CN109523277B - Product anti-counterfeiting electronic tag authentication method and system - Google Patents
Product anti-counterfeiting electronic tag authentication method and system Download PDFInfo
- Publication number
- CN109523277B CN109523277B CN201811383067.2A CN201811383067A CN109523277B CN 109523277 B CN109523277 B CN 109523277B CN 201811383067 A CN201811383067 A CN 201811383067A CN 109523277 B CN109523277 B CN 109523277B
- Authority
- CN
- China
- Prior art keywords
- authentication
- enterprise
- electronic tag
- data
- preset
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q30/00—Commerce
- G06Q30/018—Certifying business or products
- G06Q30/0185—Product, service or business identity fraud
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06K—GRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
- G06K17/00—Methods or arrangements for effecting co-operative working between equipments covered by two or more of main groups G06K1/00 - G06K15/00, e.g. automatic card files incorporating conveying and reading operations
- G06K17/0022—Methods or arrangements for effecting co-operative working between equipments covered by two or more of main groups G06K1/00 - G06K15/00, e.g. automatic card files incorporating conveying and reading operations arrangements or provisious for transferring data to distant stations, e.g. from a sensing device
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3297—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps
Abstract
The invention discloses a product anti-counterfeiting electronic tag authentication method and system. Based on the electronic tag, two authentication modes are provided, wherein one authentication mode is used for authentication through an enterprise terminal, and the other authentication mode is used for authentication through a alliance link platform; the two authentication approaches make use of different initial data. The electronic tag generates dynamic authentication data through non-contact communication and client authentication tool interaction, and different dynamic authentication data packets are output by the two authentication modes. The client authentication tool sends the dynamic authentication data packet to the alliance chain platform, and the alliance chain platform can trigger or start different authentication processes by distinguishing the dynamic authentication data. Through different authentication modes and different authentication processes, on the basis of fully utilizing the alliance chain platform, an appropriate authentication mode can be selected according to the enterprise or product authentication requirements, the enterprise presets the product in the electronic tag before leaving the factory, and the authentication is carried out by utilizing different authentication processes according to the preset authentication mode, so that the control of the product electronic tag authentication is realized, and meanwhile, the product anti-counterfeiting electronic tag authentication method and the system adaptability are improved.
Description
Technical Field
The invention relates to the field of product anti-counterfeiting electronic tag authentication, in particular to a product anti-counterfeiting electronic tag authentication method and system by combining a block chain and an electronic tag.
Background
Prevention of counterfeit or counterfeit (anti-counterfeiting) of products by appropriate means or means is an important means of modern product management and supply chain management. The anti-counterfeiting technology plays a key role in restraining counterfeit manufacturing, improving product credibility, ensuring enterprise benefits and maintaining market fairness.
Currently, the mainstream product anti-counterfeiting technology mainly comprises physical anti-counterfeiting and electronic tag anti-counterfeiting. The following is a brief introduction to the principles of these two anti-counterfeiting techniques and a simple analysis of the existing problems (vulnerabilities):
1. physical anti-counterfeiting
The physical anti-counterfeiting is characterized in that physical characteristics existing on the anti-counterfeiting label or physical characteristics specially arranged on the anti-counterfeiting label are used as anti-counterfeiting marks. When anti-counterfeiting authentication is carried out, the anti-counterfeiting mark on the anti-counterfeiting label is compared with a predetermined reference mark; if the anti-counterfeiting mark is consistent or matched with the reference mark, judging that the product attached with the anti-counterfeiting label is a genuine product; if the product is not counterfeit, the product attached with the anti-counterfeit label is judged to be counterfeit.
The uniqueness of the anti-counterfeiting mark can be realized by specially setting the physical characteristics of the anti-counterfeiting mark; by processing the physical characteristics of the anti-counterfeiting mark, the copying difficulty of the anti-counterfeiting mark can be increased, and the reliability of physical anti-counterfeiting is further realized.
At present, there are laser anti-counterfeiting, chemical ink anti-counterfeiting, texture anti-counterfeiting, invisible image anti-counterfeiting and other ways according to the different ways and methods for forming the anti-counterfeiting mark.
2. Electronic label anti-fake
The electronic tag anti-counterfeiting technology is provided with an electronic tag, and a two-dimensional code or other electronic data information is arranged on the electronic tag, wherein the electronic data information contains data related to a product. When in verification, the electronic data on the electronic tag is read and identified to obtain the related data of the product; then, transmitting the acquired data to a preset enterprise verification system; the enterprise verification system compares the received data with the stored product reference data, and distinguishes whether the product attached with the anti-counterfeiting label is a genuine product or a fake product according to the consistency or conformity of the comparison result.
Although the existing anti-counterfeiting technology can achieve the purpose of distinguishing genuine products or counterfeit products to a certain extent, with the development of the micro technology and the copying technology, the risk of copying exists.
With physical anti-counterfeiting methods, the possibility that physical features as anti-counterfeiting marks are copied is increasing. Counterfeiters can duplicate the anti-counterfeit labels with the same physical characteristics by known techniques and form counterfeit labels with the same physical characteristics. The counterfeit label is attached (pasted or attached in other ways) on the counterfeit, and the purpose of distinguishing the genuine goose from the wild goose cannot be achieved by the existing verification way.
For the electronic tag anti-counterfeiting method, a counterfeiter obtains a counterfeit tag consistent with a genuine electronic tag by means of photographing, copying or regenerating the electronic tag after reading data. On the basis of the counterfeit label, the counterfeit can be identified as the genuine product, and the purpose of distinguishing the genuine product from the wild goose product cannot be achieved.
Therefore, how to improve the reliability of anti-counterfeiting remains a technical problem to be solved by those skilled in the art.
Disclosure of Invention
The invention provides an innovative method and system for authenticating a product anti-counterfeiting electronic tag aiming at the pain point of the existing anti-counterfeiting technology, namely the product anti-counterfeiting electronic tag based on a block chain, an electronic tag and a cryptographic algorithm, and an authentication system and method thereof.
In the product anti-counterfeiting electronic tag authentication method provided by the invention, a product electronic tag to be verified comprises an authentication counter, and an electronic tag authentication key, an electronic tag private key, an electronic tag public key certificate and authentication initial data are preset, wherein the authentication initial data comprise an electronic tag identification number and an enterprise identification number; the electronic tag identification number and the enterprise identification number have uniqueness; the electronic tag public key certificate is obtained by signing an electronic tag public key by a preset enterprise private key, and the electronic tag public key and the electronic tag private key form an asymmetric key pair;
the product anti-counterfeiting electronic tag authentication method comprises the following steps:
s100, the electronic tag receives an authentication trigger message containing a timestamp and an authentication mode mark; enabling the authentication counter to generate an authentication sequence code, judging whether to perform alliance chain authentication according to the authentication mode mark, if so, entering step S120, and if not, entering step S110;
s110, encrypting the dynamic authentication data by using the electronic tag authentication key to generate a reference authentication code; the dynamic authentication data comprises an authentication mode mark, an electronic tag identification number, an enterprise identification number, a timestamp and an authentication sequence code; forming a first dynamic authentication data packet based on the dynamic authentication data and the reference authentication code; then transmitting the first dynamic authentication data packet to a client authentication tool; then, the process goes to step S130;
s120, signing the dynamic authentication data by using the electronic tag private key; the dynamic authentication data comprises an authentication mode mark, an electronic tag identification number, an enterprise identification number, a timestamp and an authentication sequence code; forming a second dynamic authentication data packet based on the dynamic authentication data, the signature data and the electronic tag public key certificate; then transmitting the second dynamic authentication data packet to a client authentication tool; then, the process goes to step S130;
s130, after receiving the first dynamic authentication data packet or the second dynamic authentication data packet, the client authentication tool transmits the client identification signature data and the received first dynamic authentication data packet or the received second dynamic authentication data packet to a predetermined alliance link node of a predetermined alliance link platform; the client identification data comprises a client identification number and a client authentication serial number;
s140, the preset alliance link node judges the type of the dynamic authentication data according to a preset strategy; if the dynamic authentication data packet is the first dynamic authentication data packet, step S310 is entered; if the dynamic authentication data packet is the second dynamic authentication data packet, step S210 is entered;
s310, inquiring a preset enterprise reference information database according to the authentication initial data, and judging whether the authentication initial data is legal or not according to a preset strategy; if yes, go to step S320;
s320, forwarding the first dynamic authentication data packet and the received client identification data to a preset enterprise authentication end by a preset alliance link node;
s330, a preset enterprise authentication end acquires an electronic tag identification number according to dynamic authentication data in a first dynamic authentication data packet, performs key dispersion operation on the electronic tag identification number by using a preset electronic tag authentication master key to acquire an electronic tag authentication key, and encrypts the dynamic authentication data by using the electronic tag authentication key to acquire a calibration authentication code; and then carrying out data verification to obtain an enterprise end verification result: then forming an enterprise end anti-counterfeiting authentication data packet and sending the enterprise end anti-counterfeiting authentication data packet to a predetermined alliance link node of a predetermined alliance link platform; the enterprise-side anti-counterfeiting authentication data packet comprises the received client-side identification data, an enterprise-side verification result and signature data obtained by signing the enterprise-side verification result by the enterprise authentication side by using a preset private key;
the data verification comprises at least one of the following:
(a) comparing whether the reference authentication code is consistent with the calibration authentication code;
(b) verifying whether the timestamp is within a predetermined time range;
(c) judging whether the value of the authentication counter is legal or not;
s340, after the preset alliance link point of the alliance link platform receives the enterprise terminal anti-counterfeiting authentication data packet, verifying the signature data by using a preset public key; if the verification is passed, signing the enterprise terminal verification result and the client terminal identification data by using a preset private key, storing the signature data and the enterprise terminal verification result into an alliance chain anti-counterfeiting authentication data packet, sending the alliance chain anti-counterfeiting authentication data packet to a client terminal authentication tool, and entering the step S400;
s210, verifying a preset enterprise public key certificate by using a preset alliance chain platform public key by a preset alliance chain link point to obtain an enterprise public key; then, the enterprise public key is used for verifying the electronic tag public key certificate to obtain an electronic tag public key; then, the electronic tag public key is used for verifying the dynamic authentication data signature in the second dynamic authentication data packet, judging whether the timestamp is legal or not, and obtaining a verification result; the federation chain platform public key and the federation chain platform private key form an asymmetric key pair; the enterprise public key certificate is obtained by signing a preset enterprise public key with the alliance chain platform private key, and the enterprise public key and the enterprise private key form an asymmetric key pair;
s220, the alliance link node performs data signature on the verification result and the client identification data by using a preset private key to obtain signature data, and stores the signature data and the corresponding verification result data into a preset alliance chain anti-counterfeiting authentication data packet;
s230, judging whether the alliance link points forming signature data in the alliance chain anti-counterfeiting authentication data packet meet a preset requirement or not; if not, go to step S240; if yes, sending the anti-counterfeiting authentication data packet of the alliance chain to a client authentication tool, and entering the step S400;
s240, the alliance node sends the second dynamic authentication data packet, the client identification data, and the alliance chain anti-counterfeit authentication data packet to another predetermined alliance chain node, and the another predetermined alliance chain node performs steps S210, S220, and S230;
and S400, the client authentication tool verifies the signature data in the anti-counterfeiting authentication data packet of the alliance chain by using a preset public key and outputs a verification result.
In the authentication method for the anti-counterfeiting electronic tag of the product, two authentication methods are provided, wherein the first authentication method comprises the following steps: s100, S110, S130, S140, S310 to S340 and S400. The second authentication method includes the steps of: s100, S120, S130, S140, S210 to S240, and S400. For the first authentication mode, the principle of encrypting dynamic data by using a symmetric key is utilized, keys are respectively arranged at the electronic tag and the enterprise authentication end, the data transmission safety is ensured through the alliance link platform, and the electronic tag can be better authenticated. For using the second authentication method, the timestamp in the dynamic authentication data packet sent by the electronic tag may be used to determine whether the dynamic authentication data packet before the current authentication is reused. The electronic tag identification number is used for uniquely representing the electronic tag, so that the possibility of cloning the electronic tag is reduced. The dynamic authentication data is signed by using the electronic tag private key to generate signature data of the dynamic authentication data, and the signature data is verified in the alliance chain node through the electronic tag public key, so that the authenticity of the electronic tag can be ensured.
In a further technical solution, the step S340 specifically includes the following steps:
s341, after receiving the enterprise-end anti-counterfeiting authentication data packet, the preset coalition link node of the coalition link platform verifies the signature data in the enterprise-end anti-counterfeiting authentication data packet by using a preset public key; if the verification is passed, signing the enterprise terminal verification and the client identification data by using a preset private key, storing the signature data and the enterprise terminal verification result into an alliance chain anti-counterfeiting authentication data packet, and entering step S342;
s342, judging whether the alliance link nodes forming the signature data in the alliance link anti-counterfeiting authentication data packet meet the preset requirements or not by using preset alliance link nodes; if not, go to step S343; if yes, go to step S344;
s343, the predetermined alliance link node sends the enterprise-side anti-counterfeit authentication data packet, the alliance link anti-counterfeit authentication data packet, and the received client identifier signature data to another predetermined alliance link node, and the another predetermined alliance link node executes steps S341 and S342;
and S344, sending the anti-counterfeiting authentication data packet of the alliance chain to a client authentication tool.
In a further optional technical solution, in the step S342 and the step S230, it is determined whether a federation link node forming the signature data in the federation chain anti-counterfeit authentication data packet meets a predetermined requirement, specifically one of the following:
(1) judging whether the number of the alliance chain nodes forming the signature data reaches a preset number;
(2) determining whether federation chain nodes forming the signature data include predetermined federation chain nodes.
In a further optional technical solution, the enterprise benchmark information database includes an enterprise identification number;
in step S310, determining validity of the authentication initial data according to a predetermined policy, specifically including querying a corresponding enterprise identification number in the enterprise reference information database; and if the authentication initial data is inquired, judging that the authentication initial data is legal.
In a further technical scheme, the enterprise benchmark information database further comprises a preset attribute of the electronic tag identification number stored corresponding to the enterprise identification number;
in the step S310, the method for determining the validity of the authentication initial data according to the predetermined policy specifically includes determining a predetermined attribute of the electronic tag identification number stored in the enterprise reference information database based on the enterprise identification number, and determining whether the electronic tag identification number satisfies the predetermined attribute, if so, determining that the authentication initial data is valid.
In a further technical scheme, the electronic tag identification number is a product number, and the predetermined attribute of the electronic tag identification number is an electronic tag identification number range parameter;
in step S310, it is determined whether the electronic tag identification number in the authentication initial data satisfies the predetermined attribute, specifically, whether the product number satisfies the electronic tag identification number range parameter is determined.
The invention provides a product anti-counterfeiting electronic tag authentication system, which comprises a client authentication tool, an alliance chain platform and an enterprise authentication end:
the client authentication tool is provided with a processor, an output module and a communication module; the processor is suitable for sending the authentication trigger message to a preset electronic tag through the communication module, forwarding a first dynamic authentication data packet or a second dynamic authentication data packet output by the electronic tag to a preset alliance link node of the alliance link platform through the communication module, and sending client identification data to the preset alliance link node of the alliance link platform; the system is also suitable for verifying signature data in a alliance chain anti-counterfeiting verification data packet by using a preset public key after the communication module acquires a fed-back alliance chain anti-counterfeiting verification data packet from a preset alliance chain link point of the alliance chain platform, and outputting a verification result through the output module; the first dynamic authentication data packet comprises dynamic authentication data and a reference authentication code, and the dynamic authentication data comprises an authentication mode mark, an electronic tag identification number, an enterprise identification number, a timestamp and an authentication sequence code; the reference authentication code is generated by encrypting the dynamic authentication data by a preset electronic tag authentication key; the second dynamic authentication data packet comprises dynamic authentication data, signature data and an electronic tag public key certificate; the dynamic authentication data comprises an authentication mode mark, an electronic tag identification number, an enterprise identification number, a timestamp and an authentication sequence code; the signature data is generated by signing the dynamic authentication data by using an electronic tag private key;
the alliance link platform comprises a plurality of alliance link nodes which are in communication connection; at least part of the alliance link nodes are provided with a storage module, a guide module, a preliminary authentication program, a signature verification program and a signature verification authentication program;
the storage module stores a preset enterprise reference information database, a preset alliance chain platform public key and an enterprise public key certificate; the enterprise public key certificate is obtained by signing a preset enterprise public key by a preset alliance chain platform private key, the enterprise public key and the enterprise private key form an asymmetric key pair, and the alliance chain platform public key and the alliance chain platform private key form an asymmetric key pair;
the guide module is used for judging the type of the received dynamic authentication data packet according to a preset strategy; if the dynamic authentication data packet is the first dynamic authentication data packet, triggering a preliminary authentication program; if the dynamic authentication data packet is a second dynamic authentication data packet, triggering a signature verification authentication program;
the preliminary authentication procedure is adapted to be executed by the processor as follows: inquiring a preset enterprise reference information database according to the authentication initial data, and judging whether the authentication initial data is legal or not according to a preset strategy; and if so, forwarding the first dynamic authentication data packet and the received client identification data to a preset enterprise authentication terminal.
The verification signature program is adapted to be executed by a processor to: after receiving the enterprise terminal anti-counterfeiting authentication data packet fed back by the enterprise authentication terminal, verifying the signature data by using a preset public key; if the verification is passed, signing the enterprise terminal verification result and the client terminal identification data by using a preset private key, storing the signature data and the enterprise terminal verification result into an alliance chain anti-counterfeiting authentication data packet, and sending the alliance chain anti-counterfeiting authentication data packet to a client terminal authentication tool;
the signature verification authentication program is suitable for being executed by a processor to execute the following instructions: verifying an enterprise public key certificate by using the preset public key of the alliance chain platform to obtain an enterprise public key; then, the enterprise public key is used for verifying the electronic tag public key certificate to obtain an electronic tag public key; then, the electronic tag public key is used for verifying the dynamic authentication data signature in the second dynamic authentication data packet, judging whether the timestamp is legal or not, and obtaining a verification result; the authentication server is also used for carrying out data signature on the authentication result and the client identification data by using a preset private key to obtain signature data, and storing the signature data and the corresponding authentication result data into a preset alliance chain anti-counterfeiting authentication data packet; the anti-counterfeiting authentication method is also used for judging whether the coalition link nodes forming the signature data in the coalition chain anti-counterfeiting authentication data packet meet the preset requirements or not; if not, the second dynamic authentication data packet, the client identification signature data and the alliance chain anti-counterfeiting authentication data packet are sent to another preset alliance chain node; if so, sending the anti-counterfeiting authentication data packet of the alliance chain to a client verification tool;
the enterprise authentication terminal comprises an enterprise terminal storage module and a data authentication program;
the enterprise terminal storage module prestores the electronic tag authentication master key corresponding to the authentication initial data;
the data authentication program is adapted to be executed by a processor to: acquiring an electronic tag identification number according to the received dynamic authentication data in the first dynamic authentication data packet, performing key dispersion calculation on the electronic tag identification number by using a pre-stored electronic tag authentication master key to obtain an electronic tag authentication key, and encrypting the dynamic authentication data by using the electronic tag authentication key to obtain a calibration authentication code; and then carrying out data verification to obtain an enterprise end verification result: then forming an enterprise end anti-counterfeiting authentication data packet and sending the enterprise end anti-counterfeiting authentication data packet to a predetermined alliance link node of a predetermined alliance link platform; the enterprise-side anti-counterfeiting authentication data packet comprises the received client-side identification data, an enterprise-side verification result and signature data obtained by signing the enterprise-side verification result by the enterprise authentication side by using a preset private key; the data validation includes at least one of:
(a) comparing whether the reference authentication code is consistent with the calibration authentication code;
(b) verifying whether the timestamp is within a predetermined time range;
(c) and judging whether the value of the authentication counter is legal or not.
In a further optional technical scheme, the signature verification program determines whether a federation link node forming signature data in a federation chain anti-counterfeiting authentication data packet meets a predetermined requirement, specifically:
judging whether the number of the alliance chain nodes forming the signature data reaches a preset number;
alternatively, it is determined whether the federation chain nodes forming signature data include predetermined federation chain nodes.
In a further alternative, the verification signature program is further adapted to be executed by the processor with the following instructions: after receiving the enterprise-side anti-counterfeiting authentication data packet, verifying the signature data of the enterprise-side anti-counterfeiting authentication data packet by using a preset public key; if the verification is passed, signing the enterprise terminal verification result and the client terminal identification data by using a preset private key, storing the signature data and the enterprise terminal verification result data into an alliance chain anti-counterfeiting authentication data packet, and further judging whether the alliance chain node forming the signature data meets a preset requirement; if so, feeding back the anti-counterfeiting authentication data packet of the alliance chain to the client authentication tool according to a preset strategy; and if not, sending the anti-counterfeiting authentication data packet of the alliance chain and the anti-counterfeiting authentication data packet of the enterprise terminal to a preset alliance chain node according to a preset strategy.
In a further optional technical solution, the enterprise benchmark information database includes a plurality of enterprise identification numbers and predetermined attributes of electronic tag identification numbers stored corresponding to the enterprise identification numbers;
the preliminary authentication program is executed by a processor to judge and judge whether the authentication initial data is legal according to a preset strategy, and specifically comprises the steps of inquiring a corresponding enterprise identification number in the enterprise reference information database; if the enterprise identification number is found, determining a preset attribute of the electronic tag identification number which is correspondingly stored in the enterprise reference information database based on the enterprise identification number, judging whether the electronic tag identification number in the authentication initial data meets the preset attribute, and if so, judging that the authentication initial data is legal.
Drawings
Fig. 1 is an overall flowchart of a product anti-counterfeit electronic tag authentication method according to an embodiment of the present invention;
fig. 2 is a flowchart of a method for authenticating an anti-counterfeit electronic tag of a product when the first electronic tag is utilized according to a second embodiment of the present invention.
Fig. 3 is a logic block diagram of a product anti-counterfeit electronic tag authentication system according to an embodiment of the present invention.
Detailed Description
The present invention will be described in further detail with reference to the accompanying drawings, but the present invention is not limited to the specific embodiments.
In this document, the "uniqueness" is uniqueness in a corresponding authentication system or in an authentication method process.
Please refer to fig. 1, which is a flowchart illustrating a method for authenticating an anti-counterfeit electronic tag of a product according to an embodiment of the present invention.
In order to implement the above method for authenticating the anti-counterfeit electronic tag of the product, the electronic tag may be set on the product to be verified. The electronic tag may be attached to the product to be authenticated in a suitable manner, such as to the product itself to be authenticated, to the packaging of the product to be authenticated, or to other accompanying items of the product to be authenticated.
In order to adapt to different authentication modes, the electronic tag presets a proper device and presets proper data. In the embodiment of the invention, the electronic tag can be authenticated through an enterprise authentication end and transmits data through an alliance chain so as to ensure the authentication safety and ensure the data transmission safety; the data can also be authenticated by using the alliance chain; for convenience of description, the former is referred to as a first authentication method; the latter is called the second authentication mode.
In order to apply the two verification modes, the electronic tag is provided with an authentication counter, and an electronic tag authentication key, an electronic tag private key, an electronic tag public key certificate and authentication initial data are preset, wherein the authentication initial data comprise an electronic tag identification number and an enterprise identification number; the electronic tag identification number and the enterprise identification number have uniqueness, and the electronic tag identification number and a product can have a one-to-one correspondence relationship. The electronic tag public key certificate is obtained by signing an electronic tag public key by a preset enterprise private key, and the electronic tag public key and the electronic tag private key form an asymmetric key pair. Enterprise custom data (product name, product number, product expiration date, product status information and batch number, etc.) may of course be included; the authentication counter is used for generating an authentication sequence code, the initial value of the authentication sequence code can be set to 0, and 1 is added every time authentication is performed.
In one embodiment, the electronic tag identification number may be a production number of the product.
Of course, in order to ensure the security of the key data in the electronic tag, the data can be set to only participate in the related encryption calculation, and cannot be read and acquired by the outside; in order to ensure the security of the authentication initial data in the electronic tag and prevent the authentication initial data from being randomly tampered, the authentication initial data can be set as read-only data; certainly, in order to update the convenience of other authentication initial data except the key data, a readable and writable mode can be set, and corresponding technical measures can be set according to a known mode to ensure that the writing and updating authorities are legal.
Based on the electronic tag, the method for authenticating the anti-counterfeit electronic tag of the product provided by the embodiment of the invention can comprise the following steps:
s100, the electronic tag receives an authentication trigger message containing a timestamp and an authentication mode mark; and enabling the authentication counter to generate an authentication sequence code, judging whether to perform alliance chain authentication according to the authentication mode mark, if so, entering the step S120, and if not, entering the step S110.
The electronic tag can perform data interaction with a client authentication tool to receive an authentication trigger message; the authentication trigger message content may include a timestamp and an authentication mode flag bit; the timestamp is the current time of the client authentication tool, and can be accurate to seconds. The specific identifier of the authentication mode flag bit may be used to inform the electronic tag of the mode of starting authentication, and may be a coded identifier or a mark determined according to a predetermined rule.
The authentication trigger message not only contains the timestamp message, but also can contain other specific messages which are generated by the client authentication tool according to the needs and sent to the electronic tag; of course, the authentication trigger message may be sent by other devices.
And if the electronic tag attached to the product to be authenticated judges whether to perform alliance chain authentication according to the authentication mode mark. Specifically, whether the authentication mode flag of the authentication flag bit represents the first authentication mode flag may be determined, and if yes, the electronic tag may trigger a corresponding mechanism according to the dynamic authentication data of the authentication trigger message, and then step S120 is performed; if not, the corresponding mechanism is triggered, and the process proceeds to step S110.
S110, encrypting the dynamic authentication data by using the electronic tag authentication key to generate a reference authentication code; the dynamic authentication data comprises an authentication mode mark, an electronic tag identification number, an enterprise identification number, a timestamp and an authentication sequence code; forming a first dynamic authentication data packet based on the dynamic authentication data and the reference authentication code; then transmitting the first dynamic authentication data packet to a client authentication tool; and then proceeds to step S130.
Namely, the dynamic authentication data is encrypted by using the electronic tag authentication key to generate a reference authentication code. Wherein, the dynamic authentication data can contain necessary data and optional data. The optional data can comprise an authentication mode mark, an electronic tag identification number, an enterprise identification number, a timestamp and an authentication sequence code, and the optional data can be enterprise self-defined data (batch number and the like). And forms corresponding dynamic authentication data, i.e. a first dynamic authentication data packet. In this embodiment, the first dynamic authentication data includes dynamic authentication data and a reference authentication code. The first dynamic authentication packet is then transmitted to the client authentication tool, which processes it as per step S130.
S120, signing the dynamic authentication data by using the electronic tag private key; the dynamic authentication data comprises an authentication mode mark, an electronic tag identification number, an enterprise identification number, a timestamp and an authentication sequence code; forming a second dynamic authentication data packet based on the dynamic authentication data, the signature data and the electronic tag public key certificate; then transmitting the second dynamic authentication data packet to a client authentication tool; and then proceeds to step S130.
Namely, the electronic tag can form dynamic authentication data according to the authentication trigger message, and the electronic tag private key is used for signing the dynamic authentication data to generate signature data. Similarly, the dynamic authentication data may include optional data and optional data, where the optional data is an authentication mode flag, an electronic tag identification number, an enterprise identification number, a timestamp, and an authentication sequence code. The optional data is enterprise custom data (batch number, etc.). Then, corresponding dynamic authentication data, i.e., a second dynamic authentication packet, is formed. The second dynamic authentication data packet comprises dynamic authentication data, signature data and an electronic tag public key certificate. The second dynamic authentication data packet is then transmitted to the client authentication tool. The data is further processed by the client authentication tool.
S130, after receiving the first dynamic authentication data packet or the second dynamic authentication data packet, the client authentication tool transmits the client identification data and the received first dynamic authentication data packet or the received second dynamic authentication data packet to a predetermined alliance link node of a predetermined alliance link platform; the client identification data may include a client identification number and a client authentication serial number.
Namely, after receiving the dynamic authentication data packet (the first dynamic authentication data packet or the second dynamic authentication data packet), the client authentication tool transmits the client identification data and the received first dynamic authentication data packet or the received second dynamic authentication data packet to the predetermined alliance link platform. The client identification data may include a client identification number and a client authentication serial number. The client authentication serial number is dynamic data and uniquely represents the current authentication of the client, and the client authentication serial number can be increased by 1 every time the client performs authentication.
The client authentication tool can be a special device, a general device installed with proper software or programs, and can also be a mobile phone installed with proper APP. The client authentication tool and the electronic tag can communicate with each other in a known manner, send an authentication trigger message, and read authentication initial data in a non-contact manner, such as in an NFC (Near Field Communication) or RFID (Radio Frequency Identification) manner.
Different authentication modes generate different dynamic authentication data packets. And the dynamic authentication data packet is forwarded to the preset alliance link node through the client authentication tool. It can be understood that, in order to ensure the safety and integrity of data transmission, data transmission may process data according to a predetermined policy and protocol.
S140, the predetermined alliance link node judges the type of the dynamic authentication data packet according to a predetermined strategy; if the dynamic authentication data packet is the first dynamic authentication data packet, step S310 is entered; if the dynamic authentication packet is the second dynamic authentication packet, step S210 is entered. That is, the received data is analyzed to determine the difference of the dynamic authentication initial data packets, and then different authentication steps and processes are started by distinguishing the difference of the authentication data.
Specifically, it may be verified whether the first dynamic authentication packet is the first dynamic authentication packet, if yes, step S310 is performed; if not, the process proceeds to step S210. Of course, the distinction can also be made in the opposite way.
S310, the preset alliance link node inquires a preset enterprise reference information database according to the authentication initial data and judges whether the authentication initial data is legal or not according to a preset strategy; if yes, go to step S320;
the specific alliance link point for receiving data can be determined according to a predetermined strategy or manner, for example, the specific alliance link point can be received by a main node of a current consensus period of an alliance link platform, and data can be transmitted to a predetermined alliance link node according to a predetermined sequence; the alliance link node for receiving data can be selected according to the attributes (equipment type, position and APP number) of the uploading equipment; and appropriate devices can be arranged in the alliance chain platform, and appropriate alliance chain nodes are selected for alliance chain node states according to a preset strategy to receive data.
In this embodiment, a federation chain node a is taken as an example for explanation. It should be noted that, in the implementation process of a product anti-counterfeit electronic tag authentication method, data processing may be performed by one alliance link node, or may be performed by different alliance link nodes, and this section is not described in a distinguishing manner.
In order to ensure the successful implementation of the authentication method for the anti-counterfeit electronic tag of the product in the first embodiment, basic data needs to be preset in at least part of the alliance link nodes of the alliance link platform. The federation link node a may preset a corresponding unit, software, or instruction set to identify data of the first dynamic authentication data packet, and determine whether the authentication initial data is legitimate according to a predetermined policy. In this embodiment, an enterprise of a product to be verified may register at a corresponding portal of the federation chain platform, and upload corresponding enterprise information. After the verification is carried out through a preset mechanism of the alliance chain platform, the corresponding enterprises can upload enterprise codes or other data corresponding to enterprise identification numbers and electronic tag identification numbers, and the corresponding data are synchronized in the corresponding alliance chain nodes according to a preset consensus mechanism in a plurality of alliance chain nodes according to the known block chain technology to form an enterprise reference information database; the enterprise benchmark information databases (including complete enterprise data or enterprise data summaries) of a plurality of enterprises are stored in a block form and form a block data chain so as to provide a data basis for further data processing of corresponding alliance chain nodes.
In this step, after identifying and authenticating the enterprise identification number in the initial data, the federation chain node a may judge, according to a predetermined policy, whether the enterprise identification number is legal by querying a preset enterprise reference information database, that is, whether the enterprise identification number belongs to an enterprise product registered and approved on the federation chain platform, and perform preliminary verification. The predetermined policy may be selected according to actual needs, such as whether the format of the enterprise identification number is the same as or consistent with a format predetermined by the federation chain platform, whether the enterprise identification number includes a particular message field, and so forth.
In this embodiment, in step S310, the federation link node a may query the corresponding enterprise identification number in the enterprise reference information database; if the enterprise identification number is found to be legal, judging that the enterprise identification number is legal, namely the authentication initial data is legal; if the product to be verified is not the product which can be verified by the alliance chain platform, the product production enterprise can be judged to be illegal, the enterprise is not registered on the alliance chain platform and passes the verification, an illegal prompt is directly fed back, and a verifier is warned that the product to be verified is not the product which can be verified by the alliance chain platform. This allows on the one hand to commit verification efficiencies and on the other hand to avoid redundant processes.
In the embodiment of the invention, the alliance chain platform is not only used for verifying the authenticity of a certain enterprise product, but also used for verifying the authenticity of a plurality of enterprise products; therefore, the enterprise reference information database of the corresponding alliance link node can store enterprise identification numbers or other authentication initial data of a plurality of enterprises in parallel.
In the alliance link node A, through the verification of the enterprise identification number, only the enterprise to which the product to be verified belongs is proved to be a registered user of the alliance link platform, and the product to be verified can not be proved to be a genuine product or a genuine product; therefore, it is necessary to further verify whether the electronic tag identification number is legitimate.
In this embodiment, the enterprise reference information database of the federation link node a may further include a predetermined attribute of the electronic tag identification number stored in correspondence with the enterprise identification number. In this way, in step S310, the federation link node a may further determine, based on the enterprise identification number, a predetermined attribute of the electronic tag identification number stored correspondingly in the enterprise reference information database, and determine whether the electronic tag identification number in the authentication initial data satisfies the predetermined attribute, and if so, determine that the electronic tag identification number is legal.
Of course, the predetermined attribute of the electronic tag identification number may be selected according to actual conditions, and may be a predetermined field format and specific data of the predetermined field, or may be a length, a format, and the like. In this embodiment, the electronic tag identification number is a product number; the predetermined attribute of the electronic tag identification number can be an electronic tag identification number range parameter, namely, a corresponding enterprise can upload a product electronic tag identification number range to the alliance chain platform; when the electronic tag identification number is judged to be legal, whether the electronic tag identification number in the authentication initial data is in the range of the uploaded electronic tag identification number can be judged. The uploaded electronic tag identification number range parameters are 13456-34568. If the electronic tag identification number in the authentication initial data is within the range, the electronic tag identification number can be judged to be legal; otherwise, it is illegal.
If the electronic tag identification number is judged to be illegal, illegal prompt can be directly fed back to warn a verifier that the product to be verified belongs to a counterfeit product.
And if the electronic tag identification number is judged to be legal, forwarding the dynamic authentication data to a preset enterprise authentication terminal according to a preset strategy, and entering the step S330. The address of the enterprise authentication end can be obtained according to known technology, for example, the address of the enterprise authentication end corresponding to the enterprise identification number can be prestored in a preset database, the address of the enterprise authentication end is searched according to the enterprise identification number, and the received dynamic authentication data is forwarded to the corresponding enterprise authentication end; the address of the enterprise authentication end can be used as an enterprise identification number, and further, the address of the enterprise authentication end can be determined according to the enterprise identification number.
And S320, forwarding the first dynamic authentication data packet and the received client identification data to a preset enterprise authentication terminal by a preset alliance link node.
After the link is verified preliminarily through the preset alliance link, the alliance link point is forwarded to the enterprise authentication end, and the preset enterprise authentication end carries out further verification. And forwards the client identification data received from the client authentication tool to the appropriate client authentication side.
S330, a preset enterprise authentication end acquires an electronic tag identification number according to dynamic authentication data in a first dynamic authentication data packet, performs key dispersion operation on the electronic tag identification number by using a preset electronic tag authentication master key to acquire an electronic tag authentication key, and encrypts the dynamic authentication data by using the electronic tag authentication key to acquire a calibration authentication code; and then carrying out data verification to obtain an enterprise end verification result: then forming an enterprise end anti-counterfeiting authentication data packet and sending the enterprise end anti-counterfeiting authentication data packet to a predetermined alliance link node of a predetermined alliance link platform; the enterprise-side anti-counterfeiting authentication data packet comprises the received client-side identification data, an enterprise-side verification result and signature data obtained by signing the enterprise-side verification result by the enterprise authentication side by using a preset private key.
Wherein, the data verification in this step may include at least one of the following:
(a) comparing whether the reference authentication code is consistent with the calibration authentication code;
(b) verifying whether the timestamp is within a predetermined time range;
(c) it is determined whether the value of the authentication counter (i.e., the authentication sequence code) is legitimate. The method specifically comprises the following steps: and whether the value of the authentication counter is larger than that of the last authentication counter or not is judged, and a corresponding enterprise terminal verification result electronic tag identification number is obtained.
The enterprise authentication end can be controlled by a product production enterprise, stores the electronic tag authentication master key, and performs key dispersion operation on the electronic tag identification number by using the electronic tag authentication master key to obtain the electronic tag authentication key. If the dynamic authentication data come from genuine products and are not illegally tampered, the data of the first dynamic authentication data packet should be the same; the same encryption key is used for encryption calculation, the obtained authentication codes are the same, therefore, by comparing the difference between the calibration authentication code and the reference authentication code, the enterprise end verification result can be obtained, the authentication of the electronic tag can be realized, and the authenticity of the product can be further identified.
Of course, other product information in the dynamic authentication data can be checked to strengthen the authentication of the electronic tag.
Then, the enterprise authentication end can utilize a preset private key to sign the verification result of the enterprise end to obtain signature data. And packaging the received client identification data, signature data and enterprise end verification results to form the enterprise end anti-counterfeiting authentication data packet. And sending the anti-counterfeiting authentication data packet of the enterprise terminal to a predetermined alliance link node of a predetermined alliance link platform.
Of course, the enterprise-side anti-counterfeit authentication data packet may contain other data, such as verification history data (past verification time, location, manner, and other information), an electronic tag identification number, and so on. The enterprise-side anti-counterfeiting authentication data packet comprises an electronic tag identification number, so that convenience can be provided for outputting a verification result.
Of course, if the verification fails, the enterprise certification authority may perform corresponding operations, such as marking, recording or sending a prompt, so as to be known by the staff of the enterprise certification authority.
S340, after the preset alliance link point of the alliance link platform receives the enterprise terminal anti-counterfeiting authentication data packet, verifying the signature data by using a preset public key; if the verification is passed, signing the enterprise terminal verification result and the client terminal identification data by using a preset private key, storing the signature data and the enterprise terminal verification result into an alliance chain anti-counterfeiting authentication data packet, sending the alliance chain anti-counterfeiting authentication data packet to a client terminal authentication tool, and entering step S400.
Under the condition of failure of verification, the enterprise-side anti-counterfeiting authentication data packet is possibly forged and falsified, and the enterprise authentication side is also possibly an illegal enterprise authentication side; at this time, an illegal prompt may be fed back, and of course, other corresponding processing or operation may also be performed, such as sending an error message to the enterprise authentication end, and requesting the enterprise authentication end to perform confirmation or other corresponding operation.
It can be understood that signature verification operation of a predetermined alliance chain node (such as an alliance chain node B) of an alliance chain platform (the preset public key can be used for verifying signature data in the alliance chain anti-counterfeiting authentication data packet and verifying the authenticity of the signature data in the anti-counterfeiting authentication data packet, if the verification is passed, a preset private key is used for signing an enterprise terminal verification result and client identification data, formed signature data is stored in the alliance chain anti-counterfeiting authentication data packet, and the alliance chain anti-counterfeiting authentication data packet is provided with a plurality of signature data) can improve the security of the alliance chain anti-counterfeiting authentication data packet and avoid or reduce hijack, forgery and falsification of the alliance chain anti-counterfeiting authentication data packet. Certainly, the enterprise public key preset by the federation chain node and the private key signed by the corresponding enterprise authentication end may form an asymmetric key pair, and the asymmetric key pair may be generated when the enterprise registers in the federation chain platform, or may be automatically generated or periodically updated according to a predetermined mechanism.
And S400, the client authentication tool verifies the signature data of the anti-counterfeiting authentication data packet of the alliance chain by using a preset public key and outputs a verification result.
After receiving the fed-back alliance chain anti-counterfeiting authentication data packet, the client authentication tool can verify the signature data of the alliance chain anti-counterfeiting authentication data packet by using a preset public key and output a verification result in a proper mode, so that a verifier can obtain the verification result.
Of course, appropriate data, such as self-stored client identification data, may be invoked to verify that the client identification data is legitimate.
Corresponding to the manner of forming the signature data, the following may be specifically mentioned:
(1) the client authentication tool recovers the signature data in the anti-counterfeiting authentication data packet of the alliance chain by using a prestored public key of the alliance chain node to obtain a hash value of the data;
(2) and the client verification tool carries out Hash operation on the client identification data and the verification result in the anti-counterfeiting authentication data packet of the alliance chain to obtain a Hash value, the Hash value is compared with the recovered Hash value, if the Hash value is the same with the recovered Hash value, the verification is passed, otherwise, the verification fails, and then the verification result is output.
This step may be performed at a suitable terminal, such as may be performed on a cell phone with a suitable APP installed. Of course, there may be more than one predetermined public key to verify with the signature of the federation chain node an asymmetric key pair formed with the encrypted private key on the predetermined federation chain node. These asymmetric key pairs may be generated in advance according to a predetermined policy, or may be automatically generated according to a predetermined mechanism or periodically updated. By using the product anti-counterfeiting electronic tag authentication method, the authenticity of the electronic tag can be ensured in multiple modes. If a counterfeiter forges authentication initial data such as a production enterprise or an electronic tag identification number, counterfeit goods and genuine goods can be preliminarily distinguished through the validity judgment of the enterprise identification number and the validity judgment of the electronic tag identification number, and the enterprise authentication end compares a calibration authentication code with a reference authentication code, so that the counterfeit goods and the genuine goods can be perfectly distinguished; if the counterfeiter forges the enterprise authentication end, the authentication of the alliance chain platform cannot be passed; if the real electronic tag is attached to the counterfeit, the warning that the product to be verified may be the counterfeit can be output through verification history data in the verification result (the enterprise authentication end stores visa history of the same electronic tag and includes the verification history data in the verification result). Therefore, the anti-counterfeiting reliability can be improved by using the product anti-counterfeiting electronic tag authentication method.
The above procedures and processes require the establishment of a special enterprise authentication end, and for enterprises without an enterprise authentication end, authentication can be performed through the following steps.
S210, verifying a preset enterprise public key certificate by using a preset alliance chain platform public key by a preset alliance chain link point to obtain an enterprise public key; then, the enterprise public key is used for verifying the electronic tag public key certificate to obtain an electronic tag public key; then, the electronic tag public key is used for verifying the dynamic authentication data signature in the second dynamic authentication data packet, and whether the time stamp is legal or not is judged (specifically, whether the time stamp is in a preset time range with the current time as a base point or not is judged), and a verification result is obtained; the federation chain platform public key and the federation chain platform private key form an asymmetric key pair; the enterprise public key certificate is obtained by signing a preset enterprise public key with the alliance chain platform private key, and the enterprise public key and the enterprise private key form an asymmetric key pair;
the federation chain node A can decrypt the enterprise public key certificate by using the federation chain platform public key to obtain the enterprise public key. Then, the obtained enterprise public key is used for decrypting the electronic tag public key certificate to obtain an electronic tag public key; and then, the electronic tag public key is used for verifying the dynamic authentication data signature in the dynamic authentication data packet, and a preset verification result is obtained based on the dynamic authentication data. By utilizing the mutual nesting of the alliance chain platform key, the enterprise key and the electronic tag key, the verification process and the data safety can be ensured.
In the embodiment of the invention, the electronic tag public key can confirm the authenticity and the integrity of the dynamic authentication data by verifying the authenticity of the dynamic authentication data signature, and further determine the authenticity of the electronic tag and the product to be authenticated based on the dynamic authentication data.
From the above description, it may be determined that the verification result may include the following:
(1) whether the enterprise public key certificate is correct:
(2) whether the electronic tag public key certificate is correct or not;
(3) whether the dynamic authentication data signature is authentic;
(4) whether the dynamic authentication data is authentic.
Of course, in the above processes, if the verification fails in any process, it indicates that the product to be verified has a problem; of course, the reason for the verification failure may be determined to be different according to the verification failure in different stages. If the enterprise public key certificate cannot be decrypted, the product is proved to be related to the enterprise and has problems; if the electronic tag public key certificate is decrypted unsuccessfully, the electronic tag is possibly problematic; if the signature verification of the dynamic authentication data fails, namely the signature of the dynamic authentication data is false, or the dynamic authentication data is not real or incomplete, the dynamic authentication data is possible to be tampered or distorted.
It should be noted that: before the embodiment is implemented, an enterprise of a product to be verified may register in advance at a corresponding portal of the federation chain platform, and upload corresponding enterprise information. After the verification is carried out through a preset mechanism of the alliance chain platform, the corresponding enterprise can upload a preset enterprise public key, and during or after the uploading process, a preset alliance chain platform private key is used for signing the preset enterprise public key to obtain an enterprise public key certificate. Namely, the alliance chain platform is used as a key certification authority to sign the enterprise public key, and a corresponding public key certificate is obtained. The enterprise public key certificate or other enterprise related information can synchronize corresponding data in corresponding alliance link nodes according to a preset consensus mechanism in the alliance link nodes according to a known block link technology, and a data premise is provided for anti-counterfeiting authentication. The enterprise benchmark information bases of a plurality of enterprises are stored in a block form and form a block data chain so as to provide a data basis for further data processing of corresponding alliance chain nodes.
The federation chain platform public key (including the corresponding private key) may be a public key unified by the platform and stored in each federation chain node, or may be a public key corresponding to different federation chain nodes. When the public key of the alliance chain platform is the public key corresponding to different alliance chain nodes, the public key of each alliance chain node can be stored in each alliance chain node, an index is distributed to the public key of each alliance chain node, and the enterprise identification number corresponds to the index; therefore, after receiving the corresponding data, the corresponding federation link platform public key can be inquired and determined according to the enterprise identification number, and the enterprise public key certificate is verified by using the public key to obtain the enterprise public key.
And S220, the alliance link node performs data signature on the verification result and the client identification data by using a preset private key to obtain signature data, and stores the signature data and the corresponding verification result data into a preset alliance chain anti-counterfeiting authentication data packet.
The verification result and the client identification data are signed by using the private key of the alliance chain node A, the authenticity of the verification result of the alliance chain node A can be ensured, and the signature data and the corresponding verification result data are stored in a preset alliance chain anti-counterfeiting authentication data packet for verification.
S230, judging whether the alliance link points forming signature data in the alliance chain anti-counterfeiting authentication data packet meet a preset requirement or not; if not, go to step S240; if yes, the anti-counterfeiting authentication data packet of the alliance chain is sent to a client authentication tool, and the step S400 is entered.
In an embodiment of the present invention, it is determined whether the federation chain nodes forming the signature data meet a predetermined requirement, specifically, it is determined whether the federation chain nodes forming the signature data reach a predetermined number. Specifically, pointer data N may be embedded in message data including a verification result, and each time a verification signature of one federation chain node passes, N is equal to N + 1; and the predetermined number is preset to M (M is not less than 2). When judging whether the number of the alliance chain nodes signed on the verification result reaches a preset number, judging whether N is larger than or equal to M; when N is larger than or equal to M, judging that the coalition link points signed on the verification result reach a preset number, and executing a step S400; and when N is less than M, judging that the federation link points signed for the verification result do not reach the predetermined number, and proceeding to step S240.
In another embodiment of the present invention, it may be further determined whether the federation chain node that generates signature data includes a predetermined federation chain node. The predetermined alliance link point can be an alliance link node designated by a corresponding enterprise of the product, or an alliance link node determined by an alliance link platform according to a predetermined strategy. Therefore, the authentication of the alliance link node can be terminated after the preset specific alliance link node signs the authentication result by utilizing the difference of the alliance link node authority in the alliance link platform, and the anti-counterfeiting authentication efficiency can be improved while the anti-counterfeiting authentication reliability is ensured.
It can be understood that, in determining whether the federation link node verifying and signing the product dynamic authentication data meets the predetermined requirement, the predetermined policy and the specific conditions met, those skilled in the art may select the federation link node according to actual needs.
S240, the alliance node sends the second dynamic authentication data packet, the client identification data, and the alliance chain anti-counterfeit authentication data packet to another predetermined alliance chain node, and the another predetermined alliance chain node performs steps S210, S220, and S230.
Namely, when the data signature on the verification result does not meet the preset requirement, the alliance chain node A sends the received dynamic authentication data packet, the client identification data and the alliance chain anti-counterfeiting authentication data packet to the alliance chain node B. And the alliance chain node B executes the steps S210, S220 and S230 again, and repeats the steps and the process until the alliance chain node which verifies and signs the initial data of the product meets the preset requirement, and the step S400 is entered.
And S400, the client authentication tool verifies the signature data in the anti-counterfeiting authentication data packet of the alliance chain by using a preset public key and outputs a verification result. The steps are described above and will not be described again.
In the alliance chain platform, the alliance chain node which performs signature finally can send an alliance chain anti-counterfeiting authentication data packet (including a plurality of alliance chain node signature data and corresponding verification result data) stored in the alliance chain node to a client authentication tool. The client authentication tool presets public keys of corresponding alliance link nodes (in order to ensure that the verification is smooth, the client authentication tool presets public keys of all alliance link nodes), so that the public keys of the alliance link nodes are used for verifying the authenticity of the signature data in the anti-counterfeiting authentication data packet.
Through verification, if the signature data are all true, the integrity and the authenticity of the verification result data can be judged; the authenticity of the signature data generated by the plurality of alliance chain nodes and the authenticity of the corresponding verification result data can be respectively judged, and then the consistency of the plurality of verification results is judged.
In this embodiment, the signature data of any federation link node, the corresponding verification result data, and the client identification data are considered to be authentication failure if they cannot pass verification, and authentication is considered to be successful only if all signature data and corresponding verification result data pass verification.
Of course, according to the above description, the verification result generated based on each federation link point may include a variety of information, and in this step, the authentication result of the output electronic tag may also be selected according to actual needs.
Through the process, each enterprise can select a proper authentication process according to the needs of the enterprise, and certainly, the proper authentication process can also be selected according to different products. For example, a powerful enterprise may establish an enterprise authentication end by itself to implement control of product electronic tag authentication.
In another embodiment of the invention, a federation chain platform is used to certify products produced by a plurality of enterprises; at this time, each federation chain node stores information about multiple enterprises, such as enterprise public key certificates for the multiple enterprises. In this case, the electronic tag identification number may be made to include enterprise identification data, such as a predetermined field of the electronic tag identification number as the enterprise identification number; it is also possible to make the authentication initial data include the enterprise identification data even if the enterprise identification number is stored in parallel with the electronic tag identification number. Correspondingly, in the alliance chain platform, enterprise identification data is preset in corresponding alliance chain nodes, and the enterprise identification data and corresponding enterprise public key certificates are correspondingly stored (namely, an index relation between enterprise identifications and electronic tag identification numbers is set). In this way, in step S210, the federation link point may further query and obtain an enterprise public key certificate according to the enterprise identification data; and then, decrypting the enterprise public key certificate by using the public key of the alliance chain platform to obtain the enterprise public key, and implementing other contents.
Please refer to fig. 2, which is a flowchart of a method for authenticating an electronic anti-counterfeit tag according to a second embodiment of the present invention, wherein the flowchart is directed to a case where the authentication method is a first authentication method.
Compared with the first embodiment, the step S340 further includes the following steps:
s341, after receiving the enterprise-end anti-counterfeiting authentication data packet, the preset coalition link node of the coalition link platform verifies the signature data in the enterprise-end anti-counterfeiting authentication data packet by using a preset public key; if the verification is passed, signing the enterprise terminal verification result and the client terminal identification data by using a preset private key, storing the signature data and the enterprise terminal verification result into an alliance chain anti-counterfeiting authentication data packet, and entering step S342.
S342, judging whether the alliance link nodes forming the signature data in the alliance link anti-counterfeiting authentication data packet meet the preset requirements or not by using preset alliance link nodes; if not, go to step S343; if so, the process proceeds to step S344.
S343, the predetermined alliance link node sends the alliance link anti-counterfeit authentication data packet and the enterprise-side anti-counterfeit authentication data packet to another predetermined alliance link node, and the another predetermined alliance link node executes step S341 and step S342; and signing again to form signature data, storing the signature data into the alliance chain anti-counterfeiting authentication data packet, and updating the data of the alliance chain anti-counterfeiting authentication data packet.
And repeating the steps until the coalition link points verified and signed by the coalition chain anti-counterfeiting authentication data packet meet the preset requirement, and entering the step S344.
And S344, sending the anti-counterfeiting authentication data packet of the alliance chain to a client authentication tool.
In this embodiment, it is determined whether the federation chain nodes forming the signature data meet the predetermined requirement, specifically, it may be determined whether the federation chain nodes forming the signature data reach a predetermined number. Namely, the verification result of the enterprise end passes through the verification signature of how many federation chain nodes. If the number of the alliance chain nodes passing the verification signature reaches a preset number, the possibility that the alliance chain anti-counterfeiting authentication data packet (such as an enterprise end verification result) is tampered is lower, the alliance chain anti-counterfeiting authentication data packet can have higher credibility, and the advantages of an alliance chain platform are played.
The determination of whether the federation chain nodes forming signature data have reached a predetermined number may be made in a known manner. In this embodiment, pointer data N may be embedded in message data including an anti-counterfeit authentication data packet, and N is equal to N +1 through each verification signature of one federation link node; and the predetermined number is preset to M (M is not less than 2). When judging whether the number of the alliance chain nodes forming the signature data reaches a preset number, judging whether N is larger than or equal to M; when N is equal to or greater than M, determining that the union link points forming the signature data reach a predetermined number, and executing step S344; when N is smaller than M, it is determined that the coalition link points forming the signature data do not reach the predetermined number, and step S343 is executed. The steps may be similar to step S230.
Similarly, the number of federation chain nodes forming signature data can be determined according to the characteristics (such as the number of signatures of federation chain nodes) of data transmitted between federation chain nodes, and then whether a predetermined number of federation chain nodes carry out verification signatures is judged.
By using the above steps S341 and S342, if a certain alliance link point in the alliance link platform is tampered with an alliance link anti-counterfeit authentication data packet (such as an enterprise end authentication result), which may result in that other alliance link points participating in the authentication cannot complete the authentication signature operation, at this time, the alliance link platform returns an illegal information prompt to remind the user that the information is suspicious, and further, the authentication effect can be ensured by using the product anti-counterfeit electronic tag authentication method.
Of course, it is determined whether the federation chain nodes forming the signature data meet the predetermined requirement, and other predetermined policies may also be adopted, such as: a particular (location, level, or predetermined) federation chain node may be set on the federation chain platform and step S344 may be performed only after passing the verification signature of that particular federation chain node. It is to be understood that the predetermined federation chain node may be a federation chain node designated for a product enterprise, or may be a federation chain node specifically provided at a higher level, or may be a federation chain node randomly selected according to a predetermined mechanism. The mechanism can also ensure the authenticity of the verification result and improve the reliability of the product anti-counterfeiting electronic tag authentication.
On the basis of providing the product anti-counterfeiting electronic tag authentication method, the embodiment of the invention also provides a product anti-counterfeiting electronic tag authentication system. For convenience of description, the embodiment of the product anti-counterfeiting electronic tag authentication system is described in combination with an electronic tag.
Please refer to fig. 3, which is a logic block diagram of an electronic product anti-counterfeit tag authentication system according to an embodiment of the present invention.
The product anti-counterfeiting electronic tag authentication system comprises a client authentication tool, a alliance chain platform and an enterprise authentication end.
The corresponding electronic tag may comprise a memory unit, a communication unit, a counter and a processing unit. The communication unit can be used for outputting or receiving communication data; the counter may be used to generate an authentication sequence code from instructions of the processing unit. The electronic tag can be provided with a power supply module to provide electric energy for electronic tag data processing, and the power supply module can be respectively electrically connected with the storage unit, the communication unit, the counter and the processing unit. The electronic tag may implement steps S100, S110, and S120 in the above method, and the specific implementation process is not described again.
The client authentication tool is provided with a processor, an output module and a communication module; the processor is suitable for sending the authentication trigger message to a preset electronic tag through the communication module, acquiring a first dynamic authentication data packet or a second dynamic authentication data packet from the electronic tag through the communication module, forwarding the first dynamic authentication data packet or the second dynamic authentication data packet to a preset alliance link node of the alliance link platform, and sending client identification data to the preset alliance link node of the alliance link platform; and the system is also suitable for verifying the signature data in the alliance chain anti-counterfeiting authentication data packet by using a preset public key after the communication module acquires the fed-back alliance chain anti-counterfeiting authentication data packet from a preset alliance chain link point of the alliance chain platform, and outputting a verification result through the output module.
Corresponding to the above description of the method, the first dynamic authentication data packet may include a reference authentication code and dynamic authentication data, the dynamic authentication data may include optional data and optional data, the optional data may be an authentication mode flag, an electronic tag identification number, an enterprise identification number, a timestamp, and an authentication sequence code, and the optional data may be enterprise custom data (batch number, etc.). The reference authentication code is generated by encrypting dynamic authentication data with a predetermined electronic tag authentication key.
The second dynamic authentication data packet comprises an electronic tag public key certificate, dynamic authentication data and dynamic authentication data signature data; the dynamic authentication data can also comprise optional data and optional data, the optional data is an authentication mode mark, an electronic tag identification number, an enterprise identification number, a timestamp and an authentication sequence code, and the optional data is enterprise self-defined data (batch number and the like). The dynamic authentication data signature data is generated by signing dynamic authentication data by using the electronic tag private key.
The client authentication tool can be a special device, a general device installed with proper software or programs, and can also be a mobile phone installed with proper APP. When the product anti-counterfeit electronic tag authentication operation is performed, the client authentication tool may be configured to send an authentication trigger message to the electronic tag, and may forward the received dynamic authentication packet to a predetermined alliance link node of a predetermined alliance link platform, and the working manner of the client authentication tool is not described in detail.
The electronic tag and the client authentication tool should be matched with each other for data interaction. Such as electronic tags may include RFID tags; the RFID tag may include a circuit unit that presets the authentication initial data and an antenna unit. The communication module of the client authentication tool can comprise a reading circuit unit and a reading antenna unit; when the reading antenna unit is coupled with the antenna unit of the RFID tag, the client authentication tool may obtain a corresponding dynamic authentication data packet, or send an authentication trigger message.
The alliance link platform can comprise a plurality of alliance link nodes which are connected in a communication mode, and at least part of the alliance link nodes are provided with a storage module, a guide module, a preliminary authentication program, a signature verification program and a signature verification authentication program and are used for carrying out preliminary authentication, signature verification and signature verification authentication.
The storage module stores a preset enterprise reference information database, a preset alliance chain platform public key and an enterprise public key certificate; the enterprise public key certificate is obtained by signing a preset enterprise public key by a preset alliance chain platform private key, the enterprise public key and the enterprise private key form an asymmetric key pair, and the alliance chain platform public key and the alliance chain platform private key form an asymmetric key pair. These data may be stored in blocks corresponding to the respective business or product category.
The guiding module can be used for judging the type of the received dynamic authentication data packet according to a preset strategy; if the dynamic authentication data packet is the first dynamic authentication data packet, triggering a preliminary authentication program; and if the dynamic authentication data packet is the second dynamic authentication data packet, triggering a signature verification authentication program. The above step S140 is mainly performed.
The preliminary authentication procedure is adapted to be executed by the processor as follows: inquiring a preset enterprise reference information database according to the authentication initial data, and judging whether the authentication initial data is legal or not according to a preset strategy; and if so, forwarding the client identification data and the first dynamic authentication data packet to a predetermined enterprise authentication terminal. That is, step S310 in the above-mentioned product anti-counterfeit electronic tag authentication method is executed, which is not described in detail again.
The verification signature program is adapted to be executed by a processor to: after receiving the enterprise terminal anti-counterfeiting authentication data packet fed back by the enterprise authentication terminal, verifying the signature data by using a preset public key; if the verification is passed, signing the enterprise terminal verification result and the client terminal identification data by using a preset private key to obtain signature data, storing the signature data and the corresponding enterprise terminal verification result data into a preset alliance chain anti-counterfeiting authentication data packet, and sending the alliance chain anti-counterfeiting authentication data packet to a client terminal authentication tool. That is, step S340 in the above method for authenticating an anti-counterfeit electronic tag of a product is executed, which is not described in detail herein.
The signature verification authentication program is suitable for being executed by a processor to execute the following instructions: verifying an enterprise public key certificate by using the preset public key of the alliance chain platform to obtain an enterprise public key; then, the enterprise public key is used for verifying the electronic tag public key certificate to obtain an electronic tag public key; then, the electronic tag public key is used for verifying the dynamic authentication data signature in the second dynamic authentication data packet, judging whether the timestamp is legal or not, and obtaining a verification result; the client side is also used for carrying out data signature on the verification result and the client side identification data by using a preset private key, judging whether the timestamp is legal or not, obtaining signature data and storing the signature data and the corresponding verification result data into a preset alliance chain anti-counterfeiting authentication data packet; the anti-counterfeiting authentication method is also used for judging whether the coalition link nodes forming the signature data in the coalition chain anti-counterfeiting authentication data packet meet the preset requirements or not; if not, the second dynamic authentication data packet, the client identification signature data and the alliance chain anti-counterfeiting authentication data packet are sent to another preset alliance chain node; and if so, sending the anti-counterfeiting authentication data packet of the alliance chain to a client verification tool. That is, the processes of steps S210 to 240 in the above method for authenticating an anti-counterfeit electronic tag are executed, and details are not repeated.
According to the above description, it can be understood that any federation chain node can be preset with a storage module, a guidance module, a preliminary authentication program, a signature verification program and a signature verification program.
The enterprise authentication end can be controlled or held by a production enterprise of a corresponding product and used as the enterprise authentication end to ensure that the corresponding enterprise controls the authentication data. The enterprise authentication end can comprise an enterprise storage module and a data authentication program.
The enterprise-side storage module may pre-store the electronic tag authentication master key corresponding to the authentication initial data, so as to perform key dispersion calculation based on the authentication initial data to obtain the electronic tag authentication key.
The data authentication program is adapted to be executed by a processor to: acquiring an electronic tag identification number according to the received dynamic authentication data in the first dynamic authentication data packet, performing key dispersion calculation on the electronic tag identification number by using a pre-stored electronic tag authentication master key to obtain an electronic tag authentication key, and encrypting the dynamic authentication data by using the electronic tag authentication key to obtain a calibration authentication code; and then carrying out data verification to obtain an enterprise end verification result: then forming an enterprise end anti-counterfeiting authentication data packet and sending the enterprise end anti-counterfeiting authentication data packet to a predetermined alliance link node of a predetermined alliance link platform; the enterprise-side anti-counterfeiting authentication data packet comprises the received client-side identification data, an enterprise-side verification result and signature data obtained by signing the enterprise-side verification result by the enterprise authentication side by using a preset private key.
The data verification comprises at least one of the following:
(a) comparing whether the reference authentication code is consistent with the calibration authentication code;
(b) verifying whether the timestamp is within a predetermined time range;
(c) and judging whether the value of the authentication counter is legal or not.
That is, step S330 in the method for authenticating an anti-counterfeit electronic tag of a product may be executed, which is not described in detail herein.
Of course, the enterprise certification terminal may include a corresponding wireless or wired communication module to perform data transmission with the alliance-link platform.
Corresponding to the above two embodiments of the method for authenticating an anti-counterfeit electronic tag of a product, in the system for authenticating an anti-counterfeit electronic tag of a product provided by the present invention, further, in the alliance link node, the verification signature program may be adapted to be executed by the processor as follows: after receiving the enterprise-side anti-counterfeiting authentication data packet, verifying the signature data of the enterprise-side anti-counterfeiting authentication data packet by using a preset public key; if the verification is passed, signing the enterprise terminal verification result and the client terminal identification data by using a preset private key, and storing the signature data and the corresponding enterprise terminal verification result data into a preset alliance chain anti-counterfeiting authentication data packet; further judging whether the alliance link nodes forming the signature data meet preset requirements or not; if so, feeding back the anti-counterfeiting authentication data packet of the alliance chain to the client authentication tool according to a preset strategy; if not, the enterprise end anti-counterfeiting authentication data packet and the alliance chain anti-counterfeiting authentication data packet are sent to a preset alliance chain node according to a preset strategy, and the alliance chain anti-counterfeiting authentication data packet is updated by the preset alliance chain node. When the product electronic tag authentication operation is performed, the verification signature program mainly executes steps S341 to S344 in the product electronic tag authentication method, and the working method thereof is not described again. The signature verification and authentication program can also execute similar processes; as described in the above method flow, whether the federation chain nodes forming signature data meet the predetermined requirement may specifically be to determine whether the federation chain nodes forming signature data reach a predetermined number; alternatively, it is determined whether the federation chain nodes forming signature data include predetermined federation chain nodes.
In a further embodiment, the enterprise benchmark information database may include a plurality of enterprise identification numbers and predetermined attributes of electronic tag identification numbers stored corresponding to the enterprise identification numbers. Correspondingly, when the preliminary authentication program is executed by the processor, and performs judgment and judges whether the authentication initial data is legal according to a predetermined policy, the preliminary authentication program may specifically be:
inquiring a corresponding enterprise identification number in the enterprise reference information database; if the enterprise identification number is found, determining the preset attribute of the electronic tag identification number which is correspondingly stored in the enterprise reference information database based on the enterprise identification number, judging whether the electronic tag identification number meets the preset attribute, and if so, judging that the authentication initial data is legal.
In the embodiment of the product anti-counterfeiting electronic tag authentication system provided by the invention, the electronic tag identification number can be a product number. In the enterprise benchmark information database, the predetermined attribute of the electronic tag identification number may be an electronic tag identification range parameter. Correspondingly, the data authentication program of the enterprise authentication terminal is executed by the processor, and when judging whether the electronic tag identification number in the authentication initial data meets the preset attribute, whether the product number meets the range parameter of the electronic tag identification number is judged.
The product anti-counterfeiting electronic tag authentication system is used for judging, and illegal prompts can be fed back under the condition that the judgment results are opposite; the illegitimate prompts may be output via a client-side authentication tool.
The specific process of using the product anti-counterfeit electronic tag authentication system provided by the present invention to perform the product anti-counterfeit electronic tag authentication can refer to the description of the product anti-counterfeit electronic tag authentication method process, and is not repeated herein.
The foregoing is illustrative of the present invention in further detail with reference to examples thereof, and the practice of the invention is not to be construed as limited thereto. For those skilled in the art to which the invention pertains, several simple deductions or substitutions can be made without departing from the spirit of the invention, and all shall be considered as belonging to the protection scope of the invention.
Claims (10)
1. The product anti-counterfeiting electronic tag authentication method is characterized in that an electronic tag of a product to be verified comprises an authentication counter, and an electronic tag authentication key, an electronic tag private key, an electronic tag public key certificate and authentication initial data are preset, wherein the authentication initial data comprise an electronic tag identification number and an enterprise identification number; the electronic tag identification number and the enterprise identification number have uniqueness; the electronic tag public key certificate is obtained by signing an electronic tag public key by a preset enterprise private key, and the electronic tag public key and the electronic tag private key form an asymmetric key pair;
the product anti-counterfeiting electronic tag authentication method comprises the following steps:
s100, the electronic tag receives an authentication trigger message containing a timestamp and an authentication mode mark; enabling the authentication counter to generate an authentication sequence code, judging whether to perform alliance chain authentication according to the authentication mode mark, if so, entering step S120, and if not, entering step S110;
s110, encrypting the dynamic authentication data by using the electronic tag authentication key to generate a reference authentication code; the dynamic authentication data comprises an authentication mode mark, an electronic tag identification number, an enterprise identification number, a timestamp and an authentication sequence code; forming a first dynamic authentication data packet based on the dynamic authentication data and the reference authentication code; then transmitting the first dynamic authentication data packet to a client authentication tool; then, the process goes to step S130;
s120, signing the dynamic authentication data by using the electronic tag private key; the dynamic authentication data comprises an authentication mode mark, an electronic tag identification number, an enterprise identification number, a timestamp and an authentication sequence code; forming a second dynamic authentication data packet based on the dynamic authentication data, the signature data and the electronic tag public key certificate; then transmitting the second dynamic authentication data packet to a client authentication tool; then, the process goes to step S130;
s130, after the client authentication tool receives the first dynamic authentication data packet or the second dynamic authentication data packet; transmitting the client identification data and the received first dynamic authentication data packet or second dynamic authentication data packet to a predetermined alliance link node of a predetermined alliance link platform; the client identification data comprises a client identification number and a client authentication serial number;
s140, the predetermined alliance link node judges the type of the dynamic authentication data packet according to a predetermined strategy; if the dynamic authentication data packet is the first dynamic authentication data packet, step S310 is entered; if the dynamic authentication data packet is the second dynamic authentication data packet, step S210 is entered;
s310, the preset alliance link node inquires a preset enterprise reference information database according to the authentication initial data and judges whether the authentication initial data is legal or not according to a preset strategy; if yes, go to step S320;
s320, forwarding the first dynamic authentication data packet and the received client identification data to a preset enterprise authentication end by a preset alliance link node;
s330, a preset enterprise authentication end acquires an electronic tag identification number according to dynamic authentication data in a first dynamic authentication data packet, performs key dispersion operation on the electronic tag identification number by using a preset electronic tag authentication master key to acquire an electronic tag authentication key, and encrypts the dynamic authentication data by using the electronic tag authentication key to acquire a calibration authentication code; then, carrying out data verification to obtain an enterprise end verification result; then forming an enterprise end anti-counterfeiting authentication data packet and sending the enterprise end anti-counterfeiting authentication data packet to a predetermined alliance link node of a predetermined alliance link platform; the enterprise-side anti-counterfeiting authentication data packet comprises the received client-side identification data, an enterprise-side verification result and signature data obtained by signing the enterprise-side verification result by the enterprise authentication side by using a preset private key;
the data verification comprises at least one of the following:
(a) comparing whether the reference authentication code is consistent with the calibration authentication code;
(b) verifying whether the timestamp is within a predetermined time range;
(c) judging whether the value of the authentication counter is legal or not;
s340, after the preset alliance link point of the alliance link platform receives the enterprise terminal anti-counterfeiting authentication data packet, verifying the signature data by using a preset public key; if the verification is passed, signing the enterprise terminal verification result and the client terminal identification data by using a preset private key, storing the signature data and the enterprise terminal verification result into an alliance chain anti-counterfeiting authentication data packet, sending the alliance chain anti-counterfeiting authentication data packet to a client terminal authentication tool, and entering the step S400;
s210, verifying a preset enterprise public key certificate by using a preset alliance chain platform public key by a preset alliance chain link point to obtain an enterprise public key; then, the enterprise public key is used for verifying the electronic tag public key certificate to obtain an electronic tag public key; then, the electronic tag public key is used for verifying the dynamic authentication data signature in the second dynamic authentication data packet, judging whether the timestamp is legal or not, and obtaining a verification result; the federation chain platform public key and the federation chain platform private key form an asymmetric key pair; the enterprise public key certificate is obtained by signing a preset enterprise public key with the alliance chain platform private key, and the enterprise public key and the enterprise private key form an asymmetric key pair;
s220, the alliance link node performs data signature on the verification result and the client identification data by using a preset private key to obtain signature data, and stores the signature data and the corresponding verification result data into a preset alliance chain anti-counterfeiting authentication data packet;
s230, judging whether the alliance link points forming signature data in the alliance chain anti-counterfeiting authentication data packet meet a preset requirement or not; if not, go to step S240; if yes, sending the anti-counterfeiting authentication data packet of the alliance chain to a client authentication tool, and entering the step S400;
s240, the alliance node sends the second dynamic authentication data packet, the client identification data, and the alliance chain anti-counterfeit authentication data packet to another predetermined alliance chain node, and the another predetermined alliance chain node performs steps S210, S220, and S230;
and S400, the client authentication tool verifies the signature data in the anti-counterfeiting authentication data packet of the alliance chain by using a preset public key and outputs a verification result.
2. The method for authenticating anti-counterfeit electronic tag of claim 1,
the step S340 specifically includes the following steps:
s341, after receiving the enterprise-end anti-counterfeiting authentication data packet, the preset coalition link node of the coalition link platform verifies the signature data in the enterprise-end anti-counterfeiting authentication data packet by using a preset public key; if the verification is passed, signing the enterprise terminal verification result and the client terminal identification data by using a preset private key, storing the signature data and the enterprise terminal verification result into an alliance chain anti-counterfeiting authentication data packet, and entering step S342;
s342, judging whether the alliance link nodes forming the signature data in the alliance link anti-counterfeiting authentication data packet meet the preset requirements or not by using preset alliance link nodes; if not, go to step S343; if yes, go to step S344;
s343, the predetermined alliance link node sends the enterprise-side anti-counterfeit authentication data packet and the alliance link anti-counterfeit authentication data packet to another predetermined alliance link node, and the another predetermined alliance link node executes step S341 and step S342;
and S344, sending the anti-counterfeiting authentication data packet of the alliance chain to a client authentication tool.
3. The method for authenticating an anti-counterfeit electronic tag of a product according to claim 2,
in step S342 and step S230, it is determined whether the federation chain node forming the signature data in the federation chain anti-counterfeiting authentication data packet meets a predetermined requirement, specifically one of the following:
(1) judging whether the number of the alliance chain nodes forming the signature data reaches a preset number;
(2) determining whether federation chain nodes forming the signature data include predetermined federation chain nodes.
4. The authentication method for anti-counterfeit electronic tags of products according to any one of claims 1 to 3,
the enterprise benchmark information database comprises an enterprise identification number;
in step S310, determining validity of the authentication initial data according to a predetermined policy, specifically including querying a corresponding enterprise identification number in the enterprise reference information database; and if the authentication initial data is inquired, judging that the authentication initial data is legal.
5. The method for authenticating anti-counterfeit electronic tag of claim 4,
the enterprise benchmark information database also comprises a preset attribute of the electronic tag identification number stored corresponding to the enterprise identification number;
in the step S310, the method for determining the validity of the authentication initial data according to the predetermined policy specifically includes determining a predetermined attribute of the electronic tag identification number stored in the enterprise reference information database based on the enterprise identification number, and determining whether the electronic tag identification number satisfies the predetermined attribute, if so, determining that the authentication initial data is valid.
6. The method for authenticating an anti-counterfeit electronic tag of a product according to claim 5,
the electronic tag identification number is a product number, and the predetermined attribute of the electronic tag identification number is an electronic tag identification number range parameter;
in step S310, it is determined whether the electronic tag identification number in the authentication initial data satisfies the predetermined attribute, specifically, whether the product number satisfies the electronic tag identification number range parameter is determined.
7. The utility model provides a product anti-fake electronic tags authentication system which characterized in that, includes client authentication instrument, alliance chain platform and enterprise authentication end:
the client authentication tool is provided with a processor, an output module and a communication module; the processor is suitable for sending the authentication trigger message to a preset electronic tag through the communication module, forwarding a first dynamic authentication data packet or a second dynamic authentication data packet output by the electronic tag to a preset alliance link node of the alliance link platform through the communication module, and sending client identification data to the preset alliance link node of the alliance link platform; the system is also suitable for verifying signature data in the alliance chain anti-counterfeiting authentication data packet by using a preset public key after the communication module acquires the fed-back alliance chain anti-counterfeiting authentication data packet from a preset alliance chain link point of the alliance chain platform, and outputting a verification result through the output module; the first dynamic authentication data packet comprises dynamic authentication data and a reference authentication code, and the dynamic authentication data comprises an authentication mode mark, an electronic tag identification number, an enterprise identification number, a timestamp and an authentication sequence code; the reference authentication code is generated by encrypting the dynamic authentication data by a preset electronic tag authentication key; the second dynamic authentication data packet comprises dynamic authentication data, signature data and an electronic tag public key certificate; the dynamic authentication data comprises an authentication mode mark, an electronic tag identification number, an enterprise identification number, a timestamp and an authentication sequence code; the signature data is generated by signing the dynamic authentication data by using an electronic tag private key;
the alliance link platform comprises a plurality of alliance link nodes which are in communication connection; at least part of the alliance link nodes are provided with a storage module, a guide module, a preliminary authentication program, a signature verification program and a signature verification authentication program;
the storage module stores a preset enterprise reference information database, a preset alliance chain platform public key and an enterprise public key certificate; the enterprise public key certificate is obtained by signing a preset enterprise public key by a preset alliance chain platform private key, the enterprise public key and the enterprise private key form an asymmetric key pair, and the alliance chain platform public key and the alliance chain platform private key form an asymmetric key pair;
the guide module is used for judging the type of the received dynamic authentication data packet according to a preset strategy; if the dynamic authentication data packet is the first dynamic authentication data packet, triggering a preliminary authentication program; if the dynamic authentication data packet is a second dynamic authentication data packet, triggering a signature verification authentication program;
the preliminary authentication procedure is adapted to be executed by the processor as follows: inquiring a preset enterprise reference information database according to the authentication initial data, and judging whether the authentication initial data is legal or not according to a preset strategy; if yes, forwarding the first dynamic authentication data packet and the received client identification data to a preset enterprise authentication end;
the verification signature program is adapted to be executed by a processor to: after receiving an enterprise terminal anti-counterfeiting authentication data packet fed back by an enterprise authentication terminal, verifying the signature data by using a preset public key; if the verification is passed, signing the enterprise terminal verification result and the client terminal identification data by using a preset private key, storing the signature data and the enterprise terminal verification result into an alliance chain anti-counterfeiting authentication data packet, and sending the alliance chain anti-counterfeiting authentication data packet to a client terminal authentication tool;
the signature verification authentication program is suitable for being executed by a processor to execute the following instructions: verifying an enterprise public key certificate by using the preset public key of the alliance chain platform to obtain an enterprise public key; then, the enterprise public key is used for verifying the electronic tag public key certificate to obtain an electronic tag public key; then, the electronic tag public key is used for verifying the dynamic authentication data signature in the second dynamic authentication data packet, judging whether the timestamp is legal or not, and obtaining a verification result; the authentication server is also used for carrying out data signature on the authentication result and the client identification data by using a preset private key to obtain signature data, and storing the signature data and the corresponding authentication result data into a preset alliance chain anti-counterfeiting authentication data packet; the anti-counterfeiting authentication method is also used for judging whether the coalition link nodes forming the signature data in the coalition chain anti-counterfeiting authentication data packet meet the preset requirements or not; if not, the second dynamic authentication data packet, the client identification data and the anti-counterfeiting authentication data packet of the alliance chain are sent to another preset alliance chain node; if so, sending the anti-counterfeiting authentication data packet of the alliance chain to a client verification tool;
the enterprise authentication terminal comprises an enterprise terminal storage module and a data authentication program;
the enterprise terminal storage module prestores the electronic tag authentication master key corresponding to the authentication initial data;
the data authentication program is adapted to be executed by a processor to: acquiring an electronic tag identification number according to the received dynamic authentication data in the first dynamic authentication data packet, performing key dispersion calculation on the electronic tag identification number by using a pre-stored electronic tag authentication master key to obtain an electronic tag authentication key, and encrypting the dynamic authentication data by using the electronic tag authentication key to obtain a calibration authentication code; and then carrying out data verification to obtain an enterprise end verification result: then forming an enterprise end anti-counterfeiting authentication data packet and sending the enterprise end anti-counterfeiting authentication data packet to a predetermined alliance link node of a predetermined alliance link platform; the enterprise-side anti-counterfeiting authentication data packet comprises the received client-side identification data, an enterprise-side verification result and signature data obtained by signing the enterprise-side verification result by the enterprise authentication side by using a preset private key; the data validation includes at least one of:
(a) comparing whether the reference authentication code is consistent with the calibration authentication code;
(b) verifying whether the timestamp is within a predetermined time range;
(c) and judging whether the value of the authentication counter is legal or not.
8. The system for authenticating the anti-counterfeit electronic tag of the product according to claim 7, wherein the signature verification program determines whether an alliance link node forming signature data in an alliance link anti-counterfeit authentication data packet meets a predetermined requirement, specifically:
judging whether the number of the alliance chain nodes forming the signature data reaches a preset number;
alternatively, it is determined whether the federation chain nodes forming signature data include predetermined federation chain nodes.
9. The system for authenticating a product according to claim 7,
the verification signature program is further adapted to be executed by the processor with the following instructions: after receiving the enterprise-side anti-counterfeiting authentication data packet, verifying the signature data of the enterprise-side anti-counterfeiting authentication data packet by using a preset public key; if the verification is passed, signing the enterprise terminal verification result and the client terminal identification data by using a preset private key, storing the signature data and the enterprise terminal verification result data into an alliance chain anti-counterfeiting authentication data packet, and further judging whether the alliance chain node forming the signature data meets a preset requirement; if so, feeding back the anti-counterfeiting authentication data packet of the alliance chain to the client authentication tool according to a preset strategy; and if not, sending the enterprise end anti-counterfeiting authentication data packet and the alliance chain anti-counterfeiting authentication data packet to a preset alliance chain node according to a preset strategy.
10. The system according to any one of claims 7 to 9, wherein the enterprise benchmark information database comprises a plurality of enterprise identification numbers and predetermined attributes of electronic tag identification numbers stored corresponding to the enterprise identification numbers;
the preliminary authentication program is executed by a processor to judge and judge whether the authentication initial data is legal according to a preset strategy, and specifically comprises the steps of inquiring a corresponding enterprise identification number in the enterprise reference information database; if the enterprise identification number is found, determining a preset attribute of the electronic tag identification number which is correspondingly stored in the enterprise reference information database based on the enterprise identification number, judging whether the electronic tag identification number in the authentication initial data meets the preset attribute, and if so, judging that the authentication initial data is legal.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811383067.2A CN109523277B (en) | 2018-11-20 | 2018-11-20 | Product anti-counterfeiting electronic tag authentication method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811383067.2A CN109523277B (en) | 2018-11-20 | 2018-11-20 | Product anti-counterfeiting electronic tag authentication method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109523277A CN109523277A (en) | 2019-03-26 |
| CN109523277B true CN109523277B (en) | 2021-05-25 |
Family
ID=65778775
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811383067.2A Active CN109523277B (en) | 2018-11-20 | 2018-11-20 | Product anti-counterfeiting electronic tag authentication method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109523277B (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106096986A (en) * | 2016-06-20 | 2016-11-09 | 北京太云科技有限公司 | A kind of Antiforge system based on block chain and method |
| CN106570710A (en) * | 2016-10-27 | 2017-04-19 | 纸飞机(北京)科技有限公司 | Commodity anti-counterfeiting method and device |
| CN107070660A (en) * | 2017-03-03 | 2017-08-18 | 钱德君 | A kind of design Storage method of block chain encrypted radio-frequency chip |
| CN107169776A (en) * | 2017-05-10 | 2017-09-15 | 无锡井通网络科技有限公司 | Product certification method for anti-counterfeit based on block chain technology |
| CN107730278A (en) * | 2017-10-18 | 2018-02-23 | 上海唯链信息科技有限公司 | A kind of false proof and retroactive method of the medicine based on block chain technology |
| CN108694594A (en) * | 2018-05-29 | 2018-10-23 | 阿里巴巴集团控股有限公司 | Commodity source tracing method and device, electronic equipment based on block chain |
-
2018
- 2018-11-20 CN CN201811383067.2A patent/CN109523277B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106096986A (en) * | 2016-06-20 | 2016-11-09 | 北京太云科技有限公司 | A kind of Antiforge system based on block chain and method |
| CN106570710A (en) * | 2016-10-27 | 2017-04-19 | 纸飞机(北京)科技有限公司 | Commodity anti-counterfeiting method and device |
| CN107070660A (en) * | 2017-03-03 | 2017-08-18 | 钱德君 | A kind of design Storage method of block chain encrypted radio-frequency chip |
| CN107169776A (en) * | 2017-05-10 | 2017-09-15 | 无锡井通网络科技有限公司 | Product certification method for anti-counterfeit based on block chain technology |
| CN107730278A (en) * | 2017-10-18 | 2018-02-23 | 上海唯链信息科技有限公司 | A kind of false proof and retroactive method of the medicine based on block chain technology |
| CN108694594A (en) * | 2018-05-29 | 2018-10-23 | 阿里巴巴集团控股有限公司 | Commodity source tracing method and device, electronic equipment based on block chain |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109523277A (en) | 2019-03-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20210044441A1 (en) | Method and system for creating and checking the validity of device certificates | |
| CN109359691B (en) | Identity verification method and system based on block chain | |
| CN105024824B (en) | The generation and verification method and system of credible label based on rivest, shamir, adelman | |
| CN109360008B (en) | Product anti-counterfeiting authentication updating method and system | |
| CN109522988B (en) | Method and system for updating product anti-counterfeiting electronic label information | |
| AU2008359920B2 (en) | Method and means for digital authentication of valuable goods | |
| CN107493273A (en) | Identity identifying method, system and computer-readable recording medium | |
| CN109587518B (en) | Image transmission apparatus, method of operating the same, and system on chip | |
| CN112165382B (en) | Software authorization method and device, authorization server side and terminal equipment | |
| CN108171019B (en) | Anti-counterfeiting verification method, anti-counterfeiting verification system, anti-counterfeiting verification device and storage medium | |
| JP6069876B2 (en) | IC chip authentication system | |
| WO2013075547A1 (en) | Product anti-forgery method and system, and product identity information generation method and device | |
| EP3432179B1 (en) | Security tag and electronic system usable with molded case circuit breakers | |
| CN105530099A (en) | Anti-fake verification method, device and system and anti-fake certificate based on IBC (Identity-Base Cryptography) | |
| JP4600248B2 (en) | Data communication system and data communication method | |
| CN109583555B (en) | Product anti-counterfeiting electronic tag authentication method and system | |
| CN107239936A (en) | A kind of E-seal management system | |
| JP4843960B2 (en) | Tag authentication system, authentication device, and tag authentication method | |
| CN111737766B (en) | Method for judging validity of digital certificate signature data in block chain | |
| CN108540447A (en) | A kind of certification authentication method and system based on block chain | |
| CN109543791B (en) | Product anti-counterfeiting verification method and system | |
| CN104883260B (en) | Certificate information processing and verification method, processing terminal and authentication server | |
| CN109544182B (en) | Product anti-counterfeiting verification method and system | |
| CN109523277B (en) | Product anti-counterfeiting electronic tag authentication method and system | |
| CN109509007A (en) | Product false proof electronic tag and electronic tag authentication method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |