CN103560881A - Radio frequency identification system safety certification and key agreement method - Google Patents

Radio frequency identification system safety certification and key agreement method Download PDF

Info

Publication number
CN103560881A
CN103560881A CN201310484464.XA CN201310484464A CN103560881A CN 103560881 A CN103560881 A CN 103560881A CN 201310484464 A CN201310484464 A CN 201310484464A CN 103560881 A CN103560881 A CN 103560881A
Authority
CN
China
Prior art keywords
certificate server
reader
calculate
label
authentication
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201310484464.XA
Other languages
Chinese (zh)
Inventor
林巧民
王汝传
杨金文
叶宁
李鹏
孙力娟
肖甫
黄海平
徐鹤
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nanjing Post and Telecommunication University
Nanjing University of Posts and Telecommunications
Original Assignee
Nanjing Post and Telecommunication University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nanjing Post and Telecommunication University filed Critical Nanjing Post and Telecommunication University
Priority to CN201310484464.XA priority Critical patent/CN103560881A/en
Publication of CN103560881A publication Critical patent/CN103560881A/en
Pending legal-status Critical Current

Links

Images

Abstract

The invention discloses a radio frequency identification system safety certification and key agreement method. According to the radio frequency identification system safety certification and key agreement method, transmission of public values of the two communication parties is simplified, the public values are transmitted through a certification server, influences on the safety performance are avoided, and therefore even through the server is broken into, it is certain that following certification can not be passed. In the certification process, three-round communication and seven-step operation are required to be executed to generate a session key, and compared with same-class methods, the radio frequency identification system safety certification and key agreement method has the advantage that efficiency is greatly improved. The radio frequency identification system safety certification and key agreement method has the advantages of being safe, low in storage cost and communication cost, novel, easy to implement and the like. By means of the radio frequency identification system safety certification and key agreement method, server leakage attack, midwayer attack, off-line guessing attack and not-detectable on-line guessing attack can be effectively defended, meanwhile, a bidirectional certification session key with high safety performance and forward safety performance are provided, and the radio frequency identification system safety certification and key agreement method is quite suitable for RFID application systems which must provide privacy protection.

Description

A kind of radio-frequency recognition system safety certification and cryptographic key negotiation method
Technical field
The invention belongs to field of information security technology, particularly a kind of safety certification and cryptographic key negotiation method based on radio-frequency recognition system.
Background technology
Radio-frequency (RF) identification (Radio Frequency Identification, RFID) be a kind of contactless automatic identification technology, it is automatically identified destination object and is obtained related data by radiofrequency signal, and identification work need not manual intervention, can work in various adverse circumstances.Rfid system is generally comprised of RFID label, rfid interrogator and background server three parts, adopts cordless communication between label and read write line.The appearance of RFID technology, solved a difficult problem for data automatic identification, process information is more quick, accurate, reduced manual intervention, avoided the loaded down with trivial details flow processs such as manual input, thereby reduced production cost, radio frequency identification has been widely used in the supply chain of domestic and international enterprise at present, in every profession and trade, all use to some extent, but because the existence of information security issue, RFID application not yet spreads in most important mission critical.Authentication is one of core technology of protection rfid system safety with key agreement mechanism, and China needs badly and designs safe and reliable RFID authentication and cryptographic key negotiation method instantly, promotes domestic all trades and professions to implement rfid system, raises labour productivity.
Summary of the invention
Technical problem: the object of this invention is to provide a kind of radio-frequency recognition system safety certification and cryptographic key negotiation method.Authentication with key agreement in rfid system, be together with core security barrier, also be the basis of implementing access control, information communication safety almost always starts from the handshake procedure of authentication, and therefore, authentication has a very important role to the safety of whole system with key agreement mechanism.Along with the large-scale popularization application of rfid system, the scale of rfid system is also becoming and is complicating greatly gradually, and the sensitive information that system is carried is more and more, in the urgent need to obtaining safety guarantee.
Technical scheme: have some technical symbols in the present invention program, be described as follows:
1) <G, E, P, Q, q>:G represent that computing is the finite cyclic group that the rank of multiplication are prime number q, E is the elliptic curve on G, P is the primitive of choosing, and guarantees that the minimum n value of nP=O is a very large prime number, P, Q ∈ E;
2) L, R, S:L represents the electronic code of RFID label, and R represents the identify label number of RFID reader, and S is the identify label number of rfid system certificate server;
3) pw l, pw r, pw lq, pw rq: the first two represents respectively the password of electronic tag and RFID reader, and pw l, pw rall be selected from dictionary D; Latter two represents respectively the password authentication unit of the corresponding electronic tag of certificate server and RFID reader;
4) t 1, t 2, x, y, r: from Z q *in the random value chosen;
5) represent hash function, i ∈ { 1,2}, l ia security parameter, for rfid system certificate server to the authentication of electronic tag and reader (MAC).
The object of the invention is to solve authentication safety and key agreement problem between label, reader and certificate server, concrete grammar is as follows:
Step 1: electronic tag sends identify label <L> to backstage certificate server,
Step 2: reader sends identify label <R> to certificate server, and request authentication starts,
Step 3: certificate server is chosen random value t 1∈ Z q *, Z q *be multiplicative group, calculate t 1p, P ∈ E, E is elliptic curve, and uses T 1represent, i.e. t 1p=T 1, use pw lq is to T 1encrypt so that certificate server can authenticate label afterwards pw l∈ D, D is dictionary, Q ∈ E; If result is T after encrypting 1 *, T 1 *=T 1+ pw lq, sends <T to label 1 *, L, R, S>, wherein S is the identify label of certificate server,
Step 4: certificate server is chosen random value t 2∈ Z q *, calculate t 2p, P is the same, and uses T 2represent, i.e. t 2p=T 2, use pw rq, pw r∈ D, to T 2encrypt so that certificate server can authenticate reader afterwards, establishing and encrypting rear result is T 2 *, T 2 *=T 2+ pw rq, sends <T to reader 2 *, L, R, S>,
Step 5: reader is chosen random value y ∈ Z q *, calculate yP, P is the same, and represents with V, i.e. yP=V, calculate V for after negotiate shared secret value, use pw r, pw rthe same, to T 2 *be decrypted, obtain T 2, calculate yT 2, and use K 2represent, i.e. yT 2=K 2, calculate K 2key reader being authenticated as certificate server, calculates H 1(L, R, S, T 2, V, K 2),
Figure BDA0000396867300000025
hash function, l ibe security parameter, and use Auth 1Yrepresent, i.e. H 1(L, R, S, T 2, V, K 2)=Auth 1Y, calculate Auth 1Yas MAC code, to certificate server, send <V, Auth 1Y>,
Step 6: label is chosen random value x ∈ Z q *, calculate xP, P is the same, and represents with U, i.e. xP=U, calculate U for after consult shared secret value, use pw lto T 1 *be decrypted, obtain T 1, calculate xT 1=xt 1p, and use K 1represent, i.e. xT 1=K 1, calculate K 1key electronic tag being authenticated as certificate server, calculates H 1(L, R, S, T 1, U, K 1), and use Auth 1Xrepresent, i.e. H 1(L, R, S, T 1, U, K 1)=Auth 1X, calculate Auth 1Xas MAC code, to certificate server, send <U, Auth 1X>,
Step 7: authentication server computes t 1u, t 1, U is the same, therefore has t 1u=t 1xP=K 1, by the GDH(Gap Diffie-Hellman of elliptic curve, gap Di Fei-Herman) and known this key of difficulty hypothesis only has label, certificate server to know, thus can be for the authentication of certificate server to label below; Authentication server computes H 1(L, R, S, T 1, U, K 1), if H 1(L, R, S, T 1, U, K 1) with the Auth that receives 1Xnot etc., illustrate that the other side is not that label or message were tampered, certificate server stops verification process; Otherwise, completed the authentication to label; Similarly, authentication server computes t 2v, t 2, V is the same, therefore has t 2v=t 2yP=K 2, known this key of GDH difficulty hypothesis by elliptic curve only has reader, certificate server to know equally, thereby can be for the authentication of certificate server to reader below; Authentication server computes H 1(L, R, S, T 2, U, K 2), if H 1(L, R, S, T 2, U, K 2) with the Auth that receives 1Ynot etc., illustrate that the other side is not that reader or message were tampered, certificate server stops verification process; Otherwise, completed the authentication to reader; After having completed the authentication of label, reader, certificate server is chosen a random value r ∈ Z q *, calculate rU, and use Y *represent, i.e. rU=Y *, calculate Y *for consulting afterwards shared secret value, calculate H 2(L, R, S, Y *, K 1),
Figure BDA0000396867300000031
Figure BDA0000396867300000032
hash function, l ibe security parameter, and use Auth 2Xrepresent, i.e. H 2(L, R, S, Y *, K 1)=Auth 2X, calculate Auth 2Xmake MAC code, to label, send < Y *, Auth 2X>,
Step 8: certificate server is chosen a random value r ∈ Z q *, calculate rV, and use X *represent, i.e. rV=X *, calculate X *for consulting afterwards shared secret value, calculate H 2(L, R, S, X *, K 2), and use Auth 2Yrepresent, i.e. H 2(L, R, S, X *, K 2)=Auth 2Y, calculate Auth 2Yas MAC code, to reader, send < X *, Auth 2Y>,
Step 9: tag computation H 2(L, R, S, Y *, K 1), with the Auth receiving 2Xcompare, if not etc., illustrating that the other side is not that certificate server or message have been tampered, label stops verification process; Otherwise label completes the authentication to certificate server,
Step 10: reader calculated H 2(L, R, S, X *, K 2), with the Auth receiving 2Ycompare, if not etc., illustrating that the other side is not that certificate server or message have been tampered, reader stops verification process; Otherwise reader completes the authentication to authentication service,
Step 11: tag computation shared secret value cs=xY *=xryP, reader calculated shared secret value cs=yX *=xryP,
Step 12: it is session key that label and reader are got cs, ensures subsequent communications safety.
Beneficial effect: this authentication has simplified with cryptographic key negotiation method the transmission that communicating pair is openly worth, and is transferred to certificate server to pass on, and this is on not impact of fail safe, and because even if server is broken, it must pass through authentication below so.In verification process, session key of every generation, need to carry out 3 and take turns communication, and 7 step computings, compare same class methods, and efficiency improves a lot.Owing to not using public-key, equally can not add macrooperation expense yet.In addition, in generating, the session key of this method not only used random value x, y, and server end also provides random value r; Different hash functions has been used in the generation of session key and interim authenticate key.On storage overhead, for each certification entity (label and reader), only need a password of storage; For certificate server, only need the corresponding password authentication unit of each certification entity of storage.
Resist server and reveal attack: because certificate server end is not directly stored user's password, but stored checking unit, even if server has been revealed checking unit like this, from the GDH difficulty hypothesis of elliptic curve, assailant cannot calculate user password in polynomial time.Thereby the method can be resisted server and reveal attack.
Realized mutual authentication: because the T that certificate server sends to respectively label, reader to use password authentication unit to encrypt 1 *=T 1+ pw lq and T 2 *=T 2+ pw rq, label and reader must be deciphered with the password of oneself, thereby calculate respectively authenticate key K one time 1and K 2; Correspondingly, certificate server is by being used K 1and K 2calculate Auth 1X=H 1(L, R, S, T 1, U, K 1), Auth 1Y=H 1(L, R, S, T 2, V, K 2) can realize the authentication to label, reader.In addition, by calculating respectively Auth 2X=H 2(L, R, S, Y *, K 1) and Auth 2Y=H 2(L, R, S, X *, K 2), thereby label and reader can also be realized the authentication to certificate server.Due to the authentication having realized certificate server, label and reader are had reason to believe the Y sending from backstage certificate server so *and X *validity.
Opposing intermediate is attacked: intermediate is attacked and referred to assailant and intercept and capture a piece of news, replaces the message of its intercepting and capturing by own message, make communication party without discover the session key of generation error.Yet authentication has directly stoped this attack.Due in the method, MAC value Auth 1X=H 1(L, R, S, T 1, U, K 1), Auth 1Y=H 1(L, R, S, T 2, V, K 2) to certificate server, provide the authentication to label, reader, thereby can resist intermediate and attack.
The strong security of session key: given X *=rU, Y *=rV, owing to not yet finding to solve the multinomial algorithm of the GDH problem of elliptic curve, and random value x, y, r is unknown, so assailant cannot obtain cs=yX *=xryP or cs=xY *=xryP, i.e. the fail safe of session key is the GDH problem based on elliptic curve, can be considered to calculate upper infeasible.
Opposing off-line guessing attack: in off-line guessing attack, assailant guesses password, then confirms off-line its conjecture.In the method, due to t 1, t 2be all random value, thereby without any information, can help directly to confirm the correctness of the password of conjecture.Thereby the method can be resisted off-line guessing attack.
Resist ND online guessing attack: in online guessing attack, assailant attempts confirming the correctness of the password of its conjecture in online method is carried out.In the method, certificate server sends out T 1 *=T 1+ pw lq and T 2 *=T 2+ pw rq, and receive Auth from label, reader 1X=H 1(L, R, S, T 1, U, K 1), Auth 1Y=H 1(L, R, S, T 2, V, K 2), thereby server can be by calculating K 1and K 2, check Auth 1X=H 1(L, R, S, T 1, U, K 1), Auth 1Y=H 1(L, R, S, T 2, V, K 2) realize the authentication to label, reader.Obviously, if the password pw of assailant A conjecture label l', if guessed unsuccessfully, i.e. pw l' ≠ pw l, A just can not correctly decipher and obtain T so 1thereby, cannot correctly calculate authenticate key K 1, by the known A of collision of hash function, cannot, by the authentication of certificate server, can be discovered by certified server.
Forward security: in the method, because interim multiplier x, y, r are random chooses, thereby be independent of the execution of method, can not draw so password is revealed the session key of consulting before.
Accompanying drawing explanation
Fig. 1 has realized the material Management System block diagram based on RFID of the present invention,
Fig. 2 has realized the material Management System software architecture diagram based on RFID of the present invention,
Fig. 3 is the procedure chart of authentication of the present invention and cryptographic key negotiation method.
Embodiment
One, implementation environment
(1) RFID information acquisition terminal
RFID information acquisition terminal mainly comprises EPC electronic tag and the rfid interrogator being attached on article.
For 65,96 and 256 three kinds of EPC sequence lengths, AUTO-ID center is defined as 7 kinds of EPC version structures.EPC-96 based on 96bits sequence is current most popular nomenclature scheme, and native system adopts EPC-96 to realize the code identification to single article.
Rfid interrogator is used for activating label, reading electronic labels EPC storage area data.
GEN-2EPC label communication is at the uhf band (800-960MHz) of rfid interrogator, and its communication distance can reach 2~10 meters.The DT9051-UHF bluetooth low frequency short distance rfid interrogator reading/writing distance that native system adopts is 1~2 meter, and DT9020-UHF hyperfrequency middle distance rfid interrogator reading/writing distance is 1~6 meter.
Main hardware equipment detail parameters is as follows:
RFID
Read write line is the critical component of long distance wireless radio-frequency recognition system, read write line is applicable to read and write and meets EPCISO18000-6C, the EM of ISO18000-6B international standard protocol, the electric label of Philips, is widely used in the fields such as automatic vehicle identification management, highway non-parking charge, customs's automatic vehicle identification, train identification and scheduling, logistics management, entrance guard management.
The performance characteristics of read write line:
● operating frequency: 902~928MHz, frequency hopping mode of operation (HFSS);
● microwave output power :+40dbm(1W);
● identification reading distance reaches and is greater than 12m, and the single deck tape-recorder time of reading is less than 10ms;
● there is anticollision read functions, can identify a plurality of labels;
● CRC code detection technique, protocol processes is simple, quick, high;
● dynamic link libraries adopts standard A PI interface, simplifies the high-end program of PC;
● the communication interface of standard: Wiegand26bit/RS242/RS585;
● power supply: 220V/50Hz;
● overall dimension: 550MMX550MM X50MM;
● working temperature :-20~85 ℃;
Rfid card sheet:
● Standard Thin card size: 86*55*5.5mm;
● decipherment distance: 2--80 rice is adjustable;
● recognition speed: in 200 kilometers/hour;
● anti-collision: can simultaneously identify 200 cards;
● read-only: the ID whole world is unique;
● operating frequency: 2.5GHz-2.5GHz λ ISM microwave section, 128 channels, channel bandwidth 8MHz;
● data rate: 1Mbps;
● radio-frequency power: be less than-4dBm, able to programme;
● operating current: be less than 5uA;
● receiving sensitivity: be not less than-90dBm, able to programme;
● operating ambient temperature :-50 ℃-85 ℃;
● useful life: 6-8.
(2) information network terminal
Information network terminal mainly comprises EPC middleware, object oriented resolution server (ONS), EPC information server (EPC IS) and background data base server.
EPC middleware is processing and processes from all information of read write line and the software of flow of event, is the tie that connects read write line and application program.Before data are sent to application program, realize the function of label data check and correction, read write line coordination, data transmission, data storage and task management.
Native object name resolving service (ONS) is an automatic network service system, is similar to domain name mapping service (DNS), and ONS is the server that EPC middleware has indicated storage products relevant information.
EPCIS realizes the interface of a modularization, extendible data and service, makes the related data of EPC can between enterprises or enterprise, realize shared.
In the EPC network architecture that Auto-ID Center proposes, at retailer place, ONS and EPCIS server are not set, so native system do not comprise ONS and EPCIS server, but need access ONS and EPC IS obtains and upload Item Information by Internet.
Background data base server is used for backing up EPC Item Information, for the article in this locality circulation, without the ONS server of accessing manufacturer or supplier by Internet.
(3) control terminal
Control terminal comprises host computer, banister and the web camera that intelligent handling of goods and materials platform is installed.
Intelligence handling of goods and materials platform, as application program, receives the data that EPC middleware sends, and according to pre-defining of program, each independent event is responded, and realizes the control to banister and web camera.
System based on the inventive method, mainly based on Visual Studio2008 exploitation, uses SQL Server2005Developer to realize background data base access, adopts C# language programming to realize the design of intelligent handling of goods and materials platform.Intelligence handling of goods and materials platform obtains EPC label information, video information etc. by EPC middleware, and Item Information corresponding to EPC is uploaded to information network terminal in real time, realizes the effective management to goods and materials.
Two, method flow
Fig. 3 is the procedure chart of authentication of the present invention and cryptographic key negotiation method, now concrete grammar is described below.
Rfid system safety certification of the present invention and cryptographic key negotiation method comprise the steps:
Step 1), electronic tag send identify label <L> to backstage certificate server,
Step 2), reader sends identify label <R> to certificate server, request authentication starts,
Step 3), certificate server are chosen random value t 1∈ Z q *, Z q *be multiplicative group, calculate t 1p, P ∈ E, E is elliptic curve, and uses T 1represent, i.e. t 1p=T 1, use pw lq is to T 1encrypt so that certificate server can authenticate label afterwards pw l∈ D, D is dictionary, Q ∈ E; If result is T after encrypting 1 *, T 1 *=T 1+ pw lq, sends <T to label 1 *, L, R, S>, wherein S is the identify label of certificate server,
Step 4), certificate server are chosen random value t 2∈ Z q *, calculate t 2p, P is the same, and uses T 2represent, i.e. t 2p=T 2, use pw rq(pw r∈ D) to T 2encrypt so that certificate server can authenticate reader afterwards, establishing and encrypting rear result is T 2 *, T 2 *=T 2+ pw rq, sends <T to reader 2 *, L, R, S>,
Step 5), reader are chosen random value y ∈ Z q *, calculate yP, P is the same, and represents with V, i.e. yP=V, calculate V for after negotiate shared secret value, use pw r(pw rthe same) to T 2 *be decrypted, obtain T 2, calculate yT 2, and use K 2represent, i.e. yT 2=K 2, calculate K 2key reader being authenticated as certificate server, calculates H 1(L, R, S, T 2, V, K 2),
Figure BDA0000396867300000081
hash function, l ibe security parameter, and use Auth 1Yrepresent, i.e. H 1(L, R, S, T 2, V, K 2)=Auth 1Y, calculate Auth 1Yas MAC code, to certificate server, send <V, Auth 1Y>,
Step 6), label are chosen random value x ∈ Z q *, calculate xP, P is the same, and represents with U, i.e. xP=U, calculate U for after consult shared secret value, use pw l(pw lthe same) to T 1 *be decrypted, obtain T 1, calculate xT 1=xt 1p, and use K 1represent, i.e. xT 1=K 1, calculate K 1key electronic tag being authenticated as certificate server, calculates H 1(L, R, S, T 1, U, K 1), and use Auth 1Xrepresent, i.e. H 1(L, R, S, T 1, U, K 1)=Auth 1X, calculate Auth 1Xas MAC code, to certificate server, send <U, Auth 1X>,
Step 7), authentication server computes t 1u, t 1, U is the same, therefore has t 1u=t 1xP=K 1, by the gap Diffie-Hellman(GDH of elliptic curve) and known this key of difficulty hypothesis only has label, certificate server to know, thus can be for the authentication of certificate server to label below; Authentication server computes H 1(L, R, S, T 1, U, K 1), if H 1(L, R, S, T 1, U, K 1) with the Auth that receives 1Xnot etc., illustrate that the other side is not that label or message were tampered, certificate server stops verification process; Otherwise, completed the authentication to label; Similarly, authentication server computes t 2v, t 2, V is the same, therefore has t 2v=t 2yP=K 2, known this key of GDH difficulty hypothesis by elliptic curve only has reader, certificate server to know equally, thereby can be for the authentication of certificate server to reader below; Authentication server computes H 1(L, R, S, T 2, U, K 2), if H 1(L, R, S, T 2, U, K 2) with the Auth that receives 1Ynot etc., illustrate that the other side is not that reader or message were tampered, certificate server stops verification process; Otherwise, completed the authentication to reader; After having completed the authentication of label, reader, certificate server is chosen a random value r ∈ Z q *, calculate rU, and use Y *represent, i.e. rU=Y *, calculate Y *for consulting afterwards shared secret value, calculate H 2(L, R, S, Y *, K 1),
Figure BDA0000396867300000091
Figure BDA0000396867300000092
hash function, l ibe security parameter, and use Auth 2Xrepresent, i.e. H 2(L, R, S, Y *, K 1)=Auth 2X, calculate Auth 2Xmake MAC code, to label, send < Y *, Auth 2X>,
Step 8), certificate server are chosen a random value r ∈ Z q *, calculate rV, and use X *represent, i.e. rV=X *, calculate X *for consulting afterwards shared secret value, calculate H 2(L, R, S, X *, K 2), and use Auth 2Yrepresent, i.e. H 2(L, R, S, X *, K 2)=Auth 2Y, calculate Auth 2Yas MAC code, to reader, send < X *, Auth 2Y>,
Step 9), tag computation H 2(L, R, S, Y *, K 1), with the Auth receiving 2Xcompare, if not etc., illustrating that the other side is not that certificate server or message have been tampered, label stops verification process; Otherwise label completes the authentication to certificate server,
Step 10), reader calculated H 2(L, R, S, X *, K 2), with the Auth receiving 2Ycompare, if not etc., illustrating that the other side is not that certificate server or message have been tampered, reader stops verification process; Otherwise reader completes the authentication to authentication service,
Step 11), tag computation shared secret value cs=xY *=xryP, reader calculated shared secret value cs=yX *=xryP,
It is session key that step 12), label and reader are got cs, ensures subsequent communications safety.This authentication has simplified with cryptographic key negotiation method the transmission that authenticates public information, is transferred to certificate server to pass on, and this is on not impact of fail safe, even if because server is broken, it must pass through authentication below so.In verification process, session key of every generation, need to carry out 3 and take turns communication, 7 step computings.Owing to not using public-key, equally can not add macrooperation expense yet.In addition, in generating, the session key of this method not only used random value x, y, and server end also provides random value r; Different hash functions has been used in the generation of session key and interim authenticate key.On storage overhead, for each certification entity (label and reader), only need a password of storage; For certificate server, only need the corresponding password authentication unit of each certification entity of storage.

Claims (1)

1. radio-frequency recognition system safety certification and a cryptographic key negotiation method, is characterized in that the method specifically comprises the following steps:
Step 1: electronic tag sends identify label <L> to backstage certificate server,
Step 2: reader sends identify label <R> to certificate server, and request authentication starts,
Step 3: certificate server is chosen random value,
Figure 201310484464X100001DEST_PATH_IMAGE001
be multiplicative group, calculate
Figure 65619DEST_PATH_IMAGE002
,
Figure 201310484464X100001DEST_PATH_IMAGE003
, E is elliptic curve, and with representing,
Figure 953941DEST_PATH_IMAGE004
, use
Figure 201310484464X100001DEST_PATH_IMAGE005
to encrypting so that certificate server can authenticate label afterwards, , D is dictionary,
Figure DEST_PATH_IMAGE007
; If result is after encrypting,
Figure 4909DEST_PATH_IMAGE008
, to label, send <, L, R, S >, wherein S is the identify label of certificate server,
Step 4: certificate server is chosen random value, calculates
Figure DEST_PATH_IMAGE009
,
Figure 885141DEST_PATH_IMAGE010
the same, and use represent,
Figure 447709DEST_PATH_IMAGE012
, use
Figure DEST_PATH_IMAGE013
,
Figure 556741DEST_PATH_IMAGE014
, to encrypting so that certificate server can authenticate reader afterwards, establish encrypt after result be,
Figure DEST_PATH_IMAGE015
, to reader, send <, L, R, S>,
Step 5: reader is chosen random value, calculates
Figure 153945DEST_PATH_IMAGE016
, the same, and use
Figure DEST_PATH_IMAGE017
represent,
Figure 753477DEST_PATH_IMAGE018
, calculate
Figure 164736DEST_PATH_IMAGE017
for negotiating afterwards shared secret value, use
Figure DEST_PATH_IMAGE019
,
Figure 852331DEST_PATH_IMAGE019
the same, to being decrypted, obtain, calculate
Figure 136682DEST_PATH_IMAGE020
, and use
Figure DEST_PATH_IMAGE021
represent,
Figure 673843DEST_PATH_IMAGE022
, calculate key reader being authenticated as certificate server, calculates
Figure DEST_PATH_IMAGE023
,
Figure 336671DEST_PATH_IMAGE024
: being hash function, is security parameter, and uses represent,
Figure 464027DEST_PATH_IMAGE026
, calculate
Figure 550801DEST_PATH_IMAGE025
as MAC code, to certificate server, send < V, >,
Step 6: label is chosen random value, calculates
Figure DEST_PATH_IMAGE027
,
Figure 54595DEST_PATH_IMAGE010
the same, and use
Figure 44678DEST_PATH_IMAGE028
represent, , calculate
Figure 342936DEST_PATH_IMAGE028
for consulting afterwards shared secret value, use
Figure 917005DEST_PATH_IMAGE030
right
Figure DEST_PATH_IMAGE031
be decrypted, obtain, calculate
Figure 909976DEST_PATH_IMAGE032
, and use represent,
Figure 862888DEST_PATH_IMAGE034
, calculate key electronic tag being authenticated as certificate server, calculates
Figure DEST_PATH_IMAGE035
, and use
Figure 81828DEST_PATH_IMAGE036
represent,
Figure DEST_PATH_IMAGE037
, calculate as MAC code, to certificate server, send < U, >,
Step 7: authentication server computes
Figure 832713DEST_PATH_IMAGE038
,
Figure 201310484464X100001DEST_PATH_IMAGE039
,
Figure 925303DEST_PATH_IMAGE028
the same, therefore have , by gap known this key of Di Fei-Herman GDH difficulty hypothesis of elliptic curve, only have label, certificate server to know, thus can be for the authentication of certificate server to label below; Authentication server computes
Figure 421455DEST_PATH_IMAGE035
if,
Figure 224326DEST_PATH_IMAGE035
with receive
Figure 363183DEST_PATH_IMAGE036
not etc., illustrate that the other side is not that label or message were tampered, certificate server stops verification process; Otherwise, completed the authentication to label; Similarly, authentication server computes
Figure DEST_PATH_IMAGE041
,
Figure 71245DEST_PATH_IMAGE042
,
Figure DEST_PATH_IMAGE043
the same, therefore have
Figure 6446DEST_PATH_IMAGE044
, known this key of GDH difficulty hypothesis by elliptic curve only has reader, certificate server to know equally, thereby can be for the authentication of certificate server to reader below; Authentication server computes
Figure DEST_PATH_IMAGE045
if,
Figure 929403DEST_PATH_IMAGE045
with receive not etc., illustrate that the other side is not that reader or message were tampered, certificate server stops verification process; Otherwise, completed the authentication to reader; After having completed the authentication of label, reader, certificate server is chosen a random value, calculates
Figure 434520DEST_PATH_IMAGE046
, and use
Figure DEST_PATH_IMAGE047
represent,
Figure 176342DEST_PATH_IMAGE048
, calculate
Figure 953805DEST_PATH_IMAGE047
for consulting afterwards shared secret value, calculate
Figure DEST_PATH_IMAGE049
,
Figure 621415DEST_PATH_IMAGE050
: being hash function, is security parameter, and uses
Figure DEST_PATH_IMAGE051
represent,
Figure 531166DEST_PATH_IMAGE052
, calculate
Figure 325947DEST_PATH_IMAGE051
make MAC code, to label, send,
Step 8: certificate server is chosen a random value, calculates , and use represent,
Figure 201310484464X100001DEST_PATH_IMAGE055
, calculate
Figure 484844DEST_PATH_IMAGE054
for consulting afterwards shared secret value, calculate , and use represent, , calculate as MAC code, to reader, send,
Step 9: tag computation
Figure 998423DEST_PATH_IMAGE049
, with comparing of receiving, if not etc., illustrating that the other side is not that certificate server or message have been tampered, label stops verification process; Otherwise label completes the authentication to certificate server,
Step 10: reader calculated
Figure 452406DEST_PATH_IMAGE056
, with comparing of receiving, if not etc., illustrating that the other side is not that certificate server or message have been tampered, reader stops verification process; Otherwise reader completes the authentication to authentication service,
Step 11: tag computation shared secret value, reader calculated shared secret value,
Step 12: it is session key that label and reader are got cs, ensures subsequent communications safety.
CN201310484464.XA 2013-10-16 2013-10-16 Radio frequency identification system safety certification and key agreement method Pending CN103560881A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201310484464.XA CN103560881A (en) 2013-10-16 2013-10-16 Radio frequency identification system safety certification and key agreement method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201310484464.XA CN103560881A (en) 2013-10-16 2013-10-16 Radio frequency identification system safety certification and key agreement method

Publications (1)

Publication Number Publication Date
CN103560881A true CN103560881A (en) 2014-02-05

Family

ID=50015037

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201310484464.XA Pending CN103560881A (en) 2013-10-16 2013-10-16 Radio frequency identification system safety certification and key agreement method

Country Status (1)

Country Link
CN (1) CN103560881A (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104363097A (en) * 2014-11-14 2015-02-18 电子科技大学 Mutual authentication method for lightweight-class RFID on elliptic curve
CN107403211A (en) * 2017-08-03 2017-11-28 广东工业大学 A kind of method and system of mobile RFID certification
CN107994992A (en) * 2017-11-10 2018-05-04 广东电网有限责任公司电力科学研究院 A kind of RFID bidirectional identification protocols method and device
CN113747425A (en) * 2021-11-04 2021-12-03 晨越建设项目管理集团股份有限公司 RFID label anonymous authentication and key agreement method based on smart city security system
CN114978548A (en) * 2022-05-24 2022-08-30 贵州大学 RFID (radio frequency identification) mutual authentication method and system based on SM2 and SM3 algorithms

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2012003586A1 (en) * 2010-07-08 2012-01-12 Certicom Corp. System and method for performing device authentication using key agreement
CN103020671A (en) * 2012-11-20 2013-04-03 南京邮电大学 Radio frequency identification bidirectional authentication method based on hash function

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2012003586A1 (en) * 2010-07-08 2012-01-12 Certicom Corp. System and method for performing device authentication using key agreement
CN103020671A (en) * 2012-11-20 2013-04-03 南京邮电大学 Radio frequency identification bidirectional authentication method based on hash function

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
QIAOMIN LIN ET AL.: "Novel Three-Party Password-Based Authenticated Key Exchange Protocol for Wireless", 《CWSN 2012》 *
王汝传 等: "基于椭圆曲线的无线多媒体传感器网络安全密钥预分配方案", 《南京邮电大学学报》 *

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104363097A (en) * 2014-11-14 2015-02-18 电子科技大学 Mutual authentication method for lightweight-class RFID on elliptic curve
CN104363097B (en) * 2014-11-14 2017-07-11 电子科技大学 The RFID inter-authentication methods of lightweight on elliptic curve
CN107403211A (en) * 2017-08-03 2017-11-28 广东工业大学 A kind of method and system of mobile RFID certification
CN107403211B (en) * 2017-08-03 2020-12-15 广东工业大学 Method and system for mobile RFID authentication
CN107994992A (en) * 2017-11-10 2018-05-04 广东电网有限责任公司电力科学研究院 A kind of RFID bidirectional identification protocols method and device
CN107994992B (en) * 2017-11-10 2020-11-10 广东电网有限责任公司电力科学研究院 RFID bidirectional authentication protocol method and device
CN113747425A (en) * 2021-11-04 2021-12-03 晨越建设项目管理集团股份有限公司 RFID label anonymous authentication and key agreement method based on smart city security system
CN114978548A (en) * 2022-05-24 2022-08-30 贵州大学 RFID (radio frequency identification) mutual authentication method and system based on SM2 and SM3 algorithms
CN114978548B (en) * 2022-05-24 2023-10-20 贵州大学 RFID mutual authentication method and system based on SM2 and SM3 cryptographic algorithm

Similar Documents

Publication Publication Date Title
Cho et al. Consideration on the brute-force attack cost and retrieval cost: A hash-based radio-frequency identification (RFID) tag mutual authentication protocol
EP2667326B1 (en) Method for dynamic authentication between reader and tag, and device therefor
CN103020671B (en) A kind of radio frequency identification mutual authentication method based on hash function
Chen et al. An ownership transfer scheme using mobile RFIDs
CN103795543A (en) Bidirectional security authentication method for RFIP system
CN110147666B (en) Lightweight NFC identity authentication method in scene of Internet of things and Internet of things communication platform
CN103560881A (en) Radio frequency identification system safety certification and key agreement method
CN103281189A (en) Light weight class safe protocol certification system and method for radio frequency identification equipment
CN104115442A (en) RFID bidirectional authentication method based on asymmetric secret key and Hash function
CN103177273A (en) Low-cost tag based mobile radio frequency identification authentication method
US20120166801A1 (en) Mutual authentication system and method for mobile terminals
CN110190966A (en) A kind of wireless radio frequency identification mark ownership transfer method based on cloud storage
CN102594550A (en) RFID internal mutual authentication safety protocol based on secret key array
CN104579688B (en) It is a kind of based on Hash function can synchronized update key RFID mutual authentication method
CN104754568A (en) Identity recognition method and device based on NFC (Near Field Communication)
Kang Lightweight mutual authentication RFID protocol for secure multi-tag simultaneous authentication in ubiquitous environments
CN106779711A (en) Safe payment method and device based on eID
CN102983979A (en) Quick RFID authentication method based on secret information shared among tags
Baek et al. Secure and lightweight authentication protocol for NFC tag based services
CN109766966B (en) RFID tag random number synchronous updating method
Wang et al. Provable Secure for the Ultra-lightweight RFID Tag Ownership Transfer Protocol in the Context of IoT Commerce.
Wei et al. Tripartite Authentication Protocol RFID/NFC Based on ECC.
Abughazalah et al. Two rounds RFID grouping-proof protocol
Safkhani et al. On the security of mutual authentication protocols for RFID systems: The case of Wei et al.’s protocol
Shi et al. The lightweight RFID grouping-proof protocols with identity authentication and forward security

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
C02 Deemed withdrawal of patent application after publication (patent law 2001)
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20140205