CN106845304A - A kind of method and system for realizing reader and smart-tag authentication in rfid system - Google Patents

A kind of method and system for realizing reader and smart-tag authentication in rfid system Download PDF

Info

Publication number
CN106845304A
CN106845304A CN201710053713.8A CN201710053713A CN106845304A CN 106845304 A CN106845304 A CN 106845304A CN 201710053713 A CN201710053713 A CN 201710053713A CN 106845304 A CN106845304 A CN 106845304A
Authority
CN
China
Prior art keywords
label
reader
ciphertext
random number
token information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201710053713.8A
Other languages
Chinese (zh)
Other versions
CN106845304B (en
Inventor
谷勇浩
徐长福
于华东
熊飞
欧清海
吴庆
张喆
吕俊峰
党育军
周鸿喜
陈芳
胡成博
路永玲
王永非
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
State Grid Corp of China SGCC
State Grid Information and Telecommunication Co Ltd
Beijing University of Posts and Telecommunications
Electric Power Research Institute of State Grid Jiangsu Electric Power Co Ltd
Original Assignee
State Grid Corp of China SGCC
State Grid Information and Telecommunication Co Ltd
Beijing University of Posts and Telecommunications
Electric Power Research Institute of State Grid Jiangsu Electric Power Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by State Grid Corp of China SGCC, State Grid Information and Telecommunication Co Ltd, Beijing University of Posts and Telecommunications, Electric Power Research Institute of State Grid Jiangsu Electric Power Co Ltd filed Critical State Grid Corp of China SGCC
Priority to CN201710053713.8A priority Critical patent/CN106845304B/en
Publication of CN106845304A publication Critical patent/CN106845304A/en
Application granted granted Critical
Publication of CN106845304B publication Critical patent/CN106845304B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K7/00Methods or arrangements for sensing record carriers, e.g. for reading patterns
    • G06K7/10Methods or arrangements for sensing record carriers, e.g. for reading patterns by electromagnetic radiation, e.g. optical sensing; by corpuscular radiation
    • G06K7/10009Methods or arrangements for sensing record carriers, e.g. for reading patterns by electromagnetic radiation, e.g. optical sensing; by corpuscular radiation sensing by radiation using wavelengths larger than 0.1 mm, e.g. radio-waves or microwaves
    • G06K7/10257Methods or arrangements for sensing record carriers, e.g. for reading patterns by electromagnetic radiation, e.g. optical sensing; by corpuscular radiation sensing by radiation using wavelengths larger than 0.1 mm, e.g. radio-waves or microwaves arrangements for protecting the interrogation against piracy attacks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/606Protecting data by securing the transmission between two devices or processes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K19/00Record carriers for use with machines and with at least a part designed to carry digital markings
    • G06K19/06Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code
    • G06K19/067Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components
    • G06K19/07Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components with integrated circuit chips
    • G06K19/073Special arrangements for circuits, e.g. for protecting identification code in memory
    • G06K19/07309Means for preventing undesired reading or writing from or onto record carriers
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K7/00Methods or arrangements for sensing record carriers, e.g. for reading patterns
    • G06K7/10Methods or arrangements for sensing record carriers, e.g. for reading patterns by electromagnetic radiation, e.g. optical sensing; by corpuscular radiation
    • G06K7/10009Methods or arrangements for sensing record carriers, e.g. for reading patterns by electromagnetic radiation, e.g. optical sensing; by corpuscular radiation sensing by radiation using wavelengths larger than 0.1 mm, e.g. radio-waves or microwaves
    • G06K7/10297Methods or arrangements for sensing record carriers, e.g. for reading patterns by electromagnetic radiation, e.g. optical sensing; by corpuscular radiation sensing by radiation using wavelengths larger than 0.1 mm, e.g. radio-waves or microwaves arrangements for handling protocols designed for non-contact record carriers such as RFIDs NFCs, e.g. ISO/IEC 14443 and 18092

Landscapes

  • Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Health & Medical Sciences (AREA)
  • Toxicology (AREA)
  • Software Systems (AREA)
  • Bioethics (AREA)
  • Electromagnetism (AREA)
  • Artificial Intelligence (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a kind of method and system for realizing reader and smart-tag authentication in rfid system, methods described contains minimum AES with the reader in system with label, and reader sends the first random number and the second random number and the first ciphertext to label;Label uses minimum AES, and the second ciphertext is obtained to the first random number encryption using shared key, and label compares the first ciphertext and the second ciphertext, if identical, label passes through to reader authentication;Label uses minimum AES, and the 3rd ciphertext is obtained to the second random number encryption using shared key, it is sent to reader, reader uses minimum AES, and the 4th ciphertext is obtained to the second random number encryption using shared key, reader compares the 3rd ciphertext and the 4th ciphertext, if identical, reader passes through to smart-tag authentication.The embodiment of the present invention realizes the identification to the destination object of built-in label by two-way authentication between reader and label, improves the security of data transfer between reader and label.

Description

A kind of method and system for realizing reader and smart-tag authentication in rfid system
Technical field
Eated dishes without rice or wine field of security protocols the present invention relates to rfid system, it is more particularly to a kind of based on minimum AES, adopt The method and system of two-way authentication between reader and label in rfid system is realized with RFID security protocols of eating dishes without rice or wine.
Background technology
Radio frequency identification (Radio Frequency Identification, RFID) technology passes through radiofrequency signal automatic identification Destination object simultaneously obtains related data, is a kind of contactless automatic identification technology.Because there is RFID technique multiple target to know The advantages of other and contactless identification, at present, RFID technique is widely used to the neck such as manufacturing industry, business, military affairs and daily life Domain.
Rfid system generally comprises three parts:Reader, label and background data base.Wherein, reader is one and carries The wireless transmission and receiving equipment of antenna, with larger memory space and microprocessor, microprocessor has stronger treatment Ability;Label is the microcircuit equipped with antenna, is made up of thousands of logic gates, usually not microprocessor;Number of units afterwards Can be operation and the Database Systems of any hardware platform according to storehouse, with powerful memory space and with microprocessor, With stronger logic processing capability.
Typically, when rfid system recognizes destination object in practice, reader is to separate with label, and label is integrated in In identified destination object, between reader and label, it is authenticated by sending radio frequency signal and obtains correlation Data.Due to transmitting data by radio frequency signal between reader and label, the transmission medium of signal is air, is easily met with To the influence of the unsafe factors such as various malicious attacks.
The content of the invention
Inventor has found in research process, in order to overcome the influence of the unsafe factors such as various malicious attacks, raising to read Read the security of traffic channel data between device and label, can be by various security protocol applications based on standard-key cryptography Between reader and label, but, these agreements using reader to label or label to the unilateral authentication of reader, When the data of transmission run into the unsafe factors such as various malicious attacks between reader and label, the security of data is transmitted It is low.Meanwhile, these are based on the AES employed in the security protocol of standard-key cryptography, it is desirable to which label has larger depositing Storage space, so this method for improving security may not apply to low cost RFID system label.
In view of this, the main object of the present invention is directed to low cost RFID label, there is provided one kind is realized in rfid system The method and system of reader and label two-way authentication, the method and system are that the RFID based on minimum AES eats dishes without rice or wine safety The two-way authentication of protocol realization, because memory space requirement of the minimum AES to label is smaller, the present invention is based on pole Mutual authentication method and system that small AES is realized, both can be suitably used for low cost RFID system label, can overcome various again The influence of the unsafe factors such as malicious attack, and then improve the security of certification.Further, based on foregoing two-way authentication side Method, moreover it is possible to realize being transmitted between reader and label in low cost RFID system the security of data.
Therefore, technical proposal that the invention solves the above-mentioned problems is:
A kind of method for realizing reader and smart-tag authentication in rfid system, it is characterised in that the method for the certification should For rfid system, the rfid system includes reader, label and database, and the database has shared with the label Key, the method is:
The label is calculated label identifier using hash algorithm with smart-tag authentication code, obtains token information;Its In, the token information is that the label is calculated after the querying command that the reader sends is received;
Token information is sent to the reader by the label;
The database root obtains the corresponding shared key of the label according to the token information that the reader sends;
The shared key, the first random number and the second random number are sent to the reader by the database, described First random number is generated with second random number by the database;
The reader uses minimum AES, and first random number encryption is obtained using the shared key First ciphertext;
First random number, second random number and first ciphertext are sent to the mark by the reader Sign;
Label first ciphertext and the second ciphertext, second ciphertext is by the label using described minimum AES, and first random number encryption is obtained using the shared key, if first ciphertext and described second Ciphertext is identical, then the label passes through to the reader authentication;
3rd ciphertext is sent to the reader by the label, and the 3rd ciphertext uses minimum encryption by the label Algorithm, and second random number encryption is obtained using the shared key;
Reader the 3rd ciphertext and the 4th ciphertext, the 4th ciphertext is by the reader using described Minimum AES, and being obtained to second random number encryption using the shared key, if the 3rd ciphertext with it is described 4th ciphertext is identical, then reader passes through to the smart-tag authentication.
Preferably, the label is calculated label identifier and smart-tag authentication code using hash algorithm, obtains token information Method, specifically include:
The label is accorded with using string-concatenation, and the label identifier is spliced with smart-tag authentication code, is obtained To splicing character;
The label calculates the splicing character using the hash algorithm, obtains the token information.
Preferably, the database root is corresponding shared close according to the token information acquisition label that the reader sends Key, specifically includes:
The database receives the token information that reader sends;
The database searches call number corresponding with the token information from storage table, and the storage table is marked for each Reserved two pairs of call numbers and token information, two pairs of call numbers and the token information comprising label transmission in token information are signed, The storage table is preserved in the database;
The database obtains the corresponding call number of the token information;
Call number described in the data base manipulation obtains shared key corresponding with the call number.
Preferably, the database root is corresponding shared close according to the token information acquisition label that the reader sends After key, also include:
The database calculates the XOR result of the call number and the first random number, and first random number is by database Generation;
XOR result described in the data base manipulation updates another to call number and token information in storage table.
Preferably, a kind of method for realizing reader and smart-tag authentication in rfid system, also includes:
The reader sends radio frequency signal to the label, and the label is integrated in destination object;
The reader obtains the data of the destination object according to the feedback signal of the label;
The present invention also provides a kind of system for realizing reader and smart-tag authentication in rfid system, and the system includes:Read Read device, label and database, the database has shared key with the label.
Label in the system is specifically included:
Computing unit, for being calculated with smart-tag authentication code label identifier using hash algorithm, obtains token letter Breath;Wherein, the token information is that the label is calculated after the querying command that the reader sends is received;
First transmitting element, for token information to be sent into the reader;The comparing unit is used to compare described the One ciphertext and the second ciphertext, second ciphertext use the minimum AES by the label, and using described shared close Key is obtained to first random number encryption, if first ciphertext is identical with second ciphertext, the label is to described Reader authentication passes through;
Second transmitting element, for the 3rd ciphertext to be sent into the reader, the 3rd ciphertext is used by the label Minimum AES, and second random number encryption is obtained using the shared key.
Preferably, the computing unit includes:
Concatenation module, for using string-concatenation symbol, being spelled with smart-tag authentication code to the label identifier Connect, obtain splicing character;
Computing module, for calculating the splicing character using the hash algorithm, obtains the token information.
Database in the system is specifically included:
Acquiring unit, it is corresponding shared close that the token information for being sent according to the reader obtains the label Key;
Transmitting element, it is described for the shared key, the first random number and the second random number to be sent into the reader First random number is generated with second random number by the database.
Preferably, the acquiring unit is specifically included:
Receiver module, the token information for receiving reader transmission;
Searching modul, for searching call number corresponding with the token information from storage table, the storage table is every Individual label reserves two pairs of call numbers and token information, believes comprising the token that label sends in two pairs of call numbers and token information Breath, the storage table is preserved in the database;
Call number module is obtained, for obtaining the corresponding call number of the token information;
Shared key module is obtained, for obtaining shared key corresponding with the call number using the call number.
Preferably, the database also includes:
Computing unit, the XOR result for calculating the call number and the first random number, first random number is by counting Generated according to storehouse;
Updating block, for updating another to call number and token information in storage table using the XOR result.
Reader in the Verification System is specifically included:
Ciphering unit, for using minimum AES, and using the shared key to first random number encryption Obtain the first ciphertext;
Transmitting element, for first random number, second random number and first ciphertext to be sent into the mark Sign;
Comparing unit, for comparing the 3rd ciphertext and the 4th ciphertext, the 4th ciphertext is used by the reader The minimum AES, and being obtained to second random number encryption using the shared key, if the 3rd ciphertext with 4th ciphertext is identical, then reader passes through to the smart-tag authentication.
Preferably, the reader in the Verification System also includes:
Radio frequency signal unit is sent, for sending radio frequency signal to the label, the label is integrated in mesh In mark object;
Destination object data cell is obtained, for the feedback signal according to the label, the number of the destination object is obtained According to.
Compared with prior art, the invention has the advantages that:
For the rfid system of low cost, transmitted between reader and label in rfid system data easily to meet with to overcome Influenceed by unsafe factors such as various malicious attacks, it is ensured that the security of data is transmitted between reader and label, the present invention is carried Go out the RFID based on minimum AES to eat dishes without rice or wine security protocol, the symmetric key encryption algorithm that wherein security protocol is used is minimum AES (Tiny Encryption Algorithm, TEA), this algorithm for encryption decryption speed is fast, it is simple to realize, with compared with Good resisting differential performance, also, this algorithm does not use transition matrix, to the less demanding of the memory space of label, it is adaptable to low Cost rfid system label.Meanwhile, this security protocol only works as reader by the way of two-way authentication between reader and label Smart-tag authentication is passed through, while can just carry out the data transfer between reader and label after label passes through to reader authentication;And And, label is updated to label identifier during each certification, and database is carried out more to the call number in storage table Newly so that in each verification process, label identifier and the call number in database are dynamic changes, overcome existing skill The unidirectional authentication shortcoming low to the blocking statutes of the unsafe factors such as various malicious attacks between reader and label in art, so that So that the security that data are transmitted between reader and label is higher.
Brief description of the drawings
In order to illustrate more clearly about the embodiment of the present invention or technical scheme of the prior art, below will be to embodiment or existing The accompanying drawing to be used needed for having technology description is briefly described, it should be apparent that, drawings in the following description are only this Inventive embodiment, for those of ordinary skill in the art, on the premise of not paying creative work, can also basis The accompanying drawing of offer obtains other accompanying drawings.
Fig. 1 is the composition structural representation of rfid system in the present invention;
Fig. 2 is the flow chart that reader carries out two-way authentication with label using minimum AES in the present invention;
Fig. 3 is the flow chart of charge station's pickup vehicle expense in the present invention;
Fig. 4 is the corresponding structural representation of label in a kind of system of certification in the present invention;
Fig. 5 is the corresponding structural representation of database in a kind of system of certification in the present invention;
Fig. 6 is the corresponding structural representation of reader in a kind of system of certification in the present invention;
Fig. 7 is the also included cellular construction schematic diagram of reader in a kind of application authorization system in the present invention.
Specific embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete Site preparation is described, it is clear that described embodiment is only a part of embodiment of the invention, rather than whole embodiments.It is based on Embodiment in the present invention, it is every other that those of ordinary skill in the art are obtained under the premise of creative work is not made Embodiment, belongs to the scope of protection of the invention.
The present invention provides the method and system of reader and smart-tag authentication in a kind of rfid system, this reader and label Certification is the two-way authentication realized based on minimum AES.During reader and label carry out two-way authentication, first, Reader obtains the corresponding shared key of this label according to label identifier ID from database, and reader is obtained from database Take the first random number and the second random number;Then, reader will encrypt the first random number is obtained first using this shared key Ciphertext, the first random number and the second random number are sent to label, and the shared key that label is possessed using it is by the first random number Encryption obtains the second ciphertext, and label compares the first ciphertext and the second ciphertext, if both are identical, certification of the label to reader is led to Cross;Finally, label obtains the 3rd ciphertext to the second random number encryption using shared key, and the 3rd ciphertext is sent into reading Device, reader obtains the 4th ciphertext to the second random number encryption with its own shared key, and reader compares the 3rd ciphertext With the 4th ciphertext, if both are identical, certification of the reader to label passes through.When the reader in rfid system and label are two-way After certification passes through, reader needs the information for obtaining label can be by being encrypted in safe transmission in communication channel.
In order to reader obtains the information of label in the rfid system for ensureing inexpensive label, can pacify in communication channel A kind of full transmission, it is proposed that method and system of the two-way authentication based on minimum AES.In order that those skilled in the art Methods of this invention will be better understood and system, and first rfid system is described in detail with minimum AES below.
The composition figure of rfid system, as shown in figure 1, as shown in Figure 1, rfid system include background data base, reader with The part of label three.When usual rfid system recognizes destination object in actual applications, destination object has multiple, in rfid system Label be one-to-one with destination object, an integrated label on each destination object, and reader and label Between be separate, be mutually authenticated by radiofrequency signal between reader and label and obtained related data.
When reader and label are transmitted data by radiofrequency signal, reader are generally sent into radio frequency to label and is believed Number channel be referred to as " forward channel ", label to reader send radiofrequency signal channel be referred to as " backward channel ".Due to reading Device is very big with the wireless power difference of label, and the wireless power of reader is greater than the wireless power of label, therefore forward channel Communication range be far longer than the communication range of backward channel.
In rfid system, reader is to separate with label, by radio frequency signal in forward channel and reversely letter Transmitted in road, and reader is connected to what is connect with background data base, reader can obtain data from background data base.This Outward, reader and database all have microprocessor, with larger computing capability and memory space.But, inexpensive label Do not have microprocessor generally, be only made up of thousands of logic gates, its calculating speed, communication capacity and memory space are all non- It is often limited.
Therefore, for the rfid system of inexpensive label, the present invention propose the mutual authentication method of reader and label with System is realized based on minimum AES.Minimum AES (Tiny Encryption Algorithm, TEA) is one Symmetric key encryption algorithm is planted, memory space is small with taking, meanwhile, this algorithm does not use transition matrix, it is not necessary to which label has There is larger memory space, it is adaptable to inexpensive label.Additionally, TEA algorithms are at least entered in plain text using 128 data keys Row 32 takes turns iteration (recommendation carries out 64 wheel iteration), with calculating speed is fast and the characteristics of good resisting differential performance.
64 clear datas are entered using 128 keys as a example by 32 wheel iterative cryptographics obtain 64 ciphertexts by TEA, introduced The process of TEA encryptions, its process is as follows:
(1) parameter initialization
64 clear datas are divided into x and y two parts, 32 are respectively accounted for;
128 keys are divided into 4 parts, respectively a, b, c, d, 32 are accounted for per part;
Parameter δ=0x9E3779B9, Sum=0.
(2) 32 wheel interative computation processes are carried out to clear data is:
Sum=Sum+ δ;
Wherein, " < < " is represented and is pressed lt, and " > > " is represented and pressed gt,Represent xor operation.
X in (2nd) step and y is merged and obtains 64 ciphertexts.
In order that those skilled in the art more fully understand the present invention program, with reference to the accompanying drawings and detailed description The present invention is described in further detail.
Embodiment 1
In order that those skilled in the art based on minimum AES between reader and label in rfid system to being entered Row two-way authentication is best understood from, and is described in detail below in rfid system and minimum AES is based between reader and label The step of carrying out two-way authentication.
Fig. 2 is referred to, is that reader carries out two-way authentication with label using minimum AES in the embodiment of the present invention Flow chart, specific steps can include:
Step S200:First, reader sends querying command to label, and this querying command is that the present invention carries out two-way authentication The first step.When reader needs to carry out two-way authentication with label, reader sends querying command to label first.
For example, reader in rfid system proposed by the present invention and label to be carried out the method and system application of two-way authentication In the management of statistics company fixed assets, the assets of all companies are all distinguished the label of built-in rfid system, rfid system Reader be connected with database, have the relevant information of all fixed assets of company in the database.When company needs When counting all fixed assets of present company, reader sends querying command to all labels, and prompting carries out two-way with label Certification, to realize the identification to label, and then realizes the statistics to existing fixed assets.
There are multiple labels in rfid system, the method for carrying out two-way authentication with a label with reader below is situated between Continue, reader is similar with the method with the mutual authentication method of remaining label.
Step S201:The label is calculated label identifier using hash algorithm with smart-tag authentication code, is made Board information;Wherein, the token information is that the label is calculated after the querying command that the reader sends is received;
After label receives this querying command, " ‖ " is accorded with by label identifier " ID " and smart-tag authentication code using string-concatenation " P " is spliced, and obtains splicing character " ID ‖ P ".Wherein each label has two optional label identifier respectively ID0With ID1.Wherein, ID0With ID1, if selecting one of them, can be entered with reader every time afterwards by label generation mosaic symbol During row certification, this label identifier is all used.For example, during label is authenticated with reader for the first time, from ID0Make It is " ID " of generation splicing character, then use ID in each verification process always afterwards0, and ID0With ID1Each Can be all updated in verification process;
Smart-tag authentication code is the two-way authentication in order to realize reader and label of the invention, in label and background data base In increased content, smart-tag authentication code for label generate token information, this smart-tag authentication code will not be updated, be and label one One is corresponding.Then, label is calculated splicing character " ID ‖ P " using hash algorithm, obtains token information.
Step S202:The token information is sent to the reader by label.
Reader receives the token information that label sends, so that this token information subsequently is sent into database.
Step S203:It is corresponding that the database root obtains the label according to the token information that the reader sends Shared key.
Specifically, reader receives the token information that label sends, and this token information is sent to database.
Token information obtains the specific steps of the corresponding shared key of the label and includes database root accordingly:Step A1~ A4。
Step A1:Database receives the token information that reader sends.
Step A2:Database searches call number corresponding with the token information from storage table, is wrapped in the storage table The corresponding token information of all labels and call number are included, the storage table is preserved in the database.
Storage table is preserved in database, this storage table includes the information of all labels, each label correspondence is stored A record in table, this record content contains:(ID0, H (ID0//P), ID1, H (ID1//P), data).
Wherein, ID0With ID1H (ID are represented respectively0//P) and H (ID1//P) call number, in storage table be each label ID is reserved respectively0With ID1, database determines to use reserved ID by searching the token information of reception from storage table0Or ID1, the ID in each verification process0With ID1It is updated;The private information data of " data " expression label, such as price of goods, The data of the need for confidentiality such as the goods place of production;In initialization, ID0=ID, ID1=0.
Database root obtains the token information correspondence according to the token information that reader sends is received from storage table record Call number.
Step A3:Call number described in data base manipulation obtains the shared key.
Database using the call number for obtaining according to obtaining shared key by the way of being appointed with label, this shared key Acquisition modes are label and database convention, and the mode of shared key is obtained between label and database:
Mode one:Before reader in carrying out rfid system and label two-way authentication, label manufacturer is by shared key In write-in label, each label has multiple shared keys, and shared key has completed sequence, when being authenticated every time in sequence The second ciphertext and the 3rd ciphertext are generated using shared key, and the shared key of multiple sequences of this label is stored in backstage In database, database root finds the number of times and shared key after call number according to certification according to the token information that label sends Sequentially determine the shared key of this certification, now, during each reader and smart-tag authentication, database is chosen The shared key that is used of shared key and label be identical.
Mode two:Label generates shared key while token information is generated in each certification, label is using asymmetric AES and using public key by this shared key encrypted it is shared close;Database root accordingly label private key pair plus Close shared key decryption obtains the shared key,.
It should be noted that using by the way of this kind of key is shared, it is necessary to before reader carries out two-way authentication with label, There is the private key of the asymmetric key algorithm corresponding with all labels in database, the data base manipulation private key is to reception Encryption shared key decryption obtains the shared key of the label, and the call number of each label is right with label institute in database The private key of the asymmetric cryptographic algorithm answered is corresponding.
, it is necessary to reader sends token information to database by the way of this kind of key is shared between label and database Meanwhile, the shared key of tag encryption is also sent to database.Database root is corresponding in database according to the token information Call number, finds the private key corresponding to the label, and the shared key of data base manipulation this private key decryption encryption is shared to obtain Key.
It should be noted that the mode that the label of the above obtains shared key with database is that the embodiment of the present invention is given Two ways, also in the presence of other modes, in practical application, should according to the performances such as the memory space of label and computing capability come Determine that label obtains the mode of shared key with database.
After the label correspondence shared key that database is obtained, database is random with first by the corresponding call number of the label Number carries out XOR, and the XOR result that will be obtained replaces another call number in storage table.
For example, preserving the information (ID of label in the storage table of database0, H (ID0//P), ID1, H (ID1//P), data)。ID0With ID1It is two reserved call numbers of the label to be, database root according to the token information for receiving, in obtaining storage table H (ID0//P) it is identical with the token information, then data are according to H (ID0//P) corresponding call number ID0Obtain being total to for the label After enjoying key, using formulaTo update ID1With H (ID1//P)。
Step S204:The shared key, the first random number and the second random number are sent the reading by the database Device, first random number is generated with second random number by the database;
Database generates the first random number and the second random number, and by this first random number and the second random number and step The shared key that S203 is obtained is sent to reader.Specifically, database can generate two not using randomizer Same random number is respectively as the first random number and the second random number, it is necessary to explanation is the first random number and the second random number Length is identical with the length of the call number for needing to update.
Step S205:The reader uses minimum AES, and random to described first using the shared key Number encryption obtains the first ciphertext;
Reader receives the first random number, the second random number and the shared key that database sends.Reader is in The minimum AES put, and the first ciphertext is obtained to the first random number encryption using shared key.Specifically, art technology Personnel are without creative efforts, it is easy to according to the minimum AES use 128 keys to 64 for Clear data as a example by 32 wheel iterative cryptographics obtain 64 encryption methods of ciphertext, obtain reader and adopted with minimum AES The first ciphertext is obtained to the first random number encryption with shared key, generating the first ciphertext to reader herein is not repeating.
Step 206:First random number, second random number and first ciphertext are sent institute by the reader State label;
The first ciphertext, the first random number and the second random number that step S205 encryptions are obtained are sent to mark by reader Sign.
Step S207:Label first ciphertext and the second ciphertext, second ciphertext are adopted by the label With the minimum AES, and first random number encryption is obtained using the shared key, if first ciphertext Identical with second ciphertext, then the label passes through to the reader authentication;
Label receives the first ciphertext, the first random number and the second random number that reader sends;Label is built-in using its Minimum AES, and the first random number for receiving is encrypted and obtains the second ciphertext using shared key, specifically, mark The method that the first random number of encryption obtains the second ciphertext is signed, the method phase that the first random number obtains the first ciphertext is encrypted with reader Together.
Label compares the first ciphertext and the second ciphertext, if both are identical, certification of the label to reader passes through, if both Difference, then terminate identifying procedure.
It should be noted that after label has compared the first ciphertext with the second ciphertext, using formula Carry out two optional label identifier ID in refreshed tag0With ID1, in formula, the value of X is 1 or 0, RAFor described first with Machine number.For example, during label and reader authentication, label uses ID0To generate token information, now, according to formulaTwo alternative label identifiers to update label, afterwards label and reader During being authenticated, label is using the ID for updating0To generate token information.
Step S208:3rd ciphertext is sent the reader by the label, and the 3rd ciphertext is used by the label Minimum AES, and second random number encryption is obtained using the shared key;
Label uses built-in minimum AES, and it is close to the second random number encryption to obtain the 3rd using shared key Text, reader is sent to by this 3rd ciphertext.Wherein, label obtains the method for the 3rd ciphertext to the second random number encryption and reads The method that device obtains the first ciphertext to the first random number encryption is similar to, and repeats no more here.
Step S208:Reader the 3rd ciphertext and the 4th ciphertext, the 4th ciphertext is by the reading Device uses the minimum AES, and second random number encryption is obtained using the shared key, if the described 3rd Ciphertext is identical with the 4th ciphertext, then reader passes through to the smart-tag authentication.
Reader receives the 3rd ciphertext that label sends, using minimum AES and random to second using shared key Number encryptions obtain the 4th ciphertext, and shared key herein is the shared key that database is sent to reader in step S204. Wherein, reader obtains the method for the 4th ciphertext to the second random number encryption to obtain the 3rd to the second random number encryption with label close The method of text is similar to, and repeats no more here.
Then, reader compares the 3rd ciphertext and the 4th ciphertext, if both are identical, certification of the reader to label is led to Cross, if both are different, terminate the verification process between reader and label.
From it is above-mentioned realize two-way authentication the step of in as can be seen that pass through after this two-way authentication, between reader and label biography Defeated data can be the data after minimum AES is encrypted, according to the characteristic of minimum AES, without shared In the case of key, it is impossible to obtain data, therefore, attacker if it is intended to obtain this data it is necessary to have shared key, and Shared key is only present in database and label, if it is desired to obtaining this shared key from database, it is necessary to obtain token Call number in information, even if attacker steals token informations, according to the characteristic of hash function, also cannot be according to token information The corresponding call number of the label is recovered, and then shared key can not possibly be obtained, so reader passes through of the invention with label After two-way authentication, it is ensured that the secret of transmission data.
Meanwhile, it is above-mentioned realize two-way authentication the step of in, label using hash function calculate clear data obtain token Information, according to the characteristic of hash function, if clear data changes 1bit, the hash function value for obtaining will produce huge change Change, equally, in turn, if changing 1bit to hash function value, it is impossible to learn that what corresponding clear data is.Equally, such as Fruit change TEA encryptions obtain ciphertext 1bit, and the data for decrypting will be caused to have very big difference with original data.Therefore, originally The method that inventive embodiments are provided can ensure to transmit the integrality of data in mutual authentication process between reader and label, if Data are distorted by attacker in verification process, then label will not realize two-way authentication with reader.
Also, during carrying out two-way authentication between reader and label, only reader knows shared close with label Key, when label receives the first ciphertext that reader sends, by the comparing of the second ciphertext and the first ciphertext, it is possible to determine that go out this First ciphertext is that real reader sends;Similarly, reader receive label send the 3rd ciphertext, general 3rd ciphertext with The comparing of the 4th ciphertext, reader can be determined that this 3rd ciphertext is that real label sends, it was demonstrated that reader and label it Between reply data be to the opposing party inquiry response, by after both certifications, it is ensured that the authenticity of data.
Further, due to during certification, after label is compared to the first ciphertext and the second ciphertext, to the mark The identifier that label generation token information is used is updated so that in the token information that the acceptance of the bid of each verification process is signed and issued out It is different from the previous case, and be not in contact between token information.Therefore, the method that identifier refreshes can be protected by label The privacy of user.Meanwhile, during certification, for each label reserves two call numbers in database purchase table, each Verification process in connection receive token information corresponding to call number do not update, only update it is not corresponding with token information Call number so that no matter whether label is updated to the identifier that generation token information is used in this verification process, Next time in verification process, the corresponding call number of the token information, and then database can be found in database purchase table Shared key is obtained, the process of two-way authentication is realized.Therefore the embodiment of the present invention is solved due to database update call number mark Sign the problem that more new identifier brings step-out.
Even if also, attacker is communicated in reader with label next time, label can be pretended to be to think highly of to reading The token information intercepted before new transmission, so that subsequent tag can pass through to reader authentication, but, due to this certification During, database has occurred that change to the random number that reader sends, and during reader is to smart-tag authentication, attacks Random number that the person of hitting sends to reader or last time communication intercept to random number, sent to reader with this database Random number is different, therefore, certification of the reader to label will not pass through so that the two-way authentication between this reader and label is lost Lose, and then attacker can not obtain the data of transmission between subsequent tag and reader, it is seen then that two-way authentication of the invention is realized Strick precaution to attacker's Replay Attack.
Further, because the identifier of label generation token information is change in the embodiment of the present invention, even if attacking The person of hitting can exchange two identifiers of legitimate tag, form displacement and attack, but, the authentication code corresponding to two labels is not Can change with two identifiers of label of displacement, therefore, label identifier and authentication code generation of the label according to displacement Token information, is not present in the storage table of database, enters without realizing the two-way authentication between label and reader, realizes The strick precaution attacked attacker's displacement.
To sum up, the embodiment of the present invention realizes the two-way authentication of reader and label by above step, it is possible to achieve read The precaution of secret, integrality, authenticity and raising to various malicious attacks of data is transmitted between device and label.
Embodiment 2
Want to obtain the data of destination object for reader, the label of rfid system is built-in with this destination object, than As rfid system is applied in highway (road and bridge) non-stopping toll administration, RFID systems are installed in freeway toll station Reader and database in system, are built-in with the label of rfid system in vehicle, when vehicle passes through this charge station, reader Two-way authentication is carried out with label first, by after two-way authentication, the expense of charge station's pickup vehicle, it is possible to achieve not parking receipts Take.
Fig. 3 is referred to, is the flow chart of charge station's pickup vehicle expense in the embodiment of the present invention, specific steps can be wrapped Include:
Step S301:The reader sends radio frequency signal to the label, and the label is integrated in destination object In.
The label of rfid system is integrated with vehicle, the reader and data of rfid system are installed in charge station.Work as car During by charge station, the reader of charge sends to the label in vehicle and carries out the radio frequency signal of two-way authentication.
Step S302:The reader obtains the data of the destination object according to the feedback signal of the label;
Label is received after reader sends and carry out the radio frequency signal of two-way authentication, according to the method for embodiment 1, is read Device carries out two-way authentication with label.After if the two-way authentication between label in the reader and vehicle of charge station passes through, vehicle Label to the reader feedback corresponding name on account of vehicle, charge station automatically extracts the expense that vehicle is dealt with the account of vehicle With so as to realize highway (road and bridge) non-stopping toll administration.
In the embodiment of the present invention, toll station is provided with the reader and database of rfid system first, by charge The label of rfid system is installed in the vehicle stood.Then, when vehicle passes through charge station, reader and label two-way recognize Card.Finally, after reader and label two-way authentication pass through, reader obtains the name on account of vehicle, so obtain the vehicle should The expense of payment.Realize highway (road and bridge) non-stopping toll administration.
Embodiment 3
The embodiment of the invention discloses a kind of system of certification, the system includes:Reader, label and database, it is described Database has shared key with the label.
The label of the system includes:Computing unit, the first transmitting element, comparing unit and the second transmitting element, refer to Fig. 4, including:
Computing unit 401:For being calculated with smart-tag authentication code label identifier using hash algorithm, token is obtained Information;Wherein, the token information is that the label is calculated after the querying command that the reader sends is received;
First transmitting element 402:For the token information to be sent into the reader;
Comparing unit 403:For, comparing first ciphertext and the second ciphertext, second ciphertext is adopted by the label With the minimum AES, and first random number encryption is obtained using the shared key, if first ciphertext Identical with second ciphertext, then the label passes through to the reader authentication;
Second transmitting element 404:For the 3rd ciphertext to be sent into the reader, the 3rd ciphertext is adopted by the label Minimum AES is used, and second random number encryption is obtained using the shared key;
Database in the system includes acquiring unit and transmitting element, refers to Fig. 5, specifically includes:
Acquiring unit 501, it is corresponding common that the token information for being sent according to the reader obtains the label Enjoy key;
Transmitting element 502, for the shared key, the first random number and the second random number to be sent into the reader, First random number is generated with second random number by the database;
Reader in the system includes ciphering unit, transmitting element and comparing unit, referring to Fig. 6, specifically includes:
Ciphering unit 601, for using minimum AES, and is added using the shared key to first random number It is close to obtain the first ciphertext;
Transmitting element 602, for first random number, second random number to be sent into described with first ciphertext Label;
Comparing unit 603, for comparing the 3rd ciphertext and the 4th ciphertext, the 4th ciphertext is adopted by the reader With the minimum AES, and second random number encryption is obtained using the shared key, if the 3rd ciphertext Identical with the 4th ciphertext, then reader passes through to the smart-tag authentication.
Optionally, in the embodiment of the present invention, the computing unit 401 in the system label is using hash algorithm to label mark Know symbol to be calculated with smart-tag authentication code, when obtaining token information, specifically include:
Concatenation module, for using string-concatenation symbol, being spelled with smart-tag authentication code to the label identifier Connect, obtain splicing character;
Computing module, for calculating the splicing character using the hash algorithm, obtains the token information.
Optionally, in the embodiment of the present invention, the token letter that described acquiring unit 501 sends according to the reader When breath obtains the label corresponding shared key, specifically include:
Receiver module, the token information for receiving reader transmission;
Searching modul, for searching call number corresponding with the token information from storage table, the storage table is every Individual label reserves two pairs of call numbers and token information, believes comprising the token that label sends in two pairs of call numbers and token information Breath, the storage table is preserved in the database;Call number module is obtained, for obtaining the corresponding index of the token information Number;
Shared key module is obtained, for obtaining shared key corresponding with the call number using the call number.
Optionally, in the embodiment of the present invention, the database also includes:
Computing unit, the XOR result for calculating the call number and the first random number, first random number is by counting Generated according to storehouse;
Updating block, for updating another to call number and token information in storage table using the XOR result.
The system that present system embodiment discloses two-way authentication between reader and label in a kind of rfid system, this is Unite by the computing unit in label, the first transmitting element, comparing unit and the second transmitting element, by the acquisition in database Ciphering unit, transmitting element and comparing unit in unit and transmitting element and reader, realize that reader is double with label To certification.
Embodiment 4
The system that reader obtains the data of label is realized the embodiment of the invention discloses a kind of application rfid system, referring to Fig. 7, the reader in the system also includes:
Radio frequency signal unit 701 is sent, for sending radio frequency signal to the label, the label is integrated in In destination object;
Destination object data cell 702 is obtained, for the feedback signal according to the label, the destination object is obtained Data.
Present system embodiment discloses a kind of application rfid system and realizes the system that reader obtains label data, should System realizes the two-way authentication between reader and label first;Then, by the way that after two-way authentication, reader obtains the number in label According to.
It should be noted that each embodiment in this specification is described by the way of progressive, each embodiment weight Point explanation is all difference with other embodiment, between each embodiment identical similar part mutually referring to. For device class embodiment, because it is substantially similar to embodiment of the method, so description is fairly simple, related part ginseng See the part explanation of embodiment of the method.
Finally, in addition it is also necessary to explanation, herein, such as first and second or the like relational terms be used merely to by One entity or operation make a distinction with another entity or operation, and not necessarily require or imply these entities or operation Between there is any this actual relation or order.And, term " including ", "comprising" or its any other variant meaning Covering including for nonexcludability, so that process, method, article or equipment including a series of key elements not only include that A little key elements, but also other key elements including being not expressly set out, or also include for this process, method, article or The intrinsic key element of equipment.In the absence of more restrictions, the key element limited by sentence "including a ...", does not arrange Except also there is other identical element in the process including the key element, method, article or equipment.
The foregoing description of the disclosed embodiments, enables professional and technical personnel in the field to realize or uses the present invention. Various modifications to these embodiments will be apparent for those skilled in the art, as defined herein General Principle can be realized in other embodiments without departing from the spirit or scope of the present invention.Therefore, the present invention The embodiments shown herein is not intended to be limited to, and is to fit to and principles disclosed herein and features of novelty phase one The scope most wide for causing.

Claims (10)

1. a kind of method for realizing reader and smart-tag authentication in rfid system, it is characterised in that the method application of the certification In rfid system, the rfid system includes reader, label and database, and the database has shared close with the label Key, the method includes:
The label is calculated label identifier using hash algorithm with smart-tag authentication code, obtains token information;Wherein, institute It is that the label is calculated after the querying command that the reader sends is received to state token information;
Token information is sent to the reader by the label;
The database root obtains the corresponding shared key of the label according to the token information that the reader sends;
The shared key, the first random number and the second random number are sent to the reader, described first by the database Random number is generated with second random number by the database;
The reader uses minimum AES, and obtains first to first random number encryption using the shared key Ciphertext;
First random number, second random number and first ciphertext are sent to the label by the reader;
Label first ciphertext and the second ciphertext, second ciphertext use the minimum encryption by the label Algorithm, and first random number encryption is obtained using the shared key, if first ciphertext and second ciphertext Identical, then the label passes through to the reader authentication;
3rd ciphertext is sent to the reader by the label, and the 3rd ciphertext is calculated by the label using minimum encryption Method, and second random number encryption is obtained using the shared key;
Reader the 3rd ciphertext and the 4th ciphertext, the 4th ciphertext is by the reader using described minimum AES, and second random number encryption is obtained using the shared key, if the 3rd ciphertext and the described 4th Ciphertext is identical, then reader passes through to the smart-tag authentication.
2. method according to claim 1, it is characterised in that the label is using hash algorithm to label identifier and mark Sign authentication code to calculate, obtain token information, including:
The label is accorded with using string-concatenation, and the label identifier is spliced with smart-tag authentication code, is spelled Connect character;
The label calculates the splicing character using the hash algorithm, obtains the token information.
3. method according to claim 1, it is characterised in that the database root is believed according to the token that the reader sends Breath obtains the corresponding shared key of the label, including:
The database receives the token information that reader sends;
The database searches call number corresponding with the token information from storage table, and the storage table is that each label is pre- Two pairs of call numbers and token information, two pairs of call numbers and the token information comprising label transmission in token information are stayed, it is described Storage table is preserved in the database;
The database obtains the corresponding call number of the token information;
Call number described in the data base manipulation obtains shared key corresponding with the call number.
4. method according to claim 1, it is characterised in that also include:
The database calculates the XOR result of the call number and the first random number, and first random number is given birth to by database Into;
XOR result described in the data base manipulation updates another to call number and token information in storage table.
5. method according to claim 1, it is characterised in that also include:
The reader sends radio frequency signal to the label, and the label is integrated in destination object;
The reader obtains the data of the destination object according to the feedback signal of the label.
6. a kind of system for realizing reader and smart-tag authentication in rfid system, it is characterised in that the system includes:Read Device, label and database, the database have shared key with the label, and the label includes computing unit, the first hair Sending unit, comparing unit and the second transmitting element, the computing unit is used for using hash algorithm to label identifier and label Authentication code is calculated, and obtains token information;Wherein, the token information is that the label is receiving the reader transmission It is calculated after querying command;First transmitting element is used to for token information to send the reader;It is described relatively more single Unit uses the minimum AES for comparing first ciphertext and the second ciphertext, second ciphertext by the label, And first random number encryption is obtained using the shared key, if first ciphertext is identical with second ciphertext, Then the label passes through to the reader authentication;Second transmitting element is used to for the 3rd ciphertext to send the reader, 3rd ciphertext uses minimum AES by the label, and using the shared key to second random number encryption Obtain;
The database includes acquiring unit and transmitting element, and the acquiring unit is used for according to the reader sends Token information obtains the corresponding shared key of the label;The transmitting element is used for the shared key, the first random number The reader is sent with the second random number, first random number is generated with second random number by the database;
The reader includes ciphering unit, transmitting element and comparing unit, and the ciphering unit is used to be calculated using minimum encryption Method, and the first ciphertext is obtained to first random number encryption using the shared key;The transmitting element is used for will be described First random number, second random number send the label with first ciphertext;The comparing unit is used for relatively more described 3rd ciphertext and the 4th ciphertext, the 4th ciphertext use the minimum AES by the reader, and using described common Enjoy key to obtain second random number encryption, if the 3rd ciphertext is identical with the 4th ciphertext, reader is to institute Smart-tag authentication is stated to pass through.
7. system according to claim 6, it is characterised in that the computing unit, specifically includes:
Concatenation module, for using string-concatenation symbol, splicing with smart-tag authentication code to the label identifier, obtains To splicing character;
Computing module, for calculating the splicing character using the hash algorithm, obtains the token information.
8. system according to claim 6, it is characterised in that the acquiring unit, specifically includes:
Receiver module, the token information for receiving reader transmission;
Searching modul, for searching call number corresponding with the token information from storage table, the storage table is marked for each Reserved two pairs of call numbers and token information, two pairs of call numbers and the token information comprising label transmission in token information are signed, The storage table is preserved in the database;
Call number module is obtained, for obtaining the corresponding call number of the token information;
Shared key module is obtained, for obtaining shared key corresponding with the call number using the call number.
9. system according to claim 6, it is characterised in that database also includes computing unit and updating block, specifically For:
Computing unit, the XOR result for calculating the call number and the first random number, first random number is by database Generation;
Updating block, for updating another to call number and token information in storage table using the XOR result.
10. system according to claim 6, it is characterised in that reader also include sending radio frequency signal unit with Destination object data cell is obtained, specifically for:
Radio frequency signal unit is sent, for sending radio frequency signal to the label, the label is integrated in target pair As in;
Destination object data cell is obtained, for the feedback signal according to the label, the data of the destination object is obtained.
CN201710053713.8A 2017-01-22 2017-01-22 A kind of method and system for realizing reader and smart-tag authentication in RFID system Active CN106845304B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710053713.8A CN106845304B (en) 2017-01-22 2017-01-22 A kind of method and system for realizing reader and smart-tag authentication in RFID system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710053713.8A CN106845304B (en) 2017-01-22 2017-01-22 A kind of method and system for realizing reader and smart-tag authentication in RFID system

Publications (2)

Publication Number Publication Date
CN106845304A true CN106845304A (en) 2017-06-13
CN106845304B CN106845304B (en) 2019-03-19

Family

ID=59120472

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710053713.8A Active CN106845304B (en) 2017-01-22 2017-01-22 A kind of method and system for realizing reader and smart-tag authentication in RFID system

Country Status (1)

Country Link
CN (1) CN106845304B (en)

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108520189A (en) * 2018-03-28 2018-09-11 西安电子科技大学 Elliptic curve radio frequency identification authentication method based on resource-constrained label
CN109040120A (en) * 2018-09-13 2018-12-18 南京工程学院 A kind of SV message encryption and decryption method based on IEC61850 standard
CN109981264A (en) * 2019-03-11 2019-07-05 北京纬百科技有限公司 A kind of application key generation method and cipher machine apparatus assembly
CN111046413A (en) * 2019-12-28 2020-04-21 苏州芯动科技有限公司 RFID communication method and system
CN112437101A (en) * 2021-01-28 2021-03-02 北京电信易通信息技术股份有限公司 Method for safely logging in computer
WO2021109668A1 (en) * 2019-12-03 2021-06-10 支付宝(杭州)信息技术有限公司 Security authentication method, apparatus, and electronic device
CN113184647A (en) * 2021-04-27 2021-07-30 安徽师范大学 RFID-based contactless elevator system
CN113992445A (en) * 2021-12-28 2022-01-28 广东曜芯科技有限公司 Authentication apparatus and method
CN114024750A (en) * 2021-11-05 2022-02-08 北京天融信网络安全技术有限公司 Gateway access authentication method and device
CN114039727A (en) * 2021-12-09 2022-02-11 施耐德电气(中国)有限公司 Data transmission method and device, intelligent terminal and gateway equipment
CN115118527A (en) * 2022-08-26 2022-09-27 深圳市成为信息股份有限公司 Bidirectional authentication method for ultrahigh frequency module and PDA and related equipment

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101488854A (en) * 2008-01-18 2009-07-22 华为技术有限公司 Wireless RFID system authentication method and apparatus
CN101667255A (en) * 2008-09-04 2010-03-10 华为技术有限公司 Security authentication method, device and system for radio frequency identification
CN102510335A (en) * 2011-11-10 2012-06-20 西北工业大学 RFID (Radio Frequency Identification Device) mutual authentication method based on Hash
KR20120100434A (en) * 2011-03-04 2012-09-12 한양대학교 산학협력단 Method and apparatus for lightweight mutual authentification of rfid using group id
CN102945379A (en) * 2012-06-27 2013-02-27 无锡北邮感知技术产业研究院有限公司 Offline type bidirectional authentication method for card reader and label in RFID (radio frequency identification device) system
US20160034728A1 (en) * 2014-08-01 2016-02-04 Impinj, Inc. Rfid tag and reader characteristic determination using group keys

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101488854A (en) * 2008-01-18 2009-07-22 华为技术有限公司 Wireless RFID system authentication method and apparatus
CN101667255A (en) * 2008-09-04 2010-03-10 华为技术有限公司 Security authentication method, device and system for radio frequency identification
KR20120100434A (en) * 2011-03-04 2012-09-12 한양대학교 산학협력단 Method and apparatus for lightweight mutual authentification of rfid using group id
CN102510335A (en) * 2011-11-10 2012-06-20 西北工业大学 RFID (Radio Frequency Identification Device) mutual authentication method based on Hash
CN102945379A (en) * 2012-06-27 2013-02-27 无锡北邮感知技术产业研究院有限公司 Offline type bidirectional authentication method for card reader and label in RFID (radio frequency identification device) system
US20160034728A1 (en) * 2014-08-01 2016-02-04 Impinj, Inc. Rfid tag and reader characteristic determination using group keys

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
刘永科: "基于Hash函数和对称算法的RFID安全协议研究", 《中国优秀硕士学位论文全文数据库 信息科技辑》 *
欧阳常青: "低成本RFID安全协议研究", 《中国优秀硕士学位论文全文数据库 信息科技辑》 *

Cited By (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108520189B (en) * 2018-03-28 2020-01-31 西安电子科技大学 Elliptic curve radio frequency identification authentication method based on resource limited label
CN108520189A (en) * 2018-03-28 2018-09-11 西安电子科技大学 Elliptic curve radio frequency identification authentication method based on resource-constrained label
CN109040120A (en) * 2018-09-13 2018-12-18 南京工程学院 A kind of SV message encryption and decryption method based on IEC61850 standard
CN109981264A (en) * 2019-03-11 2019-07-05 北京纬百科技有限公司 A kind of application key generation method and cipher machine apparatus assembly
CN109981264B (en) * 2019-03-11 2020-08-04 北京纬百科技有限公司 Application key generation method and cipher machine equipment assembly
WO2021109668A1 (en) * 2019-12-03 2021-06-10 支付宝(杭州)信息技术有限公司 Security authentication method, apparatus, and electronic device
CN111046413A (en) * 2019-12-28 2020-04-21 苏州芯动科技有限公司 RFID communication method and system
CN111046413B (en) * 2019-12-28 2023-09-12 芯动微电子科技(珠海)有限公司 RFID communication method and system
CN112437101B (en) * 2021-01-28 2021-04-09 北京电信易通信息技术股份有限公司 Method for safely logging in computer
CN112437101A (en) * 2021-01-28 2021-03-02 北京电信易通信息技术股份有限公司 Method for safely logging in computer
CN113184647A (en) * 2021-04-27 2021-07-30 安徽师范大学 RFID-based contactless elevator system
CN114024750A (en) * 2021-11-05 2022-02-08 北京天融信网络安全技术有限公司 Gateway access authentication method and device
CN114024750B (en) * 2021-11-05 2023-11-28 北京天融信网络安全技术有限公司 Gateway access authentication method and device
CN114039727A (en) * 2021-12-09 2022-02-11 施耐德电气(中国)有限公司 Data transmission method and device, intelligent terminal and gateway equipment
CN113992445A (en) * 2021-12-28 2022-01-28 广东曜芯科技有限公司 Authentication apparatus and method
CN115118527A (en) * 2022-08-26 2022-09-27 深圳市成为信息股份有限公司 Bidirectional authentication method for ultrahigh frequency module and PDA and related equipment
CN115118527B (en) * 2022-08-26 2022-11-25 深圳市成为信息股份有限公司 Bidirectional authentication method for ultrahigh frequency module and PDA and related equipment

Also Published As

Publication number Publication date
CN106845304B (en) 2019-03-19

Similar Documents

Publication Publication Date Title
CN106845304B (en) A kind of method and system for realizing reader and smart-tag authentication in RFID system
CN103413109B (en) A kind of mutual authentication method of radio frequency identification system
CN103795543B (en) A kind of secure two-way authentication method for rfid system
CN103699920B (en) RF identification mutual authentication method based on elliptic curve
CN102034123B (en) RFID (Radio Frequency Identification) triple safety certification method based on label ID (Identification) random division
CN101645899B (en) Bidirectional authentication method and system based on symmetric encipherment algorithm
CN106712962A (en) Mobile RFID system bidirectional authentication method and system
CN103279775B (en) Ensure that secret and the rfid system of data integrity and its implementation
CN104115442B (en) RFID bidirectional authentication method based on asymmetric secret key and Hash function
CN110147666B (en) Lightweight NFC identity authentication method in scene of Internet of things and Internet of things communication platform
CN104333539B (en) A kind of RFID safety authentication based on Chebyshev map
CN101923654B (en) Ultrahigh frequency reader-writer suitable for remote security control by different users
CN110381055A (en) RFID system privacy-protection certification protocol method in healthcare supply chain
CN103532718A (en) Authentication method and authentication system
CN102684872B (en) Safety communication method for ultrahigh frequency radio-frequency identification air interface based on symmetrical encryption
CN101882197A (en) RFID (Radio Frequency Identification Device) inquiring-response safety certificate method based on grading key
CN110190966A (en) A kind of wireless radio frequency identification mark ownership transfer method based on cloud storage
CN103218633B (en) A kind of RFID safety authentication
CN101488179A (en) Authentication method and apparatus for wireless radio frequency recognition system
Alagheband et al. Unified privacy analysis of new‐found RFID authentication protocols
CN104579688B (en) It is a kind of based on Hash function can synchronized update key RFID mutual authentication method
CN108566385A (en) The mutual authentication method of efficient secret protection based on cloud
CN103152181B (en) A kind of RFID data encryption method
KR100605138B1 (en) Authorization method in radio frequency identification system
CN110650019B (en) RFID authentication method and system based on PUF and security sketch

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant