CN101009014A - Secure anti-counterfeiting method and system thereof - Google Patents
Secure anti-counterfeiting method and system thereofDownload PDFInfo
- Publication number
- CN101009014A CN101009014ACNA2007100513638ACN200710051363ACN101009014ACN 101009014 ACN101009014 ACN 101009014ACN A2007100513638 ACNA2007100513638 ACN A2007100513638ACN 200710051363 ACN200710051363 ACN 200710051363ACN 101009014 ACN101009014 ACN 101009014A
- Authority
- CN
- China
- Prior art keywords
- product
- information
- counterfeiting
- module
- query
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
Translated fromChinese
Description
Translated fromChinese技术领域technical field
本发明属于信息安全认证技术,具体涉及一种安全防伪方法及其系统,可广泛应用于产品防伪等领域,尤其适用于基于射频标签RFID的产品防伪。The invention belongs to information security authentication technology, and specifically relates to a security anti-counterfeiting method and system thereof, which can be widely used in fields such as product anti-counterfeiting, and is especially suitable for product anti-counterfeiting based on radio frequency tags (RFID).
背景技术Background technique
现有的产品防伪技术主要采用材料防伪,例如激光、荧光、磁性、变温等防伪材料,防伪功能是依靠防伪标识难以被伪造来实现的。然而,在实际应用中,这些防伪材料的制作工艺复杂,有些还需要专业的检测工具进行鉴别,这阻碍了防伪技术的发展。另外,虽然电话防伪技术和电码防伪技术有较快发展,但仍有不足,如它们存在检索速度慢、厂家付费电话成本高和800免费声讯电话覆盖地区有限,查询方式单一、费时等诸多缺点,所以目前此类防伪技术只在一定范围内得到应用,未能真正普及。Existing product anti-counterfeiting technologies mainly use anti-counterfeiting materials, such as laser, fluorescent, magnetic, temperature-variable and other anti-counterfeiting materials. However, in practical applications, the production process of these anti-counterfeiting materials is complicated, and some of them require professional detection tools for identification, which hinders the development of anti-counterfeiting technology. In addition, although telephone anti-counterfeiting technology and code anti-counterfeiting technology have developed rapidly, there are still shortcomings, such as slow retrieval speed, high cost of manufacturer's pay phone, limited coverage of 800 free voice calls, single query method, time-consuming and many other shortcomings. So at present this type of anti-counterfeiting technology is only applied within a certain range, and has not been really popularized.
中国发明专利申请“移动短信防伪方法和系统”申请号:03117698.4,公开日为:2003.09.24公开了一种移动数码防伪系统及其方法,该系统包括防伪产品数据库、多功能防伪查询平台、维护平台以及无线通讯网络,使之成为覆盖全国的防伪查询网络。将防伪序列号粘贴在产品上,消费者用手机通过防伪网络查询防伪系列号知道所购产品真伪。这种防伪技术不足之处在于可靠性不高,产品防伪编码仅为0至9的数字;防伪信息编码规律明显,容易被破解,容易被大量伪造;系统功能不丰富,不能及时全面了解产品的销售信息。Chinese invention patent application "Mobile SMS anti-counterfeiting method and system" application number: 03117698.4, publication date: 2003.09.24 discloses a mobile digital anti-counterfeiting system and its method, the system includes anti-counterfeiting product database, multi-functional anti-counterfeiting query platform, maintenance platform and wireless communication network, making it an anti-counterfeiting query network covering the whole country. Paste the anti-counterfeiting serial number on the product, and consumers can check the anti-counterfeiting serial number through the anti-counterfeiting network to know the authenticity of the purchased product. The disadvantage of this anti-counterfeiting technology is that the reliability is not high, and the anti-counterfeiting code of the product is only a number from 0 to 9; the anti-counterfeiting information coding law is obvious, it is easy to be cracked, and it is easy to be forged in large quantities; sales information.
发明内容Contents of the invention
本发明的目的在于提供一种安全防伪方法和系统,该安全防伪方法具有防伪功能强、不易破解的特点;本发明还提供了实现该方法的系统。The object of the present invention is to provide a security anti-counterfeiting method and system, the security anti-counterfeiting method has the characteristics of strong anti-counterfeiting function and not easy to crack; the present invention also provides a system for realizing the method.
本发明提供的安全防伪方法,其步骤包括:The safe anti-counterfeiting method provided by the present invention, its steps comprise:
(1)各实体分别到认证中心进行注册,认证中心验证其身份后存储其相关信息,并为其颁发用于证明身份的身份数字证书;(1) Each entity registers with the certification center separately, and the certification center stores its relevant information after verifying its identity, and issues a digital identity certificate to prove its identity;
(2)生产商对单件产品的唯一编码和基本信息进行防篡改和防假冒伪造处理,生成防伪信息;并将这些信息写入标识载体;(2) The manufacturer performs anti-tampering and anti-counterfeiting processing on the unique code and basic information of a single product, generates anti-counterfeiting information; and writes these information into the identification carrier;
(3)记载有产品批号、时间信息、同名产品的编码、生产商的编码和生产商公钥等信息的产品数字证书需由生产商和认证中心对其进行双签名:生产商对包括产品批号、时间等的信息进行签名,认证中心对包括同名产品的编码、生产商的编码和生产商公钥等的信息进行签名;(3) The product digital certificate that records information such as product batch number, time information, product code of the same name, manufacturer’s code, and manufacturer’s public key needs to be double-signed by the manufacturer and the certification center: , time and other information, and the certification center signs the information including the code of the product with the same name, the code of the manufacturer, and the public key of the manufacturer;
(4)产品的卖方和买方完成防伪查询,其步骤包括:(4) The seller and buyer of the product complete the anti-counterfeiting inquiry, and the steps include:
(4.1)卖方通过产品的标识载体获取防伪标识信息,对交易信息、防伪标识信息、产品数字证书进行数字签名,卖方将上述经过签名的信息和卖方的身份数字证书提交给生产商;同时从防伪标识信息中提取同名产品编码,从交易信息中提取交易流水号,对同名产品编码和交易流水号进行签名后将其发送到认证中心;(4.1) The seller obtains the anti-counterfeiting identification information through the identification carrier of the product, digitally signs the transaction information, anti-counterfeiting identification information, and product digital certificate, and the seller submits the above-mentioned signed information and the seller's identity digital certificate to the manufacturer; Extract the product code of the same name from the identification information, extract the transaction serial number from the transaction information, sign the product code and transaction serial number of the same name and send it to the certification center;
(4.2)生产商接收卖方提交的信息,使用卖方的身份数字证书和其签名验证信息的完整性和真实性,根据产品数字证书判断其是否具有查询服务权限,若具有查询服务权限,根据防伪标识信息进行查询认证,得到防伪查询结果,从卖方发送的交易信息中提取交易流水号;生产商将经过防篡改和防假冒伪造处理后的防伪查询结果和交易流水号提交给卖方;认证中心根据同名产品编码对产品进行查询,得到该产品的查询结果信息,包括该产品是否允许出售和该产品的信誉记录;认证中心将经过防篡改和防假冒伪造处理后的查询结果和交易流水号提交给卖方;(4.2) The manufacturer receives the information submitted by the seller, uses the seller's identity digital certificate and its signature to verify the integrity and authenticity of the information, and judges whether it has the inquiry service authority according to the product digital certificate, and if it has the inquiry service authority, according to the anti-counterfeiting mark The anti-counterfeiting query result is obtained, and the transaction serial number is extracted from the transaction information sent by the seller; the manufacturer submits the anti-counterfeiting query result and transaction serial number after anti-tampering and anti-counterfeiting processing to the seller; The product code is used to query the product and obtain the query result information of the product, including whether the product is allowed to be sold and the credit record of the product; the certification center submits the query result and transaction serial number after anti-tampering and anti-counterfeiting processing to the seller ;
(4.3)卖方接收生产商和认证中心发送的信息,根据交易流水号确定接收到的是关于本次交易的查询结果;卖方将经过其签名的交易流水号、查询结果信息、产品数字证书发送给买方;(4.3) The seller receives the information sent by the manufacturer and the certification center, and according to the transaction serial number, it is determined that what is received is the query result about this transaction; the seller sends the transaction serial number, query result information, and product digital certificate signed by the seller to buyer;
(4.4)买方接收卖方发送过来的交易流水号、查询结果信息和产品数字证书,根据交易流水号确定接收到的是关于本次交易的查询结果,并验证产品数字证书和查询结果信息的完整性和真实性;(4.4) The buyer receives the transaction serial number, query result information and product digital certificate sent by the seller, determines the received query result about this transaction according to the transaction serial number, and verifies the integrity of the product digital certificate and query result information and authenticity;
(5)产品的生产商进行产品的召回,其步骤包括:(5) The manufacturer of the product recalls the product, and the steps include:
(5.1)生产商确定待召回的产品批号;(5.1) The manufacturer determines the batch number of the product to be recalled;
(5.2)生产商根据卖方进行防伪查询时发送过来的交易信息获取产品买方的联络信息;(5.2) The manufacturer obtains the contact information of the product buyer according to the transaction information sent by the seller when conducting anti-counterfeiting inquiries;
(5.3)生产商将经过防篡改和防假冒伪造处理后的召回信息和产品数字证书发送给买方;(5.3) The manufacturer sends the recall information and product digital certificate to the buyer after anti-tampering and anti-counterfeiting processing;
(5.4)买方接收生产商发送过来的产品召回信息和产品数字证书,并对其完整性和真实性进行验证。(5.4) The buyer receives the product recall information and product digital certificate sent by the manufacturer, and verifies its integrity and authenticity.
本发明提供的安全防伪系统,包括防伪标识模块、查询终端模块、查询认证模块和认证中心;其中,The security anti-counterfeiting system provided by the present invention includes an anti-counterfeiting identification module, an inquiry terminal module, an inquiry authentication module and an authentication center; wherein,
防伪标识模块用于生产商生成防伪标识,并将防伪标识信息发送给查询认证模块存储;The anti-counterfeiting identification module is used for the manufacturer to generate the anti-counterfeiting identification, and send the anti-counterfeiting identification information to the query authentication module for storage;
查询终端模块用于存储产品数字证书,向查询认证模块和认证中心提交查询请求,接收查询认证模块和认证中心发送过来的查询结果信息;The query terminal module is used to store product digital certificates, submit query requests to the query certification module and the certification center, and receive query result information sent by the query certification module and the certification center;
查询认证模块用于生产商存储产品基本信息和产品附加信息,在防伪查询过程中,查询认证模块接收查询终端模块发送的查询请求,产生查询结果信息,将查询结果信息发送给查询终端模块;在产品召回过程中,查询认证模块将产品召回信息发送到买方接收终端;The query authentication module is used for the manufacturer to store basic product information and product additional information. During the anti-counterfeiting query process, the query authentication module receives the query request sent by the query terminal module, generates query result information, and sends the query result information to the query terminal module; During the product recall process, the query authentication module sends the product recall information to the buyer's receiving terminal;
认证中心用于公证和仲裁机构存储各实体信息和产品信誉记录;为各实体产生身份数字证书,对产品数字证书中的同名产品编码、生产商编码和生产商公钥进行签名;接收查询终端模块发送的查询请求,产生查询结果信息,将查询结果信息发送给查询终端模块。The certification center is used for notarization and arbitration institutions to store entity information and product reputation records; generate identity digital certificates for each entity, and sign the same-name product code, manufacturer code and manufacturer public key in the product digital certificate; receive query terminal module The sent query request generates query result information, and sends the query result information to the query terminal module.
本发明与现有的防伪方法相比,克服了现有防伪技术和现代电码防伪技术的缺陷。该系统可以以射频标签RFID、二维条形码等作为防伪标识,可广泛用于不同档次、不同类型的产品,具有很强的适应性。认证信息通过现有的固网/移动网进行传递,具有方便、实效的特点。与对比文献“移动短信防伪方法和系统”相比,本发明具有以下特点:Compared with the existing anti-counterfeiting method, the invention overcomes the defects of the existing anti-counterfeiting technology and the modern electronic code anti-counterfeiting technology. The system can use radio frequency tags (RFID), two-dimensional barcodes, etc. as anti-counterfeiting marks, and can be widely used in different grades and types of products, with strong adaptability. Authentication information is transmitted through the existing fixed network/mobile network, which is convenient and effective. Compared with the comparative document "Mobile Short Message Anti-counterfeiting Method and System", the present invention has the following characteristics:
(1)、可信第三方作为信任层次的根节点,通过签发各实体的身份数字证书和产品数字证书,实现在产品流通的各个环节中各实体间的数字认证信息、产品信息与实体信息的绑定,从而从根本上提高系统的安全性和可信度。(1) The trusted third party, as the root node of the trust hierarchy, realizes the digital authentication information, product information and entity information among entities in each link of product circulation by issuing the identity digital certificates and product digital certificates of each entity. Binding, thereby fundamentally improving the security and credibility of the system.
(2)、在可信第三方构建销售许可列表;接受消费者的投诉和查询,动态发布产品黑名单和红名单,形成有效的监督机制,从根源上杜绝假冒伪劣产品进入市场流通。(2) Build a sales license list on a trusted third party; accept complaints and inquiries from consumers, dynamically publish product blacklists and redlists, form an effective supervision mechanism, and prevent counterfeit and shoddy products from entering the market from the root.
(3)、通过查询终端模块将查询信息和产品信息一起发送到查询认证模块,能很好地了解产品的市场动态。(3) The query information and product information are sent to the query authentication module through the query terminal module, so that the market dynamics of the product can be well understood.
(4)、消费者无需主动查询,认证结果自动发送到消费者接收终端,简化了查询过程。(4) The consumer does not need to actively inquire, and the authentication result is automatically sent to the consumer's receiving terminal, which simplifies the inquiry process.
(5)、通过产品流通各个环节的防伪查询过程,记录交易信息,从而实现产品的安全追溯管理,为企业构建虚拟直销平台。(5) Through the anti-counterfeiting inquiry process of each link of product circulation, transaction information is recorded, so as to realize product safety traceability management and build a virtual direct sales platform for enterprises.
(6)、本发明系统易于功能扩展,有较大的升级功能。(6), the system of the present invention is easy to expand functions, and has relatively large upgrade functions.
附图说明Description of drawings
图1为本发明安全防伪方法的流程图;Fig. 1 is the flowchart of safe anti-counterfeiting method of the present invention;
图2-a为生产商对产品查询认证的流程图;Figure 2-a is a flow chart of the manufacturer's query and certification of products;
图2-b为认证中心对产品查询认证的流程图;Figure 2-b is a flow chart of the certification center for product query certification;
图3为生产商进行产品召回的流程图;Figure 3 is a flow chart of a manufacturer's product recall;
图4为本发明安全防伪系统的结构示意图;Fig. 4 is a structural schematic diagram of the security anti-counterfeiting system of the present invention;
图5为图4中查询终端模块的结构示意图;Fig. 5 is a schematic structural diagram of the query terminal module in Fig. 4;
图6为图4中查询认证模块的结构示意图;Fig. 6 is a schematic structural diagram of the query authentication module in Fig. 4;
图7为图4中认证中心的结构示意图;FIG. 7 is a schematic structural diagram of the authentication center in FIG. 4;
图8为本发明安全防伪系统的工作流程示意图。Fig. 8 is a schematic diagram of the workflow of the security anti-counterfeiting system of the present invention.
具体实施方式Detailed ways
下面结合附图和实例对本发明作进一步详细的说明。Below in conjunction with accompanying drawing and example the present invention is described in further detail.
本发明提供一种安全防伪方法,该方法涉及到生产商、卖方、买方和认证中心四个类型的实体。在不同的交易环境中,产品的生产商也可以是卖方,产品的销售商可以是卖方,也可以是买方,消费者是买方。该防伪方法包括用户注册过程、标识产生过程、防伪查询过程和产品召回过程。其中用户注册过程和标识产生过程是系统的初始化过程,防伪查询过程在卖方和买方进行交易时进行(如生产商将产品出售给一级销售商、一级销售商将产品出售给二级销售商,依次类推直到某级销售商将产品销售给消费者)。产品召回过程在交易发生后,生产商由于产品质量问题等原因需将产品召回时进行。The invention provides a safe anti-counterfeiting method, which involves four types of entities: a manufacturer, a seller, a buyer and an authentication center. In different trading environments, the producer of the product can also be the seller, the seller of the product can be the seller or the buyer, and the consumer is the buyer. The anti-counterfeiting method includes a user registration process, a logo generation process, an anti-counterfeiting query process and a product recall process. Among them, the user registration process and the logo generation process are the initialization process of the system, and the anti-counterfeiting query process is carried out when the seller and the buyer conduct transactions (such as the manufacturer sells the product to the first-level seller, and the first-level seller sells the product to the second-level seller. , and so on until a certain level of sellers sells products to consumers). The product recall process is carried out when the manufacturer needs to recall the product due to product quality problems and other reasons after the transaction occurs.
如图1所示,本发明方法的步骤如下:As shown in Figure 1, the steps of the inventive method are as follows:
(1)各实体(消费者、生产商和销售商)分别到认证中心进行注册,认证中心验证其身份后存储其相关信息,并为其颁发用于证明身份的身份数字证书。(1) Each entity (consumer, manufacturer, and seller) registers with the certification center, and the certification center verifies its identity and stores its relevant information, and issues a digital certificate to prove its identity.
消费者向认证中心提交个人信息,该信息可以包括:姓名、身份证号码、消费者联络信息(包括手机号码或电子信箱地址)等。生产商向认证中心提交相关信息,该信息可以包括:生产商名称、产品信息等。销售商向认证中心提交相关信息,该信息可以包括:销售商名称、销售商联络信息(包括手机号码或电子信箱地址)等。认证中心审查上述信息,为生产商、销售商和消费者颁发身份数字证书。Consumers submit personal information to the certification center, which may include: name, ID number, consumer contact information (including mobile phone number or email address), etc. The manufacturer submits relevant information to the certification center, which may include: manufacturer name, product information, etc. The seller submits relevant information to the certification center, and the information may include: the seller's name, the seller's contact information (including a mobile phone number or an email address), and the like. The certification center reviews the above information and issues identity digital certificates for manufacturers, sellers and consumers.
(2)生产商获取产品基本信息,将同名产品编码、生产商编码、产品批号(表示某一批量产品)、序列号一起形成每个产品的唯一编码,对该唯一编码和产品基本信息进行防篡改和防假冒伪造处理(该处理过程可以是生成认证码、对其进行数字签名等,其目的是保证信息的完整性,防止伪造),生成防伪信息;并将这些信息(产品的唯一编码、产品基本信息、防伪信息)写入标识载体。(2) The manufacturer obtains the basic information of the product, forms the unique code of each product together with the product code of the same name, the manufacturer code, the product batch number (indicating a certain batch of products), and the serial number, and conducts security checks on the unique code and the basic information of the product. Tampering and anti-counterfeiting processing (the processing process can be to generate authentication codes, digitally sign them, etc., the purpose of which is to ensure the integrity of information and prevent forgery), generate anti-counterfeiting information; and combine these information (the unique code of the product, Product basic information, anti-counterfeiting information) written into the identification carrier.
产品基本信息可以包括:生产商名称、生产商所在地、产品品牌、产品生产日期、产品有效期、产品类别、产品型号等。The basic product information may include: manufacturer name, manufacturer location, product brand, product production date, product validity period, product category, product model, etc.
(3)生产商生成产品数字证书,产品数字证书是经过生产商和认证中心双签名数字证书,其中生产商对包括产品批号(表示某一批量产品)、时间信息的信息进行签名,认证中心对包括同名产品编码和该产品生产商编码、该生产商公钥进行签名。(3) The manufacturer generates a product digital certificate. The product digital certificate is a double-signed digital certificate by the manufacturer and the certification center. The manufacturer signs the information including the product batch number (indicating a certain batch of products) and time information, and the certification center signs the information Including the product code with the same name, the product manufacturer code, and the manufacturer's public key for signature.
(4)产品的买方和卖方进行交易时完成防伪查询,如图2所示,其步骤包括:(4) The buyer and seller of the product complete the anti-counterfeiting inquiry when they conduct transactions, as shown in Figure 2, the steps include:
(4.1)卖方通过产品的标识载体获取防伪标识信息,对交易信息(包括或部分包括买卖双方的身份、与买卖双方进行联络的信息、交易数量、交易时间、交易地址、交易流水号等)、防伪标识信息、产品数字证书进行数字签名,卖方将上述经过签名的信息和卖方的身份数字证书提交给生产商;同时从防伪标识信息中提取同名产品编码,从交易信息中提取交易流水号,对同名产品编码和交易流水号进行签名后将其发送到认证中心;(4.1) The seller obtains the anti-counterfeiting identification information through the identification carrier of the product, and the transaction information (including or partly including the identity of the buyer and the seller, information for contacting the buyer and the seller, transaction quantity, transaction time, transaction address, transaction serial number, etc.), The anti-counterfeit identification information and product digital certificate are digitally signed, and the seller submits the above-mentioned signed information and the seller’s identity digital certificate to the manufacturer; at the same time, the product code of the same name is extracted from the anti-counterfeit identification information, and the transaction serial number is extracted from the transaction information. After signing the product code and transaction serial number with the same name, send it to the certification center;
(4.2)生产商接收卖方提交的信息,使用卖方的身份数字证书和其签名验证信息的完整性和真实性,根据产品数字证书判断其是否具有查询服务权限,若具有查询服务权限,根据防伪标识信息进行查询认证,得到防伪查询结果,从卖方发送的交易信息中提取交易流水号;生产商将经过防篡改和防假冒伪造处理后的防伪查询结果和交易流水号提交给卖方;认证中心根据同名产品编码对产品进行查询,得到该产品是否允许出售、该产品的信誉记录等查询结果信息;认证中心将经过防篡改和防假冒伪造处理后的查询结果和交易流水号提交给卖方;(4.2) The manufacturer receives the information submitted by the seller, uses the seller's identity digital certificate and its signature to verify the integrity and authenticity of the information, and judges whether it has the inquiry service authority according to the product digital certificate, and if it has the inquiry service authority, according to the anti-counterfeiting mark The anti-counterfeiting query result is obtained, and the transaction serial number is extracted from the transaction information sent by the seller; the manufacturer submits the anti-counterfeiting query result and transaction serial number after anti-tampering and anti-counterfeiting processing to the seller; The product code is used to query the product, and obtain the query result information such as whether the product is allowed to be sold, the credit record of the product, etc.; the certification center will submit the query result and transaction serial number after anti-tampering and anti-counterfeiting processing to the seller;
判断是否具有查询服务权限的具体过程如下:The specific process of judging whether you have the query service permission is as follows:
(A1)从防伪标识信息内的产品唯一编码中获取产品批号,判断该产品批号是否与产品数字证书中的产品批号相同,若判断结果为“假”,则判定不具有查询权限,结束权限判断过程,否则进入步骤(A2);(A1) Obtain the product batch number from the unique code of the product in the anti-counterfeiting identification information, and judge whether the product batch number is the same as the product batch number in the product digital certificate. If the judgment result is "false", it is determined that there is no query authority, and the authority judgment is ended process, otherwise enter step (A2);
(A2)根据产品数字证书中的时间戳信息判断该票据是否过期,若不过期,则判定具有查询权限,否则判定不具有查询权限;(A2) According to the time stamp information in the product digital certificate, it is judged whether the ticket has expired. If it is not expired, it is judged that it has the inquiry authority, otherwise it is determined that it does not have the inquiry authority;
对防伪标识信息进行查询认证的具体过程如下:The specific process of querying and authenticating the anti-counterfeiting identification information is as follows:
(B1)生产商从防伪标识信息中提取产品唯一编码作为查询的关键字,在产品数据库中进行查询,若该产品唯一编码存在,则进入步骤(B2);若该产品序列号不存在,则返回结果“该产品是假货”并跳转至步骤(B5);(B1) The manufacturer extracts the unique code of the product from the anti-counterfeiting identification information as the keyword of the query, and performs a query in the product database. If the unique code of the product exists, then enter step (B2); if the serial number of the product does not exist, then Return the result "this product is fake" and jump to step (B5);
(B2)生产商将本次交易卖方身份信息与产品追溯记录项中上次交易的买方信息进行比较,若相同,则进入步骤(B3),否则返回结果“该产品是假货”并跳转至步骤(B5);(B2) The manufacturer compares the identity information of the seller of this transaction with the buyer information of the previous transaction in the product traceability record, and if they are the same, proceed to step (B3), otherwise return the result "the product is a fake" and jump to step (B5);
(B3)验证防伪信息,若防伪信息合法,则返回结果“该产品为真品”;若防伪信息不合法,则返回结果“该产品是假货”。若查询结果为“该产品为真品”则进入步骤(B4),否则跳至步骤(B5);(B3) Verify the anti-counterfeiting information, if the anti-counterfeiting information is legal, then return the result "this product is genuine"; if the anti-counterfeiting information is not legal, then return the result "this product is fake". If the query result is "the product is genuine", go to step (B4), otherwise skip to step (B5);
(B4)根据数据库中的产品生产日期和有效期,判断该产品是否过期。若过期则返回“产品过期”,未过期则不返回结果;(B4) According to the production date and expiration date of the product in the database, it is judged whether the product is expired. If it is expired, it will return "product expired", and if it is not expired, it will not return the result;
(B5)根据上述返回值生成查询结果信息,该查询结果信息包括步骤(B1)至步骤(B4)中的各项返回结果。查询结果信息还可以包括本次产品的查询时间、卖方身份信息、买方身份信息、生产商身份信息、产品基本信息等;(B5) Generate query result information according to the above return value, and the query result information includes the return results of steps (B1) to steps (B4). The query result information may also include the query time of the product, seller’s identity information, buyer’s identity information, manufacturer’s identity information, basic product information, etc.;
(B6)将本次查询的相关信息传至数据库的产品追溯记录项,这些信息包括或部分包括买卖双方的身份、与买卖双方进行联络的信息、交易数量、交易时间、交易地址等。(B6) Transfer the relevant information of this query to the product traceability record item in the database, such information includes or partially includes the identity of the buyer and seller, contact information with the buyer and seller, transaction quantity, transaction time, transaction address, etc.
认证中心对同名产品编码进行查询的步骤如下:The steps for the certification center to inquire about product codes with the same name are as follows:
(C1)认证中心以同名产品编码作为查询关键字,查询数据库,若该同名产品编码存在,则进入步骤(C2);若该同名产品编码不存在,则返回结果“该产品不允许销售”并结束查询过程;(C1) The certification center uses the product code with the same name as the query keyword to query the database. If the product code with the same name exists, enter step (C2); if the product code with the same name does not exist, return the result "this product is not allowed to be sold" and end the query process;
(C2)在数据库中的黑名单列表中,查询该同名产品编码,若该产品在黑名单列表中,则返回结果“该产品可能是劣质品”并结束查询过程;(C2) In the blacklist in the database, query the product code of the same name, if the product is in the blacklist, return the result "this product may be inferior" and end the query process;
生产商和认证中心对防伪查询结果进行防篡改和防假冒伪造处理的具体过程如下:The specific process of anti-tampering and anti-counterfeiting processing by manufacturers and certification centers on anti-counterfeiting query results is as follows:
生产商对防伪查询结果和交易流水号进行签名;认证中心对查询结果和交易流水号进行签名;The manufacturer signs the anti-counterfeiting query result and transaction serial number; the certification center signs the query result and transaction serial number;
(4.3)卖方接收生产商和认证中心发送的信息,根据交易流水号确定接收到的是关于本次交易的查询结果;卖方将经过其签名的交易流水号、查询结果信息、产品数字证书发送给买方;(4.3) The seller receives the information sent by the manufacturer and the certification center, and according to the transaction serial number, it is determined that what is received is the query result about this transaction; the seller sends the transaction serial number, query result information, and product digital certificate signed by the seller to buyer;
(4.4)买方接收卖方发送过来的交易流水号、查询结果信息和产品数字证书,根据交易流水号确定接收到的是关于本次交易的查询结果,并验证产品数字证书和查询结果信息的完整性和真实性;(4.4) The buyer receives the transaction serial number, query result information and product digital certificate sent by the seller, determines the received query result about this transaction according to the transaction serial number, and verifies the integrity of the product digital certificate and query result information and authenticity;
(5)交易发生后,产品的生产商可能由于产品存在质量问题等原因需要对产品进行召回,如图3所示,其步骤包括:(5) After the transaction occurs, the manufacturer of the product may need to recall the product due to quality problems and other reasons. As shown in Figure 3, the steps include:
(5.1)生产商确定待召回的产品批号;(5.1) The manufacturer determines the batch number of the product to be recalled;
(5.2)生产商根据卖方进行防伪查询时发送过来的交易信息获取产品买方的联络信息;(5.2) The manufacturer obtains the contact information of the product buyer according to the transaction information sent by the seller when conducting anti-counterfeiting inquiries;
(5.3)生产商将经过防篡改和防假冒伪造处理后的召回信息发送给买方;(5.3) The manufacturer sends the recall information to the buyer after anti-tampering and anti-counterfeiting treatment;
生产商对产品召回信息进行防篡改和防假冒伪造处理的具体过程如下:The specific process for manufacturers to implement anti-tampering and anti-counterfeiting for product recall information is as follows:
生产商对产品召回信息和时间戳信息进行签名;The manufacturer signs the product recall information and timestamp information;
(5.4)买方接收生产商发送过来的产品召回信息和产品数字证书,并对其完整性和真实性进行验证。(5.4) The buyer receives the product recall information and product digital certificate sent by the manufacturer, and verifies its integrity and authenticity.
如图4所示,本发明安全防伪系统包括防伪标识模块1、查询终端模块2、查询认证模块3和认证中心4。其中查询终端模块2属于卖方,防伪标识模块1和查询认证模块3属于生产商、认证中心4是整个防伪系统的公证和仲裁机构。As shown in FIG. 4 , the security anti-counterfeiting system of the present invention includes an
防伪标识模块1用于产生防伪标识,并将防伪标识信息发送给查询认证模块3存储。The
查询终端模块2用于向查询认证模块3和认证中心4提交查询请求,接收查询认证模块3和认证中心4发送过来的查询结果信息。The query terminal module 2 is used to submit query requests to the
查询认证模块3用于存储产品基本信息和产品附加信息,其中产品基本信息如前面的方法中所述;产品附加信息包括:产品数字证书、产品追溯记录等。在防伪查询过程中,查询认证模块3接收查询终端模块2发送的查询请求,产生查询结果信息,将查询结果信息发送到查询终端模块2。在产品召回过程中,查询认证模块3产生产品召回信息,根据买方联络信息将产品召回信息发送到买方接收终端。The
认证中心4用于存储各实体(包括消费者、生产商、销售商)信息、销售许可列表、黑名单列表和红名单列表。生产商信息包括:生产商名称、生产商ID、产品品牌、联络信息(如手机号码或电子信箱地址)等;销售商信息包括:销售商名称、销售商ID等、联络信息(如手机号码或电子信箱地址)等;消费者信息包括:消费者姓名、消费者ID、联络信息(如手机号码或电子信箱地址)等。销售许可列表记录允许销售产品的同名产品编码;黑名单列表记录有被多次投诉的同名产品编码;红名单列表记录有长期未被投诉的同名产品编码。认证中心4为各实体产生身份数字证书,对产品数字证书中的同名产品编码、生产商编码和生产商公钥进行签名。在防伪查询过程中,认证中心4接收查询终端模块2发送的查询请求,产生查询结果信息,将查询结果信息发送给查询终端模块2。The
如图5所示,查询终端模块2包括信息存储模块2A、交易信息处理模块2B和标识读取模块2C。As shown in FIG. 5 , the inquiry terminal module 2 includes an information storage module 2A, a transaction information processing module 2B and an identification reading module 2C.
信息存储模块2A用于存放产品数字证书。当生产商为卖方时,其查询终端模块2的信息存储模块2A用其查询认证模块3中的产品信息数据库3A代替。The information storage module 2A is used for storing product digital certificates. When the manufacturer is a seller, the information storage module 2A of its query terminal module 2 is replaced by its query of the product information database 3A in the
标识读取模块2C用于获取产品的防伪标识信息,获取买卖双方身份数字证书和联络信息。The identification reading module 2C is used to obtain the anti-counterfeiting identification information of the product, and obtain the identity digital certificate and contact information of both buyers and sellers.
交易信息处理模块2B对查询终端模块2发送的信息进行处理。在防伪查询过程中,交易信息处理模块2B从标识读取模块2C获取产品防伪标识信息、买卖双方身份数字证书和联络信息,从信息存储模块2A获得产品数字证书,产生本次交易的交易信息(包括或部分包括与买卖双方进行联络的信息,交易数量,交易时间、交易地址等)然后将上述信息通过网络发送到查询认证模块3。The transaction information processing module 2B processes the information sent by the inquiry terminal module 2 . During the anti-counterfeiting inquiry process, the transaction information processing module 2B obtains product anti-counterfeiting identification information, identity digital certificates and contact information of buyers and sellers from the identification reading module 2C, obtains product digital certificates from the information storage module 2A, and generates the transaction information of this transaction ( Including or partially including information on contacting buyers and sellers, transaction quantity, transaction time, transaction address, etc.) and then sending the above information to the
如图6所示,查询认证模块3包括产品信息数据库3A、查询信息处理模块3B、产品认证模块3C、产品召回模块3D和数据挖掘模块3E。As shown in FIG. 6 , the
产品信息数据库3A用于存放产品基本信息和产品附加信息。The product information database 3A is used to store basic product information and additional product information.
查询信息处理模块3B对查询认证模块3接收和发送的信息进行处理;在防伪查询过程中,查询信息处理模块3B通过网络接收查询终端模块2传递过来的防伪标识信息、买卖双方身份数字证书和联络信息、产品数字证书;根据产品数字证书判断请求查询的卖方或买方是否具有查询服务权限,若有查询服务权限,则从防伪标识信息中获取产品唯一编码,并将产品唯一编码传递给产品认证模块3C进行查询认证;产品认证模块3C完成对产品的认证后,查询信息处理模块3B接收产品认证模块3C传递过来的查询结果信息,将经过防篡改防假冒伪造的防伪查询结果信息发送到查询终端模块2;The query information processing module 3B processes the information received and sent by the
在产品召回过程中,查询信息处理模块3B接收产品召回模块3D传递过来的产品召回信息和产品数字证书,将经过防篡改假冒伪造处理的产品召回信息发送到买方接收终端。During the product recall process, the query information processing module 3B receives the product recall information and product digital certificates delivered by the product recall module 3D, and sends the product recall information that has undergone anti-tampering and counterfeiting processing to the buyer's receiving terminal.
查询信息处理模块3B判断卖方是否具有查询服务权限的具体过程如前所述。The specific process of the query information processing module 3B judging whether the seller has the query service authority is as described above.
产品认证模块3C用于对产品进行认证,认证的步骤如前所述。The product authentication module 3C is used to authenticate the product, and the authentication steps are as described above.
产品召回模块3D用于接受生产商的输入,生成产品召回信息,其步骤如前所述。The product recall module 3D is used to accept the input from the manufacturer and generate product recall information, and its steps are as described above.
数据挖掘模块3E是查询认证模块3的功能扩展模块,用于对产品信息数据库3A中存储的信息进行分析和处理,得到产品的销售状况等处理结果。The data mining module 3E is a function expansion module of the
认证中心4是整个防伪系统的公证和仲裁机构。如图7所示,认证中心4包括用户信息数据库4A、认证信息处理模块4B、产品信誉数据库4C、信息查询模块4D、信息发布模块4E。The
用户信息数据库4A用于存储各实体的相关信息和其身份数字证书。The user information database 4A is used to store the relevant information of each entity and its identity digital certificate.
认证信息处理模块4B用于为各实体产生身份数字证书,对产品数字证书中的同名产品编码、生产商编码和生产商公钥进行签名。The authentication information processing module 4B is used to generate identity digital certificates for each entity, and sign the same-name product code, manufacturer code and manufacturer public key in the product digital certificate.
产品信誉数据库4C用于存储各产品的销售许可列表、黑名单列表、红名单列表,其中销售许可列表记录允许销售的产品信息(包括同名产品编码、生产商名称等);黑名单列表记录有被多次投诉产品信息(包括同名产品编码、生产商名称等);红名单列表记录有长期未被投诉的产品信息(包括同名产品编码、生产商名称等);The product reputation database 4C is used to store the sales permission list, blacklist, and red list list of each product, wherein the sales permission list records the product information (comprising the product code of the same name, the manufacturer's name, etc.) that is allowed to be sold; Multiple complaints about product information (including product codes with the same name, manufacturer’s name, etc.); the red list records product information that has not been complained for a long time (including product codes with the same name, manufacturer’s name, etc.);
信息查询模块4D用于对查询终端模块2发送过来的同名产品编码进行查询,得到查询结果,其步骤如前面的方法中所述。The information inquiry module 4D is used to inquire about the code of the product with the same name sent by the inquiry terminal module 2 to obtain the inquiry result, and its steps are as described in the previous method.
信息发布模块4E用于以网页等形式定期发布(如每周一次)包括黑名单列表和红名单列表的产品信誉信息。The information publishing module 4E is used to regularly publish (for example, once a week) product reputation information including blacklist and redlist in the form of web pages and the like.
实例:Example:
本系统包括用户注册过程、标识产生过程、防伪查询、产品召回四个方面的工作过程。在防伪查询之前,需要先进行各实体的注册过程和防伪标识产生过程作为系统的初始化过程。需要强调的是,由于防伪查询过程中卖方将产品数字证书发送给买方,产品从最初的卖方即生产商售出时开始,产品数字证书也随着产品依次传递给下一级的买方直至产品最终售出,因此在本实例的防伪查询过程中,默认卖方已获得产品数字证书。具体的实施如下:This system includes four working processes: user registration process, logo generation process, anti-counterfeiting query, and product recall. Before the anti-counterfeiting query, it is necessary to carry out the registration process of each entity and the anti-counterfeiting mark generation process as the initialization process of the system. It should be emphasized that since the seller sends the product digital certificate to the buyer during the anti-counterfeiting inquiry process, the product is sold from the initial seller, the manufacturer, and the product digital certificate is also passed on to the next-level buyer along with the product until the product is finally sold. Therefore, in the anti-counterfeiting inquiry process of this example, the default seller has obtained the product digital certificate. The specific implementation is as follows:
(一)系统初始化(1) System initialization
(1)消费者到认证中心4进行注册,具体操作步骤如下:(1) Consumers go to the
(1.1)消费者向认证中心4提交身份信息。该信息包括:姓名、身份证号码、联络信息(如手机号码或电子信箱地址)。认证中心4验证其身份后(如审查消费者的身份证等证明材料),认证信息处理模块4B为其生成身份数字证书,并存储其信息和身份数字证书至用户信息数据库4A。上述身份数字证书的格式符合X.509标准,消费者身份数字证书的扩展项中包括其联络信息。(1.1) The consumer submits identity information to the
(1.2)认证中心4将消费者身份数字证书写入一张RFID卡中并将此卡发给消费者。(1.2) The
(2)生产商到认证中心4进行注册,具体操作步骤如下:(2) The manufacturer registers with the
(2.1)生产商向认证中心4提交相关信息。该信息包括:生产商名称、生产商法人代码、产品品名。认证中心4验证其身份后(如审查相关证明文件等)为其生成身份数字证书,并存储其信息和身份数字证书至用户信息数据库4A。上述身份数字证书的格式符合X.509标准。(2.1) The manufacturer submits relevant information to the
(2.2)认证中心4将生产商身份数字证书和其联络信息写入一张RFID卡中并将此卡发给生产商。将与其身份数字证书对应的私钥存储在软盘或光盘或USB移动存储器等存储介质中发放给生产商。(2.2) The
(2.3)认证中心4对同名产品编码、该产品生产商编码、生产商公钥进行数字签名,将上述同名产品编码、该产品生产商编码、生产商公钥和数字签名一起存储在软盘、光盘或USB存储器等存储介质中发放给生产商。(2.3) The
(3)销售商到认证中心4进行注册,具体操作步骤如下:(3) The seller registers at the
(3.1)销售商向认证中心4提交相关信息。该信息包括:销售商名称、销售商法人代码、联络信息(如手机号码或电子信箱地址)。认证中心4验证其身份后(如审查相关证明文件等)为其生成身份数字证书,并存储其信息和身份数字证书至用户信息数据库4A。上述身份数字证书的格式符合X.509标准。(3.1) The seller submits relevant information to the
(3.2)认证中心4将销售商身份数字证书和其联络信息写入一张RFID卡中并将此卡发给销售商,将与其身份数字证书对应的私钥存储在软盘或光盘或USB移动存储器等存储介质中发放给销售商。(3.2)
(4)生产商生成产品防伪标识,该防伪标识包括如下信息:同名产品编码、生产商编码、产品批号、产品序列号连接而构成的产品唯一编码、产品基本信息、防伪信息。以RFID为例,防伪标识产生的具体步骤如下:(4) The manufacturer generates a product anti-counterfeit mark, which includes the following information: product code of the same name, manufacturer code, product batch number, product serial number, product basic information, and anti-counterfeit information. Taking RFID as an example, the specific steps of anti-counterfeiting identification are as follows:
(4.1)将同名产品编码、生产商编码、产品批号和产品序列号共同构成的产品唯一编码和产品基本信息进行处理得到防伪信息,处理过程为使用密钥Ks为上述产品唯一编码和产品基本信息生成校验数据块,该校验数据块即为防伪信息。本事例中,加密算法采用本申请人的名称为“一种用于信息安全的加/解密系统”(ZL00131287.1,2000.12.20)中所公开的混沌变码本加密技术。(4.1) Process the product unique code and product basic information composed of the same name product code, manufacturer code, product batch number and product serial number to obtain anti-counterfeiting information. The processing process is to use the key Ks for the above product unique code and product basic information A verification data block is generated, and the verification data block is anti-counterfeiting information. In this case, the encryption algorithm adopts the chaotic variable codebook encryption technology disclosed in the applicant's title "An Encryption/Decryption System for Information Security" (ZL00131287.1, 2000.12.20).
(4.2)将产品唯一编码、产品基本信息和防伪信息写入RFID标识即形成了防伪标识。其中产品基本信息包括产品型号、产品生产日期、产品有效期等。(4.2) Write the unique code of the product, basic product information and anti-counterfeiting information into the RFID label to form an anti-counterfeiting label. The basic product information includes product model, product production date, and product expiration date.
(4.3)将生成的防伪标识贴在产品或其包装上,成为每个产品的唯一防伪标识。(4.3) Paste the generated anti-counterfeiting mark on the product or its packaging to become the unique anti-counterfeiting mark of each product.
(5)生产商生成产品数字证书,具体步骤如下:(5) The manufacturer generates a product digital certificate, the specific steps are as follows:
(5.1)生产商的使用其签名私钥对产品批号、产品数字证书的到期时间进行签名,认证中心对同名产品编码和生产商编码进行数字签名,将同名产品编码、生产商编码、产品批号、产品数字证书的到期时间、认证中心数字签名块SgnData1、生产商数字签名SgnData2一起作为产品数字证书product_cert。(5.1) The manufacturer uses its signature private key to sign the product batch number and the expiration time of the product digital certificate. The certification center digitally signs the product code with the same name and the manufacturer code, and the product code with the same name, the manufacturer , the expiration time of the product digital certificate, the digital signature block SgnData1 of the certification center, and the manufacturer's digital signature SgnData2 together serve as the product digital certificate product_cert.
(5.2)生产商将产品数字证书存入产品信息数据库3A。(5.2) The manufacturer stores the product digital certificate in the product information database 3A.
(二)防伪查询过程(2) Anti-counterfeiting query process
(6)查询终端模块2提交查询请求信息,具体操作步骤如下:(6) Query terminal module 2 submits query request information, and the specific operation steps are as follows:
(6.1)标识读取模块2C读取商品的防伪标识,对标识上的信息进行解码,获得产品唯一编码、产品基本信息和防伪信息。(6.1) The identification reading module 2C reads the anti-counterfeit identification of the product, decodes the information on the identification, and obtains the unique product code, basic product information and anti-counterfeiting information.
(6.2)标识读取模块2C读取买方的RFID标识,获取买方身份数字证书并验证(即验证认证中心的签名)。(6.2) The identification reading module 2C reads the buyer's RFID identification, obtains the buyer's identity digital certificate and verifies it (that is, verifies the signature of the certification center).
(6.3)交易信息处理模块2B生成本次交易的交易信息,包括交易流水号、买卖双方的身份、买卖双方的联络信息、交易数量、交易时间、交易地址等。(6.3) The transaction information processing module 2B generates the transaction information of this transaction, including the transaction serial number, the identity of the buyer and the seller, the contact information of the buyer and the seller, the transaction quantity, transaction time, transaction address, etc.
(6.4)交易信息处理模块2B使用卖方的签名私钥KRS_Seller对交易信息、标识上的信息和产品数字证书进行数字签名,其中数字摘要采用MD5算法,使用RSA算法加密。然后将标识上的信息、交易信息、产品数字证书、数字签名SgnData4、卖方的身份数字证书CA<<Seller_S>>发送到查询认证模块3。使用卖方的签名私钥KRS_Seller对同名产品编码和交易流水号进行数字签名,其中数字摘要采用MD5算法,使用RSA算法加密。然后将同名产品编码、交易流水号、数字签名SgnDaTa5、卖方的身份数字证书CA<<Seller_S>>发送到认证中心4。(6.4) The transaction information processing module 2B uses the seller's signature private key KRS_Seller to digitally sign the transaction information, the information on the logo and the product digital certificate, where the digital digest adopts the MD5 algorithm and uses the RSA algorithm to encrypt. Then send the information on the identification, the transaction information, the product digital certificate, the digital signature SgnData4, and the seller's identity digital certificate CA <<Seller_S>> to the
(7)查询认证模块3进行防伪查询,具体操作如下:(7)
(7.1)查询信息处理模块3B接收查询终端模块2发送过来的信息,通过卖方数字签名SgnData4和其身份数字证书CA<<Seller_S>>验证其身份,通过产品数字证书的签名块SgnData1和SgnData2验证其合法性,判断查询权限,通过标识信息中的产品唯一编码提取同名产品编码、生产商编码和产品批号,若同名产品编码、生产商编码和产品批号均分别与产品数字证书中的同名产品编码、生产商编码和产品批号相同,则合法。将产品唯一编码、交易信息传递给产品认证模块3C。(7.1) The query information processing module 3B receives the information sent by the query terminal module 2, verifies its identity through the seller's digital signature SgnData4 and its identity digital certificate CA<<Seller_S>>, and verifies its identity through the signature blocks SgnData1 and SgnData2 of the product digital certificate Legality, to determine the query authority, extract the product code, manufacturer code and product batch number of the same name through the unique product code in the identification information, if the product code, manufacturer code and product batch number of the same name are respectively the same as the product code of the same name in the product digital certificate, If the manufacturer's code and the product batch number are the same, it is legal. Pass the product unique code and transaction information to the product authentication module 3C.
(7.2)进入产品认证模块3C后,以产品唯一编码作为查询的关键字,在产品信息数据库3A中进行查询,若该产品唯一编码存在,则进入步骤(7.3);若该产品唯一编码不存在,则返回结果“该产品是假货”并跳转至步骤(7.5);(7.2) After entering the product authentication module 3C, use the unique code of the product as the key word of the query, inquire in the product information database 3A, if the unique code of the product exists, then enter step (7.3); if the unique code of the product does not exist , then return the result "the product is a fake" and jump to step (7.5);
(7.3)从交易信息中提取买卖双方的身份信息,将本次交易的卖方身份信息与产品追溯记录项中上次交易的买方身份信息进行比较,若相同,则进入步骤(7.4),否则返回结果“该产品为假货”并跳转至步骤(7.6);(7.3) Extract the identity information of the buyer and the seller from the transaction information, compare the identity information of the seller in this transaction with the identity information of the buyer in the previous transaction in the product traceability record, if they are the same, go to step (7.4), otherwise return The result is "the product is fake" and jump to step (7.6);
(7.4)验证防伪信息,将查询信息处理模块3B传递过来的防伪信息进行解密,若解密后得到的数据与产品唯一编码和产品基本信息相同,则返回“该产品为真品”;若产品防伪信息解密后与产品唯一编码不同,则返回结果“该产品是假货”。若查询结果为“该产品为真品”则进入步骤(7.5),否则跳至步骤(7.6)。(7.4) Verify the anti-counterfeiting information, decrypt the anti-counterfeiting information delivered by the query information processing module 3B, if the data obtained after decryption is the same as the product unique code and product basic information, then return "this product is genuine"; if the product anti-counterfeiting information If it is different from the unique code of the product after decryption, the result "this product is a fake" will be returned. If the query result is "the product is authentic", then enter step (7.5), otherwise skip to step (7.6).
(7.5)根据产品信息数据库3A中的产品生产日期、产品有效期和当前日期,判断该产品是否过期。若过期则返回“产品过期”,未过期则不返回结果。(7.5) According to the product production date, product validity period and current date in the product information database 3A, it is judged whether the product is expired. If it is expired, it will return "product expired", and if it is not expired, it will not return the result.
(7.6)生成查询结果信息,查询结果信息包括本次产品的查询时间、卖方身份信息、买方身份信息、生产商信息(包括生产商名称)、产品信息(包括产品品牌、产品型号等)、从步骤7.2至步骤7.5产生的各项返回结果。将查询结果信息传送给查询信息处理模块3B。(7.6) Generate query result information, which includes the query time of this product, seller identity information, buyer identity information, manufacturer information (including manufacturer name), product information (including product brand, product model, etc.), from Each return result generated from step 7.2 to step 7.5. The query result information is sent to the query information processing module 3B.
(7.7)将全部或部分交易信息传至产品信息数据库3A的产品追溯记录项,这些信息包括买卖双方的身份信息、联络信息,交易数量,交易时间、交易地址等。(7.7) Send all or part of the transaction information to the product traceability record item of the product information database 3A, such information includes the identity information, contact information, transaction quantity, transaction time, transaction address, etc. of both buyers and sellers.
(8)查询认证模块3发送查询结果,查询信息处理模块3B使用生产商的私钥KR_Manuf对交易流水号、查询结果信息,并将交易流水号、查询结果信息、数字签名SgnData6发送到查询终端模块2。(8)
(9)认证中心4对产品进行查询,具体操作如下:(9) The
(9.1)认证信息处理模块4B接收查询终端模块2发送过来的信息,通过卖方数字签名SgnData5和其身份数字证书CA<<Seller_S>>验证其身份,将同名产品编码发送到信息查询模块4D。(9.1) The authentication information processing module 4B receives the information sent by the query terminal module 2, verifies its identity through the seller's digital signature SgnData5 and its identity digital certificate CA<<Seller_S>>, and sends the product code with the same name to the information query module 4D.
(9.2)信息查询模块4D以同名产品编码为关键字查询产品信誉数据库中4C中的许可列表,若该同名产品编码存在,则进入步骤9.3;若该同名产品编码不存在,则返回结果“该产品不允许销售”并结束查询过程;(9.2) The information query module 4D uses the product code of the same name as the key word to inquire about the permission list in 4C in the product reputation database, if the product code of the same name exists, then enter step 9.3; if the product code of the same name does not exist, then return the result "the The product is not allowed to be sold" and end the inquiry process;
(9.3)在产品信誉数据库4C中的黑名单列表中,查询该同名产品编码,若该产品在黑名单列表中,则返回结果“该产品可能是劣质品”并结束查询过程;(9.3) In the blacklist list in the product reputation database 4C, query the product code of the same name, if the product is in the blacklist list, then return the result "this product may be inferior product" and end the query process;
(9.4)信息查询模块4D将返回结果发送到认证信息处理模块4B。(9.4) The information inquiry module 4D sends the returned result to the authentication information processing module 4B.
(10)认证中心4发送查询结果,认证信息处理模块4B使用其私钥对交易流水号、查询结果信息进行签名,并将交易流水号、查询结果信息、数字签名SgnData7发送到查询终端模块2。(10) The
(11)查询终端模块2接收查询认证模块3、认证中心4发送过来的信息,查询信息处理模块2B判断其发送过来的交易流水号是否与步骤6.4中查询终端模块2发送的交易流水号相同,若相同则说明返回的是本次交易的查询结果。查询信息处理模块2B对交易流水号、查询认证模块3和认证中心4发送过来的信息、产品数字证书进行数字签名,并将上述信息和数字签名SgnData8一起发送到买方接收终端。该买方接收终端可以是手机、电脑、移动电脑、PDA等设备。买方接收终端可以通过有线网络、无线网络、蓝牙、红外等方式与查询终端模块2进行通信。(11) Inquiry terminal module 2 receives the information that
(12)买方接收终端接收查询认证模块3发送过来的信息。使用认证中心公钥验证产品数字证书的真实性,并从其中提取出生产商公钥,使用生产商公钥KU_Manuf验证数字签名SgnData6,即验证防伪查询结果信息的完整性和真实性。使用认证中心公钥验证数字签名SgnData7,即验证认证中心4发送的查询结果信息的完整性和真实性。保存数字签名SgnData8作为卖方发送信息的证据。(12) The buyer's receiving terminal receives the information sent by the
(三)产品召回过程(3) Product recall process
产品召回过程发生在某一批产品因为质量问题等原因需要召回时进行。其步骤如下:The product recall process occurs when a certain batch of products needs to be recalled due to quality problems and other reasons. The steps are as follows:
(13)生产商确定待召回的产品批号并将其输入产品召回模块3D;(13) The manufacturer determines the batch number of the product to be recalled and enters it into the product recall module 3D;
(14)产品召回模块3D以产品批号为关键字查询产品信息数据库3A,从产品追溯记录中获取产品买方的联络信息,并获取该批产品的产品数字证书,产生产品召回信息,将上述信息发送到查询信息处理模块3B。其中产品召回信息包括产品名称、召回原因等。(14) The product recall module 3D queries the product information database 3A with the product batch number as the keyword, obtains the contact information of the product buyer from the product traceability record, and obtains the product digital certificate of the batch of products, generates product recall information, and sends the above information Go to query information processing module 3B. The product recall information includes product name, recall reason, etc.
(15)查询信息处理模块3B使用生产商私钥KR_Manuf对产品召回信息、时间戳TS进行签名,将产品召回信息、时间戳TS、数字签名SgnData9、产品数字证书一起发送到买方接收终端。(15) The query information processing module 3B uses the manufacturer's private key KR_Manuf to sign the product recall information and time stamp TS, and sends the product recall information, time stamp TS, digital signature SgnData9, and product digital certificate to the buyer's receiving terminal.
(16)买方接收终端接收生产商发送过来的信息,使用认证中心的公钥验证产品数字证书的真实性,并从中获取生产商公钥KU_Manuf,使用生产商公钥验证数字签名SgnData9,即对产品召回信息的完整性和真实性进行验证。(16) The buyer's receiving terminal receives the information sent by the manufacturer, uses the public key of the certification center to verify the authenticity of the product digital certificate, and obtains the manufacturer's public key KU_Manuf from it, uses the manufacturer's public key to verify the digital signature SgnData9, that is, the product The completeness and authenticity of the recall information is verified.
(17)结束(17) end
整个防伪系统的工作流程如图8所示。The workflow of the entire anti-counterfeiting system is shown in Figure 8.
Claims (10)
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2007100513638ACN101009014A (en) | 2007-01-24 | 2007-01-24 | Secure anti-counterfeiting method and system thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2007100513638ACN101009014A (en) | 2007-01-24 | 2007-01-24 | Secure anti-counterfeiting method and system thereof |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101009014Atrue CN101009014A (en) | 2007-08-01 |
Family
ID=38697424
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNA2007100513638APendingCN101009014A (en) | 2007-01-24 | 2007-01-24 | Secure anti-counterfeiting method and system thereof |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101009014A (en) |
Cited By (27)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101751547A (en)* | 2008-12-17 | 2010-06-23 | Sap股份公司 | Duplication detection for non-cryptographic rfid tags using encrypted traceability information |
| CN102129589A (en)* | 2011-02-10 | 2011-07-20 | 谢仁康 | Asymmetric encryption two-dimension code anti-counterfeiting method |
| CN101707524B (en)* | 2009-01-09 | 2012-01-18 | 北京大学 | Method for encrypting public key broadcasts with hierarchical relationship |
| CN102405616A (en)* | 2009-03-20 | 2012-04-04 | 桑迪士克科技股份有限公司 | Methods for producing products which contain certificates and keys |
| CN102571634A (en)* | 2012-01-18 | 2012-07-11 | 孙明昭 | System for realizing information interaction of network platform by utilizing identifier |
| CN102609846A (en)* | 2011-03-18 | 2012-07-25 | 诺美网讯应用技术有限公司 | Anti-false verification method and system based on communication network |
| CN102819801A (en)* | 2012-07-10 | 2012-12-12 | 上海欣方智能系统有限公司 | Fake-verifying system and method for anti-fake device |
| CN102867262A (en)* | 2012-09-27 | 2013-01-09 | 无锡市陶都巨龙软件有限责任公司 | Dark-red enameled pottery anti-counterfeiting source tracing system and method based on internet of things |
| CN103520905A (en)* | 2013-10-30 | 2014-01-22 | 江苏唐邦机电有限公司 | Special poker card of poker machine and anti-counterfeiting method for special poker card |
| CN103559434A (en)* | 2013-09-22 | 2014-02-05 | 四川大学 | Generation method for electronic attached sheets in circulation domain |
| CN104091264A (en)* | 2014-06-06 | 2014-10-08 | 上海优尼客物联网有限公司 | Purple clay teapot identity information query system and purple clay teapot identity information query method based on raw ore particle distribution |
| CN104392354A (en)* | 2014-11-05 | 2015-03-04 | 中国科学院合肥物质科学研究院 | Association and retrieval method and system used for public key addresses and user accounts of crypto-currency |
| CN104680388A (en)* | 2015-03-04 | 2015-06-03 | 王明贵 | Anti-counterfeit identification authenticating method for product based on SIM card information management system |
| CN104836671A (en)* | 2015-05-15 | 2015-08-12 | 安一恒通(北京)科技有限公司 | Inspection method and inspection device for adding digital certificate |
| CN105184592A (en)* | 2015-10-13 | 2015-12-23 | 北京兆信信息技术股份有限公司 | Anti-counterfeiting method, and verification platform and system |
| CN105787643A (en)* | 2016-02-16 | 2016-07-20 | 丽水市睿鼎知识产权咨询有限公司 | Patent product trading platform |
| CN106372950A (en)* | 2016-09-21 | 2017-02-01 | 东北大学秦皇岛分校 | Anti-counterfeiting authentication method for e-commerce and online shopping goods |
| CN107239813A (en)* | 2017-07-18 | 2017-10-10 | 北京众有科技有限公司 | The method and device being authenticated to information medium |
| CN107578239A (en)* | 2017-08-30 | 2018-01-12 | 严东军 | Transaction credit information tracing method and system based on digital responsibility |
| CN107749794A (en)* | 2017-10-31 | 2018-03-02 | 济南浪潮高新科技投资发展有限公司 | A kind of vehicle antifalse inquiry system and method |
| CN108027928A (en)* | 2015-09-17 | 2018-05-11 | 梁葰咏 | On-line authentication mark public address system |
| CN108197953A (en)* | 2017-12-28 | 2018-06-22 | 王道顺 | To anti-fake product monitoring method and device |
| CN108229636A (en)* | 2018-01-17 | 2018-06-29 | 北京众有科技有限公司 | The verification method and system of a kind of object properties |
| CN108492208A (en)* | 2018-03-25 | 2018-09-04 | 四川深蓝果实科技有限公司 | A kind of antifalsification label production method |
| CN110288070A (en)* | 2019-07-04 | 2019-09-27 | 成都曙光光纤网络有限责任公司 | Anti-counterfeiting labels and product management systems applied to products |
| CN110290511A (en)* | 2019-06-25 | 2019-09-27 | 安徽华哲标签科技有限公司 | The method and device of RFID label tag encryption |
| CN119180018A (en)* | 2024-11-26 | 2024-12-24 | 中国信息通信研究院 | Identification verification method, identification verification device, electronic device, storage medium and program product |
- 2007
- 2007-01-24CNCNA2007100513638Apatent/CN101009014A/enactivePending
Cited By (33)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101751547B (en)* | 2008-12-17 | 2015-05-13 | Sap欧洲公司 | Duplication detection for non-cryptographic RFID tags using encrypted traceability information |
| CN101751547A (en)* | 2008-12-17 | 2010-06-23 | Sap股份公司 | Duplication detection for non-cryptographic rfid tags using encrypted traceability information |
| CN101707524B (en)* | 2009-01-09 | 2012-01-18 | 北京大学 | Method for encrypting public key broadcasts with hierarchical relationship |
| CN102405616A (en)* | 2009-03-20 | 2012-04-04 | 桑迪士克科技股份有限公司 | Methods for producing products which contain certificates and keys |
| CN102129589A (en)* | 2011-02-10 | 2011-07-20 | 谢仁康 | Asymmetric encryption two-dimension code anti-counterfeiting method |
| CN102609846B (en)* | 2011-03-18 | 2014-02-05 | 诺美网讯应用技术有限公司 | Anti-false verification method and system based on communication network |
| CN102609846A (en)* | 2011-03-18 | 2012-07-25 | 诺美网讯应用技术有限公司 | Anti-false verification method and system based on communication network |
| CN102571634A (en)* | 2012-01-18 | 2012-07-11 | 孙明昭 | System for realizing information interaction of network platform by utilizing identifier |
| CN102819801A (en)* | 2012-07-10 | 2012-12-12 | 上海欣方智能系统有限公司 | Fake-verifying system and method for anti-fake device |
| CN102819801B (en)* | 2012-07-10 | 2016-05-11 | 上海欣方智能系统有限公司 | A kind of antiforge system of testing for anti counterfeit appts |
| CN102867262A (en)* | 2012-09-27 | 2013-01-09 | 无锡市陶都巨龙软件有限责任公司 | Dark-red enameled pottery anti-counterfeiting source tracing system and method based on internet of things |
| CN103559434A (en)* | 2013-09-22 | 2014-02-05 | 四川大学 | Generation method for electronic attached sheets in circulation domain |
| CN103520905A (en)* | 2013-10-30 | 2014-01-22 | 江苏唐邦机电有限公司 | Special poker card of poker machine and anti-counterfeiting method for special poker card |
| CN104091264B (en)* | 2014-06-06 | 2018-01-16 | 上海优尼客物联网有限公司 | Dark-red enameled pottery identity information inquiry system and its method based on raw ore distribution of particles |
| CN104091264A (en)* | 2014-06-06 | 2014-10-08 | 上海优尼客物联网有限公司 | Purple clay teapot identity information query system and purple clay teapot identity information query method based on raw ore particle distribution |
| CN104392354A (en)* | 2014-11-05 | 2015-03-04 | 中国科学院合肥物质科学研究院 | Association and retrieval method and system used for public key addresses and user accounts of crypto-currency |
| CN104392354B (en)* | 2014-11-05 | 2017-10-03 | 中国科学院合肥物质科学研究院 | A kind of public key address is associated and search method and its system with user account |
| CN104680388A (en)* | 2015-03-04 | 2015-06-03 | 王明贵 | Anti-counterfeit identification authenticating method for product based on SIM card information management system |
| CN104836671A (en)* | 2015-05-15 | 2015-08-12 | 安一恒通(北京)科技有限公司 | Inspection method and inspection device for adding digital certificate |
| CN108027928A (en)* | 2015-09-17 | 2018-05-11 | 梁葰咏 | On-line authentication mark public address system |
| CN105184592A (en)* | 2015-10-13 | 2015-12-23 | 北京兆信信息技术股份有限公司 | Anti-counterfeiting method, and verification platform and system |
| CN105787643A (en)* | 2016-02-16 | 2016-07-20 | 丽水市睿鼎知识产权咨询有限公司 | Patent product trading platform |
| CN106372950A (en)* | 2016-09-21 | 2017-02-01 | 东北大学秦皇岛分校 | Anti-counterfeiting authentication method for e-commerce and online shopping goods |
| CN106372950B (en)* | 2016-09-21 | 2020-12-15 | 东北大学秦皇岛分校 | Anti-counterfeiting authentication method for e-commerce and online shopping products |
| CN107239813A (en)* | 2017-07-18 | 2017-10-10 | 北京众有科技有限公司 | The method and device being authenticated to information medium |
| CN107578239A (en)* | 2017-08-30 | 2018-01-12 | 严东军 | Transaction credit information tracing method and system based on digital responsibility |
| CN107749794A (en)* | 2017-10-31 | 2018-03-02 | 济南浪潮高新科技投资发展有限公司 | A kind of vehicle antifalse inquiry system and method |
| CN108197953A (en)* | 2017-12-28 | 2018-06-22 | 王道顺 | To anti-fake product monitoring method and device |
| CN108229636A (en)* | 2018-01-17 | 2018-06-29 | 北京众有科技有限公司 | The verification method and system of a kind of object properties |
| CN108492208A (en)* | 2018-03-25 | 2018-09-04 | 四川深蓝果实科技有限公司 | A kind of antifalsification label production method |
| CN110290511A (en)* | 2019-06-25 | 2019-09-27 | 安徽华哲标签科技有限公司 | The method and device of RFID label tag encryption |
| CN110288070A (en)* | 2019-07-04 | 2019-09-27 | 成都曙光光纤网络有限责任公司 | Anti-counterfeiting labels and product management systems applied to products |
| CN119180018A (en)* | 2024-11-26 | 2024-12-24 | 中国信息通信研究院 | Identification verification method, identification verification device, electronic device, storage medium and program product |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101009014A (en) | Secure anti-counterfeiting method and system thereof | |
| CN100576942C (en) | A mobile anti-counterfeiting method and system based on mobile phone | |
| RU2018105186A (en) | VERIFICATION OF PORTABLE CONSUMER DEVICES | |
| CN105378774A (en) | Secure transaction system and method | |
| CN108885760A (en) | Tamper verification system and method for blockchain-based financial institution certificates | |
| CN102855577B (en) | Multiple commodity antifake check method based on cloud computing | |
| JP2004519874A (en) | Trusted Authentication Digital Signature (TADS) System | |
| CN104376252B (en) | Content Verification Method Based on Digital Signature Code | |
| CN114862411A (en) | An identity authentication method, network device, and terminal storage device based on a non-homogeneous token | |
| CN107146120A (en) | Method and device for generating electronic invoice | |
| CN107633452A (en) | System and method for granting virtual currency based on entity assets | |
| KR20130129478A (en) | Method for securely drawing up a virtual multiparty contract capable of being physically represented | |
| WO2013075547A1 (en) | Product anti-forgery method and system, and product identity information generation method and device | |
| CN113515781B (en) | Electronic insurance letter verification method and device | |
| CN101046899B (en) | Electronic ticket system and method based on public key basic infrastructure | |
| KR20070020680A (en) | Product certification method and device | |
| TW202503670A (en) | Appraisal certificate system | |
| CN106559433B (en) | Method and system for fixing electronic evidence and user identity by using digital certificate | |
| JP4800825B2 (en) | Encryption communication method | |
| TW201820209A (en) | Anti-counterfeiting writing system and method for card application service based on multi-card | |
| JP2009031849A (en) | Electronic application certificate issuance system, electronic application reception system, and methods and programs thereof | |
| CN114565393A (en) | A product traceability authentication method and system for the whole industry chain based on blockchain technology | |
| JP7367270B1 (en) | Appraisal certification system and appraisal certification method | |
| KR101876671B1 (en) | Digital signature method by communicating server-to-server and system performing the same | |
| CN113950681A (en) | Cryptographic signing of data items |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication | Open date:20070801 |