CN103020571A - Radio-frequency identification based bidirectional authentication method - Google Patents
Radio-frequency identification based bidirectional authentication method Download PDFInfo
- Publication number
- CN103020571A CN103020571A CN2013100174776A CN201310017477A CN103020571A CN 103020571 A CN103020571 A CN 103020571A CN 2013100174776 A CN2013100174776 A CN 2013100174776A CN 201310017477 A CN201310017477 A CN 201310017477A CN 103020571 A CN103020571 A CN 103020571A
- Authority
- CN
- China
- Prior art keywords
- random number
- card reader
- cryptographic hash
- reader
- identifier
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The invention discloses a radio-frequency identification based bidirectional authentication method. The method is characterized in that a Hash value obtained by bit connection of an identifier of a radio-frequency identification tag with a preset random number is used for searching on the background database side of a radio-frequency identification system, and the Hash value is used as a keyword for indexing. The method avoids the drawback that a background database in a traditional authentication method needs traversal search of storage tag information, further improves background database search efficiency and is capable of greatly shortening protocol execution time as compared with existing protocol execution time so that authentication efficiency is improved. In addition, since the radio-frequency identification tag does not need to be sent to a card reader in a plaintext form, safety of radio-frequency identification tag information is guaranteed. As for authentication of the radio-frequency identification tag by the card reader, corresponding entries meeting the requirements can be searched based on the background database; and as for authentication of the card reader by the radio-frequency identification tag, the correct identifier can be provided based on the card reader.
Description
Technical field
The invention belongs to the REID field, be specifically related to the RFID tag mutual authentication method relevant with card reader safety.
Background technology
According to the regulation of " ISO (International Standards Organization) radio-frequency (RF) identification standard " (ISO RFID Standard), existing radio-frequency (RF) identification (RFID, Radio Frequency Identification) system is by card reader (Reader), a N RFID tag T
i, i=1,2 ...., N, and background data base (DB, DataBase) consists of.Background data base is stored in identifier (Identity) and some supplementarys of all card reader and RFID tag on the corresponding hardware platform, and can carry out the relevant function calculation of the cryptography such as Hash (Hash).Card reader is on the centre position of background data base and RFID tag.Card reader be one with the wireless transmitter of antenna, main being responsible for carried out read-write operation to the content of RFID tag storage.Usually card reader can have certain storage capacity and the computing power that is weaker than background data base.RFID tag is one to be compared with card reader with the mini-plant of antenna and integrated circuit, has more limited storage capacity and computing power, and fixed identifier corresponding to institute and computing information that some are assisted are being stored in this label the inside.
Owing to being in public space (Public world), in the situation that there is not corresponding secrecy provision, the channel between RFID tag and the card reader is unsafe.And between card reader and the background data base easily based on IP security protocol (IPSecurity, IPSec), or security socket layer/Transport Layer Security (SecuritySocket Layer/Transport LayerSecurity, SSL/TLS), set up safety, believable connection.Therefore, from the angle of security and privacy, the identifier of RFID tag can not directly directly send card reader in mode expressly, otherwise will be easy to leak RFID tag holder's private information.
" the safe international conference of general fit calculation " (International Conference on Security in PervasiveComputing, vol.2802, pp.201-212,2004) mention in the collected works, use hash function to generate the unique identifier of RFID tag and the cryptographic hash of a random number, each attempts the identifier value of all RFID tag that then will be stored by background data base, thereby obtains the identifier of RFID tag based on the mode that traversal is searched.But this traversal queries expense and number of labels are linear.Along with the increase of number of labels, query cost will bring heavy burden to background data base, and can carry out to agreement and bring larger time-delay, thereby efficient is carried out in impact.
" international electronics and the Institution of Electrical Engineers's radio communication journal " (IEEE TRANSACTIONS ONWIRELESS COMMUNICATIONS, VOL.7, NO.3, pp.1-8, MARCH2008) provide a kind of method of the identifier of the identifier of each label and card reader being transferred to the card reader side by background data base, thereby so that the two-way authentication of follow-up RFID tag and card reader directly between the two, carry out.But in the card reader side, still need to travel through the operation of searching.This need to carry out a large amount of computings equally, can bring larger delay, thus the efficient of impact authentication.
" international electronics and the Institution of Electrical Engineers are credible and the safety compute journal " (IEEE Trans onDEPENDABLE AND SECURE COMPUTING VOL.4, NO.4, pp.337-340,2007) a kind of certificate scheme of the pseudo-identifier based on changing has been proposed, the identifier value of RFID tag can often change, but still need to travel through to search in the background data base side, search that expense is same and number of labels is linear.
Summary of the invention
The objective of the invention is to propose a kind of radio-frequency (RF) identification mutual authentication method, so that the two-way authentication between card reader and the RFID tag to be provided, under the prerequisite that guarantees security, reduce the query cost of background data base, reduce the agreement execution time.
Radio-frequency (RF) identification mutual authentication method of the present invention, the existing common radio-frequency recognition system that wherein adopts is by card reader (Reader), a N RFID tag T
iI=1,2 ...., N, and background data base (DB) forms, between described card reader (Reader) and the background data base (DB) in advance based on IP security protocol (IP Security, IPSec), or security socket layer/Transport Layer Security (Security Socket Layer/Transport Layer Security, SSL/TLS) set up safety, believable connection by wired or wireless network, pass through the radiofrequency signal contactless communication between card reader and the label; Each RFID tag disposes unique identifier and default random number of the overall situation in the system in advance in its storage space;
It is characterized in that:
In described background data base (DB), with each RFID tag T of storage
i, i=1,2 ...., N, identifier ID
i, respectively corresponding random number R
iWith a cryptographic hash H (ID
i|| R
i), this random number R
iWith RFID tag T
iIn default random number identical, this cryptographic hash H (ID
i|| R
i) be the result of this identifier and the Hash calculation of this random number bit connection, symbol H wherein represents Hash operation, the attended operation of " || " expression bit consists of tlv triple { identifier, random number, cryptographic hash } thus; Background data base (DB) forms index take cryptographic hash as key word;
Concrete operation step is:
The first step, card reader (Reader) are periodically initiated query requests (QUERY);
Second step, RFID tag T
iReply the random number R of storing
iAnd the identifier ID of oneself
iWith the storage random number R
iCryptographic hash { the R that bit connects
i, H (ID
i| R
i);
Message { the R that the 3rd step, card reader (Reader) send over received RFID tag
i, H (ID
i|| R
i) be transmitted to background data base (DB) by the safety connection;
The 4th step, background data base (DB) receive the message { R from card reader (Reader)
i, H (ID
i| R
i) after, the cryptographic hash in this message is searched in the cryptographic hash row as key value: if there is no corresponding list item, then return inquiry failed message (FAIL) to card reader (Reader), and withdraw from; If there is corresponding list item, then the random number in the random number that receives and the list item that finds is compared: if unequal, return inquiry failed message (FAIL) to card reader (Reader), withdraw from; If equate, then further obtain the identifier value ID' in this list item, and produce a new random number R ', form new information { ID', R', H (ID'||R'||R
i), comprise the identifier value ID' that from background data base, finds in this new information, the new random number R that produces ', and above-mentioned from background data base, find the identifier value ID' in the list item, the new random number R that produces ' and the random number R that receives through the 3rd step
iCryptographic hash H (the ID'||R'||R that three's bit connects
i), this new information is returned to card reader (Reader);
The 5th step, card reader (Reader) are then abandoned this verification process if receive inquiry failed message (FAIL) from background data base (DB), withdraw from; Otherwise, with receive in the new information rear two R ', H (ID'||R ' || R
i) send to RFID tag T
i
The 6th step, RFID tag T
iAt first with oneself identifier ID
i, through the 5th the step receive new random number R ' and the storage random number R
iCarry out bit and connect, and calculate connection cryptographic hash H (ID afterwards
i| R ' || R
i), compare with the cryptographic hash from card reader (Reader) that receives through the 5th step: if unequal, then refusal response, authentification failure withdraws from; If equate, then further with own identifier ID
i, the storage random number R
iBe connected the 5th step new random number R that send over of card reader ' carry out bit and connect, and calculate the cryptographic hash H (ID of bit connection result
i|| R
i|| R'), and with this cryptographic hash H (ID
i|| R
i|| R') send to card reader (Reader); The random number of updated stored be the new random number R that sends of card reader (Reader) ', with identifier ID
iWith the random number R that is connected ' bit carries out bit and connects, and calculate the cryptographic hash H (ID that this bit connects
i|| R), the cryptographic hash of updated stored is this cryptographic hash H (ID
i|| R ');
The identifier ID that the 7th step, card reader (Reader) will receive through the 4th step ', the random number R of the RFID tag storage that receives through second step
iAnd through the 4th step receive the new random number R that produces of background data base (DB) ' the three carries out bit and connects, and calculates the cryptographic hash H (ID'||R of bit after connecting
i|| R '), and with through the 6th cryptographic hash H (ID that receive of step
i|| R
i|| R') compare: if equate, then send acknowledge message (ACK) to background data base (DB), otherwise abandon this authentication;
After the 8th step, background data base are received affirmation message (ACK) from card reader (Reader), renewal is through random number and cryptographic hash in the 4th list item that find of step: random number be updated to the random number R that in the 4th step, produces ', cryptographic hash be updated to identifier ID in the 4th list item that find of step ' with the 4th step that was connected in produce random number R ' the cryptographic hash H (ID'||R') that connects of bit, and upgrade the index of background data base (DB).
Compared with prior art, because in the radio-frequency (RF) identification mutual authentication method of the present invention, adopt the identifier of RFID tag to search with the cryptographic hash that the random number bit of in advance setting is connected in the background data base side, avoided that background data base need to travel through the drawback of searching to stored tag information in the conventional authentication method; Simultaneously, owing to having taked to carry out index take cryptographic hash as key word in the inventive method, further improved the search efficiency of background data base.Compare and greatly to reduce the agreement execution time with protocols having, thereby improved authentication efficiency.In addition, RFID tag need not identifier is sent to card reader with form expressly, has guaranteed the security of RFID tag information.Card reader can find corresponding satisfactory list item to the authentication of RFID tag based on background data base; RFID tag can provide correct identifier (whether the cryptographic hash that being embodied in for the 5th step provides passes through checking) to the authentication of card reader based on card reader.
Description of drawings
Fig. 1 is the structure principle chart of the radio-frequency (RF) identification two-way authentication system that adopts among the present invention;
Fig. 2 is the RFID tag side protocol implementation implementing procedure schematic diagram in the radio-frequency (RF) identification mutual authentication method of the present invention;
Fig. 3 is the card reader side protocol implementation implementing procedure schematic diagram in the radio-frequency (RF) identification mutual authentication method of the present invention;
Fig. 4 is the background data base protocol implementation implementing procedure schematic diagram in the radio-frequency (RF) identification mutual authentication method of the present invention.
Embodiment
Embodiment 1:
Fig. 1 has provided the structural principle schematic diagram of the radio-frequency (RF) identification two-way authentication system that adopts among the present invention, includes the interaction flow signal between three entities that participation agreement carries out among this figure.As shown in fig. 1, radio-frequency (RF) identification mutual authentication method of the present invention, the radio-frequency recognition system that wherein adopts is the existing radio-frequency (RF) identification (RFID according to " ISO (International Standards Organization) radio-frequency (RF) identification standard " (ISORFID Standard) regulation, Radio Frequency Identification) system is by card reader (Reader), a N RFID tag T
iI=1,2 ...., N, and background data base (DB, DataBase) form, between described card reader and the background data base in advance based on IP security protocol (IP Security, IPSec), or security socket layer/Transport Layer Security (Security Socket Layer/Transport Layer Security, SSL/TLS) is set up safety, believable connection; Wherein be connected by wired or wireless network between card reader and the background data base, between card reader and the label by the radiofrequency signal contactless communication; Each RFID tag disposes unique identifier and default random number of the overall situation in the system in advance in its storage space;
In described background data base (DB), with each RFID tag T of storage
i, i=1,2 ...., N, identifier ID
i, respectively corresponding random number R
iWith a cryptographic hash H (ID
i|| R
i), this random number R
iWith RFID tag T
iIn default random number identical, this cryptographic hash H (ID
i|| R
i) be the result of this identifier and the Hash calculation of this random number bit connection, symbol H wherein represents Hash operation, the attended operation of " || " expression bit, thus consist of tlv triple { identifier, random number, cryptographic hash }; Background data base (DB) forms index take cryptographic hash as key word;
Below in conjunction with Fig. 1 the concrete operation step of radio-frequency (RF) identification mutual authentication method of the present invention is described below:
The first step, card reader (Reader) are periodically initiated query requests (among Fig. 1 " 1.QUERY);
Second step, RFID tag T
iReply the random number R of storing
iAnd the identifier ID of oneself
iWith the storage random number R
iThe cryptographic hash (" 2.{R among Fig. 1 that bit connects
i, H (ID
i|| R
i) ");
The 3rd step, card reader (Reader) are with the RFID tag T that receives
iThe message that the sends over (" 3.{R among Fig. 1
i, H (ID
i|| R
i) ") be transmitted to background data base (DB) by the safety connection;
The 4th step, background data base receive the message from card reader, cryptographic hash in the message is as key value, in the cryptographic hash of background data base row, search: if there is no corresponding list item, return inquiry failed message (FAIL) to card reader, withdraw from; If there is corresponding list item, then the random number in the random number that receives and the list item that finds is compared: if unequal, return inquiry failed message (FAIL) to card reader, withdraw from; If equate, further obtain the identifier value ID' in this list item, and produce a new random number R ', form message, comprise the identifier value ID' that finds in the background data base, the new random number R that produces ', find in the background data base identifier value ID' in the list item, the new random number R that produces ' and the random number R that receives through the 3rd step
iThe cryptographic hash that three's bit connects, i.e. " 4.{ID', R', H (ID'||R'||R among Fig. 1
i) ", return to card reader;
If the 5th step, card reader are received the inquiry failed message (FAIL) from background data base, then directly abandon this verification process; Otherwise, will receive rear two of message: new random number and cryptographic hash (" 5.{R', the H (ID'||R'||R among Fig. 1 that produces
i) ") send to RFID tag T
i
The 6th step, RFID tag T
iAt first according to formula H (ID
i|| R'||R
i), calculate the identifier ID of oneself
i, receive through the 5th step new random number R ' and own random number R of storing
iBit connects cryptographic hash afterwards, and compares with the cryptographic hash from card reader that receives through the 5th step: if unequal, then refusal response, authentification failure withdraws from; If equate, further according to formula H (ID
i|| R
i|| R'), calculate own identifier ID
i, the storage random number R
iBe connected the 5th step new random number R that send over of card reader ' the cryptographic hash that connects of bit, and this cryptographic hash sent to the card reader (" 6.{H (ID among Fig. 1
i|| R
i|| R') } "); The random number of updated stored be the new random number R that sends of card reader ', according to formula H (ID
i|| R') calculating also, the cryptographic hash of updated stored is the identifier ID of oneself
iWith the random number R that is connected ' the cryptographic hash that connects of bit;
The 7th step, card reader are according to formula H (ID'||R
i|| R '), calculate the identifier ID that receives through the 4th step ', the random number R of the RFID tag storage that receives through second step
iAnd through the 4th step receive the new random number R that produces of background data base ' the cryptographic hash that connects of three's bit, and with compare through the 6th cryptographic hash that receive of step, if equate, send acknowledge message (" 7.ACK " among Fig. 1) to background data base, otherwise abandon this authentication;
After the 8th step, background data base are received affirmation message (ACK) from card reader, renewal is through random number and cryptographic hash in the 4th list item that find of step: random number be updated to the random number R that in the 4th step, produces ', cryptographic hash be updated to identifier ID in the 4th list item that find of step ' with the 4th step that was connected in the cryptographic hash H (ID'||R') that random number R ' bit connects that produces, and upgrade the background data base index.
The below carries out respectively the explanation of concrete operations from RFID tag side, card reader side and background data base side.
Fig. 2 is the RFID tag side protocol implementation implementing procedure schematic diagram in the radio-frequency (RF) identification mutual authentication method of the present invention; Fig. 3 is the card reader side protocol implementation implementing procedure schematic diagram in the authentication method of the present invention; Fig. 4 is the background data base protocol implementation implementing procedure schematic diagram in the authentication method of the present invention.
1) as shown in Figure 2, RFID tag side execution flow process is as follows:
1-1 step (S001), when the query messages that receives from card reader, send corresponding random number R of storing
iAnd identifier ID
iWith the storage random number R
iCryptographic hash { the R that bit connects
i, H (ID
i|| R
i) to card reader;
1-2 step (S002), setting timer stand-by period are a predefined value, carry out following circulation;
1-2-1 step (S003), periodicity judge whether timer spends the stand-by period of setting: if overtime, then carry out the 1-8 step (S010); Otherwise, carry out the 1-2-2 step (S004);
1-2-2 goes on foot (S004), has judged whether from the further message of card reader: if not, then get back to the 1-2-1 step (S003); If, then jump out circulation, carry out the 1-3 step (S005);
1-3 step (S005), when receive message from card reader R', H (ID ' || R ' || R
i), according to formula H (ID
i|| R ' || R
i), calculate the identifier ID of storage
i, the new random number that receives and the random number R of storage thereof
iCryptographic hash after bit connects, and with the cryptographic hash H (ID'||R'||R that receives
i) compare;
1-4 goes on foot (S006), judges whether two cryptographic hash in the 1-5 step (S005) equate: if unequal, then carry out the 1-8 step (S010); If equate, then carry out the 1-5 step (S007);
1-5 step (S007), according to formula H (ID
i|| R
i|| R'), calculate the identifier ID of storing
i, the storage random number R
iBe connected random number R ' carry out the cryptographic hash of bit after connecting, this cryptographic hash is sent to card reader;
The random number of 1-6 step (S008), updated stored be from the new random number R of card reader transmission ', according to formula H (ID
i|| R'), calculating also, the cryptographic hash of updated stored is the identifier ID of storing
iCryptographic hash with the random number R that is connected ' bit connection;
1-7 goes on foot (S009), authentication success, withdraws from;
1-8 goes on foot (S010), authentification failure, withdraws from.
2) as shown in Figure 3, card reader side execution flow process is as follows:
2-1 goes on foot (R001), periodic broadcast RFID tag query messages (QUERY), and etc. pending response message from RFID tag;
2-2 step (R002), when receiving from RFID tag T
iResponse message { R
i, H (ID
i|| R
i) after, directly transmit this message to background data base;
2-3 step (R003), setting timer stand-by period are a predefined value, carry out following circulation:
2-3-1 step (R004), periodicity judge whether timer spends the stand-by period of setting: if overtime, then carry out the 2-11 step (R015); Otherwise, carry out the 2-3-2 step (R005);
2-3-2 goes on foot (R005), judges whether the message from background data base: if not, then get back to the 2-3-1 step (R004); If, then jump out circulation, carry out the 2-4 step (R006);
Whether the message that 2-4 step (R006), judgement receive is inquiry failed message (FAIL): if then carry out the 2-11 step (R015); If not, then carry out the 2-5 step (R007);
2-5 step (R007), with rear two of the message that receives R', H (ID'||R ' || R
i) send to RFID tag T
i
2-6 step (R008), setting timer stand-by period are a predefined value, carry out following circulation:
2-6-1 step (R009), periodicity judge whether timer spends the stand-by period of setting: if overtime, then carry out the 2-11 step (R015); Otherwise, carry out the 2-6-2 step (R010);
2-6-2 goes on foot (R010), has judged whether from RFID tag T
iFurther message: if not, then get back to the 2-6-1 step (R009); If, then jump out circulation, carry out the 2-7 step (R011);
2-7 step (R011), when receiving from RFID tag T
iResponse message { H (ID
i|| R
i|| R ') }, according to formula H (ID'||R
i|| R'), calculate to receive from the identifier ID in the background data base message ', receive from the random number R in the RFID tag message
iAnd receive connect from the random number R in the background data base message ' bit after cryptographic hash, and with the cryptographic hash H (ID that rigidly connects in the response message of receiving
i|| R
i|| R ') compare;
2-8 goes on foot (R012), judges whether two cryptographic hash of 2-7 in the step equate: if not, then carry out the 2-11 step (R015); If then carry out the 2-9 step (R013);
2-9 step (R013), transmission acknowledge message (ACK) are given background data base;
2-10 goes on foot (R014), authentication success, withdraws from;
2-11 goes on foot (R015), authentification failure, withdraws from.
3) as shown in Figure 4, background data base side execution flow process is as follows:
3-1 step (D001), as the message { R that comprises random number and cryptographic hash that receives from card reader
i, H (ID
i| R
i) after, to rigidly connect the cryptographic hash H (ID that receives in the message
i|| R
i) be that key value is searched in the cryptographic hash row of background data base;
3-2 step (D002), judge whether the 3-1 step find list item: if not, then carry out 3-8 and go on foot (D010); If then carry out the 3-3 step (D003);
3-3 step (D003), with the random number R that receives
iCompare with the random number in the list item that finds, determine whether equal: if not, then carry out the 3-8 step (D010); If then carry out the 3-4 step (D004);
3-4 step (D004), further obtain identifier value ID' in the list item that finds, and produce a new random number R ', form message { the identifier value ID ' that finds in the background data base, the new random number R that produces ', find in the background data base identifier value ID' in the list item, the new random number R that produces ' and receive from random number R in the card reader message
iThe cryptographic hash that three's bit connects }, namely ID', R', H (ID ' || R ' || R
i), return to card reader;
3-5 step (D005), setting timer stand-by period are a predefined value, carry out following circulation:
3-5-1 step (D006), periodicity judge whether timer spends the stand-by period of setting: if then carry out the 3-9 step (D011); If not, then carry out the 3-5-2 step (D007);
3-5-2 goes on foot (D007), judges whether the affirmation message ACK from card reader: if not, then get back to the 3-5-1 step (D006); If then carry out the 3-6 step (D008);
3-6 goes on foot (D008), receives the affirmation message (ACK) from card reader, upgrades corresponding database list item and index;
3-7 goes on foot (D009), authentication success, withdraws from;
3-8 goes on foot (D010), returns and search failed message (FAIL) to card reader, withdraws from;
3-9 goes on foot (D011), authentification failure, withdraws from.
In the background data base side, adopt the identifier of RFID tag to search with the cryptographic hash that the random number bit of in advance setting is connected, avoided that background data base need to travel through the drawback of searching to stored tag information in the conventional authentication method; Simultaneously, adopt index take cryptographic hash as key word, further improved the search efficiency of database.Compare and greatly to reduce the agreement execution time with protocols having, thereby improved authentication efficiency.In addition, RFID tag need not identifier is sent to card reader with form expressly, has guaranteed the security of RFID tag information.Card reader can find corresponding satisfactory list item to the authentication of RFID tag based on background data base; RFID tag can provide correct identifier to the authentication of card reader based on card reader, and whether the cryptographic hash that being embodied in for the 5th step provides passes through checking.
Claims (1)
1. radio-frequency (RF) identification mutual authentication method, the radio-frequency recognition system of employing is by card reader (Reader), a N RFID tag T
i, i=1,2, ...., N, and background data base (DB) forms, in advance based on IP security protocol, or security socket layer/Transport Layer Security is set up safety, believable connection by wired or wireless network between described card reader (Reader) and the background data base (DB); Pass through the radiofrequency signal contactless communication between card reader and the label; Each RFID tag disposes unique identifier and default random number of the overall situation in the system in advance in its storage space;
It is characterized in that:
In described background data base (DB), with each RFID tag T of storage
i, i=1,2 ...., N, identifier ID
i, respectively corresponding random number R
iWith a cryptographic hash H (ID
i|| R
i), this random number R
iWith RFID tag T
iIn default random number identical, this cryptographic hash H (ID
i|| R
i) be the result of this identifier and the Hash calculation of this random number bit connection, symbol H wherein represents Hash operation, the attended operation of " ‖ " expression bit consists of tlv triple { identifier, random number, cryptographic hash } thus; Background data base (DB) forms index take cryptographic hash as key word;
Concrete operation step is:
The first step, card reader (Reader) are periodically initiated query requests (QUERY);
Second step, RFID tag T
iReply the random number R of storing
iAnd the identifier ID of oneself
iWith the storage random number R
iCryptographic hash { the R that bit connects
i, H (ID
i| R
i);
Message { the R that the 3rd step, card reader (Reader) send over received RFID tag
i, H (ID
i| R
i) be transmitted to background data base (DB) by the safety connection;
The 4th step, background data base (DB) receive the message { R from card reader (Reader)
i, H (ID
i‖ R
i) after, the cryptographic hash in this message is searched in the cryptographic hash row as key value: if there is no corresponding list item, then return inquiry failed message (FAIL) to card reader (Reader), and withdraw from; If there is corresponding list item, then the random number in the random number that receives and the list item that finds is compared: if unequal, return inquiry failed message (FAIL) to card reader (Reader), withdraw from; If equate, then further obtain the identifier value ID' in this list item, and produce a new random number R ', form new information { ID', R', H (ID'||R'||R
i), comprise the identifier value ID' that from background data base, finds in this new information, the new random number R that produces ', and above-mentioned from background data base, find the identifier value ID' in the list item, the new random number R that produces ' and the random number R that receives through the 3rd step
iCryptographic hash H (the ID'||R'||R that three's bit connects
i), this new information is returned to card reader (Reader);
The 5th step, card reader (Reader) are then abandoned this verification process if receive inquiry failed message (FAIL) from background data base (DB), withdraw from; Otherwise, with receive in the new information rear two R ', H (ID' ‖ R ' || R
i) send to RFID tag T
i
The 6th step, RFID tag T
iAt first with oneself identifier ID
i, through the 5th the step receive new random number R ' and the storage random number R
iCarry out bit and connect, and calculate connection cryptographic hash H (ID afterwards
iR ' ‖ R
i), compare with the cryptographic hash from card reader (Reader) that receives through the 5th step: if unequal, then refusal response, authentification failure withdraws from; If equate, then further with own identifier ID
i, the storage random number R
iBe connected the 5th step new random number R that send over of card reader ' carry out bit and connect, and calculate the cryptographic hash H (ID of bit connection result
i|| R
i|| R'), and with this cryptographic hash H (ID
i|| R
i|| R ') send to card reader (Reader); The random number of updated stored be the new random number R that sends of card reader (Reader) ', with identifier ID
iWith the random number R that is connected ' bit carries out bit and connects, and calculate the cryptographic hash H (ID that this bit connects
i|| R), the cryptographic hash of updated stored is this cryptographic hash H (ID
i‖ R ');
The identifier ID that the 7th step, card reader (Reader) will receive through the 4th step ', the random number R of the RFID tag storage that receives through second step
iAnd through the 4th step receive the new random number R that produces of background data base (DB) ' the three carries out bit and connects, and calculates the cryptographic hash H (ID'||R of bit after connecting
i|| R '), and with through the 6th cryptographic hash H (ID that receive of step
i|| R
i|| R') compare: if equate, then send acknowledge message (ACK) to background data base (DB), otherwise abandon this authentication;
After the 8th step, background data base are received affirmation message (ACK) from card reader (Reader), renewal is through random number and cryptographic hash in the 4th list item that find of step: random number be updated to the random number R that in the 4th step, produces ', cryptographic hash be updated to identifier ID in the 4th list item that find of step ' with the 4th step that was connected in produce random number R ' the cryptographic hash H (ID'||R') that connects of bit, and upgrade the index of background data base (DB).
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310017477.6A CN103020571B (en) | 2013-01-17 | 2013-01-17 | A kind of radio-frequency (RF) identification mutual authentication method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310017477.6A CN103020571B (en) | 2013-01-17 | 2013-01-17 | A kind of radio-frequency (RF) identification mutual authentication method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103020571A true CN103020571A (en) | 2013-04-03 |
| CN103020571B CN103020571B (en) | 2015-07-29 |
Family
ID=47969165
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310017477.6A Expired - Fee Related CN103020571B (en) | 2013-01-17 | 2013-01-17 | A kind of radio-frequency (RF) identification mutual authentication method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103020571B (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103236927A (en) * | 2013-04-16 | 2013-08-07 | 中国科学技术大学 | Dynamic-identification-based authentication method and system |
| CN104507082A (en) * | 2014-12-16 | 2015-04-08 | 南京邮电大学 | Wireless sensor network positioning security method based on Hash bidirectional authentication |
| CN104598625A (en) * | 2015-02-04 | 2015-05-06 | 中国人民解放军总后勤部军事交通运输研究所 | Data table storage method based on automatic identification identifier |
| CN106534171A (en) * | 2016-12-02 | 2017-03-22 | 全球能源互联网研究院 | Security authentication method and device, and terminal |
| CN108632046A (en) * | 2018-05-14 | 2018-10-09 | 深圳市合众万邦科技有限公司 | It is classified card, read-write equipment, healthcare management system and method |
| CN110085036A (en) * | 2019-05-30 | 2019-08-02 | 捷德(中国)信息科技有限公司 | A kind of deck recognition methods, license plate disassembly recognition methods and electronic license plate |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7240848B1 (en) * | 2006-09-06 | 2007-07-10 | Atmel Corporation | Three port RF interface chip |
| US20100045442A1 (en) * | 2008-08-22 | 2010-02-25 | Hong Kong R&D Centre for Logistics and Supply Chain Management Enabling Technologies Limited | RFID Privacy-Preserving Authentication System and Method |
| JP4550601B2 (en) * | 2005-01-25 | 2010-09-22 | 株式会社トリニティーセキュリティーシステムズ | Authentication device, information management device, ID tag, authentication method, and authentication program |
| CN101847199A (en) * | 2009-03-24 | 2010-09-29 | 复旦大学 | Security authentication method for radio frequency recognition system |
| CN101980241A (en) * | 2010-10-27 | 2011-02-23 | 北京握奇数据系统有限公司 | Method, system and device for authenticating radio frequency tag |
-
2013
- 2013-01-17 CN CN201310017477.6A patent/CN103020571B/en not_active Expired - Fee Related
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP4550601B2 (en) * | 2005-01-25 | 2010-09-22 | 株式会社トリニティーセキュリティーシステムズ | Authentication device, information management device, ID tag, authentication method, and authentication program |
| US7240848B1 (en) * | 2006-09-06 | 2007-07-10 | Atmel Corporation | Three port RF interface chip |
| US20100045442A1 (en) * | 2008-08-22 | 2010-02-25 | Hong Kong R&D Centre for Logistics and Supply Chain Management Enabling Technologies Limited | RFID Privacy-Preserving Authentication System and Method |
| CN101847199A (en) * | 2009-03-24 | 2010-09-29 | 复旦大学 | Security authentication method for radio frequency recognition system |
| CN101980241A (en) * | 2010-10-27 | 2011-02-23 | 北京握奇数据系统有限公司 | Method, system and device for authenticating radio frequency tag |
Non-Patent Citations (2)
| Title |
|---|
| LI HUIXIAN 等: "A Novel Hash-based RFID Mutual Authentication Protocol", 《COMPUTATIONAL INTELLIGENCE AND SECURITY》, 4 December 2011 (2011-12-04) * |
| 施荣华 等: "基于单向哈希链的Ad Hoc 网络密钥协商协议", 《湖南大学学报(自然科学版)》, vol. 38, no. 3, 31 March 2011 (2011-03-31) * |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103236927A (en) * | 2013-04-16 | 2013-08-07 | 中国科学技术大学 | Dynamic-identification-based authentication method and system |
| CN103236927B (en) * | 2013-04-16 | 2016-09-14 | 中国科学技术大学 | A kind of authentication method based on dynamic ID mark and system |
| CN104507082A (en) * | 2014-12-16 | 2015-04-08 | 南京邮电大学 | Wireless sensor network positioning security method based on Hash bidirectional authentication |
| CN104598625A (en) * | 2015-02-04 | 2015-05-06 | 中国人民解放军总后勤部军事交通运输研究所 | Data table storage method based on automatic identification identifier |
| CN104598625B (en) * | 2015-02-04 | 2018-02-02 | 中国人民解放军总后勤部军事交通运输研究所 | Tables of data storage method based on automatic identification mark symbol |
| CN106534171A (en) * | 2016-12-02 | 2017-03-22 | 全球能源互联网研究院 | Security authentication method and device, and terminal |
| CN106534171B (en) * | 2016-12-02 | 2020-03-10 | 全球能源互联网研究院有限公司 | Security authentication method, device and terminal |
| CN108632046A (en) * | 2018-05-14 | 2018-10-09 | 深圳市合众万邦科技有限公司 | It is classified card, read-write equipment, healthcare management system and method |
| CN108632046B (en) * | 2018-05-14 | 2021-05-04 | 深圳市合众万邦科技有限公司 | Grading card, reading and writing device, medical care management system and method |
| CN110085036A (en) * | 2019-05-30 | 2019-08-02 | 捷德(中国)信息科技有限公司 | A kind of deck recognition methods, license plate disassembly recognition methods and electronic license plate |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103020571B (en) | 2015-07-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103020571B (en) | A kind of radio-frequency (RF) identification mutual authentication method | |
| CN103795543B (en) | A kind of secure two-way authentication method for rfid system | |
| EP2750424B1 (en) | Method, device and system for binding mtc device and uicc | |
| CN105100112B (en) | RFID cluster label ownership transfer methods based on cloud storage | |
| CN104115442B (en) | RFID bidirectional authentication method based on asymmetric secret key and Hash function | |
| CN102801722B (en) | Internet of Things authentication method and system | |
| CN102448061B (en) | Method and system for preventing phishing attack on basis of mobile terminal | |
| US9241260B2 (en) | Key sharing method and system for machine type communication (MTC) server | |
| US20240031800A1 (en) | Network access authentication method and device | |
| CN101645138B (en) | Radio frequency identification (RFID) privacy authenticating method | |
| CN104574593A (en) | Virtual key based on Bluetooth communication as well as anti-theft lock system and application method thereof | |
| CN102572818B (en) | A kind of application key management method of MTC group device and system | |
| CN101976363A (en) | Hash function based RFID (Radio Frequency Identification Devices) authentication method | |
| CN105225305A (en) | A kind of passive smart lock system and method for operating thereof | |
| CN103716164A (en) | Ultra-lightweight RFID mutual authentication method | |
| CN102509128B (en) | Security authentication method of radio-frequency identification system | |
| CN104579688A (en) | RFID two-way authentication method based on Hash function and capable of updating keys synchronously | |
| CN105227309A (en) | For the encryption method of internet-of-things terminal and high in the clouds communication | |
| CN103152181B (en) | A kind of RFID data encryption method | |
| CN101453460A (en) | Access control method, communication system and related equipment | |
| CN102790757B (en) | User identification method and system for network transaction | |
| CN104715214A (en) | Method for locating mobile phones and articles based on double cluster heads | |
| CN103781026A (en) | Authentication method of general authentication mechanism | |
| CN102983979A (en) | Quick RFID authentication method based on secret information shared among tags | |
| CN107040363B (en) | Lightweight RFID ownership transfer method and system based on chaotic encryption |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20150729 Termination date: 20170117 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |