CN101847199A - Security authentication method for radio frequency recognition system - Google Patents

Security authentication method for radio frequency recognition system Download PDF

Info

Publication number
CN101847199A
CN101847199A CN200910048154A CN200910048154A CN101847199A CN 101847199 A CN101847199 A CN 101847199A CN 200910048154 A CN200910048154 A CN 200910048154A CN 200910048154 A CN200910048154 A CN 200910048154A CN 101847199 A CN101847199 A CN 101847199A
Authority
CN
China
Prior art keywords
write line
label
read write
key
authentication
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN200910048154A
Other languages
Chinese (zh)
Other versions
CN101847199B (en
Inventor
王俊宇
刘丹
谭杰
杨玉庆
闵昊
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Fudan University
Original Assignee
Fudan University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Fudan University filed Critical Fudan University
Priority to CN2009100481547A priority Critical patent/CN101847199B/en
Publication of CN101847199A publication Critical patent/CN101847199A/en
Application granted granted Critical
Publication of CN101847199B publication Critical patent/CN101847199B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Abstract

The invention discloses a security authentication method for a radio frequency recognition system, which comprises the following steps of: searching an authentication key through an initial ID of an identifier; performing identifier authentication and reader authentication, and after the identifier and the reader pass the authentication, generating a key for data communication; and using the communication key in subsequent communication, and updating the authentication key of the identifier in real time by a security authentication flow during next communication. The method improves the security of the RFID system by updating the authentication key of the identifier in real time and transmitting information in an encrypted mode and other means, fully ensures the forward security of the authentication key, makes attackers incapable of calculating a key adopted by the previous communication from the currently acquired key, is suitable for any RFID communication protocol and can improve the key search efficiency.

Description

The safety certifying method that is used for radio-frequency recognition system
Technical field
The invention belongs to the REID field, relate to a kind of safety certifying method of radio-frequency recognition system, relate in particular to a kind of communication protocol and safety certifying method of radio-frequency recognition system.
Background technology
Radio-frequency (RF) identification (RFID) is a kind of automatic identification technology that carries out the noncontact two-way communication by electromagnetic wave.The ultimate system of radio-frequency (RF) identification comprises electronic tag (hereinafter to be referred as label) and read write line.Twentieth century nineties, RF I D technology begins to be widely used in transportation card, and the gate inhibition such as blocks at the field.In recent years, the RFID technology constantly appears at various new applications, commodity counterfeit prevention for example, and E-Passport, car key, the care of animal, taking care of books, supply chain management and Olympic Games ticket etc., even have the people to advise implant into body with RFID.
Undoubtedly, applying of RFID technology makes human life become convenient, but also more and more causes that people are to the safety brought thus and the concern of privacy concern simultaneously.Unsafe rfid system threatens individual privacy except meeting, also can cause the leakage of incorporation's sensitive information.The safety problem of rfid system relates to each links such as background system, middleware, read write line and electronic tag, but, therefore electronics becomes the weakest and the easiest link under attack in the rfid system because cost is limit, and the resource that can be used in Safety Design is minimum.The common attack means that face between read write line and the label in the rfid system mainly comprise: physical attacks, forge clone, unauthorized access, eavesdropping, tracking and denial of service etc.International Industry circle and academia have launched research to the safe privacy concern of rfid system, many solutions have been proposed, roughly can be divided into two classes: a class safety approach is based on the safety approach of non-cryptographic algorithm, for example, make the method for Void Label and use " blocker " label block assailant etc. by " kill " instruction.Adopt non-cryptographic method simple, but security performance is unreliable, can only prevent partly that label from being read arbitrarily to the method that read write line and label authenticate.Another kind of safety approach is based on the safety approach of cryptographic algorithm, because label resources is limited, the safety approach that adopts symmetric cryptographic algorithm is the main flow of studying at present.Though existing security solution based on cryptographic algorithm has adopted identifying procedure, do not solve problems such as following the tracks of risk and cipher key lookup.
Summary of the invention
The objective of the invention is at the deficiencies in the prior art, propose a kind of safety certifying method that is applicable to radio-frequency recognition system, relate in particular to a kind of communication protocol and safety certifying method of radio-frequency recognition system.The present invention increased authenticate key inquiry and two-way authentication flow process before read write line and label carry out proper communication, the smart-tag authentication key is carried out real-time update, and the data communication after authentication finished encrypts, with the security of raising rfid system.The present invention utilizes the characteristic of symmetric key algorithm and one-way function, has protected authenticate key effectively, has guaranteed the forward secrecy of data transmission, is suitable for any RFID communication protocol.
Fundamental purpose of the present invention is achieved by the following technical solution: is used for the safety certifying method of radio-frequency (RF) identification, comprises that smart-tag authentication and read write line authenticate, comprise that also authenticate key is searched and authenticate key upgrades,
At first, label receives the request access instruction, and label returns the interim ID of encryption, i.e. metaID i(i=0...n is initial ID during i=0), the metaID of read write line to encrypt iAuthenticate key as the index search correspondence
Figure B2009100481547D0000021
Carry out the authentication of smart-tag authentication and read write line then;
Described smart-tag authentication comprises that label receives the random number R 1 that read write line sends, the label authenticate key of oneself
Figure B2009100481547D0000022
R 1 encrypted obtain S1, label sends to read write line with S1, and read write line uses the authenticate key that finds
Figure B2009100481547D0000023
To the S1 deciphering, if decrypted result is identical with R1, care label is legal; Otherwise label can not be by authentication, sign off;
Label authenticates read write line by after authenticating again, and described read write line authentication comprises that label generates random number R 2, utilizes authenticate key
Figure B2009100481547D0000024
Encryption obtains S2, sends to read write line, the read write line authenticate key
Figure B2009100481547D0000025
Decrypt random number R 2, obtain ciphertext S3 with R2 as secret key encryption R 1 again,, illustrate that read write line is legal if C2 is identical with S3; If unequal, read write line can not be by authentication, sign off;
Read write line also by after the authentication, with the key of R2 as the i data transfer, is encrypted information transmitted;
Carry out authenticate key at last and upgrade, read write line generates the authenticate key of random number R 3 as communication H calculates metaID with one-way function I+1, read write line upgrades authenticate key and interim ID, the i.e. (metaID of this label I+1,
Figure B2009100481547D0000027
), and with (metaID I+1,
Figure B2009100481547D0000028
) write label safely, during the i+1 time communication, with (metaID I+1,
Figure B2009100481547D0000029
) original (metaID of replacement i,
Figure B2009100481547D00000210
).
Described interim ID metaID iWith authenticate key The pass be,
Figure B2009100481547D00000212
), wherein H is an one-way function.
Described with (metaID I+1,
Figure B2009100481547D0000031
) write label safely, comprise that read write line is with metaID I+1With
Figure B2009100481547D0000032
Respectively with R 2XOR obtains
Figure B2009100481547D0000033
With
Figure B2009100481547D0000034
α and β are sent to label; After label receives, with α and β respectively with R 2XOR promptly can obtain (metaID I+1,
Figure B2009100481547D0000035
), and with (metaID I+1,
Figure B2009100481547D0000036
) original (metaID of replacement i,
Figure B2009100481547D0000037
).
After the two-way authentication of label and read write line was all passed through, the data transmission between label and the read write line was all carried out with the ciphertext form, and the encrypted transmission flow process comprises
When read write line during to the tag ram writing information,
Suppose that the information that will write is M 1, read write line at first utilizes key R 2It is encrypted, and read write line obtains corresponding ciphertext Cipher1=Enc (M after encrypting 1, R 2), Enc, Enc represents cryptographic algorithm, read write line sends write command write, and (Cipher1 addr1), comprises the ciphertext Cipher1 that writes and writes address addr1 in the instruction; Label receive write command write (Cipher1, addr1) after, utilize key R 2Deciphering obtains plaintext M to ciphertext Cipher1 1=Dec (Cipher1, R 2), Dec represents decrypt operation, and with M 1Corresponding address unit in the write store.Behind the label success writing information, return the response write_success that writes success;
Described encrypted transmission flow process also comprises,
When read write line reading tag memorizer information,
Suppose that the information that will read is M 2, the address is addr2, read write line sends the Read (addr2) that reads instruction; Label is with the information M of address addr2 2Use key R 2Encryption obtains corresponding ciphertext Cipher2=Enc (M 2, R 2), Enc is a cryptographic algorithm, and it is returned to read write line; Read write line utilizes key R 2Deciphering obtains plaintext M to ciphertext Cipher2 2=Dec (Cipher2, R 2), the Dec decipherment algorithm.
When read write line writes data to label, also comprise data integrity verifying,
At first, the computing information summary,
The plaintext of supposing transmission information is M 1, read write line at first utilizes key R 2It is encrypted, obtain ciphertext Cipher1=Enc (M 1, R 2), and calculate M with hash function Ha sh 1Corresponding informative abstract Hash (M 1),
Then, carry out informative abstract relatively,
Read write line sends to label by writing instruction with ciphertext, label to ciphertext Cipher1 be decrypted obtain corresponding plaintext M ' 1, calculate then its corresponding Hash (M ' 1), with Hash (M 1) and Hash (M ' 1) relatively, if consistent, then with M ' 1It writes the storage unit of assigned address, with returning the response that writes success;
Read write line also comprises data integrity verifying during from the label read data,
At first, the computing information summary,
Read write line sends the Read (addr2) that reads instruction, and label reads corresponding cleartext information M according to the address from storer 2, calculate M with hash function Hash earlier 2Corresponding informative abstract Hash (M 2),
Then, carry out the comparison of informative abstract,
To M 2Encrypt, at last with M 2Ciphertext Cipher2=Enc (M 2, R 2) and summary info Hash (M 2) send read write line simultaneously to; Read write line at first obtains plaintext M to decrypt ciphertext 2, calculate its corresponding summary info then, obtain Hash (M ' 2), if Hash (M ' 2) with the Hash (M that receives 2) equate the data M of care label 2Do not distorted, thereby guaranteed the tag storage information integrity.When label itself has independently HASH function calculation function calculate because label can carry out HASH to any data of memory block, so the time M 2With M 1There is not correlativity yet.
The invention has the advantages that, before communicating, increase the two-way authentication flow process, real-time update smart-tag authentication key and adopt means such as ciphertext transmission information to realize above-mentioned Security Target by the read write line label; By adopting symmetric key algorithm, reach the characteristic of one-way function, effectively protected authenticate key; and solved the problem of cipher key lookup; improved the efficient of cipher key lookup, can resist the major part that faces between rfid interrogator and the label and attack, having comprised: eavesdropping; follow the tracks of; illegally read, distort label data, the clone forges; man-in-the-middle attack, and can effectively protect the privacy of tag holder.
Description of drawings
Fig. 1 carries out the schematic flow sheet of two-way authentication for tag read-write equipment.
Fig. 2 is the ID of label and the synoptic diagram that concerns of corresponding authenticate key.
Fig. 3 is the synoptic diagram of read write line reading tag storer.
Fig. 4 writes the synoptic diagram of tag ram for read write line.
Fig. 5 is when guaranteeing integrity of data transmission, the synoptic diagram of read write line reading tag storer.
Fig. 6 is that read write line writes the synoptic diagram of tag ram when guaranteeing integrity of data transmission.
For the ease of understanding, below will describe in detail of the present invention by concrete drawings and Examples.It needs to be noted, instantiation and accompanying drawing only are in order to illustrate, obviously those of ordinary skill in the art can illustrate according to this paper, within the scope of the invention the present invention is made various corrections and change, and these corrections and change are also included in the scope of the present invention.
Embodiment
Embodiment 1
Fig. 1 is the two-way authentication flow process between rfid interrogator and the label, and comprising: authenticate key is searched, smart-tag authentication, and the read write line authentication, the key of data communication generates and authenticate key upgrades several steps.
Step 1, authenticate key is searched
Suppose that each label all has an independently key, when legal read write line and label communication, the key of how determining current label fast is called authenticate key and searches problem.Simple solution is all authenticate keys in the read write line ergodic data storehouse; use each key and label to carry out two-way authentication respectively; the defective of this method is when number of labels increases, and the read write line burden can sharply increase, and can not satisfy most of demands of applications.A kind of improving one's methods is for antilift wire quotation marks of each label distribution, when label is inquired about, at first returns call number separately, and read write line is searched corresponding authenticate key according to this call number.Since call number be fix and be plaintext transmission, this method exists follows the tracks of risk, assailant even can set up tab indexes number and the contact of label ID makes it face the privacy disclosure risk.The present invention proposes a kind of fast dynamic cipher key lookup method, detailed process is as follows: each legal label can be assigned with an initial authentication key when dispatching from the factory
Figure B2009100481547D0000051
Calculate the corresponding initial ID of label by one-way function H, be made as metaID 0, promptly
Figure B2009100481547D0000052
), and with (metaID 0,
Figure B2009100481547D0000053
) write tag ram.(metaID by all labels of database stores 0,
Figure B2009100481547D0000054
) right.Before the i time authentication beginning, read write line sends query statement Query, and label returns current interim ID, is designated as metaID iRead write line is with metaID iAs the authenticate key of index in this label correspondence of back-end data library lookup
Figure B2009100481547D0000055
Interim ID will be updated after each authentication finishes, and not follow the tracks of and the privacy disclosure risk so this method does not exist.
Step 2, smart-tag authentication,
Read write line authenticates the legitimacy of label.Read write line generates a random number R 1Send to label; Label current authentication key
Figure B2009100481547D0000056
To R 1Encryption obtains S1=E (R 1,
Figure B2009100481547D0000057
), E (R wherein 1, ) expression with
Figure B2009100481547D0000059
As key to plaintext R 1Carry out the symmetric key encryption computing.Label generates a random number R 2, utilize
Figure B2009100481547D00000510
Encryption obtains S2=E (R 2,
Figure B2009100481547D00000511
); Label sends to read write line with S1 and S2, in the accompanying drawing S1, and S2} represents junction symbol, promptly message is made up of S1 and S2.Read write line uses authenticate key
Figure B2009100481547D00000512
To the S1 deciphering, if its decrypted result and R 1Equate that then care label is legal; Otherwise label can not be by authentication, sign off.
Step 3, the read write line authentication,
Label authenticates the legitimacy of read write line.Verified the legitimacy of label when read write line after, from S2=E (R 2,
Figure B2009100481547D00000513
) in decrypt the random number R that label generates ' 2, with R ' 2As key, encrypt R 1, and with C2=E (R 1, R ' 2) send to label; Tag computation E (R ' 1, R 2), itself and C2 are compared, if identical, illustrate that read write line is legal; Otherwise read write line can not be by authentication, sign off.
Step 4, the key of data communication generates,
After read write line and label have been finished two-way authentication, if both sides are all legal, then can carry out the transmission of data, the data of transmission must be carried out with the ciphertext form.In the superincumbent verification process, the random number R that label produces 2Be with the ciphertext transmission always, then can be with R 2Key as both sides' data transmission.Because R 2Be the disposable random number that label produces, improved the security of communication.
Step 5, authenticate key upgrades,
In order to guarantee that authenticate key has forward security, the key that adopts when promptly the assailant can not communicate by letter before the current key that obtains is extrapolated, security authentication process of the present invention is carried out real-time update to the authenticate key of label.Read write line generates random number R 3, the legitimate secret when it is authenticated as label next time, promptly
Figure B2009100481547D0000061
, utilize one-way function H to calculate corresponding authenticate key metaID I+1,
Figure B2009100481547D0000062
Promptly obtain the new (metaID of this label I+1,
Figure B2009100481547D0000063
) right, read write line upgrades the key and the ID of this label; For with (metaID I+1,
Figure B2009100481547D0000064
) writing label safely, read write line is with metaID I+1With
Figure B2009100481547D0000065
Respectively with R 2XOR obtains
Figure B2009100481547D0000066
With
Figure B2009100481547D0000067
α and β are sent to label; After label receives, with α and β respectively with R 2XOR promptly can obtain (metaID I+1,
Figure B2009100481547D0000068
), and with (metaID I+1,
Figure B2009100481547D0000069
) original (metaID of replacement i,
Figure B2009100481547D00000610
).
In the authentication of i wheel, the interim ID of label, metaID i, and authenticate key Relation as shown in Figure 2, promptly , wherein H is one-way function (can not push away function input from functional value is counter).MetaID in verification process iExpressly to return read write line, even the assailant obtains the one-way function algorithm, can not be from metaID iCalculate
Figure B2009100481547D00000613
, the one-way of function has improved authenticate key
Figure B2009100481547D00000614
Confidentiality.After the smart-tag authentication key updating, authenticate key and interim ID still satisfy relation shown in the accompanying drawing 2.One-way function among the present invention only needs to realize at the read write line end, has reduced the hardware complexity of label, has saved the label cost.
After read write line, label two-way authentication were passed through, the data of read write line in can the reading tag storer perhaps write data to label.According to the requirement of communication security, the communication between them must be carried out with the form of ciphertext.The cryptographic algorithm here can be consistent with the cryptographic algorithm in the identifying procedure of front, and is perhaps different.Hereinafter represent cryptographic algorithm, represent decrypt operation with Dec with Enc.
Fig. 3 is the flow process of read write line to the tag ram writing information, supposes that the information that will write is M 1, read write line obtains corresponding ciphertext Cipher1=Enc (M after encrypting 1, R 2), read write line sends write command write, and (Cipher1 addr1), comprises the ciphertext Cipher1 that writes and writes address addr1 in the instruction; Label receive write command write (Cipher1, addr1) after, utilize key R 2Deciphering obtains plaintext M to ciphertext Cipher1 1=Dec (Cipher1, R 2), and with M 1Corresponding address unit in the write store.Behind the label success writing information, return the response write success that writes success.
Fig. 4 is the flow process of read write line reading tag memorizer information, supposes that the information that will read is M 1, the address is addr2, read write line sends the Read (addr2) that reads instruction; Label is with the information M of address addr2 2Encryption obtains corresponding ciphertext Cipher2=Enc (M 2, R 2), it is returned to read write line; Read write line utilizes key R 2Deciphering obtains plaintext M to ciphertext Cipher2 2=Dec (Cipher2, R 2).Need to prove the M at this place 2M with the write operation of front 1No correlativity.
In order to protect the sensitive data of label better, can in the intercommunication mutually of read write line label, increase the transmission information integrity.Data integrity is to obtain by the mode that the hash function computing information is made a summary.
That is with completeness check writes the label flow process as shown in Figure 5: the plaintext of supposing transmission information is M 1, read write line at first utilizes key R 2It is encrypted, obtain ciphertext Cipher1=Enc (M 1, R 2), and calculate M with hash function Hash 1Corresponding summary Hash (M 1), by writing instruction ciphertext is sent to label then, label to ciphertext Cipher1 be decrypted obtain corresponding plaintext M ' 1, calculate then its corresponding Hash (M ' 1), with Hash (M 1) compare with it, if consistent, then with M ' 1It writes the storage unit of assigned address, with returning the response that writes success;
That is with completeness check reads the label flow process as shown in Figure 6: at first send the Read (addr2) that reads instruction, label reads corresponding cleartext information M according to the address from storer 2, calculate M with hash function Hash earlier 2Corresponding summary Hash (M 2), then to M 2Encrypt, at last with M 2Ciphertext Cipher2=Enc (M 2, R 2) and summary info Hash (M 2) send read write line simultaneously to; Read write line at first to decrypt ciphertext obtain plaintext M ' 2, calculate its corresponding summary info then, obtain Hash (M ' 2), if Hash (M ' 2) with the Hash (M that receives 2) equate the data M of care label 2Do not distorted, thereby guaranteed the tag storage information integrity.When label itself has independently HASH function calculation function calculate because label can carry out HASH to any data of memory block, so the time M 2With M 1There is not correlativity yet.
In sum, in order to prevent the random reading tag information of assailant, the individual privacy of protection tag holder prevents to follow the tracks of, and eavesdrops and distort attacks such as label data, and security authentication process of the present invention has been introduced the flow for authenticating ID to read write line; In order to prevent that the lawless person from cloning label, forge label, introduced identifying procedure to the label legitimacy.In order to prevent to reset and man-in-the-middle attack, safe procedures of the present invention has been used disposable random number.In order to guarantee the forward security of authenticate key, after the tag read-write equipment two-way authentication finished, read write line can upgrade authenticate key and the interim ID of label; Use one-way function from the interim ID of authenticate key computation tag, even the interim ID victim eavesdropping of label also can not be derived corresponding authenticate key.
The above, it only is preferred embodiment of the present invention, be not that the present invention is done any pro forma restriction, any person of an ordinary skill in the technical field, if in the scope that does not break away from technical characterictic that the present invention carries, utilize the equivalent embodiment of localized variation that disclosed technology contents is made or modification, and do not break away from technical characterictic content of the present invention, all still belong in the scope of the technology of the present invention feature.

Claims (7)

1. a safety certifying method that is used for radio-frequency recognition system comprises that smart-tag authentication and read write line authenticate, and it is characterized in that, comprises that also authenticate key is searched and authenticate key upgrades, and comprises the steps:
At first carry out cipher key lookup, label receives the request access instruction, and label returns the interim ID of encryption, i.e. metaID i(i=0...n is initial ID during i=0), the metaID of read write line to encrypt iAuthenticate key as the index search correspondence
Figure F2009100481547C0000011
Carry out the authentication of smart-tag authentication and read write line then;
Described smart-tag authentication comprises that label receives the random number R 1 that read write line sends, the label authenticate key of oneself R1 encrypted obtain S1, label sends to read write line with S1, and read write line uses the authenticate key that finds
Figure F2009100481547C0000013
To the S1 deciphering, if decrypted result is identical with R1, care label is legal; Otherwise label can not be by authentication, sign off;
After smart-tag authentication passes through, read write line is authenticated, described read write line authentication comprises that label generates random number R 2, utilizes authenticate key again
Figure F2009100481547C0000014
Encryption obtains S2, sends to read write line, the read write line authenticate key
Figure F2009100481547C0000015
Decrypt random number R 2, obtain ciphertext S3 with R2 as secret key encryption R1 again,, illustrate that read write line is legal if C2 is identical with S3; If unequal, read write line can not be by authentication, sign off;
Read write line is also by after the authentication, with the key of R2 as the i data transfer;
Carry out authenticate key at last and upgrade, read write line generates the authenticate key of random number R 3 as communication
Figure F2009100481547C0000016
H calculates metaID with one-way function I+1, read write line upgrades authenticate key and interim ID, the i.e. (metaID of this label I+1,
Figure F2009100481547C0000017
), and with (metaID I+1,
Figure F2009100481547C0000018
) write label safely, during the i+1 time communication, with (metaID I+1,
Figure F2009100481547C0000019
) original (metaID of replacement i,
Figure F2009100481547C00000110
).
2. safety certifying method according to claim 1 is characterized in that, described interim ID, i.e. metaID i, with authenticate key
Figure F2009100481547C00000111
The pass be,
Figure F2009100481547C00000112
Wherein H is an one-way function.
3. safety certifying method according to claim 1 is characterized in that, and is described with (metaID I+1,
Figure F2009100481547C00000113
) write label safely, comprise that read write line is with metaID I+1With
Figure F2009100481547C00000114
Respectively with R 2XOR obtains
Figure F2009100481547C00000115
With
Figure F2009100481547C00000116
α and β are sent to label; After label receives, with α and β respectively with R 2XOR promptly can obtain (metaID I+1, ), and with (metaID I+1,
Figure F2009100481547C00000118
) original (metaID of replacement i, ).
4. safety certifying method according to claim 1 is characterized in that, the data transmission between described label and the read write line is all carried out with the ciphertext form, and the encrypted transmission flow process comprises
When read write line during to the tag ram writing information,
Suppose that the information that will write is M 1, read write line at first utilizes key R 2It is encrypted, and read write line obtains corresponding ciphertext Cipher1=Enc (M after encrypting 1, R 2), Enc represents cryptographic algorithm, read write line sends write command write, and (Cipher1 addr1), comprises the ciphertext Cipher1 that writes and writes address addr1 in the instruction; Label receive write command write (Cipher1, addr1) after, utilize key R 2Deciphering obtains plaintext M to ciphertext Cipher1 1=Dec (Cipher1, R 2), Dec represents decrypt operation, and with M 1Corresponding address unit in the write store.Behind the label success writing information, return the response write_success that writes success.
5. safety certifying method according to claim 4 is characterized in that, described encrypted transmission flow process also comprises,
When read write line reading tag memorizer information,
Suppose that the information that will read is M 2, the address is addr2, read write line sends the Read (addr2) that reads instruction; Label is with the information M of address addr2 2Use key R 2Encryption obtains corresponding ciphertext Cipher2=Enc (M 2, R 2), Enc is a cryptographic algorithm, and it is returned to read write line; Read write line utilizes key R 2Deciphering obtains plaintext M to ciphertext Cipher2 2=Dec (Cipher2, R 2), the Dec decipherment algorithm.
6. safety certifying method according to claim 4 is characterized in that, when read write line writes data to label, also comprises data integrity verifying,
At first, the computing information summary,
The plaintext of supposing transmission information is M 1, read write line at first utilizes key R 2It is encrypted, obtain ciphertext Cipher1=Enc (M 1, R 2), and calculate M with hash function Hash 1Corresponding informative abstract Hash (M 1),
Then, carry out informative abstract relatively,
Read write line sends to label by writing instruction with ciphertext, label to ciphertext Cipher1 be decrypted obtain corresponding plaintext M ' 1, calculate then its corresponding Hash (M ' 1), with Hash (M 1) and Hash (M ' 1) relatively, if consistent, then with M ' 1It writes the storage unit of assigned address, with returning the response that writes success.
7. safety certifying method according to claim 5 is characterized in that, read write line also comprises data integrity verifying during from the label read data,
At first, the computing information summary,
Read write line sends the Read (addr2) that reads instruction, and label reads corresponding cleartext information M according to the address from storer 2, calculate M with hash function Hash earlier 2Corresponding informative abstract Hash (M 2),
Then, carry out the comparison of informative abstract,
To M 2Encrypt, at last with M 2Ciphertext Cipher2=Enc (M 2, R 2) and summary info Hash (M 2) send read write line simultaneously to; Read write line at first obtains plaintext M to decrypt ciphertext 2, calculate its corresponding summary info then, obtain Hash (M ' 2), if Hash (M ' 2) with the Hash (M that receives 2) equate the data M of care label 2Do not distorted, thereby guaranteed the tag storage information integrity.
CN2009100481547A 2009-03-24 2009-03-24 Security authentication method for radio frequency recognition system Expired - Fee Related CN101847199B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN2009100481547A CN101847199B (en) 2009-03-24 2009-03-24 Security authentication method for radio frequency recognition system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN2009100481547A CN101847199B (en) 2009-03-24 2009-03-24 Security authentication method for radio frequency recognition system

Publications (2)

Publication Number Publication Date
CN101847199A true CN101847199A (en) 2010-09-29
CN101847199B CN101847199B (en) 2012-06-06

Family

ID=42771816

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2009100481547A Expired - Fee Related CN101847199B (en) 2009-03-24 2009-03-24 Security authentication method for radio frequency recognition system

Country Status (1)

Country Link
CN (1) CN101847199B (en)

Cited By (21)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101980241A (en) * 2010-10-27 2011-02-23 北京握奇数据系统有限公司 Method, system and device for authenticating radio frequency tag
CN102136079A (en) * 2011-03-07 2011-07-27 中兴通讯股份有限公司 Dynamic authentication method between reader and tag card and implementing device thereof
CN102510334A (en) * 2011-11-08 2012-06-20 北京博大光通国际半导体技术有限公司 Dynamic anti-counterfeiting security system and method based on WSN wireless sensing net radio-frequency technology
CN102622621A (en) * 2012-02-07 2012-08-01 上海中科高等研究院 Communication method for improving security of radio frequency identification system
CN102682311A (en) * 2011-06-10 2012-09-19 中国人民解放军国防科学技术大学 Passive radio frequency identification (RFID) secutiry authentication method based on cyclic redundancy check (CRC) code operation
CN102684872A (en) * 2011-06-10 2012-09-19 中国人民解放军国防科学技术大学 Safety communication method for ultrahigh frequency radio-frequency identification air interface based on symmetrical encryption
CN102938696A (en) * 2011-08-15 2013-02-20 国民技术股份有限公司 Generating method of session key and module
CN103020571A (en) * 2013-01-17 2013-04-03 合肥学院 Radio-frequency identification based bidirectional authentication method
CN103138932A (en) * 2011-12-05 2013-06-05 中兴通讯股份有限公司 Allocation method of mifare card sector secret key and allocation system of mifare card sector secret key
CN103218591A (en) * 2013-05-07 2013-07-24 南京大学 Anti-counterfeiting system based on RFID (radio frequency identification), and working method of same
WO2014134827A1 (en) * 2013-03-08 2014-09-12 Hong Kong R&D Centre for Logistics and Supply Chain Management Enabling Technologies Limited System and method for authentication
WO2014201585A1 (en) * 2013-06-20 2014-12-24 华北电力大学(保定) Rfid bidirectional authentication method based on asymmetric key and hash function
CN105844757A (en) * 2016-05-06 2016-08-10 辽宁大唐国际新能源有限公司 Wind power plant fan remote control authentication device based on RFID and operating method
CN106779751A (en) * 2016-12-29 2017-05-31 深圳市检验检疫科学研究院 A kind of Food Logistics supply chain system and method based on UHF RFID
CN106909416A (en) * 2015-12-23 2017-06-30 华大半导体有限公司 A kind of upgrade method of RFID label tag
CN106919963A (en) * 2015-12-25 2017-07-04 航天信息股份有限公司 Smart-tag authentication device, handling of goods and materials device and goods and material handling method
CN108616531A (en) * 2018-04-26 2018-10-02 深圳市盛路物联通讯技术有限公司 A kind of radiofrequency signal safety communicating method and system
CN108899076A (en) * 2018-06-12 2018-11-27 涓ユ不 A kind of medical treatment Quality Control information system and its control method
CN109951294A (en) * 2019-02-21 2019-06-28 中云信安(深圳)科技有限公司 Information update management method and relevant device in electronic labelling system
CN111601308A (en) * 2020-05-19 2020-08-28 南方电网数字电网研究院有限公司 System and method for authenticating tag chip, tag chip and storage medium
CN117077715A (en) * 2023-10-16 2023-11-17 深圳市国芯物联科技有限公司 Multichannel data transmission method of radio frequency identification reader-writer

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1588386B (en) * 2004-08-02 2011-08-24 上海质尊电子科技有限公司 System and method for realizing article information detection by radio frequency identification and mobile communication combination
CN100375111C (en) * 2005-07-07 2008-03-12 复旦大学 Method for anti false verification based on identification technique in radio frequency, and anti false system

Cited By (34)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101980241A (en) * 2010-10-27 2011-02-23 北京握奇数据系统有限公司 Method, system and device for authenticating radio frequency tag
CN101980241B (en) * 2010-10-27 2012-08-22 北京握奇数据系统有限公司 Method, system and device for authenticating radio frequency tag
CN102136079B (en) * 2011-03-07 2014-08-20 中兴通讯股份有限公司 Dynamic authentication method between reader and tag card and implementing device thereof
US9171191B2 (en) 2011-03-07 2015-10-27 Zte Corporation Method for dynamic authentication between reader and tag, and device therefor
CN102136079A (en) * 2011-03-07 2011-07-27 中兴通讯股份有限公司 Dynamic authentication method between reader and tag card and implementing device thereof
CN102682311B (en) * 2011-06-10 2015-07-22 中国人民解放军国防科学技术大学 Passive radio frequency identification (RFID) secutiry authentication method based on cyclic redundancy check (CRC) code operation
CN102684872B (en) * 2011-06-10 2015-01-21 中国人民解放军国防科学技术大学 Safety communication method for ultrahigh frequency radio-frequency identification air interface based on symmetrical encryption
CN102682311A (en) * 2011-06-10 2012-09-19 中国人民解放军国防科学技术大学 Passive radio frequency identification (RFID) secutiry authentication method based on cyclic redundancy check (CRC) code operation
CN102684872A (en) * 2011-06-10 2012-09-19 中国人民解放军国防科学技术大学 Safety communication method for ultrahigh frequency radio-frequency identification air interface based on symmetrical encryption
CN102938696A (en) * 2011-08-15 2013-02-20 国民技术股份有限公司 Generating method of session key and module
CN102938696B (en) * 2011-08-15 2015-08-12 国民技术股份有限公司 A kind of generation method of session key and module
CN102510334A (en) * 2011-11-08 2012-06-20 北京博大光通国际半导体技术有限公司 Dynamic anti-counterfeiting security system and method based on WSN wireless sensing net radio-frequency technology
CN102510334B (en) * 2011-11-08 2014-02-12 北京博大光通国际半导体技术有限公司 Dynamic anti-counterfeiting security system and method based on WSN wireless sensing net radio-frequency technology
CN103138932B (en) * 2011-12-05 2016-01-20 中兴通讯股份有限公司 The collocation method of a kind of Mifare card sector key and system
CN103138932A (en) * 2011-12-05 2013-06-05 中兴通讯股份有限公司 Allocation method of mifare card sector secret key and allocation system of mifare card sector secret key
CN102622621B (en) * 2012-02-07 2014-08-13 中国科学院上海高等研究院 Communication method for improving security of radio frequency identification system
CN102622621A (en) * 2012-02-07 2012-08-01 上海中科高等研究院 Communication method for improving security of radio frequency identification system
CN103020571A (en) * 2013-01-17 2013-04-03 合肥学院 Radio-frequency identification based bidirectional authentication method
WO2014134827A1 (en) * 2013-03-08 2014-09-12 Hong Kong R&D Centre for Logistics and Supply Chain Management Enabling Technologies Limited System and method for authentication
CN103218591A (en) * 2013-05-07 2013-07-24 南京大学 Anti-counterfeiting system based on RFID (radio frequency identification), and working method of same
WO2014201585A1 (en) * 2013-06-20 2014-12-24 华北电力大学(保定) Rfid bidirectional authentication method based on asymmetric key and hash function
CN106909416A (en) * 2015-12-23 2017-06-30 华大半导体有限公司 A kind of upgrade method of RFID label tag
CN106919963B (en) * 2015-12-25 2020-06-05 航天信息股份有限公司 Label authentication device, material management device and material management method
CN106919963A (en) * 2015-12-25 2017-07-04 航天信息股份有限公司 Smart-tag authentication device, handling of goods and materials device and goods and material handling method
CN105844757A (en) * 2016-05-06 2016-08-10 辽宁大唐国际新能源有限公司 Wind power plant fan remote control authentication device based on RFID and operating method
CN106779751A (en) * 2016-12-29 2017-05-31 深圳市检验检疫科学研究院 A kind of Food Logistics supply chain system and method based on UHF RFID
CN108616531B (en) * 2018-04-26 2021-10-08 深圳市盛路物联通讯技术有限公司 Radio frequency signal secure communication method and system
CN108616531A (en) * 2018-04-26 2018-10-02 深圳市盛路物联通讯技术有限公司 A kind of radiofrequency signal safety communicating method and system
CN108899076A (en) * 2018-06-12 2018-11-27 涓ユ不 A kind of medical treatment Quality Control information system and its control method
CN109951294A (en) * 2019-02-21 2019-06-28 中云信安(深圳)科技有限公司 Information update management method and relevant device in electronic labelling system
CN111601308A (en) * 2020-05-19 2020-08-28 南方电网数字电网研究院有限公司 System and method for authenticating tag chip, tag chip and storage medium
CN111601308B (en) * 2020-05-19 2023-08-08 南方电网数字电网科技(广东)有限公司 Authentication system and method for tag chip, tag chip and storage medium
CN117077715A (en) * 2023-10-16 2023-11-17 深圳市国芯物联科技有限公司 Multichannel data transmission method of radio frequency identification reader-writer
CN117077715B (en) * 2023-10-16 2024-01-26 深圳市国芯物联科技有限公司 Multichannel data transmission method of radio frequency identification reader-writer

Also Published As

Publication number Publication date
CN101847199B (en) 2012-06-06

Similar Documents

Publication Publication Date Title
CN101847199B (en) Security authentication method for radio frequency recognition system
Yang et al. Mutual authentication protocol for low-cost RFID
CN101488854B (en) Wireless RFID system authentication method and apparatus
CN102882683B (en) Synchronizable RFID (radio-frequency identification) security authentication method
CN106712962A (en) Mobile RFID system bidirectional authentication method and system
CN101882197B (en) RFID (Radio Frequency Identification Device) inquiring-response safety certificate method based on grading key
CN104115442B (en) RFID bidirectional authentication method based on asymmetric secret key and Hash function
CN103020671A (en) Radio frequency identification bidirectional authentication method based on hash function
CN101271534A (en) RFID label and reading device thereof, reading system and safety authentication method
CN110381055B (en) RFID system privacy protection authentication protocol method in medical supply chain
CN104184733A (en) RFID lightweight-class bidirectional authentication method based on CRC coding
CN103532718A (en) Authentication method and authentication system
CN104883681A (en) Mobile RFID mutual authentication method based on dynamic shared secret key
CN102684872B (en) Safety communication method for ultrahigh frequency radio-frequency identification air interface based on symmetrical encryption
CN104579688B (en) It is a kind of based on Hash function can synchronized update key RFID mutual authentication method
CN102594550A (en) RFID internal mutual authentication safety protocol based on secret key array
CN106027237B (en) Cipher key matrix safety certifying method based on group in a kind of RFID system
CN102904723B (en) Privacy protection method of radio frequency identification device (RFID) system
CN104506533A (en) RFID (radio frequency identification) label ownership transfer method based on PUF (physical unclonable function)
CN104700125A (en) AES encryption and verification of ultra high frequency radio identification system
Kumari Real time authentication system for RFID applications
CN104980280B (en) A kind of RFID safety authentication based on Cai Shi multi-scroll chaotic sequence
CN110492992A (en) A kind of data encryption and transmission method based on radio RF recognition technology
CN106203579A (en) A kind of safe RFID label tag random number automatic update method
Kim et al. Single tag sharing scheme for multiple-object RFID applications

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20120606

Termination date: 20170324

CF01 Termination of patent right due to non-payment of annual fee