CN109190725B - A kind of RFID two-way authentication method - Google Patents

Abstract

The invention provides a RFID bidirectional authentication method. The method comprises the following steps: receiving a first parameter C1, a random number N, a tag account address TAddress and a reader-writer account address RAddress which are sent by a reader-writer; if the fact that the tag account address TAddress is stored in the self-maintained block chain is known, a second parameter C2 is generated according to the tag account address TAddress, the tag account balance balanceBC and the random number N; if the first parameter C1 is equal to the second parameter C2, it is judged that the reader-writer authenticates the tag successfully at this time, and according to the balance balancBC of the tag account and the random number N, a third parameter C3 is generated and sent to the tag through the reader-writer, so that the tag obtains the authentication result of the tag to the reader-writer based on the third parameter C3. The block chain technology is combined with the RFID technology, and the block chain is essentially a distributed account book maintained by each node in the network, so that the method provided by the invention can ensure the privacy of each tag under the condition of no database and no trusted third party while finishing the security authentication.

Description

A kind of RFID two-way authentication method

technical field

Embodiments of the present invention relate to the technical field of radio frequency identification, and in particular, to an RFID two-way authentication method.

Background technique

Radio frequency identification (RFID) technology has developed rapidly in recent years and is widely used in various applications such as inventory management, supply chain, product tracking, transportation, logistics, and self-service supermarkets. An RFID system usually consists of one or more RFID readers, a large number of RFID tags and a back-end server. Each tag is attached to a physical object, and the reader can identify or track the object by communicating with the corresponding tag. Since the communication between the tag and the reader is wirelessly transmitted through radio frequency signals, attackers can implement types of attacks such as eavesdropping, replay, tampering, Dos, etc., in order to obtain sensitive tag information or affect the normal operation of the entire RFID system. Work. To solve these problems, many authentication security protocols have been proposed.

The earliest RFID authentication protocol is the Hash-Lock protocol proposed by Sarma et al. The authentication process of this protocol is shown in Figure 1, which is a diagram of the Hash-Lock protocol authentication process. Each tag stores its own {metaID, ID} field, where metaID is obtained by mapping the tag key key by the hash function. The backend server stores n records of {metaID, ID, key}, corresponding to n tags respectively. After the authentication process begins, the reader first sends a Request challenge to start communication. After the tag receives this message, it sends its own stored metaID to the reader. After the reader receives it, it will continue to transmit the metaID to the backend server. After the server receives it, it checks whether there is a record in the database, and the metaID in it is consistent with the received one. If it exists, it sends the corresponding ID and key to the reader, otherwise the authentication fails and stops. After the reader receives the {ID, key} from the server, it sends the key to the tag. After the tag receives it, it calculates whether the hash (key) is consistent with the metaID stored by itself. If they are consistent, the tag authentication reader passes. , and then send the ID to the reader, otherwise, the authentication fails and stops. After the reader receives the ID sent by the tag, it compares it with the ID sent by the server. If it is the same, the reader authenticates the tag successfully, otherwise the authentication fails and stops.

In order to improve the security of the initial RFID protocol, a large number of RFID protocols continue to emerge. Such as randomized Hash-Lock protocol, Hash chain protocol, Hash-based ID change protocol, David's digital library RFID protocol and distributed RFID challenge-response authentication protocol. These protocols have improved the security of one or several aspects on the original basis, making the application of RFID more and more mature. For example, the randomized Hash-Lock protocol introduces the concept of random numbers. Every time the tag interacts with the reader, a changing random number is added to the hash calculation, thereby further ensuring the privacy of the tag ID. David's digital library RFID protocol not only introduces random numbers, but also applies encryption and decryption technology to the protocol. It is an RFID protocol based on pre-shared secret pseudo-random numbers. The design of this protocol does not appear to be relatively obvious. security breach.

The original RFID protocol has more or less certain attack loopholes. For example, in the Hash-Lock protocol, the randomized Hash-Lock protocol, and the Hash chain protocol, the tag ID is transmitted in plaintext, which cannot resist replay attacks. , impersonation attacks, tracking attacks, etc. In the Hash-based ID change protocol, since the back-end server updates the label information and the label update time is not synchronized, if the attacker blocks or interferes with the data, so that the electronic label cannot receive part of the authentication message, it will cause the server to store The label data is out of sync with the label data, resulting in the failure of the next authentication. Even if it is a protocol with high security, such as David's digital library RFID protocol, because the tag must complete the encryption and decryption operation of the random number generator, it increases the complexity of the tag design and increases the design cost, which is not suitable for low-cost RFID. system.

A common problem of existing RFID protocols is that the authentication process needs to be supported by a centralized database stored in the server, so this authentication process is vulnerable to SQL attacks. Once this centralized database is attacked, the entire RFID system may be paralyzed. And this centralized architecture is not suitable for application in distributed systems, and cannot guarantee the privacy requirements of each sub-part of the system. Even if there is an RFID protocol designed for a distributed system, the method of introducing a trusted third party is adopted, which further increases the communication cost of the system.

SUMMARY OF THE INVENTION

The embodiment of the present invention provides an RFID two-way authentication method, which is used to solve the defect that the security of the RFID two-way authentication protocol in the prior art is insufficient and is not suitable for distributed systems, improves the security of authentication, and is suitable for distributed systems .

An embodiment of the present invention provides an RFID two-way authentication method, including:

Receive the first parameter C1, random number N, tag account address TAddress and reader account address RAddress sent by the reader/writer;

If it is known that the tag account address TAddress is stored in the blockchain maintained by itself, the second parameter C2 is generated according to the tag account address TAddress, the tag account balance balanceBC and the random number N;

If it is known that the first parameter C1 is equal to the second parameter C2, it is determined that the reader has successfully authenticated the tag, and the third parameter C3 is generated according to the tag account balance balanceBC and the random number N and sent to the tag through the reader. In order to make the tag based on the third parameter C3, obtain the authentication result of the tag to the reader;

Among them, the first parameter C1 is generated by the tag according to the tag account address TAddress, the tag balance balance and the random number N sent by the reader, the tag account address TAddress is generated by the blockchain according to the tag ID, and the reader account address RAddress is the block Chains are generated based on reader IDs.

An embodiment of the present invention provides an RFID two-way authentication method, including:

If the first parameter C1 is equal to the second parameter C2, receive the third parameter C3 sent by the server;

Based on the third parameter C3, obtain the authentication result of the tag to the reader;

The third parameter C3 is generated according to the tag account balance balanceBC and the random number N, the first parameter C1 is sent by the reader to the server, and the second parameter C2 is generated according to the tag account address TAddress, the tag account balance balanceBC and the random number N.

An RFID two-way authentication method provided by the embodiment of the present invention combines the blockchain technology with the RFID technology. Since the blockchain is essentially a distributed ledger maintained by each node in the network, the embodiment of the present invention The provided method can guarantee the privacy of each tag in the absence of databases and trusted third parties while completing security authentication.

Description of drawings

In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the following briefly introduces the accompanying drawings that need to be used in the description of the embodiments or the prior art. Obviously, the accompanying drawings in the following description These are some embodiments of the present invention. For those of ordinary skill in the art, other drawings can also be obtained according to these drawings without creative efforts.

Figure 1 is the Hash-Lock protocol authentication process diagram;

2 is a flowchart of a method for RFID two-way authentication provided according to an embodiment of the present invention;

3 is a flowchart of a method for RFID two-way authentication provided according to another embodiment of the present invention;

4 is an architecture diagram of a distributed RFID system based on blockchain for multi-department cooperation provided according to an embodiment of the present invention;

5 is a diagram of a mutual authentication RFID protocol provided according to an embodiment of the present invention;

6 is a structural block diagram of a server provided according to an embodiment of the present invention;

FIG. 7 is a structural block diagram of a tag provided according to an embodiment of the present invention.

Detailed ways

In order to make the purposes, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments These are some embodiments of the present invention, but not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those of ordinary skill in the art without creative efforts shall fall within the protection scope of the present invention.

The reader in RFID technology can identify or track the object by communicating with the tag placed on the target object. The reader can read and write the tag. Since the communication between the tag and the reader is wirelessly transmitted through radio frequency signals, attackers can implement attacks such as eavesdropping, replay, tampering, and Dos to obtain To sensitive tag information or affect the normal work of the entire RFID system, therefore, many RFID two-way authentication security protocols have been proposed. The purpose of RFID two-way authentication is to prevent unauthorized readers from browsing part or all of the information stored in the tags, and to grant legitimate readers the ability to distinguish legitimate tags from illegal tags. It should be noted that, in the following embodiments, the RFID two-way authentication method may also be called an RFID two-way authentication protocol, that is, the method and the protocol have the same meaning.

FIG. 2 is a flowchart of an RFID two-way authentication method provided according to an embodiment of the present invention. The execution body of the method is a server. As shown in FIG. 2 , the method includes:

Step 201: Receive the first parameter C1, the random number N, the tag account address TAddress and the reader account address RAddress sent by the reader/writer.

Step 202: If it is known that the tag account address TAddress is stored in the blockchain maintained by the self, the second parameter C2 is generated according to the tag account address TAddress, the tag account balance balanceBC and the random number N.

Step 203: If it is known that the first parameter C1 is equal to the second parameter C2, it is determined that the reader has successfully authenticated the tag this time, and according to the tag account balance balanceBC and the random number N, the third parameter C3 is generated and sent through the reader. to the tag, so that the tag obtains the authentication result of the tag to the reader based on the third parameter C3.

Among them, the first parameter C1 is generated by the tag according to the tag account address TAddress, the tag balance balance and the random number N sent by the reader, the tag account address TAddress is generated by the blockchain according to the tag ID, and the reader account address RAddress is the block Chains are generated based on reader IDs.

It should be noted that the hardware devices involved in the embodiments of the present invention are: a server, a reader/writer, and a tag. Among them, the server is used to obtain the authentication result of the reader to the tag, and when the authentication result is successful, it assists the tag to obtain the authentication result of the tag to the reader, so as to complete the two-way authentication between the reader and the tag.

The specific process of step 201 is as follows: the server receives the first parameter C1, the random number N, the tag account address TAddress and the reader account address RAddress sent by the reader/writer.

The specific process of step 202 is: traverse the blockchain maintained by itself, and if the tag account address TAddress is stored in the blockchain, take out the tag account balance balanceBC from the blockchain, and based on XOR operation and one-way hash operation , according to the received tag account address TAddress, account balance balanceBC and random number N, calculate and generate the second parameter C2, the specific calculation formula is as follows:

C2=H(TAddress⊕balanceBC⊕N);

Among them, ⊕ is the XOR operation, and H() is the one-way hash operation.

The specific process of step 203 is as follows: the server compares the first parameter C1 and the second parameter C2, and if the comparison result is that the two are equal, it is determined that the reader has successfully authenticated the tag this time. And based on XOR operation and one-way hash operation, according to the tag account balance balanceBC and random number N, calculate and generate the third parameter C3, and send the third parameter C3 to the reader, so that the reader can use the third parameter C3 is forwarded to the tag, so that the tag obtains the authentication result of the tag to the reader based on the received third parameter C3. Among them, the specific calculation formula of the third parameter C3 is as follows:

C3=H(balanceBC⊕N);

Among them, ⊕ is the XOR operation, and H() is the one-way hash operation.

It should be noted that, in the embodiment of the present invention, the blockchain technology and the RFID technology are combined, and the server in the RFID operates as a node in the blockchain, and all nodes (ie, servers) in the blockchain jointly maintain the block chain. chain. For a server, it contains a collection of tags and reader-related accounts that all nodes can access.

The generation process of the tag account address TAddress is as follows: use the tag ID as the password, use the blockchain to generate the public key address, and use the public key address as the tag account address. The generation process of the reader account address RAddress is as follows: using the reader ID as the password, use the blockchain to generate the public key address, and use the public key address as the reader account address. Each tag stores its own {TAddress, balance}, and each reader stores its own RAddress. The account balance balanceBC of each tag in the blockchain is initialized to a random number between (0,10), and the balance value stored in the tag, that is, the tag balance balance, is initialized to balanceBC+M. Among them, M is the amount of each transaction between the tag account and the reader account.

The method provided by the embodiment of the present invention combines the blockchain technology with the RFID technology. Since the blockchain is essentially a distributed ledger maintained by each node in the network, the method provided by the embodiment of the present invention can be completed in Secure authentication while guaranteeing the privacy of each tag in the absence of databases and trusted third parties. Complete resistance to common attacks (such as replay attacks, active attacks, Dos attacks, desynchronization attacks), and eradicate all potential database attacks without using any additional protection techniques; Communication records are traceable and unmodifiable; moreover, each subsystem in the distributed system has its own secret tag information, which is not contained in the server. Insensitive label information is shared between subsystems for subsequent operations without the need for a central server or trusted third party.

Based on the foregoing embodiment, the method provided by this embodiment further includes:

If it is known that the first parameter C1 is equal to the second parameter C2, it is determined that the last authentication process was abnormal and recorded in the blockchain maintained by itself; wherein, the abnormality of the authentication process is that the authentication message is lost or intercepted.

Specifically, if the server learns that the first parameter C1 is equal to the second parameter C2, it determines that the reader has successfully authenticated the tag this time, and determines that the last authentication process was abnormal, and records it in the blockchain it maintains.

Based on the foregoing embodiment, the method provided by this embodiment further includes:

If it is known that the first parameter C1 and the second parameter C2 are not equal, the fourth parameter C4 is generated according to the tag account address TAddress, the tag account balance balanceBC, the transaction amount M and the random number N.

If it is known that the first parameter C1 is equal to the fourth parameter C4, it is determined that the reader has successfully authenticated the tag this time, and the last authentication process was normal, and the tag account balance balanceBC is updated according to the transaction amount M, and according to the updated The tag account balance balanceBC and the random number N generate the fifth parameter C5 and send it to the tag through the reader, so that the tag obtains the authentication result of the tag to the reader based on the fifth parameter C5.

Specifically, if the server finds that the first parameter C1 and the second parameter C2 are not equal by comparing the two, it generates the fourth parameter C4, and obtains the authentication result of the tag result amount by the reader based on the fourth parameter C4. Among them, the calculation formula of the fourth parameter C4 is:

C4=H(TAddress⊕(balanceBC⊕M)⊕N)

Among them, ⊕ is the XOR operation, and H() is the one-way hash operation.

After the server generates the fourth parameter C4, it compares the first parameter C1 with the fourth parameter C4. If the two are equal, it is determined that the reader has successfully authenticated the tag, and the fifth parameter C5 is generated and sent to the reader for The reader is made to forward the fifth parameter C5 to the tag, so that the tag obtains the authentication result of the tag to the reader based on the fifth parameter C5. Among them, the calculation formula of the fifth parameter C5 is:

C5=H(balanceBC'⊕N)

Among them, ⊕ is the XOR operation, H() is the one-way hash operation, and balanceBC' is the updated label account balance obtained after updating the label account balance balanceBC according to the transaction amount M.

Based on the foregoing embodiment, the method provided by this embodiment further includes:

If it is known that the first parameter C1 and the second parameter C2 are equal, the label account balance balanceBC remains unchanged.

If it is known that the first parameter C1 and the fourth parameter C4 are equal, the account balance balanceBC is updated according to the transaction amount M.

Specifically, if the server learns that the first parameter C1 and the second parameter C2 are equal or the first parameter C1 and the fourth parameter C4 are equal, it determines that the reader/writer has successfully authenticated the tag. Wherein, if C1==C2, balanceBC remains unchanged, and if C1==C4, balanceBC is updated to be balanceBC'=balanceBC+M.

Based on the foregoing embodiment, the method provided by this embodiment further includes:

If it is learned that the first parameter C1 and the fourth parameter C4 are not equal, it is determined that the reader/writer fails to authenticate the tag.

Based on the foregoing embodiment, the method provided by this embodiment further includes:

If it is known that the tag account address TAddress is not stored in the blockchain, it is determined that the reader has failed to authenticate the tag.

FIG. 3 is a flowchart of an RFID two-way authentication method provided according to another embodiment of the present invention, the execution subject of which is a tag. As shown in FIG. 3 , the method includes:

301: If the first parameter C1 is equal to the second parameter C2, receive the third parameter C3 sent by the server.

302: Based on the third parameter C3, obtain the authentication result of the tag to the reader.

The third parameter C3 is generated according to the tag account balance balanceBC and the random number N, the first parameter C1 is sent by the reader to the server, and the second parameter C2 is generated according to the tag account address TAddress, the tag account balance balanceBC and the random number N.

Specifically, if the server sends the third parameter C3 to the reader/writer, the reader/writer forwards the third parameter C3 to the tag. If the tag receives the third parameter C3, it obtains the authentication result of the tag to the reader based on the third parameter C3, and the authentication result is that the authentication of the tag to the reader succeeds or the authentication fails. It should be noted that each parameter has been described in this embodiment or the above-mentioned embodiment, and details are not repeated here.

Based on the foregoing embodiment, the method provided by this embodiment further includes:

If the first parameter C1 is equal to the fourth parameter C4, receive the fifth parameter C5 sent by the server;

Based on the fifth parameter C5, obtain the authentication result of the tag to the reader;

The fifth parameter C5 is generated according to the updated tag account balance balanceBC and the random number N, and the fourth parameter C4 is generated according to the tag account address TAddress, the tag account balance balanceBC, the transaction amount M and the random number N.

Based on the above embodiment, obtaining the authentication result of the tag to the reader, further comprising:

According to the label balance balance and random number N, obtain the sixth parameter C6;

If it is known that the third parameter C3 and the sixth parameter C6 are equal, or that the fifth parameter C5 and the sixth parameter C6 are equal, it is determined that the tag has successfully authenticated the reader. Otherwise, it is determined that the tag has failed to authenticate the reader, and the tag refuses to communicate further. The specific calculation formula of the sixth parameter C6 is as follows:

C6=H(balance⊕N);

Among them, ⊕ is the XOR operation, and H() is the one-way hash operation.

Based on the foregoing embodiment, the method provided by the embodiment of the present invention further includes:

If the tag is successfully authenticated to the reader, the tag balance is updated according to the transaction amount M. The specific update formula is:

balance'=balance+M

Based on the foregoing embodiment, the third parameter C3 sent by the receiving server or the fifth parameter C5 sent by the receiving server further includes:

Receive the random number N sent by the reader; generate the first parameter C1 according to the tag account address TAddress, the tag balance balance and the random number N; send the first parameter C1 and the tag account address TAddress to the reader to enable reading and writing The reader sends the first parameter C1, the random number N, the tag account address TAddress and the reader account address RAddress to the server.

In order to better illustrate the solutions of the embodiments of the present invention, the following specific examples are used to illustrate:

Fig. 4 is a block chain-based multi-department cooperation distributed RFID system architecture diagram provided according to an embodiment of the present invention. As shown in Fig. 4, the method provided by the embodiment of the present invention is applied in the following fields:

A company has multiple departments or branches, especially some of them are scattered in different regions or even in different countries, and it is difficult for the internal network to connect with each other. Take the RFID-based personnel access control system as an example, which requires high security, but low real-time and throughput requirements. Each department has a sensitive table of <Real Objects - Tag IDs> which cannot be known by other departments. However, the operation and management of the company requires the department to share some information of the tag in order to complete the RFID certification process. So how to ensure the privacy of the department while meeting the actual needs of the company is the requirement that the new RFID system and protocol should achieve. Moreover, the synchronization problem in distributed RFID systems also needs to be solved urgently when new tags are added or authentication messages are updated every round.

In the embodiment of the present invention, a private blockchain is sufficient to meet the requirements of the above-mentioned in-company RFID system. In this case, multiple departments work together to maintain a private blockchain and perform the same authentication protocol process. This system model ensures that non-sensitive label information is shared for authentication while protecting confidential label information within the department with the following settings:

(1) Each department has several servers running as nodes on the blockchain, and each node contains a batch of tags and reader-related accounts that all nodes can access.

(2) With the tag or reader ID as the password, the blockchain will generate a 20-byte public key address as the account identifier (in Ethereum). The respective <real object-ID-account address> mapping table of each department is stored in a secret location away from the entire system, and it is impossible to deduce the association between real IDs and account addresses.

Based on the system architecture diagram shown in FIG. 4 , the following describes the blockchain-based mutual authentication RFID protocol proposed by the embodiment of the present invention. The symbols used in the RFID protocol are described in Table 1, and the protocol diagram is shown in Table 5. Table 1 shows the protocol in the protocol. A description table of symbols used, FIG. 5 is a diagram of a mutual authentication RFID protocol provided according to an embodiment of the present invention. The specific process is as follows:

(1) Initialization phase: In the initialization phase, the tag or reader ID is used as the password, and the blockchain generates the public key address as the account identifier. Each tag stores a tuple {TAddress, balance} and each reader stores RAddress. Since the reader is the initiator of the entire protocol, its account must have an initial balance, which can be achieved by default before the protocol starts. The real balance (balanceBC) of each tag account in the blockchain is initialized as a random number between (0, 10), and the account balance (balance) stored in the tag is initialized as balanceBC+M.

(2) Certification stage:

(a) Reader: The reader generates a random number N and sends it to the tag.

(b) Tag: The tag calculates C1=H(TAddress⊕balance⊕N), and sends (C1, TAddress) back to the reader.

(c) Reader: The reader sends (C1, N, TAddress, RAddress) to the server for tag authentication.

(d) Server: After the server receives (C1, N, TAddress, RAddress) from the reader, it first checks whether TAddress exists. If TAddress does not exist, tag authentication fails and the server stops the session. Otherwise, query the balanceBC of the label account corresponding to TAddress, and then perform the following steps.

Judgment: The server calculates C2=H(TAddress⊕balanceBC⊕N). If C1==C2, it means that the last message of the last authentication is lost or intercepted by the attacker; if C1≠C2, the server calculates C4=H(TAddress(balanceBC⊕M)⊕N). If C1==C4, it means that the last authentication is complete. If the above two conditions are not met, the tag authentication fails, the server stops the session, and the following steps update, send, e) and f) are no longer performed.

Update: If the comparison result in the previous step is C1==C2, record the interception record related to the label account in the blockchain, and balanceBC remains unchanged (ie balanceBC'=balanceBC). The server calculates C3=H(balanceBC⊕N), and sends C3 to the reader. If the comparison result is C1==C4, the server will unlock the reader's account, send M from the reader's account to the tag, and update balanceBC (ie balanceBC'=balanceBC+M). The server calculates C5=H(balanceBC'⊕N), and sends C5 to the reader.

(e) Reader: The reader receives C3 (or C5) and forwards it to the tag.

(f) Label: The label calculates C6=H(balance⊕N) and checks whether the equation C6==C3 (or C5) holds. If so, the tag successfully authenticates the reader and updates balance'=balance+M. If not, authentication fails and the tag rejects further communication.

Table 1 Symbol description table used in the protocol

The key point of the embodiments of the present invention is that the embodiments of the present invention provide a new distributed RFID bidirectional authentication security protocol based on blockchain. Since the blockchain is essentially a distributed ledger maintained by each node in the network, the protocol provided by the embodiment of the present invention can ensure that each department does not have a database and a trusted third party while completing security authentication privacy.

The beneficial effects of the embodiments of the present invention are as follows:

This agreement ensures the privacy of each department: since the agreement only involves the address and balance of the label account, and the <real object-ID-account address> mapping table of each department can only be stored by itself, so sensitive ID-related information does not The information used in the protocol is leaked, which guarantees the privacy of the department.

This protocol guarantees the following security: tag anonymity, tag availability, forward security, resistance to replay attacks, resistance to active attacks, partial protection of tag untraceability. The specific analysis is as follows.

(1) Tag anonymity: In the protocol provided by the embodiment of the present invention, the real ID of the tag is anonymized as the account address (TAddress) on the blockchain in the initialization stage. During the authentication process, each message is protected by a one-way hash function assisted by a random number N, so this protocol can preserve the anonymity of the tag.

(2) Tag availability: Tag availability usually includes resistance to DoS attacks and resistance to desynchronization attacks. In the protocol provided by the embodiment of the present invention, the tag does not need to have the function of generating random numbers, so the service will not be refused because the random numbers are exhausted. In addition, even if the last reader verification message is lost or intercepted by an attacker, it will not cause the tag information to get out of sync with the blockchain. This is because the server will judge whether C1 is consistent with C2 or C4, in both cases, the tag can be verified regardless of whether the tag has received the message before.

(3) Forward security: The protocol implements forward security because the tag will XOR TAddress, N, and balance before hashing. Since N and balance will change in each round, even if the attacker knows the current balance and N, he will not know the hash result of the previous one, which guarantees forward security.

(4) Resist replay attack: Similar to forward security, the reader will generate a new random number N in each round, and the balanceBC and balance will also change. So even if the attacker eavesdropped on all the messages from the previous round, he would not be able to pass the authentication by replaying the messages.

(5) Resist active attack: Consider that the attacker can actively challenge the tag with a random number N', and then get the response {C1'=H(TAddress⊕balance⊕N'), TAddress} from the tag. But since hash is a one-way function, he cannot reversely deduce balance from C1'. Therefore, when the legitimate reader uses the random number N to challenge, he cannot construct a correct message and return it to the reader, which means that he cannot pretend to be a legitimate tag for further communication, that is, the protocol provided by the embodiment of the present invention is completely Resist active attack.

(6) Tag untraceability: Strictly speaking, the protocol provided by the embodiment of the present invention may suffer from tracking attacks. Because it uses the same TAddress in every authentication. But even if an attacker finds the same TAddress twice, he cannot deduce the real ID number of the tag, which means that this protocol guarantees that the tag is untraceable to some extent.

FIG. 6 is a structural block diagram of a server according to an embodiment of the present invention. As shown in FIG. 6 , the device includes: a processor 601, a memory 602, and a bus 603; wherein the processor 601 and the memory 602 complete mutual communication through the bus 603; the processor 601 is configured to call program instructions in the memory 602 to execute the methods provided by the above method embodiments, for example, including: receiving The first parameter C1, random number N, tag account address TAddress and reader account address RAddress sent by the reader; if it is known that the tag account address TAddress is stored in the blockchain it maintains The account balance balanceBC and the random number N are used to generate the second parameter C2; if the first parameter C1 and the second parameter C2 are known to be equal, it is determined that the reader has successfully authenticated the tag, and based on the tag account balance balanceBC and the random number N, The third parameter C3 is generated and sent to the tag through the reader, so that the tag obtains the authentication result of the tag to the reader based on the third parameter C3.

FIG. 7 is a structural block diagram of a tag provided according to an embodiment of the present invention. As shown in FIG. 7 , the device includes: a processor (processor) 701, a memory (memory) 702, and a bus 703; wherein, the processor 701 and the memory 702 complete mutual communication through the bus 703; the processor 701 is configured to call program instructions in the memory 702 to execute the methods provided by the above method embodiments, for example, including: if If the first parameter C1 is equal to the second parameter C2, the third parameter C3 sent by the server is received; based on the third parameter C3, the authentication result of the tag to the reader is obtained.

An embodiment of the present invention discloses a computer program product, where the computer program product includes a computer program stored on a non-transitory computer-readable storage medium, the computer program includes program instructions, and when the program instructions are executed by a computer, The computer can execute the methods provided by the above method embodiments, for example, including: receiving the first parameter C1, the random number N, the tag account address TAddress and the reader account address RAddress sent by the reader/writer; If the tag account address TAddress is stored in the chain, the second parameter C2 is generated according to the tag account address TAddress, the tag account balance balanceBC and the random number N; if it is known that the first parameter C1 is equal to the second parameter C2, it is determined that this read/write The device authenticates the tag successfully, and according to the tag account balance balanceBC and random number N, generates the third parameter C3 and sends it to the tag through the reader, so that the tag obtains the authentication result of the tag to the reader based on the third parameter C3.

An embodiment of the present invention discloses a computer program product, where the computer program product includes a computer program stored on a non-transitory computer-readable storage medium, the computer program includes program instructions, and when the program instructions are executed by a computer, The computer can execute the methods provided by the above method embodiments, for example, including: if the first parameter C1 and the second parameter C2 are equal, receiving the third parameter C3 sent by the server; based on the third parameter C3, obtaining the tag pair reader certification result.

Embodiments of the present invention provide a non-transitory computer-readable storage medium, where the non-transitory computer-readable storage medium stores computer instructions, and the computer instructions cause the computer to execute the methods provided by the foregoing method embodiments, for example Including: receiving the first parameter C1, random number N, tag account address TAddress and reader account address RAddress sent by the reader; TAddress, tag account balance balanceBC and random number N, generate the second parameter C2; if it is known that the first parameter C1 is equal to the second parameter C2, it is determined that the reader has successfully authenticated the tag this time, and based on the tag account balance balanceBC and random number Count N, generate a third parameter C3 and send it to the tag through the reader, so that the tag obtains the authentication result of the tag to the reader based on the third parameter C3.

Embodiments of the present invention provide a non-transitory computer-readable storage medium, where the non-transitory computer-readable storage medium stores computer instructions, and the computer instructions cause the computer to execute the methods provided by the foregoing method embodiments, for example The method includes: if the first parameter C1 is equal to the second parameter C2, receiving the third parameter C3 sent by the server; and obtaining the authentication result of the tag to the reader based on the third parameter C3.

Those of ordinary skill in the art can understand that all or part of the steps of implementing the above method embodiments can be completed by program instructions related to hardware, the aforementioned program can be stored in a computer-readable storage medium, and when the program is executed, execute It includes the steps of the above method embodiments; and the aforementioned storage medium includes: ROM, RAM, magnetic disk or optical disk and other media that can store program codes.

From the description of the above embodiments, those skilled in the art can clearly understand that each embodiment can be implemented by means of software plus a necessary general hardware platform, and certainly can also be implemented by hardware. Based on this understanding, the above-mentioned technical solutions can be embodied in the form of software products in essence or the parts that make contributions to the prior art, and the computer software products can be stored in computer-readable storage media, such as ROM/RAM, magnetic A disc, an optical disc, etc., includes several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to perform the methods described in various embodiments or some parts of the embodiments.

Finally, it should be noted that the above embodiments are only used to illustrate the technical solutions of the present invention, but not to limit them; although the present invention has been described in detail with reference to the foregoing embodiments, those of ordinary skill in the art should understand that it can still be The technical solutions described in the foregoing embodiments are modified, or some technical features thereof are equivalently replaced; and these modifications or replacements do not make the essence of the corresponding technical solutions deviate from the spirit and scope of the technical solutions of the embodiments of the present invention.

Claims (10)

1. a RFID two-way authentication method, is characterized in that, comprises: Receive the first parameter C1, random number N, tag account address TAddress and reader account address RAddress sent by the reader/writer; If it is known that the tag account address TAddress is stored in the blockchain maintained by itself, the second parameter C2 is generated according to the tag account address TAddress, the tag account balance balanceBC and the random number N; If it is known that the first parameter C1 is equal to the second parameter C2, it is determined that the reader has successfully authenticated the tag, and the third parameter C3 is generated according to the tag account balance balanceBC and the random number N and sent to the tag through the reader. In order to make the tag based on the third parameter C3, obtain the authentication result of the tag to the reader; Among them, the first parameter C1 is generated by the tag according to the tag account address TAddress, the tag balance balance and the random number N sent by the reader, the tag account address TAddress is generated by the blockchain according to the tag ID, and the reader account address RAddress is the block Chains are generated based on reader IDs. 2. The method of claim 1, further comprising: If it is known that the first parameter C1 is equal to the second parameter C2, it is determined that the last authentication process was abnormal and recorded in the blockchain maintained by itself; wherein, the abnormality of the authentication process is that the authentication message is lost or intercepted. 3. The method of claim 1, further comprising: If it is known that the first parameter C1 and the second parameter C2 are not equal, the fourth parameter C4 is generated according to the tag account address TAddress, the tag account balance balanceBC, the transaction amount M and the random number N; If it is known that the first parameter C1 is equal to the fourth parameter C4, it is determined that the reader has successfully authenticated the tag this time, and the last authentication process was normal, and the tag account balance balanceBC is updated according to the transaction amount M, and according to the updated The tag account balance balanceBC and the random number N generate the fifth parameter C5 and send it to the tag through the reader, so that the tag obtains the authentication result of the tag to the reader based on the fifth parameter C5. 4. The method of claim 3, further comprising: If it is known that the first parameter C1 is equal to the second parameter C2, the label account balance balanceBC remains unchanged; If it is known that the first parameter C1 and the fourth parameter C4 are equal, the account balance balanceBC is updated according to the transaction amount M. 5. The method of claim 3, further comprising: If it is learned that the first parameter C1 and the fourth parameter C4 are not equal, it is determined that the reader/writer fails to authenticate the tag. 6. The method of claim 1, further comprising: If it is known that the tag account address TAddress is not stored in the blockchain, it is determined that the reader has failed to authenticate the tag. 7. an RFID two-way authentication method, is characterized in that, comprises: If the first parameter C1 is equal to the second parameter C2, receive the third parameter C3 sent by the server via the reader; Based on the third parameter C3, obtain the authentication result of the tag to the reader; The third parameter C3 is generated by the server according to the tag account balance balanceBC and the random number N, the first parameter C1 is sent by the reader to the server, and the second parameter C2 is generated by the server according to the tag account address TAddress, the tag account balance balanceBC and the random number N is generated; the first parameter C1 is generated by the tag account address TAddress, the tag balance balance and the random number N sent by the reader, and the tag account address TAddress is generated by the blockchain according to the tag ID. 8. The method of claim 7, further comprising: If the first parameter C1 is equal to the fourth parameter C4, receive the fifth parameter C5 sent by the server; Based on the fifth parameter C5, obtain the authentication result of the tag to the reader; The fifth parameter C5 is generated according to the updated tag account balance balanceBC and the random number N, and the fourth parameter C4 is generated according to the tag account address TAddress, the tag account balance balanceBC, the transaction amount M and the random number N. 9. The method according to claim 8, wherein obtaining the authentication result of the tag to the reader, further comprising: According to the label balance balance and random number N, obtain the sixth parameter C6; If it is known that the third parameter C3 and the sixth parameter C6 are equal, or that the fifth parameter C5 and the sixth parameter C6 are equal, it is determined that the tag has successfully authenticated the reader. 10. The method of claim 7, further comprising: If the tag is successfully authenticated to the reader, the tag balance is updated according to the transaction amount M.

Images