CN116800423B - RFID-based data acquisition and double encryption and decryption data protection method and device - Google Patents
RFID-based data acquisition and double encryption and decryption data protection method and device Download PDFInfo
- Publication number
- CN116800423B CN116800423B CN202311082632.2A CN202311082632A CN116800423B CN 116800423 B CN116800423 B CN 116800423B CN 202311082632 A CN202311082632 A CN 202311082632A CN 116800423 B CN116800423 B CN 116800423B
- Authority
- CN
- China
- Prior art keywords
- data
- rfid
- tag
- key
- encryption
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 43
- 238000004590 computer program Methods 0.000 claims description 23
- 230000009977 dual effect Effects 0.000 claims description 17
- 230000006870 function Effects 0.000 claims description 15
- 230000008569 process Effects 0.000 claims description 13
- 230000005540 biological transmission Effects 0.000 claims description 5
- 238000012552 review Methods 0.000 claims description 2
- 238000013480 data collection Methods 0.000 claims 6
- 238000005516 engineering process Methods 0.000 description 14
- 238000012545 processing Methods 0.000 description 8
- 238000007726 management method Methods 0.000 description 4
- 238000004891 communication Methods 0.000 description 3
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 238000013500 data storage Methods 0.000 description 2
- 230000009849 deactivation Effects 0.000 description 2
- 230000004931 aggregating effect Effects 0.000 description 1
- 238000004458 analytical method Methods 0.000 description 1
- 238000003491 array Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000010485 coping Effects 0.000 description 1
- 230000006378 damage Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000007639 printing Methods 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 230000026676 system process Effects 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/14—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06K—GRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
- G06K17/00—Methods or arrangements for effecting co-operative working between equipments covered by two or more of main groups G06K1/00 - G06K15/00, e.g. automatic card files incorporating conveying and reading operations
- G06K17/0022—Methods or arrangements for effecting co-operative working between equipments covered by two or more of main groups G06K1/00 - G06K15/00, e.g. automatic card files incorporating conveying and reading operations arrangements or provisious for transferring data to distant stations, e.g. from a sensing device
- G06K17/0029—Methods or arrangements for effecting co-operative working between equipments covered by two or more of main groups G06K1/00 - G06K15/00, e.g. automatic card files incorporating conveying and reading operations arrangements or provisious for transferring data to distant stations, e.g. from a sensing device the arrangement being specially adapted for wireless interrogation of grouped or bundled articles tagged with wireless record carriers
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
Abstract
The application provides a data acquisition and double encryption and decryption data protection method and device based on RFID, which comprises the steps that an RFID traceable data cloud platform generates a public key and a private key pair to issue a public key for a brand business service platform, the brand business service platform writes a tag key corresponding to TID into an RFID tag and assembles data, the RFID tag is encrypted through a symmetric encryption algorithm to obtain first encrypted data, and the RFID traceable data cloud platform encrypts the first encrypted data through the private key to obtain second encrypted data; and the user sends a tracing request, the brand business platform indexes data from the RFID tracing data cloud platform according to the TID, performs first decryption by using a public key to obtain first encrypted data, performs second decryption by using a symmetric algorithm to obtain assembled data, and then sends the assembled data to the user. The method realizes that the traceable data is not stolen, and improves the safety of the data.
Description
Technical Field
The application relates to the technical field of data encryption, in particular to a data acquisition and double encryption and decryption data protection method and device based on RFID.
Background
At present, in the using process of a real item, the EPC area (User area) stores more business data, and according to a certain coding rule, the digital information of the article is analyzed, so that the reading and analysis of the data can be realized in an off-line environment, such as the international actual GS1 standard. But in actual projects, key information is rarely written in an RFID writable area to ensure the safety of service data generated based on the RFID chip, and the system data safety basically realizes data encryption, data storage and data decryption by means of upper software. The encryption technology is used for guaranteeing the safety of service data and managing the encryption key, but the risk of key loss still exists, and after the key is lost, the risk of total loss exists in database data, so that the risk is extremely high.
Therefore, there is a need for a new method and apparatus for RFID-based data acquisition and dual encryption/decryption data protection to overcome the above-mentioned drawbacks.
Disclosure of Invention
The application aims to provide a novel RFID-based data acquisition and double encryption and decryption data protection method and device, which improve data security, prevent system information from being mixed and flee and ensure data to be true and reliable.
In order to achieve the above object, the present application provides a method for data acquisition and dual encryption and decryption data protection based on RFID, comprising:
constructing an RFID traceability data cloud platform to generate a public-private key pair, wherein the RFID traceability data cloud platform issues a public key certificate for a brand business service platform, and the brand business platform performs initialization operation on an RFID tag and writes a tag key corresponding to a tag unique identification code TID;
the brand business platform reads a tag key in the RFID tag and assembles data, the assembled data is encrypted for the first time by using a symmetric encryption algorithm according to the tag key to obtain first encrypted data, and the first encrypted data is transmitted to the RFID traceability data cloud platform; the RFID traceability data cloud platform performs secondary encryption by using a private key to obtain secondary encrypted data, and then the secondary encrypted data uses a tag unique identification code TID as a unique index credential to aggregate data generated by a plurality of business process nodes and store the data in a platform database;
the user reads a tag key and a tag unique identification code TID in the RFID tag to send a tracing request, the brand business service platform verifies the tag key and the tag unique identification code TID sent by the user, indexes corresponding data in the RFID tracing data cloud platform, performs first decryption by using a public key to obtain first encrypted data, performs second decryption by using a symmetric algorithm according to the tag key to obtain assembled data, and then sends the assembled data to the user.
The application also provides a device of the data acquisition and double encryption and decryption data protection method based on RFID, which comprises:
the RFID traceability data cloud platform is used for tracing the data stored by the RFID, displaying the data and consulting the data;
the brand business service platform is used for writing data and locking passwords into the RFID and communicating with the RFID traceability data cloud platform for data feedback;
the data acquisition and transmission module is used for reading the data stored in the RFID tag and sending the read data to the brand business platform;
the data encryption module is used for encrypting and decrypting the data in the RFID tag;
and the RFID electronic tag is used for storing data and participating in encryption and decryption operations.
The application also provides a computer readable storage medium storing a computer program which when executed by a processor implements the steps of the RFID-based data acquisition and dual encryption and decryption data protection method.
The application also provides a computer terminal which comprises a memory, a processor and a computer program stored in the memory and capable of running on the processor, wherein the processor realizes the steps of the RFID-based data acquisition and double encryption and decryption data protection method when executing the computer program.
Compared with the related technology, the UHF RFID chip is combined with the digital encryption technology, so that the double encryption of the data is realized on an upper software system, and the data security of enterprises is protected. The double encryption technology combines the symmetric encryption technology with the asymmetric encryption technology, so that the encryption complexity is improved, the data decoding difficulty and decoding cost are increased, and the data encryption security is improved.
Drawings
For a clearer description of the technical solutions of the embodiments of the present application, the drawings that are needed in the description of the embodiments are briefly introduced below, the drawings in the following description are only some embodiments of the present application, and other drawings can be obtained according to these drawings without inventive effort for a person skilled in the art, wherein:
FIG. 1 is a flow chart of the RFID-based data acquisition and dual encryption and decryption data protection method of the present application;
FIG. 2 is an encryption flow chart of RFID-based data acquisition and dual encryption and decryption data protection according to the present application;
fig. 3 is a decryption flow chart of the RFID-based data acquisition and dual encryption decryption data protection of the present application.
Detailed Description
The following description of the technical solutions in the embodiments of the present application will be clear and complete, and it is obvious that the described embodiments are only some embodiments of the present application, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application.
Referring to fig. 1, the application provides a data acquisition and dual encryption and decryption data protection method based on RFID, which includes:
s1, constructing an RFID traceability data cloud platform to generate a public-private key pair according to an asymmetric encryption algorithm, wherein the RFID traceability data cloud platform issues a public key certificate for a brand business platform, and the brand business platform initializes an RFID tag, wherein the initialization operation comprises the following steps: and writing a tag key corresponding to the tag unique identification code TID, printing a surface bar code of the RFID electronic tag, writing the tag key into an EPC area, and setting an EPC locking password.
S2, the brand business platform reads a tag key in the RFID tag and performs assembly data, wherein the assembly data comprises but is not limited to TID, IP address, time, position, event description, geographic position information, flow and the like which need to be formed in a ciphertext mode. Specifically, the method for assembling data may be: the brand business service platform selects instruction data to be executed from the data in the RFID read-write equipment to generate an MCU instruction; the MCU instruction comprises MCU instruction head data and MCU instruction parameter data; and taking MCU instruction head data as the instruction head data, taking MCU instruction parameter data as the instruction parameter data section, carrying out instruction body data assembly processing according to the requirements of a brand business platform on the data to generate the instruction body data, and carrying out RFID instruction data assembly processing according to the instruction head data and the instruction body data to generate assembly data. In this way, the efficiency of assembling data can be significantly improved. Performing first encryption on the assembled data by using a symmetric encryption algorithm according to the tag key to obtain first encrypted data, and transmitting the first encrypted data to the RFID traceability data cloud platform; the RFID traceability data cloud platform uses a private key to encrypt the first encrypted data for the second time to obtain second encrypted data, and then the second encrypted data uses a tag unique identification code TID as a unique index credential to aggregate data generated by a plurality of business process nodes and store the data in a platform database;
the data generated by aggregating the plurality of business process nodes refers to business data generated in the RFID tag circulation process, all the business data are uploaded to the RFID traceability data cloud platform in the encryption mode, and all the business data form the same group of data by taking the tag unique identification code TID as the unique index credential.
S3, the user reads a tag key and a tag unique identification code TID in the RFID tag to send a tracing request, the brand business service platform verifies the tag key and the tag unique identification code TID sent by the user and verifies whether the data are consistent, if so, business processing is carried out, corresponding data are indexed in the RFID tracing data cloud platform, first decryption is carried out by using a public key to obtain first encrypted data, second decryption is carried out by using a symmetric algorithm according to the tag key to obtain assembled data, and then the assembled data is sent to the user; and if not, sending a locking command to the RFID tag to prohibit reading and writing.
As will be described in detail below in connection with fig. 2 and 3, the overall solution of the dual encryption mechanism comprises four major parts, respectively:
A. RFID electronic tag, TID is as electronic identity card of the article; the EPC data is used as a tag key to participate in encryption and decryption operations.
B. An RFID read-write device;
C. the brand business system processes business logic, encrypts and decrypts business data and transmits the business data to the traceability data cloud platform;
D. the RFID traceability data platform is characterized by comprising an RFID traceability data platform, a centralized data platform, a public key certificate issued for a brand party and a secondary encryption by using an asymmetric encryption algorithm.
And the RFID traceability data cloud platform issues a public key certificate for the brand business platform, and the public key certificate is used for carrying out authenticity identity verification and encryption and decryption operation with the RFID traceability data platform.
The brand business service platform prints the bar code on the surface of the RFID electronic tag, writes the tag key into the EPC area, and sets the EPC locking password.
The EPC (Electronic Product Code) area is a key area in the RFID chip for storing product information and identifying a product, and data stored in the area is readable and writable. It may contain a globally unique identification code (Global Trade Item Number, GTIN) issued by the GS1 authority, as well as vendor-specified lot number, serial number, etc., specifying uniqueness and traceability. The EPC area has the functions of improving the visibility, automation and accuracy of product management, helping to discover new applications and solve practical problems, and further providing a technical foundation and development space for innovation.
In the application, the EPC area is written with a tag key corresponding to the unique tag identification code, and the tag key generation flow is as follows:
calculating the shortTID according to the tag unique identification code TID of the RFID tag;
calculating seed number, calculating random number by algorithm, and using time stamp as seed number;
setting a version number;
scattering the sequence of the shortTID, the seed number and the version number through an algorithm;
the checksum is calculated by a checksum algorithm.
The Reserved area is a Reserved area in the RFID chip, which is used to store access/deactivation password information. The Reserved area has the function of reserving flexible innovation and expansion space, is beneficial to coping with technical requirements and innovation opportunities which are continuously changed in the future, and further provides possibility of technical upgrading and expansion for innovation.
The locking function of the RFID chip can be realized by utilizing the Reserved area function, after locking, the EPC and User area data are rewritten, and access passwords are needed, otherwise, the EPC and User area data are rewritten without rights, so that the data security of the chip is improved; the RFID deactivation function is realized, and the tag can not generate a modulation signal to activate the radio frequency field after effectively using the Kill command, so that the chip is permanently disabled.
The tag key refers to writing unique key information corresponding to the TID in an EPC or User area of the RFID chip, and simultaneously setting access rights (only a User accessing the key can rewrite data in the writable area of the chip, and other users cannot modify the data) to the chip by utilizing the chip locking function, so that the RFID chip is prevented from being maliciously rewritten in the market circulation process, the key is prevented from being lost, and the data security problem is caused.
In order to ensure the uniqueness of the RFID tag key in practical project application, the key needs to be generated according to a certain algorithm rule and written into the chip through the RFID read-write equipment. Considering that the lengths of the EPC areas (User areas) of the chips of different labels are inconsistent, the lengths of the unique keys set by different items are not fixed, and the AES algorithm only supports the keys with fixed lengths of 128 bits, 192 bits and 256 bits, so that the MD5 information digest algorithm is used for converting the chip keys with different lengths into the fixed 128 bits, and the AES algorithm requirement is met.
When the above operation is completed, encryption can be performed, and the operation is as follows:
reading the tag key K3 through RFID read-write equipment, and uploading the tag key K3 to a brand business service platform;
the brand business service platform assembles service data;
the brand business platform uses MD5 hash function to operate K3 to obtain a secret key K5=Md5 (K3);
first encryption, using a symmetric encryption algorithm: AES (key=k5, data) =data1;
the brand business service platform transmits the data1 to the RFID traceability data cloud platform through the transmission interface;
a second encryption, using the private key of the asymmetric encryption algorithm: RSA (key=private key, data 1) =data2;
the data2 is stored to a database.
When the third party user needs to trace the source, decryption is carried out, and the operation is as follows:
the user uses the RFID reader-writer to collect the data of the tag, including the tag key K3 and the TID, and uploads the data to the brand business platform;
the brand business platform receives the data requested by the reader-writer to carry out business processing;
the brand business platform sends a request transmission tag unique identification code TID to the RFID traceability data cloud platform;
the brand business service platform queries ciphertext data2 in a database according to the TID, and uses a public key certificate for the first time of data decryption: RSA (key=public key, data 2) =data1;
calculating K3 by using an MD5 hash function to obtain a key k5=md5 (K3);
decrypting the second time data: using a symmetric encryption algorithm: AES (key=k5, data 1) =data;
and returning the plaintext information data to a third party user for data display or data review.
The data decryption ensures that the tag key is not acquired by a third system through two decryption operations, so that the security level of the system is improved; the data encryption and decryption operations need the direct participation of the RFID chip, so that the safety of the data is improved.
Data encryption technology is a core technology of data security, and particularly in the current information age of everything interconnection. So that how the data is secured: the problems of data theft, tampering, destruction and the like are becoming more and more important. And various encryption technologies are used, and certain rules are utilized for carrying out algorithm integration, so that the algorithm is complicated, the decoding difficulty and decoding cost are improved, and therefore, the data is safer.
Based on UHF RFID double encryption technology integrated wireless radio frequency technology, digital encryption technology, data storage technology, belongs to basic technical research, is applicable to all uses RFID technology to do informatization management, and has strict requirements on data security.
At the current of high informatization, the digital and informatization management is often needed to integrate different scenes, different equipment, different applications and different technical information to avoid information islands, realize data interconnection and intercommunication and build an integrated digital management platform.
The application also provides a data acquisition and double encryption and decryption data protection device based on RFID, which comprises:
the RFID traceability data cloud platform is used for tracing the data stored by the RFID, displaying the data and consulting the data;
the brand business service platform is used for writing data and locking passwords into the RFID and communicating with the RFID traceability data cloud platform for data feedback;
the data acquisition and transmission module is used for reading the data stored in the RFID tag and sending the read data to the brand business platform;
the data encryption module is used for encrypting and decrypting the data in the RFID tag;
and the RFID electronic tag is used for storing data and participating in encryption and decryption operations.
Compared with the related art, the application writes the unique key information corresponding to the TID in the writable area of the RFID chip, realizes one key of one chip, and the service data generated by each chip can be encrypted and decrypted only according to the key corresponding to the chip. In the circulation process of the supply chain, all RFID secret key information (combined with RFID) is difficult to collect (almost impossible to realize), so that even if cloud platform data are leaked, a hacker cannot analyze the data, the security level of the platform data is improved, and the security of the platform data is ensured.
Based on the dynamic key, namely a key of one chip, the data decryption, the data display and the data viewing of the single article are realized at the data consumption end. The secret key can only decrypt own data, can not decrypt other data, prevents system information from being mixed, and ensures that the data is true and reliable.
And encrypting and decrypting the data by using an asymmetric algorithm, and confirming identities of both communication parties in the encryption and decryption process to ensure that the data are legal and effective.
In another aspect, the present application further provides a computer readable storage medium storing a computer program, where the computer program when executed by a processor implements the steps of the RFID-based data acquisition and dual encryption/decryption data protection method described above.
An extension of another aspect of the present application also provides a computer terminal, including a memory, a processor, and a computer program stored in the memory and executable on the processor, where the processor implements the steps of the RFID-based data acquisition and dual encryption/decryption data protection method described above when the processor executes the computer program.
The processor, when executing the computer program, performs the functions of the modules/units in the above-described device embodiments. The computer program may be divided into one or more modules/units, which are stored in the memory and executed by the processor to accomplish the present application, for example. The one or more modules/units may be a series of computer program instruction segments capable of performing the specified functions, which instruction segments are used for describing the execution of the computer program in the terminal device.
The computer terminal can be a desktop computer, a notebook computer, a palm computer, a cloud server and other computing devices. May include, but is not limited to, a processor, memory. More or fewer components may be included or certain components may be combined, or different components may be included, for example, in input and output devices, network access devices, buses, etc.
The processor may be a central processing unit (Central Processing Unit, CPU), but may also be other general purpose processors, digital signal processors (Digital Signal Processor, DSP), application specific integrated circuits (Application Specific Integrated Circuit, ASIC), off-the-shelf programmable gate arrays (Field-Programmable Gate Array, FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, or the like. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
The memory may be an internal storage unit, such as a hard disk or a memory. The memory may also be an external storage device, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash Card, etc. Further, the memory may also include both internal storage units and external storage devices. The memory is used for storing the computer program and other programs and data. The memory may also be used to temporarily store data that has been output or is to be output.
It will be apparent to those skilled in the art that, for convenience and brevity of description, only the above-described division of the functional units and modules is illustrated, and in practical application, the above-described functional distribution may be performed by different functional units and modules according to needs, i.e. the internal structure of the apparatus is divided into different functional units or modules to perform all or part of the above-described functions. The functional units and modules in the embodiment may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit, where the integrated units may be implemented in a form of hardware or a form of a software functional unit. In addition, the specific names of the functional units and modules are only for distinguishing from each other, and are not used for limiting the protection scope of the present application. The specific working process of the units and modules in the above system may refer to the corresponding process in the foregoing method embodiment, which is not described herein again.
In the foregoing embodiments, the descriptions of the embodiments are emphasized, and in part, not described or illustrated in any particular embodiment, reference is made to the related descriptions of other embodiments.
Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
In the embodiments provided in the present application, it should be understood that the disclosed apparatus/terminal device and method may be implemented in other manners. For example, the apparatus/terminal device embodiments described above are merely illustrative, e.g., the division of the modules or units is merely a logical function division, and there may be additional divisions in actual implementation, e.g., multiple units or components may be combined or integrated into another system, or some features may be omitted or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed may be an indirect coupling or communication connection via interfaces, devices or units, which may be in electrical, mechanical or other forms.
The units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional unit in the embodiments of the present application may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units may be implemented in hardware or in software functional units.
The integrated modules/units, if implemented in the form of software functional units and sold or used as stand-alone products, may be stored in a computer readable storage medium. Based on such understanding, the present application may implement all or part of the flow of the method of the above embodiment, or may be implemented by a computer program to instruct related hardware, where the computer program may be stored in a computer readable storage medium, and when the computer program is executed by a processor, the computer program may implement the steps of each of the method embodiments described above. Wherein the computer program comprises computer program code which may be in source code form, object code form, executable file or some intermediate form etc. The computer readable medium may include: any entity or device capable of carrying the computer program code, a recording medium, a U disk, a removable hard disk, a magnetic disk, an optical disk, a computer Memory, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), an electrical carrier signal, a telecommunications signal, a software distribution medium, and so forth. It should be noted that the computer readable medium contains content that can be appropriately scaled according to the requirements of jurisdictions in which such content is subject to legislation and patent practice, such as in certain jurisdictions in which such content is subject to legislation and patent practice, the computer readable medium does not include electrical carrier signals and telecommunication signals.
The foregoing description is only illustrative of the present application and is not intended to limit the scope of the application, and all equivalent structures or equivalent processes or direct or indirect application in other related technical fields are included in the scope of the present application.
Claims (10)
1. The RFID-based data acquisition and double encryption and decryption data protection method is characterized by comprising the following steps of:
constructing an RFID traceability data cloud platform to generate a public-private key pair, wherein the RFID traceability data cloud platform issues a public key certificate for a brand business service platform, and the brand business platform performs initialization operation on an RFID tag and writes a tag key corresponding to a tag unique identification code TID; the tag key refers to writing unique key information corresponding to the TID in an EPC or User area of the writable area of the RFID chip, and setting access rights for writing the chip by utilizing a chip locking function;
the brand business platform reads a tag key in the RFID tag and assembles data, the assembled data is encrypted for the first time by using a symmetric encryption algorithm according to the tag key to obtain first encrypted data, and the first encrypted data is transmitted to the RFID traceability data cloud platform; the RFID traceability data cloud platform performs secondary encryption by using a private key to obtain secondary encrypted data, and then the secondary encrypted data uses a tag unique identification code TID as a unique index credential to aggregate data generated by a plurality of business process nodes and store the data in a platform database;
the user reads a tag key and a tag unique identification code TID in the RFID tag to send a tracing request, the brand business service platform verifies the tag key and the tag unique identification code TID sent by the user, indexes corresponding data in the RFID tracing data cloud platform, performs first decryption by using a public key to obtain first encrypted data, performs second decryption by using a symmetric algorithm according to the tag key to obtain assembled data, and then sends the assembled data to the user.
2. The method for data collection and dual encryption and decryption data protection based on RFID according to claim 1, wherein the initializing operation of the RFID tag by the RFID traceability data cloud platform includes:
the brand business service platform prints the bar code on the surface of the RFID electronic tag, writes the tag key into the EPC area, and sets the EPC locking password.
3. The method for RFID-based data collection and dual encryption/decryption data protection according to claim 2, wherein the tag key generation process corresponding to the tag unique identification TID includes:
calculating the shortTID according to the TID of the RFID tag;
calculating seed number, calculating random number by algorithm, and using time stamp as seed number;
setting a version number;
scattering the sequence of the shortTID, the seed number and the version number through an algorithm;
the checksum is calculated by a checksum algorithm.
4. The method for RFID-based data collection and dual encryption/decryption data protection as set forth in claim 3, wherein the first encryption by the brand business platform using a symmetric encryption algorithm comprises:
reading a tag key K3 of the RFID tag through RFID read-write equipment, and transmitting the tag key K3 to the brand business platform;
the brand business platform assembles business data and uses MD5 hash function to calculate the label key, wherein K5=Md5 (K3); the first encryption uses the symmetric encryption algorithm AES (key=k5, data) =data1;
and the brand business platform transmits the first encrypted data1 to the RFID traceability data cloud platform through an HTTP interface.
5. The method for RFID-based data collection and dual encryption/decryption data protection as set forth in claim 4, wherein the RFID-traceable data cloud platform performs the second encryption using an asymmetric encryption algorithm, comprising:
the RFID traceability data cloud platform uses an asymmetric encryption algorithm: RSA (key=private key, data 1) =data2;
the private key corresponds to a public key certificate of the brand business platform;
and the RFID traceability data cloud platform stores the second encrypted data2 into a database.
6. The method for acquiring and doubly encrypting data based on RFID of claim 5, wherein the brand business platform obtains corresponding data from the RFID traceable data cloud platform, and performs a first decryption using a public key to obtain second encrypted data, and performing the second decryption using a symmetric algorithm to obtain the first encrypted data comprises:
the user collects the data of the RFID tag and uploads the data to the brand business service platform;
the brand business platform receives the request parameters, sends a request for acquiring the second encrypted data to the RFID traceability data cloud platform, and decrypts the first data: RSA (key=public key, data 2) =data1;
the brand business platform uses MD5 hash function to operate the tag key K3 to obtain a key K5=Md5 (K3);
decrypting the second time data: using a symmetric encryption algorithm: AES (key=k5, data 1) =data;
and returning the plaintext information data of the assembled data to a user for data display or data review.
7. The method of claim 1, wherein the assembled data includes TID, time, location, event description and flow.
8. An apparatus for applying the RFID-based data collection and dual encryption/decryption data protection method as set forth in any one of claims 1 to 6, comprising:
the RFID traceability data cloud platform is used for tracing the data stored by the RFID, displaying the data and consulting the data;
the brand business service platform is used for writing data and locking passwords into the RFID and communicating with the RFID traceability data cloud platform for data feedback;
the data acquisition and transmission module is used for reading the data stored in the RFID tag and sending the read data to the brand business platform;
the data encryption module is used for encrypting and decrypting the data in the RFID tag;
and the RFID tag is used for storing data and participating in encryption and decryption operations.
9. A computer readable storage medium storing a computer program, wherein the computer program when executed by a processor implements the steps of the RFID-based data collection and dual encryption/decryption data protection method according to any one of claims 1 to 6.
10. A computer terminal comprising a memory, a processor and a computer program stored in the memory and executable on the processor, characterized in that the processor, when executing the computer program, realizes the steps of the RFID-based data acquisition and dual encryption/decryption data protection method according to any one of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311082632.2A CN116800423B (en) | 2023-08-28 | 2023-08-28 | RFID-based data acquisition and double encryption and decryption data protection method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311082632.2A CN116800423B (en) | 2023-08-28 | 2023-08-28 | RFID-based data acquisition and double encryption and decryption data protection method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN116800423A CN116800423A (en) | 2023-09-22 |
| CN116800423B true CN116800423B (en) | 2023-11-03 |
Family
ID=88044226
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311082632.2A Active CN116800423B (en) | 2023-08-28 | 2023-08-28 | RFID-based data acquisition and double encryption and decryption data protection method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116800423B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117528501B (en) * | 2024-01-08 | 2024-04-05 | 深圳市卡的智能科技有限公司 | Anti-cracking RFID tag, initializing method and reading method thereof |
Citations (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR100817222B1 (en) * | 2007-02-28 | 2008-03-27 | 롯데정보통신 주식회사 | Method for encrypting/decrypting electronic product code and rfid system using the same |
| EP1976222A2 (en) * | 2007-03-30 | 2008-10-01 | Skyetek, Inc | Low cost RFID tag security and privacy method |
| CN101593264A (en) * | 2008-05-28 | 2009-12-02 | 北京中食新华科技有限公司 | Method for anti-counterfeit based on radio-frequency (RF) identification |
| KR20130059054A (en) * | 2011-11-28 | 2013-06-05 | 주식회사 쓰리제이 | Method for authenticating information written in rfid tag and rfid access device configured to conduct the same method |
| CN104700125A (en) * | 2013-12-06 | 2015-06-10 | 江苏本能科技有限公司 | AES encryption and verification of ultra high frequency radio identification system |
| CN107342864A (en) * | 2017-05-22 | 2017-11-10 | 广东工业大学 | A kind of tripartite's verification method and system based on read write line, label and database |
| CN107547203A (en) * | 2016-06-29 | 2018-01-05 | 深圳长城开发科技股份有限公司 | A kind of false proof source tracing method and system |
| CN110335055A (en) * | 2019-07-17 | 2019-10-15 | 中国银行股份有限公司 | Business datum retroactive method and device based on cloud platform |
| CN111368948A (en) * | 2020-02-25 | 2020-07-03 | 成都睿畜电子科技有限公司 | Novel off-line encryption authentication method for UHF ear tag |
| CN112997448A (en) * | 2018-09-12 | 2021-06-18 | 皇家飞利浦有限公司 | Public/private key system with reduced public key size |
| CN114070646A (en) * | 2021-11-29 | 2022-02-18 | 阳光人寿保险股份有限公司 | Data encryption and decryption method, system, device, electronic equipment and medium |
| WO2022142038A1 (en) * | 2020-12-29 | 2022-07-07 | 平安普惠企业管理有限公司 | Data transmission method and related device |
| WO2023283789A1 (en) * | 2021-07-12 | 2023-01-19 | Oppo广东移动通信有限公司 | Secure communication method and apparatus, terminal device, and network device |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20030115455A1 (en) * | 2001-12-19 | 2003-06-19 | Aull Kenneth W. | Method and apparatus for centralized processing of hardware tokens for PKI solutions |
| KR101581853B1 (en) * | 2010-12-23 | 2016-01-04 | 한국전자통신연구원 | Rfid security reader and method for security thereof |
| CN107347058B (en) * | 2016-05-06 | 2021-07-23 | 阿里巴巴集团控股有限公司 | Data encryption method, data decryption method, device and system |
| KR102651820B1 (en) * | 2021-12-03 | 2024-03-27 | 주식회사 스패로우 | Hybrid cloud-based SECaaS device for the security of confidential data and method thereof |
-
2023
- 2023-08-28 CN CN202311082632.2A patent/CN116800423B/en active Active
Patent Citations (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR100817222B1 (en) * | 2007-02-28 | 2008-03-27 | 롯데정보통신 주식회사 | Method for encrypting/decrypting electronic product code and rfid system using the same |
| EP1976222A2 (en) * | 2007-03-30 | 2008-10-01 | Skyetek, Inc | Low cost RFID tag security and privacy method |
| CN101593264A (en) * | 2008-05-28 | 2009-12-02 | 北京中食新华科技有限公司 | Method for anti-counterfeit based on radio-frequency (RF) identification |
| KR20130059054A (en) * | 2011-11-28 | 2013-06-05 | 주식회사 쓰리제이 | Method for authenticating information written in rfid tag and rfid access device configured to conduct the same method |
| CN104700125A (en) * | 2013-12-06 | 2015-06-10 | 江苏本能科技有限公司 | AES encryption and verification of ultra high frequency radio identification system |
| CN107547203A (en) * | 2016-06-29 | 2018-01-05 | 深圳长城开发科技股份有限公司 | A kind of false proof source tracing method and system |
| CN107342864A (en) * | 2017-05-22 | 2017-11-10 | 广东工业大学 | A kind of tripartite's verification method and system based on read write line, label and database |
| CN112997448A (en) * | 2018-09-12 | 2021-06-18 | 皇家飞利浦有限公司 | Public/private key system with reduced public key size |
| CN110335055A (en) * | 2019-07-17 | 2019-10-15 | 中国银行股份有限公司 | Business datum retroactive method and device based on cloud platform |
| CN111368948A (en) * | 2020-02-25 | 2020-07-03 | 成都睿畜电子科技有限公司 | Novel off-line encryption authentication method for UHF ear tag |
| WO2022142038A1 (en) * | 2020-12-29 | 2022-07-07 | 平安普惠企业管理有限公司 | Data transmission method and related device |
| WO2023283789A1 (en) * | 2021-07-12 | 2023-01-19 | Oppo广东移动通信有限公司 | Secure communication method and apparatus, terminal device, and network device |
| CN114070646A (en) * | 2021-11-29 | 2022-02-18 | 阳光人寿保险股份有限公司 | Data encryption and decryption method, system, device, electronic equipment and medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN116800423A (en) | 2023-09-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Qi et al. | Cpds: Enabling compressed and private data sharing for industrial Internet of Things over blockchain | |
| CN108846010B (en) | Method, system, computer system and storage medium for tracing product source in network | |
| US8745370B2 (en) | Secure sharing of data along supply chains | |
| CN101166089B (en) | Secret information management apparatus and secret information management system | |
| US8931689B2 (en) | Systems and methods for anti-counterfeit authentication through communication networks | |
| CN105631690A (en) | Product forgery prevention and management system based on radio frequency identification (RFID) chip and method thereof | |
| CN116800423B (en) | RFID-based data acquisition and double encryption and decryption data protection method and device | |
| Lin et al. | A cloud-based authentication protocol for RFID supply chain systems | |
| CN108537314A (en) | Product marketing system and method based on Quick Response Code | |
| CN111292041A (en) | Electronic contract generating method, device, equipment and storage medium | |
| CN112019561B (en) | Digital encryption method and system based on block chain technology | |
| CN101593264A (en) | Method for anti-counterfeit based on radio-frequency (RF) identification | |
| CN104704527A (en) | Encrypted data store for records | |
| CN112332975A (en) | Internet of things equipment secure communication method and system | |
| Qi et al. | Ants can carry cheese: secure and private RFID-enabled third-party distribution | |
| US8638938B2 (en) | Symmetric key subscription | |
| CN111008400A (en) | Data processing method, device and system | |
| CN110225028A (en) | A kind of distribution anti-counterfeiting system and its method | |
| CN113420049A (en) | Data circulation method and device, electronic equipment and storage medium | |
| Han et al. | Fine-grained business data confidentiality control in cross-organizational tracking | |
| CN115065682A (en) | Product tracing full life cycle management system based on industrial internet identification analysis | |
| CN116226880A (en) | Block chain ciphertext retrieval security traceability system based on searchable encryption | |
| CN115001869A (en) | Encryption transmission method and system | |
| CN110798321B (en) | Article information service method based on block chain | |
| CN108540288B (en) | Dynamic RSA encryption and identification method for Ultralight radio frequency card by using timestamp |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |