CN1968079B - Unidirectional open source data transmission method - Google Patents
Unidirectional open source data transmission method Download PDFInfo
- Publication number
- CN1968079B CN1968079B CN 200510086914 CN200510086914A CN1968079B CN 1968079 B CN1968079 B CN 1968079B CN 200510086914 CN200510086914 CN 200510086914 CN 200510086914 A CN200510086914 A CN 200510086914A CN 1968079 B CN1968079 B CN 1968079B
- Authority
- CN
- China
- Prior art keywords
- transmit leg
- recipient
- synchronous
- synchronously
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Abstract
The invention relates to a method for communicating data, wherein sender wirelessly transmits coded information (with Tkey) to the receiver, and synchronously counts; the receiver uses Tkey to decode the information, and judges the time synchronous count. The inventive method can reduce complexity and improve efficiency, while it can avoid false record.
Description
Technical field
The invention belongs to a kind of communication means of transfer of data, relate in unidirectional data transmission procedure of increasing income, guarantee that data content can not crack and the method that can not copy deception.
Described unidirectional implication is that transmitter is only launched data, receiver receives only data, does not have the feedback data of receiver to transmitter.
Described implication of increasing income is that in the data transfer procedure, except the recipient of appointment, other users also can obtain its information (as radio communication, Web broadcast etc.).
This method is particularly related to employed method in a kind of computer token system, is used to avoid the invador to crack authentication information, prevents the recording playback deception.
Background technology
In the prior art, the security product that is used for one-way transmission mainly adopts the regular coding integrated circuit, as codec chips such as PT2262, PT2272, AX5326, AX5327.Very easy quilt catch aloft that electric wave code word and scanning follows the tracks of etc. method crack, can only be used for some to the less demanding place of secret and safe.An aerial cheaply electric wave code copying apparatus just can crack this type systematic in less than the time in 1 second; And the method that adopts scanning to follow the tracks of also only needed tens of minutes just can crack this type systematic.
A kind of HCS series rolling code coding chip based on the KEELOQ algorithm can overcome above-mentioned shortcoming: adopted non-linear bit encryption technology before transmission code, produced the rolling coding with confidentiality.Make each code that sends all be unique, irregular and not repeat, thereby prevented decoding means such as illegal seizure and scanning tracking.
But because its implementation is to adopt fixing integrated circuit, determine the sequence of rolling code, thereby realize the interference of data, make this scheme that following shortcoming be arranged by addressing:
1. configuration is complicated, needs this chip programming before dispatching from the factory.By unique key write memory of factory's generation, as the basis of encrypting.
2. fail safe deficiency, its key length is limited, only has 64, and also may reveal its key information in programming process.Only keep 16 with step number, knowing under the prerequisite of key, enumerate 65536 times and just can break through.The assailant can just finish the traversal formula in a short period of time and attack.
3. need acquire chip with receiving two ends in emission, thereby cause the cost of product and transmit leg power consumption to increase greatly.
Another realizes that by the RSA PKI method of safe transmission also can effectively prevent to catch and scan tracking in the air.
Described RSA public key algorithm is based on that big several factor decomposes difficulty and there is following shortcoming in a kind of public key encryption algorithm of inventing:
1, RSA calculation of complex.RSA Algorithm then mainly is to count greatly computing, comprises multiplication, asks mould, gets computings such as surplus, and this requires processor that enough memory spaces and computing capability are arranged.
2, RSA efficient is low.Reason is the same, carries out cryptographic calculation equally one time, slow at least 1000 times than common symmetry algorithm of RSA.This seems all right on ordinary PC, but in flush bonding processor, this is unacceptable, usually, wherein finishes the RSA computing in embedded processing, will cooperate a DSP or special-purpose hardware co-processor usually.
3, the checking that realizes based on RSA requires bidirectional data transfers.Obviously, this is inapplicable in the system of one-way transmission, no matter realizes cost, equipment power dissipation, all is worthless.
Obviously, adopt RSA Algorithm computing complexity, the processor workload is big, and power consumption is big, and cost also can jumboly increase.
Summary of the invention
Transmission security problem in, the communication of increasing income unidirectional one to one in order to solve, concrete take precautions against following attack:
1, behind assailant's data intercept, crack its content, thereby data falsification is attacked the recipient.
2, the assailant can't crack under the data cases, data recording, and the playback of selecting a good opportunity simply, deception recipient (being the recording playback deception).
The present invention cooperates data encryption to solve the problems of the technologies described above by adopting time synchronized.
As shown in Figure 1, a kind of simplex system comprises transmit leg (TX) and recipient (RX), and wherein: transmit leg can only send data, can not receive data; The recipient can only receive data can not send data.
Transmit leg uses an identical transmission security key (Tkey) with the recipient, uses the symmetry cryptographic algorithm to realize the encrypt and decrypt of data, and wherein transmit leg is only encrypted, and the recipient only deciphers.
In data transmission procedure, the common same synchronous counting (SyncCount) that uses of transmit leg and recipient, this counting (SyncCount) and time correlation synchronously is in transmit leg and recipient's while monotonic increase (+1).This count value preferably adopts 32-128 bit data to be described.
Inaccurate and other reasons causes synchronous counting (SyncCount) when losing because of power down or clock for transmit leg or recipient, is judged to be asynchronously, and takes synchronizing step: forced to refresh by transmit leg, promptly send " synchronization frame ".
Transmit leg and recipient safeguard a synchronous ordinal number (SyncSeq) respectively, and when transmit leg sent synchronization frame at every turn, no matter whether the recipient receives (because one-way communication), ordinal number all can increase progressively a random value and together send with synchronization frame synchronously.When the recipient receives synchronization frame, judge whether to have taken place the recording playback deception by check to synchronous ordinal number.
Frame is the information that will transmit in the communication process.
Description of drawings
By the description of carrying out below in conjunction with the accompanying drawing that an example exemplarily is shown, above-mentioned and other purposes of the present invention and characteristics will become apparent, wherein:
The rough schematic that Fig. 1 constitutes for system;
Fig. 2 is the transport process of Frame;
Fig. 3 is the transport process of synchronization frame.
Embodiment
First embodiment
Data structure
In the transmission course, transmit leg can send different frames, and its frame head is a fixed structure:
Frame head=ID+LEN+CMD+CRC, wherein:
ID: addressing information, the just uniqueness of transmit leg sign.
LEN: frame length.
CMD: order, just frame type.
CRC: check value, optional 16 CRC or 128 s' MD5.
Press the difference of frame type, be listed as follows:
Table 1
| The frame title | Frame structure and explanation |
| The configuration frame | Configuration frame=frame head+Tkey (transmission security key)+SyncSeq (ordinal number synchronously)+data (other data) Tkey: transmission security key (length is from 128-256).SyncSeq: synchronous ordinal number (initial value).The configuration frame is that optionally if transmit leg and recipient's configuration is finished by alternate manner, this frame can not realized.This frame only sends once during disposing. |
| Synchronization frame | Synchronization frame=Tkey{CRC+SyncCount (counting synchronously)+SyncSeq (ordinal number synchronously)+random data } wherein: Tkey{...} represents with the content in the Tkey encryption bracket; CRC: internal data verification. |
| Frame | Frame=Tkey{CRC+SyncCount (synchronously counting)+Data} is wherein: Tkey{...} represents to encrypt content in the bracket with Tkey; CRC: internal data verification; |
Wherein:
Configuration frame: in the equipment initial procedure, carry out the frame that initial configuration transmits, comprise the initial synchronisation data by transmit leg.
Synchronization frame: send square end by user's ACTIVE CONTROL and send.
Frame: according to the normal data that send of needs of transfer of data.
Workflow
One, configuration frame and initialization
When device initialize started, transmit leg and recipient started assembly and time system independent of each other separately respectively, as counter, and timer etc.And send the configuration frame by transmit leg:
Configuration frame=frame head+Tkey (transmission security key)+SyncSeq (ordinal number synchronously)+data (other data)
Tkey: transmission security key (length is from 128-256).
SyncSeq: synchronous ordinal number (initial value).
The configuration frame is optionally, if transmit leg and recipient's configuration is finished by alternate manner, then can omit the configuration frame.This frame only sends once during disposing.
Concrete process is as follows:
1. the recipient can obtain system clock (RealTime) from computer, and this clock belongs to zebra time, is 64 long integers, and meter is from the time difference (is unit with 100ns) till now on January 1st, 1601.The recipient can be with the birthday (Birthday) as equipment at that time time when finishing initial configuration.
2. the recipient safeguards a timer TimerRx, and this timer is unidirectional as time goes by to be increased progressively, per 2 seconds+1; This timer can be lost when power down.When powering on:
TimerRx=(RealTime-Birthday)/10/1000/1000/2
(formula 1)
(to time difference of birthday remove 10 the microsecond number gets a millisecond number and gets a second number)
What be that the recipient safeguards is a recoverable relative time (with respect to equipment disposition time).
3. transmit leg is safeguarded a timer TimerTx (promptly counting synchronously), and this timer is unidirectional as time goes by to be increased progressively, per 2 seconds+1; This timer can reset when power down.
4. the recipient also safeguards the shadow counter of a TimerTx: TimerTxShadow.This counter added 1 in same per 2 seconds.
Two, Frame and transfer of data
Referring to Fig. 2
All Frames use transmission security key (Tkey) to encrypt, and its length makes under existing software and hardware condition from 128-256 or higher, can't realize traveling through the formula Brute Force.
In data transmission procedure, the common counting (SyncCount) synchronously that uses of transmit leg and recipient in the Frame, this counting (SyncCount) and time correlation synchronously, after identical time interval T, transmit leg and recipient be monotonic increase (+1) simultaneously.This count value preferably adopts 32-128 bit data to be described.
Making all has difference when each the transmission through the Frame data behind the scrambled, and the assailant is in that do not know can't data decryption under the situation of Tkey.
Even the assailant has recorded a piece of data, attempt replay data deception recipient, because counting (SyncCount) does not match synchronously, the recipient can not respond.
Three, synchronization frame and synchronizing process
Referring to Fig. 3
In like manner in the fail safe of Frame, synchronization frame is also encrypted by Tkey, even the assailant has recorded data, because the recipient can discover the recording playback deceptive practices effectively to the check of synchronous ordinal number.
Introduce synchronizing process below in detail:
The triggering of synchronizing process:
● when receiving Frame each time, the recipient judge TimerTx that this frame carries whether with the TimerTxShadow coupling, if do not match, think then " asynchronous " that it is synchronous again to require the user to initiate synchronization frame.
● perhaps the user is by the equipment on the transmit leg, and manually control starts synchronizing process.
● the transmit leg power down causes the clock-reset of transmit leg.
● transmit leg has been initiated one subsynchronous, and the recipient does not receive.
● the system for computer time has been changed, and causes recipient's timestamp to calculate mistake.
● transmit leg and recipient are after long-term work, because the difference (crystal oscillator) of device is inaccurate when causing clock to be walked.
● other need synchronous situation.
Synchronous process:
1. when transmit leg sends signal, as long as the recipient receives signal and deciphering/verification succeeds, will be with TimerTx and synthetic timestamp of TimerRx of receiving, be saved in the memory of equipment (being saved as TimerRx ' and TimerTx '), the recipient can upgrade TimerTxShadow and be formed in the identical value of TimerTx simultaneously.
2. when the recipient powers on, calculated current TimerRx, read the last timestamp of preserving synchronously the time then according to the method in the initial procedure (formula 1), can extrapolate current sender " should " the TimerTx value that has.Be the TimerTxShadow value:
TimerTxShadow=(TimerRx’-TimerRx)+TimerTx’;
So, after recipient's power down, insert again, need not again synchronously, can work on.
Preferably, in synchronization frame,, also have following additional project and measures in order to prevent recording playback deception (assailant records down the signal of synchronization frame, attempts using same signal deception recipient):
1. transmit leg stores a synchronous ordinal number (SyncSeq), and SyncSeq can increase progressively and be saved in memory at every turn at random when sending synchronization frame.
2. the recipient also stores a synchronous ordinal number (SyncSeq '), after each success synchronously, allows SyncSeq '=SyncSeq, also is saved in device memory then.
3. when the recipient receives synchronization frame, whether judge SyncSeq ' less than SyncSeq, if be not less than, judge that this synchronization frame is assailant's a curve, reporting system also takes security measures, as self-destruction recipient's data.
Further preferred, the present invention is used in the computer token system.
This token is divided into two authentication information, adopt unidirectional radio communication therebetween, its transmit leg is carried by the user, the recipient connects on computers by USB interface, transmit leg sends an authentication information every Fixed Time Interval, the recipient receives back its correctness of checking and is submitted to computer, thus the visit of control computer resource.
Second embodiment
As system among first embodiment and method, the synchronous counting (SyncCount) of its use and synchronous ordinal number (SyncSeq) can be all the order of successively decreasing; Perhaps counting is for increasing progressively synchronously, and ordinal number is for successively decreasing synchronously; Perhaps counting is for successively decreasing synchronously, and ordinal number is for increasing progressively synchronously.
Wherein, the regular time T of being separated by calculates synchronous counting, pre-determines, and is not limited to 2 seconds.
The method that the present invention relates to operates in transmit leg and the recipient realizes on the processor of hardware, and curable in hardware chip.
Said method all is a simple deformation on the technology of the present invention, is identical technical scheme.
Technique effect
The invention solves under unidirectional, the situation of increasing income, the data transmission safety problem can prevent effectively that the assailant to the cracking and analyzing of data, also can prevent the recording playback deception effectively.
The present invention has following characteristics:
1, high security, one, the symmetry AES key length of this method support is 128-256, the possibility of its combination is 2128-2
256, under the prerequisite of algorithm security, heavy attack (namely enumerating key) is substantially impossible. Its two, time factor has produced great interference to the data after encrypting, by known-plaintext and ciphertext, thereby the method for resolving key is equally invalid. Its three, synchronous counting has solved the problem of recording playback deception effectively with the synchronously introducing of ordinal number.
2, cost is low, and with respect to using special-purpose rolling code IC or using two-way communication to cooperate the realization of public key algorithm, the present invention does not have high requirements to the hardware that Related product uses, and general single-chip microcomputer can be realized.
3, extensibility is strong, and the related algorithm that the present invention uses can be according to the hardware capabilities flexible choice of Related product, and such as the optional CRC16 of data checking algorithm or MD5, AES also can be selected.
Claims (9)
1. the method for the unidirectional transfer of data of increasing income is characterized in that:
Transmit leg transmits the information of using cipher key T key to encrypt by Radio Transmission Technology to the recipient, comprises synchronous counting SyncCount in this information; A) transmit leg uses transmission security key Tkey to encrypt, and the recipient uses transmission security key Tkey to be decrypted,
B) transmit leg and recipient use separate time system, after identical time interval T, synchronous counting are counted, and are judged whether to be in synchronous regime by the recipient, whether need synchronizing process,
C) legal data are further handled, illegal data are not responded, perhaps the triggering synchronous process.
2. method according to claim 1 is characterized in that:
Described step b) further is:
B1) recipient preserves synchronous counting TimerTx ' that transmit leg transmits respectively and the synchronous counting TimerRx ' of this locality is a timestamp,
B2) after the identical time interval, transmit leg is counted TimerTx and recipient synchronously count TimerRx synchronously and count, and transmit leg is counted TimerTx synchronously send to equidirectional,
B3) recipient calculates current transmit leg according to the holding time stamp and counts shadow TimerTxShadow synchronously,
B4) relatively the transmit leg transmit leg of counting shadow TimerTxShadow and current reception is synchronously counted TimerTx synchronously, need to judge whether synchronous.
3. method according to claim 1 and 2 is characterized in that:
Transmit leg stores synchronous ordinal number SyncSeq,
It is the synchronous ordinal number SyncSeq ' of recipient that the recipient stores this synchronous ordinal number,
When sending synchronization frame, transmit leg increases progressively synchronous ordinal number SyncSeq at random, and the synchronous ordinal number SyncSeq transmission after will increasing,
When the recipient receives synchronization frame, judge that the synchronous ordinal number SyncSeq ' of recipient whether less than synchronous ordinal number SyncSeq, if be not less than, judges that this synchronization frame is an invalid data, reporting system also takes security measures.
4. method according to claim 1 and 2 is characterized in that: the length of described transmission security key is greater than or equal to 128.
5. method according to claim 3 is characterized in that: the length of described transmission security key is greater than or equal to 128.
6. method according to claim 1 and 2 is characterized in that: be used in the computer token system, its transmit leg can be carried by the user, by the access control of checking realization to computer resource.
7. method according to claim 3 is characterized in that: be used in the computer token system, its transmit leg can be carried by the user, by the access control of checking realization to computer resource.
8. method according to claim 4 is characterized in that: be used in the computer token system, its transmit leg can be carried by the user, by the access control of checking realization to computer resource.
9. method according to claim 5 is characterized in that: be used in the computer token system, its transmit leg can be carried by the user, by the access control of checking realization to computer resource.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200510086914 CN1968079B (en) | 2005-11-17 | 2005-11-17 | Unidirectional open source data transmission method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200510086914 CN1968079B (en) | 2005-11-17 | 2005-11-17 | Unidirectional open source data transmission method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1968079A CN1968079A (en) | 2007-05-23 |
| CN1968079B true CN1968079B (en) | 2010-12-22 |
Family
ID=38076655
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 200510086914 Active CN1968079B (en) | 2005-11-17 | 2005-11-17 | Unidirectional open source data transmission method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1968079B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103945371B (en) * | 2013-01-17 | 2018-07-06 | 中国普天信息产业股份有限公司 | A kind of method that End to End Encryption synchronizes |
| US11057157B2 (en) * | 2018-06-29 | 2021-07-06 | Hewlett Packard Enterprise Development Lp | Transmission frame counter |
| CN112003823B (en) * | 2020-07-17 | 2023-01-17 | 江阴市富仁高科股份有限公司 | Information safety transmission method based on CAN bus and application |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1043643A2 (en) * | 1999-04-03 | 2000-10-11 | SEW-EURODRIVE GMBH & CO. | Cable system for wiring a cell |
| CN1455591A (en) * | 2002-04-30 | 2003-11-12 | 电子科技大学 | Video/data broadcasting co-channel multi-flow transparent transmitting method |
| CN1154294C (en) * | 2001-08-11 | 2004-06-16 | 华为技术有限公司 | Method for end encryption of mobile station end adapted for 3G system |
| CN1516967A (en) * | 2001-06-18 | 2004-07-28 | External memory for PVR |
-
2005
- 2005-11-17 CN CN 200510086914 patent/CN1968079B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1043643A2 (en) * | 1999-04-03 | 2000-10-11 | SEW-EURODRIVE GMBH & CO. | Cable system for wiring a cell |
| CN1516967A (en) * | 2001-06-18 | 2004-07-28 | External memory for PVR | |
| CN1154294C (en) * | 2001-08-11 | 2004-06-16 | 华为技术有限公司 | Method for end encryption of mobile station end adapted for 3G system |
| CN1455591A (en) * | 2002-04-30 | 2003-11-12 | 电子科技大学 | Video/data broadcasting co-channel multi-flow transparent transmitting method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN1968079A (en) | 2007-05-23 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US6836843B2 (en) | Access control through secure channel using personal identification system | |
| US8239679B2 (en) | Authentication method, client, server and system | |
| EP1175749B1 (en) | High security biometric authentication using a public key/private key encryption pairs | |
| CN100490372C (en) | A method for backup and recovery of encryption key | |
| CN100559393C (en) | RFID label and reader thereof, reading system and safety certifying method | |
| US6912659B2 (en) | Methods and device for digitally signing data | |
| JP3917679B2 (en) | High bandwidth cryptographic system with low bandwidth cryptographic module | |
| US20060153380A1 (en) | Personal cryptoprotective complex | |
| US20030112972A1 (en) | Data carrier for the secure transmission of information and method thereof | |
| KR101874721B1 (en) | Identity authentication system, apparatus, and method, and identity authentication request apparatus | |
| US20090153290A1 (en) | Secure interface for access control systems | |
| US20150288517A1 (en) | System and method for secured communication | |
| GB2538052A (en) | Encoder, decoder, encryption system, encryption key wallet and method | |
| CN110381055B (en) | RFID system privacy protection authentication protocol method in medical supply chain | |
| RU2005105579A (en) | HIGHLY RELIABLE BIOMETRIC DEVICE | |
| CN102932143B (en) | Certification in digital interrogation device, encrypting and decrypting and tamper resistant method | |
| MY129357A (en) | Device authentication unit, method, recording media which records device authentication program | |
| ES2185217T3 (en) | PROCEDURE FOR THE VERIFICATION OF THE AUTHENTICITY OF A DATA SUPPORT. | |
| JP4919690B2 (en) | Magnetic card reading system | |
| WO2012019397A1 (en) | Method and system for identifying radio frequency identification tag | |
| CN105281902A (en) | Web system safety login method based on mobile terminal | |
| CN1968079B (en) | Unidirectional open source data transmission method | |
| KR20210063377A (en) | Device to be authenticated, authentication device, authentication request transmission method, authentication method, and program | |
| CN109101803A (en) | Biometric apparatus and method | |
| KR20080099631A (en) | Method for using contents with a mobile card, host device, and mobile card |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |