Summary of the invention
Technical matters to be solved by this invention is to provide a kind of guard method of radio-frequency recognition system, to provide the function of the card recognition outside key authentication.
The present invention is that to solve the problems of the technologies described above the technical scheme adopted be the guard method proposing a kind of radio-frequency recognition system, this radio-frequency recognition system comprises card reader and card, the method comprises: this card reader reads one first data and one second data respectively from this card, and wherein these first data and these second data are arranged in the read-only memory block of this card; In this card reader, verify and whether meet a pre-defined algorithm between these first data and this second data, if so, judging that this card is legal card, if not, then judge that this card is illegal card.
According to one embodiment of the invention, verify that the step whether meeting a pre-defined algorithm between these first data and this second data comprises: calculate one the 3rd data by these first data according to this pre-defined algorithm, and verify that whether the 3rd data are identical with these second data.
According to one embodiment of the invention, these the first data comprise the identification code of this card, and these second data are the request-reply data of this card or select reply data.
According to one embodiment of the invention, these first data comprise the identification code of this card and the request-reply data of this card, and these second data are the selection reply data of this card.
According to one embodiment of the invention, these request-reply data are random number.
According to one embodiment of the invention, these first data comprise the identification code of this card and the selection reply data of this card, and these second data are the request-reply data of this card.
According to one embodiment of the invention, this selection reply data is random number.
According to one embodiment of the invention, this card is Mifare card.
The guard method of radio-frequency recognition system of the present invention, owing to adopting above technical scheme, makes it compared with prior art, and whether card reader can first identification card be just legal card not carrying out cipher key operation, eliminates the risk that password is stolen.
Embodiment
In order to strengthen the security of radio-frequency recognition system, fraudulent copying after system business needs to prevent the card of other non-native systems to be cracked also consumes use.For this reason, according to embodiments of the invention, first identified between the card reader of system and card before card authenticate key.Specifically, card reader first judges that card is the card of native system, and then carries out key authentication with card.Start the mutual initial stage at card and card reader, can there are some data interactions, the data utilizing these mutual are carried out the certification of card by embodiments of the invention.
Fig. 1 illustrates the guard method of radio-frequency recognition system according to an embodiment of the invention.With reference to shown in Fig. 1, method is as follows:
In step 101, card reader can read the first data and the second data respectively from card.First data and the second data are arranged in the read-only memory block of card, thus can not be revised by by writing mode.
The kind of the present embodiment to the first data and the second data is not particularly limited to.For example, card reader and card can obtain the identification code of card at the mutual initial stage from card.According to the actual requirements, the length of this identification code may have several bit to several byte, is therefore suitable as the first data or the second data.For another example, card reader may send request command to card, and card can be used as the first data or the second data to the request-reply data that request command returns.And for example, card reader may send select command to card, and card can be used as the first data or the second data to the selection reply data that select command returns.
When designing the first data and second data of card, make the relation character unification pre-defined algorithm between them.Such as, the second data can be calculated according to a pre-defined algorithm by the first data, and vice versa.Therefore whether the first data and the second data meet pre-defined algorithm, are the foundations judging that whether card is legal.
Like this in step 102, can verify in card reader and whether meet a pre-defined algorithm between the first data and the second data, if so, then judge that this card is legal card in step 103, if not, then judge that this card is illegal card in step 104.
Like this, card reader does not carry out the card that cipher key operation just can know whether native system, eliminates the risk that password is stolen.
Verify that the step whether meeting a pre-defined algorithm between the first data and the second data comprises: calculate one the 3rd data by the first data according to pre-defined algorithm, and verify that whether the 3rd data are identical with the second data.Be appreciated that and calculate one the 4th data by the second data according to pre-defined algorithm, and verify that whether the 4th data and the first data are identical and also can implement.
As previously mentioned, the first data can comprise the identification code of this card, and the second data can be the request-reply data of this card or select reply data.Therefore, whether common way is checking request-reply data or selects reply data can be calculated according to pre-defined algorithm by identification code.At this, consider the uniqueness of identification code, do not select oppositely from request-reply data or select reply data to calculate identification code.
In addition, the first data can comprise identification code and the request-reply data of card simultaneously, and the second data are the selection reply data of card.Like this, selection reply data can be calculated by identification code and request-reply data according to pre-defined algorithm.
Or the first data can comprise the identification code of card and select reply data, and the second data are the request-reply data of card simultaneously.Like this, and reply data can be selected to calculate request-reply data according to pre-defined algorithm by identification code.
Cracking difficulty to improve, when request-reply data or when selecting reply data to participate in calculating, can random number be set to.
For Mifare card, a concrete exemplifying embodiment of the present invention is described below.
Mifare card always has the storage space of 1K byte (byte), and be divided into 16 sectors (sector), there are 4 blocks (block) each sector, and each block has 16 bytes.Wherein first character joint, namely byte 0 is read-only can not writing.The content (16 byte) of byte 0 is divided into following several part:
UID0 ~ UID3:UID has 4 bytes, is the numbering of often opening card, is uniquely unduplicated.
BCC:1 byte is the exclusive or check value of UID4 byte above.
SAK:1 byte is the rreturn value for selecting (select) to order.
ATQA:2 byte is the rreturn value of ordering for request (Request).
Manufacturecode:8 byte, deposits the code of each manufacturer.
The storage space structure of Mifare card is as shown in table 1 below:
Table 1
In the workflow of Mifare card, after card starts from POR, can through following several step:
Step 1: instruction that card reader sends request (Request), ATQA responded by card.
Step 2: card reader sends anti-collision (Anticollision) order, and UID0 ~ UID3 responded by card, and BCC.
Step 3: card reader sends selects (Select) order, and SAK responded by card.
Step 4: the key that card reader sends certification instruction and card inside matches.
Step 5: can carry out value added to card after card reader authentication success, depreciation, the operations such as reading.
Because the password of present Mifare is cracked, so for system development business, wish that card reader just knew that before carrying out key authentication this card is legal card at present, if just carry out next step operation, if not just refusing transaction.
According to embodiments of the invention, the ATQA that 3 steps before doing key authentication obtain respectively by card reader and card, UID, SAK, three groups of data are associated by a kind of algorithm, such as:
SAK=(UID0+UID1+UID2+UID3)^ATQA_H^ATQA_L
(note: ATQA_H and ATQA_L is respectively high byte and the low byte of ATQA)
That is, SAK can be calculated by pre-defined algorithm by UID and ATQA.Meanwhile, in the program of this incidence relation write card reader.After card reader obtains these several groups of data, calculate SAK by corresponding algorithm, then and compare from the SAK that card is read, just can know that whether card legal.
In the present embodiment, the data due to Block0 are read-only can not writing, and eliminate the risk that card is replicated.Preferably, can generating random number ATQA be passed through, so both can ensure that the uniqueness of UID turn increased the difficulty of algorithm.
Although the present invention describes with reference to current specific embodiment, but those of ordinary skill in the art will be appreciated that, above embodiment is only used to the present invention is described, change or the replacement of various equivalence also can be made when not departing from spirit of the present invention, therefore, as long as all will drop in the scope of claims of the application the change of above-described embodiment, modification in spirit of the present invention.