[go: up one dir, main page]

CN105703904A - Anti-fake method based on public key cipher and system - Google Patents

Anti-fake method based on public key cipher and system Download PDF

Info

Publication number
CN105703904A
CN105703904A CN201410699445.3A CN201410699445A CN105703904A CN 105703904 A CN105703904 A CN 105703904A CN 201410699445 A CN201410699445 A CN 201410699445A CN 105703904 A CN105703904 A CN 105703904A
Authority
CN
China
Prior art keywords
certificate
random challenge
pki
private key
manufacturer
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201410699445.3A
Other languages
Chinese (zh)
Other versions
CN105703904B (en
Inventor
荆继武
韩晔
章庆隆
向继
高能
刘宗斌
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Data Assurance and Communication Security Research Center of CAS
Original Assignee
Data Assurance and Communication Security Research Center of CAS
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Data Assurance and Communication Security Research Center of CAS filed Critical Data Assurance and Communication Security Research Center of CAS
Priority to CN201410699445.3A priority Critical patent/CN105703904B/en
Publication of CN105703904A publication Critical patent/CN105703904A/en
Application granted granted Critical
Publication of CN105703904B publication Critical patent/CN105703904B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

本发明公开了一种基于公钥密码的防伪方法和系统,由出厂打标设备生成第一公私密钥对,由防伪模块生成第二公私密钥对,通过在注册步骤生成根证书、与第一公钥相关的厂商证书、与第一私钥和第二公钥相关的商品证书,以及在验证步骤中生成随机挑战信息和与第二私钥相关的随机挑战响应信息,进行逐次验证,由此提高了安全性。

The present invention discloses an anti-counterfeit method and system based on public key cryptography. A first public-private key pair is generated by a factory-made marking device, and a second public-private key pair is generated by an anti-counterfeiting module. By generating a root certificate in the registration step, and the first public-private key pair A manufacturer's certificate related to a public key, a commodity certificate related to the first private key and the second public key, and random challenge information and random challenge response information related to the second private key are generated in the verification step for successive verification, by This improves security.

Description

一种基于公钥密码的防伪方法及系统An anti-counterfeiting method and system based on public key cryptography

技术领域technical field

本发明涉及密钥安全领域,特别涉及一种基于公钥密码的防伪方法及系统。The invention relates to the field of key security, in particular to an anti-counterfeiting method and system based on public key cryptography.

背景技术Background technique

现有基于密码的防伪系统主要采用对称密码算法。对称密码算法有时又叫传统密码算法,就是加密密钥能够从解密密钥中推算出来,反过来利用加密密钥也能推算出解密密钥。在大多数对称算法中,加密解密密钥是相同的,它要求发送者和接收者在安全通信之前,商定一个密钥,利用同一个密钥进行加密和解密。因此,基于对称密码算法的系统,其安全性依赖于密钥,泄漏密钥就意味着任何人都能对消息进行加密解密。Existing password-based anti-counterfeiting systems mainly use symmetric cryptographic algorithms. Symmetric cryptographic algorithms are sometimes called traditional cryptographic algorithms, that is, the encryption key can be deduced from the decryption key, and the decryption key can also be deduced from the encryption key in turn. In most symmetric algorithms, the encryption and decryption keys are the same, which requires the sender and receiver to agree on a key before secure communication, and use the same key for encryption and decryption. Therefore, the security of a system based on a symmetric cryptographic algorithm depends on the key, and leaking the key means that anyone can encrypt and decrypt the message.

对称密码算法的优点在于效率高,算法简单,系统开销小,适合加密大量数据。尽管对称密码术有一些很好的特性,但它也存在着明显的缺陷。首先,进行安全通信前需要以安全方式进行密钥交换;而进行安全的密钥交换在某些情况下会非常困难,甚至无法实现。其次,规模复杂;举例来说,A与B两人之间的密钥必须不同于A和C两人之间的密钥,否则给B的消息的安全性就会受到威胁;因此,在有1000个用户的团体中,A需要保持至少999个密钥;对于该团体中的其它用户,此种情况同样存在,而这个团体一共需要将近50万个不同的密钥,推而广之,n个用户的团体需要n2/2个不同的密钥。The advantages of symmetric encryption algorithms are high efficiency, simple algorithm, low system overhead, and are suitable for encrypting large amounts of data. Although symmetric cryptography has some great properties, it also has significant drawbacks. First, secure communication requires key exchange in a secure manner; and secure key exchange can be difficult or even impossible in some cases. Secondly, the scale is complex; for example, the key between A and B must be different from the key between A and C, otherwise the security of the message to B will be threatened; therefore, when there are In a group of 1000 users, A needs to keep at least 999 keys; for other users in the group, this situation also exists, and this group needs nearly 500,000 different keys in total. By extension, n A community of users requires n 2 /2 different keys.

由于对称密码算法本身有以上不足,使得现有的基于对称密码算法的防伪系统在密钥管理和密钥分发方面面临较大的挑战;对称密钥算法中加解密使用的同一个密钥,或者能从加密密钥很容易推出解密密钥,一旦被攻击者窃取,整个防伪系统也将会被破解。Due to the above shortcomings of the symmetric encryption algorithm itself, the existing anti-counterfeiting system based on the symmetric encryption algorithm faces greater challenges in key management and key distribution; the same key used for encryption and decryption in the symmetric key algorithm, or The decryption key can be easily deduced from the encryption key. Once stolen by an attacker, the entire anti-counterfeiting system will also be cracked.

发明内容Contents of the invention

有鉴于此,本发明的主要目的在于提供一种基于公钥密码的防伪方法及系统,在避免了密钥规模复杂的同时,提高了安全性。In view of this, the main purpose of the present invention is to provide an anti-counterfeiting method and system based on public key cryptography, which can improve security while avoiding complex key scale.

为实现上述目的,本发明提供了一种基于公钥密码的防伪方法,包括:In order to achieve the above object, the present invention provides a kind of anti-counterfeiting method based on public key cryptography, comprising:

注册步骤:Registration steps:

防伪认证中心生成根证书,将根证书发送至验证设备;The anti-counterfeiting certification center generates a root certificate and sends the root certificate to the verification device;

出厂打标设备生成第一私钥,并通过公钥密码算法生成第一公钥,并将第一公钥发送至防伪认证中心;The factory marking equipment generates the first private key, and generates the first public key through the public key cryptography algorithm, and sends the first public key to the anti-counterfeiting certification center;

所述防伪认证中心根据所述第一公钥生成厂商证书,并将所述厂商证书发送至出厂打标设备;The anti-counterfeiting certification center generates a manufacturer's certificate according to the first public key, and sends the manufacturer's certificate to the factory marking equipment;

设置于待防伪产品中的防伪模块生成第二私钥和第二公钥,并将所述第二公钥发送至所述出厂打标设备;The anti-counterfeit module installed in the product to be anti-counterfeited generates a second private key and a second public key, and sends the second public key to the outgoing marking device;

所述出厂打标设备利用所述第一私钥和第二公钥生成商品证书,并将所述厂商证书和商品证书发送至所述防伪模块;The ex-factory marking device uses the first private key and the second public key to generate a commodity certificate, and sends the manufacturer certificate and commodity certificate to the anti-counterfeiting module;

验证步骤:Verification steps:

验证设备生成随机挑战信息并将所述随机挑战信息发送至所述防伪模块;The verification device generates random challenge information and sends the random challenge information to the anti-counterfeiting module;

所述防伪模块利用所述第二私钥和所述随机挑战信息生成随机挑战响应信息,并将所述随机挑战响应信息、厂商证书和商品证书发送至所述验证设备;The anti-counterfeiting module uses the second private key and the random challenge information to generate random challenge response information, and sends the random challenge response information, manufacturer certificate and commodity certificate to the verification device;

验证设备依次验证根证书、厂商证书、商品证书以及随机挑战响应信息。The verification device verifies the root certificate, manufacturer certificate, commodity certificate and random challenge response information in sequence.

进一步,注册步骤中所述防伪认证中心生成根证书包括:Further, the root certificate generated by the anti-counterfeiting certification authority in the registration step includes:

所述防伪认证中心生成第三公钥和第三私钥;The anti-counterfeiting certification center generates a third public key and a third private key;

所述防伪认证中心利用所述第三私钥对所述第三公钥进行签名,生成所述根证书。The anti-counterfeit certification center uses the third private key to sign the third public key to generate the root certificate.

进一步,在注册步骤中,所述防伪认证中心利用所述第三私钥对所述第一公钥进行签名,生成所述厂商证书。Further, in the registration step, the anti-counterfeiting certification center uses the third private key to sign the first public key to generate the manufacturer certificate.

进一步,注册步骤中设置于待防伪产品中的防伪模块生成第二私钥和第二公钥,并将所述第二公钥发送至所述出厂打标设备包括:Further, the anti-counterfeiting module set in the product to be anti-counterfeited in the registration step generates a second private key and a second public key, and sending the second public key to the factory marking equipment includes:

所述防伪模块成随机数,根据所述随机数生成第二私钥;The anti-counterfeiting module generates a random number, and generates a second private key according to the random number;

所述防伪模块根据所述第二私钥和公钥密码算法生成第二公钥;The anti-counterfeiting module generates a second public key according to the second private key and a public key cryptographic algorithm;

所述防伪模块将所述第二公钥发送至所述出厂打标设备。The anti-counterfeiting module sends the second public key to the factory marking device.

进一步,注册步骤中所述出厂打标设备利用所述第一私钥和第二公钥生成商品证书,并将所述厂商证书和商品证书发送至所述防伪模块包括:Further, in the registration step, the ex-factory marking device uses the first private key and the second public key to generate a commodity certificate, and sending the manufacturer certificate and commodity certificate to the anti-counterfeiting module includes:

所述出厂打标设备利用所述第一私钥对所述第二公钥进行签名,生成所述商品证书;The ex-factory marking device uses the first private key to sign the second public key to generate the commodity certificate;

将所述厂商证书和商品证书发送至所述防伪模块。Send the manufacturer certificate and commodity certificate to the anti-counterfeiting module.

进一步,验证步骤中所述防伪模块利用所述第二私钥和所述随机挑战信息生成随机挑战响应信息,并将所述随机挑战响应信息、厂商证书和商品证书发送至所述验证设备包括:Further, in the verification step, the anti-counterfeiting module uses the second private key and the random challenge information to generate random challenge response information, and sending the random challenge response information, manufacturer certificate and commodity certificate to the verification device includes:

所述防伪模块利用所述第二私钥对所述随机挑战信息进行签名,生成所述随机挑战响应信息;The anti-counterfeiting module uses the second private key to sign the random challenge information to generate the random challenge response information;

所述防伪模块将所述随机挑战响应信息、厂商证书和商品证书发送至所述验证设备。The anti-counterfeiting module sends the random challenge response information, manufacturer certificate and commodity certificate to the verification device.

进一步,验证步骤中的所述验证设备依次验证根证书、厂商证书、商品证书以及随机挑战响应信息包括:Further, the verification device in the verification step sequentially verifies the root certificate, manufacturer certificate, commodity certificate and random challenge response information including:

所述验证设备对所述根证书进行签名认证,由此获得第三公钥;The verification device performs signature verification on the root certificate, thereby obtaining a third public key;

所述验证设备利用获得的第三公钥对所述厂商证书进行签名验证,获得第一公钥;The verification device uses the obtained third public key to perform signature verification on the manufacturer certificate to obtain the first public key;

所述验证设备利用获得的第一公钥对所述商品证书进行签名验证,获得第二公钥;The verification device uses the obtained first public key to perform signature verification on the commodity certificate to obtain a second public key;

所述验证设备利用获得的第二公钥对所述随机挑战响应信息进行签名验证,获得随机挑战信息;The verification device uses the obtained second public key to perform signature verification on the random challenge response information to obtain random challenge information;

所述验证设备对比由所述随机挑战响应信息中获得的随机挑战信息与所述验证设备生成的随机挑战信息,若一致则验证成功,若不一致则验证失败。The verification device compares the random challenge information obtained from the random challenge response information with the random challenge information generated by the verification device, and if they are consistent, the verification succeeds, and if they are inconsistent, the verification fails.

本发明还提供了一种基于公钥密码的防伪系统,包括:出厂打标设备、防伪认证中心、防伪模块及验证设备;The present invention also provides an anti-counterfeiting system based on public key cryptography, including: factory marking equipment, an anti-counterfeiting certification center, an anti-counterfeiting module and verification equipment;

其中,所述出厂打标设备包括第一密钥生成模块及商品证书生成模块;所述第一密钥生成模块用于在注册阶段生成第一私钥,通过公钥密码算法生成第一公钥,并将第一公钥发送至所述防伪认证中心;所述商品证书生成模块用于在注册阶段利用所述第一私钥和第二公钥生成商品证书;Wherein, the factory marking equipment includes a first key generation module and a commodity certificate generation module; the first key generation module is used to generate the first private key in the registration phase, and generate the first public key through the public key cryptography algorithm , and send the first public key to the anti-counterfeiting certification center; the commodity certificate generating module is used to generate a commodity certificate using the first private key and the second public key during the registration phase;

所述防伪认证中心用于在注册阶段生成根证书,将根证书发送至验证设备,以及用于根据所述第一公钥生成厂商证书,并将所述厂商证书发送至所述出厂打标设备;The anti-counterfeiting certification center is used to generate a root certificate during the registration phase, send the root certificate to the verification device, and is used to generate a manufacturer's certificate according to the first public key, and send the manufacturer's certificate to the factory marking device ;

所述防伪模块设置于待防伪产品中,包括第二密钥生成模块和随机挑战响应信息模块;所述第二密钥生成模块在注册阶段用于生成第二私钥和第二公钥,并将所述第二公钥发送至所述出厂打标设备;所述随机挑战响应信息模块用于在验证阶段利用所述第二私钥和随机挑战信息生成随机挑战响应信息,并将所述随机挑战响应信息、厂商证书和商品证书发送至所述验证设备;The anti-counterfeiting module is set in the anti-counterfeiting product, including a second key generation module and a random challenge response information module; the second key generation module is used to generate a second private key and a second public key during the registration phase, and Send the second public key to the factory marking device; the random challenge response information module is used to generate random challenge response information using the second private key and random challenge information in the verification phase, and send the random The challenge response information, manufacturer certificate and commodity certificate are sent to the verification device;

所述验证设备包括在验证阶段用于生成随机挑战信息并将所述随机挑战信息发送至所述防伪模块的随机挑战生成模块;以及用于依次验证根证书、厂商证书、商品证书以及随机挑战响应信息的验证模块。The verification device includes a random challenge generating module for generating random challenge information and sending the random challenge information to the anti-counterfeiting module in the verification phase; and for sequentially verifying root certificates, manufacturer certificates, commodity certificates and random challenge responses Information verification module.

采用本发明提供的一种基于公钥密码的防伪方法和系统,由出厂打标设备生成第一公私密钥对,由防伪模块生成第二公私密钥对,通过在注册步骤生成根证书、与第一公钥相关的厂商证书、与第一私钥和第二公钥相关的商品证书,以及在验证步骤中生成随机挑战信息和与第二私钥相关的随机挑战响应信息,进行逐次验证,由此提高了安全性。Using the anti-counterfeiting method and system based on public key cryptography provided by the present invention, the first public-private key pair is generated by the marking equipment at the factory, the second public-private key pair is generated by the anti-counterfeiting module, and the root certificate is generated in the registration step. The manufacturer's certificate related to the first public key, the commodity certificate related to the first private key and the second public key, and the random challenge information and the random challenge response information related to the second private key are generated in the verification step for successive verification, Security is thereby increased.

附图说明Description of drawings

图1为本发明一种基于公钥密码的防伪方法流程示意图;Fig. 1 is a schematic flow chart of an anti-counterfeiting method based on public key cryptography in the present invention;

图2为本发明一种基于公钥密码的防伪方法典型实施例流程示意图。Fig. 2 is a schematic flow chart of a typical embodiment of an anti-counterfeiting method based on public key cryptography according to the present invention.

具体实施方式detailed description

为了使本发明的目的、技术方案及优点更加清楚明白,以下参照附图并举实施例,对本发明作进一步详细说明。In order to make the purpose, technical solution and advantages of the present invention more clear, the present invention will be further described in detail below with reference to the accompanying drawings and examples.

本发明是基于以下考虑实现的:The present invention is realized based on the following considerations:

公钥密码也称为非对称密码,是一种密码体制,例如目前应用最广泛的RSA算法以及椭圆曲线算法(SM2)。在非对称密码体制中,加密算法和解密算法使用不同的密钥:一个是公钥,一个是私钥。公钥密码算法用两个密钥中的一个将明文转换成密文,用另一个密钥从密文恢复出明文。现有技术中,公钥密码体制应用主要为加密\解密、数字签名和密钥交换。Public key cryptography, also known as asymmetric cryptography, is a cryptographic system, such as the RSA algorithm and the elliptic curve algorithm (SM2), which are currently the most widely used. In an asymmetric cryptosystem, the encryption algorithm and the decryption algorithm use different keys: one is a public key and the other is a private key. Public-key cryptography uses one of two keys to convert plaintext into ciphertext, and uses the other key to recover plaintext from ciphertext. In the prior art, the applications of public key cryptography are mainly encryption/decryption, digital signature and key exchange.

公钥密码算法的优势使得其可以用作身份认证,而且密钥发送方式比较简单安全,提升了整个防伪系统的安全性,可以较好的提升产品的防伪保护。The advantages of the public key cryptography algorithm make it suitable for identity authentication, and the key transmission method is relatively simple and safe, which improves the security of the entire anti-counterfeiting system and can better enhance the anti-counterfeiting protection of products.

基于上述考虑,如图1所示,本发明提供了一种基于公钥密码的防伪方法,包括:Based on the above considerations, as shown in Figure 1, the present invention provides a method for anti-counterfeiting based on public key cryptography, including:

防伪认证中心生成根证书,将根证书发送至验证设备;The anti-counterfeiting certification center generates a root certificate and sends the root certificate to the verification device;

出厂打标设备生成第一私钥,并通过公钥密码算法生成第一公钥,并将第一公钥发送至防伪认证中心;The factory marking equipment generates the first private key, and generates the first public key through the public key cryptography algorithm, and sends the first public key to the anti-counterfeiting certification center;

所述防伪认证中心根据所述第一公钥生成厂商证书,并将所述厂商证书发送至出厂打标设备;The anti-counterfeiting certification center generates a manufacturer's certificate according to the first public key, and sends the manufacturer's certificate to the factory marking equipment;

设置于待防伪产品中的防伪模块生成第二私钥和第二公钥,并将所述第二公钥发送至所述出厂打标设备;The anti-counterfeit module installed in the product to be anti-counterfeited generates a second private key and a second public key, and sends the second public key to the outgoing marking device;

所述出厂打标设备利用所述第一私钥和第二公钥生成商品证书,并将所述厂商证书和商品证书发送至所述防伪模块;The ex-factory marking device uses the first private key and the second public key to generate a commodity certificate, and sends the manufacturer certificate and commodity certificate to the anti-counterfeiting module;

验证步骤:Verification steps:

验证设备生成随机挑战信息并将所述随机挑战信息发送至所述防伪模块;The verification device generates random challenge information and sends the random challenge information to the anti-counterfeiting module;

所述防伪模块利用所述第二私钥和所述随机挑战信息生成随机挑战响应信息,并将所述随机挑战响应信息、厂商证书和商品证书发送至所述验证设备;The anti-counterfeiting module uses the second private key and the random challenge information to generate random challenge response information, and sends the random challenge response information, manufacturer certificate and commodity certificate to the verification device;

验证设备依次验证根证书、厂商证书、商品证书以及随机挑战响应信息。The verification device verifies the root certificate, manufacturer certificate, commodity certificate and random challenge response information in sequence.

以下结合附图2对本申请的典型实施例进行详细说明:Below in conjunction with accompanying drawing 2 the typical embodiment of the application is described in detail:

注册步骤:Registration steps:

步骤1.1防伪认证中心生成第三私钥和第三公钥;Step 1.1 The anti-counterfeiting certification center generates the third private key and the third public key;

步骤1.2防伪认证中心利用第三私钥对第三公钥进行签名,生成根证书;Step 1.2 The anti-counterfeiting certification center uses the third private key to sign the third public key to generate a root certificate;

步骤1.3防伪认证中心将根证书发送至验证设备;Step 1.3 The anti-counterfeit certification center sends the root certificate to the verification device;

步骤1.4出厂打标设备生成第一私钥,并通过密钥算法生成第一公钥;Step 1.4 The factory marking equipment generates the first private key, and generates the first public key through the key algorithm;

步骤1.5出厂打标设备将第一公钥发送至防伪认证中心;Step 1.5 The factory marking equipment sends the first public key to the anti-counterfeiting certification center;

步骤1.6防伪认证中心利用第三私钥对第一公钥进行签名,生成厂商证书;Step 1.6 The anti-counterfeiting certification center signs the first public key with the third private key to generate a manufacturer certificate;

步骤1.7防伪认证中心将厂商证书发送至出厂打标设备;Step 1.7 The anti-counterfeiting certification center sends the manufacturer's certificate to the factory marking equipment;

步骤1.8防伪模块生成随机数;Step 1.8 The anti-counterfeiting module generates a random number;

步骤1.9防伪模块根据随机数生成第二私钥;Step 1.9 The anti-counterfeiting module generates the second private key according to the random number;

步骤2.0防伪模块根据第二私钥和公钥密码算法生成第二公钥;Step 2.0 The anti-counterfeiting module generates the second public key according to the second private key and the public key cryptographic algorithm;

步骤2.1防伪模块将第二公钥发送至出厂打标设备;Step 2.1 The anti-counterfeiting module sends the second public key to the factory marking equipment;

步骤2.2出厂打标设备利用第一私钥对第二公钥签名,生成商品证书;Step 2.2 The factory marking equipment uses the first private key to sign the second public key to generate a commodity certificate;

步骤2.1出厂设备将厂商证书和商品证书发送至防伪模块。Step 2.1 The factory equipment sends the manufacturer certificate and product certificate to the anti-counterfeiting module.

验证步骤:Verification steps:

步骤3.1验证设备生成随机挑战信息;Step 3.1 Verify that the device generates random challenge information;

步骤3.2验证设备将随机挑战信息发送至防伪模块;Step 3.2 The verification device sends random challenge information to the anti-counterfeiting module;

步骤3.3防伪模块利用第二私钥对所述随机挑战信息进行签名,生成随机挑战响应信息;Step 3.3 The anti-counterfeiting module uses the second private key to sign the random challenge information to generate random challenge response information;

步骤3.4防伪模块将随机挑战响应信息、厂商证书和商品证书发送至验证设备;Step 3.4 The anti-counterfeiting module sends the random challenge response information, manufacturer certificate and commodity certificate to the verification device;

步骤3.5验证设备对根证书进行签名验证,由此获得第三公钥;Step 3.5 The verification device performs signature verification on the root certificate, thereby obtaining the third public key;

步骤3.6验证设备利用第三公钥对厂商证书进行签名验证,由此获得第一公钥;Step 3.6 The verification device uses the third public key to perform signature verification on the manufacturer's certificate, thereby obtaining the first public key;

步骤3.7验证设备利用获得的第一公钥对商品证书进行签名验证,由此获得第二公钥;Step 3.7 The verification device uses the obtained first public key to perform signature verification on the commodity certificate, thereby obtaining the second public key;

步骤3.8验证设备利用获得的第二公钥对随机挑战响应信息进行签名验证,由此获得随机挑战信息;Step 3.8 The verification device uses the obtained second public key to perform signature verification on the random challenge response information, thereby obtaining the random challenge information;

步骤3.9验证设备对比由所述随机挑战响应信息中获得的随机挑战信息与验证设备生成的随机挑战信息,若一致则验证成功,若不一致则验证失败。Step 3.9 The verification device compares the random challenge information obtained from the random challenge response information with the random challenge information generated by the verification device. If they are consistent, the verification is successful, and if they are inconsistent, the verification fails.

在本实施例中,在本实施例中,在注册步骤及验证步骤中所进行的签名,可采用现有的签名算法进行,例如SM2签名算法,签名的具体步骤为本领域公知常识,在此不再赘述;进一步,在验证步骤中,对根证书的验证采用现有的对应签名算法的验证流程,在此不再赘述,验证成功则说明第三公钥为可信的,将第三公钥用于其后的验证步骤。In this embodiment, in this embodiment, the signature performed in the registration step and the verification step can be performed using an existing signature algorithm, such as the SM2 signature algorithm, and the specific steps of the signature are common knowledge in the art, here No more details; further, in the verification step, the verification of the root certificate adopts the existing verification process of the corresponding signature algorithm, which will not be repeated here. If the verification succeeds, it means that the third public key is credible, and the third public key The key is used in subsequent verification steps.

根据上述签名的过程,在本实施例中进行的对厂商证书的签名验证的具体过程也采用现有的签名算法对应的验证流程,若验证成功则认为厂商证书中的第一公钥可信,由此获得第一公钥;与此过程类似的,对商品证书的签名认证成功,则认为商品证书中的第二公钥可信,由此获得第二公钥;同理,对随机挑战响应信息的签名认证成功,则认为随机挑战响应信息的中的随机挑战信息可信。According to the above-mentioned signature process, the specific process of verifying the signature of the manufacturer's certificate in this embodiment also adopts the verification process corresponding to the existing signature algorithm. If the verification is successful, it is considered that the first public key in the manufacturer's certificate is credible. In this way, the first public key is obtained; similar to this process, if the signature authentication of the commodity certificate is successful, the second public key in the commodity certificate is considered to be credible, and the second public key is thus obtained; similarly, the random challenge response If the signature authentication of the information is successful, the random challenge information in the random challenge response information is deemed credible.

与本发明提供的基于公钥密码的防伪方法对应的,本发明还提供了一种基于公钥密码的防伪系统,包括出厂打标设备、防伪认证中心、防伪模块及验证设备;Corresponding to the anti-counterfeiting method based on public key cryptography provided by the present invention, the present invention also provides an anti-counterfeiting system based on public key cryptography, including factory marking equipment, an anti-counterfeiting certification center, an anti-counterfeiting module and verification equipment;

基于公钥密码的防伪系统,包括:出厂打标设备、防伪认证中心、防伪模块及验证设备;Anti-counterfeiting system based on public key cryptography, including: factory marking equipment, anti-counterfeiting certification center, anti-counterfeiting module and verification equipment;

其中,所述出厂打标设备包括第一密钥生成模块及商品证书生成模块;所述第一密钥生成模块用于在注册阶段生成第一私钥,通过公钥密码算法生成第一公钥,并将第一公钥发送至所述防伪认证中心;所述商品证书生成模块用于在注册阶段利用所述第一私钥和第二公钥生成商品证书;Wherein, the factory marking equipment includes a first key generation module and a commodity certificate generation module; the first key generation module is used to generate the first private key in the registration phase, and generate the first public key through the public key cryptography algorithm , and send the first public key to the anti-counterfeiting certification center; the commodity certificate generating module is used to generate a commodity certificate using the first private key and the second public key during the registration phase;

所述防伪认证中心用于在注册阶段生成根证书,将根证书发送至验证设备,以及用于根据所述第一公钥生成厂商证书,并将所述厂商证书发送至所述出厂打标设备;The anti-counterfeiting certification center is used to generate a root certificate during the registration phase, send the root certificate to the verification device, and is used to generate a manufacturer's certificate according to the first public key, and send the manufacturer's certificate to the factory marking device ;

所述防伪模块设置于待防伪产品中,包括第二密钥生成模块和随机挑战响应信息模块;所述第二密钥生成模块在注册阶段用于生成第二私钥和第二公钥,并将所述第二公钥发送至所述出厂打标设备;所述随机挑战响应信息模块用于在验证阶段利用所述第二私钥和随机挑战信息生成随机挑战响应信息,并将所述随机挑战响应信息、厂商证书和商品证书发送至所述验证设备;The anti-counterfeiting module is set in the anti-counterfeiting product, including a second key generation module and a random challenge response information module; the second key generation module is used to generate a second private key and a second public key during the registration phase, and Send the second public key to the factory marking device; the random challenge response information module is used to generate random challenge response information using the second private key and random challenge information in the verification phase, and send the random The challenge response information, manufacturer certificate and commodity certificate are sent to the verification device;

所述验证设备包括在验证阶段用于生成随机挑战信息并将所述随机挑战信息发送至所述防伪模块的随机挑战生成模块;以及用于依次验证根证书、厂商证书、商品证书以及随机挑战响应信息的验证模块。The verification device includes a random challenge generating module for generating random challenge information and sending the random challenge information to the anti-counterfeiting module in the verification phase; and for sequentially verifying root certificates, manufacturer certificates, commodity certificates and random challenge responses Information verification module.

需要说明的是,上述防伪系统中的出厂打标设备、防伪认证中心、防伪模块及验证设备,以及各自对应于前述方法流程中所执行的具体功能,本领域技术人员均可基于硬件设备通过嵌入式软件实现,在此不再赘述。It should be noted that, the factory-made marking equipment, anti-counterfeiting certification center, anti-counterfeiting module and verification equipment in the above-mentioned anti-counterfeiting system, as well as the specific functions performed in the aforementioned method flow respectively, can be embedded by those skilled in the art based on the hardware equipment. software implementation, and will not be repeated here.

综上所述,采用本发明提供的一种基于公钥密码的防伪方法和系统,由出厂打标设备生成第一公私密钥对,由防伪模块生成第二公私密钥对,通过在注册步骤生成根证书、与第一公钥相关的厂商证书、与第一私钥和第二公钥相关的商品证书,以及在验证步骤中生成随机挑战信息和与第二私钥相关的随机挑战响应信息,进行逐次验证,由此提高了安全性。To sum up, using the anti-counterfeiting method and system based on public key cryptography provided by the present invention, the first public-private key pair is generated by the factory marking equipment, and the second public-private key pair is generated by the anti-counterfeiting module. Generate a root certificate, a vendor certificate associated with the first public key, a commodity certificate associated with the first private key and the second public key, and generate a random challenge message and a random challenge response message associated with the second private key in the verification step , performing successive verifications, thereby improving security.

以上所述仅为本发明的较佳实施例而已,并不用以限制本发明,凡在本发明的精神和原则之内,所做的任何修改、等同替换、改进等,均应包含在本发明保护的范围之内。The above descriptions are only preferred embodiments of the present invention, and are not intended to limit the present invention. Any modifications, equivalent replacements, improvements, etc. made within the spirit and principles of the present invention shall be included in the present invention. within the scope of protection.

Claims (8)

1. the method for anti-counterfeit based on public key cryptography, it is characterised in that including:
Registration step:
Anti-fake certificate is centrally generated root certificate, sends root certificate to verifying equipment;
The marking equipment that dispatches from the factory generates the first private key, and generates the first PKI by public key algorithm, and sends the first PKI to anti-fake certificate center;
Described anti-fake certificate center generates manufacturer's certificate according to described first PKI, and sends described manufacturer certificate to the marking equipment that dispatches from the factory;
It is arranged at the false proof module treating in anti-fake product and generates the second private key and the second PKI, and by the marking equipment that dispatches from the factory described in described second PKI transmission extremely;
The described marking equipment that dispatches from the factory utilizes described first private key and the second PKI to generate commercial product certificate, and sends described manufacturer certificate and commercial product certificate to described false proof module;
Verification step:
Checking equipment generates random challenge information and sends described random challenge information to described false proof module;
Described false proof module utilizes described second private key and described random challenge information to generate random challenge response message, and sends described random challenge response message, manufacturer's certificate and commercial product certificate to described checking equipment;
Checking equipment verifies root certificate, manufacturer's certificate, commercial product certificate and random challenge response message successively。
2. method according to claim 1, it is characterised in that anti-fake certificate described in registration step is centrally generated root certificate and includes:
Described anti-fake certificate is centrally generated the 3rd PKI and the 3rd private key;
Described anti-fake certificate center utilizes described 3rd private key that described 3rd PKI is signed, and generates described certificate。
3. method according to claim 2, it is characterised in that in registration step, described anti-fake certificate center utilizes described 3rd private key that described first PKI is signed, and generates described manufacturer certificate。
4. method according to claim 3, it is characterised in that be arranged at the false proof module treating in anti-fake product in registration step and generate the second private key and the second PKI, and the marking equipment that dispatches from the factory described in described second PKI transmission extremely is included:
Described false proof module becomes random number, according to described generating random number the second private key;
Described false proof module generates the second PKI according to described second private key and public key algorithm;
Described false proof module is by the marking equipment that dispatches from the factory described in described second PKI transmission extremely。
5. method according to claim 4, it is characterised in that the marking equipment that dispatches from the factory described in registration step utilizes described first private key and the second PKI to generate commercial product certificate, and described manufacturer certificate and commercial product certificate transmission is included to described false proof module:
The described marking equipment that dispatches from the factory utilizes described first private key that described second PKI is signed, and generates described commercial product certificate;
Described manufacturer certificate and commercial product certificate are sent to described false proof module。
6. method according to claim 5, it is characterized in that, false proof module described in verification step utilizes described second private key and described random challenge information to generate random challenge response message, and the extremely described checking equipment that described random challenge response message, manufacturer's certificate and commercial product certificate sent includes:
Described false proof module utilizes described second private key that described random challenge information is signed, and generates described random challenge response message;
Described random challenge response message, manufacturer's certificate and commercial product certificate are sent to described checking equipment by described false proof module。
7. method according to claim 6, it is characterised in that the described checking equipment in verification step verifies that root certificate, manufacturer's certificate, commercial product certificate and random challenge response message include successively:
Described certificate is carried out signature authentication by described checking equipment, is derived from the 3rd PKI;
Described manufacturer certificate is carried out signature verification by the 3rd PKI that described checking equipment utilization obtains, it is thus achieved that the first PKI;
Described commercial product certificate is carried out signature verification by the first PKI that described checking equipment utilization obtains, it is thus achieved that the second PKI;
Described random challenge response message is carried out signature verification by the second PKI that described checking equipment utilization obtains, it is thus achieved that random challenge information;
The random challenge information that the contrast of described checking equipment is generated with described checking equipment by the random challenge information obtained in described random challenge response message, if consistent, is proved to be successful, if inconsistent, authentication failed。
8. the Antiforge system based on public key cryptography, it is characterised in that including: the marking equipment that dispatches from the factory, anti-fake certificate center, false proof module and checking equipment;
Wherein, the marking equipment that dispatches from the factory described in includes the first key production module and commercial product certificate generation module;Described first key production module, for generating the first private key at registration phase, generates the first PKI by public key algorithm, and sends the first PKI to described anti-fake certificate center;Described commercial product certificate generation module is for utilizing described first private key and the second PKI to generate commercial product certificate at registration phase;
Described anti-fake certificate center is used for, at registration phase generation root certificate, sending root certificate to verifying equipment, and for generating manufacturer's certificate according to described first PKI, and by the marking equipment that dispatches from the factory described in the certificate transmission extremely of described manufacturer;
Described false proof module is arranged to be treated in anti-fake product, including the second key production module and random challenge response message module;Described second key production module is used for generating the second private key and the second PKI at registration phase, and by the marking equipment that dispatches from the factory described in described second PKI transmission extremely;Described random challenge response message module is for utilizing described second private key and random challenge information to generate random challenge response message at Qualify Phase, and sends described random challenge response message, manufacturer's certificate and commercial product certificate to described checking equipment;
Described checking equipment includes at Qualify Phase for generating random challenge information and described random challenge information being sent the random challenge generation module to described false proof module;And the authentication module for checking root certificate, manufacturer's certificate, commercial product certificate and random challenge response message successively。
CN201410699445.3A 2014-11-27 2014-11-27 A kind of method for anti-counterfeit and system based on public key cryptography Expired - Fee Related CN105703904B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201410699445.3A CN105703904B (en) 2014-11-27 2014-11-27 A kind of method for anti-counterfeit and system based on public key cryptography

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410699445.3A CN105703904B (en) 2014-11-27 2014-11-27 A kind of method for anti-counterfeit and system based on public key cryptography

Publications (2)

Publication Number Publication Date
CN105703904A true CN105703904A (en) 2016-06-22
CN105703904B CN105703904B (en) 2019-02-01

Family

ID=56294673

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410699445.3A Expired - Fee Related CN105703904B (en) 2014-11-27 2014-11-27 A kind of method for anti-counterfeit and system based on public key cryptography

Country Status (1)

Country Link
CN (1) CN105703904B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110086623A (en) * 2019-03-13 2019-08-02 捷德(中国)信息科技有限公司 A kind of firmware method for anti-counterfeit and safety element based on safety element

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060235805A1 (en) * 2005-04-13 2006-10-19 Mr. Feng Peng Universal anti-counterfeit method and system
CN101236677A (en) * 2008-02-15 2008-08-06 黄欣阳 Commodity anti-counterfeiting and anti-counterfeiting tax control comprehensive system
US20090083833A1 (en) * 2007-09-19 2009-03-26 Verayo, Inc. Authentication with physical unclonable functions
CN101593264A (en) * 2008-05-28 2009-12-02 北京中食新华科技有限公司 Method for anti-counterfeit based on radio-frequency (RF) identification
CN102496113A (en) * 2011-11-18 2012-06-13 祝启忠 Method and system for realizing commodity authentication service
CN102663591A (en) * 2012-03-19 2012-09-12 樊俊锋 Product anti-counterfeiting method and system based on electronic tag

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060235805A1 (en) * 2005-04-13 2006-10-19 Mr. Feng Peng Universal anti-counterfeit method and system
US20090083833A1 (en) * 2007-09-19 2009-03-26 Verayo, Inc. Authentication with physical unclonable functions
CN101236677A (en) * 2008-02-15 2008-08-06 黄欣阳 Commodity anti-counterfeiting and anti-counterfeiting tax control comprehensive system
CN101593264A (en) * 2008-05-28 2009-12-02 北京中食新华科技有限公司 Method for anti-counterfeit based on radio-frequency (RF) identification
CN102496113A (en) * 2011-11-18 2012-06-13 祝启忠 Method and system for realizing commodity authentication service
CN102663591A (en) * 2012-03-19 2012-09-12 樊俊锋 Product anti-counterfeiting method and system based on electronic tag

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110086623A (en) * 2019-03-13 2019-08-02 捷德(中国)信息科技有限公司 A kind of firmware method for anti-counterfeit and safety element based on safety element

Also Published As

Publication number Publication date
CN105703904B (en) 2019-02-01

Similar Documents

Publication Publication Date Title
US12375304B2 (en) Mutual authentication of confidential communication
AU2017352361B2 (en) Data transmission method, apparatus and system
EP3642997B1 (en) Secure communications providing forward secrecy
US10015159B2 (en) Terminal authentication system, server device, and terminal authentication method
CN104158653B (en) A kind of safety communicating method based on the close algorithm of business
CN101640590B (en) Method for obtaining identification cipher algorithm private key and cipher center
KR20170076742A (en) Efficient start-up for secured connections and related services
CN102664739A (en) PKI (Public Key Infrastructure) implementation method based on safety certificate
CN104901935A (en) Bilateral authentication and data interaction security protection method based on CPK (Combined Public Key Cryptosystem)
CN103905384A (en) Embedded inter-terminal session handshake realization method based on security digital certificate
CN109194474A (en) A kind of data transmission method and device
CN105703903B (en) A kind of multifactor method for anti-counterfeit and system based on public key cryptography
CN104780049B (en) A kind of method of safe read-write data
CN109981289A (en) Batch authentication method of elliptic curve digital signature algorithm under implicit certificate
CN105703904A (en) Anti-fake method based on public key cipher and system
CN113132315B (en) Online conference authentication method, device, equipment, medium and system
WO2022229971A1 (en) System and method for collective trust identity and authentication
EP3361670B1 (en) Multi-ttp-based method and device for verifying validity of identity of entity
CN110636502A (en) A wireless encrypted communication method and system
CN103647651A (en) Security chip based power distribution terminal management method
HK1159349A1 (en) A system and method for designing secure client-server communication protocols based on certificateless public key infrastructure

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20190201

Termination date: 20191127

CF01 Termination of patent right due to non-payment of annual fee