CN113784344A - Trusted address binding device - Google Patents
Trusted address binding device Download PDFInfo
- Publication number
- CN113784344A CN113784344A CN202110956358.1A CN202110956358A CN113784344A CN 113784344 A CN113784344 A CN 113784344A CN 202110956358 A CN202110956358 A CN 202110956358A CN 113784344 A CN113784344 A CN 113784344A
- Authority
- CN
- China
- Prior art keywords
- equipment
- trusted
- module
- party
- registration
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 239000006185 dispersion Substances 0.000 claims abstract description 7
- 230000003993 interaction Effects 0.000 claims abstract description 4
- 238000004891 communication Methods 0.000 claims description 13
- 230000004913 activation Effects 0.000 claims description 7
- 238000004080 punching Methods 0.000 claims description 7
- 230000008859 change Effects 0.000 claims description 6
- 230000005611 electricity Effects 0.000 claims 1
- 238000001994 activation Methods 0.000 description 6
- 238000007689 inspection Methods 0.000 description 5
- 230000001960 triggered effect Effects 0.000 description 5
- 238000010586 diagram Methods 0.000 description 3
- 238000000034 method Methods 0.000 description 3
- 230000008569 process Effects 0.000 description 3
- 230000001360 synchronised effect Effects 0.000 description 3
- 125000004122 cyclic group Chemical group 0.000 description 2
- 229920000297 Rayon Polymers 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 239000000126 substance Substances 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
- H04W12/043—Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/40—Security arrangements using identity modules
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W60/00—Affiliation to network, e.g. registration; Terminating affiliation with the network, e.g. de-registration
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/70—Reducing energy consumption in communication networks in wireless communication networks
Abstract
The invention discloses a credible address binding device, which comprises a credible data module, an anti-dismantling module and an address authentication module, wherein the credible data module further comprises an initialization unit and a registration unit, and the initialization unit is used for presetting a device serial number, two dispersion factors, newly-built administrator application and common authority user application; the device comprises a registration unit, a power-on starting-up unit and a manager, wherein the registration unit is in a registration state by default when the device is installed and then powered on, the manager communicates with the device through manager equipment to perform data interaction, the device confirms the identity of the manager, completes device registration after receiving a registration instruction, and the device completing registration enters a working state; the anti-dismounting module is provided with a press anti-dismounting switch or a Hall sensor; the address authentication module is used for the third-party equipment to acquire the random number of the equipment, then encrypt the random number by using the secret key, return the encrypted result to the equipment, and externally authenticate the encrypted result by using the secret key of the corresponding secret key number in the trusted data unit.
Description
Technical Field
The invention belongs to the technical field of computer equipment, and particularly relates to a credible address binding device.
Background
In a large number of workplaces, manual patrol safety inspection needs to be carried out, such as dangerous chemical warehouse, office elevator, factory control room, school fence, hotel, hospital and the like, and most of the prior patrol inspection is finished manually and has no supervision mechanism. The inspection and card punching work content generally comprises inspection personnel, addresses, time and events, and the most difficult is the positioning of a credible address in an unsupervised process.
Conventionally, card punching is generally performed by using a fixed-point NFC (Near Field Communication) card, a two-dimensional code, and a GPS (Global Positioning System) signal. Through NFC, two-dimensional code, all just accomplish binding of place and position simply, can't accomplish the position credible in the position work, the personnel of punching the card can duplicate the two-dimensional code, NFC, perhaps remove the NFC or the two-dimensional code of binding the place to other places. The GPS signal has the condition that the signal of a part of areas is weak, or the precision of the GPS signal is insufficient when some areas need intensive routing inspection.
Disclosure of Invention
In view of the technical problems, the invention is used to provide a trusted address binding device, and is used to provide an internet of things device with identity authentication capability and anti-tamper function.
In order to solve the technical problems, the invention adopts the following technical scheme:
a trusted address binding device comprises a trusted data module, a tamper-proof module and an address authentication module,
the trusted data module further comprises an initialization unit and a registration unit, wherein the initialization unit is used for presetting an equipment serial number and two dispersion factors, newly building administrator applications and common authority user applications, adding a private key of each application to form an administrator user private key and a common authority user private key, and enabling the administrator user private key and the common authority user private key to be sub private keys which are dispersed by corresponding dispersion factors by respectively using an administrator user root private key and a common authority user root private key by the system; the device comprises a registration unit, a power-on starting-up unit and a manager, wherein the registration unit is in a registration state by default when the device is installed and then powered on, the manager communicates with the device through manager equipment to perform data interaction, the device confirms the identity of the manager, completes device registration after receiving a registration instruction, and the device completing registration enters a working state;
the anti-dismounting module is provided with a press anti-dismounting switch or a Hall sensor, and when the equipment is fixed at the position of the real physical environment to be bound, the press anti-dismounting switch or the Hall sensor of the fixed equipment is in an anti-dismounting state;
the address authentication module is used for the third-party equipment to acquire the random number of the equipment, then the random number is encrypted by using the secret key, the encrypted result is returned to the equipment, the equipment uses the secret key of the corresponding secret key number to carry out external authentication on the encrypted result in the trusted data unit, if the authentication is passed, the third party is considered to have the corresponding authority, then the operation requirement of the authority possessed by the user is passed, otherwise, the third-party equipment is rejected, and the third-party equipment is administrator or common authority user equipment.
Preferably, if the anti-disassembly module is provided with a press anti-disassembly switch, when the equipment is disassembled, the anti-disassembly switch is triggered, the equipment immediately becomes a forced disassembly state, an alarm is given, and the address authentication service is stopped being provided.
Preferably, if the anti-disassembly module is provided with a hall sensor, when the equipment is disassembled, the hall sensor leaves a small magnet fixed on a backboard of the equipment, the level change of the hall sensor is triggered, the equipment detects the level change and immediately changes the equipment state into a forced disassembly state, an alarm is given out, and the address authentication service is stopped being provided.
Preferably, the device further comprises an activation module, configured to receive a state activation instruction issued by an administrator to re-provide the address authentication service when the device is in the forced-release state.
Preferably, the hardware of the trusted data unit comprises a secure chip, a PSAM card or an ESIM card.
Preferably, the data communication between the device and the third party device includes at least one wireless communication mode of bluetooth, NFC, zigbee and wifi.
Preferably, the data communication between the device and the third party device comprises at least one limited communication mode of a USB or magnetic attraction interface.
Preferably, after the third party identity is authenticated by the device in a trusted manner, at least one of the operations of card punching, electric quantity acquisition, record acquisition, synchronous record acquisition, time acquisition, synchronous time acquisition and backup address information acquisition is performed.
Preferably, the device performs cyclic recording of operations with the third party, and the recording information includes at least one of time, third party device ID and interface event.
Preferably, the encryption algorithm used by the authentication encryption process of the device and the third party comprises at least one of symmetric algorithm and asymmetric algorithm.
The invention has the following beneficial effects:
(1) the equipment has identity uniqueness, identity authentication capability, low-power-consumption near-field communication capability, a trusted data unit and anti-dismantling function;
(2) the uniqueness of the identity of the equipment is guaranteed by a credible data unit of the equipment;
(3) when the equipment is in a forced removal state, the address authentication service can be continuously provided after a state activation instruction sent by an administrator is received;
(4) firstly, a strong binding relationship is formed between the anti-dismantling function of the low-power-consumption Internet of things equipment and an address, secondly, a person and the mobile equipment are bound by using the current figure identification technology, and then, the identity card is carried out with a third party through the trusted data operation unit, so that the uniqueness of the equipment is ensured, and a trusted address authentication service is provided for the outside.
