CN112668353A

CN112668353A - Bargun authentication method, device, equipment and storage medium

Info

Publication number: CN112668353A
Application number: CN202110003975.XA
Authority: CN
Inventors: 张阁; 李培吉; 李建泉
Original assignee: Dongpu Software Co Ltd
Current assignee: Dongpu Software Co Ltd
Priority date: 2021-01-04
Filing date: 2021-01-04
Publication date: 2021-04-16

Abstract

The invention discloses a bargun authentication method, a device, equipment and a storage medium, wherein basic information of bargun equipment is read in advance, a unique identifier of corresponding bargun equipment is generated based on the basic information, and the unique identifier is stored in a server; when the gun equipment logs in, automatically generating identification information of the gun equipment, transmitting the identification information to a server, and verifying the gun equipment and the identification information by the server according to a public key and a unique identification of the gun equipment; if the check is passed, allowing the bargun equipment to work; if the verification fails, the device is judged to be an abnormal device, and the login fails. By the authentication method, the authenticity of the gun equipment is identified, the use of the non-company authorized gun is avoided, the consummation company is prevented from using the non-authorized gun to carry out conspiring behaviors, the reasonable and effective authorized use of the authorized gun is ensured, and the life cycle management of the gun equipment is enhanced.

Description

Bargun authentication method, device, equipment and storage medium

Technical Field

The invention belongs to the technical field of management of logistics express delivery equipment, and particularly relates to a bargun authentication method, a bargun authentication device, equipment and a storage medium.

Background

In recent years, with the rise of web shopping via websites such as Tianmao and Jingdong, express mail has become a part of people's life. At present, some areas do not have an intelligent express cabinet system, and an express service station system is adopted, namely all express mails in a community are firstly collected into a service station, then express information is recorded into the system, and then a user is informed to get the express mail from the service station through a short message sent by the system or other modes.

At present, express companies and express are increasing, express information is more complex, when the express information needs to be input, manual processing speed is low, mistakes are easy to make, and efficiency is relatively low. If the express can not be dispatched in time, the problem that the express is accumulated in the service station is easily caused.

Therefore, many express companies use bargun equipment to solve the problem of slow manual handling speed. If the application publication number is: CN108197850A, entitled "a bargun-based fast processing method and bargun", discloses that a bargun apparatus comprises a processor adapted to implement instructions, and a memory adapted to store a plurality of instructions, which are loaded and executed by the processor. When the system is used, a registered and allocated account number can be used for logging in the bargun, and a designated service station is selected. When sending the express mail, uploading the express mail information to a background server, then verifying the express mail information of the express mail through a bargun, and uploading the express mail state to the background server; when the courier receives the express, receiving operation is carried out through a bargun, and the express state is uploaded to a background server; when dispatching, receiving, shelving and delivering the express delivery by a bargun, and uploading the express delivery state to a background server; when the express is taken, corresponding express is inquired by inputting the pick code in the bargun, and the express state is uploaded to the background server after the pick is successful. By the method and the system, a service station manager can process the express mails by using the bargun, so that the working efficiency is improved, the error rate is reduced, and the handling capacity and the turnover rate of the express mails are improved. "

If the publication number is: CN209433411U, entitled "self-induction scanning bargun", discloses a self-induction scanning bargun, which comprises a bargun body, a scanner arranged at the front end of the bargun body, a distance sensor matched with the bargun body, and a microprocessor. The utility model discloses a microprocessor of auto-induction scanning rifle is detected through this distance sensor and is had the object when first threshold value is apart from interior, opens the scanning function of this scanner to scan bar code or two-dimensional code on this object, need not the manual scanning function of opening of operating personnel, improved work efficiency, alleviateed operating personnel load. "

Therefore, the bargun equipment becomes an indispensable part in express package delivery. However, since the bargun device is a source of data entry, it becomes a risk of leakage of user data and privacy information; and illegal profit making of express delivery data uploaded by a forged bargun device can disturb normal operation of an express company. At present, the safety of communication between the gun devices is not paid enough attention, so that in order to avoid the benefit of lawless persons by counterfeiting the gun devices, a gun authentication method is urgently needed to strengthen the safety supervision of the gun devices.

Disclosure of Invention

The invention aims to provide a bargun authentication method, a bargun authentication device, equipment and a storage medium for verifying authenticity of a bargun device, and the method, the device, the equipment and the storage medium can be used for preventing express personnel in an alliance network point in an express logistics chain from using unauthorized bargun devices for operation, uploading express data and illegal profit-making, and creating a safe and effective data environment for an express company.

In order to solve the problems, the technical scheme of the invention is as follows:

a rifle authentication method, comprising:

basic information of the bargun equipment is read in advance, a unique identifier of the corresponding bargun equipment is generated based on the basic information, and the unique identifier is stored in a server; the basic information comprises built-in coding information of the rifle equipment, MAC address information, a CPU serial number, an authorized batch and information of a affiliated website;

generating a key pair of the rifle device based on the basic information of the rifle device; the secret key pair comprises a private key and a public key, the private key is stored in the rifle device, and the public key is stored in the server;

when a gun device logs in, automatically generating identification information of the gun device, transmitting the identification information to a server, and verifying the gun device and the identification information by the server according to a public key and a unique identification of the gun device; if the check is passed, allowing the bargun equipment to work; if the verification fails, the device is judged to be an abnormal device, and the login fails.

According to an embodiment of the present invention, the generating a unique identifier of a corresponding bargun device based on the basic information further includes:

and generating a random number based on the basic information of the bargun device, and generating the unique identification of the bargun device by the random number through the SM3 cryptographic algorithm.

According to an embodiment of the present invention, the storing the unique identifier in the server further includes:

the unique identification of the bargun equipment is encrypted by adopting a 3DES symmetric encryption algorithm and then transmitted to a server; the encryption key of the 3DES symmetric encryption algorithm is stored in the bargun device, and the decryption key of the 3DES symmetric encryption algorithm is stored in the server; the encryption key is the same as the decryption key.

According to an embodiment of the present invention, the unique identifier of the bargun device is encrypted by using a 3DES symmetric encryption algorithm, and the method further includes:

generating an initial key, wherein the initial key comprises a plurality of 3DES keys and is used for generating a temporary working key;

when the bargun equipment uploads data each time, a temporary working key is generated by encrypting the dynamic random code through a 3DES key; and when the data uploading is finished, clearing the temporary working key.

According to an embodiment of the present invention, the automatically generating identification information of the rifle device when the rifle device logs in, and transmitting the identification information to the server further includes:

reading built-in coding information, MAC address information and a CPU serial number of the bargun equipment, and generating a digital signature of the bargun equipment through an MD5 algorithm to serve as identification information of the bargun equipment; and a 3DES key is taken from the initial key to encrypt the identification information, and a public key of the server is adopted to encrypt the ciphertext of the identification information and the 3DES encryption key and then transmit the encrypted ciphertext and the encrypted 3DES encryption key to the server.

According to an embodiment of the present invention, the server, according to the unique identifier of the gun device, further verifying the gun device and the identifier information includes:

decrypting by adopting a server private key to obtain a ciphertext of the identification information of the rifle device and a decryption key of the 3DES, and decrypting the ciphertext of the identification information by using the decryption key of the 3DES to obtain the identification information of the rifle device;

calling the unique identifier of the corresponding bargun equipment stored on the server, comparing the unique identifier with the identifier information, and if the unique identifier is the same as the identifier information, passing the verification and allowing the bargun equipment to work; if not, the verification fails, and the bargun equipment is refused to upload data.

According to an embodiment of the present invention, the generating a key pair of the gun device based on the basic information of the gun device further includes:

and generating a random number based on the basic information of the gun device, and generating a key pair of the gun device by the random number through the SM2 cryptographic algorithm.

A rifle authentication device, comprising:

the device identification generation module is used for reading basic information of the gun device, generating a unique identification of the corresponding gun device based on the basic information, and storing the unique identification in the server; the basic information comprises built-in coding information of the rifle equipment, MAC address information, a CPU serial number, an authorized batch and information of a affiliated website;

the device key generation module is used for generating a key pair of the gun device based on the basic information of the gun device; the secret key pair comprises a private key and a public key, the private key is stored in the rifle device, and the public key is stored in the server;

the equipment authentication module is used for automatically generating identification information of the gun equipment when the gun equipment logs in, transmitting the identification information to the server, and verifying the gun equipment and the identification information by the server according to the unique identification of the gun equipment; if the check is passed, allowing the bargun equipment to work; if the verification fails, the device is judged to be an abnormal device, and the login fails.

