CN102904723B - Privacy protection method of radio frequency identification device (RFID) system - Google Patents
Privacy protection method of radio frequency identification device (RFID) system Download PDFInfo
- Publication number
- CN102904723B CN102904723B CN201210363174.5A CN201210363174A CN102904723B CN 102904723 B CN102904723 B CN 102904723B CN 201210363174 A CN201210363174 A CN 201210363174A CN 102904723 B CN102904723 B CN 102904723B
- Authority
- CN
- China
- Prior art keywords
- label
- rfid
- tag
- background server
- rfid interrogator
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Abstract
The invention discloses a privacy protection method of a radio frequency identification device (RFID) system and belongs to the field of RFID system communication safety. The method includes the following steps that an RFID reader-writer inquires a tag; the tag responds the RFID reader-writer; the RFID reader-writer submits a verification request to a background server; the background server verifies the identity of the tag; the background server submits a verification request to a legal tag; the tag verifies the identity of the RFID reader-writer; and the tag transmits an original identity to an RFID. According to the method, tracking of illegal RFID reader-writers to the RFID tag can be prevented, confidentiality of data transmitted by the RFID tag can be protected, the RFID reader-writer can effectively read right information in the RFID tag, defects of Kill mechanisms and sleep mechanisms can be effectively overcome, and the method can be widely used in passive tags.
Description
Technical field
The present invention relates to a kind of method for secret protection of rfid system, belong to rfid system field of communication security.
Background technology
Along with development and the extensive use of RFID technique, the potential safety hazard relevant to RFID is following, and wherein secret protection is one of significant challenge faced in RFID evolution.Can infer; if rfid system is under attack; personal information, business information and property etc. may be caused to lose or are usurped by other people; thus occur that plant downtime, store closes, civil order are chaotic; even directly threaten the life security of the mankind; therefore secret protection becomes the bottleneck of restriction rfid system large-scale application, also becomes a key technology in design, deployment and application.
From utilize encipherment protection private data confidentiality in legacy network, utilize anonymity technology to protect the technology such as the identity of user different, the secret protection in rfid system presents and quotes height correlation, the resource constraint exclusive feature such as severe, that is:
(1) application of difference is large.According to the difference of protection of goal object, the secret protection in rfid system is mainly based on information protection and guarded by location, and the secret protection technology in legacy network can not be applied directly in rfid system.
(2) resource-constrained.Due to the critical constraints of the computing capability of RFID label tag own and programmability; ability on energy, storage, calculating and the communication resource is caused to be restricted; thus limiting the security mechanisms such as the encryption that it is used, the secret protection technology therefore in rfid system and the design of all related protection methods must meet resource constraint demand.
The technical scheme of current rfid system safety and privacy concern roughly can be divided into two kinds, and one is physical schemes, and another kind is logical scheme.The settling mode of physical schemes has:
(1) Kill label.Kill label stops Auto-ID Center to propose by standardization, and it provides two kinds of modes to realize the secret protection of electronic tag, that is: one is remove label ID, and another kills label completely.But there is limitation, the contradiction between RFID ease for use and personal secrets can not be solved.
(2) faraday's guard.RFID label tag is put into faraday's guard, so from cover, just cannot scan RFID label tag, and the RFID label tag in cover both cannot accept wireless signal, can not send wireless signal and go out.
(3) active interference.Utilize legal wireless signal to disturb illegal wireless signal, thus reach the effect of shielding RFID label tag.But legal rfid system normally works near this method likely interferes with.
Logical method mainly adopts the safety authentication protocol of challenge-response formula between each part of rfid system.Current safety authentication protocol adopts two approach mostly: a kind of is the Hash lock side case using such as randomizer, and another kind is Hash chain scheme, without the need to using randomizer.
But we find, when adopting the privacy of logical method protection user, even if encrypt No. ID of RFID label tag, because the result of encryption does not change, although so assailant does not know the content of encrypting, but expose the location privacy of user equally.
Summary of the invention
The invention provides a kind of method for secret protection of rfid system, the location privacy of protection user and information privacy.The method, in order to realize secret protection in limited RFID label tag, have employed symmetric encipherment algorithm and randomizer, ensure that the confidentiality of personal information between rfid interrogator and RFID label tag and the not trackability of RFID label tag.The method is applicable to the occasion that illegal rfid interrogator is attacked RFID label tag.
The present invention adopts following technical scheme for solving its technical problem:
A method for secret protection for rfid system, comprises following step:
(1) rfid interrogator inquiry label:
First read write line produces random number
, together with inquiry request Query form inquiry request message
, Query} sends to label;
(2) tag responses rfid interrogator:
Label receive inquiry request message that rfid interrogator sends over
, after Query}, first produce random number
, then produce a tag number ID ' at random, calculate symmetric key
, will
,
combine with ID
, then, label produces enciphered message
, finally by response message
, ID ' } and send to rfid interrogator;
(3) rfid interrogator submits checking request to background server:
If rfid interrogator is illegal, so it can not responsive tags send message; If rfid interrogator is legal, so it receive from label response message
, ID ' } after, together with the random number that oneself produces
send to background server by escape way together, its submit to checking request be
, ID ',
;
(4) identity of background server checking label:
Background server receive rfid interrogator checking request
, ID ',
after, first utilize ID ' computation key
, then utilize
kdecrypt
obtain
with
if, after deciphering
to produce with read write line
identical, then label is legitimate tag, otherwise label is illegal;
(5) background server submits checking request to legitimate tag:
After background server demonstrates the legal identity of label, will decipher
message obtains
xOR is carried out with ID '
, then utilize symmetric key
kproduce enciphered message
, send to label by read write line;
(6) identity of label checking rfid interrogator:
Label receives the encrypting messages from read write line
after, first utilize the key that it is preserved
kdeciphering, obtains random number
if obtained
value is with its generation
be worth identical, then demonstrate the identity of rfid interrogator;
(7) label transmits primary ID to RFID:
After label demonstrates the identity of read write line, utilize the key that it is preserved
kencrypt former ID and obtain ciphertext
, then this message is sent to background server by read write line, background server is deciphered
after obtain the former ID of label, can inquire by ID all information that this label comprises.
Beneficial effect of the present invention is as follows:
The present invention by each label when keep former No. ID constant; label respond first read write line inquiry No. ID be change at random; the ID value that such read write line obtains at every turn is expressly all not identical; therefore prevent the position of illegal rfid interrogator tracking tags, thus protect the location privacy of user.When sending former ID, have employed ciphertext load mode, thus protect the information privacy of user, meanwhile, valid reader can obtain the correct information of these article accordingly.
Although rfid interrogator and RFID label tag are in once complete communication process, its symmetric key is change, and this symmetric key can pass through polynomial function
fcalculate, therefore ensure that the encryption and decryption functions between valid reader and label.
Accompanying drawing explanation
Fig. 1 rfid system structure chart.
Fig. 2 is method step flow chart of the present invention.
Embodiment
Below in conjunction with accompanying drawing, the invention is described in further details.
The present invention proposes a kind of method stoping illegal rfid interrogator to destroy rfid system personal secrets at rfid system secure communications, the method utilizes symmetric encipherment algorithm and randomizer, between rfid interrogator and label, set up secure communication protocols.In this agreement, randomizer can help the change at random realizing No. ID, RFID label tag, thus ensures that illegal rfid interrogator cannot realize the tracking to RFID label tag, effectively can stop Replay Attack simultaneously.And symmetric encipherment algorithm can ensure that the sensitive information transmitted is all ciphertext, thus protect userspersonal information and do not revealed.In the present invention, the equipment participating in this communication protocol has three, as shown in Figure 1, that is: and background server, RFID reader and RFID label tag.The resource of background server is unrestricted, and rfid interrogator resource can realize complicated security mechanism completely, therefore, reasonably can think in the present invention and have the ability to utilize existing security mechanism and strategy to set up high secured communication channel completely between background server and rfid interrogator.
1, the initialization of system
The equipment arrived involved in the present invention, that is: background server, rfid interrogator and label, all concentrate in a mechanism or tissue before deployment, therefore, the transmission security of some sensitive informations that system is involved in initialization procedure has fully guarantee.In initialization procedure, background server will be all labels
produce former No. ID, that is:
.By former for loading one No. ID in each label, a multinomial F function and a randomizer.Then, set up reliable escape way between rfid interrogator and background server, ensure the safety of information transmission between the two, but its method adopted is not in the present invention.
The implementation step of 2, secret protection communication protocol as shown in Figure 2.
(1) rfid interrogator inquiry label
First read write line produces random number
, together with inquiry request Query form inquiry request message
, Query} sends to label.
(2) tag responses rfid interrogator
Label receive inquiry request message that rfid interrogator sends over
, after Query}, first produce random number
, then produce a tag number ID ' at random, calculate symmetric key
, will
,
combine with ID
, then, label produces enciphered message
, finally by response message
, ID ' } and send to rfid interrogator.
(3) rfid interrogator submits checking request to background server
If rfid interrogator is illegal, so it can not responsive tags send message; If rfid interrogator is legal, so it receive from label response message
, ID ' } after, together with the random number that oneself produces
send to background server by escape way together, its submit to checking request be
, ID ',
.
(4) identity of background server checking label
Background server receive rfid interrogator checking request
, ID ',
after, first utilize ID ' computation key
, then utilize k decrypt
obtain
with
if, after deciphering
to produce with read write line
identical, then label is legitimate tag, otherwise label is illegal.
(5) background server submits checking request to legitimate tag
After background server demonstrates the legal identity of label, will decipher
message obtains
xOR is carried out with ID '
, then utilize symmetric key
kproduce enciphered message
, send to label by read write line.
(6) identity of label checking rfid interrogator
Label receives the encrypting messages from read write line
after, the key k first utilizing it to preserve deciphers, and obtains random number
if obtained
value is with its generation
be worth identical, then demonstrate the identity of rfid interrogator.
(7) label transmits primary ID to RFID
After label demonstrates the identity of read write line, the key k utilizing it to preserve encrypts former ID and obtains ciphertext
, then this message is sent to background server by read write line, background server is deciphered
after obtain the former ID of label, can inquire by ID all information that this label comprises.
In rfid system, generally all can have
individual rfid interrogator
,
individual label
with a set of background server.Be the relation of multi-to-multi between rfid interrogator and label, in the different time periods, the information of multiple different legal rfid interrogator reading tag may be had, therefore some specific informations of label, as: multinomial
fto remain unchanged with the former ID in each label, and these privacy informations can not in transmission over networks.
In rfid system, rfid interrogator, label and background server are before deployment, and be all positioned under a tissue or unit control, therefore background server can be each label distribution multinomial
ffunction, can distribute unique former ID, commodity (or goods) information representated by its ID is kept in background server simultaneously.
In rfid system, when rfid interrogator reads label at every turn, No. ID (that is: ID ') that label responds first is all different, in order at ID ' number and key
kbetween set up one-to-one relationship, key calculates by random ID ' number of producing, that is:
.
In rfid system, follow the tracks of RFID label tag to resist illegal rfid interrogator, we have employed randomizer.No matter RFID label tag is read by legal rfid interrogator or is read by illegal rfid interrogator, and responding first of each RFID label tag all can produce different No. ID (that is: ID ') and random number
,
read write line is sent to, that is: after encryption
, thus the enciphered data that rfid interrogator is obtained at every turn is not identical, illegal rfid interrogator cannot realize the effective tracking to RFID label tag for this reason.
In the present invention, in order to ensure that RFID label tag can resist Replay Attack, label produces random number
, and utilize symmetric key
ktransmission after encryption, that is:
, wherein
the logical operation of statement XOR, ID ' is No. ID of change at random, when RFID label tag responds first, and its value is all different.Adopt the method while guarantee data confidentiality, the length of valid data can be shortened.
In the present invention, in order to prove the identity of RFID label tag, read write line produces random number
, send to label together with inquiry request, if label is legal, background server decrypt
rear acquisition
value and read write line send to background server
be worth identical, otherwise the identity of label is illegal.
In the present invention, in order to prove the identity of rfid interrogator, label is to the response message received
be decrypted, then with the random number of its generation
carry out XOR, if the ID ' value obtained is identical with the ID ' value of its preservation, then the identity of rfid interrogator is verified, otherwise rfid interrogator is illegal.
In the present invention, in order to obtain the correct information that RFID label tag comprises, rfid interrogator is by after authentication, and RFID label tag is by after its former No. ID encryption
send to rfid interrogator, background server is according to the former ID query-related information of this label.
Claims (1)
1. a method for secret protection for rfid system, is characterized in that, comprises following step:
(1) rfid interrogator inquiry label:
First read write line produces random number
, together with inquiry request Query form inquiry request message
, Query} sends to label;
(2) tag responses rfid interrogator:
Label receive inquiry request message that rfid interrogator sends over
, after Query}, first produce random number
, then produce a tag number ID ' at random, calculate symmetric key
, will
,
with ID ' combines
, then, label produces enciphered message
, finally by response message
, ID ' } and send to rfid interrogator, wherein F represents the function of computation key k,
represent the function utilizing key k to encrypt,
represent linked operation symbol;
(3) rfid interrogator submits checking request to background server:
If rfid interrogator is illegal, so it can not responsive tags send message; If rfid interrogator is legal, so it receive from label response message
, ID ' } after, together with the random number that oneself produces
send to background server by escape way together, its submit to checking request be
, ID ',
;
(4) identity of background server checking label:
Background server receive rfid interrogator checking request
, ID ',
after, first utilize ID ' computation key
, then utilize k decrypt
obtain
with
if, after deciphering
to produce with read write line
identical, then label is legitimate tag, otherwise label is illegal;
(5) background server submits checking request to legitimate tag:
After background server demonstrates the legal identity of label, will decipher
message obtains
xOR is carried out with ID '
, then utilize symmetric key
kproduce enciphered message
, send to label by read write line;
(6) identity of label checking rfid interrogator:
Label receives the encrypting messages from read write line
after, first utilize the key that it is preserved
kdeciphering, obtains random number
if obtained
value is with its generation
be worth identical, then demonstrate the identity of rfid interrogator;
(7) label transmits the primary ID of this label to RFID:
After label demonstrates the identity of read write line, utilize the key that it is preserved
kthe primary ID encrypting this label obtains ciphertext
, then by ciphertext
send to background server by read write line, background server is deciphered
after obtain the primary ID of this label, can inquire by this ID all information that this label comprises.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201210363174.5A CN102904723B (en) | 2012-09-26 | 2012-09-26 | Privacy protection method of radio frequency identification device (RFID) system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201210363174.5A CN102904723B (en) | 2012-09-26 | 2012-09-26 | Privacy protection method of radio frequency identification device (RFID) system |
Publications (2)
Publication Number | Publication Date |
---|---|
CN102904723A CN102904723A (en) | 2013-01-30 |
CN102904723B true CN102904723B (en) | 2015-07-08 |
Family
ID=47576777
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201210363174.5A Active CN102904723B (en) | 2012-09-26 | 2012-09-26 | Privacy protection method of radio frequency identification device (RFID) system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN102904723B (en) |
Families Citing this family (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103227793A (en) * | 2013-04-27 | 2013-07-31 | 无锡昶达信息技术有限公司 | RFID equipment layer information security transfer method and device based on random sequence |
CN103679349A (en) * | 2013-11-28 | 2014-03-26 | 国家电网公司 | Android based cellphone inspection terminal system |
CN104683108B (en) * | 2015-03-05 | 2018-03-06 | 西安电子科技大学 | Cancel the safety certifying method of one card for multiple uses RFID tag application |
CN106446743B (en) * | 2016-09-30 | 2019-01-18 | 西安交通大学 | Detection method for illegal tampering of ultrahigh frequency RFID (radio frequency identification) label based on physical layer |
CN116996874A (en) * | 2022-04-26 | 2023-11-03 | 华为技术有限公司 | Security verification method and device |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101217362A (en) * | 2007-12-29 | 2008-07-09 | 中山大学 | RFID communication security mechanism established based on dynamic randomization DRNTRU public key encryption system |
CN201886511U (en) * | 2010-09-26 | 2011-06-29 | 嘉钛华数码科技(天津)有限公司 | Hospital baby safety supervision system based on RFID |
CN102497264A (en) * | 2011-11-10 | 2012-06-13 | 西安电子科技大学 | RFID security authentication method based on EPC C-1G-2 standard |
-
2012
- 2012-09-26 CN CN201210363174.5A patent/CN102904723B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101217362A (en) * | 2007-12-29 | 2008-07-09 | 中山大学 | RFID communication security mechanism established based on dynamic randomization DRNTRU public key encryption system |
CN201886511U (en) * | 2010-09-26 | 2011-06-29 | 嘉钛华数码科技(天津)有限公司 | Hospital baby safety supervision system based on RFID |
CN102497264A (en) * | 2011-11-10 | 2012-06-13 | 西安电子科技大学 | RFID security authentication method based on EPC C-1G-2 standard |
Also Published As
Publication number | Publication date |
---|---|
CN102904723A (en) | 2013-01-30 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106712962B (en) | Bidirectional authentication method and system for mobile RFID system | |
CN101847199B (en) | Security authentication method for radio frequency recognition system | |
Fan et al. | An ultra-lightweight RFID authentication scheme for mobile commerce | |
CN102882683B (en) | Synchronizable RFID (radio-frequency identification) security authentication method | |
CN103020671A (en) | Radio frequency identification bidirectional authentication method based on hash function | |
CN102904723B (en) | Privacy protection method of radio frequency identification device (RFID) system | |
Chen et al. | The design of RFID access control protocol using the strategy of indefinite-index and challenge-response | |
CN101882197A (en) | RFID (Radio Frequency Identification Device) inquiring-response safety certificate method based on grading key | |
CN102684872B (en) | Safety communication method for ultrahigh frequency radio-frequency identification air interface based on symmetrical encryption | |
Chen et al. | A secure ownership transfer protocol using EPCglobal Gen-2 RFID | |
CN104333539A (en) | RFID security authentication method based on Chebyshev mapping | |
Gharooni et al. | A confidential RFID model to prevent unauthorized access | |
CN103227793A (en) | RFID equipment layer information security transfer method and device based on random sequence | |
KR20120072032A (en) | The system and method for performing mutual authentication of mobile terminal | |
CN101739540B (en) | Label reader-writer and data communication method and system of radio frequency label | |
CN103944721A (en) | Method and device for protecting terminal data security on basis of web | |
Li et al. | Emap: An efficient mutual authentication protocol for passive RFID tags | |
Xin et al. | An efficient privacy-preserving RFID ownership transfer protocol | |
Chen et al. | A rfid authentication protocol for epidemic prevention and epidemic emergency management systems | |
KR101215155B1 (en) | System for and method of protecting communication between reader and tag in rfid system | |
KR101162626B1 (en) | A secure and efficient method and RFID reader device of searching a RFID tag | |
Yin et al. | Keep all mobile users′ whereabouts secure: A radio frequency identification protocol anti‐tracking in 5G | |
KR100760044B1 (en) | System for reading tag with self re-encryption protocol and method thereof | |
Wang et al. | Research on security protocol of RFID system based on public key cryptography | |
Stannard et al. | Am I in good company? A privacy-protecting protocol for cooperating ubiquitous computing devices |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
TR01 | Transfer of patent right |
Effective date of registration: 20210311 Address after: 210049 10 Ma Qun Road, Qixia District, Nanjing, Jiangsu. Patentee after: JIANGSU INTELLITRAINS Co.,Ltd. Address before: 210049 Sanbao science and Technology Park, 10 Ma Qun Road, Qixia District, Nanjing, Jiangsu Patentee before: NANJING SAMPLE TECHNOLOGY Co.,Ltd. |
|
TR01 | Transfer of patent right |