CN111601308A - System and method for authenticating tag chip, tag chip and storage medium - Google Patents

System and method for authenticating tag chip, tag chip and storage medium Download PDF

Info

Publication number
CN111601308A
CN111601308A CN202010429977.0A CN202010429977A CN111601308A CN 111601308 A CN111601308 A CN 111601308A CN 202010429977 A CN202010429977 A CN 202010429977A CN 111601308 A CN111601308 A CN 111601308A
Authority
CN
China
Prior art keywords
tag chip
reader
authentication
writer
authentication data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202010429977.0A
Other languages
Chinese (zh)
Other versions
CN111601308B (en
Inventor
陈强
杨骏
陈竞
凌传干
皮云霞
侯怡汝
刘力
倪隽
赵劲志
周幸
白振东
梁祖坤
陈灏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Southern Power Grid Digital Grid Technology Guangdong Co ltd
Original Assignee
Southern Power Grid Digital Grid Research Institute Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Southern Power Grid Digital Grid Research Institute Co Ltd filed Critical Southern Power Grid Digital Grid Research Institute Co Ltd
Priority to CN202010429977.0A priority Critical patent/CN111601308B/en
Publication of CN111601308A publication Critical patent/CN111601308A/en
Application granted granted Critical
Publication of CN111601308B publication Critical patent/CN111601308B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K17/00Methods or arrangements for effecting co-operative working between equipments covered by two or more of main groups G06K1/00 - G06K15/00, e.g. automatic card files incorporating conveying and reading operations
    • G06K17/0022Methods or arrangements for effecting co-operative working between equipments covered by two or more of main groups G06K1/00 - G06K15/00, e.g. automatic card files incorporating conveying and reading operations arrangements or provisious for transferring data to distant stations, e.g. from a sensing device
    • G06K17/0029Methods or arrangements for effecting co-operative working between equipments covered by two or more of main groups G06K1/00 - G06K15/00, e.g. automatic card files incorporating conveying and reading operations arrangements or provisious for transferring data to distant stations, e.g. from a sensing device the arrangement being specially adapted for wireless interrogation of grouped or bundled articles tagged with wireless record carriers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0869Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0863Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/70Reducing energy consumption in communication networks in wireless communication networks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The application relates to an authentication system and method for a tag chip, a computer device and a storage medium. The authentication data to be encrypted is acquired through the tag chip, a preset random number is generated according to a secret key and security configuration information which are sent by the reader-writer based on an EPC protocol and generated based on a national secret algorithm, the authentication data are encrypted according to the national secret algorithm and the random number, the encrypted authentication data sent by the tag chip can be acquired through the reader-writer, and bidirectional authentication and authentication are carried out on the tag chip based on the EPC protocol and the encrypted authentication data. Compared with the traditional authentication mode through the password, the scheme reads and encrypts authentication data by using the EPC protocol and the national encryption algorithm through the tag chip, and obtains the encrypted authentication data through the reader-writer and carries out bidirectional authentication, so that the safety authentication between the tag chip and the reader-writer can be realized, and the safety of the RFID tag authentication is improved.

Description

System and method for authenticating tag chip, tag chip and storage medium
Technical Field
The present application relates to the field of data security technologies, and in particular, to an authentication system and method for a tag chip, a computer device, and a storage medium.
Background
With the development of communication technology, information interaction is generally required to be performed in the interaction process of each communication device, and information transmission through the RFID technology is an important mode, and in the information transmission process through the RFID technology, the RFID tag is generally used for storing related data and reading or writing the data through a reader-writer, and data transmission is generally involved in the process, so that it is necessary to ensure the security of information transmission during information interaction between the RFID tag and the reader-writer.
Therefore, the traditional RFID tag authentication method has the defect of low safety.
Disclosure of Invention
In view of the above, it is necessary to provide an authentication system and method for a tag chip, a computer device, and a storage medium, which can improve security of RFID tag authentication.
An authentication system of a tag chip, comprising: a tag chip and a reader/writer;
the tag chip is used for acquiring authentication data to be encrypted from a radio frequency front-end circuit, acquiring a secret key and security configuration information which are sent by the reader based on an EPC protocol and are generated based on a national secret algorithm, generating a preset random number based on the secret key and the security configuration information, and encrypting the authentication data according to the national secret algorithm and the preset random number;
the reader is used for acquiring the encrypted authentication data sent by the tag chip and performing bidirectional authentication on the tag chip based on the EPC protocol and the authentication data.
In one of the embodiments, the first and second electrodes are,
the reader is further configured to send a state switching instruction to the tag chip before authentication, so as to switch the tag chip from an idle state to a single state.
In one of the embodiments, the first and second electrodes are,
the reader-writer is further configured to read the tag identification code of the tag chip based on an EPC protocol, and disperse the tag identification code according to the secret key of the reader-writer and the cryptographic algorithm to obtain the secret key of the tag chip.
In one of the embodiments, the first and second electrodes are,
the radio frequency front-end circuit is used for generating a clock signal, generating a reset signal and/or modulating or demodulating a baseband signal.
In one of the embodiments, the first and second electrodes are,
the reader-writer is further configured to send a lock instruction to the tag chip based on an EPC protocol after writing the key and the security configuration information into the tag chip based on the EPC protocol, so as to lock the key and the security configuration information of the tag chip.
In one of the embodiments, the first and second electrodes are,
and the reader-writer is further used for sending a data processing instruction to the tag chip based on the EPC protocol if the bidirectional authentication passes the bidirectional authentication so as to process the data of the protected area in the tag chip.
An authentication method of a tag chip is applied to the tag chip, and the method comprises the following steps:
acquiring authentication data to be encrypted from a radio frequency front-end circuit;
acquiring a secret key and security configuration information which are sent by a reader based on an EPC protocol and generated based on a national secret algorithm;
and generating a preset random number based on the secret key and the security configuration information, encrypting the authentication data according to the national secret algorithm and the preset random number, and sending the encrypted authentication data to a corresponding reader-writer, wherein the reader-writer is used for performing bidirectional authentication on the tag chip based on an EPC protocol and the encrypted authentication data.
A tag chip, comprising: the system comprises a radio frequency front-end circuit module, an EPC protocol processing module, a memory module, a security control module and a national encryption algorithm module;
the radio frequency front end circuit module is used for converting a radio frequency signal sent by the reader-writer into authentication data to be encrypted;
the EPC protocol processing module is used for acquiring authentication data to be encrypted from the radio frequency front-end circuit;
the memory module is used for storing a secret key and security configuration information which are sent by the reader based on an EPC protocol and are generated based on a national secret algorithm;
the security control module is used for acquiring the secret key and the security configuration information stored by the memory module and transmitting the secret key and the security configuration information to the national secret algorithm module;
the cryptographic algorithm module is used for generating a preset random number based on the secret key and the security configuration information, encrypting the authentication data according to the cryptographic algorithm and the preset random number, and sending the authentication data to the reader-writer through the EPC protocol processing module, and the reader-writer is used for performing bidirectional authentication and authentication on the tag chip based on an EPC protocol and the encrypted authentication data.
A computer device comprising a memory storing a computer program and a processor implementing the steps of the method described above when executing the computer program.
A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the steps of the above-mentioned method.
According to the authentication system, the authentication method, the tag chip, the computer equipment and the storage medium of the tag chip, authentication data to be encrypted are obtained through the tag chip, a preset random number is generated according to a secret key and security configuration information which are sent by a reader-writer based on an EPC protocol and are generated based on a national secret algorithm, the authentication data are encrypted according to the national secret algorithm and the random number, the encrypted authentication data sent by the tag chip can be obtained through the reader-writer, and bidirectional authentication and authentication are conducted on the tag chip based on the EPC protocol and the encrypted authentication data. Compared with the traditional authentication mode through the password, the scheme reads and encrypts authentication data by using the EPC protocol and the national encryption algorithm through the tag chip, and obtains the encrypted authentication data through the reader-writer and carries out bidirectional authentication, so that the safety authentication between the tag chip and the reader-writer can be realized, and the safety of the RFID tag authentication is improved.
Drawings
FIG. 1 is a schematic diagram of an authentication system of a tag chip according to an embodiment;
FIG. 2 is a flowchart illustrating the key obtaining step of the reader/writer according to an embodiment;
FIG. 3 is a flowchart illustrating the authentication procedure of the reader/writer according to an embodiment;
FIG. 4 is a flowchart illustrating an authentication method of a tag chip according to an embodiment;
FIG. 5 is a block diagram of the structure of a tag chip in one embodiment;
FIG. 6 is a diagram illustrating an internal structure of a computer device according to an embodiment.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the present application and are not intended to limit the present application.
In one embodiment, as shown in fig. 1, an authentication system of a tag chip is provided, which may be implemented by providing two devices, and specifically, the system may include: a tag chip 102 and a reader/writer 104. The tag chip 102 and the reader/writer 104 may be located at different positions in the authentication system of the tag chip, the number of the tag chips 102 may be set according to actual conditions, and the functions of the tag chip 102 and the reader/writer 104 may not be limited to the functions described in the specification, that is, the tag chip 102 and the reader/writer 104 may also be used to implement other functions. The authentication system of the tag chip may include the following details:
the tag chip 102 is configured to obtain authentication data to be encrypted from the radio frequency front-end circuit, obtain a secret key and security configuration information, which are sent by the reader based on an EPC (evolved packet core) protocol and are generated based on a national secret algorithm, generate a preset random number based on the secret key and the security configuration information, and encrypt the authentication data according to the national secret algorithm and the preset random number;
the tag chip 102 may be an EPC protocol tag chip conforming to the national cryptographic specification, and the instructions supported by the tag chip 102 are mandatory instructions or optional instructions of the EPC protocol, which may implement data communication based on the RFID technology. The rf front-end circuit may be part of a communication system between an antenna and intermediate frequency or baseband circuitry, in which section signals may be transmitted in rf form, and for a wireless receiver, the rf front-end typically includes: amplifiers, filters, frequency converters and some rf connections and matching circuits; the radio frequency front-end circuit may further include an antenna switch, a duplexer, a low noise amplifier, and the like. The rf front-end circuit may include a transmitting path and a receiving path, and devices of the transmitting path may include a power amplifier, a filter, and the like, and devices of the receiving path may include low noise amplifier, a filter, and the like, including indexes such as gain, sensitivity, and rf receiving bandwidth, so as to ensure that useful rf signals can be completely picked up from space and transmitted to a frequency conversion, intermediate frequency amplification, and the like circuit of a subsequent stage without distortion. Specifically, the rf front-end circuit may be responsible for a circuit that converts energy of an rf signal, generates a clock and a reset signal, and modulates and demodulates a baseband signal, a receiving path in the rf signal may be used to receive related data information sent by the reader/writer 104, a transmitting path in the rf signal may be used to send related data information to the reader/writer 104, thereby implementing data transmission and information exchange between the tag chip 102 and the reader/writer 104, and the communication between the tag chip 102 and the reader/writer 104 may include the authentication data. The authentication data acquired by the tag chip 102 may be data to be encrypted, the authentication data may be authentication data to be encrypted generated by the tag chip 102, the authentication data may be related data for performing bidirectional authentication with the reader/writer 104 after being encrypted, and the authentication data may include the predetermined random number, so as to increase security of the authentication data.
In addition, in one embodiment, the rf front-end circuit may be configured to generate a clock signal, a reset signal, and a baseband signal. Wherein the clock signal may be a signal for ensuring that components in the tag chip 102 operate synchronously; the reset signal may be a reset signal that is sent to a specific interface of the tag chip 102 to restore the operation of the software to a specific program segment operation when the program runs away or jumps during the operation of the tag chip 102, and this process may be referred to as a reset; the modulation of the baseband signal may be a process of converting very low frequency spectral components, which are not suitable for direct transmission in the channel, into high frequency signals, which are band-suitable for transmission in the channel, and the demodulation may be a process of recovering the original baseband signal from a parametric variation of the modulated signal. Through the embodiment, the tag chip 102 can perform functions such as clock, reset, modulation and demodulation through the radio frequency front end circuit, and the information transmission efficiency of the tag chip 102 in the authentication process can be improved.
The EPC protocol can be an ISO/IEC 18000-6C protocol, namely an ultrahigh frequency band communication protocol, and compared with other ultrahigh frequency band communication protocols, the EPC protocol has the advantages of mature and complete protocol, complete functions, international universality and the like, and the early version of the EPC protocol mainly emphasizes the identification function of the RFID tag and only has a password protection function in the aspect of data protection. With the widespread application of RFID technology, data security is receiving more and more attention, and the latest version of EPC protocol also adds a security function based on a cryptographic algorithm as an option. The tag chip 102 and the reader/writer 104 may implement authentication and data transmission processes through various EPC-based protocol commands. The national cryptographic algorithm can be a national commercial cryptographic standard, and in order to guarantee the security of the commercial cryptographic, a series of cryptographic standards are established by the national commercial cryptographic management office, including SM1, SM2, SM3, SM4, SM7, SM9, Zhangchong cryptographic algorithm and the like. Wherein, the SM1, SM4, SM7 and ZUZUChong passwords are symmetric algorithms; SM2, SM9 are asymmetric algorithms; SM3 is a hashing algorithm. The key may be a key generated according to the cryptographic algorithm and transmitted by the reader 104 based on the EPC protocol, the key may be used to implement mutual authentication between the tag chip 102 and the reader 104, and the security configuration information may be security configuration information transmitted by the reader 104 based on the EPC protocol.
The tag chip 102 may obtain authentication data to be encrypted from the radio frequency front end circuit, and obtain a secret key and security configuration information that are sent by the reader/writer 104 based on an EPC protocol, where the secret key may be a secret key that is generated by the reader/writer 104 based on the cryptographic algorithm, and the tag chip 102 may generate a preset random number based on the secret key and the security configuration information, and may encrypt the authentication data through the cryptographic algorithm and the random number to obtain encrypted authentication data, where the encrypted authentication data may include the preset random number, and send the encrypted authentication data to the reader/writer 104.
The reader/writer 104 is configured to acquire the encrypted authentication data sent by the tag chip 102, and perform bidirectional authentication on the tag chip 102 based on the EPC protocol and the authentication data.
The reader/writer 104 may be a device capable of reading and writing data from and into the tag chip 102, and needs to perform bidirectional authentication with the tag chip 102 before reading and writing data from and into the tag chip 102. The authentication data may be encrypted authentication data sent by the tag chip 102, and the encrypted authentication data may be data that the tag chip 102 sends to the reader/writer 104 through the rf front-end circuit and may be used for bidirectional authentication between the reader/writer 104 and the tag chip 102, and specifically, the reader/writer 104 may perform bidirectional authentication on the tag chip 102 based on the received encrypted authentication data by using a preset authentication instruction in the EPC protocol.
In the above embodiment, the tag chip obtains the authentication data to be encrypted, generates the preset random number according to the secret key and the security configuration information, which are sent by the reader based on the EPC protocol and are generated based on the national secret algorithm, and encrypts the authentication data according to the national secret algorithm and the random number, and can also obtain the encrypted authentication data sent by the tag chip through the reader, and perform bidirectional authentication and authentication on the tag chip based on the EPC protocol and the encrypted authentication data. Compared with the traditional authentication mode through the password, the scheme reads and encrypts authentication data by using the EPC protocol and the national encryption algorithm through the tag chip, and obtains the encrypted authentication data through the reader-writer and carries out bidirectional authentication, so that the safety authentication between the tag chip and the reader-writer can be realized, and the safety of the RFID tag authentication is improved.
In one embodiment, the reader/writer 104 is further configured to send a state switching instruction to the tag chip 102 to switch the tag chip 102 from the idle state to the singulation state before authentication.
In this embodiment, the tag chip 102 may include two different states, an idle state and a single state, where the idle state may be a state when the tag chip 102 does not need to perform bidirectional authentication or data transmission with the reader/writer 104; the singulation state may be a state where the tag chip 102 is located when the tag chip 102 needs to perform mutual authentication or data transmission with the reader/writer 104. Specifically, the reader 104 may switch the tag chips 102 from the idle state to the single state through a multi-tag anti-collision algorithm, which is mainly classified into three categories: aloha-based algorithms, also known as stochastic algorithms; tree-based algorithms, also known as deterministic algorithms; hybrid algorithm, an algorithm that is generated by combining an Aloha-based algorithm and a tree-based algorithm. In the antenna action range of the reader 104 of the RFID application system, a plurality of tags often exist at the same time, when the reader sends out an inquiry command, a plurality of tag chips 102 often respond at the same time, and the response information collides on a shared wireless channel, so that the response signal is difficult to be recognized by the reader 104, and thus the multi-tag chips 102 collide, the reader 104 should distinguish the collided tags for completing the identification of all the tag chips 102, and then communicate with the tags one by one, and an algorithm used by the reader 104 for completing the work can be called a multi-tag anti-collision algorithm.
Through the embodiment, the reader/writer 104 can convert the tag chips 102 from the idle state to the single state during authentication, so that identification collision among a plurality of tag chips 102 can be avoided, and the authentication efficiency of the tag chips 102 and the reader/writer 104 is improved.
In an embodiment, the reader 104 is further configured to read the tag identification code of the tag chip 102 based on the EPC protocol, and disperse the tag identification code according to the secret key of the reader 104 and the cryptographic algorithm, so as to obtain the secret key of the tag chip 102.
In this embodiment, the tag identification code may be an identification code for identifying the identity of the tag chip 102, and may also be referred to as a TID code. The key may be the key of the reader/writer 104 itself, and the key of the reader/writer 104 may be used to generate the key of the tag chip 102. Specifically, the EPC protocol may include a plurality of instructions, and reader 104 may Read the TID code of tag chip 102 using a Read instruction specified by the EPC protocol when tag chip 102 is in a singulated state, and may obtain the key of tag chip 102 by using the cryptographic algorithm, for example, cryptographic SM4 algorithm, and dispersing the key by using the cryptographic algorithm. The SM4 algorithm can be a grouping algorithm used for wireless local area network products, the grouping length of the algorithm is 128 bits, the key length is 128 bits, the encryption algorithm and the key expansion algorithm both adopt 32-round nonlinear iteration structures, the decryption algorithm and the encryption algorithm have the same structure, but the use sequence of round keys is opposite, and the decryption round keys are the reverse sequence of the encryption round keys. The algorithm adopts a nonlinear iteration structure, each iteration is given by a round function, wherein the round function is formed by compounding a nonlinear transformation and a linear transformation, the nonlinear transformation is given by an S box, rki is a round key, and a synthetic permutation T forms the round function.
Through the embodiment, the reader/writer 104 may generate the key required by the tag chip 102 through the EPC protocol and the national cryptographic algorithm, so that the key meets the requirement of the national cryptographic algorithm, and the authentication security between the tag chip 102 and the reader/writer 104 is improved.
In one embodiment, the reader 104 is further configured to send a lock instruction to the tag chip 102 based on the EPC protocol after writing the key and the security configuration information to the tag chip 102 based on the EPC protocol, so as to lock the key and the security configuration information of the tag chip.
In this embodiment, the reader/writer 104 may write the key and the security configuration information of the tag chip 102 into the tag chip 102 based on the related instructions in the EPC protocol, and may also lock the information into the tag chip 102. Specifically, as shown in fig. 2, fig. 2 is a schematic flow chart illustrating a step of obtaining a key by a reader/writer in an embodiment. The reader/writer 104 may switch the tag chip from the idle state to the singulated state by using a multi-tag anti-collision algorithm, may Read the TID code in the tag chip 102 by using a Read instruction specified by the EPC protocol, and may obtain the key of the tag chip 102 by dispersing the key of the reader/writer 104 and the SM4 algorithm, and the reader/writer 104 may Write the key of the tag chip 102 into the memory unit of the tag chip by using a Write instruction specified by the EPC protocol, may Write the security configuration information into the memory unit of the tag chip 102 by using a Write instruction also specified by the EPC protocol, and finally, the reader/writer 104 may Lock the key and the security configuration information stored in the tag chip 102 by using a Lock instruction specified by the EPC protocol.
Through the embodiment, the reader 104 can lock and store the key and the security configuration information conforming to the national encryption algorithm into the tag chip 102 through an instruction of an EPC protocol, so that the security of authentication between the tag chip 102 and the reader 104 is improved.
In an embodiment, the reader 104 is further configured to send a data processing instruction to the tag chip based on an EPC protocol if the bidirectional authentication is passed, so as to process data of a protected area in the tag chip 102.
In this embodiment, the bidirectional authentication may be performed when the reader/writer 104 passes authentication on the encrypted authentication data acquired from the tag chip 102, and the tag chip 102 and the reader/writer 104 may be considered to pass the bidirectional authentication, and when the reader/writer 104 and the tag chip 102 pass the bidirectional authentication, the reader/writer 104 may process data in a protected area in the tag chip 102 based on an EPC protocol. Specifically, as shown in fig. 3, fig. 3 is a schematic flowchart of the reader/writer authentication step in one embodiment. The reader/writer 104 may first switch the tag chip 102 from the idle state to the singulated state through the multi-tag anti-collision algorithm, then Read a TID code, i.e., a tag identification code, in the tag chip using a Read instruction specified by the EPC protocol, apply a key of the reader/writer 104 itself, and obtain a key of the tag chip 102 according to the SM4 algorithm in a dispersed manner, and then the reader/writer 104 may perform bidirectional authentication conforming to the national password with the tag chip 102 using the key, and after the bidirectional authentication is passed, the reader/writer 104 may obtain the Read/Write permission of the tag chip 102, and may perform Read/Write operation on a protected data area in the tag chip 102 using Read and Write instructions specified by the EPC protocol.
With the present embodiment, the reader/writer 104 can perform read/write operation on the data in the tag chip 102 only after passing the bidirectional authentication based on the cryptographic algorithm, thereby improving the data security of the tag chip 102.
The authentication method of the tag chip provided by the application can be applied to the system shown in fig. 1.
In one embodiment, as shown in fig. 4, an authentication method for a tag chip is provided, which is described by taking the method as an example applied to the tag chip in fig. 1, and includes the following steps:
step S202, the authentication data to be encrypted is acquired from the rf front-end circuit.
The rf front-end circuit may be a part between an antenna and an intermediate frequency or baseband circuit in a communication system, in which a signal may be transmitted in an rf form, and for a wireless receiver, the rf front-end generally includes: amplifiers, filters, frequency converters and some rf connections and matching circuits; the radio frequency front-end circuit may further include an antenna switch, a duplexer, a low noise amplifier, and the like. The rf front-end circuit may include a transmitting path and a receiving path, and devices of the transmitting path may include a power amplifier, a filter, and the like, and devices of the receiving path may include low noise amplifier, a filter, and the like, including indexes such as gain, sensitivity, and rf receiving bandwidth, so as to ensure that useful rf signals can be completely picked up from space and transmitted to a frequency conversion, intermediate frequency amplification, and the like circuit of a subsequent stage without distortion. Specifically, the rf front-end circuit may be responsible for a circuit that converts energy of an rf signal, generates a clock and a reset signal, and modulates and demodulates a baseband signal, a receiving path in the rf signal may be used to receive related data information sent by the reader/writer 104, a transmitting path in the rf signal may be used to send related data information to the reader/writer 104, thereby implementing data transmission and information exchange between the tag chip 102 and the reader/writer 104, and the communication between the tag chip 102 and the reader/writer 104 may include the authentication data. The authentication data acquired by the tag chip 102 may be authentication data to be encrypted.
Step S204, a secret key and security configuration information generated based on the cryptographic algorithm and transmitted by the reader/writer 104 based on the EPC protocol are acquired.
The EPC protocol can be an ISO/IEC 18000-6C protocol, namely an ultrahigh frequency band communication protocol, and compared with other ultrahigh frequency band communication protocols, the EPC protocol has the advantages of mature and complete protocol, complete functions, international universality and the like, and the early version of the EPC protocol mainly emphasizes the identification function of the RFID tag and only has a password protection function in the aspect of data protection. With the widespread application of RFID technology, data security is receiving more and more attention, and the latest version of EPC protocol also adds a security function based on a cryptographic algorithm as an option. The tag chip 102 and the reader/writer 104 may implement authentication and data transmission processes through various EPC-based protocol commands. The national cryptographic algorithm can be a national commercial cryptographic standard, and in order to guarantee the security of the commercial cryptographic, a series of cryptographic standards are established by the national commercial cryptographic management office, including SM1, SM2, SM3, SM4, SM7, SM9, Zhangchong cryptographic algorithm and the like. Wherein, the SM1, SM4, SM7 and ZUZUChong passwords are symmetric algorithms; SM2, SM9 are asymmetric algorithms; SM3 is a hashing algorithm. The key may be a key generated according to the cryptographic algorithm and transmitted by the reader 104 based on the EPC protocol, the key may be used to implement mutual authentication between the tag chip 102 and the reader 104, and the security configuration information may be security configuration information transmitted by the reader 104 based on the EPC protocol. The reader/writer 104 can Write the key and the security configuration information into the tag chip 102 by Write command of EPC protocol.
Step S206, a preset random number is generated based on the secret key and the security configuration information, the authentication data is encrypted according to the national secret algorithm and the preset random number and is sent to the corresponding reader/writer 104, and the reader/writer 104 is configured to perform bidirectional authentication and authentication on the tag chip based on the EPC protocol and the encrypted authentication data.
The tag chip 102 may obtain authentication data to be encrypted from the radio frequency front end circuit, and obtain a secret key and security configuration information that are sent by the reader/writer 104 based on an EPC protocol, where the secret key may be a secret key that is generated by the reader/writer 104 based on the cryptographic algorithm, and the tag chip 102 may generate a preset random number based on the secret key and the security configuration information, and may encrypt the authentication data through the cryptographic algorithm and the random number to obtain encrypted authentication data, where the encrypted authentication data may include the preset random number, and send the encrypted authentication data to the reader/writer 104. The reader/writer 104 may be a device that can read and write data from and to the tag chip 102, and needs to perform mutual authentication with the tag chip 102 before reading and writing data from and to the tag chip 102. The reader/writer 104 may perform bidirectional authentication on the tag chip 102 based on the received encrypted authentication data by using a preset authentication command in the EPC protocol.
In the authentication method of the tag chip, authentication data to be encrypted is obtained through the tag chip, a preset random number is generated according to a secret key and security configuration information which are sent by a reader-writer based on an EPC protocol and generated based on a national secret algorithm, the authentication data are encrypted according to the national secret algorithm and the random number, the encrypted authentication data sent by the tag chip can be obtained through the reader-writer, and bidirectional authentication and authentication are carried out on the tag chip based on the EPC protocol and the encrypted authentication data. Compared with the traditional authentication mode through the password, the scheme reads and encrypts authentication data by using the EPC protocol and the national encryption algorithm through the tag chip, and obtains the encrypted authentication data through the reader-writer and carries out bidirectional authentication, so that the safety authentication between the tag chip and the reader-writer can be realized, and the safety of the RFID tag authentication is improved.
It should be understood that although the various steps in the flowcharts of fig. 2-4 are shown in order as indicated by the arrows, the steps are not necessarily performed in order as indicated by the arrows. The steps are not performed in the exact order shown and described, and may be performed in other orders, unless explicitly stated otherwise. Moreover, at least some of the steps in fig. 2-4 may include multiple steps or multiple stages, which are not necessarily performed at the same time, but may be performed at different times, which are not necessarily performed in sequence, but may be performed in turn or alternately with other steps or at least some of the other steps or stages.
In one embodiment, as shown in fig. 5, there is provided a tag chip including: a radio frequency front end circuit module 502, an EPC protocol processing module 504, a memory module 506, a security control module 508 and a cryptographic algorithm module 510, wherein:
the rf front-end circuit module 502 is configured to convert an rf signal sent by the reader into authentication data to be encrypted.
An EPC protocol processing module 504 is configured to obtain authentication data to be encrypted from the radio frequency front end circuit.
A memory module 506, configured to store the key and the security configuration information, which are generated based on the cryptographic algorithm and sent by the reader 104 based on the EPC protocol.
A security control module 508 for obtaining the key and security configuration information stored by the memory module 506 and transmitting to a cryptographic algorithm module 510.
The cryptographic algorithm module 510 is configured to generate a preset random number based on the secret key and the security configuration information, encrypt the authentication data according to the cryptographic algorithm and the preset random number, and send the encrypted authentication data to the reader 104 through the EPC protocol processing module, where the reader 104 is configured to perform bidirectional authentication and authentication on the tag chip 102 based on the EPC protocol and the encrypted authentication data.
In one embodiment, the rf front-end circuit module 502 may further be configured to generate a clock signal, and/or generate a reset signal, and/or modulate or demodulate a baseband signal.
In an embodiment, the EPC protocol processing module 504 may be further configured to parse, process, and return data of the EPC protocol command of the reader/writer 104.
In one embodiment, the security control module 508 is specifically configured to read the secret key in the memory module 506 and transmit the secret key to the cryptographic algorithm module 510, generate a random number, convert the original instruction data generated by the EPC protocol processing module into a plaintext or ciphertext input of the cryptographic algorithm module 510, and convert the ciphertext or plaintext output of the cryptographic algorithm module 510 into return data required by the EPC protocol processing module 504.
In one embodiment, the cryptographic algorithm module 510 is further configured to perform a plaintext and ciphertext transformation with the key.
For the specific definition of the tag chip, reference may be made to the above definition of the authentication method of the tag chip, which is not described herein again. The modules in the tag chip can be implemented in whole or in part by software, hardware and a combination thereof. The modules can be embedded in a hardware form or independent of a processor in the tag chip, and can also be stored in a memory in the tag chip in a software form, so that the processor can call and execute operations corresponding to the modules.
In one embodiment, a computer device is provided, which may be a processor of a tag chip, and its internal structure diagram may be as shown in fig. 6. The computer device includes a processor, a memory, and a network interface connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device comprises a nonvolatile storage medium and an internal memory. The non-volatile storage medium stores an operating system, a computer program, and a database. The internal memory provides an environment for the operation of an operating system and computer programs in the non-volatile storage medium. The database of the computer device is used for storing authentication data. The network interface of the computer device is used for communicating with an external terminal through a network connection. The computer program is executed by a processor to implement a method of authentication of a tag chip.
Those skilled in the art will appreciate that the architecture shown in fig. 6 is merely a block diagram of some of the structures associated with the disclosed aspects and is not intended to limit the computing devices to which the disclosed aspects apply, as particular computing devices may include more or less components than those shown, or may combine certain components, or have a different arrangement of components.
In one embodiment, a computer device is provided, which includes a memory and a processor, wherein the memory stores a computer program, and the processor implements the authentication method of the tag chip described above when executing the computer program.
In one embodiment, a computer-readable storage medium is provided, on which a computer program is stored, which, when being executed by a processor, implements the authentication method of the tag chip described above.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by hardware instructions of a computer program, which can be stored in a non-volatile computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. Any reference to memory, storage, database or other medium used in the embodiments provided herein can include at least one of non-volatile and volatile memory. Non-volatile Memory may include Read-Only Memory (ROM), magnetic tape, floppy disk, flash Memory, optical storage, or the like. Volatile Memory can include Random Access Memory (RAM) or external cache Memory. By way of illustration and not limitation, RAM can take many forms, such as Static Random Access Memory (SRAM) or Dynamic Random Access Memory (DRAM), among others.
The technical features of the above embodiments can be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the above embodiments are not described, but should be considered as the scope of the present specification as long as there is no contradiction between the combinations of the technical features.
The above-mentioned embodiments only express several embodiments of the present application, and the description thereof is more specific and detailed, but not construed as limiting the scope of the invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the concept of the present application, which falls within the scope of protection of the present application. Therefore, the protection scope of the present patent shall be subject to the appended claims.

Claims (10)

1. An authentication system of a tag chip, comprising: a tag chip and a reader/writer;
the tag chip is used for acquiring authentication data to be encrypted from a radio frequency front-end circuit, acquiring a secret key and security configuration information which are sent by the reader based on an EPC protocol and are generated based on a national secret algorithm, generating a preset random number based on the secret key and the security configuration information, and encrypting the authentication data according to the national secret algorithm and the preset random number;
the reader is used for acquiring the encrypted authentication data sent by the tag chip and performing bidirectional authentication on the tag chip based on the EPC protocol and the authentication data.
2. The system of claim 1,
the reader is further configured to send a state switching instruction to the tag chip before authentication, so as to switch the tag chip from an idle state to a single state.
3. The system of claim 1,
the reader-writer is further configured to read the tag identification code of the tag chip based on an EPC protocol, and disperse the tag identification code according to the secret key of the reader-writer and the cryptographic algorithm to obtain the secret key of the tag chip.
4. The system of claim 1,
the radio frequency front-end circuit is used for generating a clock signal, generating a reset signal and/or modulating or demodulating a baseband signal.
5. The system of claim 1,
the reader-writer is further configured to send a lock instruction to the tag chip based on an EPC protocol after writing the key and the security configuration information into the tag chip based on the EPC protocol, so as to lock the key and the security configuration information of the tag chip.
6. The system of claim 1,
and the reader-writer is further used for sending a data processing instruction to the tag chip based on the EPC protocol if the bidirectional authentication passes the bidirectional authentication so as to process the data of the protected area in the tag chip.
7. An authentication method of a tag chip, which is applied to the tag chip, the method comprising:
acquiring authentication data to be encrypted from a radio frequency front-end circuit;
acquiring a secret key and security configuration information which are sent by a reader based on an EPC protocol and generated based on a national secret algorithm;
and generating a preset random number based on the secret key and the security configuration information, encrypting the authentication data according to the national secret algorithm and the preset random number, and sending the encrypted authentication data to a corresponding reader-writer, wherein the reader-writer is used for performing bidirectional authentication on the tag chip based on an EPC protocol and the encrypted authentication data.
8. A tag chip, comprising: the system comprises a radio frequency front-end circuit module, an EPC protocol processing module, a memory module, a security control module and a national encryption algorithm module;
the radio frequency front end circuit module is used for converting a radio frequency signal sent by the reader-writer into authentication data to be encrypted;
the EPC protocol processing module is used for acquiring authentication data to be encrypted from the radio frequency front-end circuit;
the memory module is used for storing a secret key and security configuration information which are sent by the reader based on an EPC protocol and are generated based on a national secret algorithm;
the security control module is used for acquiring the secret key and the security configuration information stored by the memory module and transmitting the secret key and the security configuration information to the national secret algorithm module;
the cryptographic algorithm module is used for generating a preset random number based on the secret key and the security configuration information, encrypting the authentication data according to the cryptographic algorithm and the preset random number, and sending the authentication data to the reader-writer through the EPC protocol processing module, and the reader-writer is used for performing bidirectional authentication and authentication on the tag chip based on an EPC protocol and the encrypted authentication data.
9. A computer device comprising a memory and a processor, the memory storing a computer program, characterized in that the processor realizes the steps of the method of claim 7 when executing the computer program.
10. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the method as claimed in claim 7.
CN202010429977.0A 2020-05-19 2020-05-19 Authentication system and method for tag chip, tag chip and storage medium Active CN111601308B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010429977.0A CN111601308B (en) 2020-05-19 2020-05-19 Authentication system and method for tag chip, tag chip and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010429977.0A CN111601308B (en) 2020-05-19 2020-05-19 Authentication system and method for tag chip, tag chip and storage medium

Publications (2)

Publication Number Publication Date
CN111601308A true CN111601308A (en) 2020-08-28
CN111601308B CN111601308B (en) 2023-08-08

Family

ID=72190492

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010429977.0A Active CN111601308B (en) 2020-05-19 2020-05-19 Authentication system and method for tag chip, tag chip and storage medium

Country Status (1)

Country Link
CN (1) CN111601308B (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112260837A (en) * 2020-09-30 2021-01-22 中国航天系统科学与工程研究院 RFID (radio frequency identification) security interaction authentication system and method based on SM7 cryptographic algorithm
CN113468563A (en) * 2021-06-24 2021-10-01 曙光信息产业股份有限公司 Virtual machine data encryption method and device, computer equipment and storage medium
CN114298071A (en) * 2021-12-29 2022-04-08 中国电信股份有限公司 Data processing method and device, radio frequency electronic tag and radio frequency identification system
CN117062037A (en) * 2023-10-11 2023-11-14 长沙盈芯半导体科技有限公司 RFID tag data processing method, device, base station, computer equipment and medium

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2006172040A (en) * 2004-12-15 2006-06-29 Hitachi Information Systems Ltd Rfid authentication system, rfid authentication method and program therefor
US20100001840A1 (en) * 2008-07-07 2010-01-07 You Sung Kang Method and system for authenticating rfid tag
CN101847199A (en) * 2009-03-24 2010-09-29 复旦大学 Security authentication method for radio frequency recognition system
CN102375960A (en) * 2010-08-12 2012-03-14 中兴通讯股份有限公司 Method and system for identifying radio frequency identification (RFID) tags
CN102479334A (en) * 2010-11-23 2012-05-30 天津中兴软件有限责任公司 RFID (radio frequency identification) tag identification method
CN102968647A (en) * 2011-08-31 2013-03-13 北京中电华大电子设计有限责任公司 Reader-writer authentication and label authentication password distributing method and device
CN103078744A (en) * 2013-01-25 2013-05-01 西安电子科技大学 Public key-based bidirectional radio frequency identification authorization method
CN105530263A (en) * 2016-01-08 2016-04-27 广东工业大学 Ultra-lightweight RFID bidirectional authentication method based on label ID
CN106712962A (en) * 2016-12-23 2017-05-24 西安电子科技大学 Mobile RFID system bidirectional authentication method and system
CN108616531A (en) * 2018-04-26 2018-10-02 深圳市盛路物联通讯技术有限公司 A kind of radiofrequency signal safety communicating method and system

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2006172040A (en) * 2004-12-15 2006-06-29 Hitachi Information Systems Ltd Rfid authentication system, rfid authentication method and program therefor
US20100001840A1 (en) * 2008-07-07 2010-01-07 You Sung Kang Method and system for authenticating rfid tag
CN101847199A (en) * 2009-03-24 2010-09-29 复旦大学 Security authentication method for radio frequency recognition system
CN102375960A (en) * 2010-08-12 2012-03-14 中兴通讯股份有限公司 Method and system for identifying radio frequency identification (RFID) tags
CN102479334A (en) * 2010-11-23 2012-05-30 天津中兴软件有限责任公司 RFID (radio frequency identification) tag identification method
CN102968647A (en) * 2011-08-31 2013-03-13 北京中电华大电子设计有限责任公司 Reader-writer authentication and label authentication password distributing method and device
CN103078744A (en) * 2013-01-25 2013-05-01 西安电子科技大学 Public key-based bidirectional radio frequency identification authorization method
CN105530263A (en) * 2016-01-08 2016-04-27 广东工业大学 Ultra-lightweight RFID bidirectional authentication method based on label ID
CN106712962A (en) * 2016-12-23 2017-05-24 西安电子科技大学 Mobile RFID system bidirectional authentication method and system
CN108616531A (en) * 2018-04-26 2018-10-02 深圳市盛路物联通讯技术有限公司 A kind of radiofrequency signal safety communicating method and system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
张晶晶等: "EPC编码标签的RFID系统密钥无线生成", 《计算机工程与应用》 *

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112260837A (en) * 2020-09-30 2021-01-22 中国航天系统科学与工程研究院 RFID (radio frequency identification) security interaction authentication system and method based on SM7 cryptographic algorithm
CN112260837B (en) * 2020-09-30 2023-12-12 中国航天系统科学与工程研究院 RFID (radio frequency identification) security interaction authentication system and method based on SM7 cryptographic algorithm
CN113468563A (en) * 2021-06-24 2021-10-01 曙光信息产业股份有限公司 Virtual machine data encryption method and device, computer equipment and storage medium
CN114298071A (en) * 2021-12-29 2022-04-08 中国电信股份有限公司 Data processing method and device, radio frequency electronic tag and radio frequency identification system
CN117062037A (en) * 2023-10-11 2023-11-14 长沙盈芯半导体科技有限公司 RFID tag data processing method, device, base station, computer equipment and medium
CN117062037B (en) * 2023-10-11 2023-12-29 长沙盈芯半导体科技有限公司 RFID tag data processing method, device, base station, computer equipment and medium

Also Published As

Publication number Publication date
CN111601308B (en) 2023-08-08

Similar Documents

Publication Publication Date Title
CN111601308B (en) Authentication system and method for tag chip, tag chip and storage medium
US7245213B1 (en) RFID readers and RFID tags exchanging encrypted password
Feldhofer An authentication protocol in a security layer for RFID smart tags
EP2038807B1 (en) Method, rfid reader, rfid tag and rfid system for secure communication
US20100277287A1 (en) Communication data protection method based on symmetric key encryption in rfid system, and apparatus for enabling the method
US8907766B2 (en) Method and system for secure communication
Engels et al. Ultra-lightweight cryptography for low-cost RFID tags: Hummingbird algorithm and protocol
WO2021012651A1 (en) Rfid device, and information processing method based on same
Sakai et al. Dynamic bit encoding for privacy protection against correlation attacks in RFID backward channel
CN101470795B (en) Communication method and apparatus in wireless radio frequency recognition system
Korak et al. On the power of active relay attacks using custom-made proxies
CN105426799A (en) UHF reader based on safety module and safety certificate method thereof
KR100817222B1 (en) Method for encrypting/decrypting electronic product code and rfid system using the same
US20180176716A1 (en) Dynamic secure messaging
Yu et al. XTEA encryption based novel RFID security protocol
CN110650019B (en) RFID authentication method and system based on PUF and security sketch
CN101908024A (en) Encrypting method, device and hard disk
CN113988103B (en) RFID identification method based on multiple tags
CN111046413B (en) RFID communication method and system
Kang et al. Comments on an Improved RFID Security Protocol for ISO/IEC WD 29167‐6
US20160226665A1 (en) Method for authentication of an object by a device capable of mutual contactless communication, corresponding system and object
Xiao et al. Design of a UHF RFID tag baseband with the hummingbird cryptographic engine
CN218416686U (en) Digital project historical data query device
Jadoon et al. HB-protocol based advance security system for PKES using multiple antennas
WO2024021060A1 (en) Authentication method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information
CB02 Change of applicant information

Address after: Room 86, room 406, No.1, Yichuang street, Zhongxin Guangzhou Knowledge City, Huangpu District, Guangzhou City, Guangdong Province

Applicant after: Southern Power Grid Digital Grid Research Institute Co.,Ltd.

Address before: 511458 Room 1301, Chengtou Building, 106 Fengze East Road, Nansha District, Guangzhou City, Guangdong Province (self-compiled 1301-12159)

Applicant before: Southern Power Grid Digital Grid Research Institute Co.,Ltd.

TA01 Transfer of patent application right
TA01 Transfer of patent application right

Effective date of registration: 20230424

Address after: Full Floor 14, Unit 3, Building 2, No. 11, Middle Spectra Road, Huangpu District, Guangzhou, Guangdong 510700

Applicant after: China Southern Power Grid Digital Grid Technology (Guangdong) Co.,Ltd.

Address before: Room 86, room 406, No.1, Yichuang street, Zhongxin Guangzhou Knowledge City, Huangpu District, Guangzhou City, Guangdong Province

Applicant before: Southern Power Grid Digital Grid Research Institute Co.,Ltd.

GR01 Patent grant
GR01 Patent grant