domain. The digital state machine also controls the functions of Automatic Frequency Correction (AFC), Received Signal Strength Indication (RSSI), and Automatic Gain Control (AGC), and plays an important role in the high level packet and protocol level functions of the Top Level Sequencer (TLS).

SX1268 transceivers primarily employ LoRa^TMAnd the remote modem has strong anti-interference performance. LoRa by Semtech^TMIn the patented modulation technology, SX1268 can obtain high sensitivity exceeding-148 dBm by adopting low-cost crystals and materials, and meanwhile, a Power Amplifier (PA) is integrated, and the maximum emission power of the PA can reach +22 dBm. The integration of high sensitivity with a +22dBm power amplifier brings its link budget to the industry lead level (170dB), making it the best choice for long-distance transmission and applications with very high reliability requirements. LoRa compared to conventional modulation techniques^TMThe modulation technology also has obvious advantages in the aspects of anti-blocking and selectivity, and solves the problem that the traditional scheme can not simultaneously considerDistance, interference immunity, and power consumption.

LoRa^TMThe modem employs spread spectrum modulation and forward error correction techniques. By adopting a spread spectrum technology and spreading a frequency spectrum, the wireless anti-interference capability is greatly improved.

SX1268 is also equipped with a high performance GFSK modem. Compared with similar devices, SX1268 also obviously optimizes various performances such as phase noise, selectivity, receiver linearity, third-order input intercept point (IIP3) and the like on the basis of greatly reducing current consumption, and further improves communication reliability. Another advantage of spread spectrum modulation is that each spreading factor is distributed orthogonally, so that multiple transmission signals can occupy the same channel without interfering with each other, and can simply coexist with existing GFSK-based systems.

Under LoRa modulation, SX1268 has spreading factor of 5-12, BW of 7.81-500kHz, and air rate of 0.018-62.5 kbps.

Under GFSK modulation, SX1268 has an air rate of 0.6-300 kbps.

Example fourteen

As shown in fig. 9, a functional block diagram of SX1301 parallel reception in the embodiment of the present invention is specifically described as follows:

the SX1301 chip is a baseband processor from Semtech corporation.

SX1301 is externally connected with 2SX 1255, SX1255 is a radio frequency front end chip which is responsible for converting I/Q (In-phase/Quadrature digital signal) into radio analog signal.

SX1301 is a complex of 2 MCUs and ASICs (application specific Integrated circuits), the main components including:

and (3) radio frequency MCU: the MCU is connected with 2SX 1255 chips through an SPI bus and is mainly responsible for real-time automatic gain control, radio frequency calibration and receiving and transmitting switching.

The data packet MCU: the MCU is responsible for assigning 8 LoRa modems to multiple channels, and its mechanisms for arbitrating packets include rate, channel, radio frequency, and signal strength.

LoRa channels of IF 0-IF 7: the bandwidths of the two channels are fixed at 125kHz, each channel can be provided with a central frequency, and each channel can receive 6 rates of LoRa signals from SF7 to SF 12.

IF8 channels: the bandwidth supports 125/250/500kHz and can be used for high-speed communication between gateways.

IF9 channels: and receiving and transmitting GFSK signals.

The IF0 of SX 1301-8 channels of IF7 set 8 central frequencies, but each channel can receive 6 LoRa signals of SF 7-SF 12, and the air transmission rate is 292bps-5.4 Kbps.

The 8 lanes of SX1301 can demodulate 8 LoRa packets simultaneously.

It has at least 3 advantages:

the LoRa node can be switched to any one of 8 frequencies, and the same frequency interference is effectively reduced

The LoRa node can use any one of 6 rates, and the LoRa gateway does not need to record the rate of the LoRa node, so that the LoRa node is simplified;

the LoRa gateway can realize antenna diversity and effectively improve multipath fading of the mobile LoRa nodes.

Example fifteen

In the embodiment of the invention, as shown in table 1,

table 1 wireless communication parameter configuration table

The concrete description is as follows:

a card manufacturing device comprises a plurality of LoRa nodes, generally 32 or 64;

it is numbered in groups of 8, called: node group 1 to node group 4 or node group 1 to node group 8;

each LoRa node is called: LoRa nodes 11-18, 21-28.. 81-88;

the central frequency point xy of the LoRa node xy is 470.3MHz + (x-1) × 1.6MHz + (y-1) × 200kHz, where: x is 1 to 4 or 1 to 8, and y is 1 to 8.

The frequency band x supports 8 frequency points from x1 to x8, wherein: x is 1 to 4 or 1 to 8.

And the LoRa gateway sends a card writing instruction to all the nodes in a GFSK/505.3MHz/300kbps sending mode.

The LoRa gateway sends a card writing state command to all node groups x in a mode of sending LoRa/center frequency x/BW500kHz/SF 5;

wherein: the center frequency x is 500.3MHz + (x-1) × 200kHz, and x is 2-4 or 2-8.

The LoRa node packets are sequentially sent to the LoRa gateway in a way of LoRa/frequency point xy/BW125kHz/SF7 to report the card writing state of the LoRa node packets;

wherein: frequency points xy are 470.3MHz + (x-1) × 1.6MHz + (y-1) × 200kHz, x is 1-4 or 1-8, and y is 1-8.

The uplink and downlink LoRa communication parameters between the LoRa gateway and the actuating mechanism component are as follows:

LoRa/490.3MHz/BW500kHz/SF5。

in the authentication stage, the uplink and downlink LoRa communication parameters between the LoRa gateway and the LoRa node are as follows:

LoRa/frequency point xy/BW500kHz/SF 5;

wherein: the frequency point xy is 470.3MHz + (x-1) 1.6MHz + (y-1) 200kHz,

x is 1 to 4 or 1 to 8, and y is 1 to 8.

Example sixteen

The key system of the embodiment of the present invention, as shown in table 2,

table 2 key hierarchy table

The concrete description is as follows:

key storage location in table:

"gateway" refers to SAM security module of the LoRa gateway;

"actuator component" refers to the SAM security module of the actuator component;

"node" refers to the SAM security module of the LoRa node.

The original keys AppKey _ x and NwkKey _ x are respectively stored in FLASH or EEPROM of the encryption machine and SAM security module in an encrypted manner and cannot be read;

the session keys AppSKey _ x and NwkSKey _ x are respectively stored in the RAM of the encryption machine and the SAM security module in an encrypted manner, and cannot be read and are lost in power failure.

AppSKey_x＝aes128_encrypt(AppKey_x,rnd)

NwkSKey_x＝aes128_encrypt(NwkKey_x,rnd)。

Example seventeen

The data encryption and MIC computation algorithm of the embodiment of the present invention, as shown in table 3,

TABLE 3 data encryption and MIC calculation algorithm

The concrete description is as follows:

all communication data transmission is in a mode of ciphertext plus consistency check code MIC, data are encrypted by using a corresponding application session key, and the algorithm is as follows:

Si＝aes128_encrypt(AppSKey,Ai)(i＝1..k)

S＝S1|S2|..|Sk

C＝M xor S

and then, carrying out MIC signature on the data ciphertext by using a corresponding network session key, wherein the algorithm is as follows:

cmac＝aes128_cmac(NwkSKey,B0|C)

MIC＝cmac[0..3]

the key usage is explained as follows:

for communication between the server and the actuator component, the application session key used for encryption of communication data is AppSKey _ D, and the network session key used for MIC signature is NwkSKey _ D. The LoRa gateway only transfers information but does not analyze the content of the information, and only adds an MIC signature for ensuring the integrity of the communication information between the server and the LoRa gateway, wherein the network session key of the MIC signature is NwkSKey _ W.

For communication between the server and the LoRa node, communication data encryption and MIC signature calculation are handled in the following cases:

mutual authentication between the server and the LoRa nodes is performed between the server and each LoRa node, and the communication key is a key of each LoRa node: the application session key is AppSKey _ nx, and the network session key is NwkSKey _ nx, wherein x is a LoRa node number, and x is 11-18 and 21-28.

The server issues the card writing data to the LoRa node, the card writing data is performed on all the nodes in parallel, the application session key is AppSKey _ N, and the network session key is NwkSKey _ N.

The server sends the card writing state to each group of LoRa nodes and reports the card writing state to the LoRa nodes, the card writing state is carried out in a grouping and parallel mode, the application session key is AppSKey _ Ny, the network session key is NwkSKey _ Ny, y is a LoRa node group number, and y is 1-8.

Similarly, in the communication between the server and the LoRa node, the LoRa gateway only performs information transfer without parsing the content of the information, and only adds an MIC signature for ensuring the integrity of the communication information between the server and the LoRa gateway, where the network session key of the MIC signature is NwkSKey _ W.

While the invention has been described with reference to specific embodiments thereof, it will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the spirit and scope of the invention as defined by the appended claims. What is not described in detail in the specification is prior art that is well known to those skilled in the art.

Claims

1. A chip card manufacturing method based on wireless communication technology and SAM technology is characterized in that: the method comprises the following steps:

an LoRa gateway is arranged between the server and the actuating mechanism component, and an LoRa node is arranged on the chip card read-write head; the server is transferred through an LoRa gateway and is communicated with the execution mechanism assembly in an LoRa mode; the server is transferred through the LoRa gateway and communicates with the LoRa nodes in a LoRa mode and a GFSK mode;

the communication between the server and the execution mechanism assembly is carried out in a mode of ciphertext + consistency check code MIC, and the ciphertext + consistency check code MIC is transferred through the LoRa gateway; the server sends the card writing data to the LoRa node in a mode of ciphertext + consistency check code MIC, and the card writing data are transferred through the LoRa gateway; communication between the server and the LoRa node is carried out in a mode of ciphertext + consistency check code MIC, and the communication is transferred through the LoRa gateway;

2. The method of claim 1, wherein: the method specifically comprises the following steps:

the LoRa gateway starts a parallel LoRa receiving function;

the LoRa gateway forwards the card writing state reported by the LoRa node group 2 to the server through the local area network; repeating the operations until the last LoRa node group 8 finishes reporting the card writing state to the server;

repeating the operations until all the card writing data are sent;

3. The method of claim 1, wherein: the server is internally provided with an encryption machine, and SAM security modules are arranged in the execution mechanism component, the LoRa gateway and the LoRa node; the encryptor is used for executing random number fetching operation and encryption/decryption operation of the server, and storing a secret key and a session secret key derived from the secret key; the SAM security module is used for random number fetching operation and encryption/decryption operation of the execution mechanism component, the LoRa gateway and the LoRa node, storing a key and a session key derived from the key, and specifically comprises the following steps:

the server and the LoRa gateway mutually authenticate identities; and deriving the key to obtain respective session key;

the server is transferred by the LoRa gateway and mutually authenticates the identity of each LoRa node in sequence; and each performs key derivation to obtain a respective session key.

4. The method of claim 3, wherein: the server and the LoRa gateway mutually authenticate identities; and deriving the key to obtain the respective session key, wherein the execution steps are as follows:

then verifying the correctness of a consistency check code MIC of the authen _ gw, and if the consistency check code MIC is correct, recognizing the legality of the server and the correctness of the authen _ gw.data, wherein the authen _ gw.data is an object data item of the authen _ gw;

the encryptor disperses AppKey _ W and NwkKey _ W respectively by using own rnd _ gw to obtain session keys AppSKey _ W and NwkSKey _ W;

5. The method of claim 3, wherein: the server is transferred by the LoRa gateway and mutually authenticated with the execution mechanism component; and respectively deriving a key to obtain respective session keys, wherein the execution steps specifically comprise:

the server host computer takes a random number rnd _ d of an execution mechanism component with 16 bytes from the encryption machine and encapsulates an authen _ device JSON object;

receiving a JSON object of 'authen _ device' of a server PULL _ RESP by the LoRa gateway, and decoding by base 64;

then verifying the correctness of a consistency check code MIC of the authen _ device, if the MIC is correct, forwarding a base64 decoding of authen _ device.data to an execution mechanism component in a LoRa mode without parsing, wherein the authen _ device.data is an object data item of the authen _ device;

the execution mechanism component receives the base64 decoding of authen _ device.data, and verifies the consistency check code mic _ d of the execution mechanism component data;

the SAM security module of the execution mechanism component respectively disperses an AppKey _ D and an NwkKey _ D by using an rnd _ D to obtain session keys AppSKey _ D and an NwkSKey _ D, wherein the AppKey _ D is an encryption key of the execution mechanism component, and the NwkKey _ D is an MIC key of the execution mechanism component;

the SAM security module encrypts the rnd _ d and generates a corresponding MIC;

the LoRa gateway encapsulates a 'resp _ device' JSON object;

respectively dispersing the AppKey _ D and the NwkKey _ D by using own rnd _ D to obtain session keys AppSKey _ D and NwkSKey _ D by the encryptor;

and then verifying the correctness of the mic _ dd and decrypting the srnd _ dd, and if the mic _ dd1 is mic _ dd and the rnd _ dd1 is rnd _ dd, the legitimacy of the executable mechanism component is determined, wherein the mic _ dd1 is mic _ dd, which represents that the calculated execution mechanism component consistency check code mic _ dd1 is consistent with the received execution mechanism component consistency check code mic _ dd, and the rnd _ dd1 is a random number obtained by decryption.

6. The method of claim 3, wherein: the server is transferred by the LoRa gateway and mutually authenticates identities of the LoRa nodes in sequence; and respectively deriving a key to obtain respective session keys, wherein the execution steps specifically comprise:

if mic _ n11 is mic _ n1 and mic _ n22 is mic _ n2, the legitimacy of the server is approved, srnd _ n1 and srnd _ n2 are valid, srnd _ n1 and srnd _ n2 are decrypted respectively to obtain rnd _ n1 and rnd _ n2, where mic _ n11 is a consistency check code calculated by the node11, mic _ n1 is a received consistency check code, mic _ n22 is a consistency check code calculated by the node11, mic _ n2 is a received consistency check code, and srnd _ n1 and srnd _ n2 are node random numbers;

the SAM security module encrypts rnd _ n1 and rnd _ n2 and generates mic _ n111 and mic _ n222, wherein mic _ n111 is a consistency check code corresponding to rnd _ n1, and mic _ n222 is a consistency check code corresponding to rnd _ n 2;

the LoRa node11 reports srnd _ n111+ mic _ n111+ srnd _ n222+ mic _ n222 to the LoRa gateway in an LoRa manner, wherein srnd _ n111 is a random number ciphertext obtained by the SAM security module encrypting rnd _ n1, and srnd _ n222 is a random number ciphertext obtained by the SAM security module encrypting rnd _ n 2;

the LoRa gateway encapsulates a 'resp _ node 11' JSON object;

the encryptor disperses AppKey _ N and NwkKey _ N with its own random number rnd _ N1 to obtain session keys AppSKey _ N and NwkSKey _ N, respectively:

and verifying the correctness of mic _ n111 and mic _ n222 and decrypting srnd _ n111 and srnd _ n222, and if mic _ n111 and mic _ n222 are correct, rnd _ n1111 ═ rnd _ n111 and rnd _ n2222 ═ rnd _ n222, the legitimacy of the LoRa node11 is approved, wherein rnd _ n1111 ═ rnd _ n111 indicates that the decrypted node random number rnd _ n1111 is consistent with the received node random number rnd _ n111, and rnd _ n2222 ═ rnd _ n222 indicates that the decrypted node random number rnd _ n2222 is consistent with the received node random number rnd _ n 222.

7. The method of claim 1, wherein: the communication between the server and the execution mechanism assembly is carried out in a mode of ciphertext + consistency check code MIC, and the ciphertext + consistency check code MIC is transferred through the LoRa gateway; the server sends the card writing data to the LoRa node in a mode of ciphertext + consistency check code MIC, and the card writing data is transferred through the LoRa gateway; the communication between the server and the LoRa node is carried out in a mode of ciphertext + consistency check code MIC, and is transferred through the LoRa gateway, and the method specifically comprises the following steps:

the LoRa node encrypts a write card state by using an application session key AppSKey to generate a write card state ciphertext, uses a network session key NwkSKey to perform MIC signature on the write card state ciphertext, transfers the write card state ciphertext and the MIC together through a LoRa gateway and reports the write card state ciphertext and the MIC to a server;

8. The method of claim 3, wherein:

in the system personalization stage, when the secret key is respectively led into the encryption machine and each SAM security module:

the derived session key within the encryptor includes: AppSKey _ W, NwkSKey _ W, AppSKey _ D, NwkSKey _ D, AppSKey _ N, NwkSKey _ N, AppSKey _ N1-AppSKey _ N8 and NwkSKey _ N1-NwkSKey _ N8;

session keys derived within the SAM security module of the LoRa gateway include: AppSKey _ W and NwkSKey _ W;

the session key derived within the SAM security module of the actuator component comprises: AppSKey _ D and NwkSKey _ D; session keys derived within the SAM security module of LoRa node x include: AppSKey _ N, NwkSKey _ N, AppSKey _ Nx and NwkSKey _ Nx.

9. The method of claim 1, wherein: the specific characteristics of the LoRa gateway are as follows:

the LoRa gateway communication module adopts an SX1301 chip of Semtech company;

the LoRa communication module adopts an SX1268 chip of Semtech company;

10. The method of claim 9, wherein: the communication characteristics and the execution steps of the communication characteristics between the LoRa gateway and the LoRa node are specifically as follows:

after receiving the card writing state ciphertext and the MIC verification code reported by 8 nodes of the LoRa node group 1, the LoRa gateway forwards the card writing state reported by the LoRa node group 1 to a server through a local area network in a TCP/IP or WiFi mode;

an ARM processor of the LoRa gateway informs a LoRa communication module based on an SX1268 chip of switching to a LoRa sending mode, and sends a card writing state command ciphertext and a consistency check code MIC to a LoRa node group 2;

switching an LoRa gateway communication module SX1301 of the LoRa gateway to an 8-path parallel LoRa receiving mode, and waiting for receiving a card writing state reported by the LoRa node group 2;

8 nodes of the LoRa node group 2 receive the card-fetching and writing state ciphertext and the MIC verification code issued by the LoRa gateway, verify the correctness and the integrity of the card-fetching and writing state ciphertext and decrypt the card-fetching and writing state ciphertext and the MIC verification code;

8 nodes of the LoRa node group 2 report a card writing state ciphertext and a consistency check code MIC to a LoRa gateway in a LoRa sending mode;

11. The method of claim 9, wherein: the server communicates with the execution mechanism assembly in an LoRa mode through the transfer of the LoRa gateway, and the execution steps specifically include:

12. The method of claim 9, wherein: the server communicates with the LoRa nodes in a LoRa mode and a GFSK mode through transfer of the LoRa gateway, and the execution steps specifically include:

writing card data into the LoRa node in a GFSK sending mode based on an SX1268 chip;

The LoRa gateway sends a card writing state fetching instruction to the LoRa node group 2 in a LoRa sending mode based on an SX1268 chip;

the LoRa gateway receives the card writing state reported by the LoRa node group 2 in an 8-channel parallel LoRa receiving mode based on an SX1301 chip;

13. The method of claim 2, wherein: the specific characteristics of the actuator assembly are:

and the execution mechanism component reports an execution state ciphertext and a one-time check code MIC to the LoRa gateway in a LoRa sending mode.

14. The method of claim 1 or 2, wherein: the specific characteristics of the LoRa node are as follows:

and the LoRa gateway sequentially receives the card writing state ciphertext and the consistency check code MIC reported by each LoRa node group in a grouping mode of 8-path parallel LoRa receiving based on an SX1301 chip.

15. The method of any one of claims 4, 5 or 7, wherein: LoRa communication between server and the actuating mechanism subassembly is with the mode of ciphertext + uniformity check code MIC to through the transfer of LoRa gateway, its execution step specifically is:

the server encapsulates a command _ device JSON object;

then verifying the correctness of a consistency check code MIC of the command _ device, if the MIC is correct, forwarding a base64 decoding of command _ device.data to an execution mechanism component in a LoRa way without analysis, wherein the command _ device.data is an object data item of the command _ device;

the execution mechanism component receives base64 decoding of command _ device.data and verifies mic _ d;

if the mic _ d1 is mic _ d, the COMMAND is valid, the COMMAND is decrypted to obtain a COMMAND code COMMAND, wherein the mic _ d1 is mic _ d, which indicates that the calculated consistency check code mic _ d1 is consistent with the received mic _ d, and the COMMAND is an instruction ciphertext sent to the execution mechanism component by the gateway server, namely, the COMMAND _ device.data base64 is decoded;

the execution mechanism component executes the action specified by the COMMAND code COMMAND and reports the executed STATUS code to the server;

the LoRa gateway encapsulates a 'status _ device' JSON object;

the encryption machine firstly generates a mic _ sta1 by using a key of the encryption machine, and if the mic _ sta1 is mic _ sta, the decryption STATUS obtains a state code STATUS, wherein the mic _ sta1 is a state code consistency check code generated by the key of the encryption machine, and the mic _ sta1 is mic _ sta which indicates that the state code consistency check code mic _ sta1 generated by the key of the encryption machine is consistent with the mic _ sta;

at this point, the server obtains the execution STATUS code STATUS reported by the execution mechanism component.

16. The method of any one of claims 4, 6 or 7, wherein: the server issues the mode that the card writing data to the LoRa node is ciphertext + consistency check code MIC, and the mode is transferred through the LoRa gateway, and the execution steps are as follows:

a server encapsulates a 'c _ apdu _ x' JSON object;

then verifying the correctness of the MIC, if the MIC is correct, forwarding decoded base64 of c _ apdu _ x.data to the LoRa node in a GFSK mode without parsing, wherein c _ apdu _ x.data is an object data item of c _ apdu _ x;

if mic _ ap is mic _ APDU, C _ APDU _ x is valid, and C _ APDU is obtained by decrypting C _ APDU _ x, wherein mic _ ap is a consistency check code obtained by calculation, mic _ APDU is a received consistency check code, and C _ APDU is a card writing instruction sent to the chip card by the server;

the LoRa gateway encapsulates R _ APDUs returned by 8 LoRa nodes in the LoRa node group 1 into a 'R _ APDU _ 1' JSON object;

the encryption machine firstly generates mic _ rr _1 by using a secret key of the encryption machine, if mic _ rr _1 is mic _ r _1, r _ apdu _1 is valid, and r _ apdu _1 is decrypted, wherein mic _ r _1 is a received response frame consistency check code;

17. The method of any one of claims 4, 6 or 7, wherein: the LoRa communication between server and the LoRa node is with the mode of ciphertext + uniformity check code MIC to through the transfer of LoRa gateway, its execution step specifically is:

the server prepares R _ APDU responses of 8 nodes of a LoRa node group y, and encapsulates a 'get _ y' JSON object, wherein y is 1-8;

the LoRa gateway receives a 'get _ y' JSON object of a server PULL _ RESP, and base64 decoding is firstly carried out;

then verifying the correctness of the MIC, if the MIC is correct, forwarding base64 decoding get _ y.data to a LoRa node group y in a LoRa way without parsing, wherein the get _ y.data is a data item of a get _ y object;

if mic _ get1_ y is mic _ get _ y, the object get _ y is valid, get _ y is decrypted to obtain a get _ command item of the object get _ y, wherein mic _ get1_ y is mic _ get _ y and means that the consistency check code mic _ get1_ y of the calculated object get _ y is consistent with the received consistency check code mic _ get _ y;

8 nodes of the LoRa node group y report R _ APDU returned by the chip card to the server respectively;

the LoRa gateway packages the return states of 8 nodes of 8 LoRa nodes of the y-th group into a 'r _ apdu _ x _ y' JSON object;

18. The method of claim 1, wherein: the chip card comprises a smart card, an electronic tag, an MCU and an M2M card.

19. A chip card system based on wireless communication technology, comprising:

20. The system of claim 19, wherein: the system comprises a plurality of LoRa nodes; every 8 LoRa nodes are a LoRa node group and report the card writing state in parallel.