CN102932355A - Anonymous attestation method based on radio frequency identification (RFID) - Google Patents

Anonymous attestation method based on radio frequency identification (RFID) Download PDF

Info

Publication number
CN102932355A
CN102932355A CN2012104348753A CN201210434875A CN102932355A CN 102932355 A CN102932355 A CN 102932355A CN 2012104348753 A CN2012104348753 A CN 2012104348753A CN 201210434875 A CN201210434875 A CN 201210434875A CN 102932355 A CN102932355 A CN 102932355A
Authority
CN
China
Prior art keywords
authentication
client
information
service end
daa
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN2012104348753A
Other languages
Chinese (zh)
Inventor
季白杨
易建军
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
HANGZHOU SUNYARD SYSTEM ENGINEERING Co Ltd
Original Assignee
HANGZHOU SUNYARD SYSTEM ENGINEERING Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by HANGZHOU SUNYARD SYSTEM ENGINEERING Co Ltd filed Critical HANGZHOU SUNYARD SYSTEM ENGINEERING Co Ltd
Priority to CN2012104348753A priority Critical patent/CN102932355A/en
Publication of CN102932355A publication Critical patent/CN102932355A/en
Pending legal-status Critical Current

Links

Images

Landscapes

  • Mobile Radio Communication Systems (AREA)

Abstract

The invention discloses an anonymous attestation method based on RFID. The method includes obtaining a direct anonymous attestation (DAA) certificate from a DAA center and registering; sending RFID identification information to a server and obtaining a service certificate of the server from the DAA center; performing legality attestation on the server according to the service certificate; and sending anonymous signing information to the legality attested server and receiving identity attestation. After adoption of the technical scheme, a safe and rapid identity attestation mode is built, safety of user data is guaranteed, and identities of clients and servers can be prevented from being stolen maliciously.

Description

Anonymous authentication method based on radio-frequency (RF) identification
Technical field
The present invention relates to communication technical field, relate in particular to a kind of anonymous authentication method based on radio-frequency (RF) identification.
Background technology
RFID(Radio FrequencyIdentification) be REID, that a kind of radiofrequency signal of utilizing need not to contact the technology that can automatically identify destination object and obtain relevant information, its application expanding day, now relate to the various aspects of people's daily life, and will become a basic technology of Future Information social construction.
The electronic service form that combines based on RFID and mobile communications network has now appearred, for people's daily life bring more convenient.This mobile client that need to have RFID based on the form of RFID and mobile communications network, this mobile client need to be carried out data communication with electronic service supplier's service end and from the authentication center of mobile communication carrier, the fail safe of present above-mentioned data communication is not strong, the identity of mobile client and service end is maliciously forged easily, cause user data information to be revealed or usurp, need a kind of safer more hidden identification authentication mode, guarantee the data security of user when using service.
Summary of the invention
The object of the invention is to propose a kind of anonymous authentication method of radio-frequency (RF) identification, between client and service end, set up a kind of safe and efficient identification authentication mode, guarantee the safety of user data, prevent that the identity of client and service end from maliciously being usurped.
For reaching this purpose, the present invention by the following technical solutions:
A kind of anonymous authentication method based on radio-frequency (RF) identification, the method comprises:
Obtain the DAA certificate and register from Direct Anonymous authentication (Direct Anonymous Attestation, DAA) authentication center;
Send radio-frequency (RF) identification sign information to service end and obtain the certificate of service of described service end from described DAA authentication center;
According to described certificate of service service end is carried out the legitimacy authentication;
Send anonymity signature information and accept the authentication of described service end to the service end by the authentication of described legitimacy.
A kind of anonymous authentication method based on radio-frequency (RF) identification, the method comprises:
Receive the radio-frequency (RF) identification sign information of client and send described radio-frequency (RF) identification sign information to DAA authentication center;
Receive described DAA authentication center confirmation;
Accept the legitimacy authentication of described client;
By receiving the anonymity signature information of described client and described client carried out authentication after the described legitimacy authentication;
Send service information to the client by described authentication.
A kind of anonymous authentication method based on radio-frequency (RF) identification, the method comprises:
Receive the service end log-on message, send certificate of service to described service end;
Receive the client log-on message, send the DAA certificate to described client;
Receive the described client radio-frequency (RF) identification sign information that service end sends;
Send confirmation to described service end, send the certificate of service of described service end to described client, to confirm described client described service end is carried out the legitimacy authentication, described service end is carried out authentication to described client.
Adopt technical scheme of the present invention, set up a kind of safe and efficient identification authentication mode, guarantee the safety of user data, prevent that the identity of client and service end from maliciously being usurped.
Description of drawings
Fig. 1 is the flow chart based on the anonymous authentication method of radio-frequency (RF) identification that the embodiment of the invention one provides.
Fig. 2 is the flow chart based on the anonymous authentication method of radio-frequency (RF) identification that the embodiment of the invention two provides.
Fig. 3 is the flow chart based on the anonymous authentication method of radio-frequency (RF) identification that the embodiment of the invention three provides.
Fig. 4 is the structural representation based on the anonymous authentication system of radio-frequency (RF) identification that the embodiment of the invention four provides.
Embodiment
Further specify technical scheme of the present invention below in conjunction with accompanying drawing and by embodiment.
Fig. 1 is the flow chart based on the anonymous authentication method of radio-frequency (RF) identification that the embodiment of the invention one provides, and may further comprise the steps:
S101 obtains the DAA certificate and registers from DAA authentication center.
Client adds the authentication system of DAA authentication center, and DAASeed is the inner secret seed K of client ILong-term public key for described DAA authentication center.Client at first utilizes it to generate key to (IK M, PK M), and announcement PKI PK wherein MAnd between the DAA authentication center safety communications conduit.
Client is sent to Virtual network operator DAA authentication center with identification information.
Receive the first authentication information of described DAA authentication center; After the user identity audit of the identification information that described the first authentication information refers to client by described DAA authentication center, random number n selects in DAA authentication center a← { 0,1} q, wherein 1 qBe given security parameter, with the PKI PK of described client MIt is encrypted, generates
Figure BDA00002349091100031
Then send it to described client.
Generate the second authentication information and be sent to described DAA authentication center according to described the first authentication information; Behind described the first authentication information of client, utilize private key SK MTo its deciphering, calculate f ← H (DAASeed||cnt||K I), wherein cnt is for calculating number, and client is set as its private key with f, and next, client is selected random number r f← Z P, calculate U ← r f.g 1, F ← f.g 1, c ← H (ipk k|| n i|| U||F) and w ← r f-c.f (modq) arranges the second authentication information comm ← (F, c, w, n i), then the second authentication information is sent to DAA authentication center.
When described the first authentication information is identical with characteristic parameter in the second authentication information, receive the certificate of certification of DAA authentication center.Client sends the second authentication information to DAA authentication center, the checking n of DAA authentication center iWhether identical with the value that sends, then stop such as difference; And according to F ← f.g 1Whether checking f is stored among the trusted client revocation list RL; U ' ← w.g calculates in DAA authentication center 1+ c.F, c ' ← H (ipk k|| n i|| U ' || F), and verify whether c=c ' sets up, if unequal, then stop.Next, r ← { 0,1} q, calculate A ← rg 1, B ← yA, then C ← (xA+rxyF), then generate the DAA certificate cre=(A, B, C) of described client is sent to cre described client.
Carry out certification authentication, send the extremely described DAA of the information that is proved to be successful authentication center.After described client is received the DAA certificate, from cre, extract B, calculate D ← fB, checking e (A, Y)=e (B, g 2), or e (A+D, X)=e (C, g 2) whether equate, if unequal then termination, if equate then to send successful information Join_OK to DAA authentication center.
Receive the radio-frequency (RF) identification sign that described DAA authentication center distributes.After the certification authentication success message is received by DAA authentication center, be a sign of the RFID read-write equipment distribution ID of described client u, and the service acquisition key s of generation RFID read-write equipment u=H (ID u|| x||y), then calculate P u=s uG 1, set up the account information of described client.
S102 sends radio-frequency (RF) identification sign information to service end and obtains the certificate of service of described service end from described DAA authentication center.
Client is selected the service provider, sends RFID read-write equipment sign ID to its service end uService end is according to described RFID read-write equipment sign ID uRequest DAA authentication center verifies this client; DAA authentication center notifies described service end after verifying described client success, and to described client push Applet Secure Application.
After client is installed described Applet Secure Application, obtain the certificate of service of described service end from described DAA authentication center.Use ID IObtain the certificate of service cert of described service end from DAA authentication center I, and with its safe storage to carry out two-way authentication with described service end.
S103 carries out the legitimacy authentication according to described certificate of service to service end.
Described client generates random number n R∈ Z P, it is sent to service end as challenge information.
Described service end is selected random number n I∈ { 0,1} q, and compute signature Then with response message (ID I, n I, Sig I) be sent to described client.
Verify the legitimacy of described service end according to described response message and described certificate of service.The response message that client is sent to described service end is used the ID ' in the described response message ISearch corresponding certificate of service Cert I, and utilize the in advance random number n of storage RCalculate m R← H (ID I', Cert I, n R, n I).Client is from Cert IIn obtain the PKI PK of described service end I, PK uses public-key I, signing messages Sig IAnd m RVerify the legitimacy of described service end identity, if do not pass through, show that then described service end does not possess corresponding service qualification, may have the malice property.
S104 sends anonymity signature information and accepts the authentication of described service end to the service end by the authentication of described legitimacy.
After having verified the legitimacy of described service end among the S103, anonymity signature is carried out in described client inside, and described client is selected t ∈ Z at random P, calculate A ' ← tA, B ' ← tB, C ' ← tC and D ' ← tD arranges cre ' ← (A ', B ', C '), calculate h ← Hash (cre ' || n I), O ← tg 1
Calculate its assumed name Pid ← ( s u · t - 1 ) ⊕ H ( ID I | | n R | | n I | | O ) , J = H ( ID I ) ;
Generate random number, n M← { 0,1} q, select l ← Z P, calculating K ← fJ, R ← lB ' arranges str ← J||K||R, calculates m ← Hash (h||str||n M), i ← i+mf (modq);
It is σ ← (K, m, i, J, cre ', n that the signature value is set M, n I), and with the PKI PK of described service end IEncrypting O generates With anonymity signature information
Figure BDA00002349091100054
Be sent to described service end.
After described service end is received described anonymity signature information, (1)
Figure BDA00002349091100055
The I calculating K '=f ' J, if there is K '=K, show that then described client is malicious client, refusal provides service; (2) calculate J '=H (ID I), whether checking J=J ' confirms described client to its request service, if unequal, then denial of service; (3) checking e (A ', Y)=e (B ', g 2) and e (A '+D ', X)=e (C ', g 2), if equate then continue, if the unequal then service that stops provides; (4) calculate R ' ← iB '-mD ', and h ' ← H (A ' || B ' || C ' || D ' || n I), and str ' ← J||K||R/ is set, and calculating m ' ← Hash (h ' || str ' || n M), relatively whether m '=m equates, if equate then can verify the legitimacy of described client, if unequal, then stops.
Above-mentioned checking utilizes SK after all passing through IDeciphering
Figure BDA00002349091100061
Therefrom extract O, then calculate
Figure BDA00002349091100062
Calculate Ind u=((s uT -1) g 1, A '), described service end sends client indexes information Ind uTo DAA authentication center, request judges whether described client exists and effectively.After DAA authentication center beamed back acknowledge message, described service end was finished the authentication to described client, just can provide service to described client, and described client begins to receive the information on services of described service end.
Fig. 2 is the flow chart based on the anonymous authentication method of radio-frequency (RF) identification that the embodiment of the invention two provides, and may further comprise the steps:
S201 receives the radio-frequency (RF) identification sign information of client and sends described radio-frequency (RF) identification sign information to DAA authentication center.
Service end is received the radio-frequency (RF) identification sign Information ID that described client is sent uAfter, with described radio-frequency (RF) identification sign Information ID uBe sent to DAA authentication center, verify this client identity.
S202 receives described DAA authentication center confirmation.After service end is received the affirmation information of described DAA authentication center, confirm to carry out two-way authentication with described client.
S203 accepts the legitimacy authentication of described client.
Accept the challenge information of client, described challenge information is the random number n that described client generates R∈ Z P
Generate response message and be sent to described client according to described challenge information and carry out the legitimacy authentication.Described service end is selected random number n I∈ { 0,1} q, and compute signature
Figure BDA00002349091100063
Then with response message (ID I, n I, Sig I) be sent to described client.
S204 is by receiving the anonymity signature information of described client and described client is carried out authentication after the described legitimacy authentication.
If passed through the legitimacy authentication of described client, service end can be received the anonymity signature information of described client.Described client is selected t ∈ Z at random P, calculate A ' ← tA, B ' ← tB, C ' ← tC and D ' ← tD arranges cre ' ← (A ', B ', C '), calculate h ← Hash (cre ' || n I), O ← tg 1
Calculate its assumed name Pid ← ( s u · t - 1 ) ⊕ H ( ID I | | n R | | n I | | O ) , J = H ( ID I ) ;
Generate random number, n M← { 0,1} q, select l ← Z P, calculating K ← fJ, R ← lB ' arranges str ← J||K||R, calculates m ← Hash (h||str||n M), i ← i+mf (modq);
It is σ ← (K, m, i, J, cre ', n that the signature value is set M, n I), and with the PKI PK of described service end IEncrypting O generates
Figure BDA00002349091100072
With anonymity signature information
Figure BDA00002349091100073
Be sent to described service end.
After described service end is received described anonymity signature information, (1)
Figure BDA00002349091100074
The I calculating K '=f ' J, if there is K '=K, show that then described client is malicious client, refusal provides service; (2) calculate J '=H (ID I), whether checking J=J ' confirms described client to its request service, if unequal, then denial of service; (3) checking e (A ', Y)=e (B ', g 2) and e (A '+D ', X)=e (C ', g 2), if equate then continue, if the unequal then service that stops provides; (4) calculate R ' ← iB '-mD ', and h ' ← H (A ' || B ' || C ' || D ' || n I), and str ' ← J||K||R/ is set, and calculating m ' ← Hash (h ' || str ' || n M), relatively whether m '=m equates, if equate then can verify the legitimacy of described client, if unequal, then stops.
Above-mentioned checking utilizes SK after all passing through IDeciphering
Figure BDA00002349091100075
Therefrom extract O, then calculate Calculate Ind u=((s uT -1) g 1, A '), described service end sends client indexes information Ind uTo DAA authentication center, request judges whether described client exists and effectively.After DAA authentication center beamed back acknowledge message, described service end was finished the authentication to described client.
S205 sends service information to the client by described authentication.Described service end is finished the authentication to described client, just can provide service to described client, and described client begins to receive the information on services of described service end.
Fig. 3 is the flow chart based on the anonymous authentication method of radio-frequency (RF) identification that the embodiment of the invention three provides, and may further comprise the steps:
S301 receives the service end log-on message, sends certificate of service to described service end.
System of DAA authentication center carries out first initialization, given security parameter 1 q, select asymmetric double linear group (G 1, G 2) and mapping function e:G 1* G 2→ G T, wherein, g 1, g 2Be divided into G 1, G 2Generator, the order of a group number is large prime number p.Select at random again x, y ∈ Z pAs its private key isk k, and calculate X ← xg 2∈ G 2, Y ← yg 2∈ G 2Next select One-way Hash function a: H:{0,1} *→ Z p, and initialization malice mobile client revocation list is empty: RL ← Ф.The PKI of described DAA authentication center and private key are to being: (ipk k, isk k)=((G 1, G 2, G T, g 1, g 2, p, e, X, Y, H), (x, y)).
The log-on message that reception need to be sent in the service end of described DAA authentication center registration, described DAA authentication center sends certificate of service Cert vTo described service end, its corresponding key is to being: (PK v, IK v).
S302 receives the client log-on message, sends the DAA certificate to described client.
DAA authentication center receives the identification information of client.
DAA authentication center generates the first authentication information and is sent to described client according to described identification information.DAA authentication center examines described client identity, after audit is passed through, selects random number n a← { 0,1} q, with the PKI PK of described client MIt is encrypted, generates the first authentication information Then send it to described client.
DAA authentication center receives the second authentication information of described client.Described the second authentication information utilizes private key SK after being described the first authentication information of client MTo its deciphering, calculate f ← H (DAASeed||cnt||K I), wherein cnt is for calculating number, and client is set as its private key with f, and next, client is selected random number r f← Z P, calculate U ← r f.g 1, F ← f.g 1, c ← H (ipk k|| n i|| U||F) and w ← r f-c.f (modq) arranges the second authentication information comm ← (F, c, w, n i), then described the second authentication information is sent to DAA authentication center.
When described the first authentication information is identical with characteristic parameter in the second authentication information, send the DAA certificate of certification to described client.DAA authentication center verifies the n of described the second authentication information iWhether identical with the value that sends, then stop such as difference; And according to F ← f.g 1Whether checking f is stored among the trusted client revocation list RL; U ' ← w.g calculates in DAA authentication center 1+ c.F, c ' ← H (ipk k|| n i|| U ' || F), and verify whether c=c ' sets up, if unequal, then stop.Next, r ← { 0,1} q, calculate A ← rg 1, B ← yA, then C ← (xA+rxyF), then generate the DAA certificate cre=(A, B, C) of described client is sent to cre described client.
Receive the certification authentication successful information of described client.When described client is received the DAA certificate, from cre, extract B, calculate D ← fB, checking e (A, Y)=e (B, g 2), or e (A+D, X)=e (C, g 2) whether equate, if unequal then termination, if equate then to send successful information Join_OK to DAA authentication center.
Distribute radio-frequency (RF) identification to identify to described client.After the certification authentication success message is received by DAA authentication center, be a sign of the RFID read-write equipment distribution ID of described client uAnd be sent to described client, generate the service acquisition key s of RFID read-write equipment u=H (ID u|| x||y), then calculate P u=s uG 1, set up the account information of described client.
S303 receives the described client radio-frequency (RF) identification sign information that service end sends.The radio-frequency (RF) identification sign Information ID of the described client that DAA authentication center reception service end is received u, help described service end to verify this client identity.
S304 sends confirmation to described service end, sends the certificate of service of described service end to described client, to confirm described client described service end is carried out the legitimacy authentication, and described service end is carried out authentication to described client.
DAA authentication center is according to ID uVerify whether described client exists, if exist, DAA authentication center will be according to ID uCorresponding client identity sign sends an acknowledgement message to described client.
DAA authentication center receives after the affirmation message of described client feedback, and this message feedback to described service end, and is used its identification information ID IThen initialization Java Applet Secure Application is used this Applet by the OTA technology and is pushed to described client.
After described client installation Applet finished, DAA authentication center was according to ID ISend certificate of service cert ITo described client, and it is stored securely in the described client, to confirm that described client can carry out two-way authentication with described service end, namely described client is carried out the legitimacy authentication to described service end, and described service end is carried out authentication to described client.
The present invention also provides a kind of anonymous authentication system based on radio-frequency (RF) identification according to above-mentioned three embodiment, the structure of this system as shown in Figure 4, comprise: client, service end and DAA authentication center, described client comprises mobile trustable computation module, host module and RFID module for reading and writing.The verification process based on the anonymous authentication agreement of RFID that described system realizes comprises DAA authentication center system initialization, client registration, the initialization of RFID module for reading and writing, anonymity signature scheme and five parts of signature verification.
(1) DAA authentication center system initialization: given security parameter 1 q, the described DAA selection asymmetric double linear group (G of authentication center 1, G 2) and mapping function e:G 1* G 2→ G T, wherein, g 1, g 2Be divided into G 1, G 2Generator, the order of a group number is large prime number p; Select at random x, y ∈ Z pAs its private key isk k, and calculate X ← xg 2∈ G 2, Y ← yg 2∈ G 2Next, select One-way Hash function a: H:{0,1} *→ Z p, and initialization malice mobile trustable computation module revocation list is empty: RL ← Ф.The PKI of DAA authentication center and private key are to being: (ipk k, isk k)=((G 1, G 2, G T, g 1, g 2, p, e, X, Y, H), (x, y)).
Service end is obtained the qualification that service is provided in the place's registration of DAA authentication center.DAA authentication center issues certificate of service Cert to service end v, its corresponding key is to being: (PK v, IK v).
(2) client registration process: suppose that DAASeed is the inner mobile trustable computation module secret seed of client K ILong-term public key for DAA authentication center.Mobile trustable computation module at first utilizes it to generate key to (IK M, PK M), and announce its PKI PK MWith and DAA authentication center between safety communications conduit.Registration process is as follows:
Step 1: client is sent to corresponding Virtual network operator DAA authentication center with its identification information.
Step 2: DAA authentication center audit client identity, after audit is passed through, select random number n a← { 0,1} q, with the PKI PK of mobile trustable computation module MIt is encrypted, generates the first authentication information
Figure BDA00002349091100111
Then send it to client;
Step 3: behind described the first authentication information of client, mobile trustable computation module utilizes its private key SK MTo its deciphering, calculate f ← H (DAASeed||cnt||K I), wherein cnt is for calculating number, and mobile trustable computation module is set as its private key with f, and next, mobile trustable computation module is selected random number r f← Z P, calculate U ← r f.g 1, F ← f.g 1, c ← H (ipk k|| n i|| U||F) and w ← r f-c.f (modq) arranges the second authentication information comm ← (F, c, w, n i), then described the second authentication information comm is sent to DAA authentication center.
Step 4: after receiving the second authentication information of mobile trustable computation module transmission, the checking n of DAA authentication center iWhether identical with the value that sends, then stop such as difference, and according to F ← f.g 1Whether checking f is stored among the revocation list RL; Calculate U ' ← w.g 1+ c.F, c ' ← H (ipk k|| n i|| U ' || F), and whether checking c=c ' sets up.If unequal, then stop.Next, r ← { 0,1} q, calculate A ← rg 1, B ← yA, C ← (xA+rxyF), then generate DAA certificate cre=(A, B, C) then is sent to cre the mobile trustable computation module of client.
Step 5: after mobile trustable computation module is received certificate, from cre, extract B, calculate D ← fB, then cre and D are forwarded to host module.
Step 6: host module checking e (A, Y)=e (B, g 2), or e (A+D, X)=e (C, g 2) whether equate, if unequal then termination, if equate then to send successful information Join_OK to DAA authentication center;
Step 7: after the certification authentication success message is received by DAA authentication center, be a sign of the RFID module for reading and writing distribution ID of client u, and the service acquisition key s of generation RFID SMS module u=H (ID u|| x||y), then calculate P u=s uG 1, set up the account information (Ind of client u, Acc u).
(3) RFID module for reading and writing initialization: in this Verification System, the RFID module for reading and writing is in the smart card pattern, the radiofrequency signal that the simulated intelligence card sends with the response card reader.In order to carry out alternately with service end, to obtain corresponding service, the RFID module for reading and writing corresponding security strategy of needs and Secure Application.Therefore, before authenticating with DAA authentication center, the RFID module for reading and writing need to carry out initialization.Initialized step is as follows:
Step 1: client is selected service end, with RFID module for reading and writing sign ID uBe sent to described service end.
Step 2: service end is at first with ID uBe sent to DAA authentication center, verify described client identity.
Step 3: DAA authentication center is according to ID uVerify whether described client exists, if exist, DAA authentication center will be according to ID uCorresponding client identity sign sends an acknowledgement message to described client.
Step 4: after receiving the affirmation message of described client, DAA authentication center to described service end, uses its identification information ID with this message feedback IThen initialization Java Applet Secure Application uses Applet the RFID module for reading and writing that pushes to client by the OTA technology.
Step 5: the RFID module for reading and writing with the Applet installation after, use ID IObtain the certificate of service cert of service end from DAA authentication center I, and it is stored securely in the RFID module for reading and writing to carry out two-way authentication with service end.
(4) anonymity signature scheme: if authentication is unidirectional, only have service end that client is authenticated, client is when obtaining service, service end is not authenticated, this will cause the assailant pretend to become legal service end to the user cheat, impersonation attack, to obtain the individual subscriber privacy information, harm user's legitimate interests.Therefore, in RFID anonymous authentication agreement, client is at first carried out authentication to service end, confirm as legal service end after, just carry out anonymous authentication.The process of anonymous authentication comprises that client to authentication and the anonymity signature scheme of service end, the steps include:
Step 1: the RFID module for reading and writing of client generates random number n R∈ Z P, it is sent to service end as challenge information;
Step 2: service end is selected random number n I∈ { 0,1} q, and compute signature
Figure BDA00002349091100121
, then with response message (ID I, n I, Sig I) be sent to the RFID module for reading and writing.
Step 3: after receiving the response message that service end sends, the RFID module for reading and writing uses the ID ' in the response message ISearch corresponding certificate of service Cert I, and utilize the in advance random number n of storage RCalculate m R← H (ID I', Cert I, n R, n I), the RFID module for reading and writing is from Cert IIn obtain the PKI PK of service end I, then with PK I, Sig IAnd m RBe forwarded to host module.
Step 4: host module uses the PKI PK of service end I, signing messages Sig IAnd m RThe legitimacy of service for checking credentials end identity.If do not pass through, show that then service end does not possess corresponding qualification, may have the malice property.If pass through, host module is selected t ∈ Z at random P, calculate A ' ← tA, B ' ← tB, C ' ← tC and D ' ← tD arranges cre ' ← (A ', B ', C '), calculate h ← Hash (cre ' || n I), O ← tg 1, then host module is with O, and t is sent to the RFID module for reading and writing.
Step 5: the RFID module for reading and writing calculates its assumed name Pid ← ( s u · t - 1 ) ⊕ H ( ID I | | n R | | n I | | O ) , J = H ( ID I ) , Then J is forwarded to host module, host module is with h, and B ' and J are forwarded to mobile trustable computation module.
Step 6: mobile trustable computation module generates random number, n M← { 0,1} q, select l ← Z P, calculating K ← fJ, R ← lB ' arranges str ← J||K||R, calculates m ← Hash (h||str||n M), i ← i+mf (modq) is then with (K, m, i, n M) be sent to host module.
Step 7: it is σ ← (K, m, i, J, cre ', n that host module arranges the signature value M, n I), and with the PKI PK of service end IEncrypting O generates
Figure BDA00002349091100132
And being forwarded to the RFID module for reading and writing, the RFID module for reading and writing is with anonymity signature information
Figure BDA00002349091100133
Be sent to service end.
(5) signature verification: in proof procedure, the signature that service end generates by checking client is confirmed the legitimacy of client, the assumed name that provides according to client calculates client account index, confirm under the help of DAA authentication center whether the client account exists, demand according to client provides service, the steps include:
Step 1:
Figure BDA00002349091100134
The service end calculating K '=f ' J, if there is K '=K, show that then the mobile trustable computation module of client is the malice mobile platform, refusal provides service;
Step 2: service end is calculated J '=H (ID I), whether checking J=J ' confirms the RFID module for reading and writing to its request service, if unequal, then denial of service;
Step 3: service end checking e (A ', Y)=e (B ', g 2) and e (A '+D ', X)=e (C ', g 2), if equate then continue, if the unequal then service that stops provides;
Step 4: service end is calculated R ' ← iB '-mD ', and h ' ← H (A ' || B ' || C ' || D ' || n I), and str ' ← J||K||R/ is set, and calculating m ' ← Hash (h ' || str ' || n M), relatively whether m '=m equates, if but equate then the legitimacy of checking client, if unequal, then stop.
Step 5: service end is utilized SK IDeciphering
Figure BDA00002349091100141
Therefrom extract O, then calculate
Figure BDA00002349091100142
Calculate Ind u=((s uT -1) g 1, A ').Service end sends account's index Ind uTo DAA authentication center, request judges whether described client exists and effectively;
Step 6: after DAA authentication center beamed back acknowledge message, service end was finished the authentication to client, just can provide service to described client.
Step 7: client is obtained after the service, and service end can be sent information on services to client.Finish thus the whole process of anonymous authentication.
Adopt technical scheme of the present invention, set up a kind of safe and efficient identification authentication mode, guarantee the safety of user data, prevent that the identity of client and service end from maliciously being usurped.
The above; only for the better embodiment of the present invention, but protection scope of the present invention is not limited to this, anyly is familiar with the people of this technology in the disclosed technical scope of the present invention; the variation that can expect easily or replacement all should be encompassed within protection scope of the present invention.Therefore, protection scope of the present invention should be as the criterion with the protection range of claim.

Claims (10)

1. anonymous authentication method based on radio-frequency (RF) identification is characterized in that the method comprises:
Obtain the DAA certificate and register from Direct Anonymous authentication (Direct Anonymous Attestation, DAA) authentication center;
Send radio-frequency (RF) identification sign information to service end and obtain the certificate of service of described service end from described DAA authentication center;
According to described certificate of service service end is carried out the legitimacy authentication;
Send anonymity signature information and accept the authentication of described service end to the service end by the authentication of described legitimacy.
2. the method for claim 1 is characterized in that, described acquisition Direct Anonymous certificate of certification is also registered, and further comprises:
Send identification information to DAA authentication center;
Receive the first authentication information of described DAA authentication center;
Generate the second authentication information and be sent to described DAA authentication center according to described the first authentication information;
When described the first authentication information is identical with characteristic parameter in the second authentication information, receive the certificate of certification of DAA authentication center;
Carry out certification authentication, send the extremely described DAA of the information that is proved to be successful authentication center;
Receive the radio-frequency (RF) identification sign that described DAA authentication center distributes.
3. the method for claim 1 is characterized in that, describedly according to certificate of service service end is carried out legitimacy authentication, further comprises:
Generate challenge information and be sent to service end;
Receive the response message of described service end;
Verify the legitimacy of described service end according to described response message and described certificate of service.
4. the method for claim 1 is characterized in that, after the authentication by described service end, further comprises:
Begin to receive the information on services of described service end.
5. anonymous authentication method based on radio-frequency (RF) identification is characterized in that the method comprises:
Receive the radio-frequency (RF) identification sign information of client and send described radio-frequency (RF) identification sign information to DAA authentication center;
Receive described DAA authentication center confirmation;
Accept the legitimacy authentication of described client;
By receiving the anonymity signature information of described client and described client carried out authentication after the described legitimacy authentication;
Send service information to the client by described authentication.
6. method as claimed in claim 5 is characterized in that, accepts the legitimacy authentication of described client, further comprises:
Accept the challenge information of client;
Generate response message and be sent to described client according to described challenge information and carry out the legitimacy authentication.
7. method as claimed in claim 5 is characterized in that, described client is carried out authentication, further comprises:
Judge the legitimacy of described client identity according to described anonymity signature information;
Generation possesses the index information of the client of legitimacy;
Send the extremely described DAA of described index information authentication center;
Receive the affirmation information of described DAA authentication center.
8. anonymous authentication method based on radio-frequency (RF) identification is characterized in that the method comprises:
Receive the service end log-on message, send certificate of service to described service end;
Receive the client log-on message, send the DAA certificate to described client;
Receive the described client radio-frequency (RF) identification sign information that service end sends;
Send confirmation to described service end, send the certificate of service of described service end to described client, to confirm described client described service end is carried out the legitimacy authentication, described service end is carried out authentication to described client.
9. method as claimed in claim 8 is characterized in that, described reception client log-on message sends the DAA certificate to described client, further comprises:
Receive the identification information of client;
Generate the first authentication information and be sent to described client according to described identification information;
Receive the second authentication information of described client;
When described the first authentication information is identical with characteristic parameter in the second authentication information, send the DAA certificate of certification to described client;
Receive the certification authentication successful information of described client;
Distribute radio-frequency (RF) identification to identify to described client.
10. method as claimed in claim 8 is characterized in that, described service end is carried out authentication to described client and further comprised:
Receive the client indexes information of described service end;
Send confirmation to described service end.
CN2012104348753A 2012-11-02 2012-11-02 Anonymous attestation method based on radio frequency identification (RFID) Pending CN102932355A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN2012104348753A CN102932355A (en) 2012-11-02 2012-11-02 Anonymous attestation method based on radio frequency identification (RFID)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN2012104348753A CN102932355A (en) 2012-11-02 2012-11-02 Anonymous attestation method based on radio frequency identification (RFID)

Publications (1)

Publication Number Publication Date
CN102932355A true CN102932355A (en) 2013-02-13

Family

ID=47647057

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2012104348753A Pending CN102932355A (en) 2012-11-02 2012-11-02 Anonymous attestation method based on radio frequency identification (RFID)

Country Status (1)

Country Link
CN (1) CN102932355A (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090129600A1 (en) * 2007-11-15 2009-05-21 Brickell Ernie F Apparatus and method for a direct anonymous attestation scheme from short-group signatures
CN102594551A (en) * 2012-03-31 2012-07-18 福建师范大学 Method for reliable statistics of privacy data on radio frequency identification (RFID) tag

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090129600A1 (en) * 2007-11-15 2009-05-21 Brickell Ernie F Apparatus and method for a direct anonymous attestation scheme from short-group signatures
CN102594551A (en) * 2012-03-31 2012-07-18 福建师范大学 Method for reliable statistics of privacy data on radio frequency identification (RFID) tag

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
吴俊军等: "一种基于可信计算的NFC认证模型", 《计算机工程与科学》 *

Similar Documents

Publication Publication Date Title
Wazid et al. Secure three-factor user authentication scheme for renewable-energy-based smart grid environment
CN101902476B (en) Method for authenticating identity of mobile peer-to-peer user
CN108964919A (en) The lightweight anonymous authentication method with secret protection based on car networking
CN102970682B (en) Direct anonymous attestation method applied to credible mobile terminal platform
CN101814991B (en) Mutual authentication method and system based on identity
CA2597475A1 (en) Secure bootstrapping for wireless communications
CN103929745B (en) Wireless MESH network access authentication system and method based on privacy protection
CN103297403A (en) Method and system for achieving dynamic password authentication
CN101777978A (en) Method and system based on wireless terminal for applying digital certificate and wireless terminal
CN101951388A (en) Remote attestation method in credible computing environment
CN104821933A (en) Device and method certificate generation
CN103532713A (en) Sensor authentication and sharing key generating method, sensor authentication and sharing key generating system and sensor
CN101540669A (en) Method for distributing keys and protecting information for wireless mobile communication network
CN104052608A (en) Certificate-free remote anonymous authentication method based on third party in cloud application
CN101931536B (en) Method for encrypting and authenticating efficient data without authentication center
Farooq et al. A survey of authentication techniques in vehicular ad-hoc networks
Shim Reconstruction of a secure authentication scheme for vehicular ad hoc networks using a binary authentication tree
CN103634796A (en) Space information network roaming and trusted security access method
WO2014069985A1 (en) System and method for identity-based entity authentication for client-server communications
CN107493165A (en) A kind of car networking certification and cryptographic key negotiation method with strong anonymity
CN105450623A (en) Access authentication method of electric automobile
CN104202170A (en) Identity authentication system and method based on identifiers
He et al. An accountable, privacy-preserving, and efficient authentication framework for wireless access networks
Ying et al. Efficient authentication protocol for secure vehicular communications
CN101192927A (en) Authorization based on identity confidentiality and multiple authentication method

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C12 Rejection of a patent application after its publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20130213