RFID-based multi-terminal data interaction management system

By employing a terminal awareness module, a dynamic protocol negotiation module, a semantic mapping module, and an adaptive security strategy module, the adaptive interaction and dynamic security issues of heterogeneous protocols across multiple terminals are resolved, achieving efficient and secure data transmission and link quality optimization.

CN122395567APending Publication Date: 2026-07-14GUANGDONG SHOUYUN INFORMATION TECH CO LTD

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
GUANGDONG SHOUYUN INFORMATION TECH CO LTD
Filing Date
2026-04-27
Publication Date
2026-07-14

AI Technical Summary

Technical Problem

Existing technical solutions suffer from problems such as high data interaction latency due to centralized architecture, single point of failure risk, lack of adaptive capability of static protocol mapping table, inability to dynamically adapt fixed security policies, and insufficient monitoring of link quality between terminals. These make it difficult to achieve adaptive interaction of heterogeneous protocols among multiple terminals, dynamic security policy negotiation, and self-optimization of link quality.

Method used

The terminal sensing module collects and broadcasts the communication protocol type identifier and privacy processing identifier of the terminal device, the dynamic protocol negotiation module selects a common communication protocol, the semantic mapping module realizes cross-protocol field mapping, the adaptive security policy module selects an encryption algorithm according to the security level, and transmits data through the TCP/IP protocol, establishing a direct physical link for link quality monitoring and switching.

Benefits of technology

It enables adaptive negotiation of protocols between heterogeneous terminals, ensuring the real-time performance and security of data interaction, dynamically adapting security policies, optimizing link quality, and meeting the requirements for high reliability and high efficiency data transmission.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN122395567A_ABST
    Figure CN122395567A_ABST
Patent Text Reader

Abstract

The application discloses a multi-terminal data interaction management system based on RFID and relates to the technical field of Internet of Things communication, comprising: a terminal sensing module which collects and broadcasts protocol type identification, concurrent processing quantity and privacy processing identification; a dynamic protocol negotiation module which determines a common communication protocol according to a response time threshold value and a security level; a semantic mapping module which realizes data frame conversion based on a cross-protocol field mapping table; a terminal cooperative management module which establishes a Bluetooth or Wi-Fi direct physical link and monitors link quality; and an adaptive security strategy module which dynamically selects an SM2 or SM4 encryption algorithm according to the security level. The application realizes heterogeneous protocol adaptive negotiation, semantic-level data mapping and dynamic security strategy adaptation, and is suitable for smart retail, financial payment and logistics inventory scenarios.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This invention relates to the field of Internet of Things (IoT) communication technology, specifically to a multi-terminal data interaction management system based on RFID. Background Technology

[0002] With the rapid development of IoT technology, RFID (Radio Frequency Identification) technology has been widely applied in smart retail, smart logistics, access control, financial payment and other scenarios, realizing the interconnection and interoperability of various types of devices such as smart card readers, POS terminals, RFID readers, keypads and security authentication terminals. In these application scenarios, RFID terminal devices from different manufacturers often use heterogeneous communication protocols (such as ISO 14443, ISO 15693 and EPC Gen2, etc.), and have different requirements for data security, real-time transmission and link reliability. Currently, mainstream multi-terminal data interaction solutions primarily employ a centralized middleware architecture. This involves deploying a unified protocol conversion gateway or cloud management platform to achieve data forwarding and format conversion between terminals using different protocols. Specifically, existing systems typically use a star topology, where each terminal uploads data to a central server or edge gateway, and the central node handles protocol parsing, data mapping, and routing. Meanwhile, some solutions use predefined static mapping tables to achieve conversion between fixed protocol pairs and employ unified encryption strategies (such as consistently using SM4 or internationally recognized algorithms) to ensure data transmission security. However, a deeper analysis of existing mainstream solutions reveals significant technical shortcomings: First, the centralized architecture requires data interaction to be forwarded through intermediate nodes, resulting in high transmission latency and a single point of failure risk, failing to meet the high real-time business requirements such as low-latency payment between POS terminals and keypads, and real-time authentication of access control terminals; Second, the static protocol mapping table lacks adaptability, requiring manual reconfiguration of mapping rules when adding new devices or protocol types, resulting in poor scalability and an inability to achieve semantic-level field mapping between heterogeneous protocols such as ISO 14443 and EPC Gen2; Third, existing solutions mostly adopt fixed security strategies, failing to dynamically select differentiated encryption algorithms such as SM2 or SM4 based on data sensitivity levels (such as transaction amount and user identity information), making it difficult to balance security and processing efficiency; Fourth, the direct communication links between terminals lack quality monitoring and automatic switching mechanisms, easily causing transaction serial number loss or certificate verification interruption when Bluetooth or Wi-Fi link signals weaken; In summary, existing technical solutions are insufficient to address core technical challenges such as adaptive negotiation of heterogeneous RFID protocols, semantic-level data mapping, dynamic security policy adaptation, and high-reliability link assurance. There is an urgent need for a data interaction management system capable of enabling adaptive interaction of heterogeneous protocols across multiple terminals, dynamic security policy negotiation, and self-optimization of link quality. Therefore, this invention proposes a multi-terminal data interaction management system based on RFID. Summary of the Invention

[0003] To address the aforementioned technical issues, this solution provides a multi-terminal data interaction management system based on RFID. This technical solution resolves the problems caused by the centralized architecture, which requires data interaction to be forwarded through intermediate nodes, resulting in high transmission latency and single-point failure risks. It also addresses the lack of adaptive capabilities in static protocol mapping tables, the prevalence of fixed security strategies in existing solutions, and the lack of quality monitoring and automatic switching mechanisms for direct communication links between terminals.

[0004] To achieve the above objectives, the technical solution adopted by the present invention is as follows: RFID-based multi-terminal data interaction management system, including: The terminal sensing module is deployed in each RFID terminal device to collect and broadcast the RFID communication protocol type identifier, concurrent processing quantity, and privacy processing identifier supported by the terminal device. The RFID communication protocol type identifier indicates the native communication protocol of the RFID terminal device, and the privacy processing identifier is used to indicate the data sensitivity level and security level. The module generates a terminal capability description file containing the protocol type identifier, concurrent processing quantity, and privacy processing identifier. The dynamic protocol negotiation module is used to receive the terminal capability description file and determine the common communication protocol between the first RFID terminal and the second RFID terminal through a protocol selection algorithm based on the preset response time threshold and the security level indicated by the privacy processing identifier. The first RFID terminal is the data sender and the second RFID terminal is the data receiver. The semantic mapping module, based on a pre-stored cross-protocol field mapping table, is used to convert data frames based on the native communication protocol into data frames based on the common communication protocol when the common communication protocol is different from the native protocol of the first RFID terminal. The terminal collaboration management module is used to establish a direct physical link via Bluetooth or Wi-Fi between the first RFID terminal and the second RFID terminal, and to transmit data using the TCP / IP protocol to achieve transaction serial number synchronization and certificate verification information transmission. The adaptive security policy module is used to perform encryption operations on data transmitted through a direct physical link, based on the security level indicated by the privacy processing identifier, selecting the SM2 encryption algorithm when the security level is high and the SM4 encryption algorithm when the security level is low.

[0005] Preferably, in the terminal sensing module, the native communication protocol is one of the ISO 14443 protocol, ISO 15693 protocol, or EPC Gen2 protocol.

[0006] Preferably, in the terminal sensing module, the privacy processing identifier is used to indicate the data sensitivity level and security level, and the security level includes a high level and a low level.

[0007] Preferably, in the dynamic protocol negotiation module, the step of determining the common communication protocol between the first RFID terminal and the second RFID terminal through a protocol selection algorithm includes: Obtain the terminal capability description files of the first RFID terminal and the second RFID terminal, extract the set of communication protocol types supported by the first RFID terminal and the second RFID terminal respectively, compare the set of communication protocol types supported by both parties, extract the common protocol types as candidate protocols, and generate a set of candidate protocols. Traverse the candidate protocol set, for each candidate protocol in the set, obtain its historical response time statistics, compare the preset response time threshold with the historical response time statistics, and filter out candidate protocols whose historical response time statistics are greater than the response time threshold to obtain the timeliness compliance protocol set. Extract the security level indicated by the privacy processing identifier. When the security level is high, assign a priority weighting coefficient to protocols that support the national cryptographic SM series algorithms; when the security level is low, assign a priority weighting coefficient to protocols that support general international algorithms. The basic weight allocation is determined based on the type of business scenario. For payment business scenarios, response time is set as the first priority and security level as the second priority; for inventory business scenarios, concurrent processing capability is set as the first priority and response time as the second priority. The response time index, security level index, and concurrent processing capability index are multiplied by their respective weights and then summed. The candidate protocol with the highest comprehensive score is selected as the common communication protocol. When the difference between the combined score of multiple candidate protocols and the highest score is less than a preset tolerance threshold, the optimization and screening step begins.

[0008] Preferably, the optimization screening step includes: The protocol conversion overhead between each candidate protocol and the native communication protocol of the first RFID terminal is calculated respectively. The protocol conversion overhead is calculated based on the number of field mappings, the difference in data frame length, and the complexity of the verification algorithm. Select the candidate protocol with the lowest protocol conversion overhead as the common communication protocol; When multiple candidate protocols have the same protocol conversion overhead, the protocol conversion overhead of each candidate protocol and the native communication protocol of the second RFID terminal are further compared, and the candidate protocol with the smallest protocol conversion overhead is selected as the common communication protocol.

[0009] Preferably, the cross-protocol field mapping table records the cross-protocol field correspondence; The cross-protocol field correspondence defines the position offset, field length, and encoding format of the user identifier, transaction amount, and verification code fields in the data frames of the ISO 14443, ISO 15693, and EPC Gen2 protocols.

[0010] Preferably, the semantic mapping module includes: The field extraction unit is used to extract the original bit stream from the data area of ​​the data frame generated based on the native communication protocol according to the position offset and field length, based on the cross-protocol field mapping table. The format conversion unit is used to perform byte order conversion, encoding format conversion, and data type mapping on the original bit stream. The byte order conversion includes switching between big-endian and little-endian modes, the encoding format conversion includes ASCII and UTF-8 conversion, and the data type mapping includes integer bit extension or compression. The frame reassembly unit is used to write the converted fields to the corresponding offset positions according to the frame structure of the common communication protocol, fill in the frame header identifier and synchronization word, and generate the common communication protocol data frame.

[0011] Preferably, the terminal collaboration management module includes: The link quality monitoring unit is used to collect the signal strength indication value and packet loss rate of the direct physical link in real time and compare them with the link quality judgment conditions. The link quality judgment conditions include the signal strength being lower than a preset threshold or the packet loss rate exceeding a preset ratio. When the link quality judgment conditions are met, a link degradation alarm is generated. The link switching control unit is used to respond to link degradation alarms, establish a backup physical link between the first RFID terminal and the second RFID terminal, the backup physical link uses a different communication medium than the direct physical link, and migrates the transaction serial number and certificate verification information being transmitted to the backup physical link for continued transmission.

[0012] Preferably, the adaptive security policy module includes: The key negotiation unit is used to negotiate session key parameters according to the security level. The session key parameters include key length and key update period. When the security level is high, a 256-bit key length and a 30-second key update period are negotiated. When the security level is low, a 128-bit key length and a 300-second key update period are negotiated. The encryption unit is used to perform encryption operations on data transmitted over a direct physical link using session key parameters and a selected encryption algorithm.

[0013] Preferably, the adaptive security policy module further includes: The integrity verification unit is used to generate an integrity verification value for the ciphertext data based on the national cryptographic hash algorithm after the encryption operation unit has completed the encryption, and to append the integrity verification value to the end of the ciphertext data. The encryption unit is also used to verify the integrity check value when receiving ciphertext data. If the verification fails, the ciphertext data is discarded and a retransmission request is triggered.

[0014] Compared with the prior art, the beneficial effects of the present invention are as follows: This invention proposes a technical solution for a terminal sensing module to collect and broadcast RFID communication protocol type identifiers, concurrent processing quantity, and privacy processing identifiers, enabling dynamic discovery and sharing of capabilities among various terminal devices and providing complete basic data support for protocol negotiation between heterogeneous terminals. Furthermore, it proposes a dynamic protocol negotiation module that, based on a preset response time threshold and the security level indicated by the privacy processing identifier, uses a protocol selection algorithm to determine the common communication protocol between a first RFID terminal and a second RFID terminal, achieving compliance with ISO 14443, ISO 15693, and EPC standards. The system employs adaptive matching and optimization selection of heterogeneous protocols such as Gen2 to ensure data security while meeting real-time requirements. A semantic mapping module is proposed, based on a pre-stored cross-protocol field mapping table, to convert native communication protocol data frames into common communication protocol data frames. This enables semantic-level mapping and reassembly of key fields such as user identifiers, transaction amounts, and verification codes, ensuring semantic consistency and integrity in cross-protocol data interaction. Furthermore, an adaptive security strategy module is proposed to dynamically select either SM2 or SM4 encryption algorithms based on the security level. This achieves precise adaptation between security strategies and data sensitivity levels, ensuring that high-security-level data uses national standard asymmetric encryption while reducing the processing overhead of low-security-level data, thus balancing system security and computational efficiency. Attached Figure Description

[0015] Figure 1 This is a system framework diagram of the present invention. Detailed Implementation

[0016] The following description is intended to disclose the invention and enable those skilled in the art to implement it. The preferred embodiments described below are merely examples, and other obvious variations will occur to those skilled in the art.

[0017] Reference Figure 1 As shown, the RFID-based multi-terminal data interaction management system includes: The terminal sensing module, deployed in each RFID terminal device, is used to collect and broadcast the RFID communication protocol type identifier, concurrent processing quantity, and privacy processing identifier supported by the terminal device. The RFID communication protocol type identifier indicates the native communication protocol of the RFID terminal device, and the privacy processing identifier indicates the data sensitivity level and security level. It generates a terminal capability description file containing the protocol type identifier, concurrent processing quantity, and privacy processing identifier. The terminal sensing module is deployed in the main control unit of each RFID terminal device and generates a binary TLV format terminal capability description file. The protocol type identifier uses 1-byte encoding; the concurrent processing quantity is a 2-byte unsigned integer; the privacy processing identifier is a 1-byte bitmap; the broadcast mechanism uses UDP multicast or MQTT publish / subscribe, triggered according to a preset period or device status change.

[0018] The terminal sensing module is deployed in the main control unit of each RFID terminal device, generating a binary TLV format terminal capability description file; the protocol type identifier uses 1-byte encoding (0x01=ISO 14443, 0x02=ISO 15693, 0x03=EPCGen2); the concurrent processing quantity is 2 bytes of unsigned integer; the privacy processing identifier is a 1-byte bitmap (bits 0-1 represent the security level, bits 2-3 represent the sensitivity level). Regarding the hardware implementation environment, the smart card reader / writer uses an embedded microcontroller as the main control chip, integrates an RF front-end chip supporting the ISO 14443 protocol, communicates with the main control unit via an SPI interface, and runs an embedded real-time operating system. The POS terminal is an industrial-grade terminal device based on the Android system, with a built-in national cryptographic SM2 / SM4 hardware security module (HSM), an external PIN pad connected via a USB interface, and supports NFC RF communication based on the ISO 14443 protocol. The RFID reader / writer uses an embedded Linux hardware platform, integrates a UHF RF module supporting the EPC Gen2 protocol, and has Wi-Fi and Bluetooth dual-mode communication capabilities. The security authentication terminal uses a dedicated security chip supporting hardware acceleration of national cryptographic algorithms and communicates with the host via a UART interface. The terminal sensing modules of each terminal device are deployed in their respective main control units, and execute the broadcast mechanism via Ethernet, Wi-Fi, or Bluetooth interfaces.

[0019] In the terminal sensing module, the native communication protocol is one of the following: ISO 14443 protocol, ISO 15693 protocol, or EPCgen2 protocol.

[0020] In the terminal perception module, the privacy processing identifier is used to indicate the data sensitivity level and security level, and the security level includes high level and low level.

[0021] The dynamic protocol negotiation module receives the terminal capability description file and, based on the preset response time threshold and the security level indicated by the privacy processing identifier, determines the common communication protocol between the first RFID terminal and the second RFID terminal through a protocol selection algorithm. The first RFID terminal is the data sender, and the second RFID terminal is the data receiver. The preset response time threshold is set according to the business scenario type and stored in the EEPROM non-volatile memory of the dynamic protocol negotiation module. For payment-related business scenarios, the response time threshold is set to 50 milliseconds to meet the real-time requirements of financial transactions; for asset inventory-related business scenarios, the response time threshold is set to 500 milliseconds to adapt to the timeliness characteristics of batch tag identification. The threshold value is written to the 0x200-0x204 address range of the EEPROM through the configuration interface and read into memory for algorithm calls when the system powers on. The protocol selection algorithm employs a weighted scoring mechanism. The response time metric is calculated as follows: the difference between the preset response time threshold and the actual response time statistical value is divided by the threshold, and the result is normalized to the 0-1 range. When the actual value exceeds the threshold, the metric is reset to zero. The security level metric is calculated as follows: the national cryptographic algorithm support flag (1 for supported, 0 for unsupported) multiplied by the security level coefficient (1.0 for high level, 0.5 for low level). The concurrency processing metric is calculated as the ratio of the maximum number of concurrent tags for candidate protocols to the system's preset concurrency requirement threshold, with an upper limit of 1.0. The comprehensive score calculation formula is: Comprehensive Score = (Response Time Metric × Weight 1) + (Security Level Metric × Weight 2) + (Concurrency Processing Metric × Weight 3). The weights are dynamically allocated according to the business scenario: in the payment scenario, the response time weight is 0.5, the security level weight is 0.3, and the concurrency weight is 0.2; in the inventory scenario, the concurrency weight is 0.5, the response time weight is 0.3, and the security level weight is 0.2.

[0022] In the dynamic protocol negotiation module, determining the common communication protocol between the first RFID terminal and the second RFID terminal through a protocol selection algorithm includes: The terminal capability description files of the first RFID terminal and the second RFID terminal are obtained. The set of communication protocol types supported by the first RFID terminal and the second RFID terminal are extracted respectively. The set of communication protocol types supported by both parties is compared, and the common protocol types are extracted as candidate protocols to generate a candidate protocol set. The candidate protocol set is generated by performing a bitmap AND operation on the protocol type identifiers of the first RFID terminal and the second RFID terminal. Specifically, the protocol types supported by both parties are represented by an 8-bit bitmap (bit0 corresponds to ISO 14443, bit1 corresponds to ISO 15693, and bit2 corresponds to EPC Gen2). After performing a bitmap AND operation, the protocol types corresponding to the bits with a result of 1 are extracted to generate a set of commonly supported candidate protocols. Traverse the candidate protocol set, for each candidate protocol in the set, obtain its historical response time statistics, compare the preset response time threshold with the historical response time statistics, and filter out candidate protocols whose historical response time statistics are greater than the response time threshold to obtain the timeliness compliance protocol set. Extract the security level indicated by the privacy processing identifier. When the security level is high, assign a priority weighting coefficient to protocols that support the national cryptographic SM series algorithms; when the security level is low, assign a priority weighting coefficient to protocols that support general international algorithms. The basic weight allocation is determined based on the type of business scenario. For payment business scenarios, response time is set as the first priority and security level as the second priority; for inventory business scenarios, concurrent processing capability is set as the first priority and response time as the second priority. The response time index, security level index, and concurrent processing capability index are multiplied by their respective weights and then summed. The candidate protocol with the highest comprehensive score is selected as the common communication protocol. When the difference between the combined score of multiple candidate protocols and the highest score is less than a preset tolerance threshold, the optimization and screening step is initiated. The tolerance threshold is set to 5% of the highest comprehensive score or an absolute difference of 0.5 points, and is stored in the 0x208-0x20C address range of the EEPROM. When the comprehensive score of multiple candidate protocols differs from the highest score by less than the tolerance threshold, an optimization and screening step is triggered. The protocol conversion overhead between each candidate protocol and the native communication protocol of the first RFID terminal is calculated, and the candidate protocol with the smallest protocol conversion overhead is selected as the common communication protocol.

[0023] The optimization screening steps include: The protocol conversion overhead between each candidate protocol and the native communication protocol of the first RFID terminal is calculated respectively. The protocol conversion overhead is calculated based on the number of field mappings, the difference in data frame length, and the complexity of the verification algorithm. Select the candidate protocol with the lowest protocol conversion overhead as the common communication protocol; When multiple candidate protocols have the same protocol conversion overhead, the protocol conversion overhead of each candidate protocol and the native communication protocol of the second RFID terminal are further compared, and the candidate protocol with the smallest protocol conversion overhead is selected as the common communication protocol.

[0024] The semantic mapping module, based on a pre-stored cross-protocol field mapping table, is used to convert data frames based on the native communication protocol into data frames based on the common communication protocol when the common communication protocol is different from the native protocol of the first RFID terminal. The cross-protocol field mapping table is stored as a structure array in the non-volatile memory of the semantic mapping module, defining the position parameters of the user identifier, transaction amount, and checksum fields in the heterogeneous protocol data frame. In the ISO 14443 Type A frame structure, the user identifier UID is located in bytes 1-4 (offset 0x01, length 4 bytes), the transaction amount is located in bytes 5-8 of the application data block (offset 0x05, length 4 bytes), and the checksum CRC16 is located in bytes 9-10 of the frame tail (offset 0x09, length 2 bytes). In the ISO 15693 VCD frame structure, the user identifier is located in bytes 3-10 of the UID field (offset 0x03, length 8 bytes). In the EPC Gen2 EPC frame structure, the user identifier EPC is located in bytes 4-12 (offset 0x04, length 12 bytes, 96 bits), and the transaction amount is located in bytes 1-4 of the user storage area (offset 0x21, length 4 bytes).

[0025] In the semantic mapping module, the cross-protocol field mapping table records the cross-protocol field correspondences; The cross-protocol field correspondence defines the position offset, field length, and encoding format of the user identifier, transaction amount, and verification code fields in the data frames of the ISO 14443, ISO 15693, and EPC Gen2 protocols.

[0026] The semantic mapping module includes: The field extraction unit is used to extract the original bit stream from the data area of ​​the data frame generated based on the native communication protocol according to the position offset and field length, based on the cross-protocol field mapping table. The field extraction unit extracts the target field through bitmasks and shift operations. Specifically, for the transaction amount field with an offset of 0x05 and a length of 4 bytes, it performs (uint32_t)(frame_buffer+offset)& 0xFFFFFFFF to read, or extracts the bit stream by reading in byte order and then shifting it left by 8 bits, or by recombining the operations.

[0027] The format conversion unit is used to perform byte order conversion, encoding format conversion, and data type mapping on the original bit stream. The byte order conversion includes switching between big-endian and little-endian modes, the encoding format conversion includes ASCII and UTF-8 conversion, and the data type mapping includes integer bit extension or compression. The format conversion unit performs the following conversion operations: byte order conversion is achieved through bitwise AND / OR operations; when converting from big-endian (EPCGen2) to little-endian (ISO14443), the following operations are performed: ((value>>24)&0xFF)|((value>>8)&0xFF00)|((value<<8)&0xFF0000)|((value<<24)&0xFF000000); The encoding format conversion uses a lookup table method. ASCII characters 0x00-0x7F are directly mapped to UTF-8 single bytes, while characters greater than 0x7F are converted according to the double-byte encoding rules. Data type mapping is determined based on the length of the target protocol field. When expanding from 32 bits to 64 bits, the high bits are padded with zeros. When compressing to 16 bits, the low 16 bits are taken and the high bits are truncated.

[0028] The frame reassembly unit is used to write the converted fields to the corresponding offset positions according to the frame structure of the common communication protocol, fill in the frame header identifier and synchronization word, and generate the common communication protocol data frame.

[0029] The frame reassembly unit is filled according to the target protocol frame structure: the EPC Gen2 frame header identifier is 0xE0 (located in byte 0), the synchronization word is 0x55AA (located in bytes 1-2), and after the data field is written to the starting position of byte 4, the checksum is recalculated based on CRC-16 / CCITT polynomial 0x1021 and filled to the end of the frame. The ISO 14443 frame header is 0x26 (REQA) or 0x93 (SELECT), and the reassembled data frame is encapsulated in the application layer protocol data unit (APDU).

[0030] The terminal collaboration management module is used to establish a direct physical link via Bluetooth or Wi-Fi between the first RFID terminal and the second RFID terminal, and to transmit data using the TCP / IP protocol to achieve transaction serial number synchronization and certificate verification information transmission. The terminal collaboration management module includes: The link quality monitoring unit is used to collect the signal strength indication value and packet loss rate of the direct physical link in real time and compare them with the link quality judgment conditions. The link quality judgment conditions include the signal strength being lower than a preset threshold or the packet loss rate exceeding a preset ratio. When the link quality judgment conditions are met, a link degradation alarm is generated. The link switching control unit is used to respond to link degradation alarms, establish a backup physical link between the first RFID terminal and the second RFID terminal, the backup physical link uses a different communication medium than the direct physical link, and migrates the transaction serial number and certificate verification information being transmitted to the backup physical link for continued transmission.

[0031] The adaptive security policy module is used to perform encryption operations on data transmitted through a direct physical link, based on the security level indicated by the privacy processing identifier, selecting the SM2 encryption algorithm when the security level is high and the SM4 encryption algorithm when the security level is low.

[0032] The adaptive security policy module includes: The key negotiation unit is used to negotiate session key parameters according to the security level. The session key parameters include key length and key update period. When the security level is high, a 256-bit key length and a 30-second key update period are negotiated. When the security level is low, a 128-bit key length and a 300-second key update period are negotiated. The key negotiation unit executes the SM2-KEP key exchange protocol, using the national cryptographic standard elliptic curve parameter sm2p256v1. A temporary key pair generates a 256-bit private key using a random number generator and calculates the public key coordinates. Shared key derivation uses the SM3 hash algorithm to hash the temporary public key coordinates of both parties, outputting a 256-bit shared key. Session key parameter negotiation is achieved through negotiation messages: the message contains a 2-byte key length field (0x0100 for 256 bits, 0x0080 for 128 bits) and a 4-byte update period field (0x0000001E for high-level, i.e., 30 seconds; 0x0000012C for low-level, i.e., 300 seconds). The negotiation result is written to a timer register, and the countdown triggers a key update interrupt.

[0033] The encryption unit is used to perform encryption operations on data transmitted over a direct physical link using session key parameters and a selected encryption algorithm.

[0034] The encryption unit calls different algorithms according to the security level: at the high level, it calls the SM2 public key encryption API through the national cryptographic hardware security module or the GMSSL software library, increasing the ciphertext length by 96 bytes; at the low level, it uses SM4 symmetric encryption, selects CTR mode, and the initialization vector IV generates a 16-byte random number through a random number generator and appends it to the ciphertext header.

[0035] The adaptive security policy module also includes: The integrity verification unit is used to generate an integrity verification value for the ciphertext data based on the national cryptographic hash algorithm after the encryption operation unit has completed the encryption, and to append the integrity verification value to the end of the ciphertext data. The integrity verification unit uses the SM3 algorithm to calculate a 256-bit message digest. When implementing HMAC-SM3, the shared key is used as the HMAC key. The verification value is encapsulated in TLV format at the end of the ciphertext: Tag is 0x9F26, Length is 0x20, and Value is a 32-byte SM3 digest.

[0036] The encryption unit is also used to verify the integrity check value when receiving ciphertext data. When the verification fails, the ciphertext data is discarded and a retransmission request is triggered. The verification failure handling is as follows: the receiving end recalculates the HMAC-SM3 value and compares it with the additional check value. If they do not match, a NACK message is returned (status code 0xFF + error code 0x0001). After receiving the NACK, the sending end starts retransmission, with a maximum of 3 retransmissions. After exceeding the number of retransmissions, a link disconnection command is sent (status code 0xFE) and the TCP / IP socket connection is closed.

[0037] The foregoing has shown and described the basic principles, main features, and advantages of the present invention. Those skilled in the art should understand that the present invention is not limited to the above embodiments. The embodiments and descriptions in the specification are merely principles of the invention. Various changes and modifications can be made to the invention without departing from its spirit and scope, and all such changes and modifications fall within the scope of the claimed invention. The scope of protection claimed by the appended claims and their equivalents is defined.

Claims

1. A multi-terminal data interaction management system based on RFID, characterized in that, include: The terminal sensing module is deployed in each RFID terminal device to collect and broadcast the RFID communication protocol type identifier, concurrent processing quantity, and privacy processing identifier supported by the terminal device. The RFID communication protocol type identifier indicates the native communication protocol of the RFID terminal device, and the privacy processing identifier is used to indicate the data sensitivity level and security level. The module generates a terminal capability description file containing the protocol type identifier, concurrent processing quantity, and privacy processing identifier. The dynamic protocol negotiation module is used to receive the terminal capability description file and determine the common communication protocol between the first RFID terminal and the second RFID terminal through a protocol selection algorithm based on the preset response time threshold and the security level indicated by the privacy processing identifier. The first RFID terminal is the data sender and the second RFID terminal is the data receiver. The semantic mapping module, based on a pre-stored cross-protocol field mapping table, is used to convert data frames based on the native communication protocol into data frames based on the common communication protocol when the common communication protocol is different from the native protocol of the first RFID terminal. The terminal collaboration management module is used to establish a direct physical link via Bluetooth or Wi-Fi between the first RFID terminal and the second RFID terminal, and to transmit data using the TCP / IP protocol to achieve transaction serial number synchronization and certificate verification information transmission. The adaptive security policy module is used to perform encryption operations on data transmitted through a direct physical link, based on the security level indicated by the privacy processing identifier, selecting the SM2 encryption algorithm when the security level is high and the SM4 encryption algorithm when the security level is low.

2. The RFID-based multi-terminal data interaction management system according to claim 1, characterized in that, In the terminal sensing module, the native communication protocol is one of the following: ISO 14443 protocol, ISO 15693 protocol, or EPC Gen2 protocol.

3. The RFID-based multi-terminal data interaction management system according to claim 1, characterized in that, In the terminal perception module, the privacy processing identifier is used to indicate the data sensitivity level and security level, and the security level includes high level and low level.

4. The RFID-based multi-terminal data interaction management system according to claim 1, characterized in that, In the dynamic protocol negotiation module, determining the common communication protocol between the first RFID terminal and the second RFID terminal through a protocol selection algorithm includes: Obtain the terminal capability description files of the first RFID terminal and the second RFID terminal, extract the set of communication protocol types supported by the first RFID terminal and the second RFID terminal respectively, compare the set of communication protocol types supported by both parties, extract the common protocol types as candidate protocols, and generate a set of candidate protocols. Traverse the candidate protocol set, for each candidate protocol in the set, obtain its historical response time statistics, compare the preset response time threshold with the historical response time statistics, and filter out candidate protocols whose historical response time statistics are greater than the response time threshold to obtain the timeliness compliance protocol set. Extract the security level indicated by the privacy processing identifier. When the security level is high, assign a priority weighting coefficient to protocols that support the national cryptographic SM series algorithms; when the security level is low, assign a priority weighting coefficient to protocols that support general international algorithms. The basic weight allocation is determined based on the type of business scenario. For payment business scenarios, response time is set as the first priority and security level as the second priority; for inventory business scenarios, concurrent processing capability is set as the first priority and response time as the second priority. The response time index, security level index, and concurrent processing capability index are multiplied by their respective weights and then summed. The candidate protocol with the highest comprehensive score is selected as the common communication protocol. When the difference between the combined score of multiple candidate protocols and the highest score is less than a preset tolerance threshold, the optimization and screening step begins.

5. The RFID-based multi-terminal data interaction management system according to claim 4, characterized in that, The optimization screening steps include: The protocol conversion overhead between each candidate protocol and the native communication protocol of the first RFID terminal is calculated respectively. The protocol conversion overhead is calculated based on the number of field mappings, the difference in data frame length, and the complexity of the verification algorithm. Select the candidate protocol with the lowest protocol conversion overhead as the common communication protocol; When multiple candidate protocols have the same protocol conversion overhead, the protocol conversion overhead of each candidate protocol and the native communication protocol of the second RFID terminal are further compared, and the candidate protocol with the smallest protocol conversion overhead is selected as the common communication protocol.

6. The RFID-based multi-terminal data interaction management system according to claim 1, characterized in that, In the semantic mapping module, the cross-protocol field mapping table records the cross-protocol field correspondences; The cross-protocol field correspondence defines the position offset, field length, and encoding format of the user identifier, transaction amount, and verification code fields in the data frames of the ISO 14443, ISO 15693, and EPC Gen2 protocols.

7. The RFID-based multi-terminal data interaction management system according to claim 1, characterized in that, The semantic mapping module includes: The field extraction unit is used to extract the original bit stream from the data area of ​​the data frame generated based on the native communication protocol according to the position offset and field length, based on the cross-protocol field mapping table. The format conversion unit is used to perform byte order conversion, encoding format conversion, and data type mapping on the original bit stream. The byte order conversion includes switching between big-endian and little-endian modes, the encoding format conversion includes ASCII and UTF-8 conversion, and the data type mapping includes integer bit extension or compression. The frame reassembly unit is used to write the converted fields to the corresponding offset positions according to the frame structure of the common communication protocol, fill in the frame header identifier and synchronization word, and generate the common communication protocol data frame.

8. The RFID-based multi-terminal data interaction management system according to claim 1, characterized in that, The terminal collaboration management module includes: The link quality monitoring unit is used to collect the signal strength indication value and packet loss rate of the direct physical link in real time and compare them with the link quality judgment conditions. The link quality judgment conditions include the signal strength being lower than a preset threshold or the packet loss rate exceeding a preset ratio. When the link quality judgment conditions are met, a link degradation alarm is generated. The link switching control unit is used to respond to link degradation alarms, establish a backup physical link between the first RFID terminal and the second RFID terminal, the backup physical link uses a different communication medium than the direct physical link, and migrates the transaction serial number and certificate verification information being transmitted to the backup physical link for continued transmission.

9. The RFID-based multi-terminal data interaction management system according to claim 1, characterized in that, The adaptive security policy module includes: The key negotiation unit is used to negotiate session key parameters according to the security level. The session key parameters include key length and key update period. When the security level is high, a 256-bit key length and a 30-second key update period are negotiated. When the security level is low, a 128-bit key length and a 300-second key update period are negotiated. The encryption unit is used to perform encryption operations on data transmitted over a direct physical link using session key parameters and a selected encryption algorithm.

10. The RFID-based multi-terminal data interaction management system according to claim 9, characterized in that, The adaptive security policy module also includes: The integrity verification unit is used to generate an integrity verification value for the ciphertext data based on the national cryptographic hash algorithm after the encryption operation unit has completed the encryption, and to append the integrity verification value to the end of the ciphertext data. The encryption unit is also used to verify the integrity check value when receiving ciphertext data. If the verification fails, the ciphertext data is discarded and a retransmission request is triggered.