CN104601334B - It is a kind of to resist the stolen RFID mutual authentication methods of identification table - Google Patents
It is a kind of to resist the stolen RFID mutual authentication methods of identification table Download PDFInfo
- Publication number
- CN104601334B CN104601334B CN201510091035.5A CN201510091035A CN104601334B CN 104601334 B CN104601334 B CN 104601334B CN 201510091035 A CN201510091035 A CN 201510091035A CN 104601334 B CN104601334 B CN 104601334B
- Authority
- CN
- China
- Prior art keywords
- label
- rfid
- rfid tag
- end data
- reader
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Abstract
It is a kind of to resist the stolen RFID mutual authentication methods of identification table, it is executed at one and RFID system is divided into RFID tag, RFID reader and back-end data base in logic, RFID tag preserves its unique identifier when initialIDAnd keyT;Back-end data base removes the unique identifier that label is preserved using a symmetric cryptography function encryptingID' and keyT', makeID≠ID',T≠T', the information that label corresponds to identification object is additionally preserved, is constituted to the identification table of label, when reader read write tag, needs to receive parameterKu, pass through this parameter and functionE() realizes the two-way authentication to label.Present invention effectively prevents because of the stolen potential security risk generated to system of identification table.
Description
Technical field
The present invention relates to a kind of secure two-way authentication methods for RFID automatic recognition systems, and identification table can be prevented stolen
To huge security risk caused by system, belong to field of communication technology.
Background technology
Radio frequency identification (Radio Frequency Identification-RFID) is a kind of utilization radiofrequency signal and space
(inductance or electromagnetic coupling) transmission characteristic is coupled, contactless automatic identification target object is realized and obtains the skill of related data
Art.RFID technique can improve the efficiency of management of product, reduce management cost, but the application designs of RFID initially are complete openings
, which is flexibly exposed to the information wirelessly transmitted also is made while convenience to system data acquisition offer
In public, this significant threat for being undoubtedly information security.
One RFID system generally comprises three major parts:RFID tag, RFID reader and back-end data base.RFID
Label include unique identifier --- ID, key and some parameters, the information of the usually in store label of back-end data base and
The information of label institute marker.Attacker's attacking system is not the ID for obtaining label, the information such as key merely, it is often more important that
Remove the correspondence of acquisition label and marker.Therefore it is the important content to ensure information security to protect this correspondence.
Currently, the settlement mechanism of RFID system information security can be divided into two major class:One kind is Physics Security Tragedy, this
Kind security mechanism relies primarily on additional equipment or hardware capability solves the safety problem of RFID system, as electrostatic screen, active are dry
It disturbs, clip tag etc.;Second class is cipher mechanism, mainly solves RFID system peace by the security protocol based on cryptographic technique
Full problem.
Compared with the hardware security mechanism based on physical method, realize that Encryption Algorithm is more flexible and convenient in circuit, and
And advantage of lower cost, therefore the software safety mechanism based on cryptographic technique receives people and more favors, it is many both at home and abroad
Scholar has done many work on using the security protocol based on cryptographic technique, it is proposed that many schemes, but existing scheme is more
Focus on protection is the message between label and reader, and less to the protection of back-end server data concern, once rear end
Server preserved to identify that the identification table of label is lost, the whole label tapes that will be grasped to system carry out risk, this
A risk is globality.It reads while write device and has functioned only as the bridge beam action communicated between back-end server and label, to reading
The use control for writing device lacks necessary measure.Therefore, existing agreement cannot eliminate the label letter that back-end server is preserved
Risk caused by the information of breath and label institute marker is stolen, it is also necessary to further research and improvement.
Invention content
It is an object of the invention to be directed to the drawback of the prior art, a kind of RFID that resistance identification table is stolen is provided and two-way is recognized
Card method, to solve the information security issue of RFID system.
Problem of the present invention is realized with following technical proposals:
A kind of to resist the stolen RFID mutual authentication methods of identification table, the method executes in logic at one by RFID systems
System is divided into RFID tag, RFID reader and back-end data base and runs in such a system, and RFID tag preserves its mark when initial
Know symbol ID and cipher key T;Back-end data base removes the identifier EID and key that label is preserved using a symmetric cryptography function encrypting
ET makes ID ≠ EID, T ≠ ET;The information that label corresponds to identification object is additionally preserved, the identification table to label is constituted, it is described symmetrical
Cipher function E () meets:Ku is the parameter that user holds, reader read-write mark
It when label, needs to receive parameter Ku, the two-way authentication to label is realized by this parameter and function E ();Concrete operations are by following
Step carries out:
A. it initializes
The label data that Back end data library storage is managed<EIDi,ETi,EToldi,Infoi>, i=1,2 ... after n, n are
The label number that client database is managed, ETold, it is data used in the RFID tag last time, Info is marked by RFID tag
Know the information of article;
It is stored in label i<IDi,Ti>,i∈{1,2,…n}
IDi,TiWith EIDi,ETiRelationship be:
ETi=E (Ti),Ti=E-1(ETi)
Wherein E () is a kind of Encryption Algorithm, E-1() is decipherment algorithm, and used key is dk;Ku is what user held
One parameter;For exclusive or (XOR) operation;
The identification of b.RFID labels
1. user's input parameter Ku is to RFID reader;
2. RFID reader generates a random number Rr, and this random number is sent to RFID tag;
3. after RFID tag to the read-write requests of RFID reader, oneself generates a random number Rt, press later
Formula calculates response message M1、M2And it sends them out:
Wherein, f () is another symmetric cryptography function;
4. after RFID reader receives the response message of RFID tag, using the old owner or current owner, the seller
Parameter Ku to M2Do following operation:
Later by M1,M2Together with RrBack-end data base is sent to be judged;
5. back-end data base does following calculating for each label information stored:
ID'=E-1(EID)
T'=E-1(ET)
Verification:
It is whether true;
It is calculated if invalid:
T'old=E-1(ETold)
Verification:
It is whether true;
If (1a) is invalid with (1b), RFID tag is terminated not over certification, verification process;
It is set up if there is (1a) or (1b), then finds the information of mark Echo Tag, prepare a message M later3:
Subsequent back-end data base executes update operation and is updated if (1a) is set up:
ETold=ET
No matter (1a) set up or (1b) set up, all update:
ETnew=E (Tnew)
Wherein Tnew、ETnewFor data used in label next time certification;
Then back-end data base is by M3It is sent to reader;
6. reader calculates
By M3It is sent to RFID tag;
7. label Verification
If set up, then update;
And complete certification;
Otherwise certification terminates.
The present invention is provided with double shielding to identification table, first, identification table is encrypted;Second is that being cut by arrange parameter
The direct correspondence of the data and label stored data that are preserved in disconnected identification table, thus effectively prevents because of identification table
The stolen huge potential security risk that system is generated.
Description of the drawings
The invention will be further described below in conjunction with the accompanying drawings.
Fig. 1 is the flow chart of data processing figure of the present invention.
Each symbol is in figure:M1, M2, M3For message,For believable message,For incredible message,It is different
Or operation.
Each symbol is in text:Ku is the parameter that user holds, and ID is the unique identifier of RFID tag, and ET is RFID tag
Key, IDiFor the unique identifier of i-th of RFID tag, TiFor the key of i-th of RFID tag, Info is identified by label
The information of article, E () are a kind of Encryption Algorithm, E-1() is decipherment algorithm, and key dk is protected safely in back-end server
It deposits and uses, RrFor the number for initiating to inquire to label that RFID reader generates, RtOne is generated for RFID tag at random
Number, f () are a symmetric cryptography function.
Specific implementation mode
The present invention proposes the mutual authentication method between a kind of RFID tag and reader, relative to other methods, we
Method can prevent because the information for the label information and label institute marker that back-end server is kept it is stolen caused by risk.
Specific steps include:
1. initialization
The label data that Back end data library storage is managed<EIDi,ETi,EToldi,Infoi>, i=1,2 ... after n, n are
The label number that client database is managed, ETold, it is data used in the label last time, Info is label institute marking articles
Information.
It is stored in label i<IDi,Ti>,i∈{1,2,…n}
IDi,TiAnd EIDi,ETiRelationship is:
ETi=E (Ti),Ti=E-1(ETi)
Reader needs to carry out the work such as safety certification when connecting back-end server, sets up the peace of believable message transmission
Full tunnel.
2. identification
Step 0:Prepare before operation.User's input parameter Ku is to reader.
Step 1:RFID reader is by an arbitrary number RrIt is sent to RFID tag.
Step 2:After label receives the read-write requests of reader, oneself generates a random number Rt, response is calculated later
Message M1,M2And it sends them out:
Step 3:After reader receives the message of the response of label, using parameter Ku to M2Do following operation:
Later by M1,M2Together with RrBack-end data base is sent to be judged.
Step 4:Back-end data base does following calculating for each label information stored:
EID=E-1(EID)
T'=E-1(ET)
Verification:
It is whether true.
It is calculated if invalid:
T'old=E-1(ETold)
Verification:
It is whether true.
If (1a) is invalid with (1b), RFID tag is terminated not over certification, verification process;
It is set up if there is (1a) or (1b), then indicates that back-end data base finds the information of mark Echo Tag, Zhi Houzhun
A standby message M3:
Subsequent back-end data base executes update operation and is then updated if (1a) is set up:
ETold=ET
No matter (1a) set up or (1b) set up, all update:
ETnew=E (Tnew)
Then back-end data base is by M3It is sent to reader.
Step 5:Reader calculates
By M3It is sent to label.
Step 6:Label Verification
If set up, then update
And complete process;Else process terminates.
Claims (1)
1. a kind of resisting the stolen RFID mutual authentication methods of identification table, characterized in that the method executes in logic at one
RFID system is divided into RFID tag, RFID reader and back-end data base and is run in such a system, RFID tag when initial
Preserve its identifier ID and cipher key T;Back-end data base removes the identifier EID that label is preserved using a symmetric cryptography function encrypting
With key ET, make ID ≠ EID, T ≠ ET;The information that label corresponds to identification object is additionally preserved, the identification table to label, institute are constituted
State symmetric cryptography function E () satisfactions:ET=E (T), Ku are the parameter that user holds, reader read-write
It when label, needs to receive parameter Ku, the two-way authentication to label is realized by this parameter and function E ();Concrete operations press with
Lower step carries out:
A. it initializes
The label data that Back end data library storage is managed<EIDi,ETi,EToldi,Infoi>, i=1,2 ... n, n are Back end data
The label number that library is managed, ETold, it is data used in the RFID tag last time, Info is RFID tag institute marking articles
Information;
It is stored in label i<IDi,Ti>,i∈{1,2,…n}
IDi,TiWith EIDi,ETiRelationship be:
ETi=E (Ti),Ti=E-1(ETi)
Wherein E () is a kind of Encryption Algorithm, E-1() is decipherment algorithm, and used key is dk;Ku is one that user holds
Parameter;For exclusive or (XOR) operation;
The identification of b.RFID labels
1. user's input parameter Ku is to RFID reader;
2. RFID reader generates a random number Rr, and this random number is sent to RFID tag;
3. after RFID tag to the read-write requests of RFID reader, oneself generates a random number Rt, it is calculated as follows later
Response message M1、M2And it sends them out:
Wherein, f () is another symmetric cryptography function;
4. after RFID reader receives the response message of RFID tag, using the ginseng of the old owner or current owner, the seller
Number Ku is to M2Do following operation:
Later by M1,M2Together with RrBack-end data base is sent to be judged;
5. back-end data base does following calculating for each label information stored:
ID'=E-1(EID)
T'=E-1(ET)
Verification:
It is whether true;
It is calculated if invalid:
T'old=E-1(ETold)
Verification:
It is whether true;
If (1a) is invalid with (1b), RFID tag is terminated not over certification, verification process;
It is set up if there is (1a) or (1b), then finds the information of mark Echo Tag, prepare a message M later3:
Subsequent back-end data base executes update operation and is updated if (1a) is set up:
ETold=ET
No matter (1a) set up or (1b) set up, all update:
ETnew=E (Tnew)
Wherein Tnew、ETnewFor data used in label next time certification;
Then back-end data base is by M3It is sent to reader;
6. reader calculates
By M3It is sent to RFID tag;
7. label Verification
If set up, then update;
And complete certification;
Otherwise certification terminates.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510091035.5A CN104601334B (en) | 2015-03-01 | 2015-03-01 | It is a kind of to resist the stolen RFID mutual authentication methods of identification table |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510091035.5A CN104601334B (en) | 2015-03-01 | 2015-03-01 | It is a kind of to resist the stolen RFID mutual authentication methods of identification table |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104601334A CN104601334A (en) | 2015-05-06 |
| CN104601334B true CN104601334B (en) | 2018-09-11 |
Family
ID=53126864
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510091035.5A Active CN104601334B (en) | 2015-03-01 | 2015-03-01 | It is a kind of to resist the stolen RFID mutual authentication methods of identification table |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104601334B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106485292B (en) * | 2015-08-28 | 2020-01-14 | 重庆品胜科技有限公司 | Method and system for verifying authenticity of carbon ribbon cartridge on thermal transfer printing equipment |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2001054083A1 (en) * | 2000-01-18 | 2001-07-26 | Infineon Technologies Ag | Microprocessor system with encoding |
| CN102111758A (en) * | 2009-12-28 | 2011-06-29 | 北京安码科技有限公司 | Method for solving end-to-end problem in mobile communication based on encryption system |
| CN102737260A (en) * | 2011-04-15 | 2012-10-17 | 深联致远(北京)科技有限公司 | Method and apparatus for identifying and verifying RFID privacy protection |
-
2015
- 2015-03-01 CN CN201510091035.5A patent/CN104601334B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2001054083A1 (en) * | 2000-01-18 | 2001-07-26 | Infineon Technologies Ag | Microprocessor system with encoding |
| CN102111758A (en) * | 2009-12-28 | 2011-06-29 | 北京安码科技有限公司 | Method for solving end-to-end problem in mobile communication based on encryption system |
| CN102737260A (en) * | 2011-04-15 | 2012-10-17 | 深联致远(北京)科技有限公司 | Method and apparatus for identifying and verifying RFID privacy protection |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104601334A (en) | 2015-05-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104217230B (en) | The safety certifying method of hiding ultrahigh frequency electronic tag identifier | |
| KR100805273B1 (en) | Method and system for identfying information of product in display or in buy with radio frequency identification system and recording medium thereof | |
| CN104184733B (en) | A kind of RFID lightweight mutual authentication methods encoded based on CRC | |
| JP4913868B2 (en) | RFID reader, RFID tag, and secure communication method for RFID system | |
| CN104115442B (en) | RFID bidirectional authentication method based on asymmetric secret key and Hash function | |
| CN102882683B (en) | Synchronizable RFID (radio-frequency identification) security authentication method | |
| MX2010011809A (en) | System of providing a fixed identification of a transponder while keeping privacy and avoiding tracking. | |
| CN101980241B (en) | Method, system and device for authenticating radio frequency tag | |
| CN103532718A (en) | Authentication method and authentication system | |
| CN102043973B (en) | RFID ownership transfer method based on partially trusted centre | |
| CN104579688B (en) | It is a kind of based on Hash function can synchronized update key RFID mutual authentication method | |
| Lin et al. | Nonidentifiable RFID privacy protection with ownership transfer | |
| CN104700125A (en) | AES encryption and verification of ultra high frequency radio identification system | |
| Chen et al. | Enhancement of the RFID security method with ownership transfer | |
| CN104601334B (en) | It is a kind of to resist the stolen RFID mutual authentication methods of identification table | |
| CN104702407B (en) | Digital signature device, system and digital signature method | |
| CN104579673A (en) | Interactive authentication method between RFID card and card reader | |
| Rahnama et al. | Securing RFID-based authentication systems using ParseKey+ | |
| CN104618118B (en) | A kind of RFID ownership changes support method | |
| CN108234126A (en) | For the system and method remotely opened an account | |
| CN106778939A (en) | Electronic tag sensor-based system | |
| CN109525395B (en) | Signature information transmission method and device, storage medium and electronic device | |
| KR101053636B1 (en) | Encryption/decryption method and system for rfid tag and reader using multi algorithm | |
| CN102238535B (en) | Wireless real time location method capable of achieving data security | |
| CN104683108A (en) | Security authentication method for repealing radio frequency identification tag application of multi-application card |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20161221 Address after: 050081 friendship Street, Shijiazhuang, Hebei, No. 46 Applicant after: APPLICATION MATHEMATICS INSTITUTE, HEBEI ACADEMY OF SCIENCES Address before: 050081 Hebei, Shijiazhuang friendship south street, building 46, No. 1 Applicant before: Shijiazhuang Development Zone Jike Shangshi Sci-Tech Co., Ltd. |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20210106 Address after: 315000 8-3-13, 227 Tongji Road, Jiangbei District, Ningbo City, Zhejiang Province Patentee after: Zhejiang Liangjing Network Technology Co.,Ltd. Address before: 050081 No. 46 friendship south street, Hebei, Shijiazhuang Patentee before: INSTITUTE OF APPLIED MATHEMATICS, HEBEI ACADEMY OF SCIENCES |