A rifle authentication device includes a memory and a processor, where the memory stores computer readable instructions, and the processor executes the computer readable instructions to implement a rifle authentication method according to an embodiment of the present invention.

A computer readable medium storing a computer program which, when executed by one or more processors, implements a bargun authentication method in an embodiment of the invention.

Due to the adoption of the technical scheme, compared with the prior art, the invention has the following advantages and positive effects:

1) according to the bargun authentication method in one embodiment of the invention, basic information of a bargun device is read in advance, a unique identifier of the corresponding bargun device is generated based on the basic information, and the unique identifier is stored in a server; when the gun equipment logs in, automatically generating identification information of the gun equipment, transmitting the identification information to a server, and verifying the gun equipment and the identification information by the server according to a public key and a unique identification of the gun equipment; if the check is passed, allowing the bargun equipment to work; if the verification fails, the device is judged to be an abnormal device, and the login fails. By the authentication method, the authenticity of the gun equipment is identified, the use of the non-company authorized gun is avoided, the consummation company is prevented from using the non-authorized gun to carry out conspiring behaviors, the reasonable and effective authorized use of the authorized gun is ensured, and the life cycle management of the gun equipment is enhanced.

2) In the bargun authentication method in an embodiment of the invention, a random number is generated based on basic information of the bargun equipment, the SM3 cryptographic algorithm is adopted, and the unique identifier of the bargun equipment is generated by the random number, and as the SM3 cryptographic algorithm is an irreversible character string transformation algorithm, in other words, even if a source program and an algorithm description are seen, an encrypted value cannot be transformed back to an original character string, so that tampering can be prevented, and the information transmission is ensured to be complete and consistent.

3) According to the bargun authentication method in the embodiment of the invention, the unique identifier of the bargun equipment is encrypted by adopting a 3DES symmetric encryption algorithm and then transmitted to the server, the encrypted password and the decrypted password are the same according to the characteristics of the symmetric encryption algorithm, and the ciphertext can be decrypted only under the condition that the encrypted password is known, so that the unique identifier of the bargun equipment is obtained. The 3DES symmetric encryption algorithm mainly depends on the unique key to ensure the security of data encryption and decryption, and is not easy to crack, thereby ensuring the security of information transmission.

4) In the bargun authentication method in an embodiment of the invention, the public and private key pairs of the bargun device are generated by adopting the SM2 national cryptographic algorithm, and the 256-bit SM2 cryptographic strength is higher than the 2048-bit RSA cryptographic strength compared with other encryption algorithms (such as the RSA algorithm) according to the logarithm problem based on the discrete point group on the elliptic curve. Therefore, the password strength is improved, the password is not easy to crack, the safety of information transmission is further ensured, and the password can be prevented from being tampered and forged.

Drawings

Fig. 1 is a flow diagram of a bargun authentication method in an embodiment of the present invention;

FIG. 2 is a diagram of SM3 cryptographic algorithm groups in accordance with an embodiment of the present invention;

FIG. 3 is a diagram illustrating 3DES encryption in accordance with an embodiment of the present invention;

FIG. 4 is a diagram illustrating 3DES decryption in accordance with an embodiment of the present invention;

FIG. 5 is a schematic diagram of the SM2 cryptographic algorithm in one embodiment of the present invention;

FIG. 6 is a timing diagram illustrating the validation of a gun device according to an embodiment of the present invention;

FIG. 7 is a schematic diagram of a bargun authentication device in accordance with an embodiment of the present invention;

fig. 8 is a schematic diagram of a bargun authentication device in an embodiment of the present invention.

Detailed Description

The present invention provides a bargun authentication method, apparatus, device and storage medium, which will be described in further detail with reference to the accompanying drawings and specific embodiments. Advantages and features of the present invention will become apparent from the following description and from the claims.

Example one

The present embodiment provides a method; referring to fig. 1, the bargun authentication method includes:

a rifle authentication method, comprising:

s1: reading basic information of the bargun equipment in advance, generating a unique identifier of the corresponding bargun equipment based on the basic information, and storing the unique identifier in a server; the basic information comprises built-in coding information of the rifle equipment, MAC address information, a CPU serial number, an authorized batch and information of a affiliated website;

s2: generating a key pair of the rifle equipment based on basic information of the rifle equipment; the secret key pair comprises a private key and a public key, wherein the private key is stored in the rifle device, and the public key is stored in the server;

s3: when the gun equipment logs in, automatically generating identification information of the gun equipment, transmitting the identification information to a server, and verifying the gun equipment and the identification information by the server according to a public key and a unique identification of the gun equipment; if the check is passed, allowing the bargun equipment to work; if the verification fails, the device is judged to be an abnormal device, and the login fails.

By the aid of the bargun authentication method, authenticity of the bargun equipment can be identified, use of non-company authorized barguns is avoided, consummation behaviors of franchised companies in utilizing the non-authorized barguns are avoided, reasonable and effective authorized use of authorized barguns is guaranteed, and life cycle management of the bargun equipment is enhanced.

Specifically, the bargun authentication method provided by this embodiment is implemented by using a middleware. The middleware comprises a gun device client and a server. The client and the server communicate in a WebSocket mode, the client automatically reads the information of the gun equipment and automatically connects with the server according to the flow; the server receives information of the client, and distinguishes the client of different bargun devices by the identification field of the communication packet. WebSocket is bi-directional, a full duplex protocol used in the context of client-server communication, the connection between the client and the server will remain active until terminated by either party (bargun client or server). After closing the connection by either of the bargun client and the server, the connection will be terminated from both ends.

In step S1, generating a unique identifier of the gun device based on the basic information of the gun device, further includes: s21: and generating a random number based on the basic information of the bargun device, and generating the unique identification of the bargun device by the random number through the SM3 cryptographic algorithm.

Bargun devices typically require authorization by a courier company before they can be used, and then are registered. The basic information of the registered bargun equipment mainly comprises built-in coding information, MAC address information, CPU serial number, authorized batch and information of affiliated network points of the bargun equipment.

The information that a bargun device usually carries is as follows: the system comprises an operating system model (such as a WINCE5.0 operating system), a central processing unit model (ARM9, 32-bit CPU), a CPU serial number (such as 000906E9), a storage model (such as 128MByte Flash), a memory (such as 2G T-Flash card), a display (such as 240 × 320TFT, a color touch screen), built-in coding information (such as CODE39), MAC address information (such as 00-01-6C-06-A6-29), batch authorization (such as YD0001), affiliated dot information (such as jiaxing01), scanning speed (such as 100 times/second), reading distance (such as 1150px) and other information parameters. In this embodiment, five parameters in the self-contained information of the rifle device, that is, data of the built-in coding information, the MAC address information, the CPU serial number, the authorized batch and the affiliated website information, are selected to generate the unique identifier of the rifle device.

In the process of generating the unique identifier of the bargun equipment, firstly, data of the five parameters are added to obtain a character string, then, the character string is hashed to obtain a random number, and finally, the random number is used as a seed to generate an abstract through an SM3 cryptographic algorithm, and the abstract is used as the unique identifier of the authentication management of the bargun equipment. The principle of SM3 cryptographic algorithm is briefly described below:

the SM3 cryptographic algorithm mainly adopts a hash algorithm and is used for calculating the summary of a message and checking the integrity of the message in the field of information security. The hash algorithm is commonly used as a message digest algorithm MD5, a secure hash algorithm SHA and the like. MD5, Message-DigestAlgorithm5, among others, can convert a string of arbitrary length into a 128-bit integer and is an irreversible string transformation algorithm. In other words, even if the source program and the algorithm description are seen, it is impossible to change the value of one MD5 back to the original string, which is mathematically infinite. The MD5 algorithm is mainly divided into two parts, i.e., grouping and iterating, wherein the grouping is to convert the files to be encrypted into 2-ary, then grouping is 512 × K +448(K is any integer), and 64 bits of file length information are added to form 512 × K +1 grouping, as shown in fig. 2. 448 (hereinafter, denoted by R) is the remaining number of bits, and in actual use, the following occurs:

when R <448, the complement bit is required to be 448;

when R >448, the packet needs to be filled;

the complement bit is in the form of filling one 1 and then connecting a plurality of 0.

In iteration, MD5 has four 32-bit integer parameters called connected variables, named A, B, C, D; meanwhile, the MD5 algorithm specifies four non-linear operation functions (& is AND, | is OR, - [ is NOT ], [ is exclusive OR):

F(X,Y,Z)＝(X&Y)|((～X)&Z)

G(X,Y,Z)＝(X&Z)|(Y&(～Z))

H(X,Y,Z)＝X^Y^Z

I(X,Y,Z)＝Y^(X|(～Z))

these functions are designed such that: if the corresponding bits of X, Y and Z are independent and uniform, then each bit of the result should also be independent and uniform.

With the above four operations, four important calculation functions are generated. First, four intermediate variables a, b, c, d are declared, with assignments: a, B, C, D, C, and B. These four calculation functions are then defined as:

FF (a, b, c, d, M [ j ], s, ti) represents a ═ b + ((a + F (b, c, d) + Mj + ti) < < >

GG (a, b, c, d, M [ j ], s, ti) represents a ═ b + ((a + G (b, c, d) + Mj + ti) < < < >

HH (a, b, c, d, M [ j ], s, ti) represents a ═ b + ((a + H (b, c, d) + Mj + ti) < < < >

II (a, b, c, d, M [ j ], s, ti) denotes a ═ b + ((a + I (b, c, d) + Mj + ti) < < < >

Where M [ j ] denotes the jth sub-packet of the message (from 0 to 15), < < denotes a cyclic left shift s, the constant ti is an integer part of 4294967296 abs (sin (i)), and i takes values from 1 to 64 in radians.

After the four calculation functions are defined, the loop calculation of MD5 can be realized. The number of cycles in this cycle is the number of 512-bit packets. The four functions are performed 16 times each, 64 times per loop. After all 512-bit packets have been processed, a new set of A, B, C, D values is obtained, and the values are concatenated in ABCD order to obtain the desired MD5 digest value.

The SM3 cryptographic algorithm exists in the form of a chip when in actual use, the chip is provided with an inlet of an SM3 algorithm function, and a 16-system number of 8 bytes can be input each time, so that an input file can be split into N x 8 bytes and converted into a 16-system number, and the SM3 algorithm function needs to be executed for N times; the former N-1 times and the last time are different from the messages used for executing the function, the former N-1 times are messages p 1-01 (no return value, but the function records the intermediate result of the iteration and is used as the input of the next iteration), the last message is messages p 1-02, and the final digest value is output by combining the intermediate value of the last iteration.

In step S1, storing the unique identifier in the server, further comprising: s31, the unique identification of the bargun equipment is encrypted by adopting a 3DES symmetric encryption algorithm and then transmitted to a server; the encryption key of the 3DES symmetric encryption algorithm is stored in the bargun device, and the decryption key of the 3DES symmetric encryption algorithm is stored in the server; its encryption key is the same as the decryption key.

Symmetric encryption algorithms are well-established techniques that apply older encryption algorithms. In the symmetric encryption algorithm, a data sender processes a plaintext (original data) and an encryption key together through a special encryption algorithm, and then the plaintext and the encryption key are changed into a complex encryption ciphertext to be sent out. After the receiver receives the ciphertext, if the receiver wants to decode the original text, the receiver needs to decrypt the ciphertext by using the key used for encryption and the inverse algorithm of the same algorithm so as to recover the ciphertext into readable plaintext. In the symmetric encryption algorithm, only one key is used, and both the sender and the receiver use the key to encrypt and decrypt data. Common symmetric encryption algorithms DES, 3DES (triple DES) and AES are adopted in the present embodiment, and the principle of the 3DES symmetric encryption algorithm is described below:

the DES algorithm is called Data Encryption Standard, i.e. Data Encryption algorithm. The DES algorithm changes a 64-bit plaintext input block into a 64-bit ciphertext output block, uses a 64-bit secret key, and mainly comprises two steps:

1) the function of the initial permutation is to recombine the 64-bit data block of the input bit by bit and to divide the output into two parts L0 and R0, each part is 32 bits long, the permutation rule is to change the 58 th bit of the input bit to the first bit, the 50 th bit to the 2 nd bit … …, and so on, and the last bit is the 7 th bit of the original input bit. L0 and R0 are two parts after the output of transposition, L0 is the left 32 bits of the output, R0 is the right 32 bits, for example: setting the input value before the replacement as D1D2D3 … … D64, the result after the initial replacement is: l0 ═ D58D50 … … D8; r0 ═ D57D49 … … D7.

2) And (3) performing inverse permutation, namely obtaining L16 and R16 after 16 times of iterative operation, performing inverse permutation by taking the L16 and the R16 as input, wherein the inverse permutation is exactly the inverse operation of the initial permutation, and thus obtaining ciphertext output.

The 3DES is Triple Data Encryption, Triple Data Encryption Standard. As shown in fig. 3 and 4, 3DES is not subjected to DES encryption 3 times, but is a process of encryption- > decryption- > encryption. When all the keys in the 3DES are the same, the 3DES becomes a common DES; when keys 1 and 3 are the same and key 2 is different, the 3DES is called DES-EDE2(EDE stands for encryption-decryption-encryption process); the decryption and encryption of 3DES are the reverse of the process: decryption- - > encryption- - > decryption.

The unique identification 3DES symmetric encryption algorithm of the gun device is encrypted and transmitted to the server, the encrypted password is stored in the client side of the gun device, and the decrypted password is stored in the server. In addition, the embodiment also sets an initial key, and the initial key is respectively stored in the client and the server.

In step S31, the unique identifier of the bargun device is encrypted using a 3DES symmetric encryption algorithm, further comprising: s41 generating an initial key, the initial key comprising a plurality of 3DES keys for generating a temporary working key; when the bargun equipment uploads data each time, a temporary working key is generated by encrypting the dynamic random code through a 3DES key; and when the data uploading is finished, clearing the temporary working key.

The initial key is a set of keys that conform to a 3DES symmetric encryption algorithm, referred to as 3DES keys for short. This embodiment will combine 3DES keys into a set of initial keys for random distribution in subsequent steps.

In the gun authentication management of the embodiment, in order to identify the authenticity of the gun equipment and prevent the use of a non-company authorized gun, the gun equipment generates a working key every time data is uploaded. In order to ensure that the working keys used each time are different, a temporary working key needs to be generated. The temporary working key is generated by encrypting a dynamic random code with a 3DES key. Therefore, the bargun device generates a temporary working key every time when uploading data, and when the uploading of the data is finished, the temporary working key is eliminated, so that the one-time pad is realized, and counterfeiting is prevented.

In step S2, a key pair of the gun device is generated based on the basic information of the gun device; the secret key pair comprises a private key and a public key, wherein the private key is stored in the rifle device, and the public key is stored in the server.

Specifically, the client reads the built-in coding information of the gun equipment, reads the MAC address information of the gun equipment, reads the CPU serial number of the gun equipment, reads the authorized batch of the gun equipment and reads the attribute of the affiliated website; and generating a random number based on the basic information of the gun device, and generating a key pair of the gun device by the random number through the SM2 cryptographic algorithm. The key pair is a private key of the rifle device and a corresponding public key. The private key of the rifle device is stored at the client and the public key is stored at the server. The server stores a list of public keys of all bargun devices authorized by the courier company. In addition, the server also generates a key pair, i.e., a server public key and a server private key. The server public key is published and stored in the client of the bargun device, and the server private key is stored in the server and is not published.

The principle of SM2 cryptographic algorithm is briefly described below:

SM2 is an elliptic curve encryption algorithm of the national cryptographic standard, which is the curve property on which public key cryptography is based: the elliptic curve multiple point operation forms a one-way function. In the multi-point operation, the problem of solving the multiple with the known multi-point and base point is called the elliptic curve discrete logarithm problem. For the discrete logarithm problem of a general elliptic curve, only an exponential calculation complexity solving method exists at present. Compared with the large number decomposition problem and the discrete logarithm problem in a finite field, the solution difficulty of the elliptic curve discrete logarithm problem is much higher. Therefore, elliptic curve cryptography requires a much smaller key size than other public key cryptography with the same security level.

Referring to fig. 5, the digital signature algorithm generates a digital signature on data by a signer and verifies the authenticity of the signature by a verifier. Each signer has a public key and a private key, wherein the private key is used to generate the signature and the verifier verifies the signature with the public key of the signer.

Curve equation of SM2 as y²＝x³+ ax + b, wherein a and b are integers. The private key of the SM2 cryptographic algorithm is a large integer generated by a random number generator, the length of the private key is 32 bytes, the corresponding public key is a point on an elliptic curve, and the length of the public key is as follows: the SM2 uncompressed public key format byte string is 65 bytes long, and the compressed format is 33 bytes long; the signature length is 64 bytes.

The private key (denoted by d) and the public key (denoted by P) of the SM2 cryptographic algorithm satisfy the following relationship: p ═ x_p,y_p)＝[d]G, wherein G is the base point of the SM2 cryptographic algorithm and is a point on the elliptic curve.

Since the SM2 cryptographic algorithm is based on the discrete logarithm problem of the point group on the elliptic curve, the 256-bit SM2 cryptographic strength is already higher than the 2048-bit RSA cryptographic strength compared with other cryptographic algorithms (such as the RSA algorithm). Therefore, in the embodiment, the SM2 cryptographic algorithm is adopted to generate the public and private key pairs of the bargun device, so that the password strength is improved, the decryption is not easy, the security of information transmission is further ensured, and the information transmission can be prevented from being tampered and forged.

In step S3, when the rifle device logs in, automatically generating identification information of the rifle device, and transmitting the identification information to the server further includes: s51, reading built-in coding information, MAC address information and CPU serial number of the bargun equipment, and generating a digital signature of the bargun equipment through an MD5 algorithm to serve as identification information of the bargun equipment; and a 3DES key is taken from the initial key to encrypt the identification information, and a public key of the server is adopted to encrypt the ciphertext of the identification information and the 3DES encryption key and then transmit the encrypted ciphertext and the encrypted 3DES encryption key to the server.

Specifically, after the above steps S1 and S2, the data required for the bargun authentication is ready, and step S3 mainly describes the bargun authentication process, please refer to fig. 6.

When the express delivery staff starts to use the bargun equipment to work, namely the first step of application, the client side of the initialized bargun equipment is started, and parameters of the bargun equipment are read. When the bargun equipment is started to log in, reading built-in coding information, MAC address information and a CPU serial number of the bargun equipment; based on the information, generating an MD5 digital signature of the gun device by applying an MD5 algorithm as identification information of the gun device; then, a 3DES key is taken to generate a temporary working key, the private key of the gun device is sent to the server for verification, and the private key is compared with the signature (public key) of the gun device of the server so as to confirm the legality of the gun device. Then, the identification information of the gun device and the 3DES encryption key are encrypted by the public key of the server and transmitted to the server.

In step S3, the server verifying the gun device and the identification information according to the unique identification of the gun device further includes: s61, decrypting by adopting a server private key to obtain a ciphertext of the identification information of the rifle device and a 3DES decryption key, and decrypting the ciphertext of the identification information by using the 3DES decryption key to obtain the identification information of the rifle device; calling the unique identifier of the corresponding bargun equipment stored on the server, comparing the unique identifier with the identifier information, and if the unique identifier is the same as the identifier information, passing the verification and allowing the bargun equipment to work; if not, the verification fails, and the bargun equipment is refused to upload data.

In practical use, step S1 in this embodiment may be completed when the bargun device is registered. Respectively storing the unique identifiers of all the rifle equipment on a middleware, namely storing the unique identifiers in a client and a server of the rifle equipment, and using temporarily generated identifier information during login; meanwhile, the data of the rifle device client is updated, and timing automatic synchronization is set, which is the basis for ensuring legal rifle devices. The unique identification of the bargun equipment is stored in the client and the server respectively, and can be automatically updated on line after the work is started. The bargun equipment verified by the server can be put into operation and uploads data. During the operation of the bargun device, if the bargun device is not used within a certain time period (such as 2 minutes), the bargun device automatically drops. Specifically, a long connection can be established between the bargun device client and the server, heartbeat detection is carried out within 2 minutes, and if no reaction occurs, the heartbeat detection is automatically disconnected. When the user needs to log in again, the authentication process of step S3 in this embodiment is repeated.

Example two

This embodiment provides a bargun authentication device, please refer to fig. 7, which includes:

the equipment identification generation module 1 is used for reading basic information of the gun equipment, generating a unique identification of the corresponding gun equipment based on the basic information, and storing the unique identification in the server; the basic information comprises built-in coding information of the rifle equipment, MAC address information, a CPU serial number, an authorized batch and information of a affiliated website;

the device key generation module 2 is used for generating a key pair of the gun device based on the basic information of the gun device; the secret key pair comprises a private key and a public key, wherein the private key is stored in the rifle device, and the public key is stored in the server;

the equipment authentication module 3 is used for automatically generating identification information of the gun equipment when the gun equipment logs in, transmitting the identification information to the server, and verifying the gun equipment and the identification information by the server according to the unique identification of the gun equipment; if the check is passed, allowing the bargun equipment to work; if the verification fails, the device is judged to be an abnormal device, and the login fails.

The functions and implementation methods of the device identifier generating module 1, the device key generating module 2, and the device authentication module 3 are all as described in the above embodiment, and are not described herein again.

EXAMPLE III

The second embodiment above describes the bargun authentication device in detail from the perspective of the modular functional entity, and the bargun authentication device in detail from the perspective of hardware processing.

Referring to fig. 8, the rifle authentication apparatus 500 may vary greatly depending on configuration or performance, and may include one or more processors (CPUs) 510 (e.g., one or more processors) and memory 520, one or more storage media 530 (e.g., one or more mass storage devices) storing applications 533 or data 532. Memory 520 and storage media 530 may be, among other things, transient or persistent storage. The program stored on the storage medium 530 may include one or more modules (not shown), each of which may include a series of instructions operating on the rifle authentication device 500.

Further, the processor 510 may be configured to communicate with the storage medium 530 to execute a series of instruction operations in the storage medium 530 on the rifle authentication device 500.

The rifle authentication apparatus 500 may also include one or more power supplies 540, one or more wired or wireless network interfaces 550, one or more input-output interfaces 560, and/or one or more operating systems 531, such as Windows service, Vista, and the like.

Those skilled in the art will appreciate that the configuration of the firearm illustrated in fig. 8 does not constitute a limitation of the firearm and may include more or fewer components than illustrated, or some components in combination, or a different arrangement of components.

The present invention also provides a computer-readable storage medium, which may be a non-volatile computer-readable storage medium, and which may also be a volatile computer-readable storage medium. The computer-readable storage medium stores instructions that, when executed on a computer, cause the computer to perform the steps of the method for detecting a logistic operation violation according to the first embodiment.

The modules in the second embodiment, if implemented in the form of software functional modules and sold or used as independent products, may be stored in a computer-readable storage medium. Based on such understanding, the technical solution of the present invention may be substantially or partially implemented in software, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-only memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.

It can be clearly understood by those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described apparatuses and devices may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.

The embodiments of the present invention have been described in detail with reference to the accompanying drawings, but the present invention is not limited to the above embodiments. Even if various changes are made to the present invention, it is still within the scope of the present invention if they fall within the scope of the claims of the present invention and their equivalents.

Claims

1. A method of bargun authentication, comprising:

2. The rifle authentication method of claim 1, wherein generating a unique identification for a respective rifle device based on the base information further comprises:

3. The rifle authentication method of claim 1, wherein the storing the unique identification in a server, further comprises:

4. The rifle authentication method of claim 3, wherein the unique identification of the rifle device is encrypted using a 3DES symmetric encryption algorithm, further comprising:

5. The rifle authentication method of claim 4, wherein the automatically generating identification information for the rifle device upon login of the rifle device, the transmitting the identification information to the server further comprises:

6. The rifle authentication method of claim 5, wherein the server verifying the rifle device and identification information based on a unique identification of the rifle device further comprises:

7. The rifle authentication method of claim 1, wherein the generating of the key pair for the rifle device based on the base information for the rifle device further comprises:

8. A rifle authentication device, comprising:

the equipment authentication module is used for automatically generating identification information of the gun equipment when the gun equipment logs in, transmitting the identification information to the server, and verifying the gun equipment and the identification information by the server according to a public key and a unique identification of the gun equipment; if the check is passed, allowing the bargun equipment to work; if the verification fails, the device is judged to be an abnormal device, and the login fails.

9. A rifle authentication device comprising a memory having computer readable instructions stored therein and a processor which, when executing the computer readable instructions, implements a rifle authentication method according to any one of claims 1 to 7.

10. A computer readable medium storing a computer program, wherein the computer program, when executed by one or more processors, implements a rifle authentication method according to any one of claims 1 to 7.