CN110620659B - Anti-quantum computation RFID authentication method and system based on symmetric key pool and secondary surplus - Google Patents

Anti-quantum computation RFID authentication method and system based on symmetric key pool and secondary surplus Download PDF

Info

Publication number
CN110620659B
CN110620659B CN201910798813.2A CN201910798813A CN110620659B CN 110620659 B CN110620659 B CN 110620659B CN 201910798813 A CN201910798813 A CN 201910798813A CN 110620659 B CN110620659 B CN 110620659B
Authority
CN
China
Prior art keywords
key
information
random number
identity
true random
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910798813.2A
Other languages
Chinese (zh)
Other versions
CN110620659A (en
Inventor
富尧
钟一民
余秋炜
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ruban Quantum Technology Co Ltd
Nanjing Ruban Quantum Technology Co Ltd
Original Assignee
Ruban Quantum Technology Co Ltd
Nanjing Ruban Quantum Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ruban Quantum Technology Co Ltd, Nanjing Ruban Quantum Technology Co Ltd filed Critical Ruban Quantum Technology Co Ltd
Priority to CN201910798813.2A priority Critical patent/CN110620659B/en
Publication of CN110620659A publication Critical patent/CN110620659A/en
Application granted granted Critical
Publication of CN110620659B publication Critical patent/CN110620659B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/045Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0822Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0852Quantum cryptography
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • H04L9/0897Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage involving additional devices, e.g. trusted platform module [TPM], smartcard or USB
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Electromagnetism (AREA)
  • Theoretical Computer Science (AREA)
  • Power Engineering (AREA)
  • Storage Device Security (AREA)

Abstract

The application relates to a quantum computation resistant RFID authentication method and system based on a symmetric key pool and secondary surplus, wherein participants comprise an authentication party and a request party which interact in an RFID mode, each participant is provided with a key fob, the key fob of the request party stores a symmetric key unit, an identity of the own party, a true random number, a public key and a key pointer address corresponding to the symmetric key unit, and a symmetric key is stored in the symmetric key unit.

Description

Anti-quantum computation RFID authentication method and system based on symmetric key pool and secondary surplus
Technical Field
The application relates to the technical field of secure communication, in particular to a quantum computation resistant RFID authentication method and system based on a symmetric key pool and secondary surplus
Background
Radio Frequency Identification (RFID) is an abbreviation for Radio Frequency Identification. RFID technology was an early technology, and the theory of RFID technology developed in the 50 s of the 20 th century. In the 70 s, some earlier RFID applications appeared and RFID gradually entered into the business phase. In the 80 s, as the standardization of the RFID technology is gradually paid more and more attention, the RFID products are more and more widely adopted. The principle is that non-contact data communication is carried out between the reader and the tag, so that the aim of identifying the target is fulfilled. The application of RFID is very wide, and the typical applications at present include animal wafer, automobile wafer burglar alarm, entrance guard control, parking lot control, production line automation and material management.
In the prior art, the RFID system faces a similar problem, i.e., a security problem, as the conventional Internet network. RFID systems are vulnerable to various attacks, mainly because the communication between the tag and the reader is achieved in the form of electromagnetic waves without any physical or visual contact, and such contactless and wireless communication presents a serious security risk. Especially, with the development of quantum computers, the classical asymmetric key encryption algorithm is no longer safe, and both encryption and decryption, digital signature and key exchange methods have the risk of being cracked by the quantum computers, so that the safety problem of the RFID system is more serious in the future.
The problems existing in the prior art are as follows:
1. in the existing scheme for identity authentication based on the symmetric key pool, the symmetric key pool is used between the server and the client, so that the capacity of the symmetric key pool is huge, pressure is brought to key storage of the server, and the symmetric key pool is not suitable for an RFID device with extremely small storage capacity. Moreover, the security of the symmetric key algorithm for identity recognition is not high enough: on one hand, the key safety degree is not enough or even the key is cracked due to the fact that the same symmetric key is used for multiple times; on the other hand, any party with the symmetric key can decrypt the encrypted information, so that the encrypted information can be decrypted by illegal objects except for legal objects, and the security is not high enough.
2. In the existing scheme for identity authentication based on the asymmetric key pool, because the asymmetric key cannot be used in the public and must be encrypted to resist quantum computation, the asymmetric key needs to be encrypted and protected by using an encryption algorithm at multiple places in the whole identity authentication process. Therefore, the method increases the calculation amount for the RFID device, and may cause the identity identification process to become slow; for battery powered RFID, the power consumption will be accelerated.
Disclosure of Invention
The invention provides a quantum computation resistant RFID authentication method and system based on a symmetric key pool and secondary surplus with better security.
The invention relates to a quantum computation resistant RFID authentication method based on a symmetric key pool and secondary surplus, wherein participants comprise an authentication party and a request party which interact in an RFID mode, each participant is provided with a key fob, the key fob of the request party stores a symmetric key unit, an identity of the own party, a true random number, a public key and a key pointer address corresponding to the symmetric key unit, the symmetric key unit stores a symmetric key, and the quantum computation resistant RFID authentication method comprises the following steps which are carried out by the request party:
acquiring an authentication true random number;
calculating according to the authentication true random number, the true random number and the own identity identification to obtain identity information;
respectively carrying out secondary residual encryption calculation on the identity information and the true random number to obtain first encryption information and second encryption information;
respectively carrying out offset encryption on the first encryption information and the second encryption information by using the symmetric key to obtain first offset encryption information and second offset encryption information;
performing hash calculation on the identity information and the true random number respectively to obtain an identity information hash value and a true random number hash value;
and packaging the key pointer address, the first offset encryption information, the second offset encryption information, the identity information hash value and the true random number hash value, and sending the packaged key pointer address, the first offset encryption information, the second offset encryption information, the identity information hash value and the true random number hash value to an authentication party as a response message so that the authentication party performs identity authentication on the requester through the response message.
Preferably, a symmetric key pool and a private key pool are stored in the key fob of the authenticator, the symmetric key pool includes symmetric key units corresponding to the supplicant one to one, the symmetric key units include symmetric keys, the private key pool includes a private key unit, the private key unit includes an identity of the supplicant and a corresponding private key pair, and the anti-quantum-computation RFID authentication method includes the following steps performed at the authenticator:
generating the authentication true random number by a key fob and sending the authentication true random number to a requestor;
acquiring a response message sent by the requester;
extracting a symmetric key and a private key pair from the symmetric key pool and the private key pool respectively according to the key pointer address in the response message;
correspondingly decrypting the first offset encryption information and the second offset encryption information according to the symmetric key and the private key to obtain a plurality of solutions;
comparing the value subjected to hash calculation according to the solutions with the identity information hash value and a true random number hash value to obtain identity information of the requesting party;
calculating to obtain the identity of the requester according to the identity information and the authentication true random number;
and comparing and verifying the identity identification with the identity identification in the private key pool, and if the identity identification is the same as the identity identification in the private key pool, the identity authentication of the requester is passed.
Preferably, after the identity authentication of the requester is passed, the method for authenticating the quantum computation resistant RFID further includes updating information in a key fob of the requester, and the following steps are performed at the authenticator:
generating a new true random number by the key fob, and generating the new true random number as a new symmetric key by the key fob;
selecting a new private key pair, and calculating according to the new private key pair to obtain a new public key;
respectively carrying out XOR calculation on the new symmetric key, the new true random number and the new public key according to the symmetric key, the true random number and the public key to obtain first updating information;
performing hash calculation according to the new true random number, the new key pair, the new public key and the identity of the requester to obtain second updating information;
and packaging the authentication true random number, the first updating information and the second updating information as updating information, and sending the updating information to the requester so that the requester updates according to the updating information.
Preferably, after the identity authentication of the requester is passed, the quantum computation resistant RFID authentication method further includes performing information update on the requester, and performing the following steps on the requester:
acquiring the updating message;
correspondingly decrypting the first updating information according to the symmetric key, the true random number and the public key to obtain a new symmetric key, a new true random number and a new public key;
performing hash calculation according to the obtained new symmetric key, the new true random number, the new public key and the own party identity to obtain verification information;
and comparing the verification information with second updating information in a verification way, and if the verification information is the same as the second updating information, correspondingly updating according to the updating information.
The invention also provides a quantum computation resistant RFID authentication system based on a symmetric key pool and secondary surplus, which is characterized in that participants comprise an authentication party and a request party which interact in an RFID way, each participant is provided with a key fob, the key fob of the request party stores a symmetric key unit, an identity of the own party, a true random number, a public key and a key pointer address corresponding to the symmetric key unit, the symmetric key unit stores a symmetric key, and the quantum computation resistant RFID authentication system comprises:
the first module is used for acquiring an authentication true random number;
the second module is used for calculating according to the authentication true random number, the true random number and the own party identity identification to obtain identity information;
the third module is used for respectively carrying out secondary residual encryption calculation on the identity information and the true random number to obtain first encryption information and second encryption information;
the fourth module is used for respectively carrying out offset encryption on the first encryption information and the second encryption information by using the symmetric key to obtain first offset encryption information and second offset encryption information;
a fifth module, configured to perform hash calculation on the identity information and the true random number respectively to obtain an identity information hash value and a true random number hash value;
and the sixth module is used for packaging the key pointer address, the first offset encryption information, the second offset encryption information, the identity information hash value and the true random number hash value, and sending the packaged key pointer address, the first offset encryption information, the second offset encryption information, the identity information hash value and the true random number hash value to an authentication party as response messages, so that the authentication party performs identity authentication on the requesting party through the response messages.
Preferably, a symmetric key pool and a private key pool are stored in the key fob of the authenticator, the symmetric key pool includes symmetric key units corresponding to the supplicant one to one, the symmetric key units include symmetric keys, the private key pool includes a private key unit, the private key unit includes an identity of the supplicant and a corresponding private key pair, the quantum computation resistant RFID authentication system further includes an identity authentication module disposed at the authenticator, and the identity authentication module includes:
the first sub-module is used for generating the authentication true random number by the key fob and sending the authentication true random number to a requester;
the second submodule is used for acquiring a response message sent by the requester;
the third sub-module is used for respectively extracting a symmetric key and a private key pair from the symmetric key pool and the private key pool according to the key pointer address in the response message;
the fourth sub-module is used for correspondingly decrypting the first offset encryption information and the second offset encryption information according to the symmetric key and the private key to obtain a plurality of solutions;
the fifth sub-module is used for comparing the value subjected to hash calculation according to the solutions with the identity information hash value and the true random number hash value to obtain the identity information of the requester;
the sixth submodule is used for calculating the identity of the requester according to the identity information and the authentication true random number;
and the seventh sub-module is used for comparing and verifying the identity identification with the identity identification in the private key pool, and if the identity identification is the same as the identity identification in the private key pool, the identity authentication of the requester is passed.
Preferably, the anti-quantum computation two-dimensional code system further includes an update information generation module disposed at the authenticator, and the update information generation module includes:
a first information generation submodule for generating a new true random number from the key fob and for generating the new true random number from the key fob as a new symmetric key;
the second information generation submodule is used for selecting a new private key pair and calculating to obtain a new public key according to the new private key pair;
the first updating information generation submodule is used for respectively carrying out exclusive OR calculation on the new symmetric key, the new true random number and the new public key according to the symmetric key, the true random number and the public key to obtain first updating information;
the second updating information generation submodule is used for carrying out hash calculation according to the new true random number, the new key pair, the new public key and the identity of the requester to obtain second updating information;
and the update message generation submodule is used for packaging the authentication true random number, the first update information and the second update information as update messages and sending the update messages to the requester so as to update the requester according to the update messages.
Preferably, the quantum computation resistant RFID authentication system further includes an information update module provided at the requester, and the information update module includes:
the message acquisition submodule is used for acquiring the update message;
the first decryption submodule is used for correspondingly decrypting the first updating information according to the symmetric key, the true random number and the public key to obtain a new symmetric key, a new true random number and a new public key;
the second decryption submodule is used for carrying out Hash calculation according to the obtained new symmetric key, the new true random number, the new public key and the own party identity to obtain verification information;
and the verification sub-module is used for verifying and comparing the verification information with second updating information, and if the verification information is the same as the second updating information, updating the identity parameter.
The invention also provides an anti-quantum computation RFID authentication system based on the symmetric key pool and secondary surplus, wherein participants comprise an authentication party and a request party which are interacted in an RFID mode, each participant is provided with a key fob, the key fob of the request party stores a symmetric key unit, the identity of the own party, a true random number and a public key, and the symmetric key unit stores a symmetric key and a symmetric key pointer corresponding to the symmetric key unit;
each participant comprises a memory and a processor, wherein the memory stores a computer program, and the processor realizes the anti-quantum computation RFID authentication method based on the symmetric key pool and the secondary surplus when executing the computer program.
According to the anti-quantum computation RFID authentication method and system based on the symmetric key pool and the secondary surplus, in the invention, the key fobs of the authentication party and the requesting party are independent hardware isolation devices. The symmetric key, the public and private key pair and other related parameters are stored in a data security area in the key fob, so that the possibility of stealing the key by malicious software or malicious operations is greatly reduced, and the key cannot be obtained and cracked by a quantum computer. Since the public key is not public in a classical network, the risk of the asymmetric key being broken is low. The invention also uses a symmetric key pool and an asymmetric key algorithm, and overcomes the problem of insufficient safety of the symmetric key algorithm on identity identification by combining the symmetric key and the asymmetric key. Therefore, the scheme is not easy to crack by a quantum computer.
Drawings
FIG. 1 is a schematic diagram of an RFID system in one embodiment;
FIG. 2 is a block diagram that illustrates a key zone structure in a system server key fob according to one embodiment;
FIG. 3 is a diagram illustrating the components of a symmetric key unit in one embodiment;
FIG. 4 is a diagram illustrating the components of a private key unit in one embodiment.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
For a better description and illustration of embodiments of the application, reference may be made to one or more of the drawings, but additional details or examples used in describing the drawings should not be construed as limiting the scope of any of the inventive concepts of the present application, the presently described embodiments, or the preferred versions.
It should be understood that steps may be performed in other sequences unless explicitly stated otherwise. Moreover, at least a portion of the steps may include multiple sub-steps or multiple stages that are not necessarily performed at the same time, but may be performed at different times, and the order of performance of the sub-steps or stages is not necessarily sequential, but may be performed in turn or alternating with other steps or at least a portion of the sub-steps or stages of other steps.
In one embodiment, a quantum computation resistant RFID authentication method based on a symmetric key pool and secondary residuals is provided, where participants include an authenticator and a requester that interact with each other in an RFID manner, each of the participants is configured with a key fob, the key fob of the requester stores therein a symmetric key unit, an identity of the owner, a true random number, a public key, and a key pointer address corresponding to the symmetric key unit, and the symmetric key unit stores therein a symmetric key, and the quantum computation resistant RFID authentication method includes the following steps performed by the requester: acquiring an authentication true random number; calculating according to the authentication true random number, the true random number and the own identity identification to obtain identity information; respectively carrying out secondary residual encryption calculation on the identity information and the true random number to obtain first encryption information and second encryption information; respectively carrying out offset encryption on the first encryption information and the second encryption information by using the symmetric key to obtain first offset encryption information and second offset encryption information; performing hash calculation on the identity information and the true random number respectively to obtain an identity information hash value and a true random number hash value; and packaging the key pointer address, the first offset encryption information, the second offset encryption information, the identity information hash value and the true random number hash value, and sending the packaged key pointer address, the first offset encryption information, the second offset encryption information, the identity information hash value and the true random number hash value to an authentication party as a response message so that the authentication party performs identity authentication on the requester through the response message.
As shown in fig. 1, in the RFID authentication system, the requesting party is an RFID tag, and the authenticating party is an authentication-capable system server. Also, in some embodiments, in an RFID authentication system, a system server may authenticate a plurality of RFID tags through a reader.
Specifically, in the symmetric key pool system, the server has a key fob, and the RFID is an independent key fob, which can store keys and also has the capability of processing information. In the invention, algorithms with corresponding requirements exist in the local systems of the RFID and the server. The implementation scenario of the invention is the process of performing authentication on the RFID label based on a symmetric key pool system. The system server of the present invention has a key fob that can store keys in large amounts of data, and also has the ability to process information. The RFID tag of the present invention is also a key fob, but its memory capacity is small. There are correspondingly required algorithms in the key fob.
A key fob is described in the patent application serial No. 201610843210.6. When the mobile terminal is used, the key fob is preferably a key SD card; when a fixed terminal is used, the key fob is preferably a key USBKey or a host key fob.
The mechanism of issuance of key fobs differs from that of the patent application No. 201610843210.6. The key fob issuer of this patent is the party using the key fob, i.e., the system server. The user first applies for an account opening to the key fob's supervisor. When the user side has approved registration, a key fob (having a unique key fob ID) will be obtained. The key fob stores a pool of symmetric keys and a pool of private keys. Preferably, the key pool size stored in the key fob can be 1G, 2G, 4G, 8G, 16G, 32G, 64G, 128G, 256G, 512G, 1024G, 2048G, 4096G, and so forth.
Key fobs have evolved from smart card technology as identity authentication and encryption/decryption products that incorporate true random number generators (preferably quantum random number generators), cryptography, and hardware security isolation techniques. The embedded chip and operating system of the key fob may provide secure storage of keys and cryptographic algorithms, among other functions. Due to its independent data processing capabilities and good security, the key fob becomes a secure carrier for private keys and key pools. Each key fob is protected by a hardware PIN code, the PIN code and hardware constituting two essential factors for the user to use the key fob. So-called "two-factor authentication", a user can log in to the system only by simultaneously acquiring a key fob and a user PIN code, which store relevant authentication information. Even if the PIN code of the user is leaked, the identity of the legal user cannot be counterfeited as long as the key fob held by the user is not stolen; if the key card of the user is lost, the finder can not imitate the identity of the legal user because the user PIN code is not known.
In the present invention, key fobs are classified into server key fobs and RFIDs. The server key fob stores a pool of symmetric keys, consisting of symmetric key pool units. The RFID stores a symmetric key pool unit. The key fobs are each issued by a server.
In this embodiment, a symmetric key pool and a private key pool are stored in the key fob of the authenticating party, and as shown in fig. 2, the symmetric key pool includes symmetric key units corresponding to the requesting party one to one. As shown in fig. 3, the symmetric key unit includes a symmetric key, and as shown in fig. 4, the private key pool includes a private key unit, and the private key unit includes an identity of the requester and a corresponding private key pair.
In this embodiment, the quantum computation resistant RFID authentication method includes the following steps performed by the authenticator: generating the authentication true random number by a key fob and sending the authentication true random number to a requestor; acquiring a response message sent by the requester; extracting a symmetric key and a private key pair from the symmetric key pool and the private key pool respectively according to the key pointer address in the response message; correspondingly decrypting the first offset encryption information and the second offset encryption information according to the symmetric key and the private key to obtain a plurality of solutions; comparing the value subjected to hash calculation according to the solutions with the identity information hash value and a true random number hash value to obtain identity information of the requesting party; calculating to obtain the identity of the requester according to the identity information and the authentication true random number; and comparing and verifying the identity identification with the identity identification in the private key pool, and if the identity identification is the same as the identity identification in the private key pool, the identity authentication of the requester is passed.
In this embodiment, after the identity authentication of the supplicant passes, the method for authenticating the anti-quantum computation RFID further includes updating information in the key fob of the supplicant, and the following steps are performed by the authenticator: generating a new true random number by the key fob, and generating the new true random number as a new symmetric key by the key fob; selecting a new private key pair, and calculating according to the new private key pair to obtain a new public key; respectively carrying out XOR calculation on the new symmetric key, the new true random number and the new public key according to the symmetric key, the true random number and the public key to obtain first updating information; performing hash calculation according to the new true random number, the new key pair, the new public key and the identity of the requester to obtain second updating information; and packaging the authentication true random number, the first updating information and the second updating information as updating information, and sending the updating information to the requester so that the requester updates according to the updating information.
In this embodiment, after the identity authentication of the requester is passed, the quantum computation resistant RFID authentication method further includes performing information update on the requester, and performing the following steps on the requester: acquiring the updating message; correspondingly decrypting the first updating information according to the symmetric key, the true random number and the public key to obtain a new symmetric key, a new true random number and a new public key; performing hash calculation according to the obtained new symmetric key, the new true random number, the new public key and the own party identity to obtain verification information; and comparing the verification information with second updating information in a verification way, and if the verification information is the same as the second updating information, correspondingly updating according to the updating information.
The specific flow of identity authentication is further described with respect to the details of each step as follows:
a preparation stage:
in this embodiment, a symmetric key pool is stored in the server key fob, where the symmetric key pool is composed of a large number of symmetric key units, and the symmetric key units are composed of status and a symmetric key r as shown in fig. 3, where the symmetric key r is a true random number. Where status is null/used and ri is ria rib. null: indicating that the key pool unit is free from RFID occupation; used: indicating that the key pool unit is occupied with RFID. A private key pool is stored in a private key area in the key fob, the private key pool is composed of a plurality of private key units, the private key units are shown in FIG. 4 and are composed of two parts, namely IDi and a private key pair, wherein the IDi is the identity number of the RFID and can also be null, namely null, and is granted by the server in a unified way, and the length is unified; the private key pair is represented as pi | qi, and pi and qi are large prime numbers randomly selected by the server. The symmetric key units randomly distributed in the symmetric key pool and the private key units at the same position in the private key pool can be distributed to the same RFID label. The key fob can implement all of the algorithms required in this embodiment.
The RFID tag stores therein a symmetric key unit ria | | | rib and a corresponding pointer address rp. In addition, the own identity number IDi, true random number rki, and public key ni are stored. The public key is denoted as ni pi × qi. None of the stored parameters, including IDi, can be read from within the RFID tag.
Step 1: system server transmitting random number
The system server generates a true random number s, preferably a quantum true random number, using the key fob. And the system server transmits the random number s to the RFID tag through the reader.
Step 2: RFID tag return response message
The RFID tag is activated by a message of a random number s of the system server. The RFID label takes out a server public key n and a symmetric key r as ra | | | rb. The RFID tag utilizes the stored true random numbers rk and s to perform exclusive or calculation on the self ID to obtain x ═ ID ^ h ^ rk (rk)| s). Respectively carrying out Rabin encryption algorithm encryption on x and rk to obtain a ═ x2mod n and b ═ r (rk)2mod n. And respectively calculating the offset of a and B by using the symmetric key ra | rb to obtain A ═ a + ra mod n and B ═ B + rb mod n. The offset can prevent a and b from being cracked, and the function of the offset is equivalent to that of encryption calculation but the calculation amount is smaller than that of encryption calculation. And respectively carrying out hash algorithm calculation on x and rk to obtain h (x) and h (rk), wherein h () represents a hash value obtained by carrying out hash calculation in parentheses.
The RFID label packs the symmetric key pointer addresses rp, A, B, h (x) and h (rk) into rp | | A | | | B | | h (x) | | h (rk) to be sent as a response message. The response feedback is received and transmitted to the system server by the reader.
And step 3: system server verifies RFID tag and updates secret key
The system server receives the feedback message rp | | | a | | B | | | h (x) | | h (rk). The symmetric key unit is obtained from the pool of symmetric keys based on the key pointer address rp. If the status of the symmetric key unit is null, the authentication fails, and the authentication process ends; when status is used, the symmetric key r is ra rb. And obtaining a private key unit from the private key pool according to the key pointer address rp. And calculating by using p and q in the private key unit to obtain n which is p multiplied by q. And performing offset inverse calculation on the A and the B to obtain a-A-ra mod n and B-B-rd mod n. Rabin decryption is carried out on a and b by using p and q, and eight solutions of { x1, x2, x3, x4} and { rk1, rk2, rk3, rk4} are obtained. And respectively carrying out hash calculation on the eight solutions, comparing the obtained hash values with h (x) and h (rk), and respectively obtaining solutions with the hash values being the same as h (x) and h (rk), namely plaintext x 'and rk'. Calculating to obtain ID ═ x ^ h (rk ' | | s), comparing the ID ' with the ID in the private key unit, and if the ID ' is different from the ID in the private key unit, the authentication fails; and if not, authenticating the RFID as a legal identity, and performing subsequent authentication steps.
After the verification is successful, the system server replaces the symmetric key unit corresponding to the rp in the symmetric key pool, and updates r into a new random number rnew=ranew||rbnew. And generates a true random number rknewReselecting two large prime numbers pnewAnd q isnewThe private key pair p | | q in the private key pool is replaced. Calculate to obtain the maleKey nnew=pnew×qnew
The system server uses r, rk, n to r respectivelynew,rknew,nnewXOR to obtain r ^ rnew,rk⊕rknewAnd n ≦ nnew. And to rnew||rknew||nnewH (ID | | r) is obtained by Hash algorithm calculationnew||rknew||nnew)。
The system server will convert s | | | r | (r |)new||rk⊕rknew||n⊕nnew||h(ID||rnew||rknew||nnew) The package is sent to the RFID tag by the reader.
And 4, step 4: RFID tag update key
The RFID label receives the update message s | | | r | & ltr & gtnew||rk⊕rknew||n⊕nnew||h(ID||rnew||rknew||nnew) Using own symmetric key r, true random number rk and public key n to r ^ r respectivelynew,rk⊕rknewAnd n ≦ nnewPerforming XOR calculation to obtain rnew,rknewAnd nnew. Calculating by self ID to obtain h (ID | | | r)new||rknew||nnew) ', contrast h (ID | | | r)new||rknew||nnew) ' and h (ID | | r)new||rknew||nnew) If the two are the same, the symmetric key r, the true random number rk and the public key n are updated to be the symmetric key rnewTrue random number rknewAnd a public key nnew. And completing the RFID label authentication.
In one embodiment, a quantum computation resistant RFID authentication system based on a symmetric key pool and secondary residuals is provided, where participants include an authenticator and a requester that interact with each other in an RFID manner, each of the participants is configured with a key fob, the key fob of the requester stores therein a symmetric key unit, an identity of the owner, a true random number, a public key, and a key pointer address corresponding to the symmetric key unit, the symmetric key unit stores therein a symmetric key, and the quantum computation resistant RFID authentication system includes, at the requester:
the first module is used for acquiring an authentication true random number;
the second module is used for calculating according to the authentication true random number, the true random number and the own party identity identification to obtain identity information;
the third module is used for respectively carrying out secondary residual encryption calculation on the identity information and the true random number to obtain first encryption information and second encryption information;
the fourth module is used for respectively carrying out offset encryption on the first encryption information and the second encryption information by using the symmetric key to obtain first offset encryption information and second offset encryption information;
a fifth module, configured to perform hash calculation on the identity information and the true random number respectively to obtain an identity information hash value and a true random number hash value;
and the sixth module is used for packaging the key pointer address, the first offset encryption information, the second offset encryption information, the identity information hash value and the true random number hash value, and sending the packaged key pointer address, the first offset encryption information, the second offset encryption information, the identity information hash value and the true random number hash value to an authentication party as response messages, so that the authentication party performs identity authentication on the requesting party through the response messages.
Specifically, a symmetric key pool and a private key pool are stored in the key fob of the authenticator, the symmetric key pool includes symmetric key units corresponding to the supplicant one to one, the symmetric key units include symmetric keys, the private key pool includes a private key unit, the private key unit includes an identity of the supplicant and a corresponding private key pair, the quantum computation resistant RFID authentication system further includes an identity authentication module disposed at the authenticator, and the identity authentication module includes:
the first sub-module is used for generating the authentication true random number by the key fob and sending the authentication true random number to a requester;
the second submodule is used for acquiring a response message sent by the requester;
the third sub-module is used for respectively extracting a symmetric key and a private key pair from the symmetric key pool and the private key pool according to the key pointer address in the response message;
the fourth sub-module is used for correspondingly decrypting the first offset encryption information and the second offset encryption information according to the symmetric key and the private key to obtain a plurality of solutions;
the fifth sub-module is used for comparing the value subjected to hash calculation according to the solutions with the identity information hash value and the true random number hash value to obtain the identity information of the requester;
the sixth submodule is used for calculating the identity of the requester according to the identity information and the authentication true random number;
and the seventh sub-module is used for comparing and verifying the identity identification with the identity identification in the private key pool, and if the identity identification is the same as the identity identification in the private key pool, the identity authentication of the requester is passed.
Specifically, the quantum computation resistant two-dimensional code system further includes an update information generation module disposed at the authenticator, where the update information generation module includes:
a first information generation submodule for generating a new true random number from the key fob and for generating the new true random number from the key fob as a new symmetric key;
the second information generation submodule is used for selecting a new private key pair and calculating to obtain a new public key according to the new private key pair;
the first updating information generation submodule is used for respectively carrying out exclusive OR calculation on the new symmetric key, the new true random number and the new public key according to the symmetric key, the true random number and the public key to obtain first updating information;
the second updating information generation submodule is used for carrying out hash calculation according to the new true random number, the new key pair, the new public key and the identity of the requester to obtain second updating information;
and the update message generation submodule is used for packaging the authentication true random number, the first update information and the second update information as update messages and sending the update messages to the requester so as to update the requester according to the update messages.
Specifically, the quantum computation resistant RFID authentication system further includes an information update module provided at the requester, where the information update module includes:
the message acquisition submodule is used for acquiring the update message;
the first decryption submodule is used for correspondingly decrypting the first updating information according to the symmetric key, the true random number and the public key to obtain a new symmetric key, a new true random number and a new public key;
the second decryption submodule is used for carrying out Hash calculation according to the obtained new symmetric key, the new true random number, the new public key and the own party identity to obtain verification information;
and the verification sub-module is used for verifying and comparing the verification information with second updating information, and if the verification information is the same as the second updating information, updating the identity parameter.
In one embodiment, a computer device, namely a quantum computation resistant RFID authentication system based on a symmetric key pool and quadratic residue, is provided, the computer device can be a terminal, and the internal structure of the computer device can comprise a processor, a memory, a network interface, a display screen and an input device which are connected through a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device comprises a nonvolatile storage medium and an internal memory. The non-volatile storage medium stores an operating system and a computer program. The internal memory provides an environment for the operation of an operating system and computer programs in the non-volatile storage medium. The network interface of the computer device is used for communicating with an external terminal through a network connection. The computer program is executed by a processor to implement the above-described anti-quantum computing alliance-chain transaction method. The display screen of the computer equipment can be a liquid crystal display screen or an electronic ink display screen, and the input device of the computer equipment can be a touch layer covered on the display screen, a key, a track ball or a touch pad arranged on the shell of the computer equipment, an external keyboard, a touch pad or a mouse and the like.
In one embodiment, a quantum computation resistant RFID authentication system based on a symmetric key pool and secondary surplus comprises an authentication party and a request party which interact in an RFID mode, wherein each party is provided with a key fob, a symmetric key unit, an identity of the own party, a true random number and a public key are stored in the key fob of the request party, and a symmetric key pointer corresponding to the symmetric key unit are stored in the symmetric key unit;
each participant comprises a memory and a processor, wherein the memory stores a computer program, and the processor realizes the anti-quantum computation RFID authentication method based on the symmetric key pool and the secondary surplus when executing the computer program.
In the above method and system for authenticating the anti-quantum computation based on the symmetric key pool and the secondary surplus, the key fob and the RFID tag used by the server are independent hardware isolation devices. The symmetric key, the public and private key pair and other related parameters are stored in a data security area in the key fob, so that the possibility of stealing the key by malicious software or malicious operations is greatly reduced, and the key cannot be obtained and cracked by a quantum computer. Since the public key is not public in a classical network, the risk of the asymmetric key being broken is low.
The invention uses the symmetric key pool and the asymmetric key algorithm, and overcomes the problem of insufficient safety of the symmetric key algorithm on identity identification by combining the symmetric key and the asymmetric key.
The encryption calculation process of the Rabin encryption algorithm used by the invention is completed by the RFID, and the offset calculation is used for the ciphertext, so that the calculation amount of the RFID is reduced during the ciphertext encryption, and the randomness of the ciphertext is improved. The invention protects the ciphertext obtained by encryption by performing offset calculation, has the same function as the encryption calculation but the calculation amount is less than that of the encryption calculation, and can resist quantum calculation attack, thereby improving the speed of identity recognition, and for an active RFID label, the identification process of the invention is more electricity-saving.
The invention adopts a key updating mechanism, and the RFID can change keys in each authentication process, so that the safety mechanism of the invention only needs the RFID to store a small number of keys, and avoids the problem that a large number of keys cannot be stored due to insufficient storage capacity of the RFID.
The technical features of the embodiments described above may be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the embodiments described above are not described, but should be considered as being within the scope of the present specification as long as there is no contradiction between the combinations of the technical features.
The above examples are merely illustrative of several embodiments of the present invention, and the description thereof is more specific and detailed, but not to be construed as limiting the scope of the invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the inventive concept, which falls within the scope of the present invention. Therefore, the protection scope of the present invention should be subject to the appended claims.

Claims (8)

1. The quantum computation resistant RFID authentication method based on the symmetric key pool and the secondary surplus is characterized in that participants comprise an authentication party and a request party which interact in an RFID mode, each participant is provided with a key fob, the key fob of the request party stores a symmetric key unit, an identity of the own party, a true random number, a public key and a key pointer address corresponding to the symmetric key unit, the symmetric key unit stores a symmetric key, and the quantum computation resistant RFID authentication method comprises the following steps performed by the request party:
acquiring an authentication true random number;
calculating according to the authentication true random number, the true random number and the own identity identification to obtain identity information;
respectively carrying out secondary residual encryption calculation on the identity information and the true random number to obtain first encryption information and second encryption information;
respectively carrying out offset encryption on the first encryption information and the second encryption information by using the symmetric key to obtain first offset encryption information and second offset encryption information;
performing hash calculation on the identity information and the true random number respectively to obtain an identity information hash value and a true random number hash value;
packing the key pointer address, the first offset encryption information, the second offset encryption information, the identity information hash value and the true random number hash value, and sending the packed key pointer address, the first offset encryption information, the second offset encryption information, the identity information hash value and the true random number hash value to an authentication party as a response message, so that the authentication party performs identity authentication on the requester through the response message, and the method specifically comprises the following steps:
a symmetric key pool and a private key pool are stored in a key fob of the authenticator, the symmetric key pool comprises symmetric key units corresponding to the supplicant one to one, the symmetric key units comprise symmetric keys, the private key pool comprises private key units, the private key units comprise an identity of the supplicant and corresponding private key pairs, and the anti-quantum computation RFID authentication method comprises the following steps performed at the authenticator:
generating the authentication true random number by a key fob and sending the authentication true random number to a requestor;
acquiring a response message sent by the requester;
extracting a symmetric key and a private key pair from the symmetric key pool and the private key pool respectively according to the key pointer address in the response message;
correspondingly decrypting the first offset encryption information and the second offset encryption information according to the symmetric key and the private key to obtain a plurality of solutions;
comparing the value subjected to hash calculation according to the solutions with the identity information hash value and a true random number hash value to obtain identity information of the requesting party;
calculating to obtain the identity of the requester according to the identity information and the authentication true random number;
and comparing and verifying the identity identification with the identity identification in the private key pool, and if the identity identification is the same as the identity identification in the private key pool, the identity authentication of the requester is passed.
2. The method according to claim 1, wherein after the identity authentication of the requester is passed, the method for resisting quantum computation RFID authentication further comprises updating information in a key fob of the requester, and the following steps are performed at the authenticator:
generating a new true random number by the key fob, and generating the new true random number as a new symmetric key by the key fob;
selecting a new private key pair, and calculating according to the new private key pair to obtain a new public key;
respectively carrying out XOR calculation on the new symmetric key, the new true random number and the new public key according to the symmetric key, the true random number and the public key to obtain first updating information;
performing hash calculation according to the new true random number, the new key pair, the new public key and the identity of the requester to obtain second updating information;
and packaging the authentication true random number, the first updating information and the second updating information as updating information, and sending the updating information to the requester so that the requester updates according to the updating information.
3. The method according to claim 2, wherein after the identity authentication of the requester is passed, the quantum computation resistant RFID authentication method further comprises the following steps of updating information at the requester:
acquiring the updating message;
correspondingly decrypting the first updating information according to the symmetric key, the true random number and the public key to obtain a new symmetric key, a new true random number and a new public key;
performing hash calculation according to the obtained new symmetric key, the new true random number, the new public key and the own party identity to obtain verification information;
and comparing the verification information with second updating information in a verification way, and if the verification information is the same as the second updating information, correspondingly updating according to the updating information.
4. The quantum computation resistant RFID authentication system based on the symmetric key pool and the secondary surplus is characterized in that participants comprise an authentication party and a request party which interact in an RFID mode, each participant is provided with a key fob, the key fob of the request party stores a symmetric key unit, an identity of the own party, a true random number, a public key and a key pointer address corresponding to the symmetric key unit, the symmetric key unit stores a symmetric key, and the quantum computation resistant RFID authentication system comprises a device arranged on the request party:
the first module is used for acquiring an authentication true random number;
the second module is used for calculating according to the authentication true random number, the true random number and the own party identity identification to obtain identity information;
the third module is used for respectively carrying out secondary residual encryption calculation on the identity information and the true random number to obtain first encryption information and second encryption information;
the fourth module is used for respectively carrying out offset encryption on the first encryption information and the second encryption information by using the symmetric key to obtain first offset encryption information and second offset encryption information;
a fifth module, configured to perform hash calculation on the identity information and the true random number respectively to obtain an identity information hash value and a true random number hash value;
a sixth module, configured to pack the key pointer address, the first offset encryption information, the second offset encryption information, the identity information hash value, and the true random number hash value, and send the packed key pointer address, the first offset encryption information, the second offset encryption information, the identity information hash value, and the true random number hash value to an authenticator, so that the authenticator performs identity authentication on the requestor through the response message, specifically including:
a symmetric key pool and a private key pool are stored in a key fob of the authenticator, the symmetric key pool comprises symmetric key units corresponding to the supplicant one to one, the symmetric key units comprise symmetric keys, the private key pool comprises private key units, the private key units comprise an identity of the supplicant and corresponding private key pairs, and the anti-quantum computation RFID authentication method comprises the following steps performed at the authenticator:
generating the authentication true random number by a key fob and sending the authentication true random number to a requestor;
acquiring a response message sent by the requester;
extracting a symmetric key and a private key pair from the symmetric key pool and the private key pool respectively according to the key pointer address in the response message;
correspondingly decrypting the first offset encryption information and the second offset encryption information according to the symmetric key and the private key to obtain a plurality of solutions;
comparing the value subjected to hash calculation according to the solutions with the identity information hash value and a true random number hash value to obtain identity information of the requesting party;
calculating to obtain the identity of the requester according to the identity information and the authentication true random number;
and comparing and verifying the identity identification with the identity identification in the private key pool, and if the identity identification is the same as the identity identification in the private key pool, the identity authentication of the requester is passed.
5. The system according to claim 4, wherein the key fob of the authenticator stores a symmetric key pool and a private key pool, the symmetric key pool comprises symmetric key units corresponding to the requesters one by one, the symmetric key units comprise symmetric keys, the private key pool comprises private key units, the private key units comprise identities of the requesters and corresponding private key pairs, the anti-quantum computation RFID authentication system further comprises an identity authentication module disposed at the authenticator, the identity authentication module comprises:
the first sub-module is used for generating the authentication true random number by the key fob and sending the authentication true random number to a requester;
the second submodule is used for acquiring a response message sent by the requester;
the third sub-module is used for respectively extracting a symmetric key and a private key pair from the symmetric key pool and the private key pool according to the key pointer address in the response message;
the fourth sub-module is used for correspondingly decrypting the first offset encryption information and the second offset encryption information according to the symmetric key and the private key to obtain a plurality of solutions;
the fifth sub-module is used for comparing the value subjected to hash calculation according to the solutions with the identity information hash value and the true random number hash value to obtain the identity information of the requester;
the sixth submodule is used for calculating the identity of the requester according to the identity information and the authentication true random number;
and the seventh sub-module is used for comparing and verifying the identity identification with the identity identification in the private key pool, and if the identity identification is the same as the identity identification in the private key pool, the identity authentication of the requester is passed.
6. The system of claim 5, wherein the quantum computation resistant two-dimensional code system further comprises an update information generation module disposed at the authenticator, the update information generation module comprising:
a first information generation submodule for generating a new true random number from the key fob and for generating the new true random number from the key fob as a new symmetric key;
the second information generation submodule is used for selecting a new private key pair and calculating to obtain a new public key according to the new private key pair;
the first updating information generation submodule is used for respectively carrying out exclusive OR calculation on the new symmetric key, the new true random number and the new public key according to the symmetric key, the true random number and the public key to obtain first updating information;
the second updating information generation submodule is used for carrying out hash calculation according to the new true random number, the new key pair, the new public key and the identity of the requester to obtain second updating information;
and the update message generation submodule is used for packaging the authentication true random number, the first update information and the second update information as update messages and sending the update messages to the requester so as to update the requester according to the update messages.
7. The system of claim 6, wherein the quantum computation resistant RFID authentication system further comprises an information update module disposed at the requestor, the information update module comprising:
the message acquisition submodule is used for acquiring the update message;
the first decryption submodule is used for correspondingly decrypting the first updating information according to the symmetric key, the true random number and the public key to obtain a new symmetric key, a new true random number and a new public key;
the second decryption submodule is used for carrying out Hash calculation according to the obtained new symmetric key, the new true random number, the new public key and the own party identity to obtain verification information;
and the verification sub-module is used for verifying and comparing the verification information with the second updating information, and if the verification information is the same as the second updating information, the verification sub-module correspondingly updates according to the updating information.
8. The quantum computation resistant RFID authentication system based on the symmetric key pool and the secondary surplus is characterized in that the participants comprise authentication parties and requesting parties which interact in an RFID mode, each participant is provided with a key fob, the key fob of the requesting party stores a symmetric key unit, an identity of a self party, a true random number and a public key, and the symmetric key unit stores a symmetric key and a symmetric key pointer corresponding to the symmetric key unit;
each of the parties comprises a memory in which a computer program is stored and a processor which, when executing the computer program, implements the quantum-resistant computational RFID authentication method based on a pool of symmetric keys and quadratic residue according to any one of claims 1 to 3.
CN201910798813.2A 2019-08-28 2019-08-28 Anti-quantum computation RFID authentication method and system based on symmetric key pool and secondary surplus Active CN110620659B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910798813.2A CN110620659B (en) 2019-08-28 2019-08-28 Anti-quantum computation RFID authentication method and system based on symmetric key pool and secondary surplus

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910798813.2A CN110620659B (en) 2019-08-28 2019-08-28 Anti-quantum computation RFID authentication method and system based on symmetric key pool and secondary surplus

Publications (2)

Publication Number Publication Date
CN110620659A CN110620659A (en) 2019-12-27
CN110620659B true CN110620659B (en) 2021-08-31

Family

ID=68922048

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910798813.2A Active CN110620659B (en) 2019-08-28 2019-08-28 Anti-quantum computation RFID authentication method and system based on symmetric key pool and secondary surplus

Country Status (1)

Country Link
CN (1) CN110620659B (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104092545A (en) * 2014-06-30 2014-10-08 飞天诚信科技股份有限公司 Authentication system integrating various dynamic passwords and working method thereof
WO2017188895A1 (en) * 2016-04-27 2017-11-02 Huawei International Pte. Ltd. Method and system for authentication with asymmetric key
EP3327679A1 (en) * 2016-11-29 2018-05-30 Bundesdruckerei GmbH Method for access control of a group of persons using multiple readers and multiple tokens
CN109150519A (en) * 2018-09-20 2019-01-04 如般量子科技有限公司 Anti- quantum calculation cloud storage method of controlling security and system based on public keys pond
CN109412788A (en) * 2018-09-20 2019-03-01 如般量子科技有限公司 Cloud storage method of controlling security and system are acted on behalf of in anti-quantum calculation based on public keys pond
CN109756329A (en) * 2019-01-15 2019-05-14 如般量子科技有限公司 Anti- quantum calculation shared key machinery of consultation and system based on private key pond

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104092545A (en) * 2014-06-30 2014-10-08 飞天诚信科技股份有限公司 Authentication system integrating various dynamic passwords and working method thereof
WO2017188895A1 (en) * 2016-04-27 2017-11-02 Huawei International Pte. Ltd. Method and system for authentication with asymmetric key
EP3327679A1 (en) * 2016-11-29 2018-05-30 Bundesdruckerei GmbH Method for access control of a group of persons using multiple readers and multiple tokens
CN109150519A (en) * 2018-09-20 2019-01-04 如般量子科技有限公司 Anti- quantum calculation cloud storage method of controlling security and system based on public keys pond
CN109412788A (en) * 2018-09-20 2019-03-01 如般量子科技有限公司 Cloud storage method of controlling security and system are acted on behalf of in anti-quantum calculation based on public keys pond
CN109756329A (en) * 2019-01-15 2019-05-14 如般量子科技有限公司 Anti- quantum calculation shared key machinery of consultation and system based on private key pond

Also Published As

Publication number Publication date
CN110620659A (en) 2019-12-27

Similar Documents

Publication Publication Date Title
US11038694B1 (en) Devices, methods, and systems for cryptographic authentication and provenance of physical assets
JP4216475B2 (en) Cryptographic indexed key update method and device having leakage resistance
Cho et al. Consideration on the brute-force attack cost and retrieval cost: A hash-based radio-frequency identification (RFID) tag mutual authentication protocol
CN109728906B (en) Anti-quantum-computation asymmetric encryption method and system based on asymmetric key pool
US20200106600A1 (en) Progressive key encryption algorithm
CN109818749B (en) Quantum computation resistant point-to-point message transmission method and system based on symmetric key pool
WO2007103906A2 (en) Secure data transmission using undiscoverable or black data
CN109936456B (en) Anti-quantum computation digital signature method and system based on private key pool
CN109787758B (en) Anti-quantum computation MQV key agreement method and system based on private key pool and Elgamal
CN109921905B (en) Anti-quantum computation key negotiation method and system based on private key pool
CN111327419B (en) Method and system for resisting quantum computation block chain based on secret sharing
JP2009272671A (en) Secret authentication system
CN110737915B (en) Anti-quantum-computation anonymous identity recognition method and system based on implicit certificate
CN109728905B (en) Anti-quantum computation MQV key negotiation method and system based on asymmetric key pool
CN110493006B (en) Anti-quantum computation two-dimensional code authentication method and system based on asymmetric key pool and serial number
CN110620764B (en) Anti-quantum computation RFID authentication method and system based on asymmetric key pool and secondary surplus
CN110650004B (en) Anti-quantum computation RFID authentication method and system based on symmetric key pool and online and offline signature
CN110176989B (en) Quantum communication service station identity authentication method and system based on asymmetric key pool
CN110768782B (en) Anti-quantum computation RFID authentication method and system based on asymmetric key pool and IBS
CN110677253B (en) Anti-quantum computation RFID authentication method and system based on asymmetric key pool and ECC
CN110620780B (en) Anti-quantum computation two-dimensional code authentication method and system based on asymmetric key pool and timestamp
CN104820807B (en) A kind of intelligent card data processing method
CN110620659B (en) Anti-quantum computation RFID authentication method and system based on symmetric key pool and secondary surplus
JP2009267583A (en) Secret authentication system
CN109948387A (en) Cluster label authentication method based on quadratic residue lightweight RFID

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant