CN103177273B - Based on the mobile wireless radio frequency identification authentication method of low cost label - Google Patents

Based on the mobile wireless radio frequency identification authentication method of low cost label Download PDF

Info

Publication number
CN103177273B
CN103177273B CN201310050622.0A CN201310050622A CN103177273B CN 103177273 B CN103177273 B CN 103177273B CN 201310050622 A CN201310050622 A CN 201310050622A CN 103177273 B CN103177273 B CN 103177273B
Authority
CN
China
Prior art keywords
mobile reader
tag
server
established
authentication
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN201310050622.0A
Other languages
Chinese (zh)
Other versions
CN103177273A (en
Inventor
李慧贤
胡金顺
庞辽军
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Northwestern Polytechnical University
Original Assignee
Northwestern Polytechnical University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Northwestern Polytechnical University filed Critical Northwestern Polytechnical University
Priority to CN201310050622.0A priority Critical patent/CN103177273B/en
Publication of CN103177273A publication Critical patent/CN103177273A/en
Application granted granted Critical
Publication of CN103177273B publication Critical patent/CN103177273B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Mobile Radio Communication Systems (AREA)

Abstract

本发明公开了一种基于低成本标签的移动无线射频识别认证方法,用于解决现有的移动无线射频识别认证方法效率低的技术问题。技术方案是将移动无线射频识别认证分为注册、正常认证和快速认证三个阶段,减少信息交互次数,简化服务器、移动阅读器和标签三者之间的交互流程,实现移动阅读器与标签,及移动阅读器与后台服务器两两相互认证。满足了实际需求中需要对同一个标签进行多次读取时快速完成的要求,不但提高了认证效率,还保证了系统的安全性。

The invention discloses a mobile radio frequency identification authentication method based on a low-cost label, which is used to solve the technical problem of low efficiency of the existing mobile radio frequency identification authentication method. The technical solution is to divide mobile radio frequency identification authentication into three stages: registration, normal authentication and fast authentication, reduce the number of information interactions, simplify the interaction process between the server, mobile reader and tag, and realize the mobile reader and tag. And the mobile reader and the background server authenticate each other in pairs. It satisfies the requirement of fast completion when the same label needs to be read multiple times in actual needs, not only improves the authentication efficiency, but also ensures the security of the system.

Description

基于低成本标签的移动无线射频识别认证方法Mobile radio frequency identification authentication method based on low-cost tags

技术领域technical field

本发明涉及一种移动无线射频识别认证方法,特别是涉及一种基于低成本标签的移动无线射频识别认证方法。The invention relates to a mobile radio frequency identification authentication method, in particular to a low-cost label-based mobile radio frequency identification authentication method.

背景技术Background technique

移动无线射频识别(radio frequency identification,以下简称RFID)系统中标签和移动阅读器,移动阅读器与服务器都是通过无线连接,阅读器不再是一个受信任的实体,移动阅读器读写范围不再受限制,移动阅读器可以无限收集标签的信息,这更容易暴露移动阅读器拥有者的隐私。这使得移动RFID系统相比于传统的RFID系统面临更加复杂的无线通信环境,更容易遭受窃听、假冒、重放等安全威胁。因此,需要设计新的适合于移动RFID系统的安全认证方法,来满足系统新的安全与隐私需求。In the mobile radio frequency identification (radio frequency identification, hereinafter referred to as RFID) system, the tags and mobile readers, the mobile reader and the server are connected wirelessly, the reader is no longer a trusted entity, and the reading and writing range of the mobile reader is not Restricted, the mobile reader can collect tag information indefinitely, which is more likely to expose the privacy of the mobile reader owner. This makes the mobile RFID system face a more complex wireless communication environment than the traditional RFID system, and is more vulnerable to security threats such as eavesdropping, counterfeiting, and replay. Therefore, it is necessary to design a new security authentication method suitable for mobile RFID systems to meet the new security and privacy requirements of the system.

在文献“C L Chen,J K Jan,and C F Chien.Based on mobile RFID device to design asecure mutual authentication scheme for market application.2010International Conferenceon Broadband,Wireless Computing,Communication and Applications(BWCCA2010),LosAlamitos(USA):IEEE,2010:423-428”中,作者设计了一种轻量级的RFID认证协议,实现了移动阅读器对标签的读取识别。该方案符合EPC Class-1Generation-2标准,即在标签端主要的运算操作为循环冗余校验码(CRC)、异或(XOR)操作等简单操作,符合低成本标签的RFID认证协议的标准。该方案在标签端计算性能上具有一定的优势,但是该方案信息交换次数过多(移动阅读器分别与标签和服务器各需要交互4次),在信息交换效率上不是很高。同时,该方案也存在安全性问题,在标签响应移动阅读器时,其中一个值T1(Y2=R2+EPCi)的变化仅仅依赖于服务器产生的随机数R2,所以如果我们重放移动阅读器发出的同一个消息,则同一标签的响应值中T1会一直不变,所以攻击者可以据此对标签进行追踪攻击。In the literature "C L Chen, J K Jan, and C F Chien. Based on mobile RFID device to design secure mutual authentication scheme for market application. 2010 International Conference on Broadband, Wireless Computing, Communication and Applications (BWCCA2010), LosAlamitos (USA): IEEE, 2010 : 423-428", the author designed a lightweight RFID authentication protocol to realize the reading and identification of tags by mobile readers. This solution conforms to the EPC Class-1Generation-2 standard, that is, the main operations on the label side are simple operations such as cyclic redundancy check code (CRC) and exclusive OR (XOR) operation, and meets the standard of RFID authentication protocol for low-cost labels . This solution has certain advantages in the calculation performance of the tag side, but the number of information exchanges in this solution is too many (the mobile reader needs to interact with the tag and the server 4 times), and the information exchange efficiency is not very high. At the same time, this scheme also has security problems. When the tag responds to the mobile reader, the change of one of the values T 1 (Y 2 =R 2 +EPC i ) only depends on the random number R 2 generated by the server, so if we re Putting the same message sent by the mobile reader, T 1 in the response value of the same tag will remain unchanged, so the attacker can use this to carry out tracking attacks on the tag.

发明内容Contents of the invention

为了克服现有的移动无线射频识别认证方法效率低的不足,本发明提供一种基于低成本标签的移动无线射频识别认证方法。该方法将移动无线射频识别认证分为注册、正常认证和快速认证三个阶段,减少信息交互次数,简化服务器、移动阅读器和标签三者之间的交互流程,实现移动阅读器与标签,及移动阅读器与后台服务器两两相互认证,可以满足实际需求中需要对同一个标签进行多次读取时快速完成的要求,提高认证效率,同时可以保证系统的安全性。In order to overcome the low efficiency of the existing mobile radio frequency identification authentication method, the present invention provides a mobile radio frequency identification authentication method based on a low-cost tag. The method divides mobile radio frequency identification authentication into three stages of registration, normal authentication and fast authentication, reduces the number of information interactions, simplifies the interaction process among the server, mobile reader and tag, and realizes mobile reader and tag, and The mutual authentication between the mobile reader and the background server can meet the requirement of fast completion when the same tag needs to be read multiple times in actual needs, improve the authentication efficiency, and ensure the security of the system at the same time.

本发明解决其技术问题所采用的技术方案是:一种基于低成本标签的移动无线射频识别认证方法,其特点是包括以下步骤:The technical solution adopted by the present invention to solve the technical problem is: a mobile radio frequency identification authentication method based on low-cost tags, which is characterized in that it includes the following steps:

步骤一、在认证协议运行之前的注册阶段,执行系统进行初始化;Step 1. In the registration stage before the operation of the authentication protocol, the execution system is initialized;

(1)存储信息(Ridj,Ki,Syj,Pk,△Tj其中△Tj=1)到移动阅读器。(1) Store information (Rid j , K i , Sy j , Pk, △T j where △T j =1) to the mobile reader.

(2)存储信息(Ki,Tidi)到标签。(2) Store the information (K i , Tid i ) in the tag.

(3)存储信息(Ridj,Ki,Syj,△Tj,Tidi,Tinfo,Sk其中△Tj=0)到服务器。(3) Store information (Rid j , K i , Sy j , △T j , Tid i , T info , Sk where △T j =0) to the server.

步骤二、正常认证阶段;Step 2, normal authentication stage;

(1)移动阅读器发出查询认证请求。移动阅读器产生随机数Nrj,然后计算和M2=h(Nrj)。移动阅读器将m1和M2发送给标签。(1) The mobile reader issues a query authentication request. The mobile reader generates a random number Nr j , and then calculates and M 2 =h(Nr j ). The mobile reader sends m 1 and M 2 to the tag.

(2)标签利用自己存储的共享密钥Ki,计算并判断是否成立。如果成立,证明移动阅读器合法,否则标签不响应。标签验证移动阅读器合法后,产生随机数Nti。然后计算: M 3 = Nt i ⊕ K i , M 4 = h ( Nt i ⊕ Nr j ) , M 5 = h ( Tid i ⊕ Nt i ) . 标签将信息(M3,M4,M5)发送给移动阅读器。(2) The tag uses its own stored shared key K i to calculate and judge Whether it is established. if If established, it proves that the mobile reader is legal, otherwise the tag does not respond. After the tag verifies that the mobile reader is legal, it generates a random number Nt i . Then calculate: m 3 = Nt i ⊕ K i , m 4 = h ( Nt i ⊕ Nr j ) , m 5 = h ( Tid i ⊕ Nt i ) . The tag sends the information (M 3 , M 4 , M 5 ) to the mobile reader.

(3)移动阅读器收到消息后,利用共享密钥Ki计算出Nti,然后验证是否成立。如果成立,证明标签合法,继续下一步处理。如果不成立,证明标签非法,放弃认证。证明标签合法后,移动阅读器首先在自身中查找是否存在Tidi,并验证是否成立。如果成立,则认证成功,否则,移动阅读器计数器增加1,即△Tj=△Tj+1。然后移动阅读器利用服务器公钥Pk加密信息(Ridj,△Tj,Nrj,M5,Nti),得到M6=EPk(Ridj||△Tj||Nrj||M5||Nti)。移动阅读器将信息M6发送给服务器。(3) After receiving the message, the mobile reader uses the shared key K i to calculate Nt i , and then verifies Whether it is established. if Established, it proves that the label is legal, and proceeds to the next step. if If it is not established, it proves that the label is illegal and the certification is abandoned. After proving that the tag is legal, the mobile reader first looks up whether Tid i exists in itself, and verifies Whether it is established. if If it is established, the authentication is successful; otherwise, the counter of the mobile reader increases by 1, that is, △T j =△T j +1. Then the mobile reader uses the server public key Pk to encrypt the information (Rid j , △T j , Nr j , M 5 , Nt i ), and obtain M 6 =E Pk (Rid j ||△T j ||Nr j ||M 5 ||Nt i ). The mobile reader sends the information M 6 to the server.

(4)服务器收到消息M6后,用自己的私钥Sk进行解密,即计算DSk(M6),得到信息(Ridj,△Tj,Nrj,M5,Nti)。首先服务器查找是否存在一个移动阅读器身份号等于Ridj,如果存在证明此移动阅读器合法,继续认证处理。如果不存在证明此移动阅读器不合法,放弃认证。如果移动阅读器合法,对服务器存储的移动阅读器Ridj对应的△Tj与私钥解密得到的△Tj′进行比较。如果私钥解密得到的△Tj′不大于服务器存储的△Tj,说明此消息为重放消息,放弃认证。否则,在服务器中查找标签信息,计算并判断是否成立,如果成立说明标签合法,服务器更新存储的△Tj为私钥解密得到的△Tj′,利用移动阅读器的对称密钥Syj加密信息(Tidi,Tinfo,Nrj),得到M7=ESyj(Tidi||Tinfo||Nrj)。服务器将信息N7发送给移动阅读器。(4) After receiving the message M 6 , the server decrypts it with its own private key Sk, that is, calculates D Sk (M 6 ), and obtains information (Rid j , △T j , Nr j , M 5 , Nt i ). Firstly, the server checks whether there is a mobile reader whose identity number is equal to Rid j , and if it exists, it proves that the mobile reader is legal, and continues the authentication process. If there is no proof that the mobile reader is illegal, the certification will be abandoned. If the mobile reader is legal, compare the △T j corresponding to the mobile reader Rid j stored in the server with the △T j ' obtained by decrypting the private key. If the △T j ′ obtained by decrypting the private key is not greater than the △T j stored in the server, it means that the message is a replay message and the authentication is abandoned. Otherwise, look up the tag information in the server, calculate and judge is established, if Establishment indicates that the tag is legal, and the △T j updated and stored by the server is the △T j ′ decrypted by the private key, and the symmetric key Sy j of the mobile reader is used to encrypt the information (Tid i , T info , Nr j ), and M 7 = E Syj (Tid i ||T info ||Nr j ). The server sends the information N 7 to the mobile reader.

步骤三、快速认证阶段;Step 3, fast authentication stage;

(1)移动阅读器发出查询认证请求。移动阅读器产生随机数Nrj,然后计算和M2=h(Nrj)。移动阅读器将M1和M2发送给标签。(1) The mobile reader issues a query authentication request. The mobile reader generates a random number Nr j , and then calculates and M 2 =h(Nr j ). The mobile reader sends M1 and M2 to the tag.

(2)标签利用自己存储的共享密钥Ki,计算并判断是否成立。如果成立,证明移动阅读器合法,否则标签不响应。若标签验证移动阅读器合法后,产生随机数Nti。然后计算: M 3 = Nt i ⊕ K i , M 4 = h ( Nt i ⊕ Nr j ) , M 5 = h ( Tid i ⊕ Nt i ) . 标签将信息(M3,M4,M5)发送给移动阅读器。(2) The tag uses its own stored shared key K i to calculate and judge Whether it is established. if If established, it proves that the mobile reader is legal, otherwise the tag does not respond. If the tag verifies that the mobile reader is legal, a random number Nt i is generated. Then calculate: m 3 = Nt i ⊕ K i , m 4 = h ( Nt i ⊕ Nr j ) , m 5 = h ( Tid i ⊕ Nt i ) . The tag sends the information (M 3 , M 4 , M 5 ) to the mobile reader.

(3)移动阅读器收到消息后,利用共享密钥Ki计算出Nti,然后验证是否成立,如果成立证明标签合法。移动阅读器首先在自身中查找是否存在Tidi,并验证是否成立。如果成立,认证成功。(3) After receiving the message, the mobile reader uses the shared key K i to calculate Nt i , and then verifies is established, if Founded to prove the label is legal. The mobile reader first looks up whether Tid i exists in itself, and verifies Whether it is established. if Established, the authentication is successful.

本发明的有益效果是:由于该方法将移动无线射频识别认证分为注册、正常认证和快速认证三个阶段,减少信息交互次数,简化服务器、移动阅读器和标签三者之间的交互流程,实现移动阅读器与标签,及移动阅读器与后台服务器两两相互认证,满足了实际需求中需要对同一个标签进行多次读取时快速完成的要求,不但提高了认证效率,还保证了系统的安全性。The beneficial effects of the present invention are: because the method divides mobile radio frequency identification authentication into three stages of registration, normal authentication and fast authentication, reduces the number of information interactions, and simplifies the interaction process among the server, mobile reader and tag, Realize mutual authentication between the mobile reader and the tag, and between the mobile reader and the background server, which meets the requirement of fast completion when the same tag needs to be read multiple times in actual needs, not only improves the authentication efficiency, but also ensures the system security.

下面结合附图和实施例对本发明作详细说明。The present invention will be described in detail below in conjunction with the accompanying drawings and embodiments.

附图说明Description of drawings

图1是本发明基于低成本标签的移动无线射频识别认证方法的流程图。Fig. 1 is a flow chart of the low-cost tag-based mobile radio frequency identification authentication method of the present invention.

图2是本发明基于低成本标签的移动无线射频识别认证方法注册阶段的流程图。Fig. 2 is a flow chart of the registration stage of the low-cost tag-based mobile radio frequency identification authentication method of the present invention.

图3是本发明基于低成本标签的移动无线射频识别认证方法正常认证阶段的流程图。Fig. 3 is a flow chart of the normal authentication stage of the low-cost tag-based mobile radio frequency identification authentication method of the present invention.

图4是本发明基于低成本标签的移动无线射频识别认证方法快速认证阶段的流程图。Fig. 4 is a flow chart of the rapid authentication stage of the low-cost tag-based mobile radio frequency identification authentication method of the present invention.

具体实施方式Detailed ways

参照图1~4。本实例针对实际移动RFID系统。下面将详细描述本发明方法的具体过程。具体过程分为三个阶段:注册阶段、正常认证阶段和快速认证阶段。按照以下步骤实施:Refer to Figures 1-4. This example is for an actual mobile RFID system. The specific process of the method of the present invention will be described in detail below. The specific process is divided into three stages: registration stage, normal authentication stage and fast authentication stage. Follow the steps below to implement:

实施例中变量及运算的符号说明。Symbolic descriptions of variables and operations in the examples.

(1)注册阶段。(1) Registration stage.

标签T和移动阅读器R必须首先在服务器S上注册,注册成功后移动阅读器R才能实现对标签T的认证。本发明方法可以通过服务器的授权,使移动阅读器只能对特定的标签进行识别。例如,在本发明方法中如果设A类产品的标签的共享密钥都为X,而B类产品的标签的共享密钥为Y。这样,如果注册时服务器对移动阅读器R与标签T的共享密钥设为X,则此移动阅读器只能对A类产品进行识别,而不能对B类产品进行识别。从而实现移动阅读器权限的控制。当然也可以让所有标签的共享密钥Ki都相同。从而合法移动阅读器可以对所有产品识别认证。The tag T and the mobile reader R must be registered on the server S first, and the mobile reader R can authenticate the tag T only after the registration is successful. The method of the invention can enable the mobile reader to only identify specific labels through the authorization of the server. For example, in the method of the present invention, if the shared key of the labels of the A-type products is all X, and the shared key of the labels of the B-type products is Y. In this way, if the server sets the shared key of mobile reader R and tag T to X during registration, the mobile reader can only identify Type A products, but not Type B products. In this way, the control of mobile reader permissions is realized. Of course, it is also possible to make the shared keys K i of all tags the same. Thus legal mobile readers can identify and authenticate all products.

在认证协议运行之前,注册阶段执行系统(如生产厂商、应用系统等)通过安全通道对移动阅读器、标签和服务器进行初始化共分三个步骤。Before the operation of the authentication protocol, the execution system of the registration phase (such as the manufacturer, the application system, etc.) initializes the mobile reader, the tag and the server through a secure channel, which are divided into three steps.

步骤1:存储信息(Ridj,Ki,Syj,Pk,△Tj其中△Tj=1)到移动阅读器。Step 1: Store information (Rid j , Ki , Sy j , Pk, ΔT j where ΔT j = 1) to the mobile reader.

步骤2:存储信息(Ki,Tidi)到标签。Step 2: Store the information (K i , Tid i ) in the tag.

步骤3:存储信息(Ridj,Ki,Syj,△Tj,Tidi,Tinfo,Sk其中△Tj=0)到服务器。Step 3: Store information (Rid j , K i , Sy j , ΔT j , Tid i , T info , Sk where ΔT j =0) to the server.

(2)正常认证阶段。(2) Normal authentication stage.

正常认证阶段共分为四个步骤。The normal authentication phase is divided into four steps.

步骤1:移动阅读器发出查询认证请求。移动阅读器产生随机数Nrj,然后计算和M2=h(Nrj)。移动阅读器将m1和M2发送给标签。Step 1: The mobile reader sends a query authentication request. The mobile reader generates a random number Nr j , and then calculates and M 2 =h(Nr j ). The mobile reader sends m 1 and M 2 to the tag.

步骤2:标签利用自己存储的共享密钥Ki,计算并判断是否成立。如果成立,证明移动阅读器合法,否则标签不响应。标签验证移动阅读器合法后,产生随机数Nti。然后计算: M 3 = Nt i ⊕ K i , M 4 = h ( Nt i ⊕ Nr j ) , M 5 = h ( Tid i ⊕ Nt i ) . 标签将信息(M3,M4,M5)发送给移动阅读器。Step 2: The tag uses its stored shared key K i to calculate and judge Whether it is established. if If established, it proves that the mobile reader is legal, otherwise the tag does not respond. After the tag verifies that the mobile reader is legal, it generates a random number Nt i . Then calculate: m 3 = Nt i ⊕ K i , m 4 = h ( Nt i ⊕ Nr j ) , m 5 = h ( Tid i ⊕ Nt i ) . The tag sends the information (M 3 , M 4 , M 5 ) to the mobile reader.

步骤3:移动阅读器收到消息后,利用共享密钥Ki计算出Nti,然后验证是否成立。如果成立,证明标签合法,继续下一步处理。如果不成立,证明标签非法,放弃认证。证明标签合法后,移动阅读器首先在自身中查找是否存在Tidi,并验证是否成立。如果成立,则认证成功,否则,移动阅读器计数器增加1,即△Tj=△Tj+1。然后移动阅读器利用服务器公钥Pk加密信息(Ridj,△Tj,Nrj,M5,Nti),得到M6=EPk(Ridj||△Tj||Nrj||M5||Nti)。移动阅读器将信息M6发送给服务器。Step 3: After receiving the message, the mobile reader uses the shared key K i to calculate Nt i , and then verifies Whether it is established. if Established, it proves that the label is legal, and proceeds to the next step. if If it is not established, it proves that the label is illegal and the certification is abandoned. After proving that the tag is legal, the mobile reader first looks up whether Tid i exists in itself, and verifies Whether it is established. if If it is established, the authentication is successful; otherwise, the counter of the mobile reader increases by 1, that is, △T j =△T j +1. Then the mobile reader uses the server public key Pk to encrypt the information (Rid j , △T j , Nr j , M 5 , Nt i ), and obtain M 6 =E Pk (Rid j ||△T j ||Nr j ||M 5 ||Nt i ). The mobile reader sends the information M 6 to the server.

步骤4:服务器收到消息M6后,用自己的私钥Sk进行解密,即计算DSk(M6),得到信息(Ridj,△Tj,Nrj,M5,Nti)。首先服务器查找是否存在一个移动阅读器身份号等于Ridj,如果存在证明此移动阅读器合法,继续认证处理。如果不存在证明此移动阅读器不合法,放弃认证。如果移动阅读器合法,对服务器存储的移动阅读器Ridj对应的△Tj与私钥解密得到的△Tj′进行比较。如果私钥解密得到的△Tj′不大于服务器存储的△Tj,说明此消息为重放消息,放弃认证。否则,在服务器中查找标签信息,计算并判断是否成立,如果成立说明标签合法,服务器更新存储的△Tj为私钥解密得到的△Tj′,利用移动阅读器的对称密钥Syj加密信息(Tidi,Tinfo,Nrj),得到M7=ESyj(Tidi||Tinfo||Nrj)。服务器将信息M7发送给移动阅读器。Step 4: After receiving the message M 6 , the server decrypts it with its own private key Sk, that is, calculates D Sk (M 6 ), and obtains information (Rid j , △T j , Nr j , M 5 , Nt i ). Firstly, the server checks whether there is a mobile reader whose identity number is equal to Rid j , and if it exists, it proves that the mobile reader is legal, and continues the authentication process. If there is no proof that the mobile reader is illegal, the certification will be abandoned. If the mobile reader is legal, compare the △T j corresponding to the mobile reader Rid j stored in the server with the △T j ' obtained by decrypting the private key. If the △T j ′ obtained by decrypting the private key is not greater than the △T j stored in the server, it means that the message is a replay message and the authentication is abandoned. Otherwise, look up the tag information in the server, calculate and judge is established, if Establishment indicates that the tag is legal, and the △T j updated and stored by the server is the △T j ′ decrypted by the private key, and the symmetric key Sy j of the mobile reader is used to encrypt the information (Tid i , T info , Nr j ), and M 7 = E Syj (Tid i ||T info ||Nr j ). The server sends the information M7 to the mobile reader.

(3)快速认证阶段。(3) Rapid authentication stage.

快速认证阶段共分为三个步骤。The rapid certification stage is divided into three steps.

步骤1:移动阅读器发出查询认证请求。移动阅读器产生随机数Nrj,然后计算和M2=h(Nrj)。移动阅读器将M1和M2发送给标签。Step 1: The mobile reader sends a query authentication request. The mobile reader generates a random number Nr j , and then calculates and M 2 =h(Nr j ). The mobile reader sends M1 and M2 to the tag.

步骤2:标签利用自己存储的共享密钥Ki,计算并判断是否成立。如果成立,证明移动阅读器合法,否则标签不响应。若标签验证移动阅读器合法后,产生随机数Nti。然后计算: M 3 = Nt i ⊕ K i , M 4 = h ( Nt i ⊕ Nr j ) , M 5 = h ( Tid i ⊕ Nt i ) . 标签将信息(M3,M4,M5)发送给移动阅读器。Step 2: The tag uses its stored shared key K i to calculate and judge Whether it is established. if If established, it proves that the mobile reader is legal, otherwise the tag does not respond. If the tag verifies that the mobile reader is legal, a random number Nt i is generated. Then calculate: m 3 = Nt i ⊕ K i , m 4 = h ( Nt i ⊕ Nr j ) , m 5 = h ( Tid i ⊕ Nt i ) . The tag sends the information (M 3 , M 4 , M 5 ) to the mobile reader.

步骤3:移动阅读器收到消息后,利用共享密钥Ki计算出Nti,然后验证是否成立,如果成立证明标签合法。移动阅读器首先在自身中查找是否存在Tidi,并验证是否成立。如果成立,认证成功,移动阅读器不再需要与服务器进行交互,从而实现快速认证,减少了等待时间。Step 3: After receiving the message, the mobile reader uses the shared key K i to calculate Nt i , and then verifies is established, if Founded to prove the label is legal. The mobile reader first looks up whether Tid i exists in itself, and verifies Whether it is established. if Established, the authentication is successful, and the mobile reader no longer needs to interact with the server, thereby realizing fast authentication and reducing waiting time.

Claims (1)

1.一种基于低成本标签的移动无线射频识别认证方法,其特征在于包括以下步骤: 1. A mobile radio frequency identification authentication method based on low-cost tags, characterized in that comprising the following steps: 步骤一、在认证协议运行之前的注册阶段,执行系统进行初始化; Step 1. In the registration stage before the operation of the authentication protocol, the execution system is initialized; (1)存储信息Ridj,Ki,Syj,Pk,△Tj到移动阅读器,其中△Tj=1; (1) Store information Rid j ,K i ,Sy j ,Pk,△T j to the mobile reader, where △T j =1; (2)存储信息Ki,Tidi到标签; (2) store information K i , Tid i to the tag; (3)存储信息Ridj,Ki,Syj,△Tj,Tidi,Tinfo,Sk到服务器,其中△Tj=0; (3) Store information Rid j ,K i ,Sy j ,△T j ,Tid i ,T info ,Sk to the server, where △T j =0; 其中,Ridj是第j个移动阅读器的身份号,Ki是移动阅读器与第i个标签之间的共享密钥,Syj是第j个移动阅读器与服务器之间的对称加密密钥,Pk是服务器的公钥,△Tj是第j个移动阅读器的计数器,Tidi是第i个标签的身份号,Tinfo是标签代表的商品的详细信息,Sk是服务器的私钥; Among them, Rid j is the identity number of the jth mobile reader, Ki is the shared key between the mobile reader and the ith tag, Sy j is the symmetric encryption key between the jth mobile reader and the server key, Pk is the public key of the server, △T j is the counter of the j-th mobile reader, Tid i is the identity number of the i-th tag, T info is the detailed information of the product represented by the tag, and Sk is the private key of the server ; 步骤二、正常认证阶段; Step 2, normal authentication stage; (1)移动阅读器发出查询认证请求;移动阅读器产生随机数Nrj,然后计算M1=Nrj⊕Ki和M2=h(Nrj);移动阅读器将M1和M2发送给标签; (1) The mobile reader sends a query authentication request; the mobile reader generates a random number Nr j , and then calculates M 1 =Nr j ⊕K i and M 2 =h(Nr j ); the mobile reader sends M 1 and M 2 give the label; (2)标签利用自己存储的共享密钥Ki,计算并判断是否成立;如果成立,证明移动阅读器合法,否则标签不响应;标签验证移动阅读器合法后,产生随机数Nti;然后计算:M3=Nti⊕Ki,M4=h(Nti⊕Nrj),M5=h(Tidi⊕Nti);标签将信息M3,M4,M5发送给移动阅读器; (2) The tag uses its own stored shared key K i to calculate and judge is established; if If it is established, it proves that the mobile reader is legal, otherwise the tag does not respond; after the tag verifies that the mobile reader is legal, it generates a random number Nt i ; and then calculates: M 3 =Nt i ⊕K i , M 4 =h(Nt i ⊕Nr j ) , M 5 =h(Tid i ⊕Nt i ); the tag sends information M 3 , M 4 , M 5 to the mobile reader; (3)移动阅读器收到消息后,利用共享密钥Ki计算出Nti,然后验证是否成立;如果成立,证明标签合法,继续下一步处理;如果 不成立,证明标签非法,放弃认证;证明标签合法后,移动阅读器首先在自身中查找是否存在Tidi,并验证是否成立;如果成立,则认证成功,否则,移动阅读器计数器增加1,即△Tj=△Tj+1;然后移动阅读器利用服务器公钥Pk加密信息Ridj,△Tj,Nrj,M5,Nti,得到M6=EPk(Ridj||△Tj||Nrj||M5||Nti);移动阅读器将信息M6发送给服务器; (3) After receiving the message, the mobile reader uses the shared key K i to calculate Nt i , and then verifies is established; if Established, it proves that the label is legal, and proceeds to the next step; if If it is not established, it proves that the tag is illegal, and the certification is abandoned; after the tag is proved to be legal, the mobile reader first checks whether there is Tid i in itself, and verifies is established; if If it is established, the authentication is successful, otherwise, the counter of the mobile reader increases by 1, that is, △T j = △T j + 1; then the mobile reader uses the server public key Pk to encrypt the information Rid j , △T j , Nr j , M 5 , Nt i , get M 6 =E Pk (Rid j ||△T j ||Nr j ||M 5 ||Nt i ); the mobile reader sends the information M 6 to the server; (4)服务器收到消息M6后,用自己的私钥Sk进行解密,即计算DSk(M6),得到信息Ridj,△Tj,Nrj,M5,Nti;首先服务器查找是否存在一个移动阅读器身份号等于Ridj,如果存在证明此移动阅读器合法,继续认证处理;如果不存在证明此移动阅读器不合法,放弃认证;如果移动阅读器合法,对服务器存储的移动阅读器Ridj对应的△Tj与私钥解密得到的△Tj′进行比较;如果私钥解密得到的△Tj′不大于服务器存储的△Tj, 说明此消息为重放消息,放弃认证;否则,在服务器中查找标签信息,计算并判断 是否成立,如果成立说明标签合法,服务器更新存储的△Tj为私钥解密得到的△Tj′,利用移动阅读器的对称密钥Syj加密信息Tidi,Tinfo,Nrj,得到M7=ESyj(Tidi||Tinfo||Nrj);服务器将信息M7发送给移动阅读器; (4) After receiving the message M 6 , the server decrypts it with its own private key Sk, that is, calculates D Sk (M 6 ), and obtains information Rid j , △T j , Nr j , M 5 , Nt i ; firstly, the server searches Whether there is a mobile reader whose identity number is equal to Rid j , if it exists, it proves that the mobile reader is legal, continue the authentication process; if it does not exist, it proves that the mobile reader is illegal, give up the authentication; if the mobile reader is legal, move Compare the △T j corresponding to the reader Rid j with the △T j ′ obtained by decrypting the private key; if the △T j ′ obtained by decrypting the private key is not greater than the △T j stored in the server, it means that the message is a replay message and discard Authentication; otherwise, look up the tag information in the server, calculate and judge is established, if Establishment indicates that the tag is legal, and the △T j updated and stored by the server is the △T j ′ decrypted by the private key. Use the symmetric key Sy j of the mobile reader to encrypt the information Tid i , T info , Nr j , and get M 7 =E Syj (Tid i ||T info ||Nr j ); the server sends the information M 7 to the mobile reader; 其中,Nrj是第j个移动阅读器产生的随机数,Nti是第i个标签产生的随机数,h(.)是单向哈希函数,EPk(c)是用服务器的公钥加密信息c,DSk(c)是用服务器的私钥解密信息c,ESyj(c)是用对称密钥Syj加密信息c; Among them, Nr j is the random number generated by the jth mobile reader, Nt i is the random number generated by the i-th tag, h(.) is a one-way hash function, E Pk (c) is the public key of the server To encrypt information c, D Sk (c) is to decrypt information c with the private key of the server, and E Syj (c) is to encrypt information c with symmetric key Sy j ; 步骤三、快速认证阶段; Step 3, fast authentication stage; (1)移动阅读器发出查询认证请求;移动阅读器产生随机数Nrj,然后计算M1=Nrj⊕Ki和M2=h(Nrj);移动阅读器将M1和M2发送给标签; (1) The mobile reader sends a query authentication request; the mobile reader generates a random number Nr j , and then calculates M 1 =Nr j ⊕K i and M 2 =h(Nr j ); the mobile reader sends M 1 and M 2 give the label; (2)标签利用自己存储的共享密钥Ki,计算并判断是否成立;如果成立,证明移动阅读器合法,否则标签不响应;若标签验证移动阅读器合法后,产生随机数Nti;然后计算:M3=Nti⊕Ki,M4=h(Nti⊕Nrj),M5=h(Tidi⊕Nti);标签将信息M3,M4,M5发送给移动阅读器; (2) The tag uses its own stored shared key K i to calculate and judge is established; if If it is established, it proves that the mobile reader is legal, otherwise the tag does not respond; if the tag verifies that the mobile reader is legal, it generates a random number Nt i ; and then calculates: M 3 =Nt i ⊕K i , M 4 =h(Nt i ⊕Nr j ), M 5 =h(Tid i ⊕Nt i ); the tag sends the information M 3 , M 4 , M 5 to the mobile reader; (3)移动阅读器收到消息后,利用共享密钥Ki计算出Nti,然后验证是否成立,如果成立证明标签合法;移动阅读器首先在自身中查找是否存在Tidi,并验证是否成立;如果成立,认证成功。 (3) After receiving the message, the mobile reader uses the shared key K i to calculate Nt i , and then verifies is established, if The establishment proves that the tag is legal; the mobile reader first looks up whether Tid i exists in itself, and verifies is established; if Established, the authentication is successful.
CN201310050622.0A 2013-02-08 2013-02-08 Based on the mobile wireless radio frequency identification authentication method of low cost label Expired - Fee Related CN103177273B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201310050622.0A CN103177273B (en) 2013-02-08 2013-02-08 Based on the mobile wireless radio frequency identification authentication method of low cost label

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201310050622.0A CN103177273B (en) 2013-02-08 2013-02-08 Based on the mobile wireless radio frequency identification authentication method of low cost label

Publications (2)

Publication Number Publication Date
CN103177273A CN103177273A (en) 2013-06-26
CN103177273B true CN103177273B (en) 2015-10-21

Family

ID=48637114

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201310050622.0A Expired - Fee Related CN103177273B (en) 2013-02-08 2013-02-08 Based on the mobile wireless radio frequency identification authentication method of low cost label

Country Status (1)

Country Link
CN (1) CN103177273B (en)

Families Citing this family (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI627551B (en) * 2013-08-29 2018-06-21 Xu yi hong System and method for verifying non-contact sensing tags
CN104883681B (en) * 2015-05-04 2018-05-01 河南理工大学 A kind of mobile RFID mutual authentication method based on Dynamic-shared key
CN105046300B (en) * 2015-07-23 2018-01-09 北京锐安科技有限公司 radio frequency identification authentication method and system
CN106712962B (en) * 2016-12-23 2019-12-24 西安电子科技大学 Mobile RFID system two-way authentication method and system
CN106998252B (en) * 2017-05-18 2019-10-25 西安电子科技大学 Lightweight RFID group tag authentication method based on cloud database
CN108563969A (en) * 2018-04-26 2018-09-21 深圳市盛路物联通讯技术有限公司 A kind of radio frequency identification authentication method and system
CN109388991B (en) * 2018-09-21 2021-06-18 昆明理工大学 A method for identifying RFID tags with a single reader using the continuous identification amount of the tail code as an indicator
CN109714763B (en) * 2018-12-18 2021-08-10 江南大学 Radio frequency identification security authentication method and system
CN111641657B (en) * 2020-06-05 2022-02-11 南京信息工程大学 RFID-based information anonymous retrieval method and system in intelligent medical environment
CN114037457A (en) * 2021-11-05 2022-02-11 西北工业大学 A cross-domain access authentication method for industrial complex product terminals based on identity identification
CN115866586A (en) * 2022-11-02 2023-03-28 周礼真 Intelligent security authentication and identification system based on big data

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101488854A (en) * 2008-01-18 2009-07-22 华为技术有限公司 Wireless RFID system authentication method and apparatus
CN102497264A (en) * 2011-11-10 2012-06-13 西安电子科技大学 RFID security authentication method based on EPC C-1G-2 standard
CN102868534A (en) * 2012-09-17 2013-01-09 西安电子科技大学 RFID (Radio Frequency Identification) safety certification method based on two-deck searching

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070133807A1 (en) * 2005-12-12 2007-06-14 Electronics And Telecommunications Research Institute Tag authentication apparatus and method for radio frequency identification system

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101488854A (en) * 2008-01-18 2009-07-22 华为技术有限公司 Wireless RFID system authentication method and apparatus
CN102497264A (en) * 2011-11-10 2012-06-13 西安电子科技大学 RFID security authentication method based on EPC C-1G-2 standard
CN102868534A (en) * 2012-09-17 2013-01-09 西安电子科技大学 RFID (Radio Frequency Identification) safety certification method based on two-deck searching

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
余恬恬,等.基于Hash函数的RFID挑战-应答认证协议.《计算机工程》.2009,第35卷(第24期),156-161. *
李慧贤.轻量级RFID双向认证协议涉及与分析.《西安电子科技大学学报(自然科学版)》.2012,第39卷(第1期),172-178. *
谌绍巍,等.一种改进的Hash函数RFID双向安全认证协议.《计算机系统应用》.2010,第19卷(第3期),67-70. *

Also Published As

Publication number Publication date
CN103177273A (en) 2013-06-26

Similar Documents

Publication Publication Date Title
CN103177273B (en) Based on the mobile wireless radio frequency identification authentication method of low cost label
CN103795543B (en) A kind of secure two-way authentication method for rfid system
CN103391199B (en) RFID (radio frequency identification device) authentication method and system based on PUFs (physical unclonable functions)
CN104115442B (en) RFID bidirectional authentication method based on asymmetric secret key and Hash function
Niu et al. Privacy and authentication protocol for mobile RFID systems
CN106603240B (en) Cloud-based low-cost RFID NTRU authentication method
Jung et al. HRP: A HMAC-based RFID mutual authentication protocol using PUF
Chen et al. An ownership transfer scheme using mobile RFIDs
CN114175574B (en) Wireless Security Protocols
WO2010012210A1 (en) Electronic label authenticating method and system
Jannati et al. Cryptanalysis and enhancement of a secure group ownership transfer protocol for RFID tags
CN110650019B (en) RFID authentication method and system based on PUF and security sketch
KR101848300B1 (en) METHOD FOR OPERATING COMMUNICATION CLIENT INSTALLED IN IoT DEVICE AND IoT DEVICE INCLUDING THE CLIENT
CN111931533A (en) Authentication method for multiple owner RFID tags
US11539671B1 (en) Authentication scheme in a virtual private network
Saxena et al. A novel hash-based mutual RFID tag authentication protocol
CN103560881A (en) Radio frequency identification system safety certification and key agreement method
CN109766966B (en) A Synchronous Update Method of RFID Tag Random Number
CN102868534A (en) RFID (Radio Frequency Identification) safety certification method based on two-deck searching
CN109788465B (en) A two-way identity authentication method based on radio frequency identification on the blockchain
Huang et al. An ultralightweight mutual authentication protocol for EPC C1G2 RFID tags
CN104980280A (en) RFID safe authentication method based on Chua's multiscroll chaos sequence
US11729147B2 (en) Authentication procedure in a virtual private network
Lee et al. Privacy challenges in RFID systems
KR101215155B1 (en) System for and method of protecting communication between reader and tag in rfid system

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20151021

Termination date: 20160208

CF01 Termination of patent right due to non-payment of annual fee