CN102904723A - Privacy protection method of radio frequency identification device (RFID) system - Google Patents
Privacy protection method of radio frequency identification device (RFID) system Download PDFInfo
- Publication number
- CN102904723A CN102904723A CN2012103631745A CN201210363174A CN102904723A CN 102904723 A CN102904723 A CN 102904723A CN 2012103631745 A CN2012103631745 A CN 2012103631745A CN 201210363174 A CN201210363174 A CN 201210363174A CN 102904723 A CN102904723 A CN 102904723A
- Authority
- CN
- China
- Prior art keywords
- label
- rfid
- background server
- rfid interrogator
- tag
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Storage Device Security (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses a privacy protection method of a radio frequency identification device (RFID) system and belongs to the field of RFID system communication safety. The method includes the following steps that an RFID reader-writer inquires a tag; the tag responds the RFID reader-writer; the RFID reader-writer submits a verification request to a background server; the background server verifies the identity of the tag; the background server submits a verification request to a legal tag; the tag verifies the identity of the RFID reader-writer; and the tag transmits an original identity to an RFID. According to the method, tracking of illegal RFID reader-writers to the RFID tag can be prevented, confidentiality of data transmitted by the RFID tag can be protected, the RFID reader-writer can effectively read right information in the RFID tag, defects of Kill mechanisms and sleep mechanisms can be effectively overcome, and the method can be widely used in passive tags.
Description
Technical field
The present invention relates to a kind of method for secret protection of rfid system, belong to the rfid system field of communication security.
Background technology
Along with development and the extensive use of RFID technology, the potential safety hazard relevant with RFID is following, and wherein secret protection is one of significant challenge that faces in the RFID evolution.Can infer; if rfid system is under attack; may cause personal information, business information and property etc. to lose or usurped by other people; thereby occur that plant downtime, shop are closed the door, civil order is chaotic; even the life security that directly threatens the mankind; therefore secret protection becomes the bottleneck of restriction rfid system large-scale application, a key technology in also becoming design, dispose and using.
From utilize encipherment protection private data confidentiality in the legacy network, utilize anonymous technical protection user's the technology such as identity different, the secret protection in the rfid system presents the feature exclusive with quoting height correlation, resource constraint sternness etc., that is:
(1) application of difference is large.According to the difference of protection of goal object, mainly take information protection and guarded by location as main, the secret protection technology in the legacy network can not be applied directly in the rfid system secret protection in the rfid system.
(2) resource-constrained.Because the computing capability of RFID label own and programmability is seriously limited; cause that ability is restricted on energy, storage, calculating and the communication resource; thereby limited the security mechanisms such as encryption of using on it, so the design of the secret protection technology in the rfid system and all related protection methods must be satisfied the resource constraint demand.
The technical scheme of rfid system safety and privacy concern roughly can be divided into two kinds at present, and a kind of is physical schemes, and another kind is logical scheme.The settling mode of physical schemes has:
(1) Kill label.The Kill label stops Auto-ID Center to propose by standardization, the secret protection that it provides dual mode to realize electronic tag, that is: and one is to remove label ID, another is to kill label fully.But limitation is arranged, can not solve the contradiction between RFID ease for use and the personal secrets.
(2) faraday's guard.Put the RFID label into the faraday guard, outside covering, just can't scan the RFID label so, and the RFID label in the cover both can't have been accepted wireless signal, can not send wireless signal and go out.
(3) active interference.Utilize legal wireless signal to disturb the illegal wireless signal, thereby reach the effect of shielding RFID label.But near rfid system legal this method might interfere with works.
Logical method mainly is to adopt the safety authentication protocol of challenge-response formula between each part of rfid system.Present safety authentication protocol adopts two approach mostly: a kind of is the Hash lock side case of using such as randomizer, and another kind is Hash chain scheme, need not to use randomizer.
But we find, when adopting logical method protection user's privacy, even ID number of RFID label encrypted, because the result who encrypts do not change, although the assailant does not know the content of encrypting so, but have exposed equally user's location privacy.
Summary of the invention
The invention provides a kind of method for secret protection of rfid system, protection user's location privacy and information privacy.The method has adopted symmetric encipherment algorithm and randomizer in order to realize secret protection at limited RFID label, has guaranteed the confidentiality of personal information between rfid interrogator and the RFID label and the not trackability of RFID label.The method is applicable to the occasion that illegal rfid interrogator is attacked the RFID label.
The present invention adopts following technical scheme for solving its technical problem:
A kind of method for secret protection of rfid system comprises following step:
(1) rfid interrogator inquiry label:
Read write line at first produces random number
, together with inquiry request Query form the inquiry request message
, Query} sends to label;
(2) tag responses rfid interrogator:
Label receive the inquiry request message that rfid interrogator sends over
, behind the Query}, at first produce random number
, then produce at random a tag number ID ', calculate symmetric key
, will
,
Combine with ID
, then, label produces enciphered message
, at last with response message
, ID ' } and send to rfid interrogator;
(3) rfid interrogator is submitted the checking request to background server:
If rfid interrogator is illegal, its message of can responsive tags not sending so; If rfid interrogator is legal, so it receive response message from label
, ID ' } after, together with the random number that oneself produces
Send to background server by escape way together, the checking request of its submission be
, ID ',
;
(4) identity of background server checking label:
Background server receive rfid interrogator the checking request
, ID ',
After, at first utilize ID ' computation key
, then utilize
kDecrypt
Obtain
With
If, after the deciphering
Produce with read write line
Identical, then label is legal label, otherwise label is illegal;
(5) background server is submitted the checking request to legal label:
After background server has been verified the legal identity of label, will decipher
Message obtains
Carry out XOR with ID '
, then utilize symmetric key
kProduce enciphered message
, send to label by read write line;
(6) identity of label checking rfid interrogator:
Label is received the encrypting messages from read write line
After, at first utilize the key of its preservation
kDeciphering obtains random number
If obtain
Value and its generation
Be worth identically, then verified the identity of rfid interrogator;
(7) label transmits primary ID to RFID:
After label has been verified the identity of read write line, utilize the key of its preservation
kEncrypt former ID and obtain ciphertext
, then this message is sent to background server by read write line, the background server deciphering
After obtain the former ID of label, can inquire all information that this label comprises by ID.
Beneficial effect of the present invention is as follows:
The present invention by each label in the situation that keep former ID number constant; it is change at random that label responds ID number of read write line inquiry first; the each ID value that obtains of read write line is expressly all not identical like this; therefore stop the position of illegal rfid interrogator tracking tags, thereby protected user's location privacy.When sending former ID, adopt the ciphertext load mode, thereby protected user's information privacy, simultaneously, valid reader can obtain the correct information of these article accordingly.
Although rfid interrogator and RFID label are in once complete communication process, its symmetric key changes, and this symmetric key can pass through polynomial function
FCalculate, therefore guaranteed the encryption and decryption functions between valid reader and the label.
Description of drawings
Fig. 1 rfid system structure chart.
Fig. 2 is method step flow chart of the present invention.
Embodiment
Below in conjunction with accompanying drawing the invention is described in further details.
The present invention has proposed a kind of method that stops illegal rfid interrogator to destroy the rfid system personal secrets in rfid system secure communication field, the method is utilized symmetric encipherment algorithm and randomizer, sets up secure communication protocols between rfid interrogator and label.In this agreement, randomizer can help to realize the change at random of RFID label ID number, thereby guarantees that illegal rfid interrogator can't realize the tracking to the RFID label, can effectively stop Replay Attack simultaneously.And symmetric encipherment algorithm can guarantee that the sensitive information that transmits all is ciphertext, thereby has protected the userspersonal information not revealed.Among the present invention, the equipment that participates in this communication protocol has three, as shown in Figure 1, that is: and background server, RFID reader and RFID label.The resource of background server is unrestricted, and the rfid interrogator resource can realize complicated security mechanism fully, therefore, can reasonably think among the present invention and have the ability fully between background server and the rfid interrogator to utilize existing security mechanism and strategy to set up high secured communication channel.
1, the initialization of system
The equipment that arrives involved in the present invention, that is: background server, rfid interrogator and label, all concentrate on before deployment in a mechanism or the tissue, therefore, the transmission security of system's some related sensitive informations in initialization procedure has abundant assurance.In initialization procedure, background server will be all labels
Produce former ID number, that is:
To load a multinomial F function and a randomizer in each label a former ID number.Then, set up reliable escape way between rfid interrogator and the background server, guarantee the safety of communication between the two, but its method that adopts is not in the present invention.
The implementation step of 2, secret protection communication protocol as shown in Figure 2.
(1) rfid interrogator inquiry label
Read write line at first produces random number
, together with inquiry request Query form the inquiry request message
, Query} sends to label.
(2) tag responses rfid interrogator
Label receive the inquiry request message that rfid interrogator sends over
, behind the Query}, at first produce random number
, then produce at random a tag number ID ', calculate symmetric key
, will
,
Combine with ID
, then, label produces enciphered message
, at last with response message
, ID ' } and send to rfid interrogator.
(3) rfid interrogator is submitted the checking request to background server
If rfid interrogator is illegal, its message of can responsive tags not sending so; If rfid interrogator is legal, so it receive response message from label
, ID ' } after, together with the random number that oneself produces
Send to background server by escape way together, the checking request of its submission be
, ID ',
.
(4) identity of background server checking label
Background server receive rfid interrogator the checking request
, ID ',
After, at first utilize ID ' computation key
, then utilize the k decrypt
Obtain
With
If, after the deciphering
Produce with read write line
Identical, then label is legal label, otherwise label is illegal.
(5) background server is submitted the checking request to legal label
After background server has been verified the legal identity of label, will decipher
Message obtains
Carry out XOR with ID '
, then utilize symmetric key
kProduce enciphered message
, send to label by read write line.
(6) identity of label checking rfid interrogator
Label is received the encrypting messages from read write line
After, at first utilize the key k deciphering of its preservation, obtain random number
If obtain
Value and its generation
Be worth identically, then verified the identity of rfid interrogator.
(7) label transmits primary ID to RFID
After label has been verified the identity of read write line, utilize the key k of its preservation to encrypt former ID and obtain ciphertext
, then this message is sent to background server by read write line, the background server deciphering
After obtain the former ID of label, can inquire all information that this label comprises by ID.
In rfid system, generally all can have
Individual rfid interrogator
,
Individual label
With a cover background server.Be the relation of multi-to-multi between rfid interrogator and the label, in the different time periods, the information of a plurality of different legal rfid interrogator reading tag may be arranged, thus some specific informations of label, as: multinomial
FTo remain unchanged with the former ID in each label, and these privacy informations can be in transmission over networks.
In rfid system, rfid interrogator, label and background server all be positioned under a tissue or the unit control, so background server can be each label distribution multinomial before deployment
FFunction can distribute unique former ID simultaneously, and the commodity of its ID representative (or goods) information is kept in the background server.
In rfid system, when rfid interrogator was read label at every turn, the ID that label responds first number (that is: ID ') all was different, at ID ' number and key
kBetween set up one-to-one relationship, key calculates by random ID ' number of producing, that is:
In rfid system, in order to resist illegal rfid interrogator the RFID label is followed the tracks of, we have adopted randomizer.No matter the RFID label is read by legal rfid interrogator or is read by illegal rfid interrogator, and the first response of each RFID label all can produce different ID number (that is: ID ') and random number
,
Send to read write line after the encryption, that is:
Thereby so that the each enciphered data that obtains of rfid interrogator is not identical, illegal rfid interrogator can't be realized the effective tracking to the RFID label for this reason.
In the present invention, can resist Replay Attack in order to guarantee the RFID label, label produces random number
, and utilize symmetric key
kTransmission after encrypting, that is:
, wherein
The logical operation of statement XOR, ID ' is ID number of change at random, when the RFID label responded first, its value was all different.Adopt the method when guaranteeing data confidentiality, to shorten the length of valid data.
In the present invention, in order to prove the identity of RFID label, read write line produces random number
, send to label together with the inquiry request, if label is legal, the background server decrypt
Rear acquisition
Value and read write line send to background server
Be worth identically, otherwise the identity of label is illegal.
In the present invention, in order to prove the identity of rfid interrogator, the response message of label to receiving
Be decrypted, then with the random number of its generation
Carry out XOR, if the ID ' value that obtains is identical with the ID ' value of its preservation, then the identity of rfid interrogator is verified, otherwise rfid interrogator is illegal.
In the present invention, the correct information that comprises in order to obtain the RFID label, rfid interrogator by authentication after, after the RFID label is encrypted its former ID number
Send to rfid interrogator, background server is according to the former ID query-related information of this label.
Claims (1)
1. the method for secret protection of a rfid system is characterized in that, comprises following step:
(1) rfid interrogator inquiry label:
Read write line at first produces random number
, together with inquiry request Query form the inquiry request message
, Query} sends to label;
(2) tag responses rfid interrogator:
Label receive the inquiry request message that rfid interrogator sends over
, behind the Query}, at first produce random number
, then produce at random a tag number ID ', calculate symmetric key
, will
,
Combine with ID
, then, label produces enciphered message
, at last with response message
, ID ' } and send to rfid interrogator;
(3) rfid interrogator is submitted the checking request to background server:
If rfid interrogator is illegal, its message of can responsive tags not sending so; If rfid interrogator is legal, so it receive response message from label
, ID ' } after, together with the random number that oneself produces
Send to background server by escape way together, the checking request of its submission be
, ID ',
;
(4) identity of background server checking label:
Background server receive rfid interrogator the checking request
, ID ',
After, at first utilize ID ' computation key
, then utilize the k decrypt
Obtain
With
If, after the deciphering
Produce with read write line
Identical, then label is legal label, otherwise label is illegal;
(5) background server is submitted the checking request to legal label:
After background server has been verified the legal identity of label, will decipher
Message obtains
Carry out XOR with ID '
, then utilize symmetric key
kProduce enciphered message
, send to label by read write line;
(6) identity of label checking rfid interrogator:
Label is received the encrypting messages from read write line
After, at first utilize the key of its preservation
kDeciphering obtains random number
If obtain
Value and its generation
Be worth identically, then verified the identity of rfid interrogator;
(7) label transmits primary ID to RFID:
After label has been verified the identity of read write line, utilize the key of its preservation
kEncrypt former ID and obtain ciphertext
, then this message is sent to background server by read write line, the background server deciphering
After obtain the former ID of label, can inquire all information that this label comprises by ID.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201210363174.5A CN102904723B (en) | 2012-09-26 | 2012-09-26 | Privacy protection method of radio frequency identification device (RFID) system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201210363174.5A CN102904723B (en) | 2012-09-26 | 2012-09-26 | Privacy protection method of radio frequency identification device (RFID) system |
Publications (2)
Publication Number | Publication Date |
---|---|
CN102904723A true CN102904723A (en) | 2013-01-30 |
CN102904723B CN102904723B (en) | 2015-07-08 |
Family
ID=47576777
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201210363174.5A Active CN102904723B (en) | 2012-09-26 | 2012-09-26 | Privacy protection method of radio frequency identification device (RFID) system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN102904723B (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103227793A (en) * | 2013-04-27 | 2013-07-31 | 无锡昶达信息技术有限公司 | RFID equipment layer information security transfer method and device based on random sequence |
CN103679349A (en) * | 2013-11-28 | 2014-03-26 | 国家电网公司 | Android based cellphone inspection terminal system |
CN104683108A (en) * | 2015-03-05 | 2015-06-03 | 西安电子科技大学 | Security authentication method for repealing radio frequency identification tag application of multi-application card |
CN106446743A (en) * | 2016-09-30 | 2017-02-22 | 西安交通大学 | Detection method for illegal tampering of ultrahigh frequency RFID (radio frequency identification) label based on physical layer |
WO2023207462A1 (en) * | 2022-04-26 | 2023-11-02 | 华为技术有限公司 | Security verification method and apparatus |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101217362A (en) * | 2007-12-29 | 2008-07-09 | 中山大学 | RFID communication security mechanism established based on dynamic randomization DRNTRU public key encryption system |
CN201886511U (en) * | 2010-09-26 | 2011-06-29 | 嘉钛华数码科技(天津)有限公司 | Hospital baby safety supervision system based on RFID |
CN102497264A (en) * | 2011-11-10 | 2012-06-13 | 西安电子科技大学 | RFID security authentication method based on EPC C-1G-2 standard |
-
2012
- 2012-09-26 CN CN201210363174.5A patent/CN102904723B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101217362A (en) * | 2007-12-29 | 2008-07-09 | 中山大学 | RFID communication security mechanism established based on dynamic randomization DRNTRU public key encryption system |
CN201886511U (en) * | 2010-09-26 | 2011-06-29 | 嘉钛华数码科技(天津)有限公司 | Hospital baby safety supervision system based on RFID |
CN102497264A (en) * | 2011-11-10 | 2012-06-13 | 西安电子科技大学 | RFID security authentication method based on EPC C-1G-2 standard |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103227793A (en) * | 2013-04-27 | 2013-07-31 | 无锡昶达信息技术有限公司 | RFID equipment layer information security transfer method and device based on random sequence |
CN103679349A (en) * | 2013-11-28 | 2014-03-26 | 国家电网公司 | Android based cellphone inspection terminal system |
CN104683108A (en) * | 2015-03-05 | 2015-06-03 | 西安电子科技大学 | Security authentication method for repealing radio frequency identification tag application of multi-application card |
CN106446743A (en) * | 2016-09-30 | 2017-02-22 | 西安交通大学 | Detection method for illegal tampering of ultrahigh frequency RFID (radio frequency identification) label based on physical layer |
CN106446743B (en) * | 2016-09-30 | 2019-01-18 | 西安交通大学 | Detection method for illegal tampering of ultrahigh frequency RFID (radio frequency identification) label based on physical layer |
WO2023207462A1 (en) * | 2022-04-26 | 2023-11-02 | 华为技术有限公司 | Security verification method and apparatus |
Also Published As
Publication number | Publication date |
---|---|
CN102904723B (en) | 2015-07-08 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104217230B (en) | The safety certifying method of hiding ultrahigh frequency electronic tag identifier | |
CN106712962B (en) | Bidirectional authentication method and system for mobile RFID system | |
CN102036231B (en) | Network architecture security system for Internet of Things and security method thereof | |
CN102882683B (en) | Synchronizable RFID (radio-frequency identification) security authentication method | |
CN101847199B (en) | Security authentication method for radio frequency recognition system | |
Fan et al. | An ultra-lightweight RFID authentication scheme for mobile commerce | |
CN101882197B (en) | RFID (Radio Frequency Identification Device) inquiring-response safety certificate method based on grading key | |
Li et al. | The survey of RFID attacks and defenses | |
CN103020671A (en) | Radio frequency identification bidirectional authentication method based on hash function | |
CN101271534A (en) | RFID label and reading device thereof, reading system and safety authentication method | |
CN102236773A (en) | Radio frequency identification (RFID) encryption verification system and method | |
CN102904723B (en) | Privacy protection method of radio frequency identification device (RFID) system | |
Chen et al. | The design of RFID access control protocol using the strategy of indefinite-index and challenge-response | |
Kang et al. | A study on secure RFID mutual authentication scheme in pervasive computing environment | |
CN102684872B (en) | Safety communication method for ultrahigh frequency radio-frequency identification air interface based on symmetrical encryption | |
CN104333539A (en) | RFID security authentication method based on Chebyshev mapping | |
CN103227793A (en) | RFID equipment layer information security transfer method and device based on random sequence | |
CN101739540B (en) | Label reader-writer and data communication method and system of radio frequency label | |
CN110225028B (en) | Distributed anti-counterfeiting system and method thereof | |
KR20120072032A (en) | The system and method for performing mutual authentication of mobile terminal | |
CN103944721A (en) | Method and device for protecting terminal data security on basis of web | |
CN104700125A (en) | AES encryption and verification of ultra high frequency radio identification system | |
Li et al. | Emap: An efficient mutual authentication protocol for passive RFID tags | |
CN105406971B (en) | RFID (radio frequency identification) safety authentication method for intelligent power consumption information acquisition system terminal | |
Chen et al. | A rfid authentication protocol for epidemic prevention and epidemic emergency management systems |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
TR01 | Transfer of patent right | ||
TR01 | Transfer of patent right |
Effective date of registration: 20210311 Address after: 210049 10 Ma Qun Road, Qixia District, Nanjing, Jiangsu. Patentee after: JIANGSU INTELLITRAINS Co.,Ltd. Address before: 210049 Sanbao science and Technology Park, 10 Ma Qun Road, Qixia District, Nanjing, Jiangsu Patentee before: NANJING SAMPLE TECHNOLOGY Co.,Ltd. |