CN109522979A - Chip card fabrication method and system based on wireless communication technique and SAM technology - Google Patents
Chip card fabrication method and system based on wireless communication technique and SAM technology Download PDFInfo
- Publication number
- CN109522979A CN109522979A CN201811173595.5A CN201811173595A CN109522979A CN 109522979 A CN109522979 A CN 109522979A CN 201811173595 A CN201811173595 A CN 201811173595A CN 109522979 A CN109522979 A CN 109522979A
- Authority
- CN
- China
- Prior art keywords
- lora
- mic
- card
- node
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06K—GRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
- G06K17/00—Methods or arrangements for effecting co-operative working between equipments covered by two or more of main groups G06K1/00 - G06K15/00, e.g. automatic card files incorporating conveying and reading operations
- G06K17/0022—Methods or arrangements for effecting co-operative working between equipments covered by two or more of main groups G06K1/00 - G06K15/00, e.g. automatic card files incorporating conveying and reading operations arrangements or provisious for transferring data to distant stations, e.g. from a sensing device
- G06K17/0029—Methods or arrangements for effecting co-operative working between equipments covered by two or more of main groups G06K1/00 - G06K15/00, e.g. automatic card files incorporating conveying and reading operations arrangements or provisious for transferring data to distant stations, e.g. from a sensing device the arrangement being specially adapted for wireless interrogation of grouped or bundled articles tagged with wireless record carriers
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W88/00—Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
- H04W88/16—Gateway arrangements
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/70—Reducing energy consumption in communication networks in wireless communication networks
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Computer And Data Communications (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The chip card fabrication method and system based on wireless communication technique and SAM technology that the invention discloses a kind of, are related to chip card fabrication technical field.The present invention is by the communication mode between the chip card read/write head of existing chip card card maker and control computer by sliding ring type cable connection, it is changed to by the way of LoRa and GFSK wireless communication, both all advantages of rotary platform type card maker had been remained, thoroughly solving signal interference and poor contact etc. leads to the factor of fault in production again, to greatly improve production efficiency;Solves the problem of data safety of chip card fabrication link using SAM technology, to improve production efficiency and reliability and ensure that the safety of data.
Description
Technical field
The present invention relates to fields, are specifically related to a kind of chip card fabrication side based on wireless communication technique and SAM technology
Method and system.
Background technique
Traditional chip card card maker, will meet the needs of batch production, and an equipment is equipped with multiple chip card read-writes
Head (usually 30 or so), generally fixed using read/write head, and chip card transmission mode, it is bulky, driving motor is more,
It is intricate to be routed, and motor, control signal cable, read/write head communication cable etc. is interlaced, interferes with each other that (space radiation is dry
Disturb, power supply Conduction Interference etc.), thus equipment failure rate is higher, production efficiency is lower.
Improved rotary platform type card maker is used mostly at present, read/write head can up to 64, and volume is significantly
Reduce, and wiring is greatly simplified, interference is lowered significantly, thus equipment failure rate lowers significantly, production efficiency obtains larger raising.
Read/write head is mounted in rotating wheel, and the communication cable between read/write head and control computer is connected by slip ring, also just because using this
Design, substantially reduces the volume of equipment and simplifies the complexity of wiring.But the mode of this slip ring connection is long in equipment
After time service, due to slip ring reed mechanical wear and lead to poor contact, thus occur fault in production, influence production effect
Rate.
Summary of the invention
The purpose of the invention is to overcome the shortcomings of above-mentioned background technique, provide it is a kind of based on wireless communication technique and
The chip card fabrication method and system of SAM technology, improve production efficiency and reliability and ensure that the safety of data.
The present invention provides a kind of chip card fabrication method based on wireless communication technique and SAM technology, comprising the following steps:
LoRa gateway is set between server and executing agency's component, LoRa node is set on chip card read/write head;
Server is communicated between executing agency's component using LoRa mode by the transfer of LoRa gateway;Server passes through LoRa
It is communicated between gateway transfer, with LoRa node using LoRa mode and GFSK mode;
It is equipped with encryption equipment in the server, SAM safety is equipped in executing agency's component, LoRa gateway and LoRa node
Module;For taking in execute server, random number operates encryption equipment and enciphering/deciphering operates, and stores key and meeting as derived from it
Talk about key;SAM security module takes random number operation and enciphering/deciphering operation for executing, and stores key and session as derived from it
Key;
Communication between server and executing agency's component is carried out in a manner of ciphertext+MIC, and through LoRa gateway transfer;
Server is issued to LoRa node to be write card data and is carried out in a manner of ciphertext+MIC, and through LoRa gateway transfer;Server with
Communication between LoRa node is carried out in a manner of ciphertext+MIC, and through LoRa gateway transfer;
Server is assigned to executing agency's component and is executed instruction, executing agency's component will be to be generated by the transfer of LoRa gateway
The chip card of production is sent at chip card read/write head;
Server issues to LoRa node by the transfer of LoRa gateway and writes card data, the read-write of LoRa node control chip card
Head will write card data write-in chip card.
On the basis of above scheme, specifically includes the following steps:
Server is assigned to executing agency's component and is executed instruction through LoRa gateway transfer;
LoRa gateway receives the action command that server is issued by local area network, starts LoRa sending function, and notice executes
Mechanism assembly;
Executing agency's component receives the action command that LoRa gateway issues, and corresponding actions is made, by chip card to be produced
It is sent at the chip card read/write head of corresponding LoRa node;
Server issues a frame to LoRa node and writes card data through LoRa gateway transfer;
What LoRa gateway reception server issued writes card data, starts GFSK sending function, Xiang Suoyou LoRa nodal parallel
Card data are write in forwarding, and LoRa node writing operation is waited to complete;
First group of LoRa node starts LoRa sending function, reports and writes card-like state;
The parallel LoRa receive capabilities of LoRa gateways and starting;
LoRa gateway, which is received, writes card-like state from what first group of LoRa node reported;
LoRa gateway writes card-like state to what server first group of LoRa node of forwarding reported by local area network;
LoRa gateways and starting LoRa sending function issues to take and writes card status command to second group of LoRa node;
The parallel LoRa receive capabilities of LoRa gateways and starting;Meanwhile second group of LoRa node has been turned on LoRa communication module
LoRa receive capabilities;
What second group of LoRa node received that LoRa gateway issues take write card status command after, start LoRa sending function, on
Report writes card-like state;
LoRa gateway, which is received, writes card-like state from what second group of LoRa node reported;
LoRa gateway writes card-like state to what server second group of LoRa node of forwarding reported by local area network;
It repeats above operation, until last group of LoRa node is completed to report to server and write card-like state;
It repeats above operation, is sent until all writing card data;
Server writes card-like state according to what is received, assigns corresponding actions execution to executing agency's component by LoRa gateway and refers to
It enables;
LoRa gateways and starting LoRa sending function is executed instruction to the forwarding of executing agency's component;
Executing agency's component starts LoRa receive capabilities, receives executing instruction for LoRa gateway forwards, executes corresponding actions,
Card is transported to certified products card slot and waste product card slot respectively.
On the basis of above scheme, encryption equipment, executing agency's component, LoRa gateway and LoRa are equipped in the server
SAM security module is equipped in node;Encryption equipment takes random number operation and enciphering/deciphering operation, storage for execute server
Key and session key as derived from it;SAM security module is respectively used to executing agency's component, LoRa gateway and LoRa node
It takes random number to operate and enciphering/deciphering operates, storage key and session key as derived from it, specifically includes the following steps:
In system initialisation phase, key is directed respectively into encryption equipment and each SAM security module;
Server and LoRa gateway mutual identity authentication;And cipher key derivative is respectively carried out, obtain respective session key;
Server is through LoRa gateway transfer, with executing agency's component mutual identity authentication;And it respectively carries out cipher key derivative and obtains
To respective session key;
Server through LoRa gateway transfer, successively with each LoRa node mutual identity authentication;And respectively carry out key
Derivative obtains respective session key.
On the basis of above scheme, the server and LoRa gateway mutual identity authentication;And it respectively carries out key and spreads out
Raw, obtaining respective session key, it executes step specifically:
Server host takes the random number rnd_gw of 16 bytes from encryption equipment, encapsulates one " authen_gw " JSON pairs
As:
LoRa gateway receives " authen_gw " JSON object of server PULL_RESP, first does base64 decoding;
Then the correctness for verifying MIC, if MIC is correct, the legitimacy and authen_gw.data of accredited services device
Correctness;
SAM security module decryption srnd_gw obtains rnd_gw:
LoRa gateway SAM security module disperses AppKey_W respectively with rnd_gw and NwkKey_W obtains session key
AppSKey_W and NwkSKey_W:
Server receives " resp_gw " JSON object of LoRa gateway PUSH_DATA, first does base64 decoding;
Encryption equipment with the rnd_gw of oneself disperse respectively AppKey_W and NwkKey_W obtain session key AppSKey_W and
NwkSKey_W:
Then it verifies the correctness of MIC and decrypts srnd_gw1, if MIC1=MIC and rnd_gw1=rnd_gw, recognize
Can LoRa gateway legitimacy.
On the basis of above scheme, the server is recognized with the executing agency mutual identity of component through LoRa gateway transfer
Card;And respectively carry out cipher key derivative and obtain respective session key, execute step specifically:
Server host takes the random number rnd_d of 16 bytes from encryption equipment, encapsulates " authen_device " JSON
Object:
LoRa gateway receives " authen_device " JSON object of server PULL_RESP, first does base64 decoding;
Then the correctness for verifying MIC, if MIC is correct, not by the base64 decoding of authen_device.data
It does and is analytically transmitted to executing agency's component in a manner of LoRa;
Executing agency's component receives the base64 decoding of authen_device.data, first verifies mic_d:
If mic_d1=mic_d, the legitimacy and srnd_d of accredited services device are effective, and decryption srnd_d obtains rnd_
d:
Executing agency's component SAM security module disperses AppKey_D respectively with rnd_d and NwkKey_D obtains session key
AppSKey_D and NwkSKey_D:
SAM security module encryption rnd_d simultaneously generates mic:
Srnd_dd+mic_dd is reported to LoRa gateway by executing agency's component in a manner of LoRa;
LoRa gateway encapsulates " resp_device " JSON object:
Server receives " resp_device " JSON object of LoRa gateway PUSH_DATA, first does base64 decoding, and
Verify the correctness of mic_gw;
Encryption equipment with the rnd_d of oneself disperse respectively AppKey_D and NwkKey_D obtain session key AppSKey_D and
NwkSKey_D:
Then it verifies the correctness of mic_dd and decrypts srnd_dd, if mic_dd1=mic_dd and rnd_dd1=
Rnd_dd then approves the legitimacy of executing agency's component.
On the basis of above scheme, the server is successively mutual with each LoRa node through LoRa gateway transfer
Authentication;And respectively carry out cipher key derivative and obtain respective session key, execute step specifically:
Server mutual identity authentication and derivative session key between each LoRa node respectively, are server below
The specific steps of the derivative execution of mutual identity authentication and session key between one of LoRa node:
Server host takes the random number rnd_n1 and rnd_n2 of two group of 16 byte respectively from encryption equipment, encapsulates one
" authen_node1 " JSON object:
LoRa gateway receives " authen_node11 " JSON object of server PULL_RESP, first does base64 decoding;
Then the correctness for verifying MIC, if MIC is correct, not by the base64 decoding of authen_node11.data
It does and is analytically transmitted to LoRa node 11 in a manner of LoRa;
LoRa node 11 receives the base64 decoding of authen_node11.data, first separately verifies mic_n1 and mic_
N2:
If mic_n11=mic_n1 and mic_n22=mic_n2, the legitimacy and srnd_n1 of accredited services device and
Srnd_n2 is effective, decrypts srnd_n1 and srnd_n2 respectively and obtains rnd_n1 and rnd_n2:
The SAM security module of LoRa node 11 disperses AppKey_N respectively with rnd_n1 and NwkKey_N obtains session key
AppSKey_N and NwkSKey_N:
The SAM security module of LoRa node 11 disperses AppKey_N1 and NwkKey_N1 with rnd_n2 respectively, and to obtain session close
Key AppSKey_N1 and NwkSKey_N1:
SAM security module encryption rnd_n1 and rnd_n2 simultaneously generates mic_n111 and mic_n222:
Srnd_111+mic_111+srnd_222+mic_222 is reported to LoRa net by LoRa node 11 in a manner of LoRa
It closes;
LoRa gateway encapsulates " resp_node11 " JSON object:
Server receives " resp_node11 " JSON object of LoRa gateway PUSH_DATA, first does base64 decoding, and
Verify the correctness of mic_gw;
Encryption equipment with the rnd_n1 of oneself disperse respectively AppKey_N and NwkKey_N obtain session key AppSKey_N and
NwkSKey_N:
Encryption equipment disperses AppKey_N1 and NwkKey_N1 with the rnd_n2 of oneself respectively and obtains session key AppSKey_
N1 and NwkSKey_N1:
Then it verifies the correctness of mic_n111 and mic_n222 and decrypts srnd_n111 and srnd_n222, if mic_
N111 and mic_n222 are correct, and rnd_n1111=rnd_n111 and rnd_n2222=rnd_n222 then approve LoRa node 11
Legitimacy.
On the basis of above scheme, the communication between the server and executing agency's component is in a manner of ciphertext+MIC
It carries out, and through LoRa gateway transfer;Server is issued to LoRa node to be write card data and is carried out in a manner of ciphertext+MIC, and is passed through
LoRa gateway transfer;Communication between server and LoRa node is carried out in a manner of ciphertext+MIC, and through LoRa gateway transfer, tool
Body the following steps are included:
Server writes card data ciphertext to card data encryption generation is write using utility cession key A ppSKey first, then makes
MIC signature is done to card data ciphertext is write with network session key NwkSKey, then card data ciphertext will be write and MIC is passed through together
LoRa gateway transfer, is handed down to LoRa node;
LoRa node receive LoRa gateway transfer write card data ciphertext and MIC signature, first use network session key
The correctness and integrality of NwkSKey verify data reuse utility cession key A ppSKey and decrypt to card data ciphertext is write,
Then card is write;
LoRa node writes card-like state ciphertext to the encryption generation of card-like state is write using utility cession key A ppSKey first, then
MIC signature is done to card-like state ciphertext is write using network session key NwkSKey, then card-like state ciphertext will be write and MIC is passed through together
LoRa gateway transfer, is reported to server;
Server, which is received, writes card-like state ciphertext and MIC signature through LoRa gateway transfer, uses network session key first
The correctness and integrality of NwkSKey verify data reuse utility cession key A ppSKey and decrypt to card-like state ciphertext is write,
Then it executes instruction according to writing card-like state and assign corresponding actions to executing agency's component.
It is described to individualize the stage in system on the basis of above scheme, key is directed respectively into encryption equipment and each SAM pacifies
When full module:
The key imported in encryption equipment includes: AppKey_w/NwkKey_w/AppKey_W/NwkKey_W/AppKey_d/
NwkKey_d/AppKey_D/NwkKey_D/AppKey_nx (x=1~64)/NwkKey_nx (x=1~64)/AppKey_N/
NwkKey_N/AppKey_Ny (y=1~8)/NwkKey_Ny (y=1~8);
The key imported in the SAM security module of LoRa gateway includes: AppKey_w/NwkKey_w/AppKey_W/
NwkKey_W;
The key imported in the SAM security module of executing agency's component includes: AppKey_d/NwkKey_d/AppKey_D/
NwkKey_D;
The key imported in the SAM security module of LoRa node includes: AppKey_nx/NwkKey_nx/AppKey_N/
NwkKey_N/AppKey_Ny/NwkKey_Ny;
Derivative session key in encryption equipment includes: AppSKey_W/NwkSKey_W/
AppKey_D/NwkKey_D/AppSKey_N/NwkSKey_N/AppSKey_Nx (x=1~8)/NwkSKey_Nx
(x=1~8);
Derivative session key includes: AppSKey_W/NwkSKey_W in the SAM security module of LoRa gateway;
Derivative session key includes: AppSKey_D/NwkSKey_D in the SAM security module of executing agency's component;
Derivative session key includes: AppSKey_N/NwkSKey_N/ in the SAM security module of LoRa node
AppSKey_Nx/NwkSKey_Nx。
On the basis of above scheme, the concrete property of the LoRa gateway are as follows:
LoRa gateway include arm processor, SAM security module, Ethernet/WiFi module, LoRa gateway communication module,
LoRa communication module, antenna;
In a private local area network, LoRa gateway passes through Ethernet interface or WiFi mode and clothes for LoRa gateway and server
Business device communication;Communication between LoRa gateway and server follows MQTT agreement;
LoRa gateway communication module uses the SX1301 chip of Semtech company;
LoRa communication module uses the SX1268 chip of Semtech company;
Communication between LoRa gateway and executing agency's component is that the LoRa based on SX1268 chip is communicated;
Communication between LoRa gateway and LoRa node is that the GFSK based on SX1268 chip communicates (GFSK/505.3MHz/
300kbps) and the LoRa based on SX1301 chip communicates (LoRa/BW125kHz/SF7).
Communication characteristic and its execution step tool on the basis of above scheme, between the LoRa gateway and LoRa node
Body are as follows:
The microprocessor notification of all LoRa nodes switches to GFSK based on the LoRa communication module of SX1268 chip and receives
State waits what LoRa gateway to be received issued to write card data;
Arm processor LoRa communication module of the notice based on SX1268 chip of LoRa gateway is with GFSK sending method to institute
There is LoRa node to issue and writes card data ciphertext and MIC identifying code;
It is parallel that LoRa gateway module of the arm processor notice based on SX1301 chip of LoRa gateway switches to 8 tunnels
LoRa receives mode, to wait what LoRa node group 1 reported to write card-like state ciphertext and MIC identifying code;
After what LoRa node received that LoRa gateway issues writes card data ciphertext and MIC identifying code, arm processor notifies SAM
Security module verifying writes the correctness and integrality that card instructs and solves card for writing in invisibleness data ciphertext;Then notice chip card reads and writes mould
Block writes card;
What arm processor was connected to the return of chip card module for reading and writing writes card-like state, and card-like state is write in notice SAM security module encryption
And calculate MIC code;
8 nodes of node group 1 write card-like state ciphertext and MIC verifying with what LoRa sending method was reported to LoRa gateway
Code;
The LoRa communication module of other node groups in addition to node group 1 switches to LoRa and receives mode, waits to be received
What LoRa gateway issued, which take, writes card status command;
After what 8 nodes that LoRa gateway receives LoRa node group 1 reported writes card-like state ciphertext and MIC identifying code, LoRa
Gateway writes card-like state to what server forwarding LoRa node group 1 reported through local area network in a manner of TCP/IP or WiFi;
LoRa communication module of the arm processor notice based on SX1268 chip of LoRa gateway switches to LoRa sender
Formula issues to take to LoRa node group 2 and writes card status command ciphertext and MIC identifying code;
The LoRa gateway communication module SX1301 of LoRa gateway switches to the parallel LoRa in 8 tunnels and receives mode, waits to be received
What node group 2 reported writes card-like state;
What 8 nodes of node group 2 received that LoRa gateway issues, which take, writes card-like state ciphertext and MIC identifying code, is verifying it just
True property and integrality, and decrypt;
8 nodes of node group 2 write card-like state ciphertext and MIC verifying with what LoRa sending method was reported to LoRa gateway
Code;
LoRa gateway writes card-like to what server forwarding LoRa node group 2 reported through local area network in a manner of TCP/IP or WiFi
State;
Repeat aforesaid operations, until the grouping of LoRa gateway successively received that all LoRa nodes return write card-like state.
On the basis of above scheme, the server is used between executing agency's component by the transfer of LoRa gateway
LoRa mode is communicated, and step is executed specifically:
LoRa gateway receives server by Ethernet interface or WiFi mode and is handed down to executing instruction for executing agency's component;
It is executed instruction again with the LoRa sending method based on SX1268 chip to executing agency's component transfer;
LoRa gateway receives the execution state that executing agency's component reports in such a way that the LoRa based on SX1268 chip is received;
Again by Ethernet interface or WiFi mode to the execution state of transit server executing agency component.
On the basis of above scheme, the server uses LoRa by the transfer of LoRa gateway between LoRa node
Mode and GFSK mode are communicated, and step is executed specifically:
LoRa gateway, which by Ethernet interface or WiFi mode receives server and is handed down to the APDU of LoRa node, writes card data;
Again with the GFSK sending method based on SX1268 chip into LoRa node transcription card data;
LoRa gateway receives what first group of LoRa node reported in a manner of receiving based on the parallel LoRa in 8 tunnel of SX1301 chip
Write card-like state;
LoRa gateway writes card-like to what first group of LoRa node of transit server reported by Ethernet interface or WiFi mode
State
LoRa gateway issues to take with the LoRa sending method based on SX1268 chip to second group of LoRa node writes card-like state
Instruction;
LoRa gateway receives what second group of LoRa node reported in a manner of receiving based on the parallel LoRa in 8 tunnel of SX1301 chip
Write card-like state;
LoRa gateway writes card-like to what second group of LoRa node of transit server reported by Ethernet interface or WiFi mode
State;
Repeat above step, what the grouping of LoRa gateway successively received that all LoRa nodes report writes card-like state.
On the basis of above scheme, the concrete property of executing agency's component are as follows:
Executing agency's component includes arm processor, SAM security module, the LoRa based on Semtech company SX1268 chip
Communication module and antenna and executing agency's component;
Communication between executing agency's component and LoRa gateway is that the LoRa based on SX1268 chip is communicated;
Executing agency's component receives executing instruction for LoRa gateway forwards in such a way that LoRa is received;
The correctness and integrality and decryption that arm processor notice SAM security module verifying executes instruction execute instruction close
Text;Then notice executing agency's component makes corresponding actions;
Arm processor notice SAM security module encryption execution state simultaneously calculates MIC code;
The execution state ciphertext and MIC identifying code that executing agency's component is reported to LoRa gateway with LoRa sending method.
On the basis of above scheme, the concrete property of the LoRa node are as follows:
One chip card card maker includes multiple LoRa nodes;Every eight nodes be one group, be referred to as node group 1,
Node group 2..., node group 8;
The LoRa node includes microprocessor, SAM security module, the LoRa based on Semtech company SX1268 chip
Communication module and antenna, chip card module for reading and writing and chip card read/write head;The antenna of LoRa node is integrated on pcb board;
All LoRa nodes receive writing for LoRa gateway transfer in such a way that the GFSK based on SX1268 chip is received parallel
Card data ciphertext and MIC;
The correctness and integrality that card instructs are write in arm processor notice SAM security module verifying and to solve card for writing in invisibleness data close
Text;Then notice chip card module for reading and writing writes card;
What arm processor was connected to the return of chip card module for reading and writing writes card-like state, and card-like state is write in notice SAM security module encryption
And calculate MIC code;
LoRa node is successively reported to LoRa gateway with the grouping of LoRa sending method and writes card-like state ciphertext and MIC identifying code;
LoRa gateway is grouped in such a way that the parallel LoRa in 8 tunnels based on SX1301 chip is received and successively receives each LoRa node
What group reported writes card-like state ciphertext and MIC identifying code.
On the basis of above scheme, it is ciphertext+MIC that the LoRa between the server and executing agency's component, which is communicated,
Mode, and through LoRa gateway transfer, execute step specifically:
Server encapsulates " command_device " JSON object:
LoRa gateway receives " command_device " JSON object of server PULL_RESP, first does base64 decoding;
Then the correctness for verifying MIC, if MIC is correct, not by the base64 decoding of command_device.data
It does and is analytically transmitted to executing agency's component in a manner of LoRa;
Executing agency's component receives the base64 decoding of command_device.data, first verifies mic_d:
If mic_d1=mic_d, command are effective, decryption command obtains COMMAND:
Executing agency's component executes movement as defined in COMMAND, and the state encoding STATUS after execution is reported to clothes
Business device;
SAM security module encrypts STATUS, and generates mic_sta;
Status+mic_sta is reported to LoRa gateway by executing agency's component in a manner of LoRa;
LoRa gateway encapsulates " status_device " JSON object;
Server receives " status_device " JSON object of LoRa gateway PUSH_DATA, first does base64 decoding,
And verify the correctness of mic_gw;
Encryption equipment first uses the key of oneself to generate mic_sta1, if mic_sta1=mic_sta, decrypts status;
So far, server obtains the execution state STATUS that executing agency's component reports.
On the basis of above scheme, the server issues the mode for writing that card data are ciphertext+MIC to LoRa node,
And through LoRa gateway transfer, step is executed specifically:
Server encapsulates " c_apdu_x " JSON object:
LoRa gateway receives " c_apdu_x " JSON object of server PULL_RESP, first does base64 decoding;
Then the correctness for verifying MIC does not parse the base64 decoding of c_apdu_x.data if MIC is correct
Ground is transmitted to LoRa node in a manner of GFSK;
LoRa node receives the base64 decoding of c_apdu_x.data, first verifies mic_ap;
If mic_ap=mic_apdu, c_apdu are effective, decryption c_apdu obtains C_APDU;
C_APDU is sent to chip card and completes writing operation by LoRa node chip card module for reading and writing;
The R_APDU that chip card returns is reported to server by 8 nodes of first group of LoRa node;
SAM security module encrypts R_APDU, and generates mic_r;
R_apdu+mic_r is reported to LoRa gateway by 11~node of node 18 in a manner of LoRa respectively;
The R_APDU that first group of 8 LoRa nodes return is encapsulated as " r_apdu " JSON object by LoRa gateway;
Server receives " r_apdu_x_01 " JSON object of LoRa gateway PUSH_DATA, first does base64 decoding, and
Verify the correctness of mic_gw;
Encryption equipment first uses the key of oneself to generate mic_rr, if mic_rr=mic_r, decrypts r_apdu;
So far, server receives the execution state R_APDU that first group of LoRa node reports.
On the basis of above scheme, the LoRa between the server and LoRa node communicate be ciphertext+MIC side
Formula, and through LoRa gateway transfer, execute step specifically:
Server prepares to take the R_APDU response of 8 nodes of y group LoRa node, encapsulates " get_x_y " JSON
Object:
LoRa gateway receives " get_x_y " JSON object of server PULL_RESP, first does base64 decoding;
Then the correctness for verifying MIC does not parse the base64 decoding of get_x_y.data if MIC is correct
Ground is transmitted to y group LoRa node in a manner of LoRa;
LoRa node receives the base64 decoding of get_x_y.data, first verifies mic_get;
If mic_get1=mic_get, get_r_apdu are effective, decryption get_x_y obtains get_command:
The R_APDU that chip card returns is reported to server respectively by 8 nodes of y group LoRa node:
SAM security module encrypts R_APDU, and generates mic_r;
R_apdu+mic_r is reported to LoRa gateway by 8 nodes of y group LoRa node in a manner of LoRa respectively;
LoRa gateway is encapsulated as " r_apdu " JSON for 8 nodes return state of 8 LoRa nodes of y group
Object;
Server receives " r_apdu_x_y " JSON object of LoRa gateway PUSH_DATA, first does base64 decoding, and test
Demonstrate,prove the correctness of mic_gw;
Encryption equipment first uses the key of oneself to generate mic_rr, if mic_rr=mic_r, decrypts r_apdu;
So far, server receives the execution state R_APDU that 8 nodes of y group LoRa node report.
On the basis of above scheme, the chip card includes smart card, electronic tag, MCU and M2M card.
The invention also discloses a kind of chip card card producing system based on wireless communication technique, comprising:
Server, the server include server host, encryption equipment and fingerprint capturer;
LoRa gateway, the LoRa gateway include: arm processor, SAM security module, LoRa gateway communication module and day
Line, LoRa communication module and antenna and Ethernet/WiFi module;
Executing agency's component, executing agency's component include: arm processor, SAM security module, LoRa communication module
And antenna and executing agency;
LoRa node, the LoRa node include: microprocessor, SAM security module, LoRa communication module and antenna, core
Piece card module for reading and writing and chip card read/write head.
On the basis of above scheme, the system comprises multiple LoRa nodes;Every 8 LoRa nodes are a LoRa section
Point group, reports write card-like state parallel.
Compared with prior art, advantages of the present invention is as follows:
The present invention is by the communication mode between the chip card read/write head of existing chip card card maker and control computer by sliding
Ring type cable connection is changed to by the way of LoRa and GFSK wireless communication, had both remained the institute of rotary platform type card maker
There is advantage, and thoroughly solving signal interference and poor contact etc. leads to the factor of fault in production, to greatly improve life
Produce efficiency;Solves the problem of data safety of chip card fabrication link using SAM technology, to improve production efficiency and reliable
Property and the safety that ensure that data.
Detailed description of the invention
Fig. 1 is that the process of chip card fabrication method of the embodiment of the present invention based on wireless communication technique and SAM technology is illustrated
Figure;
Fig. 2 is the functional block diagram of chip card card producing system of the embodiment of the present invention based on wireless communication technique and SAM technology;
Fig. 3 is that one frame APDU data of the embodiment of the present invention write card timing diagram;
Fig. 4 is that stellate reticulum of embodiment of the present invention nodal parallel writes card NAK schematic diagram;
Fig. 5 is the first group node of stellate reticulum of embodiment of the present invention concurrent write card ACK schematic diagram;
Fig. 6 is concurrent write card ACK schematic diagram in stellate reticulum of embodiment of the present invention node group;
Fig. 7 serial write card ACK schematic diagram between stellate reticulum of embodiment of the present invention node group;
Fig. 8 is node of embodiment of the present invention communication chip SX1268 inner frame figure;
Fig. 9 is gateway communication of embodiment of the present invention chip SX1301 receive capabilities schematic diagram.
Wherein, 1- server, 11- server host, 12- encryption equipment, 13- fingerprint capturer, 2-LoRa gateway, 21-ARM
Processor, 22-SAM security module, 23-LoRa gateway communication mould, 231- antenna, 24-LoRa communication module, 241- antenna, 25-
Ethernet/WiFi module, 3-LoRa node, 31- microprocessor, 32-SAM security module, 33-LoRa communication module, 331- days
Line, 34- chip card module for reading and writing, 35- chip card read/write head, 4- executing agency component, 41-ARM processor, the safe mould of 42-SAM
Block, 43-LoRa communication module, 431- antenna, 44- executing agency.
Specific embodiment
Term is explained:
LoRa:LoRa is a kind of technology for being exclusively used in radio modem issued by Semtch company, also known as remotely
Wireless radio-frequency (Long Range), it has merged digital spread spectrum, Digital Signal Processing and forward error correction coding technology simultaneously,
Low capacity data are transferred out by large-scale radio-frequency spectrum using high spreading factor.
FSK (Frequency-shiftkeying, frequency shift keying) is the frequency that modulation carrier wave is removed with digital signal.FSK tune
The major advantage of mode processed is: it implements and is easier to, the better performances of antinoise and anti-attenuation.
GFSK (Gauss frequency ShiftKeying, GFSK Gaussian Frequency Shift Keying) is before modulation by a height
This low-pass filter limits the spectrum width of signal.With permanent width envelope, the wireless communications system such as power spectrum is concentrated, frequency spectrum is relatively narrow
Characteristic desired by uniting.
In order to make the objectives, technical solutions, and advantages of the present invention clearer, with reference to the accompanying drawings and embodiments, right
The present invention is further elaborated.It should be appreciated that described herein, specific examples are only used to explain the present invention, not
For limiting the present invention.
Embodiment one
The embodiment of the present invention provides a kind of chip card fabrication method based on wireless communication technique and SAM technology, work
Process, as shown in Figure 1, comprising the following steps:
S1, device power, operator's fingerprint login service device;
S2, server and LoRa gateway mutual identity authentication;And key dispersion is respectively done, obtain respective session key;
S3, server (through the transfer of LoRa gateway) and executing agency's component mutual identity authentication;And key dispersion is respectively done,
Obtain respective session key;
S4, server (through the transfer of LoRa gateway) successively with each LoRa node mutual identity authentication;And it respectively does close
Key dispersion, obtains respective session key;It should be noted that S2-S4 is only carried out once when booting powers on;
S5, server (through the transfer of LoRa gateway) are given up to corresponding actions to executing agency's component and are instructed, executing agency's group
Part executes corresponding actions, and chip card to be produced is sent to respective chip card read/write head;
S6, server (through the transfer of LoRa gateway) Xiang Suoyou LoRa node issue a frame and write card ciphertext data and MIC verifying
Code, LoRa gateway issue data in such a way that GFSK/505.3MHz/300kbps is sent, and in addition to last frame, every frame data are
Fixed-length data packet, data length are 0xF9 (+4 byte of APDU data ciphertext of the APDU command header ciphertext+0xF0 of 5 bytes
MIC code);Last frame is as being then variable-length packet less than 0xF9;
Correctness of S7, LoRa node according to CRC validation communication, the validity and integrality according to MIC code verify data,
And solve card for writing in invisibleness data ciphertext;
S8, LoRa node will write card data write-in chip card;
S9, first group of 8 node report in such a way that LoRa/ frequency point 1x/BW125kHz/SF7 is sent writes card-like state;
S10, server (through the transfer of LoRa gateway) with LoRa/500kHz/SF5 sending method be grouped successively (in group it is parallel,
It is serial between group) it issues to take to LoRa node and writes card status command;
S11, LoRa node (through the transfer of LoRa gateway) are grouped with LoRa/125kHz/SF7 sending method successively to server
It reports and writes card-like state;
S12, it returns to step S10 and continues aforesaid operations, until all nodes report and write card-like state and finish;
S13, step S6 continuation aforesaid operations are returned to, until all writing operations are completed;
S14, foundation write card-like state, and server (through the transfer of LoRa gateway) is assigned corresponding actions to executing agency's component and referred to
It enables, card is placed individually into certified products card slot and waste product card slot by executing agency's component.
S15, step S5 continuation aforesaid operations are returned to, until this batch (teams and groups) all cards productions are completed.
In above-mentioned steps, chip card includes smart card, electronic tag, MCU and M2M card etc..
Spread spectrum communication has the advantage that
1. transmission power density is low, it is not easy to interfere other equipment;
2. a possibility that confidentiality is high, is trapped is extremely low;
3. strong antijamming capability has extremely strong rejection ability to co-channel interference and various noises;
4. having fabulous Effect of Carrier Frequency Offset.
Spread spectrum communication strong interference immunity, concealment, the excellent performance feature of good confidentiality, keep it extensive in every field
Using.
LoRa technology greatly improves installation environment complexity, blocking capability and interferes the data under overall situation to pass by force, with diameter
Defeated reliability and remote transmission ability.
Using LoRa wireless communication technique, using licensed band is exempted from, free, wireless communication is realized, installation procedure is simple, nothing
It need to be routed in advance, mobility is good, communications cost is low, communication distance is remote, low in energy consumption, strong antijamming capability.
The present invention is by the communication mode between the chip card read/write head of existing chip card card maker and control computer by sliding
Ring type cable connection is changed to by the way of LoRa and GFSK wireless communication, had both remained the institute of rotary platform type card maker
There is advantage, and thoroughly solving signal interference and poor contact etc. leads to the factor of fault in production, to greatly improve life
Produce efficiency;Solves the problem of data safety of chip card fabrication link using SAM technology, to improve production efficiency and reliable
Property and the safety that ensure that data.
Embodiment two
The embodiment of the present invention provides a kind of chip card card producing system based on wireless communication technique and SAM technology.By function
It divides, as shown in Fig. 2, including consisting of part:
Server 1 includes: server host 11, encryption equipment 12 and fingerprint capturer 13.
LoRa gateway 2 include: arm processor 21, SAM security module 22, LoRa gateway communication module 23 and antenna 231,
LoRa communication module 24 and antenna 241 and Ethernet/WiFi module 25.
Executing agency's component 4 includes: arm processor 41,431 and of SAM security module 42, LoRa communication module 43 and antenna
Executing agency 44.
LoRa node 3 includes: microprocessor 31, SAM security module 32, LoRa communication module 33 and antenna 331, chip card
Module for reading and writing 34 and chip card read/write head 35.
One chip card card maker may include multiple chip card module for reading and writing, generally 32 or 64.
To improve communication efficiency, every 8 LoRa nodal parallels, which report, writes card-like state, and 8 LoRa nodes are known as one
LoRa node group, i.e. LoRa node group 1 (LoRa 11~LoRa of node node 18)~LoRa node group 4 (LoRa node 41~
LoRa node 48) or LoRa node group 1~LoRa node group 8 (LoRa 81~LoRa of node node 88).
Dotted line frame in attached drawing 2 is a card maker control section functional schematic, and a server can control more
Card maker.
Embodiment three
One frame data of the embodiment of the present invention write card timing, as shown in Figure 3, comprising the following steps:
All LoRa node SX1268 are switched to GFSK/505.3MHz/300kbps reception state, wait LoRa net to be received
It closes the APDU issued and writes card data;
LoRa gateway SX1268 sends a frame APDU with GFSK/505.3MHz/300kbps and writes card data, a maximum frame number
It is about 16.5ms according to the air transmission time;Then, LoRa gateway SX1301 is switched to 8 tunnel LoRa/ frequency range 1/BW125kHz simultaneously
Row reception mode waits what LoRa node group 1 to be received reported to write card-like state;
LoRa node receives APDU and writes card data, and bootrom card module for reading and writing writes card;Write card completion, LoRa node group
1SX1268 starting each node frequency point/BW125kHz/SF7 mode of LoRa/, which is sent, writes card-like state;
LoRa gateway SX1301 is received after 8 tunnels that LoRa node group 1 reports write card-like state, starts SX1268 with LoRa/
500.5MHz/BW500kHz/SF5 (62.5kbps) sending method issues to take to LoRa node group 2 writes card status command;Then,
LoRa gateway SX1301 is switched to 8 tunnel LoRa/ frequency range 2/BW125kHz and receives mode parallel, waits in LoRa node group 2 to be received
Report writes card-like state;
It receives mode at this point, LoRa node group 2SX1268 has been turned on LoRa/500.5MHz/BW500kHz/SF5 and waits and connecing
Receive the instruction that LoRa gateway issues;After taking of receiving that LoRa gateway issues writes card status command, LoRa node group 2SX1268 starting
Each node frequency point/BW125kHz/SF7 sending method of LoRa/ is reported to LoRa gateway writes card-like state;
Aforesaid operations are repeated, until:
LoRa gateway SX1301 is received after 8 tunnels that LoRa node group 7 reports write card-like state, starts SX1268 with LoRa/
501.7MHz/BW500kHz/SF5 (62.5kbps) sending method issues to take to LoRa node group 8 writes card status command;Then,
LoRa gateway SX1301 is switched to 8 tunnel LoRa/ frequency range 8/BW125kHz and receives mode parallel, waits in LoRa node group 8 to be received
Report writes card-like state;
It receives mode at this point, LoRa node group 8SX1268 has been turned on LoRa/501.7MHz/BW500kHz/SF5 and waits and connecing
Receive the instruction that LoRa gateway issues;After taking of receiving that LoRa gateway issues writes card status command, LoRa node group 8SX1268 starting
Each node frequency point/BW125kHz/SF7 sending method of LoRa/ is reported to LoRa gateway writes card-like state;
LoRa gateway SX1301 is received after 8 tunnels that LoRa node group 8 reports write card-like state, forwards LoRa node to server
Write card-like state;
So far, that completes a frame APDU data writes card process;Then start that next frame APDU writes card data issues process.
Example IV
The derivative of mutual identity authentication and session key between server and LoRa gateway executes step specifically:
Server takes the random number rnd_gw of 16 bytes from encryption equipment, encapsulates " authen_gw " JSON object:
Wherein, authen_gw.data is the base64 coding of srnd_gw:
Srnd_gw=aes128_encrypt (AppKey_w, rnd_gw)
Authen_gw.MIC is the base64 coding of MIC:
Cmac=aes128_cmac (NwkKey_w, " authen_gw " | srnd_gw)
MIC=cmac [0..3]
LoRa gateway receives " authen_gw " JSON object of server PULL_RESP, first does base64 decoding;
Then the correctness of verifying MIC, if MIC is correct, then the legitimacy of accredited services device and authen_gw.data
Correctness;
SAM security module decryption srnd_gw obtains rnd_gw:
Rnd_gw=aes128_decrypt (AppKey_w, srnd_gw)
LoRa gateway SAM security module disperses AppKey_W respectively with rnd_gw and NwkKey_W obtains session key
AppSKey_W and NwkSKey_W:
AppSKey_W=aes128_encrypt (AppKey_W, rnd_gw)
NwkSKey_W=aes128_encrypt (NwkKey_W, rnd_gw)
LoRa gateway encapsulates " resp_gw " JSON object:
Wherein, resp_gw.data is the base64 coding of srnd_gw1:
Srnd_gw1=aes128_encrypt (AppSKey_w, rnd_gw)
Resp_gw.MIC is the base64 coding of MIC:
Cmac=aes128_cmac (NwkSKey_w, " resp_gw " | srnd_gw1)
MIC=cmac [0..3]
Server receives " resp_gw " JSON object of LoRa gateway PUSH_DATA, first does base64 decoding;
Encryption equipment with the rnd_gw of oneself disperse respectively AppKey_W and NwkKey_W obtain session key AppSKey_W and
NwkSKey_W:
AppSKey_W=aes128_encrypt (AppKey_W, rnd_gw)
NwkSKey_W=aes128_encrypt (NwkKey_W, rnd_gw)
Then it verifies the correctness of MIC and decrypts srnd_gw1, such as MIC1=MIC and rnd_gw1=rnd_gw, then approve
The legitimacy of LoRa gateway:
Cmac=aes128_cmac (NwkSKey_w, " resp_gw " | srnd_gw1)
MIC1=cmac [0..3]
Rnd_gw1=aes128_decrypt (AppSKey_w, srnd_gw1)
Embodiment five
It is specific to execute step for the derivative of mutual identity authentication and session key between server and executing agency's component
Are as follows:
Server takes the random number rnd_d of 16 bytes from encryption equipment, encapsulates one " authen_device " JSON pairs
As:
Wherein, authen_device.data is the base64 coding of srnd_d+mic_d:
Srnd_d=aes128_encrypt (AppKey_d, rnd_d)
Cmac_d=aes128_cmac (NwkKey_d, srnd_d)
Mic_d=cmac_d [0..3]
Authen_device.MIC is the base64 coding of MIC:
Cmac=aes128_cmac (NwkSKey_W, " authen_device " | srnd_d | mic_d)
MIC=cmac [0..3]
LoRa gateway receives " authen_device " JSON object of server PULL_RESP, first does base64 decoding;
Then the correctness for verifying MIC does not then do the base64 decoding of authen_device.data if MIC is correct
Executing agency's component is analytically transmitted in a manner of LoRa.
Executing agency's component receives the base64 decoding of authen_device.data, first verifies mic_d:
Cmac_d1=aes128_cmac (NwkKey_d, srnd_d)
Mic_d1=cmac_d [0..3]
Such as mic_d1=mic_d, then the legitimacy of accredited services device and srnd_d is effective, decryption srnd_d obtains rnd_d:
Rnd_d=aes128_decrypt (AppKey_d, srnd_d)
Executing agency's component SAM security module disperses AppKey_D respectively with rnd_d and NwkKey_D obtains session key
AppSKey_D and NwkSKey_D:
AppSKey_D=aes128_encrypt (AppKey_D, rnd_d)
NwkSKey_D=aes128_encrypt (NwkKey_D, rnd_d)
SAM security module encryption rnd_d simultaneously generates mic:
Srnd_dd=aes128_encrypt (AppSKey_D, rnd_d)
Cmac_dd=aes128_cmac (NwkSKey_D, srnd_d)
Mic_dd=cmac_dd [0..3]
Srnd_dd+mic_dd is reported to LoRa gateway by executing agency's component in a manner of LoRa.
LoRa gateway encapsulates " resp_device " JSON object:
Wherein, resp_device.data is the base64 coding of srnd_dd+mic_dd, and LoRa gateway does not parse srnd_
Dd and mic_dd only does base64 coding.
Resp_device.MIC is the base64 coding of mic_gw, and mic_gw is generated by LoRa gateway:
Cmac_gw=aes128_cmac (NwkSKey_w, " resp_device " | srnd_dd | mic_dd)
Mic_gw=cmac [0..3]
Server receives " resp_device " JSON object of LoRa gateway PUSH_DATA, first does base64 decoding, and
Verify the correctness of mic_gw;
Encryption equipment with the rnd_d of oneself disperse respectively AppKey_D and NwkKey_D obtain session key AppSKey_D and
NwkSKey_D:
AppSKey_D=aes128_encrypt (AppKey_D, rnd_d)
NwkSKey_D=aes128_encrypt (NwkKey_D, rnd_d)
Then it verifies the correctness of mic_dd and decrypts srnd_dd, such as mic_dd1=mic_dd and rnd_dd1=rnd_
Dd then approves the legitimacy of executing agency's component:
Cmac_dd1=aes128_cmac (NwkSKey_D, srnd_dd)
Mic_dd1=cmac_dd1 [0..3]
Rnd_dd1=aes128_decrypt (AppSKey_D, srnd_dd)
Embodiment six
It is specific to execute step for the derivative of mutual identity authentication and session key between server and each LoRa node
Are as follows:
Server mutual identity authentication and derivative session key between each LoRa node respectively, are server below
The specific steps of the derivative execution of mutual identity authentication and session key between one of LoRa node (node 11)
(the derivative execution step of mutual identity authentication and session key between other nodes and server is identical with this):
Server takes the random number rnd_n1 and rnd_n2 of two group of 16 byte respectively from encryption equipment, encapsulates one
" authen_node1 " JSON object:
Wherein, authen_node11.data is the base64 coding of srnd_n1+mic_n1+srnd_n2+mic_n2:
Srnd_n1=aes128_encrypt (AppKey_n11, rnd_n1)
Cmac_n1=aes128_cmac (NwkKey_n11, srnd_n1)
Mic_n1=cmac_n1 [0..3]
Srnd_n2=aes128_encrypt (AppKey_N1, rnd_n2)
Cmac_n2=aes128_cmac (NwkKey_N1, srnd_n2)
Mic_n2=cmac_n2 [0..3]
Authen_node11.MIC is the base64 coding of MIC:
Cmac=aes128_cmac (NwkSKey_W, " authen_node1 " | srnd_n1 |
mic_n1|srnd_n2|mic_n2)
MIC=cmac [0..3]
LoRa gateway receives " authen_node11 " JSON object of server PULL_RESP, first does base64 decoding;
Then the correctness for verifying MIC does not then do the base64 decoding of authen_node11.data if MIC is correct
LoRa node 11 is analytically transmitted in a manner of LoRa.
LoRa node 11 receives the base64 decoding of authen_node11.data, first separately verifies mic_n1 and mic_
N2:
Cmac_n11=aes128_cmac (NwkKey_n11, srnd_n1)
Mic_n11=cmac_n11 [0..3]
Cmac_n22=aes128_cmac (NwkKey_N1, srnd_n2)
Mic_n22=cmac_n22 [0..3]
Such as mic_n11=mic_n1 and mic_n22=mic_n2, then the legitimacy of accredited services device and srnd_n1 and
Srnd_n2 is effective, decrypts srnd_n1 and srnd_n2 respectively and obtains rnd_n1 and rnd_n2:
Rnd_n1=aes128_decrypt (AppKey_n11, srnd_n1)
Rnd_n2=aes128_decrypt (AppKey_N1, srnd_n2)
The SAM security module of LoRa node 11 disperses AppKey_N respectively with rnd_n1 and NwkKey_N obtains session key
AppSKey_N and NwkSKey_N:
AppSKey_N=aes128_encrypt (AppKey_N, rnd_n1)
NwkSKey_N=aes128_encrypt (NwkKey_N, rnd_n1)
The SAM security module of LoRa node 1 disperses AppKey_N1 and NwkKey_N1 with rnd_n2 respectively, and to obtain session close
Key AppSKey_N1 and NwkSKey_N1:
AppSKey_N1=aes128_encrypt (AppKey_N1, rnd_n2)
NwkSKey_N1=aes128_encrypt (NwkKey_N1, rnd_n2)
SAM security module encryption rnd_n1 and rnd_n2 simultaneously generates mic_n111 and mic_n222:
Srnd_n111=aes128_encrypt (AppSKey_N, rnd_n1)
Cmac_n111=aes128_cmac (NwkSKey_N, srnd_n1)
Mic_n111=cmac_n111 [0..3]
Srnd_n222=aes128_encrypt (AppSKey_N1, rnd_n2)
Cmac_n222=aes128_cmac (NwkSKey_N1, srnd_n2)
Mic_n222=cmac_n222 [0..3]
Srnd_111+mic_111+srnd_222+mic_222 is reported to LoRa net by LoRa node 1 in a manner of LoRa
It closes.
LoRa gateway encapsulates " resp_node11 " JSON object:
Wherein, resp_node11.data is the base64 coding of srnd_111+mic_111+srnd_222+mic_222,
LoRa gateway does not parse, and only does base64 coding.
Resp_node11.MIC is the base64 coding of mic_gw, and mic_gw is generated by LoRa gateway:
Cmac_gw=aes128_cmac (NwkSKey_w, " resp_node11 " | srnd_111 | mic_111 | srnd_
222|mic_222)
Mic_gw=cmac [0..3]
Server receives " resp_node11 " JSON object of LoRa gateway PUSH_DATA, first does base64 decoding, and
Verify the correctness of mic_gw;
Encryption equipment with the rnd_n1 of oneself disperse respectively AppKey_N and NwkKey_N obtain session key AppSKey_N and
NwkSKey_N:
AppSKey_N=aes128_encrypt (AppKey_N, rnd_n1)
NwkSKey_N=aes128_encrypt (NwkKey_N, rnd_n1)
Encryption equipment disperses AppKey_N1 and NwkKey_N1 with the rnd_n2 of oneself respectively and obtains session key AppSKey_
N1 and NwkSKey_N1:
AppSKey_N1=aes128_encrypt (AppKey_N1, rnd_n2)
NwkSKey_N1=aes128_encrypt (NwkKey_N1, rnd_n2)
Then it verifies the correctness of mic_n111 and mic_n222 and decrypts srnd_n111 and srnd_n222, such as mic_
N111 and mic_n222 are correct, and rnd_n1111=rnd_n111 and rnd_n2222=rnd_n222 then approve LoRa node 1
Legitimacy:
Cmac_n1111=aes128_cmac (NwkSKey_N, srnd_n111)
Mic_n1111=cmac_n1111 [0..3]
Rnd_n1111=aes128_decrypt (AppSKey_N, srnd_n111)
Cmac_n2222=aes128_cmac (NwkSKey_N1, srnd_n222)
Mic_n2222=cmac_n2222 [0..3]
Rnd_n2222=aes128_decrypt (AppSKey_N1, srnd_n222).
Embodiment seven:
LoRa between server and executing agency's component communicate be ciphertext+MIC mode, and through LoRa gateway transfer,
It executes step specifically:
Server encapsulates " command_device " JSON object:
Wherein, command_device.data is the base64 coding of command+mic_d, and COMMAND is under server
Issue the command code of executing agency's component:
Command=aes128_encrypt (AppSKey_D, COMMAND)
Cmac_d=aes128_cmac (NwkSKey_D, command)
Mic_d=cmac_d [0..3]
Command_device.MIC is the base64 coding of MIC:
Cmac=aes128_cmac (NwkSKey_W, " command_device " | command |
mic_d)
MIC=cmac [0..3]
LoRa gateway receives " command_device " JSON object of server PULL_RESP, first does base64 decoding;
Then the correctness for verifying MIC does not then do the base64 decoding of command_device.data if MIC is correct
Executing agency's component is analytically transmitted in a manner of LoRa.
Executing agency's component receives the base64 decoding of command_device.data, first verifies mic_d:
Cmac_d1=aes128_cmac (NwkSKey_D, command)
Mic_d1=cmac_d [0..3]
Such as mic_d1=mic_d, command is effective, and decryption command obtains COMMAND:
COMMAND=aes128_decrypt (AppSKey_D, command)
Executing agency's component executes movement as defined in COMMAND, and the state encoding STATUS after execution is reported to clothes
Business device:
SAM security module encrypts STATUS, and generates mic_sta:
Status=aes128_encrypt (AppSKey_D, STATUS)
Cmac_sta=aes128_cmac (NwkSKey_D, status)
Mic_sta=cmac_sta [0..3]
Status+mic_sta is reported to LoRa gateway by executing agency's component in a manner of LoRa.
LoRa gateway encapsulates " status_device " JSON object:
Wherein, status_device.data is the base64 coding of status+mic_sta, and LoRa gateway does not parse
Status and mic_sta only does base64 coding.
Status_device.MIC is the base64 coding of mic_gw, and mic_gw is generated by LoRa gateway:
Cmac_gw=aes128_cmac (NwkSKey_W, " status_device " | status |
mic_sta)
Mic_gw=cmac_gw [0..3]
Server receives " status_device " JSON object of LoRa gateway PUSH_DATA, first does base64 decoding,
And verify the correctness of mic_gw;
Encryption equipment first uses the key of oneself to generate mic_sta1, and such as mic_sta1=mic_sta illustrates the status received
Correctly, status is decrypted:
Cmac_sta1=aes128_cmac (NwkSKey_D, status)
Mic_sta1=cmac_sta1 [0..3]
STATUS=aes128_decrypt (AppSKey_D, status)
So far, server obtains the execution state STATUS that executing agency's component reports.
Embodiment eight:
It is that the mode of ciphertext+MIC is held and through LoRa gateway transfer that LoRa between server and LoRa node, which is communicated,
Row step specifically:
Server prepares to take the R_APDU response of 8 nodes (node y1~y8) of y group LoRa node, encapsulates one
" get_x_y " JSON object:
Wherein, x is the C_APDU serial number of 2 bytes, and y is LoRa node group serial number (02~08), such as: get_0001_02, c_
Apdu_0100_08 etc.;
Get_x_y.data is the base64 coding of get_r_apdu+mic_get:
Get_r_apdu=aes128_encrypt (AppSKey_Ny, " get_ " | x | " _ " | y)
Cmac_get=aes128_cmac (NwkSKey_Ny, get_r_apdu)
Mic_get=cmac_get [0..3]
Get_x_y.MIC is the base64 coding of MIC:
Cmac=aes128_cmac (NwkSKey_W, " get_x_y " | get_r_apdu)
MIC=cmac [0..3]
LoRa gateway receives " get_x_y " JSON object of server PULL_RESP, first does base64 decoding;
Then the correctness for verifying MIC does not then do the base64 decoding of get_x_y.data analytically if MIC is correct
Y group LoRa node is transmitted in a manner of LoRa.
LoRa node receives the base64 decoding of get_x_y.data, first verifies mic_get:
Cmac_get1=aes128_cmac (NwkSKey_Ny, get_r_apdu)
Mic_get1=cmac_get1 [0..3]
Such as mic_get1=mic_get, then get_r_apdu is effective, and decryption get_x_y obtains get_command:
Get_command=aes128_decrypt (AppSKey_Ny, get_r_apdu)
The R_APDU that chip card returns is reported to service respectively by 8 nodes (node y1~y8) of y group LoRa node
Device:
SAM security module encrypts R_APDU, and generates mic_r:
R_apdu=aes128_encrypt (AppSKey_Ny, x | z | R_APDU)
Cmac_r=aes128_cmac (NwkSKey_Ny, r_apdu)
Mic_r=cmac_r [0..3]
Wherein, x is the serial number of the C_APDU of 2 bytes, such as 0001,0100;
Z is the node number of 1 byte, z=y1~y8 (y=2~8).
8 nodes (node y1~y8) of y group LoRa node are respectively reported r_apdu+mic_r in a manner of LoRa
Give LoRa gateway.
LoRa gateway is encapsulated as one for 8 nodes (node y1~y8) return state of 8 LoRa nodes of y group
" r_apdu " JSON object:
Wherein, r_apdu_x_y.data is the base64 coding of r_apdu, and r_apdu_x_y.mic is mic_r
Base64 coding, LoRa gateway do not parse r_apdu and mic_r, only do base64 coding.
R_apdu_x_y.MIC is the base64 coding of mic_gw, and mic_gw is generated by LoRa gateway:
Cmac_gw=
aes128_cmac(NwkSKey_W,"r_apdu_x_y"|r_apdu1|
mic_r1|...|r_apdu8|mic_r8)
Mic_gw=cmac_gw [0..3]
Server receives " r_apdu_x_y " JSON object of LoRa gateway PUSH_DATA, first does base64 decoding, and test
Demonstrate,prove the correctness of mic_gw;
Encryption equipment first uses the key of oneself to generate mic_rr, such as mic_rr=mic_r, illustrates that the r_apdu received is correct,
Decrypt r_apdu:
Cmac_rr=aes128_cmac (NwkSKey_Ny, r_apdu)
Mic_rr=cmac_rr [0..3]
X | z | R_APDU=aes128_decrypt (AppSKey_Ny, r_apdu)
So far, server receives the execution state R_ that 8 nodes (node y1~y8) of y group LoRa node report
APDU。
Embodiment nine
The embodiment of the present invention provides a kind of radial network GFSK mode concurrent write card schematic diagram, as shown in figure 4, illustrate as
Under:
Server encapsulates " c_apdu_x " JSON object:
Wherein, x is the C_APDU serial number of 2 bytes, such as: c_apdu_0001, c_apdu_0100;
C_apdu_x.data is the base64 coding of c_apdu+mic_apdu, and C_APDU is that server is handed down to LoRa section
One APDU of point writes card data:
C_apdu=aes128_encrypt (AppSKey_N, x | C_APDU)
Cmac_apdu=aes128_cmac (NwkSKey_N, c_apdu)
Mic_apdu=cmac_apdu [0..3]
C_apdu_x.MIC is the base64 coding of MIC:
Cmac=aes128_cmac (NwkSKey_W, " c_apdu_x " | c_apdu | mic_apdu)
MIC=cmac [0..3]
LoRa gateway receives " c_apdu_x " JSON object of server PULL_RESP, first does base64 decoding;
Then the correctness for verifying MIC does not then do the base64 decoding of c_apdu_x.data analytically if MIC is correct
All LoRa nodes are transmitted in such a way that GFSK/505.3MHz/300kbps is sent.
Embodiment ten
Radial network LoRa mode of the embodiment of the present invention takes first group of LoRa node to write card status diagram parallel, such as Fig. 5 institute
Show, be described as follows:
Example is connected, LoRa node receives the c_ that LoRa gateway issues in such a way that GFSK/505.3MHz/300kbps is received
The base64 of apdu_x.data is decoded, and first verifies mic_apdu:
Cmac_ap=aes128_cmac (NwkSKey_N, c_apdu)
Mic_ap=cmac_ap [0..3]
Such as mic_ap=mic_apdu, then c_apdu is effective, and decryption c_apdu obtains C_APDU:
X | C_APDU=aes128_decrypt (AppSKey_N, c_apdu)
C_APDU is sent to chip card and completes writing operation by LoRa node chip card module for reading and writing.
The R_APDU that chip card returns is reported to clothes respectively by 8 LoRa nodes (node 11~18) of LoRa node group 1
Business device:
SAM security module encrypts R_APDU, and generates mic_r:
R_apdu=aes128_encrypt (AppSKey_N1, x | y | R_APDU)
Cmac_r=aes128_cmac (NwkSKey_N1, r_apdu)
Mic_r=cmac_r [0..3]
Wherein, x is the serial number of the C_APDU of 2 bytes, such as 0001,0100;
Y is the node number of 1 byte, y=11~18.
8 LoRa nodes (node 11~18) of LoRa node group 1 are respectively by r_apdu+mic_r with LoRa/ frequency point y/
The mode of BW125kHz/SF7 is reported to LoRa gateway.
LoRa gateway receives 8 of LoRa node group 1 in such a way that 8 tunnel LoRa/ frequency range 1/BW125kHz is received parallel
The R_APDU that LoRa node reports is encapsulated as " r_apdu " JSON object:
Wherein, r_apdu_x_01.data is the base64 coding of r_apdu, and r_apdu_x_01.mic is mic_r
Base64 coding, LoRa gateway do not parse r_apdu and mic_r, only do base64 coding.
R_apdu_x_01.MIC is the base64 coding of mic_gw, and mic_gw is that MIC signature is generated by LoRa gateway:
Cmac_gw=
aes128_cmac(NwkSKey_W,"r_apdu_x_01"|r_apdu1|mic_r1|...|r_apdu8|mic_
r8)
Mic_gw=cmac_gw [0..3]
Server receives " r_apdu_x_01 " JSON object of LoRa gateway PUSH_DATA, first does base64 decoding, and
Verify the correctness of mic_gw;
Encryption equipment first uses the key of oneself to generate mic_rr, such as mic_rr=mic_r, illustrates that the r_apdu received is correct,
Decrypt r_apdu:
Cmac_rr=aes128_cmac (NwkSKey_N1, r_apdu)
Mic_rr=cmac_rr [0..3]
X | y | R_APDU=aes128_decrypt (AppSKey_N1, r_apdu)
So far, server receives the execution state R_APDU that 8 nodes of LoRa node group 1 report.
Embodiment 11
What radial network LoRa mode of the embodiment of the present invention took each LoRa node group (not including LoRa node group 1) parallel writes card
Status diagram, as shown in fig. 6, being described as follows:
Server prepares to take the R_APDU response of the C_APDU of the serial number k of LoRa node group x, encapsulates " a get_y_
X " JSON object:
Wherein, k is the C_APDU serial number of 2 bytes, and x is LoRa node group serial number (x=02~08), such as: get_0001_
02, c_apdu_0100_08 etc.;
Get_k_x.data is the base64 coding of get_r_apdu+mic_get:
Get_r_apdu=aes128_encrypt (AppSKey_Nx, " get_ " | k | " _ " | x)
Cmac_get=aes128_cmac (NwkSKey_Nx, get_r_apdu)
Mic_get=cmac_get [0..3]
Get_k_x.MIC is the base64 coding of MIC:
Cmac=aes128_cmac (NwkSKey_W, " get_k_x " | get_r_apdu)
MIC=cmac [0..3]
LoRa gateway receives " get_k_x " JSON object of server PULL_RESP, first does base64 decoding;
Then the correctness for verifying MIC does not then do the base64 decoding of get_k_x.data analytically if MIC is correct
LoRa node group x is transmitted in such a way that LoRa/ centre frequency x/BW500kHz/SF5 is sent, in which: centre frequency x=
(500.3MHz+ x-1) * 200kHz, x=2,3 ,~8.
LoRa node group x receives the base64 decoding of get_k_x.data, first verifies mic_get:
Cmac_get1=aes128_cmac (NwkSKey_Nx, get_r_apdu)
Mic_get1=cmac_get1 [0..3]
Such as mic_get1=mic_get, then get_r_apdu is effective, and decryption get_k_x obtains get_command:
Get_command=aes128_decrypt (AppSKey_Nx, get_r_apdu)
The R_APDU that chip card returns is reported to server respectively by 8 nodes (node x1~x8) of LoRa node group x:
SAM security module encrypts R_APDU, and generates mic_r:
R_apdu=aes128_encrypt (AppSKey_Nx, k | y | R_APDU)
Cmac_r=aes128_cmac (NwkSKey_Nx, r_apdu)
Mic_r=cmac_r [0..3]
Wherein, k is the serial number of the C_APDU of 2 bytes, such as 0001,0100;
Y is the node number of 1 byte, such as 21~28,31~38...81~88.
8 nodes (node x1~x8) of LoRa node group x are respectively by r_apdu+mic_r with LoRa/ frequency point xy/
The mode of BW125kHz/SF7 is reported to LoRa gateway.
Wherein: frequency point xy=470.3MHz+ (x-1) * 1.6MHz+ (y-1) * 200kHz, x=2~8, y=1~8.
8 LoRa nodes that LoRa gateway receives LoRa node group x in such a way that LoRa/ frequency range x/BW125kHz is received return
That returns writes card-like state, and is encapsulated as " r_apdu " JSON object:
Wherein, r_apdu_k_x.data is the base64 coding of r_apdu, and r_apdu_k_x.mic is mic_r
Base64 coding, LoRa gateway do not parse r_apdu and mic_r, only do base64 coding.
R_apdu_k_x.MIC is the base64 coding of mic_gw, and mic_gw is to generate MIC identifying code by LoRa gateway:
Cmac_gw=
aes128_cmac(NwkSKey_W,"r_apdu_k_x"|r_apdu1|mic_r1|...|r_apdu8|mic_r8)
Mic_gw=cmac_gw [0..3]
Server receives " r_apdu_k_x " JSON object of LoRa gateway PUSH_DATA, first does base64 decoding, and test
Demonstrate,prove the correctness of mic_gw;
Encryption equipment first uses the key of oneself to generate mic_rr, such as mic_rr=mic_r, illustrates that the r_apdu received is correct,
Decrypt r_apdu:
Cmac_rr=aes128_cmac (NwkSKey_Nx, r_apdu)
Mic_rr=cmac_rr [0..3]
K | y | R_APDU=aes128_decrypt (AppSKey_Nx, r_apdu)
So far, server receives the execution state R_APDU that 8 nodes of LoRa node group x report.
Embodiment 12
Radial network LoRa mode of the embodiment of the present invention serially takes each LoRa node group to write card status diagram, as shown in fig. 7,
It is described as follows:
As described in above embodiments nine, ten and 11:
Firstly, LoRa gateway issues in such a way that GFSK/505.3MHz/300kbps is sent to all LoRa nodal parallels
One frame APDU writes card data;
LoRa node receives the APDU that LoRa gateway issues in such a way that GFSK/505.3MHz/300kbps is received and writes card number
According to rear, starting writing operation;
It writes card to finish, mode of the LoRa node group 1 in a manner of LoRa/ frequency point 1y/BW125kHz/SF7 is on LoRa gateway
Report writes card-like state;Wherein, frequency point 1y=470.3MHz+ (y-1) * 200kHz, y=1~8;
LoRa gateway receives 8 sections of LoRa node group 1 in such a way that 8 tunnel LoRa/ frequency range 1/BW125kHz is received parallel
What point reported writes card-like state (wherein, frequency range 1 supports frequency point 11 to frequency point 18).
Later, LoRa gateway is issued to take and be write in such a way that LoRa/500.5MHz/BW500kHz/SF5 is sent to node group 2
Card status command;
8 nodes of node group 2 are received in such a way that LoRa/500.5MHz/BW500kHz/SF5 is received under LoRa gateway
Card status command is write in taking for hair;
Then, mode of the LoRa node group 2 in a manner of LoRa/ frequency point 2y/BW125kHz/SF7 is reported to LoRa gateway writes
Card-like state;Wherein, frequency point 2y=471.9MHz+ (y-1) * 200kHz, y=1~8;
LoRa gateway receives 8 sections of LoRa node group 2 in such a way that 8 tunnel LoRa/ frequency range 2/BW125kHz is received parallel
What point reported writes card-like state (wherein, frequency range 2 supports frequency point 21 to frequency point 28).
And so on, until:
LoRa gateway issues to take in such a way that LoRa/501.7MHz/BW500kHz/SF5 is sent to node group 8 writes card-like state
Instruction;
8 nodes of node group 8 are received in such a way that LoRa/501.7MHz/BW500kHz/SF5 is received under LoRa gateway
Card status command is write in taking for hair;
Then, 8 nodes (node 81~88) of LoRa node group 8 are in a manner of LoRa/ frequency point 8y/BW125kHz/SF7
Mode reports to LoRa gateway and writes card-like state;
Wherein, frequency point 8y=481.5MHz+ (y-1) * 200kHz, y=1~8;
LoRa gateway receives 8 sections of LoRa node group 8 in such a way that 8 tunnel LoRa/ frequency range 8/BW125kHz is received parallel
What point reported writes card-like state (wherein, frequency range 8 supports frequency point 81 to frequency point 88).
Embodiment 13
SX1268 inner frame figure of the embodiment of the present invention, as shown in figure 8, being described as follows:
SX1268 is the RF chip with novel LoRa spread spectrum that Semtech company releases, and has low in energy consumption, capacity
Greatly, the advantages of long transmission distance, strong antijamming capability.
SX1268 is a kind of Low Medium Frequency transceiver of half-duplex transmission.Its received radiofrequency signal is put by low noise first
Big device (LNA) amplification.For the use convenient for designing and reducing external devices, LNA input is single-ended format.Then, signal is turned
Difference form is changed to, the second level is linear and harmonics restraint to improve.Later, signal is converted to intermediate frequency (IF) output inphase quadrature
(I&Q) signal.Then, data conversion, all follow-up signal processing are carried out by a pair of of quadrature Sigma-Delta analog-digital converter (ADC)
It is carried out in digital field with demodulation.The digital state machine also controls automatic frequency correction (AFC), received signal strength indicator
(RSSI) and the functions such as automatic growth control (AGC) it sends out, and in terms of the premium package of top sequencer (TLS) and protocol level function
Wave important function.
SX1268 transceiver mainly uses LoRaTMRemote modem, strong interference immunity.By Semtech's
LoRaTMPatent modulation technique, it is more than the high sensitivity of -148dBm that SX1268, which uses the crystal of low cost and material can be obtained,
It is also integrated with power amplifier (PA) simultaneously, the reachable+22dBm of transmission power maximum.Highly sensitive and+22dBm power amplification
The integrated of device makes its link budget reach industry-leading level (170dB), becomes remote transmission and to reliability requirement pole
The optimal selection of high application.Compare conventional modulated technology, LoRaTMModulation technique also has bright in terms of antiblocking and selectivity
Aobvious advantage solves the problems, such as that traditional scheme can not combine distance, anti-interference and power consumption.
LoRaTMModem uses band spectrum modulation and forward error correction technique.Using spread spectrum, by spread-spectrum,
Substantially increase wireless anti-interference ability.
SX1268 is further provided with high-performance GFSK modem.Compared with similar device, SX1268 is substantially lowering electricity
On the basis of stream consumption, phase noise, selectivity, the receiver linearity, three ranks input intercept point (IIP3) are also significantly optimized
Equal properties, further increase communication reliability.Band spectrum modulation another advantage is that, each spreading factor is orthogonal thereto
Distribution, thus multiple transmission signals can occupy same channel without interfering with each other, and can be based on GFSK with existing
System simply coexists.
Under LoRa modulation, spreading factor 5-12, the BW 7.81-500kHz, aerial rate 0.018- of SX1268
62.5kbps。
Under GFSK modulation, the aerial rate 0.6-300kbps of SX1268.
Embodiment 14
The parallel receive capabilities block diagram of SX1301 of the embodiment of the present invention, as shown in figure 9, being described as follows:
SX1301 chip is a baseband processor that Semtech company releases.
External 2 SX1255 of SX1301, SX1255 is radio frequency front end chip, it is responsible for I/Q (In-phase/
Quadrature, inphase quadrature digital signal) it is converted into radio emulation signal.
SX1301 is by 2 MCU and ASIC (ApplicationSpecific Integrated Circuit, dedicated collection
At circuit) synthesis, main component includes:
Radio frequency MCU: the MCU connects 2 SX1255 by spi bus, is mainly responsible for real-time automatic gain control, radio frequency school
Quasi- and transmitting-receiving switching.
Data packet MCU: the MCU is responsible for 8 LoRa modems of distribution to multiple channels, the mechanism of its arbitrating data packet
Including rate, channel, radio frequency and signal strength.
The channel LoRa of IF0~IF7: their bandwidth is fixed as 125kHz, and centre frequency can be set in each channel, often
A channel can receive the LoRa signal of SF7~SF12 totally 6 kinds of rates.
The channel IF8: bandwidth supports 125/250/500kHz, the high-speed communication that can be used between gateway.
The channel IF9: transmitting-receiving GFSK signal.
8 channels of IF0~IF7 of SX1301, they are provided with 8 centre frequencies, but each channel can receive SF7
The LoRa signal of~SF12 totally 6 kinds of rates, air transfer rate 292bps-5.4Kbps.
8 channels of SX1301 can demodulate 8 LoRa data packets simultaneously.
It at least has 3 advantages:
LoRa node can be switched to any one in 8 frequencies, and co-channel interference is effectively reduced
Any one in 6 kinds of rates can be used in LoRa node, and LoRa gateway does not have to the rate for recording it, simplifies;
Antenna diversity may be implemented in LoRa gateway, is effectively improved the multipath decline of mobile LoRa node.
Embodiment 15
Frequency point of the embodiment of the present invention divides and radio frequency parameter, as shown in table 1,
1 wireless communication parameters allocation list of table
It is described as follows:
A set of card maker includes multiple LoRa nodes, and generally 32 or 64;
It is numbered by 8 one group, referred to as are as follows: node 1~node of group group 4 or node 1~node of group group 8;
Each LoRa node is referred to as are as follows: LoRa node 11~18,21~28...81~88;
Center frequency point xy=470.3MHz+ (x-1) * 1.6MHz+ (y-1) * 200kHz of LoRa node xy, wherein: x=1
~4 or 1~8, y=1~8.
Frequency range x supports frequency point x1~x8 totally 8 frequency points, in which: x=1~4 or 1~8.
LoRa gateway, which is issued with GFSK/505.3MHz/300kbps sending method to all nodes, writes card instruction.
LoRa gateway all node group x in such a way that LoRa/ centre frequency x/BW500kHz/SF5 is sent, which issue to take, writes card
Status command;
Wherein: centre frequency x=500.3MHz+ (x-1) * 200kHz, x=2~4 or 2~8.
The grouping of LoRa node successively reports it to LoRa gateway in such a way that LoRa/ frequency point xy/BW125kHz/SF7 is sent
Write card-like state;
Wherein: frequency point xy=470.3MHz+ (x-1) * 1.6MHz+ (y-1) * 200kHz, x=1~4 or 1~8, y=1~
8。
Uplink and downlink LoRa messaging parameter between LoRa gateway and executing agency's component are as follows:
LoRa/490.3MHz/BW500kHz/SF5。
Authentication phase, the uplink and downlink LoRa messaging parameter between LoRa gateway and LoRa node are as follows:
LoRa/ frequency point xy/BW500kHz/SF5;
Wherein: frequency point xy=470.3MHz+ (x-1) * 1.6MHz+ (y-1) * 200kHz,
X=1~4 or 1~8, y=1~8.
Embodiment 16
Key code system of the embodiment of the present invention, as shown in table 2,
2 key code system table of table
It is described as follows:
Key memory location in table:
" gateway " refers to the SAM security module of LoRa gateway;
" executing agency's component " refers to the SAM security module of executing agency's component;
" node " refers to the SAM security module of LoRa node.
Primary key AppKey_x and NwkKey_x be stored encrypted in respectively encryption equipment and SAM security module FLASH or
It is unreadable in EEPROM;
Session key AppSKey_x and NwkSKey_x are stored encrypted in respectively in encryption equipment and the RAM of SAM security module,
Unreadable, power-off is lost.
AppSKey_x=aes128_encrypt (AppKey_x, rnd)
NwkSKey_x=aes128_encrypt (NwkKey_x, rnd).
Embodiment 17
Data encryption of the embodiment of the present invention and MIC computational algorithm, as shown in table 3,
3 data encryption of table and MIC computational algorithm
It is described as follows:
The transmission of all communication datas is the mode of ciphertext+MIC, is first added with corresponding utility cession data key
Close, algorithm is as follows:
Si=aes128_encrypt (AppSKey, Ai) (i=1..k)
S=S1 | S2 | .. | Sk
C=M xor S
MIC signature is done to data ciphertext with corresponding network session key again, algorithm is as follows:
Cmac=aes128_cmac (NwkSKey, B0 | C)
MIC=cmac [0..3]
The operation instruction of key is as follows:
For the communication between server and executing agency's component, the utility cession key for encryption of communicated data is
AppSKey_D, the network session key for MIC signature is NwkSKey_D.And LoRa gateway only does information transfer without parsing
The content of information only increases a MIC for guaranteeing server and LoRa gateway communication information integrality and signs, this MIC
The network session key of signature is NwkSKey_W.
For the communication between server and LoRa node, several feelings of encryption of communicated data and MIC signature calculation point or less
Condition processing:
Being mutually authenticated between server and LoRa node is that server carries out between each LoRa node respectively
, communication key is the key of each LoRa node: utility cession key is AppSKey_nx, and network session key is
NwkSKey_nx, wherein x is LoRa node number, x=11~18,21~28...81~88.
Server issues to LoRa node and writes card data, is carried out to all nodal parallels, and utility cession key is
AppSKey_N, network session key are NwkSKey_N.
Server, which issues to take to every group of LoRa node, writes card-like state and LoRa node reports and writes card-like state, be grouping parallel into
Capable, utility cession key is AppSKey_Ny, and network session key is NwkSKey_Ny, and wherein y is LoRa node group number, y
=1~8.
Similarly, in the communication between server and LoRa node, LoRa gateway only does information transfer to be believed without parsing
The content of breath only increases a MIC for guaranteeing server and LoRa gateway communication information integrality and signs, this MIC label
The network session key of name is NwkSKey_W.
The above description is merely a specific embodiment, but scope of protection of the present invention is not limited thereto, to this
For those skilled in the art, it can be modified or changed according to the above description, and all these modifications and variations are all
It should belong to the protection scope of appended claims of the present invention.The content being not described in detail in specification is that those skilled in the art are public
The prior art known.
Claims (20)
1. a kind of chip card fabrication method based on wireless communication technique and SAM technology, it is characterised in that: the following steps are included:
LoRa gateway is set between server and executing agency's component, LoRa node is set on chip card read/write head;Service
Device is communicated between executing agency's component using LoRa mode by the transfer of LoRa gateway;Server passes through LoRa gateway
It is communicated between transfer, with LoRa node using LoRa mode and GFSK mode;
It is equipped with encryption equipment in the server, the safe mould of SAM is equipped in executing agency's component, LoRa gateway and LoRa node
Block;For taking in execute server, random number operates encryption equipment and enciphering/deciphering operates, and stores key and session as derived from it
Key;SAM security module takes random number operation and enciphering/deciphering operation for executing, and stores key and session as derived from it is close
Key;
Communication between server and executing agency's component is carried out in a manner of ciphertext+MIC, and through LoRa gateway transfer;Service
Device is issued to LoRa node to be write card data and is carried out in a manner of ciphertext+MIC, and through LoRa gateway transfer;Server and LoRa are saved
Communication between point is carried out in a manner of ciphertext+MIC, and through LoRa gateway transfer;
Server is assigned to executing agency's component and is executed instruction, executing agency's component will be to be produced by the transfer of LoRa gateway
Chip card is sent at chip card read/write head;
Server issues to LoRa node by the transfer of LoRa gateway and writes card data, and LoRa node control chip card read/write head will
Write card data write-in chip card.
2. the method as described in claim 1, it is characterised in that: specifically includes the following steps:
Server is assigned to executing agency's component and is executed instruction through LoRa gateway transfer;
LoRa gateway receives the action command that server is issued by local area network, starts LoRa sending function, notifies executing agency
Component;
Executing agency's component receives the action command that LoRa gateway issues, and makes corresponding actions, and chip card to be produced is transmitted
To the chip card read/write head of corresponding LoRa node;
Server issues a frame to LoRa node and writes card data through LoRa gateway transfer;
What LoRa gateway reception server issued writes card data, starts GFSK sending function, the forwarding of Xiang Suoyou LoRa nodal parallel
Card data are write, LoRa node writing operation is waited to complete;
First group of LoRa node starts LoRa sending function, reports and writes card-like state;
The parallel LoRa receive capabilities of LoRa gateways and starting;
LoRa gateway, which is received, writes card-like state from what first group of LoRa node reported;
LoRa gateway writes card-like state to what server first group of LoRa node of forwarding reported by local area network;
LoRa gateways and starting LoRa sending function issues to take and writes card status command to second group of LoRa node;
The parallel LoRa receive capabilities of LoRa gateways and starting;Meanwhile second group of LoRa node has been turned on LoRa communication module
LoRa receive capabilities;
What second group of LoRa node received that LoRa gateway issues take write card status command after, start LoRa sending function, report and write
Card-like state;
LoRa gateway, which is received, writes card-like state from what second group of LoRa node reported;
LoRa gateway writes card-like state to what server second group of LoRa node of forwarding reported by local area network;
It repeats above operation, until last group of LoRa node is completed to report to server and write card-like state;
It repeats above operation, is sent until all writing card data;
Server writes card-like state according to what is received, assigns corresponding actions to executing agency's component by LoRa gateway and executes instruction;
LoRa gateways and starting LoRa sending function is executed instruction to the forwarding of executing agency's component;
Executing agency's component starts LoRa receive capabilities, receives executing instruction for LoRa gateway forwards, executes corresponding actions, respectively
Card is transported to certified products card slot and waste product card slot.
3. the method as described in claim 1, it is characterised in that: in the server be equipped with encryption equipment, executing agency's component,
SAM security module is equipped in LoRa gateway and LoRa node;Encryption equipment for execute server take random number operate and add/
Decryption oprerations store key and session key as derived from it;SAM security module is respectively used to executing agency's component, LoRa net
It closes and the random number that takes of LoRa node operates and enciphering/deciphering operation, store key and session key as derived from it, specifically include
Following steps:
In system initialisation phase, key is directed respectively into encryption equipment and each SAM security module;
Server and LoRa gateway mutual identity authentication;And cipher key derivative is respectively carried out, obtain respective session key;
Server is through LoRa gateway transfer, with executing agency's component mutual identity authentication;And it respectively carries out cipher key derivative and obtains respectively
From session key;
Server through LoRa gateway transfer, successively with each LoRa node mutual identity authentication;And respectively carry out cipher key derivative
Obtain respective session key.
4. method as claimed in claim 3, it is characterised in that: the server and LoRa gateway mutual identity authentication;And it is each
From cipher key derivative is carried out, obtaining respective session key, it executes step specifically:
Server host takes the random number rnd_gw of 16 bytes from encryption equipment, encapsulates " authen_gw " JSON object:
LoRa gateway receives " authen_gw " JSON object of server PULL_RESP, first does base64 decoding;
Then the correctness of MIC is verified, if MIC is correct, the legitimacy and authen_gw.data of accredited services device are just
True property;
SAM security module decryption srnd_gw obtains rnd_gw:
LoRa gateway SAM security module disperses AppKey_W and NwkKey_W with rnd_gw respectively and obtains session key AppSKey_
W and NwkSKey_W:
Server receives " resp_gw " JSON object of LoRa gateway PUSH_DATA, first does base64 decoding;
Encryption equipment with the rnd_gw of oneself disperse respectively AppKey_W and NwkKey_W obtain session key AppSKey_W and
NwkSKey_W:
Then it verifies the correctness of MIC and decrypts srnd_gw1, if MIC1=MIC and rnd_gw1=rnd_gw, approve
The legitimacy of LoRa gateway.
5. method as claimed in claim 3, it is characterised in that: the server is through LoRa gateway transfer, with executing agency's group
Part mutual identity authentication;And respectively carry out cipher key derivative and obtain respective session key, execute step specifically:
Server host takes the random number rnd_d of 16 bytes from encryption equipment, encapsulates one " authen_device " JSON pairs
As:
LoRa gateway receives " authen_device " JSON object of server PULL_RESP, first does base64 decoding;
Then the correctness for verifying MIC does not solve the base64 decoding of authen_device.data if MIC is correct
Analysis ground is transmitted to executing agency's component in a manner of LoRa;
Executing agency's component receives the base64 decoding of authen_device.data, first verifies mic_d:
If mic_d1=mic_d, the legitimacy and srnd_d of accredited services device are effective, and decryption srnd_d obtains rnd_d:
Executing agency's component SAM security module disperses AppKey_D respectively with rnd_d and NwkKey_D obtains session key
AppSKey_D and NwkSKey_D:
SAM security module encryption rnd_d simultaneously generates mic:
Srnd_dd+mic_dd is reported to LoRa gateway by executing agency's component in a manner of LoRa;
LoRa gateway encapsulates " resp_device " JSON object:
Server receives " resp_device " JSON object of LoRa gateway PUSH_DATA, first does base64 decoding, and verify
The correctness of mic_gw;
Encryption equipment with the rnd_d of oneself disperse respectively AppKey_D and NwkKey_D obtain session key AppSKey_D and
NwkSKey_D:
Then it verifies the correctness of mic_dd and decrypts srnd_dd, if mic_dd1=mic_dd and rnd_dd1=rnd_dd,
Then approve the legitimacy of executing agency's component.
6. method as claimed in claim 3, it is characterised in that: the server through LoRa gateway transfer, successively with each
LoRa node mutual identity authentication;And respectively carry out cipher key derivative and obtain respective session key, execute step specifically:
Server mutual identity authentication and derivative session key between each LoRa node respectively, are server and its below
In mutual identity authentication and session key between a LoRa node derivative execution specific steps:
Server host takes the random number rnd_n1 and rnd_n2 of two group of 16 byte respectively from encryption equipment, encapsulates one
" authen_node1 " JSON object:
LoRa gateway receives " authen_node11 " JSON object of server PULL_RESP, first does base64 decoding;
Then the correctness for verifying MIC does not solve the base64 decoding of authen_node11.data if MIC is correct
Analysis ground is transmitted to LoRa node 11 in a manner of LoRa;
LoRa node 11 receives the base64 decoding of authen_node11.data, first separately verifies mic_n1 and mic_n2:
If mic_n11=mic_n1 and mic_n22=mic_n2, the legitimacy and srnd_n1 and srnd_ of accredited services device
N2 is effective, decrypts srnd_n1 and srnd_n2 respectively and obtains rnd_n1 and rnd_n2:
The SAM security module of LoRa node 11 disperses AppKey_N respectively with rnd_n1 and NwkKey_N obtains session key
AppSKey_N and NwkSKey_N:
The SAM security module of LoRa node 11 disperses AppKey_N1 respectively with rnd_n2 and NwkKey_N1 obtains session key
AppSKey_N1 and NwkSKey_N1:
SAM security module encryption rnd_n1 and rnd_n2 simultaneously generates mic_n111 and mic_n222:
Srnd_111+mic_111+srnd_222+mic_222 is reported to LoRa gateway by LoRa node 11 in a manner of LoRa;
LoRa gateway encapsulates " resp_node11 " JSON object:
Server receives " resp_node11 " JSON object of LoRa gateway PUSH_DATA, first does base64 decoding, and verify
The correctness of mic_gw;
Encryption equipment with the rnd_n1 of oneself disperse respectively AppKey_N and NwkKey_N obtain session key AppSKey_N and
NwkSKey_N:
Encryption equipment with the rnd_n2 of oneself disperse respectively AppKey_N1 and NwkKey_N1 obtain session key AppSKey_N1 and
NwkSKey_N1:
Then it verifies the correctness of mic_n111 and mic_n222 and decrypts srnd_n111 and srnd_n222, if mic_n111
Correct with mic_n222, rnd_n1111=rnd_n111 and rnd_n2222=rnd_n222 then approve the conjunction of LoRa node 11
Method.
7. the method as described in claim 1, it is characterised in that: the communication between the server and executing agency's component is with close
The mode of text+MIC carries out, and through LoRa gateway transfer;Server is issued to LoRa node writes card data with the side of ciphertext+MIC
Formula carries out, and through LoRa gateway transfer;Communication between server and LoRa node is carried out in a manner of ciphertext+MIC, and through LoRa
Gateway transfer, specifically includes the following steps:
Server writes card data ciphertext to card data encryption generation is write using utility cession key A ppSKey first, reuses net
Network session key NwkSKey does MIC signature to card data ciphertext is write, and then will write card data ciphertext and MIC together through LoRa net
The Central Shanxi Plain turns, and is handed down to LoRa node;
LoRa node receive LoRa gateway transfer write card data ciphertext and MIC signature, first use network session key
The correctness and integrality of NwkSKey verify data reuse utility cession key A ppSKey and decrypt to card data ciphertext is write,
Then card is write;
LoRa node writes card-like state ciphertext to the encryption generation of card-like state is write using utility cession key A ppSKey first, reuses
Network session key NwkSKey does MIC signature to card-like state ciphertext is write, and then will write card-like state ciphertext and MIC together through LoRa
Gateway transfer, is reported to server;
Server, which is received, writes card-like state ciphertext and MIC signature through LoRa gateway transfer, uses network session key first
The correctness and integrality of NwkSKey verify data reuse utility cession key A ppSKey and decrypt to card-like state ciphertext is write,
Then it executes instruction according to writing card-like state and assign corresponding actions to executing agency's component.
8. method as claimed in claim 3, it is characterised in that:
It is described to individualize the stage in system, when key is directed respectively into encryption equipment and each SAM security module:
The key imported in encryption equipment includes: AppKey_w/NwkKey_w/AppKey_W/NwkKey_W/AppKey_d/
NwkKey_d/AppKey_D/NwkKey_D/AppKey_nx (x=1~64)/NwkKey_nx (x=1~64)/AppKey_N/
NwkKey_N/AppKey_Ny (y=1~8)/NwkKey_Ny (y=1~8);
The key imported in the SAM security module of LoRa gateway includes: AppKey_w/NwkKey_w/AppKey_W/NwkKey_
W;
The key imported in the SAM security module of executing agency's component includes: AppKey_d/NwkKey_d/AppKey_D/
NwkKey_D;
The key imported in the SAM security module of LoRa node includes: AppKey_nx/NwkKey_nx/AppKey_N/
NwkKey_N/AppKey_Ny/NwkKey_Ny;
Derivative session key in encryption equipment includes: AppSKey_W/NwkSKey_W/AppKey_D/NwkKey_D/
AppSKey_N/NwkSKey_N/AppSKey_Nx (x=1~8)/NwkSKey_Nx (x=1~8);
Derivative session key includes: AppSKey_W/NwkSKey_W in the SAM security module of LoRa gateway;
Derivative session key includes: AppSKey_D/NwkSKey_D in the SAM security module of executing agency's component;
Derivative session key includes: AppSKey_N/NwkSKey_N/AppSKey_Nx/ in the SAM security module of LoRa node
NwkSKey_Nx。
9. the method as described in claim 1, it is characterised in that: the concrete property of the LoRa gateway are as follows:
LoRa gateway is logical comprising arm processor, SAM security module, Ethernet/WiFi module, LoRa gateway communication module, LoRa
Believe module, antenna;
In a private local area network, LoRa gateway passes through Ethernet interface or WiFi mode and server for LoRa gateway and server
Communication;Communication between LoRa gateway and server follows MQTT agreement;
LoRa gateway communication module uses the SX1301 chip of Semtech company;
LoRa communication module uses the SX1268 chip of Semtech company;
Communication between LoRa gateway and executing agency's component is that the LoRa based on SX1268 chip is communicated;
Communication between LoRa gateway and LoRa node is that the GFSK based on SX1268 chip communicates (GFSK/505.3MHz/
300kbps) and the LoRa based on SX1301 chip communicates (LoRa/BW125kHz/SF7).
10. method as claimed in claim 9, it is characterised in that: the communication characteristic between the LoRa gateway and LoRa node
And its execute step specifically:
The microprocessor notification of all LoRa nodes switches to GFSK reception state based on the LoRa communication module of SX1268 chip,
Card data are write etc. what LoRa gateway to be received issued;
Arm processor LoRa communication module of the notice based on SX1268 chip of LoRa gateway is with GFSK sending method to all
LoRa node, which issues, writes card data ciphertext and MIC identifying code;
LoRa gateway module of the arm processor notice based on SX1301 chip of LoRa gateway switches to the parallel LoRa in 8 tunnels and connects
Debit's formula, to wait what LoRa node group 1 reported to write card-like state ciphertext and MIC identifying code;
After what LoRa node received that LoRa gateway issues writes card data ciphertext and MIC identifying code, arm processor notifies SAM safety
Module verification writes the correctness that card instructs and integrality and solves card for writing in invisibleness data ciphertext;Then notice chip card module for reading and writing is write
Card;
What arm processor was connected to the return of chip card module for reading and writing writes card-like state, and notice SAM security module encryption is write card-like state and counted
Calculate MIC code;
8 nodes of node group 1 write card-like state ciphertext and MIC identifying code with what LoRa sending method was reported to LoRa gateway;
The LoRa communication module of other node groups in addition to node group 1 switches to LoRa and receives mode, waits LoRa net to be received
Close issue take and write card status command;
After what 8 nodes that LoRa gateway receives LoRa node group 1 reported writes card-like state ciphertext and MIC identifying code, LoRa gateway
Card-like state is write to what server forwarding LoRa node group 1 reported through local area network in a manner of TCP/IP or WiFi;
LoRa communication module of the arm processor notice based on SX1268 chip of LoRa gateway switches to LoRa sending method, to
LoRa node group 2, which issues to take, writes card status command ciphertext and MIC identifying code;
The LoRa gateway communication module SX1301 of LoRa gateway switches to the parallel LoRa in 8 tunnels and receives mode, waits receiving node
What group 2 reported writes card-like state;
What 8 nodes of node group 2 received that LoRa gateway issues, which take, writes card-like state ciphertext and MIC identifying code, verifies its correctness
And integrality, and decrypt;
8 nodes of node group 2 write card-like state ciphertext and MIC identifying code with what LoRa sending method was reported to LoRa gateway;
LoRa gateway writes card-like state to what server forwarding LoRa node group 2 reported through local area network in a manner of TCP/IP or WiFi;
Repeat aforesaid operations, until the grouping of LoRa gateway successively received that all LoRa nodes return write card-like state.
11. method as claimed in claim 9, it is characterised in that: the server is by the transfer of LoRa gateway, with executing agency
It is communicated between component using LoRa mode, executes step specifically:
LoRa gateway receives server by Ethernet interface or WiFi mode and is handed down to executing instruction for executing agency's component;
It is executed instruction again with the LoRa sending method based on SX1268 chip to executing agency's component transfer;
LoRa gateway receives the execution state that executing agency's component reports in such a way that the LoRa based on SX1268 chip is received;
Again by Ethernet interface or WiFi mode to the execution state of transit server executing agency component.
12. method as claimed in claim 9, it is characterised in that: the server is by the transfer of LoRa gateway, with LoRa node
Between communicated using LoRa mode and GFSK mode, execute step specifically:
LoRa gateway, which by Ethernet interface or WiFi mode receives server and is handed down to the APDU of LoRa node, writes card data;
Again with the GFSK sending method based on SX1268 chip into LoRa node transcription card data;
What LoRa gateway received that first group of LoRa node report in a manner of receiving based on the parallel LoRa in 8 tunnel of SX1301 chip writes card
State;
LoRa gateway writes card-like state to what first group of LoRa node of transit server reported by Ethernet interface or WiFi mode
LoRa gateway issues to take with the LoRa sending method based on SX1268 chip to second group of LoRa node writes card status command;
What LoRa gateway received that second group of LoRa node report in a manner of receiving based on the parallel LoRa in 8 tunnel of SX1301 chip writes card
State;
LoRa gateway writes card-like state to what second group of LoRa node of transit server reported by Ethernet interface or WiFi mode;
Repeat above step, what the grouping of LoRa gateway successively received that all LoRa nodes report writes card-like state.
13. method according to claim 2, it is characterised in that: the concrete property of executing agency's component are as follows:
Executing agency's component includes arm processor, SAM security module, the LoRa communication based on Semtech company SX1268 chip
Module and antenna and executing agency's component;
Communication between executing agency's component and LoRa gateway is that the LoRa based on SX1268 chip is communicated;
Executing agency's component receives executing instruction for LoRa gateway forwards in such a way that LoRa is received;
The correctness and integrality and decryption that arm processor notice SAM security module verifying executes instruction execute instruction ciphertext;
Then notice executing agency's component makes corresponding actions;
Arm processor notice SAM security module encryption execution state simultaneously calculates MIC code;
The execution state ciphertext and MIC identifying code that executing agency's component is reported to LoRa gateway with LoRa sending method.
14. method according to claim 2, it is characterised in that: the concrete property of the LoRa node are as follows:
One chip card card maker includes multiple LoRa nodes;Every eight nodes are one group, are referred to as node group 1, node
Group 2..., node group 8;
The LoRa node includes microprocessor, SAM security module, the LoRa communication based on Semtech company SX1268 chip
Module and antenna, chip card module for reading and writing and chip card read/write head;The antenna of LoRa node is integrated on pcb board;
What all LoRa nodes received LoRa gateway transfer in such a way that the GFSK based on SX1268 chip is received parallel writes card number
According to ciphertext and MIC;
Arm processor notice SAM security module verifying writes the correctness and integrality that card instructs and solves card for writing in invisibleness data ciphertext;
Then notice chip card module for reading and writing writes card;
What arm processor was connected to the return of chip card module for reading and writing writes card-like state, and notice SAM security module encryption is write card-like state and counted
Calculate MIC code;
LoRa node is successively reported to LoRa gateway with the grouping of LoRa sending method and writes card-like state ciphertext and MIC identifying code;
LoRa gateway is grouped in such a way that the parallel LoRa in 8 tunnels based on SX1301 chip is received and successively receives in each LoRa node group
Report writes card-like state ciphertext and MIC identifying code.
15. the method as described in claim 4,5 or 7 any one, it is characterised in that: the server and executing agency's component
Between LoRa communication be that the mode of ciphertext+MIC executes step and through LoRa gateway transfer specifically:
Server encapsulates " command_device " JSON object:
LoRa gateway receives " command_device " JSON object of server PULL_RESP, first does base64 decoding;
Then the correctness for verifying MIC does not solve the base64 decoding of command_device.data if MIC is correct
Analysis ground is transmitted to executing agency's component in a manner of LoRa;
Executing agency's component receives the base64 decoding of command_device.data, first verifies mic_d:
If mic_d1=mic_d, command are effective, decryption command obtains COMMAND:
Executing agency's component executes movement as defined in COMMAND, and the state encoding STATUS after execution is reported to server;
SAM security module encrypts STATUS, and generates mic_sta;
Status+mic_sta is reported to LoRa gateway by executing agency's component in a manner of LoRa;
LoRa gateway encapsulates " status_device " JSON object;
Server receives " status_device " JSON object of LoRa gateway PUSH_DATA, first does base64 decoding, and test
Demonstrate,prove the correctness of mic_gw;
Encryption equipment first uses the key of oneself to generate mic_sta1, if mic_sta1=mic_sta, decrypts status;
So far, server obtains the execution state STATUS that executing agency's component reports.
16. the method as described in claim 4,6 or 7 any one, it is characterised in that: the server is issued to LoRa node
The mode that card data are ciphertext+MIC is write, and through LoRa gateway transfer, executes step specifically:
Server encapsulates " c_apdu_x " JSON object:
LoRa gateway receives " c_apdu_x " JSON object of server PULL_RESP, first does base64 decoding;
Then the correctness for verifying MIC, if MIC is correct, by the base64 of c_apdu_x.data decoding do not do analytically with
The mode of GFSK is transmitted to LoRa node;
LoRa node receives the base64 decoding of c_apdu_x.data, first verifies mic_ap;
If mic_ap=mic_apdu, c_apdu are effective, decryption c_apdu obtains C_APDU;
C_APDU is sent to chip card and completes writing operation by LoRa node chip card module for reading and writing;
The R_APDU that chip card returns is reported to server by 8 nodes of first group of LoRa node;
SAM security module encrypts R_APDU, and generates mic_r;
R_apdu+mic_r is reported to LoRa gateway by 11~node of node 18 in a manner of LoRa respectively;
The R_APDU that first group of 8 LoRa nodes return is encapsulated as " r_apdu " JSON object by LoRa gateway;
Server receives " r_apdu_x_01 " JSON object of LoRa gateway PUSH_DATA, first does base64 decoding, and verify
The correctness of mic_gw;
Encryption equipment first uses the key of oneself to generate mic_rr, if mic_rr=mic_r, decrypts r_apdu;
So far, server receives the execution state R_APDU that first group of LoRa node reports.
17. the method as described in claim 4,6 or 7 any one, it is characterised in that: between the server and LoRa node
LoRa communication be that the mode of ciphertext+MIC executes step and through LoRa gateway transfer specifically:
Server prepares to take the R_APDU response of 8 nodes of y group LoRa node, encapsulates " get_x_y " JSON object:
LoRa gateway receives " get_x_y " JSON object of server PULL_RESP, first does base64 decoding;
Then the correctness for verifying MIC, if MIC is correct, by the base64 of get_x_y.data decoding do not do analytically with
The mode of LoRa is transmitted to y group LoRa node;
LoRa node receives the base64 decoding of get_x_y.data, first verifies mic_get;
If mic_get1=mic_get, get_r_apdu are effective, decryption get_x_y obtains get_command:
The R_APDU that chip card returns is reported to server respectively by 8 nodes of y group LoRa node:
SAM security module encrypts R_APDU, and generates mic_r;
R_apdu+mic_r is reported to LoRa gateway by 8 nodes of y group LoRa node in a manner of LoRa respectively;
LoRa gateway is encapsulated as one " r_apdu " JSON pairs for 8 nodes return state of 8 LoRa nodes of y group
As;
Server receives " r_apdu_x_y " JSON object of LoRa gateway PUSH_DATA, first does base64 decoding, and verify
The correctness of mic_gw;
Encryption equipment first uses the key of oneself to generate mic_rr, if mic_rr=mic_r, decrypts r_apdu;
So far, server receives the execution state R_APDU that 8 nodes of y group LoRa node report.
18. the method as described in claim 1, it is characterised in that: the chip card include smart card, electronic tag, MCU and
M2M card.
19. a kind of chip card card producing system based on wireless communication technique characterized by comprising
Server, the server include server host, encryption equipment and fingerprint capturer;
LoRa gateway, the LoRa gateway include: arm processor, SAM security module, LoRa gateway communication module and antenna,
LoRa communication module and antenna and Ethernet/WiFi module;
Executing agency's component, executing agency's component include: arm processor, SAM security module, LoRa communication module and day
Line and executing agency;
LoRa node, the LoRa node include: microprocessor, SAM security module, LoRa communication module and antenna, chip card
Module for reading and writing and chip card read/write head.
20. system as claimed in claim 19, it is characterised in that: the system comprises multiple LoRa nodes;Every 8 LoRa section
Point is a LoRa node group, reports write card-like state parallel.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811173595.5A CN109522979B (en) | 2018-10-09 | 2018-10-09 | Chip card manufacturing method and system based on wireless communication technology and SAM technology |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811173595.5A CN109522979B (en) | 2018-10-09 | 2018-10-09 | Chip card manufacturing method and system based on wireless communication technology and SAM technology |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109522979A true CN109522979A (en) | 2019-03-26 |
| CN109522979B CN109522979B (en) | 2022-06-03 |
Family
ID=65771938
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811173595.5A Active CN109522979B (en) | 2018-10-09 | 2018-10-09 | Chip card manufacturing method and system based on wireless communication technology and SAM technology |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109522979B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112105008A (en) * | 2020-08-21 | 2020-12-18 | 云南瀚哲科技有限公司 | LoRaWAN gateway node data interaction method based on data unit |
| CN115119203A (en) * | 2022-08-30 | 2022-09-27 | 伏诺瓦(天津)科技有限公司 | LoRa sub-equipment safety back connection method based on random key mechanism and communication system |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6409401B1 (en) * | 2000-03-30 | 2002-06-25 | Zih Corp. | Portable printer with RFID encoder |
| CN105335823A (en) * | 2015-11-02 | 2016-02-17 | 无锡天奇信息技术有限公司 | Automobile body tracing system for automobile production workshop |
| CN206948323U (en) * | 2017-07-27 | 2018-01-30 | 成都易耕云作科技有限公司 | A kind of sensor terminal equipment using RFID connection gateways |
| CN107730743A (en) * | 2017-11-03 | 2018-02-23 | 成都前锋电子仪器有限责任公司 | A kind of intelligent telemetering gas meter based on LORAWAN technologies |
-
2018
- 2018-10-09 CN CN201811173595.5A patent/CN109522979B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6409401B1 (en) * | 2000-03-30 | 2002-06-25 | Zih Corp. | Portable printer with RFID encoder |
| CN105335823A (en) * | 2015-11-02 | 2016-02-17 | 无锡天奇信息技术有限公司 | Automobile body tracing system for automobile production workshop |
| CN206948323U (en) * | 2017-07-27 | 2018-01-30 | 成都易耕云作科技有限公司 | A kind of sensor terminal equipment using RFID connection gateways |
| CN107730743A (en) * | 2017-11-03 | 2018-02-23 | 成都前锋电子仪器有限责任公司 | A kind of intelligent telemetering gas meter based on LORAWAN technologies |
Non-Patent Citations (2)
| Title |
|---|
| 物联网电子世界: "LoRa无线技术介绍", 《HTTPS://BAIJIAHAO.BAIDU.COM/S?ID=1606842460149901600&WFR=SPIDER&FOR=PC》 * |
| 王博,杨浩英: "一种基于LoRaWan通信技术的RFID物联网***研究分析", 《科教智富时代》 * |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112105008A (en) * | 2020-08-21 | 2020-12-18 | 云南瀚哲科技有限公司 | LoRaWAN gateway node data interaction method based on data unit |
| CN112105008B (en) * | 2020-08-21 | 2023-02-17 | 云南瀚哲科技有限公司 | LoRaWAN gateway node data interaction method based on data unit |
| CN115119203A (en) * | 2022-08-30 | 2022-09-27 | 伏诺瓦(天津)科技有限公司 | LoRa sub-equipment safety back connection method based on random key mechanism and communication system |
| CN115119203B (en) * | 2022-08-30 | 2022-11-18 | 伏诺瓦(天津)科技有限公司 | LoRa sub-equipment safety back connection method and communication system based on random key mechanism |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109522979B (en) | 2022-06-03 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104144086B (en) | Communication means and system and information transmission and receiving device | |
| US9198224B2 (en) | Cellular modem processing | |
| CN104144034A (en) | Password sharing and obtaining methods and devices | |
| US20080170699A1 (en) | Method and device for managing a wireless resource | |
| CN107005927A (en) | Cut-in method, equipment and the system of user equipment (UE) | |
| US11870885B2 (en) | Communication apparatus and communication method for multi-link secured retransmissions | |
| CN102055495B (en) | Multi-dimension hybrid spread spectrum system and method based on high speed bus and graphic processing unit (GPU) | |
| CN109522979A (en) | Chip card fabrication method and system based on wireless communication technique and SAM technology | |
| Chen et al. | Reliable and practical bluetooth backscatter with commodity devices | |
| CN114189318A (en) | Data transmission method and device | |
| CN105426799A (en) | UHF reader based on safety module and safety certificate method thereof | |
| CN108604967A (en) | Transmission detection to the transmission of non-scheduled uplink | |
| Cho et al. | Flew: fully emulated wifi | |
| CN111989942A (en) | Apparatus and method for information security in wireless communication | |
| Shahabuddin et al. | Evolution of cellular systems | |
| CN209676494U (en) | A kind of secure communication mould group and electronic equipment | |
| CN114885324A (en) | Data security processing system and method applied to 5G terminal in nuclear power station | |
| CN106656221B (en) | Data transceiving method and device | |
| CN105407065B (en) | A kind of multicarrier modulation system | |
| WO2024087172A1 (en) | Signal transmission method and communication device | |
| US11930355B2 (en) | Apparatus and method for information security | |
| WO2022253298A1 (en) | Method and apparatus for transmitting system information | |
| EP3432536B1 (en) | Communication device for communicating data via a first communication network with a second communication network using a cryptographic token | |
| KR20130104204A (en) | Wireless communication secure device and wireless communication secure system having thereof | |
| JP7179749B2 (en) | Wireless communication device, wireless communication method and computer program |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |