CN105046300A - RFID authentication method and RFID authentication system - Google Patents
RFID authentication method and RFID authentication system Download PDFInfo
- Publication number
- CN105046300A CN105046300A CN201510437132.5A CN201510437132A CN105046300A CN 105046300 A CN105046300 A CN 105046300A CN 201510437132 A CN201510437132 A CN 201510437132A CN 105046300 A CN105046300 A CN 105046300A
- Authority
- CN
- China
- Prior art keywords
- write line
- read write
- writer
- authentication code
- message authentication
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
The embodiment of the invention discloses an RFID (Radio Frequency Identification) authentication method and an RFID authentication system. According to the method, at least one identification bit number in pseudo random numbers is used for realizing the dynamic selection of labels, a reader-writer pre-shared value and a reader-writer pre-shared key; and the randomness of a protocol conversation period is improved. By aiming at the speciality and the limitation of an RFID system label and a reader-writer air interface, the method introduces an Hash-based message authentication code and a one-way Hash function to realize the forward security of an interaction message; an authentication mechanism is used for realizing the identity authenticity verification of a label and a reader-writer; and the secure data transmission problem of an RFID system is effectively solved. The method is practical and novel; a lightweight cryptology operator is used for identity verification; the dynamic performance of conversation period interaction data is improved; and the method is applicable to an RFID application scene with limited system resources.
Description
Technical field
The embodiment of the present invention relates to technical field of RFID, particularly relates to a kind of radio frequency identification authentication method and system.
Background technology
RFID (radio-frequency (RF) identification) technology utilizes the noncontact of radio frequency signal realize target object automatically to identify, is applied to the fields such as identification, safety anti-fake, communication and logistics, asset management gradually.As an emerging wireless recognition technique, RFID technique, as the typical radio sensing technology of Internet of things system, can realize article perception and information sharing in global range, have market application foreground widely.But due to the limitation of rfid system own hardware system and the singularity of communication link, the air interface between label and read write line is faced with severe security threat and privacy concern, rfid system is made to become safely an important research topic.
Because the communication channel in rfid system between label and read write line is wireless channel, and the computing power of label and read write line is limited, when causing carrying out mutual certification between label and read write line, and the security threat being faced with sternness alternately between them.
Summary of the invention
For above-mentioned technical matters, embodiments provide a kind of radio frequency identification authentication method and system, to strengthen the security of radio frequency identification authentication process.
First aspect, embodiments provides a kind of radio frequency identification authentication method, and described method comprises:
Radio-frequency identification reader/writer generates read write line end pseudo random number, and the request message comprising described read write line end pseudo random number is sent to RFID tag;
After receiving described request message, described RFID tag generating labels end pseudo random number, from the close value set of tab end pre-share and tab end keysets, the close value of tab end pre-share and tab end key is selected respectively according at least one the tab end flag in described tab end pseudo random number, according to the close value of described tab end pre-share and described tab end cipher key calculation tab end message authentication code, and the response message comprising described tab end pseudo random number and described tab end message authentication code is sent to described radio-frequency identification reader/writer;
After receiving described response message, described radio-frequency identification reader/writer processes described read write line end pseudo random number and described tab end pseudo random number, from the close value set of read write line end pre-share and read write line end keysets, the close value of read write line end pre-share and read write line end key is selected respectively according at least one the read write line end flag in result, according to the close value of described read write line end pre-share and described read write line end cipher key calculation read write line end message authentication code, and described tab end pseudo random number will be comprised, described read write line end pseudo random number, the checking message of described tab end message authentication code and described read write line end message authentication code sends to background data base,
Described background data base carries out authentication according to the message authentication code calculation based on hash function to described radio-frequency identification reader/writer and described RFID tag;
If successful to the authentication of described radio-frequency identification reader/writer and described RFID tag, described background data base extracts the pseudo-identification identifier of described radio-frequency identification reader/writer and the pseudo-identification identifier of described RFID tag respectively, generate the message authentication code of described background data base according to the pseudo-identification identifier of described radio-frequency identification reader/writer and the pseudo-identification identifier of described RFID tag, and the message authentication code of described background data base is sent to described radio-frequency identification reader/writer;
After described radio-frequency identification reader/writer receives the message authentication code of described background data base, extract the pseudo-identification identifier of described radio-frequency identification reader/writer, utilize one-way hash function to calculate the secondary message authentication code of described background data base, and the secondary message authentication code of described background data base is sent to described RFID tag;
After described RFID tag receives described secondary message authentication code, extract the pseudo-identification identifier of described RFID tag, the pseudo-identification identifier of one-way hash function to described RFID tag is utilized to calculate, the result of calculating and described secondary message authentication code are compared, and according to comparative result, authentication is carried out to described radio-frequency identification reader/writer.
Second aspect, the embodiment of the present invention additionally provides a kind of radio frequency identification authentication system, and described system comprises:
RFID tag, after receiving request message, generating labels end pseudo random number, from the close value set of tab end pre-share and tab end keysets, the close value of tab end pre-share and tab end key is selected respectively according at least one the tab end flag in described tab end pseudo random number, according to the close value of described tab end pre-share and described tab end cipher key calculation tab end message authentication code, and the response message comprising described tab end pseudo random number and described tab end message authentication code is sent to radio-frequency identification reader/writer, and after receiving described secondary message authentication code, extract the pseudo-identification identifier of described RFID tag, the pseudo-identification identifier of one-way hash function to described RFID tag is utilized to calculate, be that authentication identifies and compares by the result of calculating and described secondary, and according to comparative result, authentication is carried out to described radio-frequency identification reader/writer,
Radio-frequency identification reader/writer, for generating read write line end pseudo random number, the request message comprising described read write line end pseudo random number is sent to RFID tag, after receiving described response message, described read write line end pseudo random number and described tab end pseudo random number are processed, from the close value set of read write line end pre-share and read write line end keysets, the close value of read write line end pre-share and read write line end key is selected respectively according at least one the read write line end flag in result, according to the close value of described read write line end pre-share and described read write line end cipher key calculation read write line end message authentication code, and described tab end pseudo random number will be comprised, described read write line end pseudo random number, the checking message of described tab end message authentication code and described read write line end message authentication code sends to background data base, and after the message authentication code receiving described background data base, extract the pseudo-identification identifier of described radio-frequency identification reader/writer, one-way hash function is utilized to calculate the secondary message authentication code of described background data base, and the secondary message authentication code of described background data base is sent to described RFID tag,
Background data base, for carrying out authentication according to the message authentication code calculation based on hash function to described radio-frequency identification reader/writer and described RFID tag, if successful to the authentication of described radio-frequency identification reader/writer and described RFID tag, extract the pseudo-identification identifier of described radio-frequency identification reader/writer and the pseudo-identification identifier of described RFID tag respectively, the message authentication code of described background data base is generated according to the pseudo-identification identifier of described radio-frequency identification reader/writer and the pseudo-identification identifier of described RFID tag, and the message authentication code of described background data base is sent to described radio-frequency identification reader/writer.
The radio frequency identification authentication method that the embodiment of the present invention provides and system by selecting shared secret and key according to the concrete value of the flag in the pseudo random number of stochastic generation from shared secret set and keysets, and carry out the communication between RFID tag and radio-frequency identification reader/writer according to the shared secret selected and key, the assailant that Replay Attack, impersonation attack etc. are attacked is difficult to invade above-mentioned verification process, thus improves the security of verification process.
Accompanying drawing explanation
Fig. 1 is the process flow diagram of the radio frequency identification authentication method that first embodiment of the invention provides;
Fig. 2 is the interaction diagrams of the radio frequency identification authentication method that second embodiment of the invention provides;
Fig. 3 is the structural drawing of the radio frequency identification authentication system that third embodiment of the invention provides.
Embodiment
Below in conjunction with drawings and Examples, the present invention is described in further detail.Be understandable that, specific embodiment described herein is only for explaining the present invention, but not limitation of the invention.It also should be noted that, for convenience of description, illustrate only part related to the present invention in accompanying drawing but not entire infrastructure.
First embodiment
Present embodiments provide a kind of technical scheme of radio frequency identification authentication method.Described radio frequency identification authentication method can be implemented by radio-frequency recognition system.Described radio-frequency recognition system comprises: RFID tag, radio-frequency identification reader/writer and background data base.Described radio-frequency identification reader/writer is connected respectively with described RFID tag, background data base, and does not have communication connection between described RFID tag and described background data base.In above-mentioned two communication connections, the connection between described RFID tag and described radio-frequency identification reader/writer is the wireless connections using REID, and therefore this communication connection is easily under attack; And the connection between described radio-frequency identification reader/writer and described background data base is wired communication connection, assailant is difficult to access, so can think that the connection between described radio-frequency identification reader/writer and described background data base is safe communication connection.
See Fig. 1, described radio frequency identification authentication method comprises:
S11, radio-frequency identification reader/writer generates read write line end pseudo random number, and the request message comprising described read write line end pseudo random number is sent to RFID tag.
Before the radio frequency identification authentication method that operation the present embodiment provides, the radio-frequency recognition system performing described radio frequency identification authentication method needs first to carry out initialization.In initialized process, each RFID tag has self pseudo-identification identifier PID
t, the close value set of tab end pre-share and tab end keysets.Accordingly, each radio-frequency identification reader/writer has the pseudo-identification identifier PID of self
r, the close value set of read write line end pre-share and read write line end keysets.In the rear in platform database, store the pseudo-identification identifier of each RFID tag, the possible close value of tab end pre-share and possible tab end key, also store the pseudo-identification identifier of each radio-frequency identification reader/writer, the possible close value of read write line end pre-share and possible read write line end key.
Complete the initialization of radio-frequency recognition system, after verification process starts, first radio-frequency identification reader/writer generates a read write line end pseudo random number r
r, and this read write line end pseudo random number r will be comprised
rrequest message send to RFID tag.
S12, after receiving described request message, described RFID tag generating labels end pseudo random number, from the close value set of tab end pre-share and tab end keysets, the close value of tab end pre-share and tab end key is selected respectively according at least one the tab end flag in described tab end pseudo random number, according to the close value of described tab end pre-share and described tab end cipher key calculation tab end message authentication code, and the response message comprising described tab end pseudo random number and described tab end message authentication code is sent to described radio-frequency identification reader/writer.
Described RFID tag receives and comprises described read write line end pseudo random number r
rrequest message after, generating labels end pseudo random number r
t.Then, described RFID tag selects tab end shared secret according at least one the tab end flag in described tab end pseudo random number from the close value set of tab end pre-share, and from tab end keysets, selects tab end key according to described tab end flag.Such as, specify that described tab end flag is minimum one in described tab end pseudo random number, and the close value set of described tab end pre-share comprises the close value S of tab end pre-share
t0and S
t1.So, described tab end flag can be worked as, time the value of minimum namely in described tab end pseudo random number is 0, select S
t0as the close value of tab end pre-share, and when described tab end flag, time namely the value of minimum of described tab end pseudo random number is 1, select S
t1as the close value of tab end pre-share.
Because the close value of tab end pre-share and tab end key are according to the value of at least one in pseudo random number random selecting from the close value set of tab end pre-share and tab end keysets, therefore, be difficult to forge above-mentioned two parameters accurately, for Replay Attack, bogus attack are provided with obstacle, improve the security of authentication process itself.
Be understandable that, if described tab end flag has n binary digit, then the close value set of described tab end pre-share can hold 2
nthe close value of individual tab end pre-share, equally, described tab end keysets can hold 2
nindividual tab end key.
Then, described RFID tag is according to formulae discovery tab end message authentication code below:
M
T=HMAC(k
T,S
T||r
R)(1)
In above formula, k
ttab end key, S
ttab end shared secret, r
rbe read write line end pseudo random number, HMAC is the message authentication code function based on hash function, M
tit is the tab end message authentication code obtained according to above-mentioned formulae discovery.
After calculating tab end message authentication code according to formula (1), described RFID tag will comprise tab end pseudo random number r
t, and tab end message authentication code M
tresponse message send to radio-frequency identification reader/writer.
S13, after receiving described response message, described radio-frequency identification reader/writer processes described read write line end pseudo random number and described tab end pseudo random number, from the close value set of read write line end pre-share and read write line end keysets, the close value of read write line end pre-share and read write line end key is selected respectively according at least one the read write line end flag in result, according to the close value of described read write line end pre-share and described read write line end cipher key calculation read write line end message authentication code, and described tab end pseudo random number will be comprised, described read write line end pseudo random number, the checking message of described tab end message authentication code and described read write line end message authentication code sends to background data base.
After described RFID tag receives described response message, described radio-frequency identification reader/writer processes described read write line end pseudo random number and described tab end pseudo random number according to following formula:
r′
R=r
R⊕r
T(2)
In formula (2), r
ttab end pseudo random number, r
rbe read write line end pseudo random number, ⊕ represents XOR, r'
rit is the result calculated according to XOR.
After obtaining above-mentioned result, described radio-frequency identification reader/writer selects the close value of read write line end pre-share according at least one the read write line end flag in described result from the close value set of described read write line end pre-share, and selects read write line end key from described read write line end keysets.Such as, described read write line end flag is bit minimum in described result, and the close value set of described read write line end pre-share comprises the close value S of read write line end pre-share
r0and S
r1, so, described read write line end flag can be worked as, time the value of namely minimum in described result bit is 0, select S
r0for the close value of read write line end pre-share, and when described read write line flag, time the value of namely minimum in described result bit is 1, select S
r1for the close value of read write line end pre-share.
Because the close value of read write line end pre-share and read write line end key are according to the random selecting from the close value set of read write line end pre-share and read write line end keysets of the value of at least one in pseudo random number, therefore, be difficult to forge above-mentioned two parameters accurately, for Replay Attack, bogus attack are provided with obstacle, improve the security of authentication process itself.
Be understandable that, if described read write line end flag has n binary digit, then the close value set of described read write line end pre-share can hold 2
nthe close value of individual read write line end pre-share, equally, described read write line end keysets can hold 2
nindividual read write line end key.
Then, described radio-frequency identification reader/writer calculates read write line end message authentication code according to formula (3):
M
R=HMAC(k
R,S
R|
|r′
R)(3)
In formula (3), k
rdescribed tab end key, S
rdescribed tab end shared secret, r'
rbe the result processed described read write line end pseudo random number and described tab end pseudo random number, HMAC is the message authentication code function based on hash function, M
rit is described read write line end message authentication code.
After completing the computing according to formula (3), the checking message comprising described tab end pseudo random number, described read write line end pseudo random number, described tab end message authentication code and described read write line end message authentication code is sent to background data base by described radio-frequency identification reader/writer.
S14, described background data base carries out authentication according to the message authentication code calculation based on hash function to described radio-frequency identification reader/writer and described RFID tag.
Described background data base receive described radio-frequency identification reader/writer send comprise the checking message of described tab end pseudo random number, described read write line end pseudo random number, described tab end message authentication code and described read write line end message authentication code after, the message authentication code calculation based on hash function carries out authentication to described radio-frequency identification reader/writer and described RFID tag.
Concrete, whether described background data base checking exists the k meeting formula (4)
t*and S
t*:
HMAC(k
T*,S
T*||(r
R⊕r
T))=M
T(4)
Further, described background data base verifies the k whether existing and meet formula (5) further
r*and S
r*:
HMAC(k
R*,S
R*||r
T)=M
R(5)
If through the checking of described background data base, there is the k meeting formula (4)
t*and S
t*, and there is the k meeting formula (5)
r*and S
r*, then think that the identity of described RFID tag and described radio-frequency identification reader/writer is legal; If there is no the k of formula (4) is met
t*and S
t*, or there is not the k meeting formula (5)
r*and S
r*, then think that the identity of described RFID tag and described radio-frequency identification reader/writer is all illegal.
S15, if successful to the authentication of described radio-frequency identification reader/writer and described RFID tag, described background data base extracts the pseudo-identification identifier of described radio-frequency identification reader/writer and the pseudo-identification identifier of described RFID tag respectively, generate the message authentication code of described background data base according to the pseudo-identification identifier of described radio-frequency identification reader/writer and the pseudo-identification identifier of described RFID tag, and the message authentication code of described background data base is sent to described radio-frequency identification reader/writer.
The pseudo-identification identifier of each radio-frequency identification reader/writer is stored in described background data base, and the pseudo-identification identifier of each RFID tag.When described background data base to the authentication of described radio-frequency identification reader/writer and described RFID tag all success time, described background data base extracts the pseudo-identification identifier of the successful RFID tag of authentication, and the pseudo-identification identifier of the successful radio-frequency identification reader/writer of authentication.
After extracting the pseudo-identification identifier of the two, generate the message authentication code of described background data base according to formula (6):
M
DB=H(PID
T)⊕H(PID
R)(6)
In formula (6), PID
tthe pseudo-identification identifier of RFID tag, PID
rbe the pseudo-identification identifier of radio-frequency identification reader/writer, H () is one-way hash function, and ⊕ represents XOR, M
dBit is then the message authentication code of the background data base calculated according to formula (6).
After calculating the message authentication code of background data base according to formula (6), calculated message authentication code is sent to radio-frequency identification reader/writer by described background data base.
S16, after described radio-frequency identification reader/writer receives the message authentication code of described background data base, extract the pseudo-identification identifier of described radio-frequency identification reader/writer, utilize one-way hash function to calculate the secondary message authentication code of described background data base, and the secondary message authentication code of described background data base is sent to described RFID tag.
Described radio-frequency identification reader/writer calculates the secondary message authentication code of described background data base according to formula (7):
M′
DB=H(M
DB⊕H(PID
R)||r
T)(7)
In formula (7), M
dBthe message authentication code of described background data base, PID
rthe pseudo-identification identifier of described radio-frequency identification reader/writer, r
tbe described tab end pseudo random number, ⊕ represents XOR, M'
dBit is the secondary message authentication code of described background data base.
After generating the secondary message authentication code of described background data base, the secondary message authentication code of described background data base is sent to described RFID tag by described radio-frequency identification reader/writer.
S17, after described RFID tag receives described secondary message authentication code, extract the pseudo-identification identifier of described RFID tag, the pseudo-identification identifier of one-way hash function to described RFID tag is utilized to calculate, the result of calculating and described secondary message authentication code are compared, and according to comparative result, authentication is carried out to described radio-frequency identification reader/writer.
Described RFID tag extracts the pseudo-identification identifier of described RFID tag, calculates according to the pseudo-identification identifier of formula (8) to described RFID tag:
Re=H(H(PID
T)||r
T)(8)
In formula (8), PID
tbe the pseudo-identification identifier of described RFID tag, H is one-way hash function, r
tbe described label pseudo random number, Re is the result of calculation calculated the pseudo-identification identifier of described RFID tag.
Then, the result of calculating and described secondary message authentication code compare by described RFID tag.Concrete, if the two is identical, then think that the identity of described radio-frequency identification reader/writer is legal, otherwise, think that the identity of described radio-frequency identification reader/writer is illegal.
The present embodiment passes through according to the several flags of specifying in pseudo random number, shared secret is chosen from preassigned shared secret set, and key is chosen from keysets, achieve the choice of dynamical of shared secret and key, effectively prevent for the Replay Attack of radio-frequency recognition system, bogus attack, in addition, in this proof procedure, all adopt the bit arithmetic of lightweight and the message authentication code based on hash, thus there is the simple and practical feature of fast response time.
Second embodiment
Present embodiments provide the another kind of technical scheme of radio frequency identification authentication method.In this technical scheme,
See Fig. 2, described radio frequency identification authentication method comprises:
S201, radio-frequency identification reader/writer generates read write line end pseudo random number r
r.
S202, radio-frequency identification reader/writer sends its read write line end pseudo random number r generated to RFID tag
r.
S203, RFID tag generating labels end pseudo random number r
t.
S204, according to described tab end pseudo random number r
tin at least one tab end flag B
rTselect tab end key k
tand tab end shared secret S
t.
Exemplary, at described tab end flag B
rTwhen only comprising one, if described tab end pseudo random number r
tlast figure B
rTvalue be 0, described RFID tag chooses k
t0for tab end key, and choose S
t0for tab end shared secret; If described tab end pseudo random number r
tlast figure B
rTvalue be 1, described RFID tag chooses k
t1for tab end key, and choose S
t1for tab end shared secret, and calculate tab end message authentication code according to the message authentication code function based on hash function.
Concrete, described RFID tag is tab end message authentication code according to following formulae discovery:
M
T=HMAC(k
T,S
T||r
R)。
In above formula, k
tthe value B according to described last figure
rTthe tab end key chosen, S
tthe value B according to described last figure
rTthe tab end shared secret chosen, M
tit is tab end message authentication code.
S205, described tab end key and tab end message authentication code are sent to described radio-frequency identification reader/writer by described RFID tag.
S206, described radio-frequency identification reader/writer carries out XOR to described tab end pseudo random number and read write line end pseudo random number.
S207, according to described read write line end pseudo random number r
rin at least one read write line end flag B
rRselect read write line end key k
rand read write line end shared secret S
r.
Exemplary, at described tab end flag B
rRwhen only comprising one, if XOR result r'
rlast figure B
r'Rvalue be 0, described RFID tag chooses k
r0for tab end key, and choose S
r0for tab end shared secret; If described tab end pseudo random number r'
rlast figure B
r'Rvalue be 1, described RFID tag chooses k
r1for tab end key, and choose S
r1for tab end shared secret.Then, described radio-frequency identification reader/writer calculates read write line end message authentication code according to the message authentication code function based on hash function.
Concrete, described radio-frequency identification reader/writer is read write line end message authentication code according to following formulae discovery:
M
R=HMAC(k
R,S
R||r′
R)。
In above formula, k
rthe value B of the last figure according to described XOR result
r'Rthe read write line end key chosen, S
rthe value B according to described last figure
r'Rthe read write line end shared secret chosen, M
rit is read write line end message authentication code.
S208, tab end pseudo random number, read write line end pseudo random number, tab end message authentication code and read write line end message authentication code are sent to background data base by described radio-frequency identification reader/writer.
S209, described background data base is verified according to the identity of the data self stored to described RFID tag and described radio-frequency identification reader/writer, extract the pseudo-identification identifier of described RFID tag, and the pseudo-identification identifier of described radio-frequency identification reader/writer, and calculate the message authentication code of self.
Concrete, described background data base is according to the k that whether there are satisfied following two formula
t*, S
t*, k
r*and S
r*the identity of described RFID tag and described radio-frequency identification reader/writer is verified.
HMAC(k
T*,S
T*||(r
R⊕r
T))=M
T;
HMAC(k
R*,S
R*||r
T)=M
R。
Further, described background data base is according to the message authentication code of formula below self:
M
DB=H(PID
T)⊕H(PID
R)。
S210, the message authentication code of self is sent to described radio-frequency identification reader/writer by described background data base.
S211, after described radio-frequency identification reader/writer receives the message authentication code of described background data base, extracts the pseudo-identification identifier of described radio-frequency identification reader/writer, and calculates the secondary message authentication code of described background data base.
Concrete, the secondary message authentication code of described radio-frequency identification reader/writer background data base according to following formulae discovery:
M′DB=H(M
DB⊕H(PID
R)||r
T)。
S212, the secondary message authentication code of described background data base is sent to described RFID tag by described radio-frequency identification reader/writer.
S213, after described RFID tag receives the secondary message authentication code of described background data base, extract the pseudo-identification identifier of described RFID tag, the pseudo-identification identifier of described RFID tag is calculated, and verifies according to the identity of result of calculation radio frequency identification read write line.
Concrete, described RFID tag calculates according to the pseudo-identification identifier of following formula to described RFID tag:
Re=H(H(PID
T)||r
T)。
Wherein, Re represents the pseudo-identification identifier PID to described RFID tag
tcarry out the result of calculation calculated.
When the further identity to described radio-frequency identification reader/writer is verified, if the result of calculation calculated the pseudo-identification identifier of described RFID tag is identical with the secondary message authentication code of described background data base, then think that the identity of described radio-frequency identification reader/writer is legal; Otherwise, think that the identity of described radio-frequency identification reader/writer is illegal.
The present embodiment utilizes the last digit value of pseudo random number to realize the choice of dynamical of label and the close value of read write line pre-share and key, strengthen freshness and the forward direction Unlinkability of authentication period, effectively can resist the attacks such as label playback, tracking, the present embodiment has also taken into account system resource occupancy and execution efficiency simultaneously, has and responds the advantages such as rapid, simple and practical.
3rd embodiment
Present embodiments provide a kind of technical scheme of radio frequency identification authentication system.See Fig. 3, in this technical scheme, described radio frequency identification authentication system comprises: RFID tag 31, radio-frequency identification reader/writer 32 and background data base 33.
Described RFID tag 31 is for after receiving request message, generating labels end pseudo random number, from the close value set of tab end pre-share and tab end keysets, the close value of tab end pre-share and tab end key is selected respectively according at least one the tab end flag in described tab end pseudo random number, according to the close value of described tab end pre-share and described tab end cipher key calculation tab end message authentication code, and the response message comprising described tab end pseudo random number and described tab end message authentication code is sent to radio-frequency identification reader/writer 32, and after receiving described secondary message authentication code, extract the pseudo-identification identifier of described RFID tag 31, the pseudo-identification identifier of one-way hash function to described RFID tag is utilized to calculate, the result of calculating and described secondary message authentication code are compared, and according to comparative result, authentication is carried out to described radio-frequency identification reader/writer 32.
Described radio-frequency identification reader/writer 32 is for generating read write line end pseudo random number, the request message comprising described read write line end pseudo random number is sent to RFID tag, after receiving described response message, described read write line end pseudo random number and described tab end pseudo random number are processed, from the close value set of read write line end pre-share and read write line end keysets, the close value of read write line end pre-share and read write line end key is selected respectively according at least one the read write line end flag in result, according to the close value of described read write line end pre-share and described read write line end cipher key calculation read write line end message authentication code, and described tab end pseudo random number will be comprised, described read write line end pseudo random number, the checking message of described tab end message authentication code and described read write line end message authentication code sends to background data base 33, and after the message authentication code receiving described background data base 33, extract the pseudo-identification identifier of described radio-frequency identification reader/writer 32, one-way hash function is utilized to calculate the secondary message authentication code of described background data base 33, and the secondary message authentication code of described background data base 33 is sent to described RFID tag 31.
Described background data base 33 is for carrying out authentication according to the message authentication code calculation based on hash function to described radio-frequency identification reader/writer 32 and described RFID tag 31, if successful to the authentication of described radio-frequency identification reader/writer 32 and described RFID tag 31, extract the pseudo-identification identifier of described radio-frequency identification reader/writer 32 and the pseudo-identification identifier of described RFID tag 31 respectively, the message authentication code of described background data base is generated according to the pseudo-identification identifier of described radio-frequency identification reader/writer 32 and the pseudo-identification identifier of described RFID tag 31, and the message authentication code of described background data base 33 is sent to described radio-frequency identification reader/writer 32.
Preferably, described RFID tag 31 comprises according to the close value of described tab end pre-share and described tab end cipher key calculation tab end message authentication code:
Described RFID tag 31 is according to following formulae discovery tab end message authentication code:
M
T=HMAC(k
T,S
T||r
R),
Wherein, k
tdescribed tab end key, S
tdescribed tab end shared secret, r
rbe described read write line end pseudo random number, HMAC is the message authentication code function based on hash function, M
tit is described tab end message authentication code.
Preferably, described radio-frequency identification reader/writer 32 carries out process to described read write line end pseudo random number and described tab end pseudo random number and comprises:
Described radio-frequency identification reader/writer 32 processes described read write line end pseudo random number and described tab end pseudo random number according to following formula:
r′
R=r
R⊕r
T,
Wherein, r
rdescribed read write line end pseudo random number, r
tbe described tab end pseudo random number, ⊕ represents XOR, r'
rrepresent the result that described radio-frequency identification reader/writer processes described read write line end pseudo random number and described tab end pseudo random number.
Preferably, described radio-frequency identification reader/writer 32 comprises according to the close value of described read write line end pre-share and described read write line end cipher key calculation read write line end message authentication code:
Described radio-frequency identification reader/writer 32 is according to following formulae discovery read write line message authentication code:
M
R=HMAC(k
R,S
R||r′
R),
Wherein, k
rdescribed tab end key, S
rdescribed tab end shared secret, r'
rbe the result processed described read write line end pseudo random number and described tab end pseudo random number, HMAC is the message authentication code function based on hash function, M
rit is described read write line end message authentication code.
Preferably, described background data base 33 carries out authentication according to the message authentication code calculation based on hash function to described radio-frequency identification reader/writer 32 and described RFID tag 31 and comprises:
Described background data base 33 is according to the close value S of tab end pre-share that whether there is satisfied following formula
t*and tab end key k
t*described RFID tag 41 is verified:
HMAC(k
T*,S
T*||(r
R⊕r
T))=M
T;
Further, described background data base 33 is according to the close value S of read write line end pre-share that whether there is satisfied following formula
r*and read write line end key k
r*described radio-frequency identification reader/writer 32 is verified:
HMAC(k
R*,S
R*||r
T)=M
R。
Preferably, the message authentication code that described background data base 33 generates described background data base 33 according to the pseudo-identification identifier of described radio-frequency identification reader/writer 32 and the pseudo-identification identifier of described RFID tag 31 comprises:
Described background data base 33 generates the message authentication code of described background data base 33 according to following formula:
M
DB=H(PID
T)⊕H(PID
R),
Wherein, PID
tthe pseudo-identification identifier of described RFID tag 31, PID
rbe the pseudo-identification identifier of described radio-frequency identification reader/writer 32, H is one-way hash function, and ⊕ represents XOR, M
dBit is the message authentication code of described background data base 33.
Preferably, the secondary message authentication code that described radio-frequency identification reader/writer 32 utilizes one-way hash function to calculate described background data base 33 comprises:
Described radio-frequency identification reader/writer 32 secondary message authentication code according to following formulae discovery:
M′
DB=H(M
DB⊕H(PID
R)||r
T),
Wherein, M
dBthe message authentication code of described background data base 33, PID
rthe pseudo-identification identifier of described radio-frequency identification reader/writer 32, r
tbe described tab end pseudo random number, ⊕ represents XOR, M'
dBit is the secondary message authentication code of described background data base 33.
Preferably, described RFID tag 31 utilizes the pseudo-identification identifier of one-way hash function to described RFID tag 31 to carry out calculating to comprise:
Described RFID tag 31 calculates according to the pseudo-identification identifier of following formula to described RFID tag 31:
Re=H(H(PID
T)||r
T),
Wherein, PID
tbe the pseudo-identification identifier of described RFID tag 31, H is one-way hash function, r
tit is described label pseudo random number.
Each embodiment in this instructions all adopts the mode of going forward one by one to describe, and what each embodiment stressed is the difference with other embodiments, the same or analogous part between each embodiment mutually see.
The foregoing is only the preferred embodiments of the present invention, be not limited to the present invention, to those skilled in the art, the present invention can have various change and change.All do within spirit of the present invention and principle any amendment, equivalent replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (9)
1. a radio frequency identification authentication method, is characterized in that, comprising:
Radio-frequency identification reader/writer generates read write line end pseudo random number, and the request message comprising described read write line end pseudo random number is sent to RFID tag;
After receiving described request message, described RFID tag generating labels end pseudo random number, from the close value set of tab end pre-share and tab end keysets, the close value of tab end pre-share and tab end key is selected respectively according at least one the tab end flag in described tab end pseudo random number, according to the close value of described tab end pre-share and described tab end cipher key calculation tab end message authentication code, and the response message comprising described tab end pseudo random number and described tab end message authentication code is sent to described radio-frequency identification reader/writer;
After receiving described response message, described radio-frequency identification reader/writer processes described read write line end pseudo random number and described tab end pseudo random number, from the close value set of read write line end pre-share and read write line end keysets, the close value of read write line end pre-share and read write line end key is selected respectively according at least one the read write line end flag in result, according to the close value of described read write line end pre-share and described read write line end cipher key calculation read write line end message authentication code, and described tab end pseudo random number will be comprised, described read write line end pseudo random number, the checking message of described tab end message authentication code and described read write line end message authentication code sends to background data base,
Described background data base carries out authentication according to the message authentication code calculation based on hash function to described radio-frequency identification reader/writer and described RFID tag;
If successful to the authentication of described radio-frequency identification reader/writer and described RFID tag, described background data base extracts the pseudo-identification identifier of described radio-frequency identification reader/writer and the pseudo-identification identifier of described RFID tag respectively, generate the message authentication code of described background data base according to the pseudo-identification identifier of described radio-frequency identification reader/writer and the pseudo-identification identifier of described RFID tag, and the message authentication code of described background data base is sent to described radio-frequency identification reader/writer;
After described radio-frequency identification reader/writer receives the message authentication code of described background data base, extract the pseudo-identification identifier of described radio-frequency identification reader/writer, utilize one-way hash function to calculate the secondary message authentication code of described background data base, and the secondary message authentication code of described background data base is sent to described RFID tag;
After described RFID tag receives described secondary message authentication code, extract the pseudo-identification identifier of described RFID tag, the pseudo-identification identifier of one-way hash function to described RFID tag is utilized to calculate, the result of calculating and described secondary message authentication code are compared, and according to comparative result, authentication is carried out to described radio-frequency identification reader/writer.
2. method according to claim 1, is characterized in that, described RFID tag comprises according to the close value of described tab end pre-share and described tab end cipher key calculation tab end message authentication code:
Described RFID tag is according to following formulae discovery tab end message authentication code:
M
T=HMAC(k
T,S
T||r
R),
Wherein, k
tdescribed tab end key, S
tdescribed tab end shared secret, r
rbe described read write line end pseudo random number, HMAC is the message authentication code function based on hash function, M
tit is described tab end message authentication code.
3. method according to claim 1, is characterized in that, described radio-frequency identification reader/writer carries out process to described read write line end pseudo random number and described tab end pseudo random number and comprises:
Described radio-frequency identification reader/writer processes described read write line end pseudo random number and described tab end pseudo random number according to following formula:
r′
R=r
R⊕r
T,
Wherein, r
rdescribed read write line end pseudo random number, r
tbe described tab end pseudo random number, ⊕ represents XOR, r'
rrepresent the result that described radio-frequency identification reader/writer processes described read write line end pseudo random number and described tab end pseudo random number.
4. method according to claim 1, is characterized in that, described radio-frequency identification reader/writer comprises according to the close value of described read write line end pre-share and described read write line end cipher key calculation read write line end message authentication code:
Described radio-frequency identification reader/writer is according to following formulae discovery read write line message authentication code:
M
R=HMAC(k
R,S
R||r′
R),
Wherein, k
rdescribed read write line end key, S
rdescribed read write line end shared secret, r'
rbe the result processed described read write line end pseudo random number and described tab end pseudo random number, HMAC is the message authentication code function based on hash function, M
rit is described read write line end message authentication code.
5. method according to claim 1, is characterized in that, described background data base carries out authentication according to the message authentication code calculation based on hash function to described radio-frequency identification reader/writer and described RFID tag and comprises:
Described background data base is according to the close value S of tab end pre-share that whether there is satisfied following formula
t*and tab end key k
t*described RFID tag is verified:
HMAC(k
T*,S
T*||(r
R⊕r
T))=M
T;
Further, described background data base is according to the close value S of read write line end pre-share that whether there is satisfied following formula
r*and read write line end key k
r*described radio-frequency identification reader/writer is verified:
HMAC(k
R*,S
R*||r
T)=M
R。
6. method according to claim 1, is characterized in that, the message authentication code that described background data base generates described background data base according to the pseudo-identification identifier of described radio-frequency identification reader/writer and the pseudo-identification identifier of described RFID tag comprises:
Described background data base generates the message authentication code of described background data base according to following formula:
M
DB=H(PID
T)⊕H(PID
R),
Wherein, PID
tthe pseudo-identification identifier of described RFID tag, PID
rbe the pseudo-identification identifier of described radio-frequency identification reader/writer, H is one-way hash function, and ⊕ represents XOR, M
dBit is the message authentication code of described background data base.
7. method according to claim 1, is characterized in that, the secondary message authentication code that described radio-frequency identification reader/writer utilizes one-way hash function to calculate described background data base comprises:
Described radio-frequency identification reader/writer is secondary message authentication code according to following formulae discovery:
M′
DB=H(M
DB⊕H(PID
R)||r
T),
Wherein, M
dBthe message authentication code of described background data base, PID
rthe pseudo-identification identifier of described radio-frequency identification reader/writer, r
tbe described tab end pseudo random number, ⊕ represents XOR, M'
dBit is the secondary message authentication code of described background data base.
8. method according to claim 1, is characterized in that, described RFID tag utilizes the pseudo-identification identifier of one-way hash function to described RFID tag to carry out calculating to comprise:
Described RFID tag calculates according to the pseudo-identification identifier of following formula to described RFID tag:
Re=H(H(PID
T)||r
T),
Wherein, PID
tbe the pseudo-identification identifier of described RFID tag, H is one-way hash function, r
tbe described label pseudo random number, Re is the result of calculation calculated the pseudo-identification identifier of described RFID tag;
Then, the result of calculating and described secondary message authentication code compare by described RFID tag, if the two is identical, then think that the identity of described radio-frequency identification reader/writer is legal, otherwise, think that the identity of described radio-frequency identification reader/writer is illegal.
9. a radio frequency identification authentication system, is characterized in that, comprising:
RFID tag, after receiving request message, generating labels end pseudo random number, from the close value set of tab end pre-share and tab end keysets, the close value of tab end pre-share and tab end key is selected respectively according at least one the tab end flag in described tab end pseudo random number, according to the close value of described tab end pre-share and described tab end cipher key calculation tab end message authentication code, and the response message comprising described tab end pseudo random number and described tab end message authentication code is sent to radio-frequency identification reader/writer, and after receiving described secondary message authentication code, extract the pseudo-identification identifier of described RFID tag, the pseudo-identification identifier of one-way hash function to described RFID tag is utilized to calculate, be that authentication identifies and compares by the result of calculating and described secondary, and according to comparative result, authentication is carried out to described radio-frequency identification reader/writer,
Radio-frequency identification reader/writer, for generating read write line end pseudo random number, the request message comprising described read write line end pseudo random number is sent to RFID tag, after receiving described response message, described read write line end pseudo random number and described tab end pseudo random number are processed, from the close value set of read write line end pre-share and read write line end keysets, the close value of read write line end pre-share and read write line end key is selected respectively according at least one the read write line end flag in result, according to the close value of described read write line end pre-share and described read write line end cipher key calculation read write line end message authentication code, and described tab end pseudo random number will be comprised, described read write line end pseudo random number, the checking message of described tab end message authentication code and described read write line end message authentication code sends to background data base, and after the message authentication code receiving described background data base, extract the pseudo-identification identifier of described radio-frequency identification reader/writer, one-way hash function is utilized to calculate the secondary message authentication code of described background data base, and the secondary message authentication code of described background data base is sent to described RFID tag,
Background data base, for carrying out authentication according to the message authentication code calculation based on hash function to described radio-frequency identification reader/writer and described RFID tag, if successful to the authentication of described radio-frequency identification reader/writer and described RFID tag, extract the pseudo-identification identifier of described radio-frequency identification reader/writer and the pseudo-identification identifier of described RFID tag respectively, the message authentication code of described background data base is generated according to the pseudo-identification identifier of described radio-frequency identification reader/writer and the pseudo-identification identifier of described RFID tag, and the message authentication code of described background data base is sent to described radio-frequency identification reader/writer.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510437132.5A CN105046300B (en) | 2015-07-23 | 2015-07-23 | radio frequency identification authentication method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510437132.5A CN105046300B (en) | 2015-07-23 | 2015-07-23 | radio frequency identification authentication method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105046300A true CN105046300A (en) | 2015-11-11 |
| CN105046300B CN105046300B (en) | 2018-01-09 |
Family
ID=54452829
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510437132.5A Active CN105046300B (en) | 2015-07-23 | 2015-07-23 | radio frequency identification authentication method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105046300B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107342864A (en) * | 2017-05-22 | 2017-11-10 | 广东工业大学 | A kind of tripartite's verification method and system based on read write line, label and database |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2007080272A (en) * | 2005-09-13 | 2007-03-29 | Nec (China) Co Ltd | Radio authentication system, tag, and method |
| CN101882197A (en) * | 2010-05-31 | 2010-11-10 | 北京航空航天大学 | RFID (Radio Frequency Identification Device) inquiring-response safety certificate method based on grading key |
| CN102034123A (en) * | 2010-10-27 | 2011-04-27 | 北京航空航天大学 | RFID (Radio Frequency Identification) triple safety certification method based on label ID (Identification) random division |
| CN102437915A (en) * | 2011-10-31 | 2012-05-02 | 任洪娥 | RFID security certification system based on ID change and cipher key array |
| CN103177273A (en) * | 2013-02-08 | 2013-06-26 | 西北工业大学 | Low-cost tag based mobile radio frequency identification authentication method |
| CN104333539A (en) * | 2014-10-22 | 2015-02-04 | 浙江中烟工业有限责任公司 | RFID security authentication method based on Chebyshev mapping |
-
2015
- 2015-07-23 CN CN201510437132.5A patent/CN105046300B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2007080272A (en) * | 2005-09-13 | 2007-03-29 | Nec (China) Co Ltd | Radio authentication system, tag, and method |
| CN101882197A (en) * | 2010-05-31 | 2010-11-10 | 北京航空航天大学 | RFID (Radio Frequency Identification Device) inquiring-response safety certificate method based on grading key |
| CN102034123A (en) * | 2010-10-27 | 2011-04-27 | 北京航空航天大学 | RFID (Radio Frequency Identification) triple safety certification method based on label ID (Identification) random division |
| CN102437915A (en) * | 2011-10-31 | 2012-05-02 | 任洪娥 | RFID security certification system based on ID change and cipher key array |
| CN103177273A (en) * | 2013-02-08 | 2013-06-26 | 西北工业大学 | Low-cost tag based mobile radio frequency identification authentication method |
| CN104333539A (en) * | 2014-10-22 | 2015-02-04 | 浙江中烟工业有限责任公司 | RFID security authentication method based on Chebyshev mapping |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107342864A (en) * | 2017-05-22 | 2017-11-10 | 广东工业大学 | A kind of tripartite's verification method and system based on read write line, label and database |
| CN107342864B (en) * | 2017-05-22 | 2020-09-11 | 广东工业大学 | Three-party verification method and system based on reader-writer, label and database |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105046300B (en) | 2018-01-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Alladi et al. | SecAuthUAV: A novel authentication scheme for UAV-ground station and UAV-UAV communication | |
| Cho et al. | Consideration on the brute-force attack cost and retrieval cost: A hash-based radio-frequency identification (RFID) tag mutual authentication protocol | |
| Cho et al. | Securing against brute-force attack: A hash-based RFID mutual authentication protocol using a secret value | |
| US8793496B2 (en) | Systems, methods, and computer program products for secure optimistic mechanisms for constrained devices | |
| Shao-hui et al. | Security analysis of RAPP an RFID authentication protocol based on permutation | |
| CN110190965B (en) | RFID group label authentication protocol based on hash function | |
| CN110381055B (en) | RFID system privacy protection authentication protocol method in medical supply chain | |
| Jung et al. | HRP: A HMAC-based RFID mutual authentication protocol using PUF | |
| CN104333537A (en) | RFID security authentication method based on physical unclonable function | |
| CN104333539B (en) | A kind of RFID safety authentication based on Chebyshev map | |
| CN106936571B (en) | Method for realizing wireless generation of single-label secret key by utilizing word synthesis operation | |
| US9774576B2 (en) | Authentication by use of symmetric and asymmetric cryptography | |
| CN104363097A (en) | Mutual authentication method for lightweight-class RFID on elliptic curve | |
| CN107040363B (en) | Lightweight RFID ownership transfer method and system based on chaotic encryption | |
| CN109766966B (en) | RFID tag random number synchronous updating method | |
| Mohammadali et al. | Analysis and Improvement of the securing RFID systems conforming to EPC Class 1 Generation 2 standard | |
| Zhang et al. | A mutual authentication security RFID protocol based on time stamp | |
| CN106203579A (en) | A kind of safe RFID label tag random number automatic update method | |
| CN105046300A (en) | RFID authentication method and RFID authentication system | |
| Kim | Enhanced hash-based RFID mutual authentication protocol | |
| Huang et al. | An ultralightweight mutual authentication protocol for EPC C1G2 RFID tags | |
| KR20090005834A (en) | Low-cost rfid authentication protocol method for distributed database environment | |
| CN113553873A (en) | Design method of cloud-based RFID bidirectional authentication protocol in epidemic situation prevention and control system | |
| KR100958527B1 (en) | System and method for wireless communication user authentication | |
| Dawoud et al. | HEADA: a low cost RFID authentication technique using homomorphic encryption for key generation |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |