CN110427748A - A kind of method and system for authen session - Google Patents
A kind of method and system for authen session Download PDFInfo
- Publication number
- CN110427748A CN110427748A CN201910623295.0A CN201910623295A CN110427748A CN 110427748 A CN110427748 A CN 110427748A CN 201910623295 A CN201910623295 A CN 201910623295A CN 110427748 A CN110427748 A CN 110427748A
- Authority
- CN
- China
- Prior art keywords
- message
- label
- reader
- cloud
- random number
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
- G06F21/445—Program or device authentication by mutual authentication, e.g. between devices or programs
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06K—GRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
- G06K19/00—Record carriers for use with machines and with at least a part designed to carry digital markings
- G06K19/06—Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code
- G06K19/067—Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components
- G06K19/07—Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components with integrated circuit chips
- G06K19/073—Special arrangements for circuits, e.g. for protecting identification code in memory
- G06K19/07309—Means for preventing undesired reading or writing from or onto record carriers
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06K—GRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
- G06K7/00—Methods or arrangements for sensing record carriers, e.g. for reading patterns
- G06K7/10—Methods or arrangements for sensing record carriers, e.g. for reading patterns by electromagnetic radiation, e.g. optical sensing; by corpuscular radiation
- G06K7/10009—Methods or arrangements for sensing record carriers, e.g. for reading patterns by electromagnetic radiation, e.g. optical sensing; by corpuscular radiation sensing by radiation using wavelengths larger than 0.1 mm, e.g. radio-waves or microwaves
- G06K7/10257—Methods or arrangements for sensing record carriers, e.g. for reading patterns by electromagnetic radiation, e.g. optical sensing; by corpuscular radiation sensing by radiation using wavelengths larger than 0.1 mm, e.g. radio-waves or microwaves arrangements for protecting the interrogation against piracy attacks
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- General Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Toxicology (AREA)
- Health & Medical Sciences (AREA)
- Artificial Intelligence (AREA)
- Computer Vision & Pattern Recognition (AREA)
- General Health & Medical Sciences (AREA)
- Electromagnetism (AREA)
- Microelectronics & Electronic Packaging (AREA)
- Storage Device Security (AREA)
Abstract
This application involves the method and systems for authen session.One embodiment of the application provides a kind of method for authen session comprising: the first random number is generated by reader, and will inquire that message is sent to label based on first random number;Second random number is generated by the label, and is based on first random number, the second random number and session sequence number, to generate first message and the first message is sent to the reader;A part in the first message is sent to cloud by the reader;The cloud sends second message and third random number to the reader;Whether the reader verifies the label based on the first message and the second message legal;Label and key information are updated by the reader, generate third message, and the third message and upgrade database message are sent to cloud, the reader sends the 4th message and the number to the label.
Description
Technical field
This application involves the data safety communications field more particularly to car networking wireless data secure communications.
Background technique
1999, General Corporation announced research and development intelligent vehicle-mounted system-OnStar, system collection navigation, amusement and relief
One is served, earliest car networking blank is acknowledged as.2009, in the radio frequency identification (radio that Shanghai is held
Frequency identification devices, RFID) in technology development seminar, propose intelligent transportation and car networking
Concept, enter China so far from the concept of car networking, researcher has increasing nothing to the attention rate of car networking and car networking technology
Subtract.Not only automobile industry generally has an optimistic view of car networking and its application, and many Internet companies also enter car networking field, such as hundred one after another
Carlife, Tencent's car networking platform, the CarPlay of apple, Google Android Auto of degree etc..Car networking mainly will be first
Into sensing technology, the communication technology, network transmission technology and big data technology etc. organically combine, be applied to traffic fortune
Defeated management system, to establish the intelligent transportation system of a set of real-time high-efficiency.Car networking may be implemented GPS navigation, automatic parking,
The service such as multimedia video amusement, fault diagnosis, realizes high-precision automatic Pilot, reduces congestion in road, improves vehicle operation
Efficiency promotes passenger's trip satisfaction.RFID has automatic identification, data sharing, long-range as a kind of excellent sensing equipment
The functions such as positioning, have been widely used in car networking system.
Although automatic identification target may be implemented in RFID technique, while having both the features such as cheap, quick, performance is stablized again,
But RFID technique belongs to wireless communication, therefore the data in channel are easy to expose, so that the safe prestige that there are many systems face
The side of body, therefore RFID system based on cloud encounters many technological challenges during deployment, technical innovation be there is an urgent need to
's.RFID is solved by way of design safety authentication protocol applies the Privacy Protection under cloud environment to have always been considered as
It is effective means.Under cloud environment complicated and changeable, design a kind of safe and reliable authentication protocol, both can effectively by
The storage capacity of cloud computing, and can ensure the personal secrets of label and reader.
Summary of the invention
One embodiment of the application discloses a kind of method for authen session comprising: the is generated by reader
One random number, and will inquire that message is sent to label based on first random number;In response to the inquiry message, by the mark
Label generate the second random number, and are based on first random number, the second random number and session sequence number, to generate first message
And the first message is sent to the reader;A part in the first message is sent to cloud by the reader
End;If a part of first response message be it is legal, the cloud sends second message and third random number extremely
The reader;Whether the reader verifies the label based on the first message and the second message legal;
If the label is legal, label and key information are updated by the reader, generate third message, and the third is disappeared
Breath and upgrade database message are sent to cloud, wherein the upgrade database message be based on the updated label and
What the updated key information generated;If the third message is proved to be successful through the cloud, institute is inquired in the cloud
It states upgrade database message and database is written into the upgrade database message, while upgrading label and sending a number to institute
State reader;The reader sends the 4th message and the number to the label;And the label executes upgrading simultaneously
Verify the reader.
Another embodiment of the application discloses a kind of system for authen session comprising: reader, label with
And cloud;Wherein the system is configured to: generating the first random number by the reader, and will based on first random number
Inquiry message is sent to the label;In response to the inquiry message, the second random number is generated by the label, and based on described
First random number, the second random number and session sequence number, to generate first message and be sent to the first message described
Reader;A part in the first message is sent to the cloud by the reader;If first response message
A part be it is legal, the cloud sends second message and third random number to the reader;The reader base
It is whether legal to verify the label in the first message and the second message;If the label is legal, by described
Reader updates label and key information, generates third message, and the third message and upgrade database message are sent out
It send to cloud, wherein the upgrade database message is produced based on the updated label and the updated key information
Raw;If the third message is proved to be successful through the cloud, the cloud inquires the upgrade database message and by institute
Upgrade database message write-in database is stated, while upgrading label and sending a number to the reader;The reader hair
Send the 4th message and the number to the label;And the label executes and upgrades and verify the reader.
Detailed description of the invention
Fig. 1 illustrates the RFID car networking system architecture diagram based on cloud of the application.
Fig. 2 illustrates the RFID extra lightweight anonymity secret protection protocol authentication flow chart based on cloud of the application.
Specific embodiment
In order to solve the above-mentioned technical problem, the safety and privacy concern of the application RFID car networking system based on cloud, mentions
A kind of safe and efficient authentication method is gone out.
Vehicle-mounted RFID label tag can perceive neighbouring traffic information, environmental factor etc., and the reader of surrounding can read mark
Information is signed, message is uploaded into cloud using base station and is handled, certification work is completed.Because the privacy information of vehicle can be whenever and wherever possible
It is connected to car networking, other users can obtain related data at any time, at this moment the privacy of user be protected just to be particularly important.
RFID label tag would generally include the sensitive datas such as location information, the information of vehicles even payment accounts of user, these information are all
It is that user is not intended to leakage.Although user wishes to share current traffic information, what user was not intended to stick one's chin out
Identity, so anonymity and untraceable have to meet in car networking.In data processing, all data are all
It is handled in resource pool in cloud, data delay can be eliminated, reduce data-bag lost, and data can be managed collectively.
However cloud service provider be not it is completely believable, the data that store in cloud are again extremely important, these data may include vehicle
Position, payment information and crew member's details, so information, which must encrypt, uploads to cloud.It is new in the application
In protocol method, the application realizes the anonymity and anonymity controlled of vehicle.The case where for inexpensive label, the application adopts
It is the shift operation of extra lightweight, while also uses synchronous upgrade mechanism and key updating mechanism, better solves
Problem of desynchronization.
Fig. 1 illustrates a typical car networking application scenarios.John often drives on and off duty, but unfortunately catches up with friendship
Pass-out row peak, road especially congestion, however he is ready to enjoy the waiting time.He want the road conditions for sharing oneself with other drivers and
Entertainment information, in order to achieve this goal, John are equipped with vehicle-mounted RFID label tag and reader, fine definition and multi-functional aobvious
Show device.Label is responsible for acquiring periphery traffic information, and reader can read automatically and encrypt these information, will by roadside base station
Message uploads to cloud.Since the information of sharing may include private data, it is any that John is not desired to exposure during sharing
In relation to the information of oneself, because once having the key message of vehicle or people to be leaked, he will may maliciously be tracked, or even meeting
Influence safety of person vehicle.Data sharing is the top priority of car networking, if in the case where vehicle is not too many, traditional vehicle connection
Net system will be an effective sharing mode.But work as and the data uploaded is needed to sharply increase, the pressure meeting of background server
It is especially big, it authenticates and shares process for last very long or even delay machine paralysis.Cloud has powerful calculating, storage capacity, cloud
It calculates and the combination of RFID technique will generate tremendous influence to traditional car networking.The car networking system packet that the application is proposed
Include RFID label tag, reader, base station and cloud, it is contemplated that the dynamic characteristic of car networking, the application is using vahicles label and reads
Device is read, and reader can select communication base station according to factors such as signal strength, relative position, the bit error rate and signal-to-noise ratio,
Guarantee that interrupted transmission also may be implemented in signal in the case where vehicle frequently moves.
In order to write convenient and make the scheme of the application as simple as possible, the application has done simplification to some symbols.
Such as it willIt is abbreviated as Rot (Ti j, N), whereinRepresent the identity mark of the jth time session of i-th of label
Know, Num represents current session sequence number.The relevant sensitive information of label is stored in cloud, these information include vehicle
Privacy information, it is necessary to be stored encrypted in Cloud Server, storage format is { Rot (Ti j,N),Rot(Ki j,Ti j), Ki jIndicate i-th
The key information of the jth time session of a label, the key can use during data are further processed or are saved.
Fig. 2 illustrates the RFID extra lightweight anonymity secret protection protocol authentication flow chart based on cloud in the application.Association
View is divided into two stages: initial phase and authentication phase.In initial phase, reader can be randomly assigned one for each label
A session sequence number N is as initial value, while reader can also randomly select key K, label then is written in key K, in this way
Label and reader just have shared session key K.Tag identity identifies Ti jWith shared key Ki jIt can be with the jth of i-th of label
The secondary continuous iteration upgrading of session, with the safety of this anonymity and key that guarantee label, it is ensured that the untraceable sum number of label
According to safety.For Flag as the whether successful flag bit of this session, the value of Flag is initialized to 0, if Flag=0 table
Show that this session is failure, current key and session sequence number can be continued to use next time, and Flag=1 then indicates to work as
Preceding session is successfully that all updating operations normally complete, so key and session sequence number next time must be newest
, it otherwise will cause asynchrony phenomenon.
Specifically, verification process includes the following steps:
(1) request signal query is initiated.Reader generates random number NrAs the challenge to label, label is same at this time
Walk flag bit Flag=0.
(2) label gives a response reader.After label receives request signal, random number N is firstly generatedt, then calculate
Message Rot (Ti j, N),M2=Rot (Ti j||Ki j||Nt,Nr), message after calculating is sent jointly to read
Device.
(3) label relevant information is obtained.It, can be by Rot (T after reader receives tag response signali j, N) and cloud is uploaded to,
Wherein N is current session sequence number, and cloud can be according to index value Rot (Ti j, N) and respective record is searched, if there is legal disappears
Breath, which exists, then returns to Rot (Ki j,Ti j), while cloud can also generate the random number N of oneselfcIt is sent to reader.
(4) reader authentication label.Reader passes through Rot (Ti j,N),Rot(Ki j,Ti j) available Ti jAnd Ki j, then
Use obtained Ti jIt calculatesTherefrom obtain label random number Nt.M2'=is calculated using current existing label information
Rot(Ti j||Ki j||Nt,Nr), the legitimacy of label is verified if M2'==M2, upgrades label and key information Ti j+1=
Rot(Ti j,N+1),Ki j+1=Rot (Ki j,Ti j+1), upgrade cloud database information { Rot using newest label and key information
(Ti j+1,N+1),Rot(Ki j+1,Ti j+1)}。
(5) synchronism between inspection tag and cloud.Reader calculated message Rot (Rot (Ti j,N),Nc) together with database
Newest upgrading message { Rot (Ti j+1,N+1),Rot(Ki j+1,Ti j+1) one piece be sent to cloud.Cloud can first verify that Rot
(Rot(Ti j,N),Nc) correctness, if message correctly if attempt to inquire next validation record { Rot (Ti j+1,N+1),Rot
(Ki j+1,Ti j+1), and if so, lock-out, cloud will continue to successively search for care label end and cloud, until can not
Inquiry record { Rot (Ti j+m,N+m),Rot(Ki j+m,Ti j+m) and in record write-in database, wherein the value of m are as follows: m
=1,2,3 ....
(6) upgrade label information and label random number is given a response.After reader receives the message that cloud upgrades successfully,
Send messageTo label, while it can be also attached to x value, x can only be 1 or m here.
(7) label executes updating operation and verification reader.Label can identity from jth+1 time and key information Ti j +1=Rot (Ti j, N+1), Ki j+1=Rot (Ki j,Ti j+1) start to calculate, until calculating identity and key letter to jth+x times
Cease Ti j+x=Rot (Ti j+x-1, N+x), Ki j+x=Rot (Ki j+x-1,Ti j+x).K obtained by calculationi j+xIt calculatesUpgrade K if M4==M4'i,Ti, so far entire certification and escalation process are complete
At session Success Flag position Flag=1.
According to the above method, the technical solution of the application realizes following technical effect:
(1) two-way authentication
In common RFID system, two-way authentication is mainly to ensure that the safety of front end communication channel, i.e. label and reader
Between want the legitimacy that other side's identity can be mutually authenticated.But under RFID application scenarios based on cloud, only realize label and
Two-way authentication between reader be it is inadequate, can just be communicated after should being also mutually authenticated between reader and cloud.This Shen
In scheme please, the receiving end for only possessing correct data and honesty can just provide correct response, if can not verify
The correctness of data, recipient can refuse to communicate.
(2) confidentiality
In car networking system based on cloud, the data stored in the data or cloud either transmitted on link all include
The privacy information of vehicle guarantees the confidentialities of data whereby so must all be encrypted.New agreement is moved using circulation
Bit manipulation encrypts data, and chain road is also encrypted as a result, only legal user can without occurring in plain text, in cloud
Normally to decrypt, valuable information is hardly resulted in message is successfully intercepted and captured by attacker, therefore the scheme of the application can
To ensure the confidentiality of data.
(3) synchronism
Data can acquire in real time and handle shared in car networking system, and tab end and cloud must keep the synchronous of communication
Property just can guarantee the normal work of system.New agreement has perfect synchronization upgrade mechanism, after being mutually authenticated successfully, cloud meeting
It checks synchronism, if cloud finds tab end lock-out, label upgrade signal can be issued, system will be automatically adjusted to
Synchronous regime.For the ease of checking the synchronous regime of system, new agreement is also provided with synchronous mark position Flag, if Flag=0
Then care label and cloud are lock-outs, and Flag=1 then illustrates that current sync state is normal.
(4) anonymity
Anonymous privacy is indispensable in car networking because between vehicle can real time interaction information, these information with
Shi Douhui is connected to network.It can guarantee the anonymity of label and reader in verification process, it is ensured that related hidden with vehicle
Personal letter breath not will be leaked.In the scheme of the application, the true ID of label and reader is that have passed through enciphering transformation ability quilt
Transmission, even if attacker has intercepted and captured current conversation message, can not also infer the identity information of sender of the message, secondly each
The ID of label and key are obtained by ad hoc rules interative computation after success session, can guarantee that each ID is only made in this way
With primary, the tag identity used next time can not be speculated attacker obtains current label ID, ensure that hideing for label
Name property.
(5) forward security
In car networking system based on cloud, attacker have to be understood that the private datas such as vehicle location, communications status, ability
It is effectively tracked, attacker would generally be using the preceding strategy to attack.Attacker may obtain current sessions information, lead to
The session content before the session content that analysis is intercepted and captured smoothly deduces is crossed, to seriously threaten the privacy of user.The application
Scheme used the mechanism of identity upgrading synchronous with key information, in conversation procedure can automatic Iterative upgrading, guarantee to work as
Preceding identity and key are only only used once, and transformation results have more randomness, substantially increase forward security.
(6) anti-forgery attack
Forgery attack is attack form more typical in car networking system, and attacker can forge label or forge and read
Read device.Such attack is difficult to defend, once system safety will successfully be seriously threatened by forging.The scheme of the application has used synchronization
The method of upgrading guarantees the confidentiality of escalation process, while session sequence number being added in message, it is ensured that each session all has
There is randomness, uncertain due to existing, the difficulty of forgery attack will greatly increase.
(7) preventing playback attack
In this wireless network frequently communicated of car networking, attacker is easy to intercept and capture the authentication information at a certain moment,
Recipient can be transmitted the messages to always later, success can be authenticated if message does not change.In this application, label, read
Read label information and key that device and cloud can generate random number as challenging value and be sent to recipient, while including in message
Also can constantly change, it is ensured that the randomness of message.The message that success identity is crossed will be dropped after using, therefore even if
Attacker intercepts current legitimate authentication message and is also impossible to complete Replay Attack.
(8) anti-DoS (Denial of Service) attack
In car networking system based on cloud, DoS attack can cause serious consequence to system, consume a large amount of server
Resource can not provide service for normal users, greatly reduce access efficiency.DoS attack is often as having used enumerating and search
The mode of rope carries out the certification of user, and the scheme of the application is directed to the requirement of inexpensive label, in conjunction with the communication of car networking system
Feature devises new storage format { Rot (Ti j,N),Rot(Ki j,Ti j), Rot (Ti j, N) and it can be used as unique call number
Certification request is initiated, subsequent operation is carried out when then thinking that label is legal there are identical call number in database, otherwise will refuse
Service absolutely.Illegal user can be kept outside of the door in the initial period of certification, save a large amount of calculate for legitimate user and provide
Source greatly reduces communication overhead, therefore can be effective against DoS attack.
The scheme of the application since new agreement is extra lightweight RFID authentication protocol based on cloud, with extra lightweight RFID
Authentication protocol and RFID authentication protocol based on cloud are compared, hereinafter from scheme complexity, Encryption Algorithm and authentication mode
Etc. analyze the technical effect of the application.
Hereinafter what is involved is the computing costs that once success session is related in ideal conditions, storage overhead and logical
Believe expense.Assuming that the signal of communication length of each agreement and the algorithm used be it is identical, the performance and efficiency of agreement compare
The results are shown in Table 1, wherein " √ " indicates to meet, "×" foot with thumb down is not involved with the problem, N in " * " presentation protocol
Number of labels in expression system.
The performance of the anonymous secret protection agreement based on cloud of table 1 compares
As can be seen from the above table, SASI (Strong Authentication and Strong Integrity) agreement and
The search complexity of Gossamer agreement is all O (N), therefore in verification process, and database must rely on the side of force search
Formula matches label information, if number of labels is huge, the working efficiency of agreement can be very low, it is easy to by DoS attack.
SASI agreement and Gossamer agreement are all no back-end server structures, and the communication party in scheme is label and reader, because
This agreement can support offline authentication, but as the application scenarios of offline authentication are fewer and fewer, pervasive certification is only from now on
Development trend.Two agreements are all using bit bit arithmetic without using complicated encryption and decryption, especially Gossamer association
View has used for the first time obscures bit arithmetic, and the operating efficiency of such operation is very high, establishes for the design of later extra lightweight agreement
Basis.The search complexity of new agreement is (1) O, and accurate call number Rot (T can be usedi j, N) and corresponding to inquire and match
Content avoids the authentication mode for enumerating search, therefore the scalability of agreement is got well than other agreements, is more suitable for being deployed in vehicle connection
In system that is extensive and needing real-time monitoring as net.Agreement does not use hash algorithm and enciphering and deciphering algorithm, only
Simple logic bit arithmetic has been used, although such operation is simple to operation, the safety of data has been may insure, is more suitable for
The large-scale application scene of inexpensive label.
Xie agreement, Sarah agreement and Dong agreement are all based on the RFID authentication protocol of cloud, powerful by cloud
Search complexity is reduced to O (1) while calculating with storage capacity, the scalability of scheme is better than other agreements very much.This
A little agreements are all based on hash function and enciphering and deciphering algorithm to realize, if requiring label that can complete Hash operation and plus solution
The efficiency of close operation, scheme will have a greatly reduced quality.In addition to this, the lower deployment cost of these schemes is higher, is not suitable for very much big rule
Mould is applied in car networking system, is had a large amount of data and is poured in system, either amount of access or download all will be magnanimity
Data, if using peak time in system, each label and reader will execute encryption and decryption operation, and resource consumption can be suitable
Seriously, user experience can be very poor.
The technical solution of the application is also based on cloud, in order to solve the problems, such as that inexpensive label resources are limited, uses
The bit arithmetic of lightweight better adapts to the application scenarios of car networking.It is obtained since verification process requires connect to cloud, so
Agreement is not support offline authentication, but this influence for system and little.In conclusion the application meets car networking field
Demand for security under scape, while efficiency is also very high, therefore has development and application prospect well.
In one embodiment, this application provides a kind of methods for authen session comprising: it is generated by reader
First random number (such as: Nr), and based on first random number will inquire message (such as: query) be sent to label;Response
In the inquiry message, by the label generate the second random number (such as: Nt), and based on first random number, second with
Machine number and session sequence number (such as: N), come generate first message (such as: Rot (Ti j, N),M2=
Rot(Ti j||Ki j||Nt,Nr)) and the first message is sent to the reader;The reader is by the first message
In a part (such as: Rot (Ti j, N)) it is sent to cloud;If a part of first response message is legal, institute
State cloud send second message (such as: Rot (Ki j,Ti j)) and third random number (such as: Nc) to the reader;It is described to read
Whether reading device verifies the label based on the first message and the second message legal;If the label is legal,
Label and key information are updated by the reader, generate third message (such as: Rot (Rot (Ti j,N),Nc)), and by institute
It states third message and upgrade database message is sent to cloud, wherein the upgrade database message is updated based on described
Label and the updated key information generate;If the third message is proved to be successful through the cloud, the cloud
End inquires the upgrade database message and database is written in the upgrade database message, while upgrading label and sending one
Number is to the reader;The 4th message of the reader transmission (such as:) and it is described
Number is to the label;And the label executes and upgrades and verify the reader.
In one embodiment, if session authentication success, by the flag value of the session, such as: Flag, from 0
It is set as 1.
In one embodiment, wherein the first message, the second message, the third message and the described 4th
Message is all made of circulative shift operation and is encrypted.
In one embodiment, wherein the upgrade database message includes that the session sequence number is increased by 1.
In one embodiment, wherein the 4th message includes indicating the serial number of newest validation record.
In another embodiment, this application provides a kind of systems for authen session comprising: reader, mark
Label and cloud;The method in the technical solution of the application can be implemented in the system.
Although embodiment described herein can have various modifications and alternative form, specific embodiment is in schema
In by example show and be described in detail herein.The present invention is not limited to revealed particular forms.The present invention
Cover all modifications, equivalent and the substitution fallen within as in the spirit and scope of the present invention that are defined by the claims.
Claims (10)
1. a kind of method for authen session comprising:
First random number is generated by reader, and will inquire that message is sent to label based on first random number;
In response to the inquiry message, the second random number is generated by the label, and at random based on first random number, second
Several and session sequence number, to generate first message and the first message is sent to the reader;
A part in the first message is sent to cloud by the reader;
If a part of first response message be it is legal, the cloud sends second message and third random number extremely
The reader;
Whether the reader verifies the label based on the first message and the second message legal;
If the label is legal, label and key information are updated by the reader, generate third message, and by described the
Three message and upgrade database message are sent to cloud, wherein the upgrade database message is based on the updated mark
What label and the updated key information generated;
If the third message is proved to be successful through the cloud, the cloud inquires the upgrade database message and will be described
Database is written in upgrade database message, while upgrading label and sending a number to the reader;
The reader sends the 4th message and the number to the label;And
The label, which executes, to be upgraded and verifies the reader.
2. according to the method described in claim 1, wherein if session authentication success, by the flag value of the session from 0
It is set as 1.
3. according to the method described in claim 1, wherein the first message, the second message, the third message and
4th message is all made of circulative shift operation and is encrypted.
4. according to the method described in claim 1, wherein the upgrade database message includes increasing the session sequence number
1。
5. according to the method described in claim 1, wherein the 4th message includes indicating the serial number of newest validation record.
6. a kind of system for authen session comprising:
Reader, label and cloud;
Wherein the system is configured to:
First random number is generated by the reader, and will inquire that message is sent to the label based on first random number;
In response to the inquiry message, the second random number is generated by the label, and at random based on first random number, second
Several and session sequence number, to generate first message and the first message is sent to the reader;
A part in the first message is sent to the cloud by the reader;
If a part of first response message be it is legal, the cloud sends second message and third random number extremely
The reader;
Whether the reader verifies the label based on the first message and the second message legal;
If the label is legal, label and key information are updated by the reader, generate third message, and by described the
Three message and upgrade database message are sent to cloud, wherein the upgrade database message is based on the updated mark
What label and the updated key information generated;
If the third message is proved to be successful through the cloud, the cloud inquires the upgrade database message and will be described
Database is written in upgrade database message, while upgrading label and sending a number to the reader;
The reader sends the 4th message and the number to the label;And
The label, which executes, to be upgraded and verifies the reader.
7. system according to claim 6, wherein if session authentication success, by the flag value of the session from 0
It is set as 1.
8. system according to claim 6, wherein the first message, the second message, the third message and
4th message is all made of circulative shift operation and is encrypted.
9. system according to claim 6, wherein the upgrade database message includes increasing the session sequence number
1。
10. system according to claim 6, wherein the 4th message includes indicating the serial number of newest validation record.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910623295.0A CN110427748A (en) | 2019-07-11 | 2019-07-11 | A kind of method and system for authen session |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910623295.0A CN110427748A (en) | 2019-07-11 | 2019-07-11 | A kind of method and system for authen session |
Publications (1)
Publication Number | Publication Date |
---|---|
CN110427748A true CN110427748A (en) | 2019-11-08 |
Family
ID=68410430
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910623295.0A Withdrawn CN110427748A (en) | 2019-07-11 | 2019-07-11 | A kind of method and system for authen session |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110427748A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113645250A (en) * | 2021-08-20 | 2021-11-12 | 徐州医科大学 | Chinese herbal medicine traceability platform RFID protocol method based on cloud |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20120211569A1 (en) * | 2010-11-22 | 2012-08-23 | Mark Stanley Krawczewicz | RFID Display Label For Battery Packs |
CN106339652A (en) * | 2016-08-26 | 2017-01-18 | 中国重汽集团济南动力有限公司 | RFID (radio frequency identification) device for internet-of-vehicle terminal |
-
2019
- 2019-07-11 CN CN201910623295.0A patent/CN110427748A/en not_active Withdrawn
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20120211569A1 (en) * | 2010-11-22 | 2012-08-23 | Mark Stanley Krawczewicz | RFID Display Label For Battery Packs |
CN106339652A (en) * | 2016-08-26 | 2017-01-18 | 中国重汽集团济南动力有限公司 | RFID (radio frequency identification) device for internet-of-vehicle terminal |
Non-Patent Citations (1)
Title |
---|
王伟: "基于云的RFID认证协议的研究", 《中国优秀硕士学位论文全文数据库信息科技辑》 * |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113645250A (en) * | 2021-08-20 | 2021-11-12 | 徐州医科大学 | Chinese herbal medicine traceability platform RFID protocol method based on cloud |
CN113645250B (en) * | 2021-08-20 | 2022-08-12 | 徐州医科大学 | Chinese herbal medicine traceability platform RFID protocol method based on cloud |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP2667326B1 (en) | Method for dynamic authentication between reader and tag, and device therefor | |
CN104731612B (en) | Mobile equipment safety component software is tied to SIM | |
CN111245837B (en) | Block chain-based vehicle networking data sharing fine-grained access control method | |
Tan et al. | Comments on “dual authentication and key management techniques for secure data transmission in vehicular ad hoc networks” | |
EP3249420A1 (en) | Secure wireless ranging | |
CN109067528A (en) | Crypto-operation, method, cryptographic service platform and the equipment for creating working key | |
CN104767731A (en) | Identity authentication protection method of Restful mobile transaction system | |
KR20210129742A (en) | Cryptographic safety mechanisms for remote control of autonomous vehicles | |
CN107147498B (en) | Authentication method and encryption method for transmitting information in RFID authentication process | |
CN109711218B (en) | Lightweight RFID (radio frequency identification device) rapid authentication method | |
CN109831311A (en) | A kind of server validation method, system, user terminal and readable storage medium storing program for executing | |
CN115396121A (en) | Security authentication method for security chip OTA data packet and security chip device | |
US20120166801A1 (en) | Mutual authentication system and method for mobile terminals | |
CN113595985A (en) | Internet of things security cloud platform implementation method based on state cryptographic algorithm security chip | |
CN103227793A (en) | RFID equipment layer information security transfer method and device based on random sequence | |
CN110572392A (en) | Identity authentication method based on HyperLegger network | |
KR102321405B1 (en) | System and method for providing security service using blockchain and biometric information | |
CN115868189A (en) | Method, vehicle, terminal and system for establishing vehicle safety communication | |
CN110427748A (en) | A kind of method and system for authen session | |
CN105743859B (en) | A kind of method, apparatus and system of light application certification | |
CN110460972A (en) | A method of the lightweight inter-vehicle communication certification towards In-vehicle networking | |
CN115935301A (en) | Application program generation method based on visual configuration, client and development platform | |
CN114065170A (en) | Method and device for acquiring platform identity certificate and server | |
Jia et al. | A Critique of a Lightweight Identity Authentication Protocol for Vehicular Networks. | |
Chen et al. | A rfid authentication protocol for epidemic prevention and epidemic emergency management systems |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WW01 | Invention patent application withdrawn after publication | ||
WW01 | Invention patent application withdrawn after publication |
Application publication date: 20191108 |