CN101847199B - Security authentication method for radio frequency recognition system - Google Patents

Security authentication method for radio frequency recognition system Download PDF

Info

Publication number
CN101847199B
CN101847199B CN2009100481547A CN200910048154A CN101847199B CN 101847199 B CN101847199 B CN 101847199B CN 2009100481547 A CN2009100481547 A CN 2009100481547A CN 200910048154 A CN200910048154 A CN 200910048154A CN 101847199 B CN101847199 B CN 101847199B
Authority
CN
China
Prior art keywords
label
write line
read write
key
authentication
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN2009100481547A
Other languages
Chinese (zh)
Other versions
CN101847199A (en
Inventor
王俊宇
刘丹
谭杰
杨玉庆
闵昊
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Fudan University
Original Assignee
Fudan University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Fudan University filed Critical Fudan University
Priority to CN2009100481547A priority Critical patent/CN101847199B/en
Publication of CN101847199A publication Critical patent/CN101847199A/en
Application granted granted Critical
Publication of CN101847199B publication Critical patent/CN101847199B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Storage Device Security (AREA)

Abstract

The invention discloses a security authentication method for a radio frequency recognition system, which comprises the following steps of: searching an authentication key through an initial ID of an identifier; performing identifier authentication and reader authentication, and after the identifier and the reader pass the authentication, generating a key for data communication; and using the communication key in subsequent communication, and updating the authentication key of the identifier in real time by a security authentication flow during next communication. The method improves the security of the RFID system by updating the authentication key of the identifier in real time and transmitting information in an encrypted mode and other means, fully ensures the forward security of the authentication key, makes attackers incapable of calculating a key adopted by the previous communication from the currently acquired key, is suitable for any RFID communication protocol and can improve the key search efficiency.

Description

The safety certifying method that is used for radio-frequency recognition system
Technical field
The invention belongs to the REID field, relate to a kind of safety certifying method of radio-frequency recognition system, relate in particular to a kind of communication protocol and safety certifying method of radio-frequency recognition system.
Background technology
RF identification (RFID) is a kind of automatic identification technology that carries out the noncontact two-way communication through electromagnetic wave.The ultimate system of RF identification comprises electronic tag (hereinafter to be referred as label) and read write line.Twentieth century nineties, the RFID technology begins to be widely used in transportation card, fields such as gate inhibition's card.In recent years, the RFID technology constantly appears at various new applications, commodity counterfeit prevention for example, and E-Passport, car key, the care of animal, taking care of books, supply chain management and Olympic Games ticket etc., even have the people to advise implant into body with RFID.
Undoubtedly, applying of RFID technology makes human life become convenient, but also more and more causes that people are to the safety brought thus and the concern of privacy concern simultaneously.Unsafe rfid system threatens individual privacy except meeting, also can cause the leakage of incorporation's sensitive information.The safety problem of rfid system relates to each links such as background system, middleware, read write line and electronic tag; But; Therefore electronics becomes weak and the easiest link under attack in the rfid system because cost is limit, and the resource that can be used in Safety Design is minimum.The common attack means that face between read write line and the label in the rfid system mainly comprise: physical attacks, forge clone, unauthorized access, eavesdropping, tracking and denial of service etc.International Industry circle and academia have launched research to the safe privacy concern of rfid system; Many solutions have been proposed; Roughly can be divided into two types: one type of safety approach is based on the safety approach of non-cryptographic algorithm; For example, make method and use " blocker " the label assailant etc. of Void Label through " kill " instruction.Adopt non-cryptographic method simple, but security performance is unreliable, can only prevent partly that label from being read arbitrarily to the method that read write line and label carry out authentication.Another kind of safety approach is based on the safety approach of cryptographic algorithm, because label resources is limited, the safety approach that adopts symmetric cryptographic algorithm is the main flow of studying at present.Though existing security solution based on cryptographic algorithm has adopted identifying procedure, do not solve problems such as following the tracks of risk and key lookup.
Summary of the invention
The objective of the invention is deficiency, propose a kind of safety certifying method that is applicable to radio-frequency recognition system, relate in particular to a kind of communication protocol and safety certifying method of radio-frequency recognition system to prior art.The present invention increased authenticate key inquiry and two-way authentication flow process before read write line and label carry out proper communication, the smart-tag authentication key is carried out real-time update, and the data communication after authentication accomplished encrypts, with the security of raising rfid system.The present invention utilizes the characteristic of symmetric key algorithm and one-way function, has protected authenticate key effectively, has guaranteed the forward secrecy of data transmission, is suitable for any RFID communication protocol.
Fundamental purpose of the present invention realizes through following technical scheme: is used for the safety certifying method of RF identification, comprises smart-tag authentication and read write line authentication, comprise that also authenticate key is searched and authenticate key upgrades,
At first, label receives the request access instruction, and label returns the interim ID of encryption, i.e. metaID i(i=0...n is initial ID during i=0), the metaID of read write line to encrypt iAs the corresponding authenticate key K of index search Authen i
Carry out smart-tag authentication and read write line authentication then;
Described smart-tag authentication comprises that label receives the random number R 1 that read write line sends, and label is with the authenticate key K of oneself Authen iR1 encrypted obtain S1, label sends to read write line with S1, and read write line uses the authenticate key K that finds Authen iTo the S1 deciphering, if decrypted result is identical with R1, care label is legal; Otherwise label can not be through authentication, sign off;
Label through authentication after, again read write line is carried out authentication, described read write line authentication comprises, label generates random number R 2, utilizes authenticate key K Authen iEncryption obtains S2, sends to read write line, and read write line is used authenticate key K Authen iDecrypt random number R 2, obtain ciphertext S3 with R2 as secret key encryption R1 again,, explain that read write line is legal if C2 is identical with S3; If unequal, read write line can not be through authentication, sign off;
Read write line, is encrypted information transmitted the key of R2 as the i data transfer also through after the authentication;
Carry out authenticate key at last and upgrade, read write line generates the authenticate key K of random number R 3 as communication Authen I+1, H calculates metaID with one-way function I+1, read write line upgrades the authenticate key and interim ID, i.e. (metaID of this label I+1, K Authen I+1), and with (metaID I+1, K Authen I+1) write label safely, during the i+1 time communication, with (metaID I+1, K Authen I+1) original (metaID of replacement i, K Authen i).
Said interim IDmetaID iWith authenticate key K Authen iRelation do, MetaID i = H ( K Authen i ) , Wherein H is an one-way function.
Said with (metaID I+1, K Authen I+1) write label safely, comprise that read write line is with metaID I+1And K Authen I+1Respectively with R 2XOR obtains α = MetaID i + 1 ⊕ R 2 With γ = K Authen i + 1 ⊕ R 2 , α and β are sent to label; After label receives, with α and β respectively with R 2XOR promptly can obtain (metaID I+1, K Authen I+1), and with (metaID I+1, K Authen I+1) original (metaID of replacement i, K Authen i).
After the two-way authentication of label and read write line was all passed through, the data transmission between label and the read write line was all carried out with the ciphertext form, and the encrypted transmission flow process comprises
When read write line during to the tag ram writing information,
Suppose that the information that will write is M 1, read write line at first utilizes key R 2It is encrypted, and read write line obtains corresponding ciphertext Cipher1=Enc (M after encrypting 1, R 2), Enc representes AES, read write line sends write command write, and (Cipher1 addr1), comprises the ciphertext Cipher1 that writes and writes address addr1 in the instruction; Label receive write command write (Cipher1, addr1) after, utilize key R 2Deciphering obtains plaintext M to ciphertext Cipher1 1=Dec (Cipher1, R 2), Dec representes decrypt operation, and with M 1Corresponding address unit in the write store.Behind the label success writing information, return and write response of successful write_success;
Described encrypted transmission flow process also comprises,
When read write line reading tag memorizer information,
Suppose that the information that will read is M 2, the address is addr2, read write line sends the Read (addr2) that reads instruction; Label is with the information M of address addr2 2Use key R 2Encryption obtains corresponding ciphertext Cipher2=Enc (M 2, R 2), Enc is an AES, and it is returned to read write line; Read write line utilizes key R 2Deciphering obtains plaintext M to ciphertext Cipher2 2=Dec (Cipher2, R 2), the Dec decipherment algorithm.
When read write line writes data to label, also comprise data integrity verifying,
At first, the computing information summary,
The plaintext of supposing transmission information is M 1, read write line at first utilizes key R 2It is encrypted, obtain ciphertext Cipher1=Enc (M 1, R 2), and with hash function Hash calculating M 1Corresponding informative abstract Hash (M 1),
Then, carry out informative abstract relatively,
Read write line sends to label through writing instruction with ciphertext, label to ciphertext Cipher1 decipher obtain corresponding plaintext M ' 1, calculate then its corresponding Hash (M ' 1), with Hash (M 1) and Hash (M ' 1) relatively, if consistent, then with M ' 1It writes the storage unit of assigned address, writes response of successful with returning;
Read write line also comprises data integrity verifying during from the label read data,
At first, the computing information summary,
Read write line sends the Read (addr2) that reads instruction, and label reads corresponding cleartext information M according to the address from storer 2, calculate M with hash function Hash earlier 2Corresponding informative abstract Hash (M 2),
Then, carry out the comparison of informative abstract,
To M 2Encrypt, at last with M 2Ciphertext Cipher2=Enc (M 2, R 2) and summary info Hash (M 2) send read write line simultaneously to; Read write line at first obtains plaintext M to decrypt ciphertext 2, calculate its corresponding summary info then, obtain Hash (M ' 2), if Hash (M ' 2) with the Hash (M that receives 2) equate the data M of care label 2Do not distorted, thereby guaranteed the tag storage information integrity.When label itself has independently HASH function calculation function calculate because label can carry out HASH to any data of memory block, so the time M 2With M 1There is not correlativity yet.
The invention has the advantages that, increase the two-way authentication flow process before communicate, real-time update smart-tag authentication key and adopt means such as ciphertext transmission information to realize above-mentioned Security Target through the read write line label; Through adopting symmetric key algorithm, reach the characteristic of one-way function, effectively protect authenticate key, and solved the problem of key lookup; Improved the efficient of key lookup, can resist the major part that faces between rfid interrogator and the label and attack, having comprised: eavesdropping; Follow the tracks of, illegally read, distort label data, the clone; Forge, man-in-the-middle attack, and can effectively protect the privacy of tag holder.
Description of drawings
Fig. 1 carries out the schematic flow sheet of two-way authentication for tag read-write equipment.
Fig. 2 is the ID of label and the synoptic diagram that concerns of corresponding authenticate key.
Fig. 3 is the synoptic diagram of read write line reading tag storer.
Fig. 4 writes the synoptic diagram of tag ram for read write line.
Fig. 5 is when guaranteeing integrity of data transmission, the synoptic diagram of read write line reading tag storer.
Fig. 6 is that read write line writes the synoptic diagram of tag ram when guaranteeing integrity of data transmission.
For the ease of understanding, below will describe in detail of the present invention through concrete accompanying drawing and embodiment.What need particularly point out is; Instantiation and accompanying drawing only are in order to explain; Obviously those of ordinary skill in the art can explain according to this paper, within the scope of the invention the present invention is made various corrections and change, and these corrections and change are also included in the scope of the present invention.
Embodiment
Embodiment 1
Fig. 1 is the two-way authentication flow process between rfid interrogator and the label, and comprising: authenticate key is searched, smart-tag authentication, and the read write line authentication, the key of data communication generates and authenticate key upgrades several steps.
Step 1, authenticate key is searched
Suppose that each label all has an independently key, when legal read write line and label communication, the key of how confirming current label fast is called authenticate key and searches problem.Simple solution is all authenticate keys in the read write line ergodic data storehouse; Use each key and label to carry out two-way authentication respectively; The defective of this method is when number of labels increases, and the read write line burden can sharply increase, and can not satisfy most of demands of applications.A kind of improving one's methods is for antilift wire quotation marks of each label distribution, when label is inquired about, at first returns call number separately, and read write line is searched corresponding authenticate key according to this call number.Since call number be fix and be plaintext transmission, this method exists follows the tracks of risk, assailant even can set up tab indexes number and the contact of label ID makes it face the privacy disclosure risk.The present invention proposes a kind of fast dynamic key lookup method, detailed process is following: each legal label can be assigned with an initial authentication key K when dispatching from the factory Anthen 0, calculate the corresponding initial ID of label through one-way function H, be made as metaID 0, promptly MetaID 0 = H ( K Anthen 0 ) , And with (metaID 0, K Anthen 0) write tag ram.(metaID by all labels of database stores 0, K Anthen 0) 0 the i time authentication begun before, read write line sends query statement Query, label returns current interim ID, is designated as metaID iRead write line is with metaID iAs the authenticate key K of index in this label correspondence of back-end data library lookup Authen iInterim ID will be updated after each authentication finishes, and not follow the tracks of and the privacy disclosure risk so this method does not exist.
Step 2, smart-tag authentication,
Read write line carries out authentication to the legitimacy of label.Read write line generates a random number R 1Send to label; Label is used the current authentication key K Authen iTo R 1Encryption obtains S 1 = E ( R 1 , K Autnen i ) , E (R wherein 1, K Authen i) represent with K Authen iAs key to plaintext R 1Carry out the symmetric key encryption computing.Label generates a random number R 2, utilize K Authen iEncryption obtains S 2 = E ( R 2 , K Authen i ) ; Label sends to read write line with S1 and S2, in the accompanying drawing S1, and S2} representes junction symbol, promptly message is made up of S1 and S2.Read write line uses authenticate key K Authen iTo the S1 deciphering, if its decrypted result and R 1Equate that then care label is legal; Otherwise label can not be through authentication, sign off.
Step 3, the read write line authentication,
Label carries out authentication to the legitimacy of read write line.Verified the legitimacy of label when read write line after, from S 2 = E ( R 2 , K Authen i ) In decrypt the random number R that label generates ' 2, with R ' 2As key, encrypt R 1, and with C 2=E (R 1, R ' 2) send to label; Tag computation E (R ' 1, R 2), itself and C2 are compared, if identical, explain that read write line is legal; Otherwise read write line can not be through authentication, sign off.
Step 4, the key of data communication generates,
After read write line and label have been accomplished two-way authentication, if both sides are all legal, then can carry out the transmission of data, the data of transmission must be carried out with the ciphertext form.In the superincumbent verification process, the random number R that label produces 2Be with the ciphertext transmission always, then can be with R 2Key as both sides' data transmission.Because R 2Be the disposable random number that label produces, improved the security of communication.
Step 5, authenticate key upgrades,
In order to guarantee that authenticate key has forward security, the key that adopts when promptly the assailant can not communicate by letter before the current key that obtains is extrapolated, security authentication process of the present invention is carried out real-time update to the authenticate key of label.Read write line generates random number R 3, the legitimate secret with it during as label authentication next time, promptly K Authen i + 1 = R 3 , Utilize one-way function H to calculate corresponding authenticate key metaID I+1, MetaID i + 1 = H ( K Authen i + 1 ) , Promptly obtain the new (metaID of this label I+1, K Authen I+1) right, read write line upgrades the key and the ID of this label; For with (metaID I+1, K Authen I+1) writing label safely, read write line is with metaID I+1And K Authen I+1Respectively with R 2XOR obtains α = MetaID i + 1 ⊕ R 2 With γ = K Authen i + 1 ⊕ R 2 , α and β are sent to label; After label receives, with α and β respectively with R 2XOR promptly can obtain (metaID I+1, K Authen I+1), and with (metaID I+1, K Authen I+1) original (metaID of replacement i, K Authen i).
In the authentication of i wheel, the interim ID of label, metaID iAnd authenticate key K Authen iRelation shown in accompanying drawing 2, promptly MetaID i = H ( K Authen i ) , Wherein H is one-way function (can not push away function input from functional value is counter).MetaID in verification process iExpressly to return read write line, even the assailant obtains the one-way function algorithm, can not be from metaID iCalculating K Authen i, the one-way of function has improved authenticate key K Authen iConfidentiality.After the smart-tag authentication key updating, authenticate key still satisfies relation shown in the accompanying drawing 2 with interim ID.One-way function among the present invention only needs to realize at the read write line end, has reduced the hardware complexity of label, has practiced thrift the label cost.
After read write line, label two-way authentication were passed through, the data of read write line in can the reading tag storer perhaps write data to label.According to the requirement of communication security, the communication between them must be carried out with the form of ciphertext.The AES here can be consistent with the AES in the identifying procedure of front, and is perhaps different.Hereinafter represent AES, represent decrypt operation with Dec with Enc.
Fig. 3 is the flow process of read write line to the tag ram writing information, supposes that the information that will write is M 1, read write line obtains corresponding ciphertext Cipher1=Enc (M after encrypting 1, R 2), read write line sends write command write, and (Cipher1 addr1), comprises the ciphertext Cipher1 that writes and writes address addr1 in the instruction; Label receive write command write (Cipher1, addr1) after, utilize key R 2Deciphering obtains plaintext M to ciphertext Cipher1 1=Dec (Cipher1, R 2), and with M 1Corresponding address unit in the write store.Behind the label success writing information, return and write response of successful write_success.
Fig. 4 is the flow process of read write line reading tag memorizer information, supposes that the information that will read is M 2, the address is addr2, read write line sends the Read (addr2) that reads instruction; Label is with the information M of address addr2 2Encryption obtains corresponding ciphertext Cipher2=Ennc (M 2, R 2), it is returned to read write line; Read write line utilizes key R 2Deciphering obtains plaintext M to ciphertext Cipher2 2=Dec (Cipher2, R 2).Need to prove the M at this place 2M with the write operation of front 1No correlativity.
In order to protect the sensitive data of label better, can in the intercommunication mutually of read write line label, increase the transmission information integrity.Data integrity is to obtain through the mode that the hash function computing information is made a summary.
The band completeness check to write the label flow process as shown in Figure 5: the plaintext of supposing transmission information is M 1, read write line at first utilizes key R 2It is encrypted, obtain ciphertext Cipher1=Enc (M 1, R 2), and with hash function Hash calculating M 1Corresponding summary Hash (M 1), through writing instruction ciphertext is sent to label then, label to ciphertext Cipher1 decipher obtain corresponding plaintext M ' 1, calculate then its corresponding Hash (M ' 1), with Hash (M 1) compare with it, if consistent, then with M ' 1It writes the storage unit of assigned address, writes response of successful with returning;
The band completeness check to read the label flow process as shown in Figure 6: at first send the Read (addr2) that reads instruction, label reads corresponding cleartext information M according to the address from storer 2, calculate M with hash function Hash earlier 2Corresponding summary Hash (M 2), then to M 2Encrypt, at last with M 2Ciphertext Cipher2=Enc (M 2, R 2) and summary info Hash (M 2) send read write line simultaneously to; Read write line at first to decrypt ciphertext obtain plaintext M ' 2, calculate its corresponding summary info then, obtain Hash (M ' 2), if Hash (M ' 2) with the Hash (M that receives 2) equate the data M of care label 2Do not distorted, thereby guaranteed the tag storage information integrity.When label itself has independently HASH function calculation function calculate because label can carry out HASH to any data of memory block, so the time M 2With M 1There is not correlativity yet.
In sum, in order to prevent the random reading tag information of assailant, the individual privacy of protection tag holder prevents to follow the tracks of, and eavesdrops and distort attacks such as label data, and security authentication process of the present invention has been introduced the flow for authenticating ID to read write line; In order to prevent that the lawless person from cloning label, forge label, introduced identifying procedure to the label legitimacy.In order to prevent to reset and man-in-the-middle attack, safe procedures of the present invention has been used disposable random number.In order to guarantee the forward security of authenticate key, after the tag read-write equipment two-way authentication finished, read write line can upgrade authenticate key and the interim ID of label; Use one-way function from the interim ID of authenticate key computation tag, even the interim ID victim eavesdropping of label also can not be derived corresponding authenticate key.
The above; Only being preferred embodiment of the present invention, is not that the present invention is done any pro forma restriction, the those of ordinary skill of any affiliated technical field; If in the scope that does not break away from technical characterictic that the present invention carries; Utilize the equivalent embodiment of localized variation that disclosed technology contents is made or modification, and do not break away from technical characterictic content of the present invention, all still belong in the scope of technical characterictic of the present invention.

Claims (7)

1. a safety certifying method that is used for radio-frequency recognition system comprises smart-tag authentication and read write line authentication, it is characterized in that, comprises that also authenticate key is searched and authenticate key upgrades, and comprises the steps:
At first carry out key lookup, label receives the request access instruction, and label returns the interim ID of encryption, i.e. metaID i, wherein i=0...n is initial ID during i=0, the metaID of read write line to encrypt iAs the corresponding authenticate key of index search
Carry out smart-tag authentication and read write line authentication then;
Described smart-tag authentication comprises that read write line carries out authentication to the legitimacy of label, and read write line generates a random number R 1Send to label; Label is used the current authentication key
Figure FSB00000640618800012
To R 1Encryption obtains
Figure FSB00000640618800013
Wherein
Figure FSB00000640618800014
Expression with
Figure FSB00000640618800015
As key to plaintext R 1Carry out the symmetric key encryption computing, label generates a random number R 2, utilize
Figure FSB00000640618800016
Encryption obtains
Figure FSB00000640618800017
Label sends to read write line with S1 and S2, and read write line uses authenticate key
Figure FSB00000640618800018
To the S1 deciphering, if its decrypted result and R 1Equate that then care label is legal; Otherwise label can not be through authentication, sign off;
After smart-tag authentication passes through, again read write line is carried out authentication, described read write line authentication comprises that label carries out authentication to the legitimacy of read write line, verified the legitimacy of label when read write line after, from In decrypt the random number R that label generates ' 2, with R ' 2As key, encrypt R 1, and with C2=E (R 1, R ' 2) send to label; Tag computation E (R ' 1, R 2), itself and C2 are compared, if identical, explain that read write line is legal; Otherwise read write line can not be through authentication, sign off;
Read write line is also through after the authentication, with the key of R2 as the i data transfer;
Carry out authenticate key at last and upgrade, read write line generates the authenticate key of random number R 3 as communication
Figure FSB000006406188000110
H calculates metaID with one-way function I+1, read write line upgrades the authenticate key and interim ID of this label, promptly And will
Figure FSB000006406188000112
Safety writes label, during the i+1 time communication, uses
Figure FSB000006406188000113
Replace original
2. safety certifying method according to claim 1 is characterized in that, said interim ID, i.e. metaID i, with authenticate key
Figure FSB000006406188000115
Relation do, Wherein H is an one-way function.
3. safety certifying method according to claim 1 is characterized in that, said general
Figure FSB000006406188000117
Safety writes label, comprises that read write line is with metaID I+1With
Figure FSB000006406188000118
Respectively with R 2XOR obtains
Figure FSB00000640618800021
With
Figure FSB00000640618800022
α and γ are sent to label; After label receives, with α and γ respectively with R 2XOR promptly can obtain
Figure FSB00000640618800023
And use
Figure FSB00000640618800024
Replace original
Figure FSB00000640618800025
4. safety certifying method according to claim 1 is characterized in that, the data transmission between said label and the read write line is all carried out with the ciphertext form, and the encrypted transmission flow process comprises,
When read write line during to the tag ram writing information,
Suppose that the information that will write is M 1, read write line at first utilizes key R 2It is encrypted, and read write line obtains corresponding ciphertext Cipher1=Enc (M after encrypting 1, R 2), Enc representes AES, read write line sends write command write, and (Cipher1 addr1), comprises the ciphertext Cipher1 that writes and writes address addr1 in the instruction; Label receive write command write (Cipher1, addr1) after, utilize key R 2Deciphering obtains plaintext M to ciphertext Cipher1 1=Dec (Cipher1, R 2), Dec representes decrypt operation, and with M 1Corresponding address unit in the write store behind the label success writing information, returns and writes response of successful write_success.
5. safety certifying method according to claim 4 is characterized in that, described encrypted transmission flow process also comprises,
When read write line reading tag memorizer information,
Suppose that the information that will read is M 2, the address is addr 2, read write line sends the Read (addr2) that reads instruction; Label is with the information M of address addr2 2Use key R 2Encryption obtains corresponding ciphertext Cipher2=Enc (M 2, R 2), Enc is an AES, and it is returned to read write line; Read write line utilizes key R 2Deciphering obtains plaintext M to ciphertext Cipher2 2=Dec (Cipher2, R 2), Dec is a decipherment algorithm.
6. safety certifying method according to claim 4 is characterized in that, when read write line writes data to label, also comprises data integrity verifying,
At first, the computing information summary,
The plaintext of supposing transmission information is M 1, read write line at first utilizes key R 2It is encrypted, obtain ciphertext Cipher1=Enc (M 1, R 2), and with hash function Hash calculating M 1Corresponding informative abstract Hash (M 1),
Then, carry out informative abstract relatively,
Read write line sends to label through writing instruction with ciphertext, label to ciphertext Cipher1 decipher obtain corresponding plaintext M ' 1, calculate then its corresponding Hash (M ' 1), with Hash (M 1) and Hash (M ' 1) relatively, if consistent, then with M ' 1It writes the storage unit of assigned address, writes response of successful with returning.
7. safety certifying method according to claim 5 is characterized in that, read write line also comprises data integrity verifying during from the label read data,
At first, the computing information summary,
Read write line sends the Read (addr2) that reads instruction, and label reads corresponding cleartext information M according to the address from storer 2, calculate M with hash function Hash earlier 2Corresponding informative abstract Hash (M 2),
Then, carry out the comparison of informative abstract,
To M 2Encrypt, at last with M 2Ciphertext Cipher2=Enc (M 2, R 2) and summary info Hash (M 2) send read write line simultaneously to; Read write line at first obtains plaintext M to decrypt ciphertext 2, calculate its corresponding summary info then, obtain Hash (M ' 2), if Hash (M ' 2) with the Hash (M that receives 2) equate the data M of care label 2Do not distorted, thereby guaranteed the tag storage information integrity.
CN2009100481547A 2009-03-24 2009-03-24 Security authentication method for radio frequency recognition system Expired - Fee Related CN101847199B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN2009100481547A CN101847199B (en) 2009-03-24 2009-03-24 Security authentication method for radio frequency recognition system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN2009100481547A CN101847199B (en) 2009-03-24 2009-03-24 Security authentication method for radio frequency recognition system

Publications (2)

Publication Number Publication Date
CN101847199A CN101847199A (en) 2010-09-29
CN101847199B true CN101847199B (en) 2012-06-06

Family

ID=42771816

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2009100481547A Expired - Fee Related CN101847199B (en) 2009-03-24 2009-03-24 Security authentication method for radio frequency recognition system

Country Status (1)

Country Link
CN (1) CN101847199B (en)

Families Citing this family (21)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101980241B (en) * 2010-10-27 2012-08-22 北京握奇数据系统有限公司 Method, system and device for authenticating radio frequency tag
CN102136079B (en) * 2011-03-07 2014-08-20 中兴通讯股份有限公司 Dynamic authentication method between reader and tag card and implementing device thereof
CN102684872B (en) * 2011-06-10 2015-01-21 中国人民解放军国防科学技术大学 Safety communication method for ultrahigh frequency radio-frequency identification air interface based on symmetrical encryption
CN102682311B (en) * 2011-06-10 2015-07-22 中国人民解放军国防科学技术大学 Passive radio frequency identification (RFID) secutiry authentication method based on cyclic redundancy check (CRC) code operation
CN102938696B (en) * 2011-08-15 2015-08-12 国民技术股份有限公司 A kind of generation method of session key and module
CN102510334B (en) * 2011-11-08 2014-02-12 北京博大光通国际半导体技术有限公司 Dynamic anti-counterfeiting security system and method based on WSN wireless sensing net radio-frequency technology
CN103138932B (en) * 2011-12-05 2016-01-20 中兴通讯股份有限公司 The collocation method of a kind of Mifare card sector key and system
CN102622621B (en) * 2012-02-07 2014-08-13 中国科学院上海高等研究院 Communication method for improving security of radio frequency identification system
CN103020571B (en) * 2013-01-17 2015-07-29 合肥学院 A kind of radio-frequency (RF) identification mutual authentication method
WO2014134827A1 (en) * 2013-03-08 2014-09-12 Hong Kong R&D Centre for Logistics and Supply Chain Management Enabling Technologies Limited System and method for authentication
CN103218591A (en) * 2013-05-07 2013-07-24 南京大学 Anti-counterfeiting system based on RFID (radio frequency identification), and working method of same
CN104115442B (en) * 2013-06-20 2017-02-08 华北电力大学(保定) RFID bidirectional authentication method based on asymmetric secret key and Hash function
CN106909416A (en) * 2015-12-23 2017-06-30 华大半导体有限公司 A kind of upgrade method of RFID label tag
CN106919963B (en) * 2015-12-25 2020-06-05 航天信息股份有限公司 Label authentication device, material management device and material management method
CN105844757A (en) * 2016-05-06 2016-08-10 辽宁大唐国际新能源有限公司 Wind power plant fan remote control authentication device based on RFID and operating method
CN106779751A (en) * 2016-12-29 2017-05-31 深圳市检验检疫科学研究院 A kind of Food Logistics supply chain system and method based on UHF RFID
CN108616531B (en) * 2018-04-26 2021-10-08 深圳市盛路物联通讯技术有限公司 Radio frequency signal secure communication method and system
CN108899076A (en) * 2018-06-12 2018-11-27 涓ユ不 A kind of medical treatment Quality Control information system and its control method
CN109951294B (en) * 2019-02-21 2021-12-14 中云信安(深圳)科技有限公司 Information updating management method in electronic label system and related equipment
CN111601308B (en) * 2020-05-19 2023-08-08 南方电网数字电网科技(广东)有限公司 Authentication system and method for tag chip, tag chip and storage medium
CN117077715B (en) * 2023-10-16 2024-01-26 深圳市国芯物联科技有限公司 Multichannel data transmission method of radio frequency identification reader-writer

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1588386A (en) * 2004-08-02 2005-03-02 上海质尊电子科技有限公司 System and method for realizing article information detection by radio frequency identification and mobile communication combination
CN1728162A (en) * 2005-07-07 2006-02-01 复旦大学 Method for anti false verification based on identification technique in radio frequency, and anti false system

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1588386A (en) * 2004-08-02 2005-03-02 上海质尊电子科技有限公司 System and method for realizing article information detection by radio frequency identification and mobile communication combination
CN1728162A (en) * 2005-07-07 2006-02-01 复旦大学 Method for anti false verification based on identification technique in radio frequency, and anti false system

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
王中祥等.《中国频率规范下RFID防碰撞算法性能分析》.《复旦学报》.2008,697-702. *
王俊宇等.《基于射频识别的防伪系统研究与开发》.《计算机工程》.2008,第34卷(第15期),264-266. *

Also Published As

Publication number Publication date
CN101847199A (en) 2010-09-29

Similar Documents

Publication Publication Date Title
CN101847199B (en) Security authentication method for radio frequency recognition system
CN103413159B (en) A kind of RFID electronic certificate off-line false proof realization method and system of Jianzhen based on CPK
CN102882683B (en) Synchronizable RFID (radio-frequency identification) security authentication method
CN101882197B (en) RFID (Radio Frequency Identification Device) inquiring-response safety certificate method based on grading key
CN106411505B (en) A kind of mutual authentication method and Mobile RFID system of Mobile RFID
CN103020671A (en) Radio frequency identification bidirectional authentication method based on hash function
CN101488854A (en) Wireless RFID system authentication method and apparatus
CN110381055B (en) RFID system privacy protection authentication protocol method in medical supply chain
CN104184733A (en) RFID lightweight-class bidirectional authentication method based on CRC coding
CN104115442A (en) RFID bidirectional authentication method based on asymmetric secret key and Hash function
CN103532718A (en) Authentication method and authentication system
CN104883681A (en) Mobile RFID mutual authentication method based on dynamic shared secret key
US9553729B2 (en) Authentication method between a reader and a radio tag
CN102684872B (en) Safety communication method for ultrahigh frequency radio-frequency identification air interface based on symmetrical encryption
Gharooni et al. A confidential RFID model to prevent unauthorized access
CN102594550A (en) RFID internal mutual authentication safety protocol based on secret key array
CN106027237B (en) Cipher key matrix safety certifying method based on group in a kind of RFID system
CN102904723B (en) Privacy protection method of radio frequency identification device (RFID) system
CN104506533A (en) RFID (radio frequency identification) label ownership transfer method based on PUF (physical unclonable function)
CN104700125A (en) AES encryption and verification of ultra high frequency radio identification system
Kumari Real time authentication system for RFID applications
CN104980280B (en) A kind of RFID safety authentication based on Cai Shi multi-scroll chaotic sequence
Moradi et al. Security analysis and strengthening of an RFID lightweight authentication protocol suitable for VANETs
CN110492992A (en) A kind of data encryption and transmission method based on radio RF recognition technology
CN107046467B (en) Three-party verification method and system based on reader-writer, label and database

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20120606

Termination date: 20170324