CN108304902A - A kind of mobile RFID system mutual authentication method of extra lightweight - Google Patents
A kind of mobile RFID system mutual authentication method of extra lightweight Download PDFInfo
- Publication number
- CN108304902A CN108304902A CN201810106125.0A CN201810106125A CN108304902A CN 108304902 A CN108304902 A CN 108304902A CN 201810106125 A CN201810106125 A CN 201810106125A CN 108304902 A CN108304902 A CN 108304902A
- Authority
- CN
- China
- Prior art keywords
- random number
- label
- reader
- ids
- crc
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/085—Secret sharing or secret splitting, e.g. threshold schemes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/23—Updating
- G06F16/2365—Ensuring data consistency and integrity
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
- G06F21/445—Program or device authentication by mutual authentication, e.g. between devices or programs
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06K—GRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
- G06K17/00—Methods or arrangements for effecting co-operative working between equipments covered by two or more of main groups G06K1/00 - G06K15/00, e.g. automatic card files incorporating conveying and reading operations
- G06K17/0022—Methods or arrangements for effecting co-operative working between equipments covered by two or more of main groups G06K1/00 - G06K15/00, e.g. automatic card files incorporating conveying and reading operations arrangements or provisious for transferring data to distant stations, e.g. from a sensing device
- G06K17/0029—Methods or arrangements for effecting co-operative working between equipments covered by two or more of main groups G06K1/00 - G06K15/00, e.g. automatic card files incorporating conveying and reading operations arrangements or provisious for transferring data to distant stations, e.g. from a sensing device the arrangement being specially adapted for wireless interrogation of grouped or bundled articles tagged with wireless record carriers
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L1/00—Arrangements for detecting or preventing errors in the information received
- H04L1/004—Arrangements for detecting or preventing errors in the information received by using forward error control
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
Abstract
The present invention relates to field of communication technology, it is more particularly to label in mobile RFID system, safety certification problem between reader and back-end data base.Implementation step is:(1) reader sends out solicited message to label;(2) label response request message and self information are sent to database by reader;(3) database certification reader and label;(4) reader authentication database;(5) smart-tag authentication database.This agreement uses cyclic check function and simple exclusive or, cascaded operational to encrypt the message for needing to transmit, and realizes the anonymity of label and the two-way authentication of system, simultaneously effective reduces the calculation amount of database and label.Label random number is forwarded to label or utilizes cyclic check function self refresh after being generated by back-end data base random number generation mechanism, to reduce the hardware cost of label.The present invention is to utilize dynamic I D and cyclic check function mechanism so that system can resist various attacks.
Description
Technical field
The present invention relates to field of communication technology, it is more particularly to label in mobile RFID system, reader and Back end data
Safety certification problem between library.
Background technology
Radio frequency identification (Radio Frequency Identification, RFID) technology is contactless automatic
Identification technology.The RFID system of complete set is made of three reader, electronic tag and server parts.RFID skills
The basic functional principle of art is:After the tag enters the magnetic field, the radiofrequency signal that reader is sent out is received, is obtained by induced current
Energy send out product information stored in the chip (passive label or passive tag), or actively sent by label a certain
The signal (active label or active tag) of frequency send to server after reader reads information and decodes and carries out related data
Processing.Compared with traditional identification technology, RFID is one and is easily manipulated, is simple and practical and particularly suitable for automation control
Flexibility application technology, can freely be operated under various adverse circumstances, short-range radio frequency product be not afraid of oil stain, dust pollution etc.
Rugged environment can substitute bar code;Long range radio frequency products are chiefly used in traffic, and identification distance is up to tens meters.
In traditional sense, pass through (wired) connection of twisted-pair feeder, communication between the two between reader and background data base
It is typically considered to safe.As wireless communication and Internet of Things are combined closely, the applied business such as mobile e-business, mobile payment are fast
Speed development, mobile RFID system have received widespread attention.The basic principle of mobile RFID technology is identical as traditional RFID technique,
All it is that related data information automatic identification object and is obtained under physical contact by radiofrequency signal.Unlike, in movement
In RFID system, reader is moveable, and passes through wireless connection between reader and back-end server.Reader and label and
Communication between back-end server is often regarded as unsafe, is subject to malicious attack, reveals user privacy information.Therefore
Mobile RFID system has the safety and privacy concern of bigger, more challenging.Between realizing that RFID system transmits information
Integrality, privacy and available functionality, industry many kinds of solutions have been proposed, these schemes are roughly divided into two
Class:One kind is physics solution, such as kill labels, faraday's guard and prevention label;One kind is to apply Hash function encryptings
Mechanism is such as randomized Hash-Lock, Hash chain agreement, LCAP agreements.Wherein physical method that there are service lifes is short, efficiency is low,
The shortcomings of not reproducible use, is based on Hash function encrypting mechanism, is obtained extensively because Hash functions have one-way and confidentiality
General use.However existing security protocol cannot but fully meet the demand for security of mobile RFID system.Simultaneously as label meter
Calculation ability and storage capacity are limited, and complex calculation and the storage of a large amount of data can not be carried out on label, in guarantee agreement safety
It can increase label cost again while property.
Invention content
It is an object of the invention to overcome above-mentioned defects in the prior art, it is proposed that a kind of extra lightweight movement
RFID system mutual authentication method.The method achieve being mutually authenticated between label, reader and back-end data base, reduce
Calculation amount in verification process reduces the hardware cost of label, and dynamically updates label assumed name in communication process, hides
Label true ID prevents label to be tracked;By safety analysis, protocol realization label anonymity is effective against
Pursuit attack, impersonation attack, Replay Attack, desynchronization attack, man-in-the-middle attack, Brute Force attack, forward-backward algorithm safety
The abilities such as property.
The present invention technical thought be:Reader initiates to ask to label first, obtains the tagged encryption letter of label tape
Breath, database is sent to later in conjunction with self identification encryption information.Database root carries out reader and label according to gained information
Certification, updates tag identifier after certification success, then sends encryption information to label and reader, the two to back-end data base into
Row certification, after certification success, tag update mark.
According to technical thought above, realize that the technical solution that above-mentioned purpose is taken is as follows:
Initial phase:Back-end data base stores the relevant information (ID of labelT, IDS, KT) and reader correlation
Information (IDR, KR), reader stores self information (IDR, KR), label stores self information (IDT, KT, IDS, flag, t),
Label preserves random number t in initial phase, and preserves flag bit flag=1 and indicate that (flag=0 is indicated the legal update of random number
The illegal update of random number), the random number t that label uses in verification process is by the generating random number machine in back-end data base
System is sent to label after generating.
The two-way authentication stage:
1) reader generates random number r, then sends out Query requests to label, and random number is sent to label.
2) after label receives the request that reader is initiated, the value of random number flag bit flag is first determined whether to judge random number
Whether legal update.If flag=1, illustrate that last time random number is updated successfully, then t will be used as normal random number while will
Flag is set to 0;If flag=0, illustrate that exception occurs in last time certification, at this time use label in CRC () algorithm to random number into
Row update, i.e. t=CRC (A), wherein A=IDS | | t | | r, and used as this random number, after the completion of random number update,
Flag is still set to 0.Then M1=CRC (A ⊕ KT ⊕ r ⊕ t) is calculated, and message (M1, t) is sent to reader.
3) after reader receives message, M2=CRC (ID are calculated firstR⊕ KR ⊕ r ⊕ t), then message (M1, M2, t,
R) it is sent to back-end data base.
4) after back-end data base receives the message that reader is sent, the legitimacy of reader identity is first verified that, in data
(ID is found in libraryR, KR) and the random number t and r that receive is combined to calculate M2 '=CRC (IDR⊕ KR ⊕ r ⊕ t), if there are M2=
M2 ' then illustrates that reader identity is legal, i.e., database is to reader authentication success;If unequal, illustrate reader identity not
It is legal, stop certification.Then judge the legitimacy of tag identity, find (IDS in the databasenew, KTnew) calculate M1 '=CRC
((IDSnew||t||r)⊕KTnew⊕ r ⊕ t), if there are M1=M1 ', care label identity is legal, and database recognizes label
It demonstrate,proves successfully.Then the random number generation mechanism of data base manipulation itself generates random number t ', then calculates M3, M4 and B, wherein
M3=CRC (IDR| | (KR ⊕ r) | | t), M4=CRC (IDSnew||(KTnew⊕ t) | | r), B=IDSnew⊕IDT⊕ t ' then will
Message (M3, M4, B) is sent to reader, while updating the data the data IDS in libraryold=IDSnew, IDSnew=CRC (IDT|
|(IDSnew⊕ KT)) and KTold=KTnew, KTnew=CRC ((IDT⊕ KTnew);If unequal, find in the database
(IDSold, KTold) calculate M1 "=CRC ((IDSold||t|| r)⊕KTold⊕ r ⊕ t), if M1=M1 ", care label identity
Legal, itself random number generation mechanism of same data base manipulation generates random number t ', calculates M3, M4 and B, wherein M3=CRC
(IDR| | (KR ⊕ r) | | t), M4=CRC (IDSold||(KTold⊕ t) | | r), B=IDSold⊕IDT⊕ t ', then by message
(M3, M4, B) is sent to reader, while updating the data the data IDS in libraryold=IDSold, IDSnew=CRC (IDT||
(IDSold⊕ KT)) and KTold=KTold, KTnew=CRC ((IDT⊕KTold);If unequal, care label identity is illegal,
Then stop certification.
5) after reader receives the message that back-end data base is sent, according to (the ID of itself storageR, KR) and itself generate
The random number r and random number t of label that receives calculates M3 '=CRC (IDR| | (KR ⊕ r) | | t), if M3 '=M3, says
Bright successful to database certification, back-end data base is legal, and the message received (M4, B) is then sent to label again;If not phase
Deng stopping certification.
6) after label receives message, according to itself storage (IDS, KT) and the random number t of itself and the random number received
R, calculating M4 '=CRC (IDS | | (KT ⊕ t) | | r), if M4 '=M4, care label is to back-end data base certification success, number
It is legal according to library identity, then calculate random number t=IDS ⊕ IDT⊕ B, while flag bit flag is set to 1, newly-generated is random
Number t will be used for next bidirectional identity authentication, update the data simultaneously:IDS=CRC (IDT| | (IDS ⊕ KT)) and KT=CRC ((IDT
⊕ KT), if unequal, certification is unsuccessful.
The symbol occurred in above-mentioned security protocol is such as given a definition:
The safety authentication protocol of the present invention has following advantageous effect:
1. the gate circuit number that the cyclic check function ratio pseudo-random function for the 16bits that agreement uses needs is few, can be effective
The hardware cost of label is reduced, while not having random number generation mechanism in label, random number is by the random number in back-end data base
Generting machanism generation is forwarded to label, or carries out self refresh using cyclic check function, to make tab end calculation amount reduce,
Arithmetic speed improves.
2. dynamically updating label assumed name in communication process, the true ID of label is concealed, label is prevented to be tracked;Pass through peace
Full property analysis, protocol realization label anonymity, is effective against pursuit attack, impersonation attack, Replay Attack, desynchronization
Attack, man-in-the-middle attack, Brute Force attack, forward-backward algorithm safety etc..
1) data reliability
The communication information in this paper agreements is encrypted using random number and cyclic check so that each communication information is not
It repeats, third party can not be out-tricked certification by way of distorting or resetting, it is ensured that the reliability of data.
2) label anonymity and anonymity controlled
Attacker is only possible to obtain the inside story about label by eavesdropping the information of transmission, and communication process is not related to marking
Sign identity IDT, and label assumed name IDS and key KT are added by cyclic check function in the information that inside tags include
It is close, and certification has all carried out data update every time, therefore it is unable to get any message about tag identity, therefore label meets
Anonymity;And in verification process, the random number r and label that are generated comprising reader in the encryption information that label transmits every time
The random number t of itself so that the information transmitted every time randomly updates, between each other without relevance, to make attacker can not root
The location information that label is speculated according to transmission information ensure that the safety to privacy before label.
3) reader anonymity and anonymity controlled
In mobile RFID system, the mobility of reader may result in the privacy of reader in wireless transmission process
In be leaked.In this agreement, reader utilizes the cyclic check function pair identity information ID of its ownRAdded with key KR
It is close, the identity of reader is effectively concealed, ensure that the privacy of reader.Simultaneously because contained in encryption information itself with
The random number t of machine number r and label ensure the transmission freshness of message and unrelated, to make attacker can not locating read-write
Device cannot suppose that the location privacy of reader.
4) impersonation attack is resisted
When attacker's attempt personation reader, when sending the information deception label of intercepting and capturing, since each certification reader is equal
New random number r can be generated and receive the new random number t of label, ensure that the freshness of message, and pass through IDRWith key KR
Encryption generates authentication information, and attacker can not obtain the identity information of reader, to calculate consistent certification letter
Breath, therefore verification can not be passed through;If attacker's personation is at label, since the authentication information generated every time includes what reader was sent
Random number t, label assumed name IDS, the tag identity ID of random number r and itselfTIt is all different with key KT, attacker is caused to cut
The information obtained can not be by verification, therefore can resist personation and hit.
5) Replay Attack is resisted
At the end of the primary certification of agreement, label and back-end server can all carry out data update, and be used every time
Reader random number r and label random number t be all different so that the message transmitted in verification process every time not phase
Together, and request message and feedback message do not contact directly.Even if attacker intercepted and captured before interactive information, afterwards
It is reset in communication, it can not be by label and back-end server certification.
6) desynchronization attack is resisted
If attacker by truncated message, keeps the data update between label and back-end data base asynchronous, due to rear end
Server storage last round of session information (IDT, IDSold, KTold), when initiating session again, back-end server can be
Corresponding label information is found in last round of session information to be authenticated, and every time in message reader random number and label
Random number can update, ensure the freshness of message and different, so that attacker can not pass through first truncated message
It imitates reader again afterwards to send the message to cause database and tag update asynchronous, therefore agreement can resist desynchronization and attack
It hits.
7) man-in-the-middle attack is resisted
If attacker is by distorting message M1 and M4 come certification of out-tricking, since message M1 or M4 is by label assumed name IDS and close
Key KT and random number r and t encrypt to obtain, and the identity information (IDS, KT) that attacker must obtain label could be by recognizing
Card, since each communication tags identity information is all updated so that attacker can not obtain correct tag identity information,
Thus can not be by certification, therefore man-in-the-middle attack can be resisted.
8) Brute Force attack is resisted
When this paper agreements are run, attacker can intercepting messages Mi, and obtain cyclic check code by certain means, but by
In making the identity information of label and reader be hidden using cascaded operational and XOR operation, and tag identity information
The dynamic of (IDS, KT) makes attacker that can not crack the identity information of label, therefore can resist Brute Force attack.
9) forward-backward algorithm safety
It is front and back to safety.In each verification process, the random number of reader and label keeps the new of certification message
Fresh property, and information is encrypted by cyclic check function, even if attacker obtains the data of certain communication, it is also not possible to push away
Calculate the historical data that label or reader are sent and the data that will be sent, thus the agreement have it is front and back to safety.
Description of the drawings
Fig. 1 is mobile RFID system mutual authentication method simple flow chart;
Fig. 2 is mobile RFID system mutual authentication method detail flowchart.
Specific embodiment
Technical scheme of the present invention is described further with reference to embodiment.
Step 1::Reader generates random number r, then sends out Query requests to label, and random number is sent to mark
Label.
Step 2:Label receive reader initiation request after, first determine whether the value of random number flag bit flag judge with
The whether legal update of machine number.If flag=1, illustrate that last time random number is updated successfully, then t will be used simultaneously as normal random number
Flag is set to 0;If flag=0, illustrate that exception occurs in last time certification, at this time using CRC () algorithm in label to random number
It is updated, i.e. t=CRC (A), wherein A=IDS | | t | | r, and used as this random number, after the completion of random number update,
Flag is still set to 0.Then M1=CRC (A ⊕ KT ⊕ r ⊕ t) is calculated, and message (M1, t) is sent to reader.
Step 3:After reader receives message, M2=CRC (ID are calculated firstR⊕ KR ⊕ r ⊕ t), then message (M1, M2,
T, r) it is sent to back-end data base.
Step 4:After back-end data base receives the message that reader is sent, the legitimacy of reader identity is first verified that,
(ID is found in databaseR, KR) and the random number t and r that receive is combined to calculate If in the presence of
M2=M2 ' then illustrates that reader identity is legal, i.e., database is to reader authentication success;If unequal, illustrate reader body
Part is illegal, stops certification.Then judge the legitimacy of tag identity, find (IDS in the databasenew, KTnew) calculate If there are M1=M1 ', care label identity is legal, database pair
Smart-tag authentication success.Then the random number generation mechanism of data base manipulation itself generates random number t ', then calculates M3, M4 and B,
Wherein
Then
Message (M3, M4, B) is sent to reader, while updating the data the data IDS in libraryold=IDSnew,And KTold=KTnew, If unequal,
(IDS is found in the databaseold, KTold) calculate If M1=M1 ",
Care label identity is legal, itself random number generation mechanism of same data base manipulation generates random number t ', calculates M3, M4 and B,
In Then
Message (M3, M4, B) is sent to reader, while updating the data the data IDS in libraryold=IDSold, WithIf unequal, say
Bright tag identity is illegal, then stops certification.
Step 5:After reader receives the message of back-end data base transmission, according to (the ID of itself storageR, KR) and itself
The random number r of the generation and random number t of label that receives calculates M3 '=CRC (IDR| | (KR ⊕ r) | | t), if M3 '=
M3, then for explanation to database certification success, back-end data base is legal, and the message received (M4, B) is then sent to label again;
If unequal, stop certification.
Step 6:After label receives message, according to itself storage (IDS, KT) and the random number t of itself and receive with
Machine number r, calculate M4 '=CRC (IDS | | (KT ⊕ t) | | r), if M4 '=M4, care label to back-end data base certification at
Work(, database identity is legal, then calculates random number t=IDS ⊕ IDT⊕ B, while flag bit flag is set to 1, it is newly-generated
Random number t will be used for next bidirectional identity authentication, update the data simultaneously:IDS=CRC (IDT| | (IDS ⊕ KT)) and KT=CRC
((IDT⊕ KT), if unequal, certification is unsuccessful.
The above is only a preferred embodiment of the present invention, it is noted that for the ordinary skill people of the art
Member, without departing from the principle of the present invention, can also make several improvement and supplement, these are improved and supplement also should be regarded as
Protection scope of the present invention.
Claims (9)
1. a kind of mobile RFID system mutual authentication method of extra lightweight, which is characterized in that include the following steps:(1) it reads
Device sends out solicited message to label;(2) label response request message and self information are sent to database by reader;(3) number
According to library certification reader and label;(4) reader authentication database;(5) smart-tag authentication database.
2. a kind of mobile RFID system mutual authentication method of extra lightweight according to claim 1, it is characterised in that:Step
Suddenly reader generates random number r using the random number generation mechanism of itself in (1), then sends out Query requests, and handle to label
Random number is sent to label.
3. a kind of mobile RFID system mutual authentication method of extra lightweight according to claim 1, it is characterised in that:Step
Suddenly after the request that reader is initiated is signed in (2) acceptance of the bid, first determine whether that the value of random number flag bit flag is to judge random number
No legal update, works as flag=1, illustrates that last time random number is updated successfully, then t will be used as normal random number while by flag
It sets to 0;Work as flag=0, then illustrate that exception occurs in last time certification, CRC () algorithm in label is used to carry out more random number at this time
Newly, i.e. t=CRC (A), wherein A=IDS | | t | | r, and being used as this random number, after the completion of random number update, flag according to
It so sets to 0, then calculates M1=CRC (A ⊕ KT ⊕ r ⊕ t), and message (M1, t) is sent to reader, reader receives message
Afterwards, M2=CRC (ID are calculated firstR⊕ KR ⊕ r ⊕ t), then message (M1, M2, t, r) is sent to back-end data base.
4. a kind of mobile RFID system mutual authentication method of extra lightweight according to claim 1, it is characterised in that:Institute
The step of stating (3) database is as follows to the certification of reader and label:It is first after back-end data base receives the message that reader is sent
The legitimacy of first verification reader identity finds (ID in the databaseR, KR) and the random number t and r that receive is combined to calculate M2 '
=CRC (IDR⊕ KR ⊕ r ⊕ t), if there are M2=M2 ', illustrate that reader identity is legal, i.e., database is to reader authentication
Success;If unequal, illustrate that reader identity is illegal, stops certification.Then the legitimacy for judging tag identity, in data
(IDS is found in librarynew, KTnew) calculate M1 '=CRC ((IDSnew||t||r)⊕KTnew⊕ r ⊕ t), if there are M1=M1 ',
Care label identity is legal, and database is to smart-tag authentication success.Then the random number generation mechanism of data base manipulation itself generates
Random number t ' then calculates M3, M4 and B, wherein M3=CRC (IDR| | (KR ⊕ r) | | t), M4=CRC (IDSnew||(KTnew⊕
T) | | r), B=IDSnew⊕IDTMessage (M3, M4, B) is then sent to reader, while updating the data the number in library by ⊕ t '
According to IDSold=IDSnew, IDSnew=CRC (IDT||(IDSnew⊕ KT)) and KTold=KTnew, KTnew=CRC ((IDT⊕KTnew);
If unequal, (IDS is found in the databaseold, KTold) calculate M1 "=CRC ((IDSold||t||r)⊕KTold⊕ r ⊕ t),
If M1=M1 ", care label identity is legal, itself random number generation mechanism of same data base manipulation generates random number t ', meter
Calculate M3, M4 and B, wherein M3=CRC (IDR| | (KR ⊕ r) | | t), M4=CRC (IDSold||(KTold⊕ t) | | r), B=IDSold
⊕IDTMessage (M3, M4, B) is then sent to reader by ⊕ t ', while updating the data the data IDS in libraryold=IDSold,
IDSnew=CRC (IDT||(IDSold⊕ KT)) and KTold=KTold, KTnew=CRC ((IDT⊕KTold);If unequal, illustrate
Tag identity is illegal, then stops certification.
5. a kind of mobile RFID system mutual authentication method of extra lightweight according to claim 1, which is characterized in that institute
It is as follows to the certification of back-end data base to state step (4) reader:After reader receives the message of back-end data base transmission, according to certainly
(the ID of body storageR, KR) and the random number r itself generated the and random number t of label received calculate M3 '=CRC (IDR||
(KR ⊕ r) | | t), if M3 '=M3, illustrate that back-end data base is legal to database certification success, then will receive again
Message (M4, B) is sent to label;If unequal, stop certification.
6. a kind of mobile RFID system mutual authentication method of extra lightweight according to claim 1, which is characterized in that institute
It is as follows to the certification of back-end data base to state step (5) label:After label receives message, according to itself storage (IDS, KT) and certainly
The random number t of the body and random number r received, calculating M4 '=CRC (IDS | | (KT ⊕ t) | | r), if M4 '=M4, illustrate to mark
For label to back-end data base certification success, database identity is legal, then calculates random number t=IDS ⊕ IDT ⊕ B, while will mark
Position flag is set to 1, and newly-generated random number t will be used for next bidirectional identity authentication, update the data simultaneously:IDS=CRC (IDT | |
(IDS ⊕ KT)) and KT=CRC ((IDT ⊕ KT), if unequal, certification is unsuccessful.
7. according to the mobile RFID system mutual authentication method of any one extra lightweight described in claim 1 to 6, feature
It is:The cyclic check function of used 16bits ensures the anonymity of message and is with simple cascade, XOR operation
The two-way authentication of system.
8. a kind of mobile RFID system mutual authentication method of extra lightweight according to claim 7, it is characterised in that:Afterwards
Client database has random number generation mechanism, and does not have random number generation mechanism in label.Random number flag bit is added in label
Flag indicates whether random number updates, if flag=1, illustrates that last time random number is updated successfully, which is by backstage
The random number generation mechanism of database is forwarded to label after generating and is used as normal random number, while flag being set to 0;If flag
=0, then illustrate that exception occurs in last time certification, uses CRC () algorithm in label to be updated random number at this time, i.e. t=
CRC (A), wherein A=IDS | | t | | r, and used as this random number, after the completion of random number update, flag is still set to 0.
9. a kind of mobile RFID system mutual authentication method of extra lightweight according to claim 7, it is characterised in that:Number
The random number generated according to random number generation mechanism in library uses the form of IDS ⊕ IDT ⊕ t during being forwarded to label,
It calculates simple and avoids revealing.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810106125.0A CN108304902B (en) | 2018-02-02 | 2018-02-02 | Ultra-lightweight mobile RFID system bidirectional authentication method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810106125.0A CN108304902B (en) | 2018-02-02 | 2018-02-02 | Ultra-lightweight mobile RFID system bidirectional authentication method |
Publications (2)
Publication Number | Publication Date |
---|---|
CN108304902A true CN108304902A (en) | 2018-07-20 |
CN108304902B CN108304902B (en) | 2021-05-04 |
Family
ID=62864343
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810106125.0A Active CN108304902B (en) | 2018-02-02 | 2018-02-02 | Ultra-lightweight mobile RFID system bidirectional authentication method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108304902B (en) |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110190965A (en) * | 2019-05-17 | 2019-08-30 | 西安电子科技大学 | A kind of RFID cluster label authentication protocol based on hash function |
CN110762007A (en) * | 2019-10-31 | 2020-02-07 | 上海斯可络压缩机有限公司 | Automatic identification system for variable-frequency screw compressor controller |
CN110769404A (en) * | 2019-09-20 | 2020-02-07 | 郑州大学 | Bidirectional authentication method of near field communication technology |
CN111615108A (en) * | 2020-04-12 | 2020-09-01 | 西安电子科技大学 | Radio frequency identification data security authentication method, system, storage medium and terminal |
CN111680531A (en) * | 2020-05-29 | 2020-09-18 | 西安电子科技大学 | Bidirectional identity authentication method for ultra-lightweight RFID authentication protocol |
CN111709011A (en) * | 2020-06-20 | 2020-09-25 | 江苏师范大学 | Light-weight RFID (radio frequency identification device) bidirectional authentication method based on PUF (physical unclonable function) |
CN112084801A (en) * | 2020-07-23 | 2020-12-15 | 西安电子科技大学 | Bidirectional identity authentication method used in low-cost passive RFID system |
CN112260837A (en) * | 2020-09-30 | 2021-01-22 | 中国航天系统科学与工程研究院 | RFID (radio frequency identification) security interaction authentication system and method based on SM7 cryptographic algorithm |
CN112887286A (en) * | 2021-01-15 | 2021-06-01 | 西安电子科技大学 | Lightweight RFID identity authentication method and system based on cloud server |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20080094220A1 (en) * | 2006-10-19 | 2008-04-24 | Joseph Foley | Methods and Systems for Improving RFID Security |
KR20090072840A (en) * | 2007-12-29 | 2009-07-02 | 엘지히다찌 주식회사 | Security system of tag data with rfid middleware and method for processing the same |
CN101488854A (en) * | 2008-01-18 | 2009-07-22 | 华为技术有限公司 | Wireless RFID system authentication method and apparatus |
CN106411505A (en) * | 2016-08-31 | 2017-02-15 | 广东工业大学 | Bidirectional authentication method of mobile radio frequency identification and mobile radio frequency identification system |
CN106446663A (en) * | 2016-08-30 | 2017-02-22 | 德阳市闪通思动科技有限责任公司 | Tag reader and database three-way authentication system and method |
CN107395354A (en) * | 2017-06-02 | 2017-11-24 | 广东工业大学 | A kind of mobile RFID system authentication method of lightweight |
-
2018
- 2018-02-02 CN CN201810106125.0A patent/CN108304902B/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20080094220A1 (en) * | 2006-10-19 | 2008-04-24 | Joseph Foley | Methods and Systems for Improving RFID Security |
KR20090072840A (en) * | 2007-12-29 | 2009-07-02 | 엘지히다찌 주식회사 | Security system of tag data with rfid middleware and method for processing the same |
CN101488854A (en) * | 2008-01-18 | 2009-07-22 | 华为技术有限公司 | Wireless RFID system authentication method and apparatus |
CN106446663A (en) * | 2016-08-30 | 2017-02-22 | 德阳市闪通思动科技有限责任公司 | Tag reader and database three-way authentication system and method |
CN106411505A (en) * | 2016-08-31 | 2017-02-15 | 广东工业大学 | Bidirectional authentication method of mobile radio frequency identification and mobile radio frequency identification system |
CN107395354A (en) * | 2017-06-02 | 2017-11-24 | 广东工业大学 | A kind of mobile RFID system authentication method of lightweight |
Cited By (15)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110190965A (en) * | 2019-05-17 | 2019-08-30 | 西安电子科技大学 | A kind of RFID cluster label authentication protocol based on hash function |
CN110769404A (en) * | 2019-09-20 | 2020-02-07 | 郑州大学 | Bidirectional authentication method of near field communication technology |
CN110769404B (en) * | 2019-09-20 | 2023-07-14 | 郑州大学 | Bidirectional authentication method of near field communication technology |
CN110762007B (en) * | 2019-10-31 | 2021-05-25 | 上海斯可络压缩机有限公司 | Automatic identification system for variable-frequency screw compressor controller |
CN110762007A (en) * | 2019-10-31 | 2020-02-07 | 上海斯可络压缩机有限公司 | Automatic identification system for variable-frequency screw compressor controller |
CN111615108A (en) * | 2020-04-12 | 2020-09-01 | 西安电子科技大学 | Radio frequency identification data security authentication method, system, storage medium and terminal |
CN111680531B (en) * | 2020-05-29 | 2021-04-27 | 西安电子科技大学 | Bidirectional identity authentication method for ultra-lightweight RFID authentication protocol |
CN111680531A (en) * | 2020-05-29 | 2020-09-18 | 西安电子科技大学 | Bidirectional identity authentication method for ultra-lightweight RFID authentication protocol |
CN111709011A (en) * | 2020-06-20 | 2020-09-25 | 江苏师范大学 | Light-weight RFID (radio frequency identification device) bidirectional authentication method based on PUF (physical unclonable function) |
CN111709011B (en) * | 2020-06-20 | 2022-08-02 | 江苏师范大学 | Light-weight RFID (radio frequency identification device) bidirectional authentication method based on PUF (physical unclonable function) |
CN112084801A (en) * | 2020-07-23 | 2020-12-15 | 西安电子科技大学 | Bidirectional identity authentication method used in low-cost passive RFID system |
CN112260837A (en) * | 2020-09-30 | 2021-01-22 | 中国航天系统科学与工程研究院 | RFID (radio frequency identification) security interaction authentication system and method based on SM7 cryptographic algorithm |
CN112260837B (en) * | 2020-09-30 | 2023-12-12 | 中国航天系统科学与工程研究院 | RFID (radio frequency identification) security interaction authentication system and method based on SM7 cryptographic algorithm |
CN112887286A (en) * | 2021-01-15 | 2021-06-01 | 西安电子科技大学 | Lightweight RFID identity authentication method and system based on cloud server |
CN112887286B (en) * | 2021-01-15 | 2021-11-19 | 西安电子科技大学 | Lightweight RFID identity authentication method and system based on cloud server |
Also Published As
Publication number | Publication date |
---|---|
CN108304902B (en) | 2021-05-04 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108304902A (en) | A kind of mobile RFID system mutual authentication method of extra lightweight | |
Wazid et al. | Secure authentication scheme for medicine anti-counterfeiting system in IoT environment | |
Lim et al. | Strong and robust RFID authentication enabling perfect ownership transfer | |
CN105450673B (en) | Security protocol verification method based on mobile RFID system | |
US7791451B2 (en) | Methods, systems, and computer program products for providing mutual authentication for radio frequency identification (RFID) security | |
CN104184733B (en) | A kind of RFID lightweight mutual authentication methods encoded based on CRC | |
Burmester et al. | Lightweight RFID authentication with forward and backward security | |
CN106712962A (en) | Mobile RFID system bidirectional authentication method and system | |
Gao et al. | An ultralightweight RFID authentication protocol with CRC and permutation | |
CN103279775B (en) | Ensure that secret and the rfid system of data integrity and its implementation | |
CN104363097B (en) | The RFID inter-authentication methods of lightweight on elliptic curve | |
Chen et al. | An ownership transfer scheme using mobile RFIDs | |
CN110190965A (en) | A kind of RFID cluster label authentication protocol based on hash function | |
CN110381055A (en) | RFID system privacy-protection certification protocol method in healthcare supply chain | |
CN103532718A (en) | Authentication method and authentication system | |
CN104333539A (en) | RFID security authentication method based on Chebyshev mapping | |
CN106027237B (en) | Cipher key matrix safety certifying method based on group in a kind of RFID system | |
CN104980280B (en) | A kind of RFID safety authentication based on Cai Shi multi-scroll chaotic sequence | |
CN103763106B (en) | A kind of location privacy protection method in Internet of Things certification | |
Safkhani et al. | On the security of an RFID‐based parking lot management system | |
CN105406971B (en) | RFID (radio frequency identification) safety authentication method for intelligent power consumption information acquisition system terminal | |
Xiaohong et al. | RFID mutual-authentication protocol with synchronous updated-keys based on Hash function | |
Chen et al. | A rfid authentication protocol for epidemic prevention and epidemic emergency management systems | |
CN110321980A (en) | RFID authentication method, device | |
CN105046300B (en) | radio frequency identification authentication method and system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |