CN104883681B - A kind of mobile RFID mutual authentication method based on Dynamic-shared key - Google Patents

A kind of mobile RFID mutual authentication method based on Dynamic-shared key Download PDF

Info

Publication number
CN104883681B
CN104883681B CN201510222060.2A CN201510222060A CN104883681B CN 104883681 B CN104883681 B CN 104883681B CN 201510222060 A CN201510222060 A CN 201510222060A CN 104883681 B CN104883681 B CN 104883681B
Authority
CN
China
Prior art keywords
reader
tag
shared key
label
tables
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN201510222060.2A
Other languages
Chinese (zh)
Other versions
CN104883681A (en
Inventor
王国伟
张敏
郭海儒
薛曼君
彭维平
贾宗璞
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Henan University of Technology
Original Assignee
Henan University of Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Henan University of Technology filed Critical Henan University of Technology
Priority to CN201510222060.2A priority Critical patent/CN104883681B/en
Publication of CN104883681A publication Critical patent/CN104883681A/en
Application granted granted Critical
Publication of CN104883681B publication Critical patent/CN104883681B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

本发明公开了一种针对移动无线射频识别的随机动态共享密钥的双向认证方法,用于解决无线射频识别认证方法中面临的动态共享密钥安全更新和遭受攻击后的同步问题以及易遭受的其他安全威胁。技术方案改进传统只使用随机数进行身份认证的方法,不仅使标签产生的随机数作为标签与后台数据库之间相互认证的参数,还使其作为后台数据库、阅读器和标签动态更新共享密钥的种子,实现共享密钥安全和随机动态更新;方案采用后台数据库分表存储历史共享密钥并进行动态添加和删除的方法,保证在遭受攻击后使阅读器、标签与后台数据库之间的共享密钥保持同步。本发明能够防范针对移动RFID系统的多项安全攻击,并在关键的标签性能方面具有很高的效率。

The invention discloses a two-way authentication method of a random dynamic shared key for mobile radio frequency identification, which is used to solve the security update of the dynamic shared key and the synchronization problem after being attacked in the radio frequency identification authentication method, as well as the vulnerability other security threats. The technical solution improves the traditional method of only using random numbers for identity authentication, not only makes the random number generated by the tag serve as a parameter for mutual authentication between the tag and the background database, but also makes it a means for the background database, reader and tag to dynamically update the shared key. Seeds to achieve shared key security and random dynamic update; the scheme adopts the method of storing historical shared keys in separate tables in the background database and dynamically adding and deleting them, so as to ensure that the shared keys between readers, tags and the background database are protected after being attacked. keys are kept in sync. The invention can prevent multiple security attacks aimed at the mobile RFID system, and has high efficiency in key label performance.

Description

一种基于动态共享密钥的移动RFID双向认证方法A Mobile RFID Two-way Authentication Method Based on Dynamic Shared Key

技术领域technical field

本发明涉及无线射频识别技术,特别是涉及移动无线射频识别有关的基于随机动态共享密钥的安全认证方法。The invention relates to radio frequency identification technology, in particular to a safety authentication method based on random dynamic shared key related to mobile radio frequency identification.

背景技术Background technique

无线射频识别(Radio Frequency Identification,RFID)是物联网的关键实现技术之一。RFID在推动物联网快速发展的同时伴随着严重的安全威胁,其中最重要的两方面是身份认证和隐私保护。在移动RFID系统中,可移动阅读器与后台数据库、可移动阅读器与标签之间均以无线信号方式在不安全的开放信道进行通信。因此移动RFID系统面临的安全风险也更加严重和多样化。Radio Frequency Identification (RFID) is one of the key implementation technologies of the Internet of Things. While RFID is promoting the rapid development of the Internet of Things, it is accompanied by serious security threats. The two most important aspects are identity authentication and privacy protection. In the mobile RFID system, the mobile reader communicates with the background database, the mobile reader and the tag in an unsafe open channel in the form of wireless signals. Therefore, the security risks faced by mobile RFID systems are more serious and diverse.

在国内外学者提出的认证方法中,大多数是针对传统的RFID系统进行设计,这些方法以固定式阅读器有线连接后台数据库并进行安全通信为前提,因此不能适用于阅读器和后台数据库以无线信号方式进行不安全通信的移动RFID系统。在移动RFID认证方法中,采用动态更新共享密钥的机制可以有效解决密钥管理困难的问题,但却存在一个非常重要的数据同步问题:后台数据库中所保存的标签密钥必须和存储在标签中的密钥同步进行更新。然而在RFID系统中,低成本的标签依靠外部电磁感应供给能量,一旦出现掉电或通信阻塞,就会造成后台数据库和标签之间的共享密钥不一致,使得在下一次认证过程中合法标签无法通过认证和识别。此外,如果更新共享密钥的参数不具有机密性,使得通过截获不安全通道中传输的数据进而计算出更新后的密钥,则会带来密钥泄漏的风险。因此,密钥的安全同步更新和遭受攻击后的同步机制成为此类移动RFID认证协议的难题。Among the authentication methods proposed by scholars at home and abroad, most of them are designed for traditional RFID systems. These methods are based on the premise that the fixed reader is connected to the background database with a cable and performs secure communication, so it cannot be applied to the reader and the background database. Mobile RFID systems that communicate insecurely by means of signals. In the mobile RFID authentication method, the mechanism of dynamically updating the shared key can effectively solve the difficult problem of key management, but there is a very important data synchronization problem: the tag key stored in the background database must be the same as that stored in the tag The key in is updated synchronously. However, in the RFID system, low-cost tags rely on external electromagnetic induction to supply energy. Once power failure or communication blockage occurs, the shared key between the background database and the tag will be inconsistent, making it impossible for the legitimate tag to pass in the next authentication process. Authentication and identification. In addition, if the parameters for updating the shared key are not confidential, so that the updated key is calculated by intercepting the data transmitted in the insecure channel, there will be a risk of key leakage. Therefore, the secure synchronous update of the key and the synchronization mechanism after being attacked have become difficult problems for this type of mobile RFID authentication protocol.

目前的认证方法只能在一定程度上防范去同步化攻击,且不能防范连续发生超过2次以上的去同步化攻击;还有的认证方法当伪造标签和相应的合法标签在阅读器无线信号覆盖范围内时,敌手可通过伪造的第三方伪造标签欺骗合法阅读器解锁并显示合法标签的信息,因此不能防范标签伪造且存在中间人攻击和重放攻击漏洞,也不能防范标签伪造和重放攻击。The current authentication methods can only prevent desynchronization attacks to a certain extent, and cannot prevent more than two consecutive desynchronization attacks; there are other authentication methods when the forged label and the corresponding legal label are covered by the wireless signal of the reader. When within the range, the adversary can deceive the legitimate reader to unlock and display the information of the legal tag through the forged third-party forged tag, so it cannot prevent tag forgery and there are man-in-the-middle attack and replay attack vulnerabilities, nor can it prevent tag forgery and replay attack.

发明内容Contents of the invention

为解决采用动态共享密钥的移动RFID认证方法中不能彻底防范去同步化攻击、动态共享密钥无法安全更新问题,以及易遭受各种安全攻击问题,本发明提出一种基于动态共享密钥的移动RFID双向认证方法,在防范针对移动RFID的安全攻击的同时,具有较高的标签性能。In order to solve the problem that the mobile RFID authentication method using the dynamic shared key cannot completely prevent desynchronization attacks, the dynamic shared key cannot be safely updated, and is vulnerable to various security attacks, the present invention proposes a dynamic shared key-based The mobile RFID two-way authentication method has high tag performance while preventing security attacks against mobile RFID.

为达到以上目的,本发明采用的技术方案如下:For achieving above object, the technical scheme that the present invention adopts is as follows:

一、初始化阶段:后台数据库设置四张数据表用于存储标签和阅读器与后台数据库的共享密钥和身份标识信息,其中标签的当前信息表Tag_c_au中存储标签ID、当前共享密钥、标签ID以当前密钥为参数的Hash码;标签的历史信息表Tag_h_au中存储标签ID、标签历史共享密钥、标签ID以历史共享密钥为参数的Hash码;阅读器当前信息表Reader_c_au中存储阅读器身份标识和当前密钥;阅读器历史信息表Reader_h_au中存储阅读器身份标识和历史密钥;每个标签中存储与后台数据库的共享密钥,并包含一个单向Hash函数和伪随机数生成器;阅读器存储和后台数据库的共享密钥,并包含同样的Hash函数和伪随机数生成器;1. Initialization stage: The background database sets four data tables to store the shared key and identity information of the tag and the reader and the background database. The current information table Tag_c_au of the tag stores the tag ID, the current shared key, and the tag ID The Hash code with the current key as a parameter; the tag ID, the tag history shared key, and the hash code of the tag ID with the historical shared key as a parameter are stored in the tag's historical information table Tag_h_au; the reader's current information table Reader_c_au stores the reader Identity and current key; reader identity and historical key are stored in reader history information table Reader_h_au; each tag stores a shared key with the background database, and contains a one-way Hash function and a pseudo-random number generator ;The reader stores the shared key with the background database, and contains the same Hash function and pseudo-random number generator;

二、认证阶段:2. Certification stage:

第一步:阅读器向标签发送认证请求Query;Step 1: The reader sends an authentication request Query to the tag;

第二步:标签产生随机数St并计算单向哈希函数和伪随机数然后将发送给阅读器,其中IDt为标签的ID 标识,为标签与后台数据库的当前共享密钥,为标签与后台数据库更新后的共享密钥,为阅读器与后台数据库的当前共享密钥;Step 2: The tag generates a random number S t and calculates a one-way hash function and pseudorandom numbers followed by and sent to the reader, where ID t is the ID of the tag, is the current shared key of the tag and background database, is the updated shared key between the label and the background database, It is the current shared key between the reader and the background database;

第三步:阅读器生成随机数Sr,计算然后将和Sr以及发送给后台数据库,其中IDr为阅读器的ID标识,;Step 3: The reader generates a random number S r and calculates followed by and S r and Send to the background database, where ID r is the ID of the reader;

第四步:后台数据库分别对阅读器和标签进行认证;Step 4: The background database authenticates the reader and the tag respectively;

1)阅读器认证:后台数据库遍历Reader_c_au数据表并根据接收到的Sr计算每个然后和接收到的进行比较,若存在一致,则阅读器通过认证;若不存在一致,则遍历Reader_h_au数据表计算每个并和接收到的进行比较,若存在一致,则阅读器通过认证;若两次遍历均不存在一致的情况,则阅读器非法,认证失败;1) Reader authentication: the background database traverses the Reader_c_au data table and calculates each and then receive the For comparison, if there is a consistency, the reader passes the authentication; if there is no consistency, traverse the Reader_h_au data table to calculate each and received Compare, if there is a consistency, the reader passes the authentication; if there is no consistency in the two traversals, the reader is illegal and the authentication fails;

2)标签认证:在阅读器认证通过的情况下,后台数据库根据查询Tag_c_au数据表:(1)若在Tag_c_au表查询到结果,则取出然后和接收到的进行异或运算,可得然后进行运算,并和接收到的进行比较,若一致,则标签通过认证,若不一致,则标签非法,认证结束;(2)若在Tag_c_au数据表查询不到结果,则遍历Tag_h_au数据表进行查询,如果查询到结果,取出然后进行 运算,并和接收到的进行比较,若一致,则标签通过认证,若不一致,则标签非法,认证结束;3)若在Tag_c_au表和Tag_c_au表均查询不到结果,说明标签非法,认证失败;2) Tag authentication: when the reader authentication is passed, the background database will Query the Tag_c_au data table: (1) If the result is found in the Tag_c_au table, take it out and then receive the XOR operation is performed to get then proceed operation, and and the received Compare, if they are consistent, the tag has passed the authentication, if not, the tag is illegal, and the authentication is over; (2) If the result cannot be found in the Tag_c_au data table, then traverse the Tag_h_au data table for query, if the result is found, take out then proceed and operation, and and the received Compare, if consistent, the tag passes the authentication, if inconsistent, the tag is illegal, and the authentication ends; 3) If no result can be found in both the Tag_c_au table and the Tag_c_au table, it means the tag is illegal and the authentication fails;

3)在阅读器和标签均通过认证的情况下:3) In the case where both the reader and the tag are certified:

(1)后台数据库计算并将Reader_c_au中IDr对应的当前共享密钥更新为后台数据库根据第四步阅读器认证过程中进行一致性比较的来源数据表进行判断和操作:如果是Reader_c_au数据表,则后台数据库删除Reader_h_au数据表中该阅读器对应的数据,然后将和IDr添加到Reader_h_au数据表中;如果是Reader_h_au数据表,则不对Reader_h_au数据表进行任何操作;(1) Background database calculation And update the current shared key corresponding to ID r in Reader_c_au to The background database judges and operates according to the source data table for consistency comparison in the fourth step of the reader authentication process: if it is the Reader_c_au data table, the background database deletes the data corresponding to the reader in the Reader_h_au data table, and then and ID r are added to the Reader_h_au data table; if it is the Reader_h_au data table, no operation is performed on the Reader_h_au data table;

(2)后台数据库计算并将Tag_c_au中IDt对应的当前共享密钥更新为标签ID的Hash码更新为然后根据第四步标签认证过程中查询到IDt的来源数据表进行判断和计算:如果是Tag_c_au数据表,后台数据库删除Tag_h_au数据表中该标签对应的数据,然后将IDt添加到Tag_h_au数据表中;如果是Tag_h_au数据表,则不对Tag_h_au数据表进行任何操作;(2) Background database calculation And update the current shared key corresponding to ID t in Tag_c_au to The hash code of the tag ID is updated as Then judge and calculate according to the source data table of ID t queried in the fourth step of the tag authentication process: if it is the Tag_c_au data table, the background database deletes the data corresponding to the tag in the Tag_h_au data table, and then ID t and Add to the Tag_h_au data table; if it is the Tag_h_au data table, do not perform any operations on the Tag_h_au data table;

4)后台数据库使用与阅读器的共享密钥加密计算对称加密算法然后将 转发给阅读器;4) The background database uses the shared key with the reader Encryption Computing Symmetric Encryption Algorithm followed by and forwarded to the reader;

第五步:阅读器使用与后台数据库的共享密钥解密接收到的计算然后根据获得的Sr和原来的随机数Sr进行比较,若一致,则后台数据库通过认证,阅读器使用获得的St更新共享密钥然后发送 给标签;若比较不一致,则认证失败。Step 5: The reader uses the shared key with the background database to decrypt the received calculate Then compare the obtained S r with the original random number S r , if they are consistent, the background database passes the authentication, and the reader uses the obtained S t to update the shared key then send Give the label; if the comparison is inconsistent, the authentication will fail.

第六步:标签接收到数据后,计算并和接收到的进行比较,若比较不一致,认证失败;若一致,则阅读器合法,标签更新共享密钥 本发明有益效果:Step 6: After the tag receives the data, calculate and received Make a comparison, if the comparison is inconsistent, the authentication fails; if they are consistent, the reader is legal, and the tag updates the shared key Beneficial effects of the present invention:

采用本发明后,在认证时,可防范针对RFID系统的位置追踪、重放攻击、去同步化攻击、中间人攻击等多项安全威胁,弥补同类RFID认证方法存在的安全缺陷。After adopting the present invention, multiple security threats such as location tracking, replay attack, desynchronization attack and man-in-the-middle attack against the RFID system can be prevented during authentication, and the security defects existing in similar RFID authentication methods can be made up.

另外,本发明还能够实现共享密钥随机动态安全更新,且不能通过认证过程中的数据进行推导,标签效率性能更好。In addition, the present invention can also realize the random dynamic security update of the shared key, and cannot be deduced through the data in the authentication process, and the tag efficiency performance is better.

附图说明Description of drawings

图1是本发明的认证基本流程图。Fig. 1 is the basic flowchart of the authentication of the present invention.

具体实施方式Detailed ways

符号说明Symbol Description

表1 符号说明Table 1 Symbol description

以下结合附图对本发明作进一步详细说明。The present invention will be described in further detail below in conjunction with the accompanying drawings.

初始化阶段:系统初始化时,后台数据库设置四张数据表用于存储标签和阅读器与后台数据库的共享密钥和身份标识信息。其中标签的当前信息表Tag_c_au中存储标签ID、当前共享密钥、标签ID以当前密钥为参数的Hash码;标签的历史信息表Tag_h_au中存储标签ID、标签历史共享密钥、标签ID以历史共享密钥为参数的Hash码;阅读器当前信息表Reader_c_au中存储阅读器身份标识和当前密钥;阅读器历史信息表Reader_h_au中存储阅读器身份标识和历史密钥。每个标签中存储与后台数据库的共享密钥,并包含一个单向Hash函数和伪随机数生成器;阅读器存储和后台数据库的共享密钥,并包含同样的Hash函数和伪随机数生成器。Initialization stage: When the system is initialized, four data tables are set up in the background database to store the shared key and identification information of the tag and the reader and the background database. The tag's current information table Tag_c_au stores the tag ID, the current shared key, and the hash code of the tag ID with the current key as a parameter; the tag's history information table Tag_h_au stores the tag ID, the tag history shared key, and the tag ID with the history The shared key is the Hash code of the parameter; the reader identity and the current key are stored in the reader current information table Reader_c_au; the reader identity and the historical key are stored in the reader history information table Reader_h_au. Each tag stores the shared key with the background database, and contains a one-way Hash function and pseudo-random number generator; the reader stores the shared key with the background database, and contains the same Hash function and pseudo-random number generator .

认证阶段:Authentication phase:

第一步:阅读器向标签发送认证请求Query。Step 1: The reader sends an authentication request Query to the tag.

第二步:标签产生随机数St并计算然后将 发送给阅读器。Step 2: The label generates a random number S t and calculates and followed by and sent to the reader.

第三步:阅读器生成随机数Sr,计算然后将和Sr以及发送给后台数据库。Step 3: The reader generates a random number S r and calculates followed by and S r and sent to the background database.

第四步:后台数据库分别对阅读器和标签进行认证。Step 4: The background database authenticates the reader and the tag respectively.

1)阅读器认证:后台数据库遍历Reader_c_au数据表并根据接收到的Sr计算每个然后和接收到的进行比较,若存在一致,则阅读器通过认证;若不存在一致,则遍历Reader_h_au数据表计算每个并和接收到的进行比较,若存在一致,则阅读器通过认证;若两次遍历均不存在一致的情况,则阅读器非法,认证失败。1) Reader authentication: the background database traverses the Reader_c_au data table and calculates each and then receive the For comparison, if there is a consistency, the reader passes the authentication; if there is no consistency, traverse the Reader_h_au data table to calculate each and received For comparison, if there is a consistency, the reader passes the authentication; if there is no consistency in the two traversals, the reader is illegal and the authentication fails.

2)标签认证:在阅读器认证通过的情况下,后台数据库根据遍历Tag_c_au数据表进行查询:(1)若在Tag_c_au表查询到结果,取出然后和接收到的进行异或运算,可得然后进行运算,并和接收到的进行比较,若一致,则标签通过认证,若不一致,则标签非法,认证结束。(2)若在Tag_c_au数据表查询不到结果,则遍历Tag_h_au数据表进行查询,如果查询到结果,取出然后进行运算,并和接收到的进行比较,若一致,则标签通过认证,若不一致,则标签非法,认证结束。3)若在Tag_c_au表和Tag_c_au表均查询不到结果,说明标签非法,认证失败。2) Tag authentication: when the reader authentication is passed, the background database will Traversing the Tag_c_au data table for query: (1) If the result is found in the Tag_c_au table, take out and then receive the XOR operation is performed to get then proceed operation, and and the received Comparing, if consistent, the label passes the authentication, if not, the label is illegal, and the authentication ends. (2) If no result can be found in the Tag_c_au data table, then traverse the Tag_h_au data table for query, if the result is found, take it out then proceed and operation, and and the received Comparing, if consistent, the label passes the authentication, if not, the label is illegal, and the authentication ends. 3) If no result can be found in both the Tag_c_au table and the Tag_c_au table, it means that the tag is illegal and the authentication fails.

3)在阅读器和标签均通过认证的情况下:3) In the case where both the reader and the tag are certified:

(1)后台数据库计算并将Reader_c_au中IDr对应的当前共享密钥更新为然后,后台数据库根据第四步阅读器认证过程中进行一致性比较的来源数据表进行判断和操作:如果是Reader_c_au数据表,则后台数据库删除Reader_h_au数据表中该阅读器对应的数据,然后将和IDr添加到Reader_h_au数据表中;如果是Reader_h_au数据表,则不对Reader_h_au数据表进行任何操作。(1) Background database calculation And update the current shared key corresponding to ID r in Reader_c_au to Then, the background database judges and operates according to the source data table for consistency comparison in the fourth step of the reader authentication process: if it is the Reader_c_au data table, the background database deletes the data corresponding to the reader in the Reader_h_au data table, and then and ID r are added to the Reader_h_au data table; if it is the Reader_h_au data table, no operation is performed on the Reader_h_au data table.

(2)后台数据库计算并将Tag_c_au中IDt对应的当前共享密钥更新为标签ID的Hash码更新为然后根据第四步标签认证过程中查询到IDt的来源数据表进行判断和计算:如果是Tag_c_au数据表,后台数据库删除Tag_h_au数据表中该标签对应的数据,然后将IDt添加到Tag_h_au数据表中;如果是Tag_h_au数据表,则不对Tag_h_au数据表进行任何操作。(2) Background database calculation And update the current shared key corresponding to ID t in Tag_c_au to The hash code of the tag ID is updated as Then judge and calculate according to the source data table of ID t queried in the fourth step of the tag authentication process: if it is the Tag_c_au data table, the background database deletes the data corresponding to the tag in the Tag_h_au data table, and then ID t and Add to the Tag_h_au data table; if it is a Tag_h_au data table, do not perform any operations on the Tag_h_au data table.

4)后台数据库使用与阅读器的共享密钥加密计算然后将转发给阅读器。4) The background database uses the shared key with the reader encrypted computing followed by and forwarded to the reader.

第五步:阅读器使用与后台数据库的共享密钥解密接收到的计算然后根据获得的Sr和原来的随机数Sr进行比较,若一致,则后台数据库通过认证,阅读器使用获得的St更新共享密钥然后发送 给标签;若比较不一致,则认证失败。Step 5: The reader uses the shared key with the background database to decrypt the received calculate Then compare the obtained S r with the original random number S r , if they are consistent, the background database passes the authentication, and the reader uses the obtained S t to update the shared key then send Give the label; if the comparison is inconsistent, the authentication will fail.

标签接收到数据后,计算并和接收到的进行比较,若比较不一致,认证失败;若一致,则阅读器合法,标签更新共享密钥至此认证结束。After the tag receives the data, it calculates and received Make a comparison, if the comparison is inconsistent, the authentication fails; if they are consistent, the reader is legal, and the tag updates the shared key So far the certification is over.

Claims (1)

1. a kind of mobile RFID authentication method based on stochastic and dynamic shared key, wherein mobile RFID system is by back-end data Storehouse, mobile reader and label composition, it is characterised in that comprise the following steps:
First, initial phase:Back-end data lab setting four opens tables of data and is used to store label and reader and background data base In the current information table Tag_c_au of shared key and identification information, wherein label store tag ID, current shared key, Hash code of the tag ID using current key as parameter;Tag ID, label history are stored in the history information table Tag_h_au of label The Hash codes of shared key, tag ID using history shared key as parameter;Stored in reader current information table Reader_c_au Reader identity and current key;Reader identity is stored in reader history information table Reader_h_au and is gone through History key;Storage and the shared key of background data base in each label, and include an One-way Hash function and pseudo random number Maker;Reader stores and the shared key of background data base, and includes same Hash functions and pseudo-random number generator;
2nd, authentication phase:
The first step:Reader sends certification request Query to label;
Second step:Label produces random number StAnd calculate one-way Hash functionAnd pseudo random number Then willWithIt is sent to reader, wherein IDtIdentified for the ID of label,Be label with after The current shared key of platform database,Shared key after being updated for label and background data base,For reader and backstage The current shared key of database;
3rd step:Reader generation random number Sr, calculateThen willAnd Sr AndIt is sent to background data base, wherein IDrIdentified for the ID of reader;
4th step:Background data base is respectively authenticated reader and label;
1) reader authentication:The S that background data base traversal Reader_c_au tables of data and basis receiverCalculate eachThen and receiveIt is compared, if existing unanimously, reader passes through certification;If do not deposit Consistent, then travel through Reader_h_au tables of data calculate it is eachAnd and receiveCompared Compared with if existing unanimously, reader passes through certification;Unanimous circumstances are not present if traveling through twice, reader is illegal, certification Failure;
2) smart-tag authentication:In reader authentication in the case of, background data base according toInquire about Tag_c_au data Table:(1) if Tag_c_au tables inquire as a result, if take outThen and receiveXOR operation is carried out, can be obtainedThen carry outComputing, and and receiveIt is compared, if unanimously, label By certification, if inconsistent, label is illegal, and certification terminates;(2) if Tag_c_au tables of data inquiry less than as a result, if time Go through Tag_h_au tables of data to be inquired about, if inquired as a result, taking outThen carry outWithComputing, and and receiveIt is compared, if unanimously, label is by certification, if inconsistent, Label is illegal, and certification terminates;If 3) inquired about less than as a result, care label is illegal in Tag_c_au tables and Tag_c_au tables, recognize Card failure;
3) in the case where reader and label are by certification:
(1) background data base calculatesAnd by ID in Reader_c_aurCorresponding current shared key renewal ForBackground data base is judged according to the derived data table that comparison of coherence is carried out during the 4th step reader authentication And operation:If Reader_c_au tables of data, then background data base deletes the reader pair in Reader_h_au tables of data The data answered, then willAnd IDrIt is added in Reader_h_au tables of data;If Reader_h_au tables of data, then not Any operation is carried out to Reader_h_au tables of data;
(2) background data base calculatesAnd by ID in Tag_c_autCorresponding current shared key is updated toThe Hash codes of tag ID are updated toThen according to inquiring ID during the 4th step smart-tag authenticationtSource number Judged according to table and calculated:If Tag_c_au tables of data, background data base deletes the label in Tag_h_au tables of data Corresponding data, then willIDtWithIt is added in Tag_h_au tables of data;If Tag_h_au tables of data, then Any operation is not carried out to Tag_h_au tables of data;
4) background data base uses the shared key with readerComputations symmetric encipherment algorithmThen willWithIt is transmitted to reader;
5th step:Reader uses what is received with the decryption of the shared key of background data baseCalculateThen according to the S of acquisitionrWith original random number SrIt is compared, if unanimously, background data base leads to Certification is crossed, reader uses the S obtainedtUpdate shared keyThen sendTo mark Label;If less consistent, authentification failure;
6th step:After label receives data, calculateAnd and receiveIt is compared, If less consistent, authentification failure;If consistent, reader is legal, tag update shared key
CN201510222060.2A 2015-05-04 2015-05-04 A kind of mobile RFID mutual authentication method based on Dynamic-shared key Expired - Fee Related CN104883681B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510222060.2A CN104883681B (en) 2015-05-04 2015-05-04 A kind of mobile RFID mutual authentication method based on Dynamic-shared key

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510222060.2A CN104883681B (en) 2015-05-04 2015-05-04 A kind of mobile RFID mutual authentication method based on Dynamic-shared key

Publications (2)

Publication Number Publication Date
CN104883681A CN104883681A (en) 2015-09-02
CN104883681B true CN104883681B (en) 2018-05-01

Family

ID=53950981

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510222060.2A Expired - Fee Related CN104883681B (en) 2015-05-04 2015-05-04 A kind of mobile RFID mutual authentication method based on Dynamic-shared key

Country Status (1)

Country Link
CN (1) CN104883681B (en)

Families Citing this family (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105138937B (en) * 2015-09-24 2018-02-13 北京芯联创展电子技术有限公司 A kind of method and device of RF identifying safety demonstration
LU93024B1 (en) 2016-04-11 2017-11-08 Phoenix Contact Gmbh & Co Kg Intellectual Property Licenses & Standards Method and arrangement for establishing secure communication between a first network device (initiator) and a second network device (responder)
CN106446663B (en) * 2016-08-30 2019-07-16 德阳市闪通思动科技有限责任公司 A kind of label reader and database three-dimensional Verification System and method
CN106712962B (en) * 2016-12-23 2019-12-24 西安电子科技大学 Mobile RFID system two-way authentication method and system
CN107147498B (en) * 2017-05-15 2020-06-02 吉林大学 Authentication method used in RFID authentication process and encryption method for transmitting information
CN107480564B (en) * 2017-07-11 2020-07-17 天津大学 Improved RFID group authentication method
CN107403211B (en) * 2017-08-03 2020-12-15 广东工业大学 A method and system for mobile RFID authentication
CN108259485A (en) * 2018-01-09 2018-07-06 殷周平 Security protocol verification method based on mobile RFID system
CN110190965B (en) * 2019-05-17 2021-10-26 西安电子科技大学 RFID group label authentication protocol based on hash function

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100045442A1 (en) * 2008-08-22 2010-02-25 Hong Kong R&D Centre for Logistics and Supply Chain Management Enabling Technologies Limited RFID Privacy-Preserving Authentication System and Method
CN103177273A (en) * 2013-02-08 2013-06-26 西北工业大学 Low-cost tag based mobile radio frequency identification authentication method
CN103795543A (en) * 2014-02-12 2014-05-14 中国石油大学(华东) A secure two-way authentication method for RFID systems

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100045442A1 (en) * 2008-08-22 2010-02-25 Hong Kong R&D Centre for Logistics and Supply Chain Management Enabling Technologies Limited RFID Privacy-Preserving Authentication System and Method
CN103177273A (en) * 2013-02-08 2013-06-26 西北工业大学 Low-cost tag based mobile radio frequency identification authentication method
CN103795543A (en) * 2014-02-12 2014-05-14 中国石油大学(华东) A secure two-way authentication method for RFID systems

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
大规模RFID系统中一种能量有效的丢失标签快速检测算法;张士庚等;《计算机学报》;20140228;第37卷(第2期);全文 *

Also Published As

Publication number Publication date
CN104883681A (en) 2015-09-02

Similar Documents

Publication Publication Date Title
CN104883681B (en) A kind of mobile RFID mutual authentication method based on Dynamic-shared key
CN103699920B (en) RF identification mutual authentication method based on elliptic curve
CN103795543B (en) Safety bidirectional authentication method for RFID system
CN105450673B (en) Security protocol verification method based on mobile RFID system
CN104184733B (en) A kind of RFID lightweight mutual authentication methods encoded based on CRC
CN104115442B (en) RFID bidirectional authentication method based on asymmetric secret key and Hash function
CN110147666B (en) Lightweight NFC identity authentication method and IoT communication platform in IoT scenarios
CN103281194B (en) A kind of safety and lightweight RFID ownership transfer method based on Bilinear map
US9773129B2 (en) Anti-replay protected flash
CN104637117B (en) Method, intelligent lock core, lockset and key that intelligent lock core and key are realized
CN106411505B (en) A two-way authentication method for mobile radio frequency identification and mobile radio frequency identification system
CN101976363A (en) Hash function based RFID (Radio Frequency Identification Devices) authentication method
CN106603240B (en) Cloud-based low-cost RFID NTRU authentication method
RU2645597C2 (en) Method of authentication in data hidden terminal transmission channel
Lee et al. Mutual authentication protocol for enhanced RFID security and anti-counterfeiting
Gharooni et al. A confidential RFID model to prevent unauthorized access
CN103227793A (en) RFID equipment layer information security transfer method and device based on random sequence
CN111931533B (en) Authentication method for multi-owner RFID tag
CN110769404B (en) A two-way authentication method of near field communication technology
CN116090489B (en) Bidirectional authentication method for RFID system and RFID system
KR101215155B1 (en) System for and method of protecting communication between reader and tag in rfid system
Abyaneh On the privacy of two tag ownership transfer protocols for RFIDs
Eghdamian et al. A secure protocol for ultralightweight radio frequency identification (RFID) tags
KR101308578B1 (en) Secure information transmitting method
CN104615967A (en) Rolling code system and double encrypting method based on rolling code

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20180501

Termination date: 20210504

CF01 Termination of patent right due to non-payment of annual fee