Drawings
FIG. 1 is a functional block diagram of a trusted address binding device in accordance with one embodiment of the present invention;
fig. 2 is a schematic block diagram of a trusted address binding device according to yet another embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Example 1
Referring to fig. 1, a schematic block diagram of a trusted address binding device according to an embodiment of the present invention is shown, where the trusted address binding device includes a trusted data module, an anti-disassembly module, and an address authentication module, and the trusted data module further includes an initialization unit and a registration unit, where the initialization unit is configured to preset a device serial number and two dispersion factors, and newly create an administrator application and a general authority user application, and each application adds its own secret key to form an administrator user secret key and a general authority user secret key, and the administrator user secret key and the general authority user secret key are sub-secret keys dispersed by a system that respectively uses an administrator user root secret key and a general authority user root secret key to corresponding dispersion factors; the device comprises a registration unit, a power-on starting-up unit and a manager, wherein the registration unit is in a registration state by default when the device is installed and then powered on, the manager communicates with the device through manager equipment to perform data interaction, the device confirms the identity of the manager, completes device registration after receiving a registration instruction, and the device completing registration enters a working state; the anti-dismounting module is provided with a press anti-dismounting switch or a Hall sensor, and when the equipment is fixed at the position of the real physical environment to be bound, the press anti-dismounting switch or the Hall sensor of the fixed equipment is in an anti-dismounting state; the address authentication module is used for the third-party equipment to acquire the random number of the equipment, then the random number is encrypted by using the secret key, the encrypted result is returned to the equipment, the equipment uses the secret key of the corresponding secret key number to carry out external authentication on the encrypted result in the trusted data unit, if the authentication is passed, the third party is considered to have the corresponding authority, then the operation requirement of the authority possessed by the user is passed, otherwise, the third-party equipment is rejected, and the third-party equipment is administrator or common authority user equipment. And after the third-party identity is authenticated by the equipment in a credible mode, performing at least one operation of punching a card, acquiring electric quantity, acquiring record, synchronous record, acquiring time, synchronizing time and acquiring backup address information. The device carries out cyclic recording on the operation with the third party, and the recording information comprises at least one of time, third party device ID and interface event.
Example 2
On the basis of embodiment 1, referring to fig. 2, the trusted address binding device of the embodiment of the present invention further includes an activation module, configured to receive a state activation instruction issued by an administrator to re-provide the address authentication service when the device is in a forced-release state. The activation process is that after the equipment is detached, for example, a battery is replaced, the equipment is maintained, the equipment is prevented from being detached and is falsely triggered, at the moment, the equipment is in a state of being forcibly detached to be activated, the equipment can be reactivated only by the authority of an administrator, and a user with ordinary authority does not have the authority of reactivating the equipment.
When the trusted address binding device provided by the embodiment of the invention is used, the battery is firstly installed and then fixed in a specified place needing to provide the trusted address, such as a certain machine room wall, a certain kitchen wall and the like. And the registered equipment enters a working state, and the working state is stored in the flash by the equipment at the same time, so that the equipment is convenient to read after being restarted.
When the equipment is fixed at the real physical environment position that needs bind through modes such as punching, viscose buckle, the buffer stop of equipment after fixing is in the state of preventing tearing open. In a specific application example, if the anti-disassembly module is provided with a press anti-disassembly switch, when the equipment is disassembled, the anti-disassembly switch is triggered, the equipment immediately becomes a forced disassembly state, an alarm is sent, and the address authentication service is stopped being provided. If the anti-dismantling module is provided with the Hall sensor, when the equipment is dismantled, the Hall sensor leaves a small magnet fixed on the back plate of the equipment, the level change of the Hall sensor is triggered, the equipment detects the level change and immediately changes the equipment state into a forced dismantling state, an alarm is sent out, and the address authentication service is stopped being provided.
In a specific application example, the hardware of the trusted data unit includes a Security chip, a PSAM (Point of Service Security Control Module) card, or an eSIM (Embedded-SIM) card. The uniqueness of the identity of the equipment is guaranteed by a trusted data unit of the equipment.
In a specific application example, the data communication between the device and the third-party device includes at least one wireless communication mode of bluetooth, NFC, zigbee and wifi. The data communication between the equipment and the third-party equipment comprises at least one limited communication mode of a USB or a magnetic suction interface.
In a specific application example, the encryption algorithm used in the authentication encryption process of the device and the third party comprises at least one of a symmetric algorithm and an asymmetric algorithm. The authentication encryption algorithm is selected according to different secret key numbers, a symmetric encryption 3DES algorithm is used by default, and a symmetric encryption DES, AES and other asymmetric encryption algorithms such as RSA and the like can be selected.
It is to be understood that the exemplary embodiments described herein are illustrative and not restrictive. Although one or more embodiments of the present invention have been described with reference to the accompanying drawings, it will be understood by those of ordinary skill in the art that various changes in form and details may be made therein without departing from the spirit and scope of the present invention as defined by the following claims.
Claims (10)
1. A trusted address binding device is characterized by comprising a trusted data module, a tamper-proof module and an address authentication module,
the trusted data module further comprises an initialization unit and a registration unit, wherein the initialization unit is used for presetting an equipment serial number and two dispersion factors, newly building administrator applications and common authority user applications, adding a private key of each application to form an administrator user private key and a common authority user private key, and enabling the administrator user private key and the common authority user private key to be sub private keys which are dispersed by corresponding dispersion factors by respectively using an administrator user root private key and a common authority user root private key by the system; the device comprises a registration unit, a power-on starting-up unit and a manager, wherein the registration unit is in a registration state by default when the device is installed and then powered on, the manager communicates with the device through manager equipment to perform data interaction, the device confirms the identity of the manager, completes device registration after receiving a registration instruction, and the device completing registration enters a working state;
the anti-dismounting module is provided with a press anti-dismounting switch or a Hall sensor, and when the equipment is fixed at the position of the real physical environment to be bound, the press anti-dismounting switch or the Hall sensor of the fixed equipment is in an anti-dismounting state;
the address authentication module is used for the third-party equipment to acquire the random number of the equipment, then the random number is encrypted by using the secret key, the encrypted result is returned to the equipment, the equipment uses the secret key of the corresponding secret key number to carry out external authentication on the encrypted result in the trusted data unit, if the authentication is passed, the third party is considered to have the corresponding authority, then the operation requirement of the authority possessed by the user is passed, otherwise, the third-party equipment is rejected, and the third-party equipment is administrator or common authority user equipment.
2. The trusted address binding device of claim 1, wherein if the tamper module is configured to press a tamper switch, when the device is removed, the tamper switch is activated, the device immediately changes to a hard-remove state, an alarm is issued, and the provision of address authentication services is stopped.
3. The trusted address binding device of claim 1, wherein if the tamper module is a hall sensor, when the device is removed, the hall sensor moves away from a small magnet fixed on a backplane of the device, triggering a level change of the hall sensor, the device detecting the level change immediately changes the device state to a forced removal state, issuing an alarm, and stopping providing the address authentication service.
4. The trusted address binding apparatus of claim 1, further comprising an activation module, configured to receive a state activation command issued by an administrator to re-provide the address authentication service when the apparatus is in a forced-open state.
5. The trusted address binding apparatus of claim 1, wherein the hardware of the trusted data unit comprises a secure chip, a PSAM card, or an ESIM card.
6. A trusted address binding device as claimed in any one of claims 1 to 6, wherein the device communicates data with the third party device by at least one wireless communication means including Bluetooth, NFC, zigbee or wifi.
7. A trusted address binding device as claimed in any one of claims 1 to 6, wherein the device is in data communication with a third party device including at least one limited communication means of a USB or magnetic attraction interface.
8. The trusted address binding device of any one of claims 1 to 6, wherein after the third party identity is authenticated by the device in a trusted manner, the third party identity performs at least one of a card punching operation, an electricity quantity acquisition operation, a record acquisition operation, a synchronization record acquisition operation, a time acquisition operation, a synchronization time operation, and a backup address information acquisition operation.
9. A trusted address binding device as claimed in any one of claims 1 to 6, wherein the device performs a loop record of operation with the third party, the record information including at least one of time, third party device ID and interface events.
10. A trusted address binding device as claimed in any one of claims 1 to 6, wherein the cryptographic algorithm used by the device for authenticated encryption with a third party comprises at least one of symmetric and asymmetric algorithms.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110956358.1A CN113784344A (en) | 2021-08-19 | 2021-08-19 | Trusted address binding device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110956358.1A CN113784344A (en) | 2021-08-19 | 2021-08-19 | Trusted address binding device |
Publications (1)
Publication Number | Publication Date |
---|---|
CN113784344A true CN113784344A (en) | 2021-12-10 |
Family
ID=78838631
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202110956358.1A Pending CN113784344A (en) | 2021-08-19 | 2021-08-19 | Trusted address binding device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN113784344A (en) |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1379343A (en) * | 2002-04-30 | 2002-11-13 | 北京信源咨讯信息技术有限公司 | Entrance guard method and system using blue tooth technique in wireless authentication and data transmitting/receiving |
US6836548B1 (en) * | 1991-10-29 | 2004-12-28 | The Commonwealth Of Australia | Communications security and trusted path method and means |
CN103078757A (en) * | 2013-01-04 | 2013-05-01 | 中兴通讯股份有限公司 | Near field communication-based network element management method and system, inspection terminal, network manager and network element |
CN108764857A (en) * | 2018-06-08 | 2018-11-06 | 北京阿尔山金融科技有限公司 | Check card motivational techniques and the punch card system for equipment of checking card |
CN109461222A (en) * | 2018-10-22 | 2019-03-12 | 北京阿尔山金融科技有限公司 | Information access method of checking card, system and electronic equipment based on equipment of checking card |
CN111147239A (en) * | 2019-12-27 | 2020-05-12 | 郑州信大捷安信息技术股份有限公司 | Offline remote authorization authentication method and system |
CN111859348A (en) * | 2020-07-31 | 2020-10-30 | 上海微位网络科技有限公司 | Identity authentication method and device based on user identification module and block chain technology |
-
2021
- 2021-08-19 CN CN202110956358.1A patent/CN113784344A/en active Pending
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6836548B1 (en) * | 1991-10-29 | 2004-12-28 | The Commonwealth Of Australia | Communications security and trusted path method and means |
CN1379343A (en) * | 2002-04-30 | 2002-11-13 | 北京信源咨讯信息技术有限公司 | Entrance guard method and system using blue tooth technique in wireless authentication and data transmitting/receiving |
CN103078757A (en) * | 2013-01-04 | 2013-05-01 | 中兴通讯股份有限公司 | Near field communication-based network element management method and system, inspection terminal, network manager and network element |
CN108764857A (en) * | 2018-06-08 | 2018-11-06 | 北京阿尔山金融科技有限公司 | Check card motivational techniques and the punch card system for equipment of checking card |
CN109461222A (en) * | 2018-10-22 | 2019-03-12 | 北京阿尔山金融科技有限公司 | Information access method of checking card, system and electronic equipment based on equipment of checking card |
CN111147239A (en) * | 2019-12-27 | 2020-05-12 | 郑州信大捷安信息技术股份有限公司 | Offline remote authorization authentication method and system |
CN111859348A (en) * | 2020-07-31 | 2020-10-30 | 上海微位网络科技有限公司 | Identity authentication method and device based on user identification module and block chain technology |
Non-Patent Citations (2)
Title |
---|
刘斌;徐吉斌;: "基于身份的双向认证及密钥协商协议", 巢湖学院学报, no. 03 * |
张安东: "密钥分散管理系统——密钥生成算法实现", 中国优秀硕士学位论文全文数据库 * |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11070364B2 (en) | Secure communication method and smart lock system based thereof | |
EP2492878B1 (en) | Methods and apparatus to control access | |
CN103971435B (en) | Method for unlocking, server, mobile terminal, electronic lock and unlocking system | |
US8183980B2 (en) | Device authentication using a unidirectional protocol | |
US11184772B2 (en) | Secure communication platform | |
AU2016348413A1 (en) | Systems and methods for controlling access to physical space | |
EP2937806A1 (en) | Method and system for securing electronic data exchange between an industrial programmable device and a portable programmable device | |
TWI435272B (en) | Mobile smartcard based authentication | |
CN102883049A (en) | Hidden alarm unlocking method for mobile terminal, and mobile terminal | |
CN102693381A (en) | Method, device and system for anti-theft of portable computer equipment | |
US20210351920A1 (en) | Secure communication method and smart lock system based thereof | |
CN204904392U (en) | Intelligent lock system is encrypted in high in clouds | |
CN113282944B (en) | Intelligent lock unlocking method and device, electronic equipment and storage medium | |
US9953497B2 (en) | Merchandise security system with data collection features and relevant technical field | |
CN104506481A (en) | Authentication method of mobile communication network | |
CN113784344A (en) | Trusted address binding device | |
ES2880573T3 (en) | Method to verify the integrity of an electronic device, and the corresponding electronic device | |
CN111236105B (en) | Parking space lock management method, device and system and parking space lock | |
CN106815904B (en) | Access control method and device, access control equipment and system | |
CN107094079B (en) | Method, device and equipment for opening terminal function | |
CN204216909U (en) | Special service system information safety device | |
CN112311807A (en) | Method, device, equipment and storage medium for preventing smart card from being reused | |
CN113781675B (en) | Trusted inspection card punching method | |
CN107920097B (en) | Unlocking method and device | |
US9734366B2 (en) | Tamper credential |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |