CN110427748A - A kind of method and system for authen session - Google Patents

A kind of method and system for authen session Download PDF

Info

Publication number
CN110427748A
CN110427748A CN201910623295.0A CN201910623295A CN110427748A CN 110427748 A CN110427748 A CN 110427748A CN 201910623295 A CN201910623295 A CN 201910623295A CN 110427748 A CN110427748 A CN 110427748A
Authority
CN
China
Prior art keywords
message
label
reader
cloud
random number
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN201910623295.0A
Other languages
Chinese (zh)
Inventor
王伟
王超
石鲁强
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing MetarNet Technologies Co Ltd
Original Assignee
Beijing MetarNet Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing MetarNet Technologies Co Ltd filed Critical Beijing MetarNet Technologies Co Ltd
Priority to CN201910623295.0A priority Critical patent/CN110427748A/en
Publication of CN110427748A publication Critical patent/CN110427748A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • G06F21/445Program or device authentication by mutual authentication, e.g. between devices or programs
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K19/00Record carriers for use with machines and with at least a part designed to carry digital markings
    • G06K19/06Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code
    • G06K19/067Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components
    • G06K19/07Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components with integrated circuit chips
    • G06K19/073Special arrangements for circuits, e.g. for protecting identification code in memory
    • G06K19/07309Means for preventing undesired reading or writing from or onto record carriers
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K7/00Methods or arrangements for sensing record carriers, e.g. for reading patterns
    • G06K7/10Methods or arrangements for sensing record carriers, e.g. for reading patterns by electromagnetic radiation, e.g. optical sensing; by corpuscular radiation
    • G06K7/10009Methods or arrangements for sensing record carriers, e.g. for reading patterns by electromagnetic radiation, e.g. optical sensing; by corpuscular radiation sensing by radiation using wavelengths larger than 0.1 mm, e.g. radio-waves or microwaves
    • G06K7/10257Methods or arrangements for sensing record carriers, e.g. for reading patterns by electromagnetic radiation, e.g. optical sensing; by corpuscular radiation sensing by radiation using wavelengths larger than 0.1 mm, e.g. radio-waves or microwaves arrangements for protecting the interrogation against piracy attacks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Toxicology (AREA)
  • Health & Medical Sciences (AREA)
  • Artificial Intelligence (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • General Health & Medical Sciences (AREA)
  • Electromagnetism (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Storage Device Security (AREA)

Abstract

This application involves the method and systems for authen session.One embodiment of the application provides a kind of method for authen session comprising: the first random number is generated by reader, and will inquire that message is sent to label based on first random number;Second random number is generated by the label, and is based on first random number, the second random number and session sequence number, to generate first message and the first message is sent to the reader;A part in the first message is sent to cloud by the reader;The cloud sends second message and third random number to the reader;Whether the reader verifies the label based on the first message and the second message legal;Label and key information are updated by the reader, generate third message, and the third message and upgrade database message are sent to cloud, the reader sends the 4th message and the number to the label.

Description

A kind of method and system for authen session
Technical field
This application involves the data safety communications field more particularly to car networking wireless data secure communications.
Background technique
1999, General Corporation announced research and development intelligent vehicle-mounted system-OnStar, system collection navigation, amusement and relief One is served, earliest car networking blank is acknowledged as.2009, in the radio frequency identification (radio that Shanghai is held Frequency identification devices, RFID) in technology development seminar, propose intelligent transportation and car networking Concept, enter China so far from the concept of car networking, researcher has increasing nothing to the attention rate of car networking and car networking technology Subtract.Not only automobile industry generally has an optimistic view of car networking and its application, and many Internet companies also enter car networking field, such as hundred one after another Carlife, Tencent's car networking platform, the CarPlay of apple, Google Android Auto of degree etc..Car networking mainly will be first Into sensing technology, the communication technology, network transmission technology and big data technology etc. organically combine, be applied to traffic fortune Defeated management system, to establish the intelligent transportation system of a set of real-time high-efficiency.Car networking may be implemented GPS navigation, automatic parking, The service such as multimedia video amusement, fault diagnosis, realizes high-precision automatic Pilot, reduces congestion in road, improves vehicle operation Efficiency promotes passenger's trip satisfaction.RFID has automatic identification, data sharing, long-range as a kind of excellent sensing equipment The functions such as positioning, have been widely used in car networking system.
Although automatic identification target may be implemented in RFID technique, while having both the features such as cheap, quick, performance is stablized again, But RFID technique belongs to wireless communication, therefore the data in channel are easy to expose, so that the safe prestige that there are many systems face The side of body, therefore RFID system based on cloud encounters many technological challenges during deployment, technical innovation be there is an urgent need to 's.RFID is solved by way of design safety authentication protocol applies the Privacy Protection under cloud environment to have always been considered as It is effective means.Under cloud environment complicated and changeable, design a kind of safe and reliable authentication protocol, both can effectively by The storage capacity of cloud computing, and can ensure the personal secrets of label and reader.
Summary of the invention
One embodiment of the application discloses a kind of method for authen session comprising: the is generated by reader One random number, and will inquire that message is sent to label based on first random number;In response to the inquiry message, by the mark Label generate the second random number, and are based on first random number, the second random number and session sequence number, to generate first message And the first message is sent to the reader;A part in the first message is sent to cloud by the reader End;If a part of first response message be it is legal, the cloud sends second message and third random number extremely The reader;Whether the reader verifies the label based on the first message and the second message legal; If the label is legal, label and key information are updated by the reader, generate third message, and the third is disappeared Breath and upgrade database message are sent to cloud, wherein the upgrade database message be based on the updated label and What the updated key information generated;If the third message is proved to be successful through the cloud, institute is inquired in the cloud It states upgrade database message and database is written into the upgrade database message, while upgrading label and sending a number to institute State reader;The reader sends the 4th message and the number to the label;And the label executes upgrading simultaneously Verify the reader.
Another embodiment of the application discloses a kind of system for authen session comprising: reader, label with And cloud;Wherein the system is configured to: generating the first random number by the reader, and will based on first random number Inquiry message is sent to the label;In response to the inquiry message, the second random number is generated by the label, and based on described First random number, the second random number and session sequence number, to generate first message and be sent to the first message described Reader;A part in the first message is sent to the cloud by the reader;If first response message A part be it is legal, the cloud sends second message and third random number to the reader;The reader base It is whether legal to verify the label in the first message and the second message;If the label is legal, by described Reader updates label and key information, generates third message, and the third message and upgrade database message are sent out It send to cloud, wherein the upgrade database message is produced based on the updated label and the updated key information Raw;If the third message is proved to be successful through the cloud, the cloud inquires the upgrade database message and by institute Upgrade database message write-in database is stated, while upgrading label and sending a number to the reader;The reader hair Send the 4th message and the number to the label;And the label executes and upgrades and verify the reader.
Detailed description of the invention
Fig. 1 illustrates the RFID car networking system architecture diagram based on cloud of the application.
Fig. 2 illustrates the RFID extra lightweight anonymity secret protection protocol authentication flow chart based on cloud of the application.
Specific embodiment
In order to solve the above-mentioned technical problem, the safety and privacy concern of the application RFID car networking system based on cloud, mentions A kind of safe and efficient authentication method is gone out.
Vehicle-mounted RFID label tag can perceive neighbouring traffic information, environmental factor etc., and the reader of surrounding can read mark Information is signed, message is uploaded into cloud using base station and is handled, certification work is completed.Because the privacy information of vehicle can be whenever and wherever possible It is connected to car networking, other users can obtain related data at any time, at this moment the privacy of user be protected just to be particularly important. RFID label tag would generally include the sensitive datas such as location information, the information of vehicles even payment accounts of user, these information are all It is that user is not intended to leakage.Although user wishes to share current traffic information, what user was not intended to stick one's chin out Identity, so anonymity and untraceable have to meet in car networking.In data processing, all data are all It is handled in resource pool in cloud, data delay can be eliminated, reduce data-bag lost, and data can be managed collectively. However cloud service provider be not it is completely believable, the data that store in cloud are again extremely important, these data may include vehicle Position, payment information and crew member's details, so information, which must encrypt, uploads to cloud.It is new in the application In protocol method, the application realizes the anonymity and anonymity controlled of vehicle.The case where for inexpensive label, the application adopts It is the shift operation of extra lightweight, while also uses synchronous upgrade mechanism and key updating mechanism, better solves Problem of desynchronization.
Fig. 1 illustrates a typical car networking application scenarios.John often drives on and off duty, but unfortunately catches up with friendship Pass-out row peak, road especially congestion, however he is ready to enjoy the waiting time.He want the road conditions for sharing oneself with other drivers and Entertainment information, in order to achieve this goal, John are equipped with vehicle-mounted RFID label tag and reader, fine definition and multi-functional aobvious Show device.Label is responsible for acquiring periphery traffic information, and reader can read automatically and encrypt these information, will by roadside base station Message uploads to cloud.Since the information of sharing may include private data, it is any that John is not desired to exposure during sharing In relation to the information of oneself, because once having the key message of vehicle or people to be leaked, he will may maliciously be tracked, or even meeting Influence safety of person vehicle.Data sharing is the top priority of car networking, if in the case where vehicle is not too many, traditional vehicle connection Net system will be an effective sharing mode.But work as and the data uploaded is needed to sharply increase, the pressure meeting of background server It is especially big, it authenticates and shares process for last very long or even delay machine paralysis.Cloud has powerful calculating, storage capacity, cloud It calculates and the combination of RFID technique will generate tremendous influence to traditional car networking.The car networking system packet that the application is proposed Include RFID label tag, reader, base station and cloud, it is contemplated that the dynamic characteristic of car networking, the application is using vahicles label and reads Device is read, and reader can select communication base station according to factors such as signal strength, relative position, the bit error rate and signal-to-noise ratio, Guarantee that interrupted transmission also may be implemented in signal in the case where vehicle frequently moves.
In order to write convenient and make the scheme of the application as simple as possible, the application has done simplification to some symbols. Such as it willIt is abbreviated as Rot (Ti j, N), whereinRepresent the identity mark of the jth time session of i-th of label Know, Num represents current session sequence number.The relevant sensitive information of label is stored in cloud, these information include vehicle Privacy information, it is necessary to be stored encrypted in Cloud Server, storage format is { Rot (Ti j,N),Rot(Ki j,Ti j), Ki jIndicate i-th The key information of the jth time session of a label, the key can use during data are further processed or are saved.
Fig. 2 illustrates the RFID extra lightweight anonymity secret protection protocol authentication flow chart based on cloud in the application.Association View is divided into two stages: initial phase and authentication phase.In initial phase, reader can be randomly assigned one for each label A session sequence number N is as initial value, while reader can also randomly select key K, label then is written in key K, in this way Label and reader just have shared session key K.Tag identity identifies Ti jWith shared key Ki jIt can be with the jth of i-th of label The secondary continuous iteration upgrading of session, with the safety of this anonymity and key that guarantee label, it is ensured that the untraceable sum number of label According to safety.For Flag as the whether successful flag bit of this session, the value of Flag is initialized to 0, if Flag=0 table Show that this session is failure, current key and session sequence number can be continued to use next time, and Flag=1 then indicates to work as Preceding session is successfully that all updating operations normally complete, so key and session sequence number next time must be newest , it otherwise will cause asynchrony phenomenon.
Specifically, verification process includes the following steps:
(1) request signal query is initiated.Reader generates random number NrAs the challenge to label, label is same at this time Walk flag bit Flag=0.
(2) label gives a response reader.After label receives request signal, random number N is firstly generatedt, then calculate Message Rot (Ti j, N),M2=Rot (Ti j||Ki j||Nt,Nr), message after calculating is sent jointly to read Device.
(3) label relevant information is obtained.It, can be by Rot (T after reader receives tag response signali j, N) and cloud is uploaded to, Wherein N is current session sequence number, and cloud can be according to index value Rot (Ti j, N) and respective record is searched, if there is legal disappears Breath, which exists, then returns to Rot (Ki j,Ti j), while cloud can also generate the random number N of oneselfcIt is sent to reader.
(4) reader authentication label.Reader passes through Rot (Ti j,N),Rot(Ki j,Ti j) available Ti jAnd Ki j, then Use obtained Ti jIt calculatesTherefrom obtain label random number Nt.M2'=is calculated using current existing label information Rot(Ti j||Ki j||Nt,Nr), the legitimacy of label is verified if M2'==M2, upgrades label and key information Ti j+1= Rot(Ti j,N+1),Ki j+1=Rot (Ki j,Ti j+1), upgrade cloud database information { Rot using newest label and key information (Ti j+1,N+1),Rot(Ki j+1,Ti j+1)}。
(5) synchronism between inspection tag and cloud.Reader calculated message Rot (Rot (Ti j,N),Nc) together with database Newest upgrading message { Rot (Ti j+1,N+1),Rot(Ki j+1,Ti j+1) one piece be sent to cloud.Cloud can first verify that Rot (Rot(Ti j,N),Nc) correctness, if message correctly if attempt to inquire next validation record { Rot (Ti j+1,N+1),Rot (Ki j+1,Ti j+1), and if so, lock-out, cloud will continue to successively search for care label end and cloud, until can not Inquiry record { Rot (Ti j+m,N+m),Rot(Ki j+m,Ti j+m) and in record write-in database, wherein the value of m are as follows: m =1,2,3 ....
(6) upgrade label information and label random number is given a response.After reader receives the message that cloud upgrades successfully, Send messageTo label, while it can be also attached to x value, x can only be 1 or m here.
(7) label executes updating operation and verification reader.Label can identity from jth+1 time and key information Ti j +1=Rot (Ti j, N+1), Ki j+1=Rot (Ki j,Ti j+1) start to calculate, until calculating identity and key letter to jth+x times Cease Ti j+x=Rot (Ti j+x-1, N+x), Ki j+x=Rot (Ki j+x-1,Ti j+x).K obtained by calculationi j+xIt calculatesUpgrade K if M4==M4'i,Ti, so far entire certification and escalation process are complete At session Success Flag position Flag=1.
According to the above method, the technical solution of the application realizes following technical effect:
(1) two-way authentication
In common RFID system, two-way authentication is mainly to ensure that the safety of front end communication channel, i.e. label and reader Between want the legitimacy that other side's identity can be mutually authenticated.But under RFID application scenarios based on cloud, only realize label and Two-way authentication between reader be it is inadequate, can just be communicated after should being also mutually authenticated between reader and cloud.This Shen In scheme please, the receiving end for only possessing correct data and honesty can just provide correct response, if can not verify The correctness of data, recipient can refuse to communicate.
(2) confidentiality
In car networking system based on cloud, the data stored in the data or cloud either transmitted on link all include The privacy information of vehicle guarantees the confidentialities of data whereby so must all be encrypted.New agreement is moved using circulation Bit manipulation encrypts data, and chain road is also encrypted as a result, only legal user can without occurring in plain text, in cloud Normally to decrypt, valuable information is hardly resulted in message is successfully intercepted and captured by attacker, therefore the scheme of the application can To ensure the confidentiality of data.
(3) synchronism
Data can acquire in real time and handle shared in car networking system, and tab end and cloud must keep the synchronous of communication Property just can guarantee the normal work of system.New agreement has perfect synchronization upgrade mechanism, after being mutually authenticated successfully, cloud meeting It checks synchronism, if cloud finds tab end lock-out, label upgrade signal can be issued, system will be automatically adjusted to Synchronous regime.For the ease of checking the synchronous regime of system, new agreement is also provided with synchronous mark position Flag, if Flag=0 Then care label and cloud are lock-outs, and Flag=1 then illustrates that current sync state is normal.
(4) anonymity
Anonymous privacy is indispensable in car networking because between vehicle can real time interaction information, these information with Shi Douhui is connected to network.It can guarantee the anonymity of label and reader in verification process, it is ensured that related hidden with vehicle Personal letter breath not will be leaked.In the scheme of the application, the true ID of label and reader is that have passed through enciphering transformation ability quilt Transmission, even if attacker has intercepted and captured current conversation message, can not also infer the identity information of sender of the message, secondly each The ID of label and key are obtained by ad hoc rules interative computation after success session, can guarantee that each ID is only made in this way With primary, the tag identity used next time can not be speculated attacker obtains current label ID, ensure that hideing for label Name property.
(5) forward security
In car networking system based on cloud, attacker have to be understood that the private datas such as vehicle location, communications status, ability It is effectively tracked, attacker would generally be using the preceding strategy to attack.Attacker may obtain current sessions information, lead to The session content before the session content that analysis is intercepted and captured smoothly deduces is crossed, to seriously threaten the privacy of user.The application Scheme used the mechanism of identity upgrading synchronous with key information, in conversation procedure can automatic Iterative upgrading, guarantee to work as Preceding identity and key are only only used once, and transformation results have more randomness, substantially increase forward security.
(6) anti-forgery attack
Forgery attack is attack form more typical in car networking system, and attacker can forge label or forge and read Read device.Such attack is difficult to defend, once system safety will successfully be seriously threatened by forging.The scheme of the application has used synchronization The method of upgrading guarantees the confidentiality of escalation process, while session sequence number being added in message, it is ensured that each session all has There is randomness, uncertain due to existing, the difficulty of forgery attack will greatly increase.
(7) preventing playback attack
In this wireless network frequently communicated of car networking, attacker is easy to intercept and capture the authentication information at a certain moment, Recipient can be transmitted the messages to always later, success can be authenticated if message does not change.In this application, label, read Read label information and key that device and cloud can generate random number as challenging value and be sent to recipient, while including in message Also can constantly change, it is ensured that the randomness of message.The message that success identity is crossed will be dropped after using, therefore even if Attacker intercepts current legitimate authentication message and is also impossible to complete Replay Attack.
(8) anti-DoS (Denial of Service) attack
In car networking system based on cloud, DoS attack can cause serious consequence to system, consume a large amount of server Resource can not provide service for normal users, greatly reduce access efficiency.DoS attack is often as having used enumerating and search The mode of rope carries out the certification of user, and the scheme of the application is directed to the requirement of inexpensive label, in conjunction with the communication of car networking system Feature devises new storage format { Rot (Ti j,N),Rot(Ki j,Ti j), Rot (Ti j, N) and it can be used as unique call number Certification request is initiated, subsequent operation is carried out when then thinking that label is legal there are identical call number in database, otherwise will refuse Service absolutely.Illegal user can be kept outside of the door in the initial period of certification, save a large amount of calculate for legitimate user and provide Source greatly reduces communication overhead, therefore can be effective against DoS attack.
The scheme of the application since new agreement is extra lightweight RFID authentication protocol based on cloud, with extra lightweight RFID Authentication protocol and RFID authentication protocol based on cloud are compared, hereinafter from scheme complexity, Encryption Algorithm and authentication mode Etc. analyze the technical effect of the application.
Hereinafter what is involved is the computing costs that once success session is related in ideal conditions, storage overhead and logical Believe expense.Assuming that the signal of communication length of each agreement and the algorithm used be it is identical, the performance and efficiency of agreement compare The results are shown in Table 1, wherein " √ " indicates to meet, "×" foot with thumb down is not involved with the problem, N in " * " presentation protocol Number of labels in expression system.
The performance of the anonymous secret protection agreement based on cloud of table 1 compares
As can be seen from the above table, SASI (Strong Authentication and Strong Integrity) agreement and The search complexity of Gossamer agreement is all O (N), therefore in verification process, and database must rely on the side of force search Formula matches label information, if number of labels is huge, the working efficiency of agreement can be very low, it is easy to by DoS attack. SASI agreement and Gossamer agreement are all no back-end server structures, and the communication party in scheme is label and reader, because This agreement can support offline authentication, but as the application scenarios of offline authentication are fewer and fewer, pervasive certification is only from now on Development trend.Two agreements are all using bit bit arithmetic without using complicated encryption and decryption, especially Gossamer association View has used for the first time obscures bit arithmetic, and the operating efficiency of such operation is very high, establishes for the design of later extra lightweight agreement Basis.The search complexity of new agreement is (1) O, and accurate call number Rot (T can be usedi j, N) and corresponding to inquire and match Content avoids the authentication mode for enumerating search, therefore the scalability of agreement is got well than other agreements, is more suitable for being deployed in vehicle connection In system that is extensive and needing real-time monitoring as net.Agreement does not use hash algorithm and enciphering and deciphering algorithm, only Simple logic bit arithmetic has been used, although such operation is simple to operation, the safety of data has been may insure, is more suitable for The large-scale application scene of inexpensive label.
Xie agreement, Sarah agreement and Dong agreement are all based on the RFID authentication protocol of cloud, powerful by cloud Search complexity is reduced to O (1) while calculating with storage capacity, the scalability of scheme is better than other agreements very much.This A little agreements are all based on hash function and enciphering and deciphering algorithm to realize, if requiring label that can complete Hash operation and plus solution The efficiency of close operation, scheme will have a greatly reduced quality.In addition to this, the lower deployment cost of these schemes is higher, is not suitable for very much big rule Mould is applied in car networking system, is had a large amount of data and is poured in system, either amount of access or download all will be magnanimity Data, if using peak time in system, each label and reader will execute encryption and decryption operation, and resource consumption can be suitable Seriously, user experience can be very poor.
The technical solution of the application is also based on cloud, in order to solve the problems, such as that inexpensive label resources are limited, uses The bit arithmetic of lightweight better adapts to the application scenarios of car networking.It is obtained since verification process requires connect to cloud, so Agreement is not support offline authentication, but this influence for system and little.In conclusion the application meets car networking field Demand for security under scape, while efficiency is also very high, therefore has development and application prospect well.
In one embodiment, this application provides a kind of methods for authen session comprising: it is generated by reader First random number (such as: Nr), and based on first random number will inquire message (such as: query) be sent to label;Response In the inquiry message, by the label generate the second random number (such as: Nt), and based on first random number, second with Machine number and session sequence number (such as: N), come generate first message (such as: Rot (Ti j, N),M2= Rot(Ti j||Ki j||Nt,Nr)) and the first message is sent to the reader;The reader is by the first message In a part (such as: Rot (Ti j, N)) it is sent to cloud;If a part of first response message is legal, institute State cloud send second message (such as: Rot (Ki j,Ti j)) and third random number (such as: Nc) to the reader;It is described to read Whether reading device verifies the label based on the first message and the second message legal;If the label is legal, Label and key information are updated by the reader, generate third message (such as: Rot (Rot (Ti j,N),Nc)), and by institute It states third message and upgrade database message is sent to cloud, wherein the upgrade database message is updated based on described Label and the updated key information generate;If the third message is proved to be successful through the cloud, the cloud End inquires the upgrade database message and database is written in the upgrade database message, while upgrading label and sending one Number is to the reader;The 4th message of the reader transmission (such as:) and it is described Number is to the label;And the label executes and upgrades and verify the reader.
In one embodiment, if session authentication success, by the flag value of the session, such as: Flag, from 0 It is set as 1.
In one embodiment, wherein the first message, the second message, the third message and the described 4th Message is all made of circulative shift operation and is encrypted.
In one embodiment, wherein the upgrade database message includes that the session sequence number is increased by 1.
In one embodiment, wherein the 4th message includes indicating the serial number of newest validation record.
In another embodiment, this application provides a kind of systems for authen session comprising: reader, mark Label and cloud;The method in the technical solution of the application can be implemented in the system.
Although embodiment described herein can have various modifications and alternative form, specific embodiment is in schema In by example show and be described in detail herein.The present invention is not limited to revealed particular forms.The present invention Cover all modifications, equivalent and the substitution fallen within as in the spirit and scope of the present invention that are defined by the claims.

Claims (10)

1. a kind of method for authen session comprising:
First random number is generated by reader, and will inquire that message is sent to label based on first random number;
In response to the inquiry message, the second random number is generated by the label, and at random based on first random number, second Several and session sequence number, to generate first message and the first message is sent to the reader;
A part in the first message is sent to cloud by the reader;
If a part of first response message be it is legal, the cloud sends second message and third random number extremely The reader;
Whether the reader verifies the label based on the first message and the second message legal;
If the label is legal, label and key information are updated by the reader, generate third message, and by described the Three message and upgrade database message are sent to cloud, wherein the upgrade database message is based on the updated mark What label and the updated key information generated;
If the third message is proved to be successful through the cloud, the cloud inquires the upgrade database message and will be described Database is written in upgrade database message, while upgrading label and sending a number to the reader;
The reader sends the 4th message and the number to the label;And
The label, which executes, to be upgraded and verifies the reader.
2. according to the method described in claim 1, wherein if session authentication success, by the flag value of the session from 0 It is set as 1.
3. according to the method described in claim 1, wherein the first message, the second message, the third message and 4th message is all made of circulative shift operation and is encrypted.
4. according to the method described in claim 1, wherein the upgrade database message includes increasing the session sequence number 1。
5. according to the method described in claim 1, wherein the 4th message includes indicating the serial number of newest validation record.
6. a kind of system for authen session comprising:
Reader, label and cloud;
Wherein the system is configured to:
First random number is generated by the reader, and will inquire that message is sent to the label based on first random number;
In response to the inquiry message, the second random number is generated by the label, and at random based on first random number, second Several and session sequence number, to generate first message and the first message is sent to the reader;
A part in the first message is sent to the cloud by the reader;
If a part of first response message be it is legal, the cloud sends second message and third random number extremely The reader;
Whether the reader verifies the label based on the first message and the second message legal;
If the label is legal, label and key information are updated by the reader, generate third message, and by described the Three message and upgrade database message are sent to cloud, wherein the upgrade database message is based on the updated mark What label and the updated key information generated;
If the third message is proved to be successful through the cloud, the cloud inquires the upgrade database message and will be described Database is written in upgrade database message, while upgrading label and sending a number to the reader;
The reader sends the 4th message and the number to the label;And
The label, which executes, to be upgraded and verifies the reader.
7. system according to claim 6, wherein if session authentication success, by the flag value of the session from 0 It is set as 1.
8. system according to claim 6, wherein the first message, the second message, the third message and 4th message is all made of circulative shift operation and is encrypted.
9. system according to claim 6, wherein the upgrade database message includes increasing the session sequence number 1。
10. system according to claim 6, wherein the 4th message includes indicating the serial number of newest validation record.
CN201910623295.0A 2019-07-11 2019-07-11 A kind of method and system for authen session Withdrawn CN110427748A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910623295.0A CN110427748A (en) 2019-07-11 2019-07-11 A kind of method and system for authen session

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910623295.0A CN110427748A (en) 2019-07-11 2019-07-11 A kind of method and system for authen session

Publications (1)

Publication Number Publication Date
CN110427748A true CN110427748A (en) 2019-11-08

Family

ID=68410430

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910623295.0A Withdrawn CN110427748A (en) 2019-07-11 2019-07-11 A kind of method and system for authen session

Country Status (1)

Country Link
CN (1) CN110427748A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113645250A (en) * 2021-08-20 2021-11-12 徐州医科大学 Chinese herbal medicine traceability platform RFID protocol method based on cloud

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120211569A1 (en) * 2010-11-22 2012-08-23 Mark Stanley Krawczewicz RFID Display Label For Battery Packs
CN106339652A (en) * 2016-08-26 2017-01-18 中国重汽集团济南动力有限公司 RFID (radio frequency identification) device for internet-of-vehicle terminal

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120211569A1 (en) * 2010-11-22 2012-08-23 Mark Stanley Krawczewicz RFID Display Label For Battery Packs
CN106339652A (en) * 2016-08-26 2017-01-18 中国重汽集团济南动力有限公司 RFID (radio frequency identification) device for internet-of-vehicle terminal

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
王伟: "基于云的RFID认证协议的研究", 《中国优秀硕士学位论文全文数据库信息科技辑》 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113645250A (en) * 2021-08-20 2021-11-12 徐州医科大学 Chinese herbal medicine traceability platform RFID protocol method based on cloud
CN113645250B (en) * 2021-08-20 2022-08-12 徐州医科大学 Chinese herbal medicine traceability platform RFID protocol method based on cloud

Similar Documents

Publication Publication Date Title
EP2667326B1 (en) Method for dynamic authentication between reader and tag, and device therefor
CN104731612B (en) Mobile equipment safety component software is tied to SIM
CN111245837B (en) Block chain-based vehicle networking data sharing fine-grained access control method
Tan et al. Comments on “dual authentication and key management techniques for secure data transmission in vehicular ad hoc networks”
EP3249420A1 (en) Secure wireless ranging
CN109067528A (en) Crypto-operation, method, cryptographic service platform and the equipment for creating working key
CN104767731A (en) Identity authentication protection method of Restful mobile transaction system
KR20210129742A (en) Cryptographic safety mechanisms for remote control of autonomous vehicles
CN107147498B (en) Authentication method and encryption method for transmitting information in RFID authentication process
CN109711218B (en) Lightweight RFID (radio frequency identification device) rapid authentication method
CN109831311A (en) A kind of server validation method, system, user terminal and readable storage medium storing program for executing
CN115396121A (en) Security authentication method for security chip OTA data packet and security chip device
US20120166801A1 (en) Mutual authentication system and method for mobile terminals
CN113595985A (en) Internet of things security cloud platform implementation method based on state cryptographic algorithm security chip
CN103227793A (en) RFID equipment layer information security transfer method and device based on random sequence
CN110572392A (en) Identity authentication method based on HyperLegger network
KR102321405B1 (en) System and method for providing security service using blockchain and biometric information
CN115868189A (en) Method, vehicle, terminal and system for establishing vehicle safety communication
CN110427748A (en) A kind of method and system for authen session
CN105743859B (en) A kind of method, apparatus and system of light application certification
CN110460972A (en) A method of the lightweight inter-vehicle communication certification towards In-vehicle networking
CN115935301A (en) Application program generation method based on visual configuration, client and development platform
CN114065170A (en) Method and device for acquiring platform identity certificate and server
Jia et al. A Critique of a Lightweight Identity Authentication Protocol for Vehicular Networks.
Chen et al. A rfid authentication protocol for epidemic prevention and epidemic emergency management systems

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WW01 Invention patent application withdrawn after publication
WW01 Invention patent application withdrawn after publication

Application publication date: 20191108