[go: up one dir, main page]

CN107231231B - Method and system for terminal equipment to safely access Internet of things - Google Patents

Method and system for terminal equipment to safely access Internet of things Download PDF

Info

Publication number
CN107231231B
CN107231231B CN201710462756.1A CN201710462756A CN107231231B CN 107231231 B CN107231231 B CN 107231231B CN 201710462756 A CN201710462756 A CN 201710462756A CN 107231231 B CN107231231 B CN 107231231B
Authority
CN
China
Prior art keywords
internet
ciphertext
sensing information
things
identification
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201710462756.1A
Other languages
Chinese (zh)
Other versions
CN107231231A (en
Inventor
杜光东
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Shenglu IoT Communication Technology Co Ltd
Original Assignee
Shenzhen Shenglu IoT Communication Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Shenglu IoT Communication Technology Co Ltd filed Critical Shenzhen Shenglu IoT Communication Technology Co Ltd
Priority to CN201710462756.1A priority Critical patent/CN107231231B/en
Priority to PCT/CN2017/093224 priority patent/WO2018227685A1/en
Publication of CN107231231A publication Critical patent/CN107231231A/en
Application granted granted Critical
Publication of CN107231231B publication Critical patent/CN107231231B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04BTRANSMISSION
    • H04B5/00Near-field transmission systems, e.g. inductive or capacitive transmission systems
    • H04B5/70Near-field transmission systems, e.g. inductive or capacitive transmission systems specially adapted for specific purposes
    • H04B5/77Near-field transmission systems, e.g. inductive or capacitive transmission systems specially adapted for specific purposes for interrogation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0822Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Telephonic Communication Services (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention is suitable for the field of information security of an Internet of things system, and provides a method and a system for safely accessing a terminal device to the Internet of things. The method comprises the following steps: reading first sensing information of the RF ID tag, calling a group of random numbers as a signature key, and encrypting the signature key to obtain a first ciphertext; calling the identification of the RF ID tag, and sending the identification of the RF ID tag and the first ciphertext to an Internet of things system authentication center; encrypting the first sensing information to obtain a second ciphertext and generating a digital signature of the first sensing information; and sending the second ciphertext and the digital signature to the Internet of things system authentication center. In the embodiment, the RF ID card reader encrypts the information to be sent twice, so that the safe sending of the information is ensured; and a digital signature of the first sensing information is generated, so that the signature is conveniently checked subsequently, and the safety of the information received by the authentication center of the Internet of things system is further ensured.

Description

Method and system for terminal equipment to safely access Internet of things
Technical Field
The embodiment of the invention belongs to the field of information security of an Internet of things system, and particularly relates to a method and a system for safely accessing a terminal device to the Internet of things.
Background
The internet of things ito (internet of things) is a method in which all articles are connected to the internet through Radio Frequency Identification (RFID) technology, infrared sensors, global positioning systems, laser scanners, and other sensing devices according to an agreed protocol to exchange and communicate information, thereby realizing intelligent Identification, positioning, tracking, monitoring, and management. The radio frequency identification technology is an automatic identification technology which gradually matures from eighties. The method is originated from a radio communication technology, carries out identification through radio waves, integrates electromagnetic spectrum frequency applied by modern computer intelligent control, intelligent identification, high and new technology industries and the like, and transmits specific identification information in a non-contact, non-visual and highly reliable mode. In recent years, due to the increasing maturity of large-scale integrated circuit technology, the volume of the radio frequency identification system is greatly reduced, so that the radio frequency identification system enters a practical stage and is widely applied to the technology of the internet of things.
The application of the internet of things can be divided into three layers, namely a sensing network, a transmission network and an application network, and the application process of the system can be divided into the following steps: firstly, identifying equipment or an object, and then realizing intelligent identification on the equipment or the object, wherein the task and the purpose of the intelligent identification method are to provide information about various articles, equipment and even movable organisms; to achieve this, RFID tags, in which information of specifications and interoperability is stored, may be attached to various devices or objects, and when it is necessary to access these devices or objects to the internet of things system, the RFID tags attached to the devices or objects are scanned by an RFID reader, and necessary information is read from the RFID tags to access them to the internet of things system.
The method of accessing a device or an item to an internet of things system through the RFID technology has the following advantages compared to accessing a device to a network using a barcode: when the RFID tag is utilized, the data can be read through external materials without the requirement of visibility of the tag, so that the RFID tag can work in a severe working environment, has long service life, can read information in a larger reading distance range and can simultaneously read a plurality of electronic tags, and has short time for reading and writing data. Although the RFID tag has various advantages when used in an Internet of things system, when the RFID reader is used for acquiring the sensing information in the RFID tag to access the RFID tag into the Internet of things system, the read sensing information is directly sent to the Internet of things system for verification, and the protection of the sensing information does not exist in the process, so that the risk of leakage or tampering of the sensing information exists.
Disclosure of Invention
In view of the defects in the prior art, the embodiment of the invention provides a method and a system for a terminal device to safely access the internet of things, and aims to solve the problem that in the existing method for the terminal device to access the internet of things system, sensing information of an RFID (radio frequency identification) tag is easy to leak or tamper, so that the safety of the sensing information cannot be guaranteed.
In a first aspect of the embodiments of the present invention, a method for a terminal device to safely access an internet of things is provided, where the method for the terminal device to safely access the internet of things includes:
reading first sensing information of the RFID tag, calling a group of random numbers as a signature key, and encrypting the signature key to obtain a first ciphertext;
calling the identification of the RFID tag, and sending the identification of the RFID tag and the first ciphertext to an Internet of things system authentication center;
encrypting the first sensing information to obtain a second ciphertext and generating a digital signature of the first sensing information;
and sending the second ciphertext and the digital signature to the authentication center of the Internet of things system so that the authentication center of the Internet of things system decrypts and verifies the first ciphertext, the second ciphertext and the digital signature.
Preferably, the reading of the first sensing information of the RFID tag, calling a group of random numbers as a signature key, and encrypting the signature key to obtain a first ciphertext specifically includes:
reading first sensing information of the RFID tag, calling a random number generator to produce a group of random numbers, and taking the random numbers as a signature key;
and calling a pre-stored key to encrypt the signature key to generate a first ciphertext.
Preferably, the encrypting the first sensing information to obtain a second ciphertext and generating a digital signature of the first sensing information specifically includes:
calling a lightweight cryptographic algorithm, and encrypting the first sensing information into a second ciphertext;
and calling a digest algorithm, and generating a digital signature of the first sensing information through the digest algorithm and the signature key.
Preferably, after the sending the second ciphertext and the digital signature to the internet of things system authentication center so that the internet of things system authentication center decrypts and verifies the first ciphertext, the second ciphertext and the digital signature, the method further includes:
and receiving authorized access information sent by an authentication center of the Internet of things system, and connecting the terminal equipment to which the RFID tag belongs to the Internet of things according to the authorized access information.
Preferably, the method for the terminal device to securely access the internet of things system further includes:
the Internet of things system authentication center receives and stores the identification of the RFID tag and the first ciphertext transmitted by the RFID card reader; receiving a second ciphertext and a digital signature sent by the RFID card reader;
the Internet of things system authentication center decrypts the first ciphertext to obtain a signature key, and decrypts the second ciphertext to obtain first sensing information;
and the IOT system authentication center checks the digital signature through the first sensing information and the signature key to obtain a signature checking result, and judges whether to send authorized access information to the RFID card reader according to the signature checking result.
In a second aspect of the embodiments of the present invention, a system for a terminal device to safely access an internet of things is provided, where the system for the terminal device to safely access the internet of things includes: RFID card reader, thing networking system authentication center, wherein, the RFID card reader includes:
the first encryption unit is used for reading first sensing information of the RFID tag, calling a group of random numbers as a signature key, and encrypting the signature key to obtain a first ciphertext;
the first sending unit is used for calling the identification of the RFID tag and sending the identification of the RFID tag and the first ciphertext to an Internet of things system authentication center;
the second encryption unit is used for encrypting the first sensing information to obtain a second ciphertext and generating a digital signature of the first sensing information;
and the second sending unit is used for sending the second ciphertext and the digital signature to the Internet of things system authentication center so that the Internet of things system authentication center can decrypt and verify the first ciphertext, the second ciphertext and the digital signature.
Preferably, the first encryption unit specifically includes:
the signature key generation module is used for reading first sensing information of the RFID tag, calling a random number generator to generate a group of random numbers, and taking the random numbers as signature keys;
and the signature key encryption module is used for calling a pre-stored key to encrypt the signature key and generating a first ciphertext.
Preferably, the second encryption unit specifically includes:
the second ciphertext generating module is used for calling a lightweight cryptographic algorithm and encrypting the first sensing information into a second ciphertext;
and the digital signature generation module is used for calling a digest algorithm and generating a digital signature of the first sensing information through the digest algorithm and the signature key.
Preferably, the RFID reader further includes:
and the terminal equipment access unit is used for receiving authorized access information sent by the system authentication center of the Internet of things and connecting the terminal equipment to which the RFID tag belongs to the Internet of things according to the authorized access information.
In a third aspect of the embodiments of the present invention, an internet of things system authentication center is provided, where the internet of things system authentication center includes:
the receiving unit is used for receiving and storing the identification of the RFID tag and the first ciphertext transmitted by the RFID card reader; receiving a second ciphertext and a digital signature sent by the RFID card reader;
the decryption unit is used for decrypting the first ciphertext to obtain a signature key and decrypting the second ciphertext to obtain first sensing information;
the authorized access information generating unit is used for verifying the digital signature through the first sensing information and the signature key to obtain a signature verification result; and judging whether to send authorized access information to the RFID card reader or not according to the signature checking result.
In the embodiment of the invention, after receiving first sensing information of an RFID label, an RFID card reader calls a group of random numbers as a signature key corresponding to the first sensing information of the RFID label, encrypts the signature key to generate a first ciphertext and sends the first ciphertext and the identification of the RFID label to an Internet of things authentication center, and because the signature key is encrypted before being sent, the signature key is ensured not to be modified in the sending process and is in one-to-one correspondence with the RFID label; the RFID card reader encrypts the acquired first sensing information to generate a second ciphertext and generates a digital signature corresponding to the first sensing information, so that a subsequent IOT system authentication center selects a corresponding signature key according to the identification of the RFID label to verify the received information. In the process, an encryption system is formed at one end of the RFID card reader, the first sensing information and the signature key are respectively encrypted before the first sensing information is sent, and the information is safely sent by encrypting twice; and a digital signature of the first sensing information is generated, so that the signature is conveniently checked subsequently, and the safety of the information received by the authentication center of the Internet of things system is further ensured.
Drawings
FIG. 1 is a schematic diagram of the working principle of an RFID tag and an RFID reader in the prior art;
fig. 2 is a flowchart of a method for a terminal device to securely access an internet of things according to a first embodiment of the present invention;
fig. 3 is a flowchart of a method for a terminal device to securely access the internet of things according to a second embodiment of the present invention;
fig. 4 is a flowchart of a method for a terminal device to securely access the internet of things according to a third embodiment of the present invention;
fig. 5 is a schematic diagram of information interaction when a terminal device securely accesses to the internet of things according to a fourth embodiment of the present invention;
fig. 6 is a block diagram of a system for securely accessing a terminal device to the internet of things according to a fourth embodiment of the present invention;
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
In order to explain the technical means of the present invention, the following description will be given by way of specific examples.
The first embodiment is as follows:
the internet of things is a network concept that any article is connected with the internet according to an agreed protocol through information sensing equipment such as Radio Frequency Identification (RFID), an infrared sensor, a global positioning system and a laser scanner to carry out information exchange and communication so as to realize intelligent identification, positioning, tracking, monitoring and management. The basic principle of the radio frequency identification technology is to realize automatic identification of an identified object by utilizing radio frequency signals and space coupling (inductive or electromagnetic coupling) transmission characteristics. The radio frequency identification system is composed of an electronic tag and a reader-writer (card reader), as shown in fig. 1, in the practical application, the electronic tag is attached to the surface or inside of an identified object, and when the object with the tag passes through the action range of the reader-writer, the reader-writer can read information stored in the electronic tag in a non-contact mode or write predetermined data into the electronic tag, so that the functions of automatically identifying the tagged object and automatically collecting the data are realized. The reader-writer sends the collected information to a data management system (an internet of things system), so that various objects can be connected through a network. However, there is a possibility of data leakage or data tampering in the process of sending the collected information to the internet of things system by the reader/writer, so a first embodiment of the present invention provides a method for a terminal device to securely access the internet of things, as shown in fig. 2, where:
step S21, reading first sensing information of the RFID tag, calling a group of random numbers as a signature key, and encrypting the signature key to obtain a first ciphertext;
in the step, the RFID card reader scans an RFID label attached to a terminal device to be accessed to the Internet of things, and reads sensing information contained in the RFID label, namely first sensing information, wherein the first sensing information comprises information such as the name and the model of the terminal device, a unique identification code of the terminal device, and an open right to the outside. And calling a group of random numbers in a random number generator in the RFID card reader according to the first sensing information, and setting the random numbers as signature keys corresponding to the first sensing information. Because the random numbers have randomness and have certain difference in random numbers generated each time, when the RFID card reader reads a group of first sensing information, one random number is used as a signature key of the group of first sensing information, so that the first sensing information and the signature key can be in one-to-one correspondence. The signature key is sent to an authentication center of the Internet of things system and used for verifying the authenticity and uniqueness of the first sensing information subsequently.
In order to avoid the signing key from being tampered in the process of being sent to the Internet of things system, the signing key is encrypted to generate a first ciphertext. Calling a pre-stored public key of the Internet of things system to encrypt the signature key during encryption; and the public key of the Internet of things system is stored in the RFID card reader in advance. The signature key is encrypted by using a pre-stored public key of the Internet of things system to generate a first ciphertext, and even if the first ciphertext is acquired by an unauthorized terminal in the process of sending the first ciphertext to the Internet of things system, the unauthorized terminal cannot acquire the private key of the Internet of things system, so that the information of the signature key in the first ciphertext cannot be acquired, and the safety and the uniqueness of the signature key in the information transmission process are ensured.
Preferably, the reading of the first sensing information of the RFID tag, calling a group of random numbers as a signature key, and encrypting the signature key to obtain a first ciphertext specifically includes:
reading first sensing information of the RFID tag, calling a random number generator to produce a group of random numbers, and taking the random numbers as a signature key;
and calling a pre-stored key to encrypt the signature key to generate a first ciphertext.
Specifically, in order to enable the information to be safely transmitted between the RFID card reader and the Internet of things authentication center, an encryption system is established at one end of the RFID card reader, when the RFID card reader reads the sensing information, a group of random numbers generated by a random number generator in the encryption system are called, the random numbers are used as signature keys corresponding to the first sensing information read at this time, and the signature keys are used for subsequently verifying the processed first sensing information. And calling a key pre-stored in an encryption system for the generated signature key to encrypt the signature key, generating a first ciphertext, and sending the first ciphertext in the subsequent information transmission process so as to ensure the security of the signature key in the information transmission process.
Step S22, calling the identification of the RFID label, and sending the identification of the RFID label and the first ciphertext to an Internet of things system authentication center;
in the step, after a signature key is encrypted to generate a first ciphertext, the identification of the RFID tag is called, the identification is used for uniquely marking the RFID tag, and is generated together when the RFID tag is generated, and the identification is fixed in the RFID tag and cannot be changed. When the identification of the RFID label is generated, the identification of the RFID label can be generated simply by sequencing the size of the number, and the generation time and the location of the RFID label can be combined to generate the identification of the RFID label. When the RFID label is generated, the identification of the RFID label is generated and fixed in the RFID label to be unchangeable, namely, the unique mark of the RFID label is formed, and when the RFID label is applied to the terminal equipment and the terminal equipment is connected to the Internet of things system, the unique identification of the terminal equipment can be carried out in the Internet of things system.
In the step, the identification of the RFID label and the first ciphertext are sent to an Internet of things authentication center, so that the subsequent Internet of things authentication center calls the corresponding first ciphertext to check the label when receiving the information of the RFID label.
Step S23, encrypting the first sensing information to obtain a second ciphertext and generating a digital signature of the first sensing information;
in the step, in order to enable the first sensing information obtained by the RFID card reader to be safely transmitted to the authentication center of the Internet of things system, an encryption system is firstly established at the RFID card reader end, and the first sensing information is encrypted.
Preferably, the encrypting the first sensing information to obtain a second ciphertext and generating a digital signature of the first sensing information specifically includes:
calling a lightweight cryptographic algorithm to encrypt the sensing information into a second ciphertext;
and calling a digest algorithm, and encrypting the first sensing information through the digest algorithm and the signature key to generate a digital signature of the sensing information.
Specifically, for the first sensing information acquired by the RFID card reader, a lightweight cryptographic algorithm pre-stored in an encryption system at one end of the RFID card reader is called to encrypt the first sensing information, where the lightweight cryptographic algorithm has the characteristics of high execution efficiency, low computing resource consumption, strong adaptability, and the like, and the lightweight cryptographic algorithm may be an RC4 algorithm in a stream cipher or a PRESENT algorithm in a block cipher algorithm, and is not limited herein; the first sensing information acquired by the RFID card reader may be pre-determined when being encrypted, and if the acquired first sensing information has low security requirement or needs to be quickly encrypted, the RC4 algorithm in the stream cipher pre-stored in the encryption system of the RFID card reader may be called to encrypt the first sensing information, for example, the first sensing information is acquired by the RFID card reader at the same time and needs to be processed in a short time, and the security requirement of the acquired first sensing information during message transmission is general, so that the RC4 algorithm in the stream cipher may be called to encrypt the first sensing information. If the first sensing information acquired by the RFID card reader requires high security during information transmission but has no special requirement on processing time, a PRESENT algorithm in a block cipher algorithm can be called for encryption operation to ensure the security. Further, a digest algorithm in an encryption system of the RFID card reader is called to generate a hash value from the first sensing information, and the generated hash value is encrypted through a signature key to generate a digital signature.
In the step, when the first sensing information is encrypted, the acquired first sensing information is judged, a proper lightweight encryption algorithm is selected, the processing efficiency of the RFID card reader on the received first sensing information can be improved on the premise of ensuring the safe transmission of the first sensing information, and a digital signature of the first sensing information is generated while the first sensing information is encrypted, so that the subsequent judgment and signature verification of the encrypted first sensing information by an internet of things system authentication center are facilitated.
And step S24, sending the identification of the RFID tag, the second ciphertext and the digital signature to the Internet of things system authentication center, so that the Internet of things system authentication center decrypts and verifies the second ciphertext and the digital signature.
In the step, the RFID card reader sends a second ciphertext obtained by encrypting the first sensing information, the digital signature and the identification of the RFID label corresponding to the first sensing information to an authentication center of the Internet of things system. In the transmitting process, if the RFID card reader acquires and processes the first sensing information of the plurality of RFID tags at the same time, the plurality of copies of the processed first sensing information are transmitted according to a preset transmission rule.
Optionally, the preset sending rule may be that the processed first sensing information is sent to the internet of things authentication center according to the strength of the acquired signal of the first sensing information; when the signal of the first sensing information is stronger, the first sensing information is more easily accessed to the Internet of things system, the terminal equipment which is easily accessed to the Internet of things system is firstly processed, the waiting time for accessing the subsequent terminal equipment can be saved, and the access efficiency of accessing the Internet of things system is improved. The preset sending rule may also be: sending the processed first sensing information to an internet of things authentication center according to time sequencing of the first sensing information acquired by the RFID card reader; the RFID card reader can immediately perform the processing of the steps S21-S23 on the first sensing information on the RFID label of a certain terminal device acquired at the first time, and can send the processed result to the authentication center of the Internet of things system earlier than the acquired first sensing information on the RFID label of the terminal device, so that the processing task backlog at one end of the RFID card reader is reduced. Of course, the two transmission rules are alternately selected according to the situation. The specific transmission rule may be selected according to actual situations, and is not limited herein. In the step, when the identification of the RFID tag, the second ciphertext and the digital signature are sent to the authentication center of the Internet of things system, the sending rule can be selected according to the actual situation, so that the requirement that the terminal equipment is rapidly accessed into the Internet of things system can be met, and the task quantity of the first sensing information to be processed at one end of the RFID card reader can be reduced.
In the embodiment, an encryption system is arranged at one end of the RFID card reader, after first sensing information of the RFID tag is received, a group of random numbers generated in a random number generator are called as signature keys corresponding to the first sensing information of the RFID tag, the signature keys are encrypted to generate first ciphertext and the identification of the RFID tag, and the first ciphertext and the identification of the RFID tag are sent to an Internet of things authentication center, and the signature keys are encrypted before being sent to ensure that the signature keys are not modified in the sending process and correspond to the RFID tag one by one; for the received terminal equipment to be accessed into the Internet of things system, encrypting first sensing information acquired from an RFID label corresponding to the terminal equipment to generate a second ciphertext and generating a digital signature corresponding to the first sensing information, and sending the identification of the RFID label, the second ciphertext and the digital signature together when the terminal equipment is sent to an Internet of things system authentication center for judgment, so that the subsequent Internet of things system authentication center selects a corresponding signature key according to the identification of the RFID label to verify the received information. In the process, an encryption system is formed at one end of the RFID card reader, the first sensing information and the signature key are respectively encrypted before the first sensing information is sent, and the information is safely sent by encrypting twice; and a digital signature of the first sensing information is generated, so that the signature is conveniently checked subsequently, and the safety of the information received by the authentication center of the Internet of things system is further ensured.
ExamplesII, secondly:
fig. 3 is a flowchart illustrating a method for a terminal device to securely access an internet of things according to a second embodiment of the present invention, where the method illustrated in fig. 3 includes:
step S31, reading first sensing information of the RFID tag, calling a group of random numbers as a signature key, and encrypting the signature key to obtain a first ciphertext;
step S32, calling the identification of the RFID label, and sending the identification and the first ciphertext to an Internet of things system authentication center;
step S33, encrypting the first sensing information to obtain a second ciphertext and generating a digital signature of the first sensing information;
step S34, sending the identification of the RFID tag, the second ciphertext and the digital signature to the Internet of things system authentication center, so that the Internet of things system authentication center decrypts and verifies the second ciphertext and the digital signature;
wherein, steps 31 to 34 correspond to steps 21 to 24 in the first embodiment, and are not described herein again.
And S35, receiving authorized access information sent by the authentication center of the Internet of things system, and connecting the terminal equipment to which the RFID tag belongs to the Internet of things system according to the authorized access information.
In the step, after the authentication center of the IOT system authenticates the received information, the authorized access information authorizing the terminal equipment to access the IOT system is sent, the RFID card reader calls the identification of the RFID label corresponding to the authorized access information after receiving the authorized access information, and the access of the corresponding terminal equipment is selected and confirmed through the identification of the RFID label. And the terminal equipment to be accessed to the authentication center of the Internet of things system is confirmed through the identification of the RFID label, so that the probability of wrong access is reduced.
Example three:
fig. 4 shows a flowchart of a method for a terminal device to securely access an internet of things according to a third embodiment of the present invention, which is detailed as follows:
step S41, the Internet of things system authentication center receives and stores the identification of the RFID label and the first ciphertext sent by the RFID card reader; receiving a second ciphertext and a digital signature sent by the RFID card reader;
in this step, the internet of things system authentication center receives the identification of the RFID tag and the first ciphertext sent by the RFID reader, stores the identification of the RFID tag and the first ciphertext in a memory, analyzes the identification of the RFID tag when storing the identification of the RFID tag and the first ciphertext, and stores the identification of the RFID tag according to different categories of the identification of the RFID tag. For example, the tags attached to the terminal devices in the same area are classified and stored according to different manufacturers of the identifiers of the RFID tags, or are classified according to the devices to which the RFID tags are attached; the method for storing the processed first sensing information received by the internet of things system authentication center in a classified manner is not limited. The identification of the RFID tag is helpful for quickly finding the identification of the RFID tag to be called, and further quickly calling the signature key corresponding to the identification.
Step S42, the Internet of things system authentication center decrypts the first ciphertext to obtain a signature key, and decrypts the second ciphertext to obtain first sensing information;
specifically, the internet of things authentication center decrypts a received first ciphertext and a received second ciphertext to obtain a signature key and first sensing information respectively, before decryption, firstly calls an identification of an RFID tag which is stored in the internet of things system authentication center together with the first ciphertext and an identification of an RFID tag which is sent to the internet of things system authentication center together with the second ciphertext, compares whether the two identifications are consistent, and when the two identifications are consistent, shows that the first ciphertext and the second ciphertext to be decrypted belong to the information of the RFID tag. And then the first ciphertext and the second ciphertext which belong to the same RFID tag are decrypted.
And step S43, the Internet of things system authentication center checks the digital signature through the first sensing information and the signature key to obtain a signature checking result, and judges whether to send authorized access information to the RFID card reader according to the signature checking result.
Specifically, after the first sensing information and the signature key are obtained through decryption, a digest algorithm pre-stored in an internet of things system authentication center is called to calculate a group of hash values of the first sensing information, and the hash values are called as first hash values for clear description; verifying the digital signature by the signature key to obtain a group of hash values which are called second hash values; and comparing whether the first hash value and the second hash value are the same, and if the first hash value and the second hash value are the same, indicating that the digital signature corresponding to the second hash value is generated by the first sensing information corresponding to the first hash value, and the first sensing information is not tampered in the transmission process, thereby completing the signature verification of the digital signature. And when the first sensing information is not tampered, generating an authorized access instruction for authorizing the RFID tag corresponding to the first sensing information to access the Internet of things system, and sending the authorized access instruction to the RFID card reader to ensure that the RFID tag is safely accessed into the Internet of things system.
In the embodiment of the invention, the internet of things system center respectively decrypts and verifies the received first ciphertext, the received second ciphertext and the received digital signature, firstly judges whether the first ciphertext and the second ciphertext belong to the information of one RFID label or not during decryption, and then decrypts, so that the decrypted signature key is ensured to be corresponding to the first sensing information; since the digital signature represents the characteristics of the file, if the file is changed, the digital signature will be changed, so that by verifying the digital signature, the digital signature and the first sensing information are ensured to come from the same RFID tag, and the integrity and the originality of the received first sensing information can be ensured. Thereby confirming the security of the first sensed information transfer process again.
Example four:
fig. 5 shows an information interaction diagram of the terminal device securely accessing the internet of things system, which is detailed as follows:
in step S51, the RFID reader acquires first sensing information in the RFID tag and calls a set of random numbers as a signature key;
in the embodiment of the invention, the RFID card reader acquires first sensing information by scanning or sensing the RFID label for the terminal equipment to be accessed into the Internet of things system, and then acquires a group of random numbers from a random number generator in the RFID card reader as a signature key corresponding to the acquired first sensing information.
In step S52, the RFID reader encrypts the signature key to obtain a first ciphertext, and invokes an identifier of the RFID tag;
in the embodiment of the invention, the RFID card reader encrypts the signature key through a prestored key to obtain a first ciphertext so as to ensure the safety of the signature key in the information transmission process; the identification of the RFID tag is then invoked, which is used to uniquely tag the RFID tag.
In step S53, the RFID reader sends the RFID tag and the first ciphertext to an internet of things system authentication center;
the RFID card reader is wirelessly connected with an internet of things system authentication center, optionally, the Wireless connection may be a connection based on an infrared, bluetooth, Wireless Fidelity (Wi-Fi), Zigbee protocol (Zigbee), or chirp protocol, where the chirp protocol is a lightweight internet of things protocol, data propagated based on the chirp protocol is chirp data, and the chirp data only includes a minimum overhead load, a transmission directional arrow, a simple non-unique address, and a suitable checksum, and is a lightweight data packet widely propagated. Of course, the RFID card reader may also be connected to the internet of things system authentication center in other ways, which is not limited herein.
In step S54, the internet of things system authentication center receives and stores the identifier of the RFID tag and the first ciphertext;
in step S55, the RFID card reader encrypts the first sensing information to obtain a second ciphertext, and generates a digital signature of the first sensing information;
in this embodiment, the RFID card reader encrypts the acquired first sensing information to obtain a second ciphertext, and acquires a digital signature of the first sensing information, where the first sensing information is acquired by the RFID card reader by scanning or sensing the RFID tag. For a specific encryption process, reference may be made to the implementation process of step S23, which is not described herein again.
In step S56, the RFID reader sends the RFID tag, the second ciphertext, and the digital signature to an internet of things system authentication center; the information transfer process in this step refers to the implementation process of step 53, and is not described in detail.
In step S57, the internet of things authentication center decrypts the stored first ciphertext, and decrypts and verifies the received second ciphertext and the digital signature; generating authorization access information when the signature verification is passed;
in the embodiment of the invention, the internet of things system authentication center firstly decrypts the first ciphertext to obtain the signature key, then decrypts the second ciphertext to obtain the first sensing information, and verifies the digital signature through the obtained first signature key and the first sensing information to confirm the originality of the first sensing information. And when the digital signature passes the verification, generating authorized access information for authorizing the terminal equipment to access the authentication center of the Internet of things.
In step S58, the internet of things system authentication center sends authorized access information to the RFID card reader;
in step S59, the RFID reader connects the terminal device to the internet of things system according to the received authorized access information.
Therefore, in the embodiment of the invention, the acquired first sensing and signature keys are respectively encrypted at the RFID card reader end to obtain the signature key of the first sensing information, the encrypted information and the digital signature are sent to the authentication center of the Internet of things system, and the authentication center of the Internet of things system carries out decryption twice and signature verification on the digital signature, so that the security of the acquired first sensing information transmitted by the RFID card reader is overcome, and the terminal equipment is ensured to be safely accessed into the Internet of things system.
It should be understood that, in the embodiment of the present invention, the sequence numbers of the above-mentioned processes do not mean the execution sequence, and the execution sequence of each process should be determined by its function and inherent logic, and should not constitute any limitation to the implementation process of the embodiment of the present invention.
Example five:
fig. 6 shows a block diagram of a system for providing secure access to the internet of things for a terminal device according to a fifth embodiment of the present invention, and for convenience of description, only the parts related to the embodiment of the present invention are shown.
As shown in fig. 6, the system for a terminal device to securely access an internet of things system includes: RFID card reader 61, thing networking system authentication center 62, wherein the RFID card reader includes: a first encryption unit 611, a first sending unit 612, a second encryption unit 613, a second sending unit 614, wherein:
the first encryption unit 611 is configured to read first sensing information of the RFID tag, call a group of random numbers as a signature key, and encrypt the signature key to obtain a first ciphertext;
specifically, the RFID reader scans an RFID tag attached to a terminal device to be accessed to the internet of things, and reads sensing information, that is, first sensing information, included in the RFID tag, where the first sensing information includes information such as a name and a model of the terminal device, a unique identification code of the terminal device, and an external open right. And calling a group of random numbers in a random number generator in the RFID card reader according to the first sensing information, and setting the random numbers as signature keys corresponding to the first sensing information. Because the random numbers have randomness and have certain difference in random numbers generated each time, when the RFID card reader reads a group of first sensing information, one random number is used as a signature key of the group of first sensing information, so that the first sensing information and the signature key can be in one-to-one correspondence. The signature key is sent to an authentication center of the Internet of things system and used for verifying the authenticity and uniqueness of the first sensing information subsequently.
In order to avoid the signing key from being tampered in the process of being sent to the Internet of things system, the signing key is encrypted to generate a first ciphertext. Calling a pre-stored public key of the Internet of things system to encrypt the signature key during encryption; and the public key of the Internet of things system is stored in the RFID card reader in advance. The signature key is encrypted by using a pre-stored public key of the Internet of things system to generate a first ciphertext, and even if the first ciphertext is acquired by an unauthorized terminal in the process of sending the first ciphertext to the Internet of things system, the unauthorized terminal cannot acquire the private key of the Internet of things system, so that the information of the signature key in the first ciphertext cannot be acquired, and the safety and the uniqueness of the signature key in the information transmission process are ensured.
Preferably, the first encryption unit 612 specifically includes:
the signature key generation module is used for reading first sensing information of the RFID tag, calling a random number generator to generate a group of random numbers, and taking the random numbers as signature keys;
and the signature key encryption module is used for calling a pre-stored key to encrypt the signature key and generating a first ciphertext.
Specifically, in order to enable the information to be safely transmitted between the RFID card reader and the Internet of things authentication center, an encryption system is established at one end of the RFID card reader, when the RFID card reader reads the sensing information, a group of random numbers generated by a random number generator in the encryption system are called, the random numbers are used as signature keys corresponding to the first sensing information read at this time, and the signature keys are used for subsequently verifying the processed first sensing information. And calling a key pre-stored in an encryption system for the generated signature key to encrypt the signature key, generating a first ciphertext, and sending the first ciphertext in the subsequent information transmission process so as to ensure the security of the signature key in the information transmission process.
A first sending unit 612, configured to call the identifier of the RFID tag, and send the identifier of the RFID tag and the first ciphertext to an internet of things system authentication center;
specifically, after a signature key is encrypted to generate a first ciphertext, calling an identifier of the RFID tag, wherein the identifier is used for uniquely marking the RFID tag, and generating the identifier together when the RFID tag is generated, and fixing the identifier in the RFID tag to be unchangeable. When the identification of the RFID label is generated, the identification of the RFID label can be generated simply by sequencing the size of the number, and the generation time and the location of the RFID label can be combined to generate the identification of the RFID label. When the RFID label is generated, the identification of the RFID label is generated and fixed in the RFID label to be unchangeable, namely, the unique mark of the RFID label is formed, and when the RFID label is applied to the middle terminal equipment and the terminal equipment is connected to the Internet of things system, the unique identification of the terminal equipment can be carried out in the Internet of things system.
In the embodiment of the invention, the identification of the RFID tag and the first ciphertext are sent to the Internet of things authentication center, so that the subsequent Internet of things authentication center calls the corresponding first ciphertext to check the tag when receiving the information of the RFID tag.
A second encrypting unit 613, configured to encrypt the first sensing information to obtain a second ciphertext, and generate a digital signature of the first sensing information;
in order to enable the first sensing information obtained by the RFID card reader to be safely transmitted to the authentication center of the Internet of things system, firstly, an encryption system is established at the RFID card reader end, and the first sensing information is encrypted.
Preferably, the second encryption unit 613 specifically includes:
the second ciphertext generating module is used for calling a lightweight cryptographic algorithm and encrypting the first sensing information into a second ciphertext;
and the digital signature generation module is used for calling a digest algorithm and generating a digital signature of the first sensing information through the digest algorithm and the signature key.
Specifically, for the first sensing information acquired by the RFID card reader, a lightweight cryptographic algorithm pre-stored in an encryption system at one end of the RFID card reader is called to encrypt the first sensing information, where the lightweight cryptographic algorithm has the characteristics of high execution efficiency, low computing resource consumption, strong adaptability, and the like, and the lightweight cryptographic algorithm may be an RC4 algorithm in a stream cipher or a PRESENT algorithm in a block cipher algorithm, and is not limited herein; the first sensing information acquired by the RFID card reader may be pre-determined when being encrypted, and if the acquired first sensing information has low security requirement or needs to be quickly encrypted, the RC4 algorithm in the stream cipher pre-stored in the encryption system of the RFID card reader may be called to encrypt the first sensing information, for example, the first sensing information is acquired by the RFID card reader at the same time and needs to be processed in a short time, and the security requirement of the acquired first sensing information during message transmission is general, so that the RC4 algorithm in the stream cipher may be called to encrypt the first sensing information. If the first sensing information acquired by the RFID card reader requires high security during information transmission but has no special requirement on processing time, a PRESENT algorithm in a block cipher algorithm can be called for encryption operation to ensure the security. Further, a digest algorithm in an encryption system of the RFID card reader is called to generate a hash value from the first sensing information, and the generated hash value is encrypted through a signature key to generate a digital signature.
In the embodiment of the invention, when the first sensing information is encrypted, the acquired first sensing information is judged, and a proper lightweight encryption algorithm is selected, so that the processing efficiency of the RFID card reader on the received first sensing information can be improved on the premise of ensuring the safe transmission of the first sensing information, and the digital signature of the first sensing information is generated while the first sensing information is encrypted, thereby facilitating the judgment and the signature verification of the received encrypted first sensing information by a subsequent IOT system authentication center.
A second sending unit 614, configured to send the second ciphertext and the digital signature to the internet of things system authentication center, so that the internet of things system authentication center decrypts and verifies the first ciphertext, the second ciphertext, and the digital signature.
In the step, the RFID card reader sends a second ciphertext obtained by encrypting the first sensing information, the digital tag and the identification of the RFID tag corresponding to the first sensing information to an authentication center of the Internet of things system. In the transmitting process, if the RFID card reader acquires and processes the first sensing information of the plurality of RFID tags at the same time, the plurality of copies of the processed first sensing information are transmitted according to a preset transmission rule.
Optionally, the preset sending rule may be that the processed first sensing information is sent to the internet of things authentication center according to the strength of the acquired signal of the first sensing information; when the signal of the first sensing information is stronger, the first sensing information is more easily accessed to the Internet of things system, the terminal equipment which is easily accessed to the Internet of things system is firstly processed, the waiting time for accessing the subsequent terminal equipment can be saved, and the access efficiency of accessing the Internet of things system is improved. The preset sending rule may also be: sending the processed first sensing information to an internet of things authentication center according to time sequencing of the first sensing information acquired by the RFID card reader; the RFID card reader can immediately perform the processing of the steps S21-S23 on the first sensing information on the RFID label of a certain terminal device acquired at the first time, and can send the processed result to the authentication center of the Internet of things system earlier than the acquired first sensing information on the RFID label of the terminal device, so that the processing task backlog at one end of the RFID card reader is reduced. Of course, the two transmission rules are alternately selected according to the situation. The specific transmission rule may be selected according to actual situations, and is not limited herein. In the step, when the identification of the RFID tag, the second ciphertext and the digital signature are sent to the authentication center of the Internet of things system, the sending rule can be selected according to the actual situation, so that the requirement that the terminal equipment is rapidly accessed into the Internet of things system can be met, and the task quantity of the first sensing information to be processed at one end of the RFID card reader can be reduced.
In the embodiment, an encryption system is arranged at one end of the RFID card reader, after first sensing information of the RFID tag is received, a group of random numbers generated in a random number generator are called as signature keys corresponding to the first sensing information of the RFID tag, the signature keys are encrypted to generate first ciphertext and the identification of the RFID tag, and the first ciphertext and the identification of the RFID tag are sent to an Internet of things authentication center, and the signature keys are encrypted before being sent to ensure that the signature keys are not modified in the sending process and correspond to the RFID tag one by one; for the received terminal equipment to be accessed into the Internet of things system, encrypting first sensing information acquired from an RFID label corresponding to the terminal equipment to generate a second ciphertext and generating a digital signature corresponding to the first sensing information, and sending the identification of the RFID label, the second ciphertext and the digital signature together when the terminal equipment is sent to an Internet of things system authentication center for judgment, so that the subsequent Internet of things system authentication center selects a corresponding signature key according to the identification of the RFID label to verify the received information. In the process, an encryption system is formed at one end of the RFID card reader, the first sensing information and the signature key are respectively encrypted before the first sensing information is sent, and the information is safely sent by encrypting twice; and a digital signature of the first sensing information is generated, so that the signature is conveniently checked subsequently, and the safety of the information received by the authentication center of the Internet of things system is further ensured.
Optionally, the RFID reader further includes:
and the terminal equipment access unit is used for receiving authorized access information sent by the authentication center of the Internet of things system and connecting the terminal equipment to which the RFID tag belongs to the Internet of things system according to the authorized access information.
In this embodiment, after the authentication center of the internet of things system authenticates the received information, the authorization access information authorizing the terminal device to access the internet of things system is sent, the RFID card reader receives the authorization access information and then calls the identifier of the RFID tag corresponding to the authorization access information, and the access of the corresponding terminal device is selected and confirmed through the identifier of the RFID tag. And the terminal equipment to be accessed to the authentication center of the Internet of things system is confirmed through the identification of the RFID label, so that the probability of wrong access is reduced.
The internet of things system authentication center comprises: a receiving unit 621, a decryption unit 622, and an authorized access information generating unit 623, wherein:
the receiving unit 621 is configured to receive and store the identifier of the RFID tag and the first ciphertext sent by the RFID reader; receiving a second ciphertext and a digital signature sent by the RFID card reader;
in the embodiment of the invention, the internet of things system authentication center receives the identification of the RFID label and the first ciphertext sent by the RFID card reader, stores the identification of the RFID label and the first ciphertext in the memory, analyzes the identification of the RFID label when storing the identification of the RFID label and the first ciphertext, and stores the identification of the RFID label according to different categories of the identification of the RFID label. For example, the tags attached to the terminal devices in the same area are classified and stored according to different manufacturers of the identifiers of the RFID tags, or are classified according to the devices to which the RFID tags are attached; the method for storing the processed first sensing information received by the internet of things system authentication center in a classified manner is not limited. The identification of the RFID tag is helpful for quickly finding the identification of the RFID tag to be called, and further quickly calling the signature key corresponding to the identification.
A decryption unit 622, configured to decrypt the first ciphertext to obtain a signature key, and decrypt the second ciphertext to obtain first sensing information;
in the embodiment of the invention, the internet of things authentication center decrypts the received first ciphertext and the second ciphertext to respectively obtain the signature key and the first sensing information, before decryption, the identification of the RFID tag which is stored in the internet of things system authentication center together with the first ciphertext and the identification of the RFID tag which is sent to the internet of things system authentication center together with the second ciphertext are called firstly to compare whether the two identifications are consistent or not, and when the two identifications are consistent, the first ciphertext and the second ciphertext to be decrypted belong to the information of the RFID tag. And then the first ciphertext and the second ciphertext which belong to the same RFID tag are decrypted.
The authorized access information generating unit 623 is configured to verify the digital signature through the first sensing information and the signature key to obtain a signature verification result; and judging whether to send authorized access information to the RFID card reader or not according to the signature checking result.
In the implementation of the invention, after the first sensing information and the signature key are obtained by decryption, a digest algorithm pre-stored in an internet of things system authentication center is called to calculate a group of hash values of the first sensing information, and the hash values are called as first hash values for clear description; verifying the digital signature by the signature key to obtain a group of hash values which are called second hash values; and comparing whether the first hash value and the second hash value are the same, and if the first hash value and the second hash value are the same, indicating that the digital signature corresponding to the second hash value is generated by the first sensing information corresponding to the first hash value, and the first sensing information is not tampered in the transmission process, thereby completing the signature verification of the digital signature. And when the first sensing information is not tampered, generating an authorized access instruction for authorizing the RFID tag corresponding to the first sensing information to access the Internet of things system, and sending the authorized access instruction to the RFID card reader to ensure that the RFID tag is safely accessed into the Internet of things system.
In the embodiment of the invention, the internet of things system center respectively decrypts and verifies the received first ciphertext, the received second ciphertext and the received digital signature, firstly judges whether the first ciphertext and the second ciphertext belong to the information of one RFID label or not during decryption, and then decrypts, so that the decrypted signature key is ensured to be corresponding to the first sensing information; since the digital signature represents the characteristics of the file, if the file is changed, the digital signature will be changed, so that by verifying the digital signature, the digital signature and the first sensing information are ensured to come from the same RFID tag, and the integrity and the originality of the received first sensing information can be ensured. Thereby confirming the security of the first sensed information transfer process again.
Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described systems, apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
In the several embodiments provided in the present application, it should be understood that the disclosed system, apparatus and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit.
The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
The above description is only for the specific embodiments of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present invention, and all the changes or substitutions should be covered within the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.

Claims (9)

1. A method for a terminal device to safely access the Internet of things is characterized by comprising the following steps:
reading first sensing information of the RFID tag, calling a group of random numbers as a signature key, and encrypting the signature key to obtain a first ciphertext;
calling the identification of the RFID tag, and sending the identification of the RFID tag and the first ciphertext to an Internet of things system authentication center so that the Internet of things system authentication center stores the identification of the RFID tag and the first ciphertext in a classified manner according to the identification category of the RFID tag;
acquiring a security requirement and a time requirement of the first sensing information, selecting an encryption algorithm according to the security requirement and the time requirement, encrypting the first sensing information through the encryption algorithm to obtain a second ciphertext, and generating a digital signature of the first sensing information;
and sending the second ciphertext and the digital signature to an Internet of things system authentication center so that the Internet of things system authentication center obtains a first identification of an RFID label corresponding to the second ciphertext, calling the identification of the RFID label to compare with the first identification, and decrypting and verifying the first ciphertext, the second ciphertext and the digital signature if the identification of the RFID label is consistent with the first identification.
2. The method for the terminal device to safely access the internet of things according to claim 1, wherein the reading of the first sensing information of the RFID tag, the calling of a group of random numbers as a signature key, the encryption of the signature key, and the obtaining of a first ciphertext specifically comprises:
reading first sensing information of the RFID tag, calling a random number generator to produce a group of random numbers, and taking the random numbers as a signature key;
and calling a pre-stored key to encrypt the signature key to generate a first ciphertext.
3. The method for a terminal device to securely access the internet of things according to claim 1, wherein the encrypting the first sensing information through the encryption algorithm to obtain a second ciphertext and generating the digital signature of the first sensing information specifically includes:
calling a lightweight cryptographic algorithm, and encrypting the first sensing information into a second ciphertext;
and calling a digest algorithm, and generating a digital signature of the first sensing information through the digest algorithm and the signature key.
4. The method for the terminal device to securely access the internet of things according to any one of claims 1 to 3, wherein after the sending the second ciphertext and the digital signature to the internet of things system authentication center so that the internet of things system authentication center decrypts and verifies the first ciphertext, the second ciphertext and the digital signature, the method further comprises:
and receiving authorized access information sent by an authentication center of the Internet of things system, and connecting the terminal equipment to which the RFID tag belongs to the Internet of things according to the authorized access information.
5. The method for the terminal device to securely access the internet of things as claimed in claim 4, wherein the method for the terminal device to securely access the internet of things further comprises:
the method comprises the steps that an authentication center of the Internet of things system receives and stores an identification of an RFID tag and a first ciphertext sent by an RFID card reader; receiving a second ciphertext and a digital signature sent by the RFID card reader;
the Internet of things system authentication center decrypts the first ciphertext to obtain a signature key, and decrypts the second ciphertext to obtain first sensing information;
and the IOT system authentication center checks the digital signature through the first sensing information and the signature key to obtain a signature checking result, and judges whether to send authorized access information to the RFID card reader according to the signature checking result.
6. The system for the terminal equipment to safely access the Internet of things is characterized by comprising the following steps: RFID card reader, thing networking system authentication center, wherein the RFID card reader includes:
the first encryption unit is used for reading first sensing information of the RFID tag, calling a group of random numbers as a signature key, and encrypting the signature key to obtain a first ciphertext;
the first sending unit is used for calling the identification of the RFID tag and sending the identification of the RFID tag and the first ciphertext to an Internet of things system authentication center so that the Internet of things system authentication center stores the identification of the RFID tag and the first ciphertext in a classified manner according to the identification type of the RFID tag;
the second encryption unit is used for acquiring the security requirement and the time requirement of the first sensing information, selecting an encryption algorithm according to the security requirement and the time requirement, encrypting the first sensing information through the encryption algorithm to obtain a second ciphertext and generating a digital signature of the first sensing information;
and the second sending unit is used for sending the second ciphertext and the digital signature to the Internet of things system authentication center so as to enable the Internet of things system authentication center to obtain a first identification of the RFID tag corresponding to the second ciphertext, calling the identification of the RFID tag to compare with the first identification, and decrypting and verifying the first ciphertext, the second ciphertext and the digital signature if the identification of the RFID tag is consistent with the first identification.
7. The system for the terminal device to securely access the internet of things according to claim 6, wherein the first encryption unit specifically comprises:
the signature key generation module is used for reading first sensing information of the RFID tag, calling a random number generator to generate a group of random numbers, and taking the random numbers as signature keys;
and the signature key encryption module is used for calling a pre-stored key to encrypt the signature key and generating a first ciphertext.
8. The system for the terminal device to securely access the internet of things according to claim 6, wherein the second encryption unit specifically comprises:
the second ciphertext generating module is used for calling a lightweight cryptographic algorithm and encrypting the first sensing information into a second ciphertext;
and the digital signature generation module is used for calling a digest algorithm and generating a digital signature of the first sensing information through the digest algorithm and the signature key.
9. The system for the terminal device to safely access the internet of things according to any one of claims 6 to 8, wherein the RFID card reader further comprises:
and the terminal equipment access unit is used for receiving authorized access information sent by the system authentication center of the Internet of things and connecting the terminal equipment to which the RFID tag belongs to the Internet of things according to the authorized access information.
CN201710462756.1A 2017-06-16 2017-06-16 Method and system for terminal equipment to safely access Internet of things Active CN107231231B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201710462756.1A CN107231231B (en) 2017-06-16 2017-06-16 Method and system for terminal equipment to safely access Internet of things
PCT/CN2017/093224 WO2018227685A1 (en) 2017-06-16 2017-07-17 Method and system for secure access of terminal device to internet of things

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710462756.1A CN107231231B (en) 2017-06-16 2017-06-16 Method and system for terminal equipment to safely access Internet of things

Publications (2)

Publication Number Publication Date
CN107231231A CN107231231A (en) 2017-10-03
CN107231231B true CN107231231B (en) 2020-09-25

Family

ID=59935129

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710462756.1A Active CN107231231B (en) 2017-06-16 2017-06-16 Method and system for terminal equipment to safely access Internet of things

Country Status (2)

Country Link
CN (1) CN107231231B (en)
WO (1) WO2018227685A1 (en)

Families Citing this family (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109982309A (en) * 2019-03-19 2019-07-05 湘潭大学 Building microgrid electricity consumption data secure transmission technique based on RFID certification and Hybrid Encryption
CN110049019B (en) * 2019-03-26 2020-09-01 合肥工业大学 Active and secure medical IoT device identification and monitoring methods
CN110232296B (en) * 2019-04-25 2020-06-30 苏州车付通信息科技有限公司 System for encrypted communication between RFID (radio frequency identification) tag and reader-writer
CN112702305B (en) * 2019-10-23 2023-05-16 中电智能科技有限公司 System access authentication method and device
CN111132152B (en) * 2019-12-16 2023-04-07 成都三零瑞通移动通信有限公司 RFID (radio frequency identification) tag authentication method based on multi-layer secret key system
CN112804214A (en) * 2020-12-31 2021-05-14 四川瑞霆电力科技有限公司 Perception layer data secure access method and system based on intelligent Internet of things
WO2022141600A1 (en) * 2020-12-31 2022-07-07 华为技术有限公司 Authentication method and communication apparatus
CN113965617A (en) * 2021-08-26 2022-01-21 天地融科技股份有限公司 Taxi taking method, device and system based on Internet of things
CN117955740B (en) * 2024-03-26 2024-07-19 长城信息股份有限公司 Equipment security authentication method and system
CN118555291A (en) * 2024-04-12 2024-08-27 浙江小亿智能科技有限公司 Internet of things enhanced data transmission method, device and readable storage medium
CN119788279A (en) * 2025-03-07 2025-04-08 中关村芯海择优科技有限公司 Communication method of terminal, communication method of server, controller, terminal and server

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102833260A (en) * 2012-09-05 2012-12-19 胡祥义 Password authentication method for internet of things by adopting security one-key management technology
CN103237302A (en) * 2013-03-28 2013-08-07 北京市科学技术情报研究所 Sensing information safety protection method for RFID (radio frequency identification) tags in Internet of Things

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102801722B (en) * 2012-08-09 2016-08-03 福建物联天下信息科技股份有限公司 Internet of Things authentication method and system
US10063374B2 (en) * 2015-05-31 2018-08-28 Massachusetts Institute Of Technology System and method for continuous authentication in internet of things
US9785880B2 (en) * 2015-11-06 2017-10-10 Bank Of America Corporation Radio frequency identification activation
KR101721510B1 (en) * 2016-11-14 2017-04-11 에스지에이솔루션즈 주식회사 An Authentication Method for Privacy Protection in RFID Systems

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102833260A (en) * 2012-09-05 2012-12-19 胡祥义 Password authentication method for internet of things by adopting security one-key management technology
CN103237302A (en) * 2013-03-28 2013-08-07 北京市科学技术情报研究所 Sensing information safety protection method for RFID (radio frequency identification) tags in Internet of Things

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
基于轻量级加密技术建立物联网感知层信息安全的解决方案;胡祥义等;《网络安全技术与应用》;20131231;第1、2节 *

Also Published As

Publication number Publication date
WO2018227685A1 (en) 2018-12-20
CN107231231A (en) 2017-10-03

Similar Documents

Publication Publication Date Title
CN107231231B (en) Method and system for terminal equipment to safely access Internet of things
CN108053001B (en) Information security authentication method and system for electronic warehouse receipt
US8368516B2 (en) Secure data exchange with a transponder
US8947211B2 (en) Communication data protection method based on symmetric key encryption in RFID system, and apparatus for enabling the method
EP1755061B1 (en) Protection of non-promiscuous data in an RFID transponder
CN104217230B (en) The safety certifying method of hiding ultrahigh frequency electronic tag identifier
CN102831529B (en) A kind of commodity information identification method based on radio frequency and system
CN104281954A (en) Anti-counterfeiting method for product
CN101490698A (en) Component authentication for computer systems
CN101860528A (en) Authenticating device, authentication method and program
CN103281189A (en) Light weight class safe protocol certification system and method for radio frequency identification equipment
KR102009863B1 (en) System for entrance security and method using the same
CN104966111A (en) Low-voltage transformer security system and method based on radio frequency encryption technology
US20180205714A1 (en) System and Method for Authenticating Electronic Tags
CN202870898U (en) Radio frequency-based commodity information identification system
CN105847004A (en) Method for authentication of an object by a device capable of mutual contactless communication, corresponding system and object
CN101599829A (en) Authentication method, reader and label
WO2020076968A1 (en) System and methods for authenticating tangible products
CN104700125A (en) AES encryption and verification of ultra high frequency radio identification system
Kim et al. MARP: Mobile agent for RFID privacy protection
KR100848791B1 (en) Tag data recording and acquisition method that enables security verification, tag data recording and acquisition device
KR100728629B1 (en) System and method for preventing counterfeit of RFID tag
WO2006030344A1 (en) Rf transponder for off-line authentication of a source of a product carrying the transponder
CN102047274B (en) Transponders, readers and methods of masking the applications they support
CN113873488B (en) An anti-counterfeiting method based on NFC

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant