CN113486323A - Electronic identification personalized issuing method and system for electric bicycle - Google Patents

Electronic identification personalized issuing method and system for electric bicycle Download PDF

Info

Publication number
CN113486323A
CN113486323A CN202110765365.3A CN202110765365A CN113486323A CN 113486323 A CN113486323 A CN 113486323A CN 202110765365 A CN202110765365 A CN 202110765365A CN 113486323 A CN113486323 A CN 113486323A
Authority
CN
China
Prior art keywords
electronic identification
electronic
card sender
issuing
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202110765365.3A
Other languages
Chinese (zh)
Other versions
CN113486323B (en
Inventor
蒋虎
许超
王军华
金涛
李志林
朱剑欣
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Traffic Management Research Institute of Ministry of Public Security
Original Assignee
Traffic Management Research Institute of Ministry of Public Security
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Traffic Management Research Institute of Ministry of Public Security filed Critical Traffic Management Research Institute of Ministry of Public Security
Priority to CN202110765365.3A priority Critical patent/CN113486323B/en
Publication of CN113486323A publication Critical patent/CN113486323A/en
Application granted granted Critical
Publication of CN113486323B publication Critical patent/CN113486323B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • G06F21/445Program or device authentication by mutual authentication, e.g. between devices or programs
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K17/00Methods or arrangements for effecting co-operative working between equipments covered by two or more of main groups G06K1/00 - G06K15/00, e.g. automatic card files incorporating conveying and reading operations
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K19/00Record carriers for use with machines and with at least a part designed to carry digital markings
    • G06K19/06Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code
    • G06K19/067Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components
    • G06K19/07Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components with integrated circuit chips
    • G06K19/073Special arrangements for circuits, e.g. for protecting identification code in memory
    • G06K19/07309Means for preventing undesired reading or writing from or onto record carriers
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K7/00Methods or arrangements for sensing record carriers, e.g. for reading patterns
    • G06K7/10Methods or arrangements for sensing record carriers, e.g. for reading patterns by electromagnetic radiation, e.g. optical sensing; by corpuscular radiation
    • G06K7/10009Methods or arrangements for sensing record carriers, e.g. for reading patterns by electromagnetic radiation, e.g. optical sensing; by corpuscular radiation sensing by radiation using wavelengths larger than 0.1 mm, e.g. radio-waves or microwaves
    • G06K7/10257Methods or arrangements for sensing record carriers, e.g. for reading patterns by electromagnetic radiation, e.g. optical sensing; by corpuscular radiation sensing by radiation using wavelengths larger than 0.1 mm, e.g. radio-waves or microwaves arrangements for protecting the interrogation against piracy attacks
    • G06K7/10267Methods or arrangements for sensing record carriers, e.g. for reading patterns by electromagnetic radiation, e.g. optical sensing; by corpuscular radiation sensing by radiation using wavelengths larger than 0.1 mm, e.g. radio-waves or microwaves arrangements for protecting the interrogation against piracy attacks the arrangement comprising a circuit inside of the interrogation device
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Health & Medical Sciences (AREA)
  • Computing Systems (AREA)
  • Toxicology (AREA)
  • Software Systems (AREA)
  • Electromagnetism (AREA)
  • General Health & Medical Sciences (AREA)
  • Artificial Intelligence (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Storage Device Security (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention provides an electronic identification personalized issuing method for electric bicycles, which can prevent illegal read-write operation on an electronic identification, can ensure that data is safely written into the electronic identification, further ensures that the electronic identification of the electric bicycle can be used as the electronic identity of the electric bicycle, and accurately and reliably identifies each electric bicycle. According to the technical scheme, a certificate management system is established based on a PKI system, and a safe link relation can be established between a distributed issuing platform and an electronic identification card sender; based on a PKI certificate system, a safety module which is verified and sent by an electronic identification management mechanism is embedded in an electronic identification card sender, so that only a legal electronic identification card sender can be accessed to an issuing platform, only the legal electronic identification card sender can read and write data of the legal electronic identification, and an information safety protection mechanism is provided for the personalized whole flow of the electronic identification; simultaneously, this patent still discloses an electric bicycle electronic identification individualized issue system.

Description

Electronic identification personalized issuing method and system for electric bicycle
Technical Field
The invention relates to the technical field of information security wireless radio frequency, in particular to an electronic identification personalized issuing method and system for an electric bicycle.
Background
In order to standardize the production, sale and use of the electric bicycle, mandatory national standards of electric bicycle safety technical Specification (GB 17761-2018) in a new national standard of the electric bicycle are officially implemented in 2019 in 4 months and 15 days, and the new national standard regulates various technical indexes of the electric bicycle on the premise of ensuring the life and property safety and basic travel requirements of traffic participants. Meanwhile, along with the implementation of the new national standard of the electric bicycle, a rush of hot trends of exchanging and issuing new electric bicycle numbers are also raised all over the country.
The prior commonly used electric bicycle number plate issuing possible modes mainly comprise two types, wherein the first type is centralized issuing, namely, the bicycle number plate is issued in a designated department; the issuing mode can ensure the safety of the issuing process to a certain extent, but the mode reduces the flexibility of the issuing process and has poor use experience; the second type is distributed distribution, that is, in a place such as an electric bicycle sales site, a customer can handle a license plate while purchasing an electric bicycle. The issuing mode can be used immediately, the efficiency is high, and the supervision difficulty is high.
In order to improve the convenience of traffic management service and improve the working efficiency, most of the electric bicycle license plates are distributed in a distributed mode. The electronic identification management mechanism authorizes legal issuing platforms scattered in various places, the personalized information of a user is written into the electronic identification of the electric bicycle by the issuing platforms through the legal electronic identification card sender, and the electronic identification of the electric bicycle and the electric bicycle are bound in a one-to-one mode, so that the issuing work of the electronic identification of the electric bicycle is completed. Therefore, the issuing method of the electronic identification of the electric bicycle must ensure the safety and the controllability of the personalized issuing process, ensure the safety of user information and reduce the possibility that the issued electronic license plate is illegally rewritten.
Disclosure of Invention
In order to ensure the safety and controllability of the personalized issuing process, ensure the safety of user information and reduce the possibility of illegal rewriting operation of the issued electronic license plate, the invention provides the personalized issuing method of the electronic identification of the electric bicycle, which can prevent illegal reading and writing operation of the electronic identification, ensure that data can be safely written into the electronic identification, further ensure that the electronic identification of the electric bicycle can be used as the electronic identity of the electric bicycle and accurately and reliably identify each electric bicycle. Simultaneously, this patent still discloses an electric bicycle electronic identification individualized issue system.
The technical scheme of the invention is as follows: an electronic identification personalized issuing method for an electric bicycle is characterized by comprising the following steps:
s1: constructing a certificate management structure of an electronic identification management mechanism based on a certificate system of a PKI public key infrastructure;
issuing a digital certificate SysCert to an issuing platform by the electronic identification management mechanism for authorization and authentication;
before the safety module of each authorized electronic identification card sender is verified, the electronic identification management mechanism writes safety parameters into the safety module;
the security parameters include: the system comprises a digital certificate ModCert, an electronic identification read-write key and an encryption and decryption key;
s2: before the electronic identification card sender writes identification data into the electronic identification to be issued, bidirectional identity authentication is carried out with the issuing platform; the authentication process comprises the following steps:
a 1: accessing the electronic identification card sender to the issuing platform;
a 2: the issuing platform sends a data frame requesting a random number to the electronic identification card issuer;
the electronic identification card sender generates a random number RNG1 and returns a random number RNG1 to the issuing platform;
a 3: after receiving the RNG1, the issuing platform generates a random number RNG2, and signs an RNG1| | RNG2 by using a private key of the issuing platform;
sending the RNG1, the RNG2, the signature value and the digital certificate SysCert as platform verification data to the electronic identity card sender;
a 4: after receiving the platform verification data, the electronic identification card sender compares the consistency of the random number RNG1 in the platform verification data and the local random number RNG1,
if the certificate is consistent with the certificate, verifying the digital certificate SysCert of the issuing platform by using a CA root certificate;
after the verification is passed, verifying the signature value in the platform verification data by using a public key in a digital certificate SysCert;
if the signature passes the verification, the electronic identification card sender completes the identity authentication of the issuing platform;
a 5: the electronic identification card sender generates a new random number RNG3, and encrypts RNG2| | | RNG3 by using an issuing platform public key to obtain a ciphertext ENTEXT;
signing the ENTEXT by using an electronic identification card sender private key to obtain a card sender signature, and sending the ENTEXT, the card sender signature and an electronic identification card sender digital certificate ModCert together as card sender verification data to the issuing platform;
a 6: after receiving the card sender verification data, the issuing platform verifies a card sender digital certificate ModCert by using a CA root certificate;
after the verification is passed, the public key of the card sender digital certificate ModCert is used for verifying the signature of the card sender;
after the signature verification is passed, the issuing platform decrypts ENTEXT by using a private key to obtain a plaintext, and compares the consistency of a random number RNG2 in the verification data of the card sender with local RNG 2;
if the two RNGs 2 are consistent, the issuing platform completes the identity authentication of the electronic identification card sender;
a 7: taking a random number RNG3 as a temporary session key in the communication process after the bidirectional identity authentication;
s3: after the authentication is passed, the issuing platform generates identification data and exports the identification data to the electronic identification card sender;
s4: after the electronic identification card sender receives the data, verifying the validity of the identification data; after the verification is passed, the identification data is encrypted and written into the electronic identification to be issued, and finally, the written result is reported to the issuing platform.
It is further characterized in that:
in step S3, the method includes the steps of:
b1, the issuing platform generates the personalized data PDATA corresponding to the electronic identifier to be issued;
b2, the issuing platform encrypts PDATA by using RNG3 to obtain a ciphertext ENDATA;
b3, the issuing platform signs ENDATA by using the issuing platform private key;
sending the signature values of ENDATA and ENDATA to the electronic identification card sender as the identification data;
in step S4, the method includes the steps of:
c1, the electronic identification card sender uses an issuing platform certificate SysCert to verify the validity of the identification data;
c2, after the identification data is confirmed to be valid, the temporary session key RNG3 is used for decryption to obtain personalized data PDATA;
c3, encrypting the personalized data PDATA, wherein the encrypted data is as follows:
INDIVDATA = E (personalization data PADTA, personalization data key),
wherein: e is a symmetric cryptographic algorithm, and E is,
the personalized data key generation mode is as follows: h (CARD NO, personalized data root key),
h is a symmetric encryption algorithm, and CARD _ NO is a CARD number of the electronic identification to be issued;
c4, connecting the card sender with the to-be-issued electronic mark and carrying out bidirectional identity authentication;
c5, after the certification is passed, the electronic mark card sender and the electronic mark to be issued are mutually authorized to establish the safe reading communication environment at this time;
c6, the electronic mark card sender writes the encrypted data INDIVDATA into the electronic mark to be issued;
c7, the card sender reports the operation result to the issuing platform to finish the operation;
in step S4, the writing of the information data of the electronic identifier by the electronic identifier card issuer further includes:
number plate number of electric bicycle, electric bicycle use property.
An electronic identification personalized issuing system of an electric bicycle, comprising: electronic identification administrative mechanism, electronic identification card sender, issue platform, electric bicycle electronic identification, its characterized in that: the electronic identification card sender comprises a security module which is issued and managed by the electronic identification management mechanism, and the electronic identification management mechanism identifies each security module by using a unique serial number;
the security module is internally integrated with a national password security chip, and the functions of the electronic identification card sender realized based on the security module comprise: the work authority of the system is controlled, the system is authenticated with the bidirectional identity of the issuing platform, and the system is in safe communication with the issuing platform to realize decryption verification, key storage and dispersion of personalized data; performing bidirectional identity authentication with the electronic identification to be issued to realize the safe writing of identification data;
the electronic identification management mechanism is responsible for initializing electronic identification, issuing management of digital certificates and issuing management of the security modules;
the issuing platform performs distributed deployment based on system software authorized by the electronic identification management mechanism; the issuing platform generates the identification data based on the system software and sends the identification data to the electronic identification card issuing device, and records and stores issuing actions of electronic identifications each time;
electronic identification installs in electronic bicycle number plate, and its inside storage information data includes: the electronic identity information of the electric bicycle, the number plate number of the electric bicycle and the use property of the electric bicycle; the information stored in the electronic identification is encrypted information.
It is further characterized in that:
the electronic identification has an authorized access mechanism and a cryptographic algorithm function, comprises a chip and an antenna and can be directly communicated with the electronic identification card sender.
The invention provides an electronic identification personalized issuing method for an electric bicycle, which is characterized in that a certificate management system is established based on a PKI system, so that a safe link relation can be established between a distributed issuing platform and an electronic identification card sender; based on a PKI certificate system, a security module which is verified and sent by an electronic identification management mechanism is embedded in an electronic identification card sender, and from the perspective of hardware, the fact that only a legal electronic identification card sender can be accessed to an issuing platform and only the legal electronic identification card sender can carry out legal data read-write operation on the legal electronic identification is ensured, so that an information security protection mechanism is provided for the whole personalized process of the electronic identification; according to the technical scheme, illegal read-write operation on the electronic identification can be prevented, data safety can be guaranteed to be written into the electronic identification, and then the electronic identification of the electric bicycle can be guaranteed to serve as the electronic identity of the electric bicycle, so that each electric bicycle can be identified accurately and reliably.
Drawings
Fig. 1 is a schematic structural diagram of an electronic identification personalized issuing system for an electric bicycle according to the present invention;
fig. 2 is a flowchart of an embodiment of the method for individually issuing an electronic identifier of an electric bicycle according to the present invention.
Detailed Description
As shown in fig. 1, an electric bicycle electronic identification personalized issuing system in the present patent comprises: electronic identification management mechanism, electronic identification card sender, issuing platform, electric bicycle electronic identification.
The electronic identification card sender comprises a safety module, the safety module is issued and managed by an electronic identification management mechanism, and the electronic identification management mechanism identifies each safety module by using a unique serial number; during concrete realization, the security module internally integrates a national password security chip, and the function that electronic identification card sender realized based on the security module includes: the system comprises a self working authority control module, a bidirectional identity authentication module, a data processing module and a data processing module, wherein the self working authority control module is used for performing bidirectional identity authentication with an issuing platform and performing safe communication with the issuing platform to realize decryption verification, random number generation, key storage and dispersion of personalized data; and performing bidirectional identity authentication with the electronic identifier to be issued to realize the safe writing of the identifier data. The interaction between the electronic identification card sender and the issuing platform or the interaction between the electronic identification card sender and the electronic identification can be carried out only after bidirectional identity authentication is carried out on the basis of a security module and a PKI certificate system; the security module realized based on the national secret security chip guarantees the security of the security module from the perspective of hardware, reduces the possibility of illegal imitation and impersonation, and is particularly suitable for the security management of distributed issuing platforms and electronic identification card issuers.
The electronic identification management mechanism is responsible for initializing the electronic identification, issuing management of the digital certificate and issuing management of the security module. The digital certificate, the electronic identification read-write key, the encryption and decryption key and other security parameters in the special security module are initialized and written by the electronic identification management mechanism, and each security module is uniquely bound with one electronic identification card sender, so that the electronic identification can be read and written only by the electronic identification card sender authorized by the electronic identification management mechanism.
The issuing platform performs distributed deployment based on system software authorized by an electronic identification management mechanism; the issuing platform generates identification data based on the system software and sends the identification data to the electronic identification card sender, and records and stores issuing actions of the electronic identification each time. The issuing platform is established in a system software manner issued and maintained by an electronic identification management mechanism, the establishing manner is simple and easy to realize, and the method is particularly suitable for establishing a distributed deployment system.
Electronic identification installs in electronic bicycle number plate, and its inside storage information data includes: electronic identity information of the electric bicycle, the number plate number of the electric bicycle and the use property of the electric bicycle.
In order to ensure the information security of the air interface, the information stored in the electronic identifier is encrypted in an encryption mode E (personalized data, personalized data key), where E is a symmetric cryptographic algorithm, the personalized data key is scattered from a root key, and a specific generation mode is H (CARD _ NO, personalized data root key), where H is a symmetric cryptographic algorithm and CARD _ NO is a CARD number of the electronic identifier.
The electronic identification has an authorized access mechanism and a cryptographic algorithm function, comprises a chip and an antenna, and can be directly communicated with the electronic identification card sender by adopting a passive RFID wireless radio frequency technology. According to the technical scheme, the wireless network security link relation is established based on the security module and the PKI certificate system in the communication process of the electronic identification and the electronic identification card sender, so that the data communication with the electronic identification card sender can be conveniently and rapidly carried out, meanwhile, the operation is simple, and the method is particularly suitable for the application scene of license plate electronic identification issue of the electric bicycle, which needs rapid operation.
As shown in fig. 2, the issuing method implemented by the personalized issuing system for electric bicycle electronic identifiers according to the present invention includes the following steps.
S1: constructing a certificate management structure of an electronic identification management mechanism based on a certificate system of a PKI public key infrastructure;
in the technical scheme, a PKI system is adopted to issue digital certificates for various authentication entities which are distributed and deployed in a scattered manner, mutual authentication and verification among the authentication entities can be realized, more flexible management on the personalized issuing process is realized, and meanwhile, high safety and strong authentication can be realized by using the non-repudiation property and confidentiality of the PKI system;
issuing a digital certificate SysCert to an issuing platform by an electronic identification management organization, and performing authorization authentication;
before the safety module of each authorized electronic identification card sender is verified, the electronic identification management organization writes safety parameters into the safety module;
the security parameters include: the system comprises a digital certificate ModCert, an electronic identification read-write key and an encryption and decryption key.
S2: before the identification data is written into the electronic identification to be issued through the electronic identification card sender, bidirectional identity authentication is firstly carried out with an issuing platform; in specific implementation, the electronic identification card sender and the personalized issuing platform perform bidirectional identity authentication based on the asymmetric SM2 encryption algorithm of the digital certificate. Through bidirectional identity authentication, only a legal electronic identification card sender can be accessed to the issuing platform, and the access of an illegal electronic identification card sender is avoided.
Based on a PKI system, both sides needing bidirectional identity authentication have digital certificates issued by an electronic identification management organization, in the technical scheme of the patent, the two sides are set to carry out bidirectional identity authentication through an asymmetric algorithm SM2 without storing or sharing the same secret key, and for a personalized system which is deployed in a scattered manner, the system structure is simplified, and the flexibility is improved.
The authentication process includes the following steps.
a 1: accessing an electronic identification card sender to an issuing platform;
a 2: the issuing platform sends a data frame requesting a random number to the electronic identification card sender;
the electronic identification card sender generates a random number RNG1 and returns the random number RNG1 to the issuing platform;
authentication is carried out based on the random number, and after an illegal user is prevented from intercepting communication data, identity authentication is carried out by using an illegal electronic identification card sender and an issuing platform, so that only an authorized electronic identification card sender can pass the identity authentication;
a 3: after receiving the RNG1, the issuing platform generates a random number RNG2, and signs the RNG1| | RNG2 by using a private key of the issuing platform to obtain a signature K1;
k1 = Sign (RNG1| | RNG2, issuing platform private key);
wherein Sign is a signature algorithm;
sending the RNG1, the RNG2, the K1 and a digital certificate SysCert of an issuing platform to an electronic identification card sender as platform verification data;
a 4: after the electronic identification card sender receives the platform verification data, comparing the consistency of the random number RNG1 in the platform verification data with the local random number RNG 1;
if the certificate is consistent with the certificate, the CA root certificate is used for verifying the digital certificate SysCert of the issuing platform;
after the verification is passed, using a public key in a digital certificate SysCert to verify a signature value in the platform verification data;
if the verification passes, the electronic identification card sender completes the identity authentication of the issuing platform;
a 5: the electronic identification card sender generates a new random number RNG3, and encrypts RNG2| | | RNG3 by using an issuing platform public key to obtain a ciphertext ENTEXT;
ENTEXT = E (RNG2| | RNG3, issuing platform public key);
wherein E is a symmetric cryptographic algorithm;
signing the ENTEXT by using an electronic identification card sender private key to obtain a card sender signature K2;
k2 = Sign (ENTEXT, card issuer private key);
taking ENTEXT, a card sender signature K2 and an electronic identification card sender digital certificate ModCert as card sender verification data, and sending the data to an issuing platform;
a 6: after receiving the card sender verification data, the issuing platform verifies a card sender digital certificate ModCert by using a CA root certificate;
after the verification is passed, the public key of the card sender digital certificate ModCert is used for verifying the signature of the card sender;
after the verification, the issuing platform decrypts ENTEXT by using a private key to obtain a plaintext, and compares the random number RNG2 in the card issuer verification data with the consistency of local RNG 2;
if the two RNGs 2 are consistent, the issuing platform completes the identity authentication of the electronic identification card sender;
a 7: taking a random number RNG3 as a temporary session key in the communication process after the bidirectional identity authentication; the method is used for encrypting and protecting the key personalized data and ensuring the information security on the communication link.
S3: after the authentication is passed, the issuing platform generates identification data and exports the identification data to the electronic identification card sender; the identification data is written into the electronic identification card sender in a ciphertext mode, and the possibility that the data is intercepted in the midway and information leakage occurs is reduced.
The method comprises the following steps:
b1, the issuing platform generates the personalized data PDATA corresponding to the electronic mark to be issued;
the personal data PDATA to be written into the electronic tag includes: the electronic identity information of the electric bicycle, the number plate number of the electric bicycle and the use property of the electric bicycle;
b2, the issuing platform encrypts PDATA by using RNG3 to obtain a ciphertext ENDATA;
ENDATA = E(PDATA,RNG3);
wherein E is a symmetric cryptographic algorithm;
b3, the issuing platform signs ENDATA by using the private key of the issuing platform to obtain a signature K3;
k3 = Sign (enddata, issuing platform private key);
ENDATA, the signature value K3 are sent to the electronic identification card issuer as identification data.
S4: after the electronic identification card sender receives the data, verifying the validity of the identification data; after the verification is passed, the identification data is encrypted and written into the electronic identification to be issued, and finally, the written result is reported to the issuing platform. Before the electronic identification card sender communicates with the electronic identification, bidirectional identity authentication is required, so that reading and writing of the electronic identification by an illegal card sender are avoided, and the possibility that the illegal electronic identification is falsely used is also avoided.
The method specifically comprises the following steps:
c1, the electronic identification card sender uses the issuing platform certificate SysCert to verify the validity of the identification data;
c2, after the identification data is confirmed to be valid, the temporary session key RNG3 is used for decryption to obtain personalized data PDATA;
c3, in order to ensure the safety and the privacy of the electronic identification data, the personalized data PDATA is encrypted, and the encrypted data is as follows:
INDIVDATA = E (personalization data PADTA, personalization data key),
wherein: e is a symmetric cryptographic algorithm, and E is,
the personalized data key generation mode is as follows: h (CARD NO, personalized data root key),
h is a symmetric encryption algorithm, and CARD _ NO is a CARD number of the electronic identification to be issued;
c4, connecting the card sender with the electronic mark to be issued, and performing bidirectional identity authentication; during specific implementation, the bidirectional identity verification of the electronic identification card sender and the electronic identification can be realized based on the existing authentication method; for example, the invention patent of application No. 201410439094.2 discloses a security authentication method for hiding an identification number of an ultrahigh frequency electronic tag;
c5, after the certification is passed, the electronic mark card sender and the electronic mark to be issued authorize each other, and the safe reading communication environment is established;
c6, the electronic mark card sender writes the encrypted data INDIVDATA into the electronic mark to be issued;
and c7, the card sender with electronic mark reports the operation result to the issuing platform to complete the operation.
In the patent, the functions of bidirectional identity authentication between the electronic identification card sender and the issuing platform, decryption and verification of personalized data, storage of a secret key, read-write operation control of the electronic identification and the like are all realized by a safety module embedded in the electronic identification card sender.
After the technical scheme is adopted, the electronic identification personalized issuing method of the electric bicycle improves the safety and reliability of the electronic identification personalized issuing link through the bidirectional identity authentication of the electronic identification card sender and the personalized issuing system, can reliably control the read-write permission of the electronic identification through the electronic identification card sender embedded with the electronic identification security module, ensures the legality of the read-write operation, ensures the legality of the electronic identification of the electric bicycle as the electronic identification of the electric bicycle, and maintains the road traffic order and the effective rights and interests of each traffic participant.

Claims (6)

1. An electronic identification personalized issuing method for an electric bicycle is characterized by comprising the following steps:
s1: constructing a certificate management structure of an electronic identification management mechanism based on a certificate system of a PKI public key infrastructure;
issuing a digital certificate SysCert to an issuing platform by the electronic identification management mechanism for authorization and authentication;
before the safety module of each authorized electronic identification card sender is verified, the electronic identification management mechanism writes safety parameters into the safety module;
the security parameters include: the system comprises a digital certificate ModCert, an electronic identification read-write key and an encryption and decryption key;
s2: before the electronic identification card sender writes identification data into the electronic identification to be issued, bidirectional identity authentication is carried out with the issuing platform; the authentication process comprises the following steps:
a 1: accessing the electronic identification card sender to the issuing platform;
a 2: the issuing platform sends a data frame requesting a random number to the electronic identification card issuer;
the electronic identification card sender generates a random number RNG1 and returns a random number RNG1 to the issuing platform;
a 3: after receiving the RNG1, the issuing platform generates a random number RNG2, and signs an RNG1| | RNG2 by using a private key of the issuing platform;
sending the RNG1, the RNG2, the signature value and the digital certificate SysCert as platform verification data to the electronic identity card sender;
a 4: after receiving the platform verification data, the electronic identification card sender compares the consistency of the random number RNG1 in the platform verification data and the local random number RNG1,
if the certificate is consistent with the certificate, verifying the digital certificate SysCert of the issuing platform by using a CA root certificate;
after the verification is passed, verifying the signature value in the platform verification data by using a public key in a digital certificate SysCert;
if the signature passes the verification, the electronic identification card sender completes the identity authentication of the issuing platform;
a 5: the electronic identification card sender generates a new random number RNG3, and encrypts RNG2| | | RNG3 by using an issuing platform public key to obtain a ciphertext ENTEXT;
signing the ENTEXT by using an electronic identification card sender private key to obtain a card sender signature, and sending the ENTEXT, the card sender signature and an electronic identification card sender digital certificate ModCert together as card sender verification data to the issuing platform;
a 6: after receiving the card sender verification data, the issuing platform verifies a card sender digital certificate ModCert by using a CA root certificate;
after the verification is passed, the public key of the card sender digital certificate ModCert is used for verifying the signature of the card sender;
after the signature verification is passed, the issuing platform decrypts ENTEXT by using a private key to obtain a plaintext, and compares the consistency of a random number RNG2 in the verification data of the card sender with local RNG 2;
if the two RNGs 2 are consistent, the issuing platform completes the identity authentication of the electronic identification card sender;
a 7: taking a random number RNG3 as a temporary session key in the communication process after the bidirectional identity authentication;
s3: after the authentication is passed, the issuing platform generates identification data and exports the identification data to the electronic identification card sender;
s4: after the electronic identification card sender receives the data, verifying the validity of the identification data; after the verification is passed, the identification data is encrypted and written into the electronic identification to be issued, and finally, the written result is reported to the issuing platform.
2. The personalized issuing method of the electronic identification of the electric bicycle as claimed in claim 1, wherein: in step S3, the method includes the steps of:
b1, the issuing platform generates the personalized data PDATA corresponding to the electronic identifier to be issued;
b2, the issuing platform encrypts PDATA by using RNG3 to obtain a ciphertext ENDATA;
b3, the issuing platform signs ENDATA by using the issuing platform private key;
and sending the signature values of ENDATA and ENDATA to the electronic identification card sender as the identification data.
3. The personalized issuing method of the electronic identification of the electric bicycle as claimed in claim 1, wherein: in step S4, the method includes the steps of:
c1, the electronic identification card sender uses an issuing platform certificate SysCert to verify the validity of the identification data;
c2, after the identification data is confirmed to be valid, the temporary session key RNG3 is used for decryption to obtain personalized data PDATA;
c3, encrypting the personalized data PDATA, wherein the encrypted data is as follows:
INDIVDATA = E (personalization data PADTA, personalization data key),
wherein: e is a symmetric cryptographic algorithm, and E is,
the personalized data key generation mode is as follows: h (CARD NO, personalized data root key),
h is a symmetric encryption algorithm, and CARD _ NO is a CARD number of the electronic identification to be issued;
c4, connecting the card sender with the to-be-issued electronic mark and carrying out bidirectional identity authentication;
c5, after the certification is passed, the electronic mark card sender and the electronic mark to be issued are mutually authorized to establish the safe reading communication environment at this time;
c6, the electronic mark card sender writes the encrypted data INDIVDATA into the electronic mark to be issued;
and c7, the electronic mark card sender reports the operation result to the issuing platform to complete the operation.
4. The personalized issuing method of the electronic identification of the electric bicycle as claimed in claim 3, wherein: in step S4, the writing of the information data of the electronic identifier by the electronic identifier card issuer further includes:
number plate number of electric bicycle, electric bicycle use property.
5. An electronic identification personalized issuing system of an electric bicycle, comprising: electronic identification administrative mechanism, electronic identification card sender, issue platform, electric bicycle electronic identification, its characterized in that: the electronic identification card sender comprises a security module which is issued and managed by the electronic identification management mechanism, and the electronic identification management mechanism identifies each security module by using a unique serial number;
the security module is internally integrated with a national password security chip, and the functions of the electronic identification card sender realized based on the security module comprise: the work authority of the system is controlled, the system is authenticated with the bidirectional identity of the issuing platform, and the system is in safe communication with the issuing platform to realize decryption verification, key storage and dispersion of personalized data; performing bidirectional identity authentication with the electronic identification to be issued to realize the safe writing of identification data;
the electronic identification management mechanism is responsible for initializing electronic identification, issuing management of digital certificates and issuing management of the security modules;
the issuing platform performs distributed deployment based on system software authorized by the electronic identification management mechanism; the issuing platform generates the identification data based on the system software and sends the identification data to the electronic identification card issuing device, and records and stores issuing actions of electronic identifications each time;
electronic identification installs in electronic bicycle number plate, and its inside storage information data includes: the electronic identity information of the electric bicycle, the number plate number of the electric bicycle and the use property of the electric bicycle; the information stored in the electronic identification is encrypted information.
6. The personalized issuing system of electronic identification of electric bicycle according to claim 5, characterized in that: the electronic identification has an authorized access mechanism and a cryptographic algorithm function, comprises a chip and an antenna and can be directly communicated with the electronic identification card sender.
CN202110765365.3A 2021-07-07 2021-07-07 Personalized issuing method and system for electronic identification of electric bicycle Active CN113486323B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110765365.3A CN113486323B (en) 2021-07-07 2021-07-07 Personalized issuing method and system for electronic identification of electric bicycle

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110765365.3A CN113486323B (en) 2021-07-07 2021-07-07 Personalized issuing method and system for electronic identification of electric bicycle

Publications (2)

Publication Number Publication Date
CN113486323A true CN113486323A (en) 2021-10-08
CN113486323B CN113486323B (en) 2023-05-12

Family

ID=77941509

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110765365.3A Active CN113486323B (en) 2021-07-07 2021-07-07 Personalized issuing method and system for electronic identification of electric bicycle

Country Status (1)

Country Link
CN (1) CN113486323B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114065795A (en) * 2021-11-30 2022-02-18 高新兴智联科技有限公司 Portable checking equipment based on RFID electronic license plate

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2003069560A (en) * 2001-08-23 2003-03-07 Kyocera Communication Systems Co Ltd Authentication system, information terminal, subscriber identifier issuing device, public key registering device, authentication method, program, and storage medium
WO2012151486A2 (en) * 2011-05-04 2012-11-08 Datacard Corporation System and method of using mobile devices to personalize and issue personalized identification documents
CN112347453A (en) * 2020-11-11 2021-02-09 公安部交通管理科学研究所 Data safety writing method and system of automobile electronic identification embedded NFC chip
CN112669504A (en) * 2020-12-24 2021-04-16 高新兴智联科技有限公司 Entrance guard vehicle identification method and device based on socialized issued electronic identification

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2003069560A (en) * 2001-08-23 2003-03-07 Kyocera Communication Systems Co Ltd Authentication system, information terminal, subscriber identifier issuing device, public key registering device, authentication method, program, and storage medium
WO2012151486A2 (en) * 2011-05-04 2012-11-08 Datacard Corporation System and method of using mobile devices to personalize and issue personalized identification documents
CN112347453A (en) * 2020-11-11 2021-02-09 公安部交通管理科学研究所 Data safety writing method and system of automobile electronic identification embedded NFC chip
CN112669504A (en) * 2020-12-24 2021-04-16 高新兴智联科技有限公司 Entrance guard vehicle identification method and device based on socialized issued electronic identification

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
李文;李忠献;崔军;: "基于标识密码的密级标签控制模型", 计算机应用与软件 *
王长君等: "《机动车电子标识密钥管理***技术要求》(GB/T 37985-2019)国家标准解读", 《中国标准化》 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114065795A (en) * 2021-11-30 2022-02-18 高新兴智联科技有限公司 Portable checking equipment based on RFID electronic license plate

Also Published As

Publication number Publication date
CN113486323B (en) 2023-05-12

Similar Documents

Publication Publication Date Title
CN111368324B (en) Credible electronic license platform system based on block chain and authentication method thereof
CN101300808B (en) Method and arrangement for secure autentication
US9686072B2 (en) Storing a key in a remote security module
US8724819B2 (en) Credential provisioning
CN101336436B (en) Security token and method for authentication of a user with the security token
US7539861B2 (en) Creating and storing one or more digital certificates assigned to subscriber for efficient access using a chip card
CN107358441B (en) Payment verification method and system, mobile device and security authentication device
CN112528250B (en) System and method for realizing data privacy and digital identity through block chain
CN101729244B (en) Method and system for distributing key
CN106067205B (en) A kind of gate inhibition's method for authenticating and device
CN106953732B (en) Key management system and method for chip card
CN109409884A (en) A kind of block chain secret protection scheme and system based on SM9 algorithm
CN101841525A (en) Secure access method, system and client
CN112347453A (en) Data safety writing method and system of automobile electronic identification embedded NFC chip
CN104077814B (en) Electronic charging system without parking, equipment, authentication method and method of commerce
CN112150682A (en) Intelligent access control card, intelligent door lock terminal and intelligent access control card identification method
KR100939725B1 (en) Certification method for a mobile phone
CN106936588A (en) A kind of trustship method, the apparatus and system of hardware controls lock
CN108460597B (en) Key management system and method
JPH10336172A (en) Managing method of public key for electronic authentication
CN113486323B (en) Personalized issuing method and system for electronic identification of electric bicycle
CN108418692B (en) On-line writing method of authentication certificate
JP3863382B2 (en) IC card update method and system
TWI725623B (en) Point-to-point authority management method based on manager's self-issued tickets
CN106027482B (en) A kind of identity card card reading response method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant