It is a kind of to resist the stolen RFID mutual authentication methods of identification table
Technical field
The present invention relates to a kind of secure two-way authentication methods for RFID automatic recognition systems, and identification table can be prevented stolen
To huge security risk caused by system, belong to field of communication technology.
Background technology
Radio frequency identification (Radio Frequency Identification-RFID) is a kind of utilization radiofrequency signal and space
(inductance or electromagnetic coupling) transmission characteristic is coupled, contactless automatic identification target object is realized and obtains the skill of related data
Art.RFID technique can improve the efficiency of management of product, reduce management cost, but the application designs of RFID initially are complete openings
, which is flexibly exposed to the information wirelessly transmitted also is made while convenience to system data acquisition offer
In public, this significant threat for being undoubtedly information security.
One RFID system generally comprises three major parts:RFID tag, RFID reader and back-end data base.RFID
Label include unique identifier --- ID, key and some parameters, the information of the usually in store label of back-end data base and
The information of label institute marker.Attacker's attacking system is not the ID for obtaining label, the information such as key merely, it is often more important that
Remove the correspondence of acquisition label and marker.Therefore it is the important content to ensure information security to protect this correspondence.
Currently, the settlement mechanism of RFID system information security can be divided into two major class:One kind is Physics Security Tragedy, this
Kind security mechanism relies primarily on additional equipment or hardware capability solves the safety problem of RFID system, as electrostatic screen, active are dry
It disturbs, clip tag etc.;Second class is cipher mechanism, mainly solves RFID system peace by the security protocol based on cryptographic technique
Full problem.
Compared with the hardware security mechanism based on physical method, realize that Encryption Algorithm is more flexible and convenient in circuit, and
And advantage of lower cost, therefore the software safety mechanism based on cryptographic technique receives people and more favors, it is many both at home and abroad
Scholar has done many work on using the security protocol based on cryptographic technique, it is proposed that many schemes, but existing scheme is more
Focus on protection is the message between label and reader, and less to the protection of back-end server data concern, once rear end
Server preserved to identify that the identification table of label is lost, the whole label tapes that will be grasped to system carry out risk, this
A risk is globality.It reads while write device and has functioned only as the bridge beam action communicated between back-end server and label, to reading
The use control for writing device lacks necessary measure.Therefore, existing agreement cannot eliminate the label letter that back-end server is preserved
Risk caused by the information of breath and label institute marker is stolen, it is also necessary to further research and improvement.
Invention content
It is an object of the invention to be directed to the drawback of the prior art, a kind of RFID that resistance identification table is stolen is provided and two-way is recognized
Card method, to solve the information security issue of RFID system.
Problem of the present invention is realized with following technical proposals:
A kind of to resist the stolen RFID mutual authentication methods of identification table, the method executes in logic at one by RFID systems
System is divided into RFID tag, RFID reader and back-end data base and runs in such a system, and RFID tag preserves its mark when initial
Know symbol ID and cipher key T;Back-end data base removes the identifier EID and key that label is preserved using a symmetric cryptography function encrypting
ET makes ID ≠ EID, T ≠ ET;The information that label corresponds to identification object is additionally preserved, the identification table to label is constituted, it is described symmetrical
Cipher function E () meets:Ku is the parameter that user holds, reader read-write mark
It when label, needs to receive parameter Ku, the two-way authentication to label is realized by this parameter and function E ();Concrete operations are by following
Step carries out:
A. it initializes
The label data that Back end data library storage is managed<EIDi,ETi,EToldi,Infoi>, i=1,2 ... after n, n are
The label number that client database is managed, ETold, it is data used in the RFID tag last time, Info is marked by RFID tag
Know the information of article;
It is stored in label i<IDi,Ti>,i∈{1,2,…n}
IDi,TiWith EIDi,ETiRelationship be:
ETi=E (Ti),Ti=E-1(ETi)
Wherein E () is a kind of Encryption Algorithm, E-1() is decipherment algorithm, and used key is dk;Ku is what user held
One parameter;For exclusive or (XOR) operation;
The identification of b.RFID labels
1. user's input parameter Ku is to RFID reader;
2. RFID reader generates a random number Rr, and this random number is sent to RFID tag;
3. after RFID tag to the read-write requests of RFID reader, oneself generates a random number Rt, press later
Formula calculates response message M1、M2And it sends them out:
Wherein, f () is another symmetric cryptography function;
4. after RFID reader receives the response message of RFID tag, using the old owner or current owner, the seller
Parameter Ku to M2Do following operation:
Later by M1,M2Together with RrBack-end data base is sent to be judged;
5. back-end data base does following calculating for each label information stored:
ID'=E-1(EID)
T'=E-1(ET)
Verification:
It is whether true;
It is calculated if invalid:
T'old=E-1(ETold)
Verification:
It is whether true;
If (1a) is invalid with (1b), RFID tag is terminated not over certification, verification process;
It is set up if there is (1a) or (1b), then finds the information of mark Echo Tag, prepare a message M later3:
Subsequent back-end data base executes update operation and is updated if (1a) is set up:
ETold=ET
No matter (1a) set up or (1b) set up, all update:
ETnew=E (Tnew)
Wherein Tnew、ETnewFor data used in label next time certification;
Then back-end data base is by M3It is sent to reader;
6. reader calculates
By M3It is sent to RFID tag;
7. label Verification
If set up, then update;
And complete certification;
Otherwise certification terminates.
The present invention is provided with double shielding to identification table, first, identification table is encrypted;Second is that being cut by arrange parameter
The direct correspondence of the data and label stored data that are preserved in disconnected identification table, thus effectively prevents because of identification table
The stolen huge potential security risk that system is generated.
Description of the drawings
The invention will be further described below in conjunction with the accompanying drawings.
Fig. 1 is the flow chart of data processing figure of the present invention.
Each symbol is in figure:M1, M2, M3For message,For believable message,For incredible message,It is different
Or operation.
Each symbol is in text:Ku is the parameter that user holds, and ID is the unique identifier of RFID tag, and ET is RFID tag
Key, IDiFor the unique identifier of i-th of RFID tag, TiFor the key of i-th of RFID tag, Info is identified by label
The information of article, E () are a kind of Encryption Algorithm, E-1() is decipherment algorithm, and key dk is protected safely in back-end server
It deposits and uses, RrFor the number for initiating to inquire to label that RFID reader generates, RtOne is generated for RFID tag at random
Number, f () are a symmetric cryptography function.
Specific implementation mode
The present invention proposes the mutual authentication method between a kind of RFID tag and reader, relative to other methods, we
Method can prevent because the information for the label information and label institute marker that back-end server is kept it is stolen caused by risk.
Specific steps include:
1. initialization
The label data that Back end data library storage is managed<EIDi,ETi,EToldi,Infoi>, i=1,2 ... after n, n are
The label number that client database is managed, ETold, it is data used in the label last time, Info is label institute marking articles
Information.
It is stored in label i<IDi,Ti>,i∈{1,2,…n}
IDi,TiAnd EIDi,ETiRelationship is:
ETi=E (Ti),Ti=E-1(ETi)
Reader needs to carry out the work such as safety certification when connecting back-end server, sets up the peace of believable message transmission
Full tunnel.
2. identification
Step 0:Prepare before operation.User's input parameter Ku is to reader.
Step 1:RFID reader is by an arbitrary number RrIt is sent to RFID tag.
Step 2:After label receives the read-write requests of reader, oneself generates a random number Rt, response is calculated later
Message M1,M2And it sends them out:
Step 3:After reader receives the message of the response of label, using parameter Ku to M2Do following operation:
Later by M1,M2Together with RrBack-end data base is sent to be judged.
Step 4:Back-end data base does following calculating for each label information stored:
EID=E-1(EID)
T'=E-1(ET)
Verification:
It is whether true.
It is calculated if invalid:
T'old=E-1(ETold)
Verification:
It is whether true.
If (1a) is invalid with (1b), RFID tag is terminated not over certification, verification process;
It is set up if there is (1a) or (1b), then indicates that back-end data base finds the information of mark Echo Tag, Zhi Houzhun
A standby message M3:
Subsequent back-end data base executes update operation and is then updated if (1a) is set up:
ETold=ET
No matter (1a) set up or (1b) set up, all update:
ETnew=E (Tnew)
Then back-end data base is by M3It is sent to reader.
Step 5:Reader calculates
By M3It is sent to label.
Step 6:Label Verification
If set up, then update
And complete process;Else process terminates.