WO2010012220A1 - 基于预共享密钥匿名认证方法、读写器、电子标签及系统 - Google Patents
基于预共享密钥匿名认证方法、读写器、电子标签及系统 Download PDFInfo
- Publication number
- WO2010012220A1 WO2010012220A1 PCT/CN2009/072954 CN2009072954W WO2010012220A1 WO 2010012220 A1 WO2010012220 A1 WO 2010012220A1 CN 2009072954 W CN2009072954 W CN 2009072954W WO 2010012220 A1 WO2010012220 A1 WO 2010012220A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- electronic tag
- reader
- authentication
- access authentication
- packet
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06K—GRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
- G06K17/00—Methods or arrangements for effecting co-operative working between equipments covered by two or more of main groups G06K1/00 - G06K15/00, e.g. automatic card files incorporating conveying and reading operations
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0869—Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06K—GRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
- G06K7/00—Methods or arrangements for sensing record carriers, e.g. for reading patterns
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0492—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload by using a location-limited connection, e.g. near-field communication or limited proximity of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3271—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
- H04L9/3273—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response for mutual authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04M—TELEPHONIC COMMUNICATION
- H04M15/00—Arrangements for metering, time-control or time indication ; Metering, charging or billing arrangements for voice wireline or wireless communications, e.g. VoIP
- H04M15/48—Secure or trusted billing, e.g. trusted elements or encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/42—Anonymization, e.g. involving pseudonyms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/80—Wireless
- H04L2209/805—Lightweight hardware, e.g. radio-frequency identification [RFID] or sensor
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04M—TELEPHONIC COMMUNICATION
- H04M2215/00—Metering arrangements; Time controlling arrangements; Time indicating arrangements
- H04M2215/01—Details of billing arrangements
- H04M2215/0156—Secure and trusted billing, e.g. trusted elements, encryption, digital signature, codes or double check mechanisms to secure billing calculation and information
Definitions
- the present invention relates to an anonymous authentication method based on a pre-shared key, a reader/writer, an electronic tag, and an anonymous mutual authentication system based on a pre-shared key.
- RFID Radio Frequency Identification
- electronic tags can be roughly divided into three types: 1) Advanced electronic tags, with readable and writable functions, with certain memory space, data processing and computing capabilities; 2
- the mid-range electronic label has a slightly lower performance and similar functions compared with the advanced label.
- the low-grade electronic label is only used to record some data information to ensure that the information can be read or written by the reader. Generally there is no data processing function and computing power.
- the performance of the electronic tag is high and has certain computing and processing capabilities, then we can use or refer to the secure access protocol of the existing wireless network to realize the two-way authentication and rights authentication between the electronic tag and the reader.
- protocols such as the WLAN Authentication and Privacy Infrastructure (WAPI) can be used.
- WAPI WLAN Authentication and Privacy Infrastructure
- the performance of the electronic tag is low and cannot support the existing protocol. At this time, we must design a new security protocol to realize the security of the electronic tag.
- ISO 18000-6 Class A and ISO 18000-6 Class B electronic tags are developed. Due to their low computational and processing performance, common public key algorithm-based security protocols are difficult to apply, but The analysis found that this type of tag can fully support the security protocol based on pre-shared key. Therefore, the pre-shared key-based security authentication protocol is an effective solution to the security issues of ISO 18000-6 Class A and ISO 18000-6 Class B electronic tags.
- the problem worth noting is that in the field of electronic tag applications, since the identity of the electronic tag (ID, Identity) usually represents a trade secret such as the price of the goods, the origin of the goods, etc., in the authentication process, it is necessary to ensure its ID. The confidentiality of the content. In order to avoid various security attacks in the protocol due to identity omissions, etc., in order to ensure that IDs are not compromised, we must use a publicly available temporary identity in the agreement instead of its ID itself. For security reasons, it is generally required that the temporary identity of the same electronic tag be different in different authentication processes.
- the Cyclic Redundancy Check (CRC) is used to implement the integrity check of the protocol message, and the calculation of the integrity check code does not involve any secret information shared by both communicating parties. Active attack
- the update of the shared key does not have forward confidentiality. If an updated key is cracked by the attacker, the attacker can calculate all the shared keys negotiated later;
- the update of the shared key does not have backward confidentiality. If an updated key is cracked by an attacker, the attacker can calculate all the shared keys that were previously negotiated;
- the invention solves the security problem existing in the existing authentication protocol in the field of electronic tags, and provides an anonymous authentication method based on pre-shared key, a reader/writer, an electronic tag and an anonymous mutual authentication system based on a pre-shared key.
- the technical solution of the present invention is:
- the present invention is an anonymous authentication method based on a pre-shared key, and the method includes:
- the reader sends an access authentication request packet to the electronic tag, where the access authentication request packet includes: a random number N1 selected by the reader/writer;
- the reader After receiving the access authentication response packet sent by the electronic tag, the reader authenticates the access authentication response packet, and constructs an access authentication acknowledgement packet when the authentication succeeds, where the access authentication response is
- the group includes: an electronic tag temporary identity TempID; a random number N1 selected by the reader; a random number N2 selected by the electronic tag; a message integrity check value MIC calculated by the electronic tag, the value of which is equal to H (TempID
- the reader/writer transmits the access authentication confirmation packet to the electronic tag.
- the method further includes:
- the electronic tag After receiving the access authentication request packet sent by the reader/writer, the electronic tag authenticates the access authentication request packet, and constructs an access authentication response packet when the authentication succeeds, where the access
- the authentication response packet includes: an electronic tag temporary identity TempID; a random number N1 selected by the reader; a random number N2 selected by the electronic tag; a message integrity check value MIC calculated by the electronic tag, whose value is equal to H (TempID
- the electronic tag confirms the access authentication confirmation packet sent by the reader/writer.
- the method before the reader/writer sends the access authentication request packet to the electronic tag, the method further includes:
- the reader establishes system parameters with the electronic tag, initializes the system parameters, and sends the system parameters to the electronic tag for storage.
- Key And let LastTempID TempID.
- the authenticating the access authentication response packet, and constructing the access authentication acknowledgement packet when the authentication is successful comprises:
- N2), the authentication is successful, and the access authentication confirmation packet is constructed and sent to the electronic tag; If the value of the temporary ID TempID is equal to the value of the received TempID, it is found that there is a line LastTempID equal to the value of the received TempID. If a line label LastTempID is found to be equal to the received TempID value, Then let TempID H
- the access authentication confirmation packet includes: a random number N2 selected by the electronic tag; and a message integrity check value MIC1 calculated by the reader, whose value is equal to H ( N2
- the authenticating the access authentication request packet, and constructing the access authentication response packet when the authentication is successful includes:
- the authentication function of the reader/writer is implemented by a background server instead.
- the present invention further provides a reader/writer, comprising:
- a sending unit configured to send an access authentication request packet to the electronic tag, where the access authentication request packet includes: a random number N1 selected by the reader/writer; a receiving unit, configured to receive an access authentication response packet sent by the electronic tag, where the access authentication response packet includes: an electronic tag temporary identity TempID; a random number N1 selected by the reader; and a random number selected by the electronic tag N2; the message integrity check value MIC calculated by the electronic tag, whose value is equal to H (TempID
- An authentication unit configured to authenticate the access authentication response packet received by the receiving unit, and send a result of successful authentication
- a constructing unit configured to: when receiving the result of the successful authentication, construct an access authentication acknowledgement packet, and send the access authentication acknowledgement packet to the electronic tag.
- the method further includes:
- the establishing unit is configured to establish system parameters with the electronic tag, initialize the system parameters, and send the system parameters to the electronic tag for storage.
- the authentication unit includes:
- a determining unit configured to determine whether the N1 is a random number selected by itself, and send a yes result
- a comparing unit configured to recalculate a value of the MIC when receiving the judgment result of the sending of the determining unit, and compare the value of the received MIC, and send the same comparison result;
- a constructing unit configured to construct an access authentication acknowledgement packet when the result of the successful authentication is received, and send the access authentication acknowledgement packet to the electronic tag.
- an electronic tag including:
- An authentication unit configured to receive an access authentication request packet sent by the reader, and authenticate the access authentication request packet, and send a message that the authentication succeeds;
- a constructing unit configured to: when receiving the message that the authentication unit sends the authentication success, construct an access authentication response packet, and send the access authentication response packet to the reader/writer;
- a receiving unit configured to receive an access authentication packet acknowledgement sent by the reader/writer, where the access authentication packet acknowledgement includes: a random number N2 selected by the electronic tag; and a message integrity check value MIC1 calculated by the reader/writer, Its value is equal to H ( N2
- an acknowledgment unit configured to confirm the access authentication packet acknowledgement received by the receiving unit.
- the method further includes:
- the storage unit is configured to pre-store the system parameters received by the reader and the reader.
- the confirming unit comprises:
- a determining unit configured to determine whether the N2 is a random number selected by itself, and send a yes result
- a comparing unit configured to recalculate the value of the MIC1 when receiving the judgment result of the sending of the determining unit, and compare the value of the received MIC1, and send the same comparison result;
- the present invention further provides an anonymous mutual authentication system based on a pre-shared key, comprising: a reader/writer and an electronic tag, wherein
- the reader/writer is configured to send an access authentication request packet to the electronic tag, where the access authentication request packet includes: a random number N1 selected by the reader/writer; and an access authentication response sent by the electronic tag After the grouping, the access authentication response packet is authenticated, and the access authentication acknowledgement packet is configured when the authentication succeeds; and the access authentication acknowledgement packet is sent to the electronic tag; wherein the access authentication acknowledgement packet includes : The random number N2 selected by the electronic tag; the message integrity check value MIC1 calculated by the reader, whose value is equal to H ( N2
- the electronic tag is configured to: after receiving the access authentication request packet sent by the reader/writer, authenticate the access authentication request packet, and construct an access authentication response packet when the authentication succeeds, and connect the The incoming authentication response packet is sent to the reader/writer; and the access authentication acknowledgement packet sent by the reader/writer is authenticated, wherein the access authentication response packet includes: an electronic tag temporary identity TempID; The number N1; the random number N2 selected by the electronic tag; the message integrity check value MIC calculated by the electronic tag, whose value is equal to H (TempID
- the above-mentioned reader's authentication function can also be implemented by a background server instead.
- the reader/writer sends an access authentication request packet to the electronic tag; and after receiving the access authentication response packet sent by the electronic tag, the access authentication response packet is authenticated and authenticated.
- the access authentication response packet is authenticated and authenticated.
- construct an access authentication acknowledgement packet and send the access authentication acknowledgement packet Give an electronic label.
- the access authentication request packet is authenticated, and an access authentication response packet is constructed when the authentication succeeds; the access authentication response packet is sent to the reader/writer; and the access authentication acknowledgement packet sent by the reader/writer is received.
- Certification
- the security of the data information of the electronic tag is guaranteed. That is to say, the electronic tag and the reader do not need to update the pre-shared key, and the protocol efficiency is improved without lowering the security; the safer and more reliable message complete verification technology is adopted, which can resist the active attack; No need to rewrite the shared key frequently, saving system energy and improving the availability of electronic tags; electronic tags and readers do not need to save the message integrity check code for each calculation, which reduces the system storage requirements.
- FIG. 1 is a schematic flow chart of an anonymous authentication method based on a pre-shared key provided by the present invention. Detailed ways
- ID identity of the electronic tag
- TempID Temporary identity of the electronic tag used in the authentication process
- LastTempID The temporary identity of the electronic tag used during the last authentication process
- Key a pre-shared key shared by the reader and the electronic tag
- PData is the private information data of the label, such as the price of the goods, the origin of the goods, etc., which need to be kept secret;
- H ( X ) one-way hash function;
- N1 random number selected by the reader
- N2 random number selected by the electronic tag
- SKey Session key.
- FIG. 1 is a flowchart of an anonymous authentication method based on a pre-shared key according to the present invention. The method specifically includes:
- Reader R holds information about all tags, including TempID, LastTempID, ID,
- This step is only to establish the system parameters when the first application is applied. After the establishment, the step is not needed in the subsequent repeated application;
- the reader/writer R sends an access authentication request packet to the electronic tag T;
- the access authentication request packet content includes:
- N1 field Reader R Random number selected
- the electronic tag T After receiving the access authentication request packet, the electronic tag T constructs an access authentication response packet and sends it to the reader/writer R.
- the content of the authentication response packet includes:
- TempID field the temporary identity of the electronic tag T
- N1 field Reader R Random number selected
- N2 field The random number selected by the electronic tag T
- MIC field is the message integrity check value calculated by the electronic tag T, and its value is equal to H (TempID
- the reader R After the reader R receives the access authentication response packet sent by the electronic tag T, it first determines whether N1 selects the random number itself, otherwise discards the packet; if yes, recalculates the MIC and the received MIC value Compare; if not equal, discard the packet; equal, start looking in the background database.
- LastTempID TempID
- TempID H (ID
- N2), at the same time, construct Enter the authentication confirmation packet and send it to the electronic tag T; if it cannot find a row, the temporary identity TempID is equal to the received TempID value, then it is found whether there is a LastTempID of the last authentication of a certain line is equal to the received TempID value; If a line LastTempID is equal to the received TempID value, then TempID H (ID
- the access authentication confirmation packet includes:
- N2 field The random number selected by the electronic tag T
- MIC1 field The message integrity check value calculated for reader R, whose value is equal to H ( N2
- the two-way authentication based on the pre-shared key between the electronic tag T and the reader/writer R is realized, and at the same time, the ID information of the electronic tag T is not leaked.
- the temporary identity TempID of the electronic tag T is updated.
- the electronic tag T and the reader R can use the key Key, and the random numbers N1 and N2 respectively to derive the same session key SKey, and use the SKey as the encryption key to encrypt the private information data PData of the tag. Realize the protection of tag data.
- the authentication function entity of the reader/writer T of the authentication process may also reside on the background server.
- the present invention further provides a reader/writer, including: a sending unit, a receiving unit, an authenticating unit, and a constructing unit, where the sending unit is configured to send an access authentication request packet to the electronic tag, where
- the access authentication request packet includes: a random number N1 selected by the reader/writer; and a receiving unit, configured to receive an access authentication response packet sent by the electronic tag, where the access authentication
- the response packet includes: an electronic tag temporary identity TempID; a random number N1 selected by the reader; a random number N2 selected by the electronic tag; a message integrity check value MIC calculated by the electronic tag, the value of which is equal to H (TempID
- the reader/writer further comprises: an establishing unit, configured to establish system parameters with the electronic tag, and initialize the system parameter, and send the system parameter to the electronic tag for storage.
- an establishing unit configured to establish system parameters with the electronic tag, and initialize the system parameter, and send the system parameter to the electronic tag for storage.
- the present invention further provides an electronic tag, comprising: an authentication unit, a constructing unit, a receiving unit, and a confirming unit, wherein the authentication unit is configured to receive an access authentication request packet sent by the reader/writer, and And authenticating the access authentication request packet, and sending a message that the authentication succeeds; the constructing unit is configured to: when receiving the message that the authentication unit sends the authentication success, construct an access authentication response packet, and configure the access authentication response The packet is sent to the reader/writer; the receiving unit is configured to receive the access authentication packet acknowledgement sent by the reader/writer, where the access authentication packet acknowledgement includes: the random number N2 selected by the electronic tag; the message calculated by the reader/writer
- the integrity check value MIC1 has a value equal to H(N2
- the electronic tag further includes: a storage unit, configured to store and receive system parameters sent by the reader/writer.
- the present invention further provides an anonymous mutual authentication system based on a pre-shared key, including: a reader/writer and an electronic tag, wherein the reader/writer is configured to send an access authentication to an electronic tag.
- the access authentication request packet includes: a random number N1 selected by the reader/writer; after receiving the access authentication response packet sent by the electronic tag, authenticating the access authentication response packet, and When the authentication succeeds, constructing an access authentication acknowledgement packet; and transmitting the access authentication acknowledgement packet to the electronic tag; wherein the access authentication acknowledgement packet includes: a random number N2 selected by the electronic tag; a message calculated by the reader/writer Integrity check value MIC1, whose value is equal to H ( N2
- the electronic tag is configured to: after receiving the access authentication request packet sent by the reader/writer, authenticate the access authentication request packet, and construct an access authentication response packet when the authentication succeeds, and connect the The incoming authentication response packet is sent to the reader/writer; and the access authentication acknowledgement packet sent by the reader/writer is confirmed, wherein the access authentication response packet includes: an electronic tag temporary identity TempID; The number N1; the random number N2 selected by the electronic tag; the message integrity check value MIC calculated by the electronic tag, whose value is equal to H (TempID
- the present invention can be implemented by means of software plus a necessary general hardware platform, and of course, can also be through hardware, but in many cases, the former is a better implementation. the way.
- the technical solution of the present invention may be embodied in the form of a software product in essence or in the form of a software product, which may be stored in a storage medium such as a ROM/RAM or a disk. , an optical disk, etc., includes instructions for causing a computer device (which may be a personal computer, server, or network device, etc.) to perform the methods described in various embodiments of the present invention or portions of the embodiments.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Artificial Intelligence (AREA)
- Computer Vision & Pattern Recognition (AREA)
- Storage Device Security (AREA)
- Mobile Radio Communication Systems (AREA)
Description
Claims
Priority Applications (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US13/056,856 US8547205B2 (en) | 2008-08-01 | 2009-07-28 | Anonymous authentication method based on pre-shared cipher key, reader-writer, electronic tag and system thereof |
KR1020117004377A KR101229703B1 (ko) | 2008-08-01 | 2009-07-28 | 사전 공유 암호 키에 기반한 익명의 인증 방법,판독기-기입기,전자 태그 및 그의 시스템 |
EP09802413.6A EP2320348B1 (en) | 2008-08-01 | 2009-07-28 | Anonymous authentication method based on pre-shared cipher key, reader-writer, electronic tag and system thereof |
JP2011520309A JP5429675B2 (ja) | 2008-08-01 | 2009-07-28 | 事前共有キーによる匿名認証方法、リード・ライト機、及び事前共有キーによる匿名双方向認証システム |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN200810150525.8 | 2008-08-01 | ||
CN2008101505258A CN101329720B (zh) | 2008-08-01 | 2008-08-01 | 一种基于预共享密钥的匿名双向认证方法 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2010012220A1 true WO2010012220A1 (zh) | 2010-02-04 |
Family
ID=40205522
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2009/072954 WO2010012220A1 (zh) | 2008-08-01 | 2009-07-28 | 基于预共享密钥匿名认证方法、读写器、电子标签及系统 |
Country Status (6)
Country | Link |
---|---|
US (1) | US8547205B2 (zh) |
EP (1) | EP2320348B1 (zh) |
JP (1) | JP5429675B2 (zh) |
KR (1) | KR101229703B1 (zh) |
CN (1) | CN101329720B (zh) |
WO (1) | WO2010012220A1 (zh) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2012117253A1 (en) * | 2011-03-02 | 2012-09-07 | Digitalle Limited | An authentication system |
CN103779651A (zh) * | 2012-10-26 | 2014-05-07 | 深圳富泰宏精密工业有限公司 | 天线结构 |
Families Citing this family (26)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101329719B (zh) * | 2008-08-01 | 2010-11-10 | 西安西电捷通无线网络通信股份有限公司 | 一种适合于同类电子标签的匿名认证方法 |
CN101329720B (zh) | 2008-08-01 | 2011-06-01 | 西安西电捷通无线网络通信股份有限公司 | 一种基于预共享密钥的匿名双向认证方法 |
CN101662367B (zh) * | 2009-05-27 | 2011-08-17 | 西安西电捷通无线网络通信股份有限公司 | 基于共享密钥的双向认证方法 |
KR101615542B1 (ko) | 2009-06-10 | 2016-04-26 | 삼성전자주식회사 | 무선 식별 시스템 및 그의 인증 방법 |
CN101814991B (zh) * | 2010-03-12 | 2012-05-09 | 西安西电捷通无线网络通信股份有限公司 | 基于身份的双向认证方法及系统 |
CN101783732B (zh) * | 2010-03-12 | 2012-03-07 | 西安西电捷通无线网络通信股份有限公司 | 基于预共享密钥可离线的双向认证方法及系统 |
CN101937516B (zh) * | 2010-09-07 | 2013-10-30 | 北京智捷通科技发展有限公司 | 一种无源超高频射频识别系统中认证的方法及系统 |
CN102143488B (zh) * | 2010-12-06 | 2013-06-12 | 西安西电捷通无线网络通信股份有限公司 | 一种读写器与电子标签安全通信的方法 |
US8707046B2 (en) * | 2011-05-03 | 2014-04-22 | Intel Corporation | Method of anonymous entity authentication using group-based anonymous signatures |
CN102682311B (zh) * | 2011-06-10 | 2015-07-22 | 中国人民解放军国防科学技术大学 | 基于循环冗余校验码运算的无源射频识别安全认证方法 |
CN102882563B (zh) * | 2011-07-14 | 2015-07-15 | 深圳光启高等理工研究院 | 一种基于soc的近距离无线通讯系统及无线通讯方法 |
CN102882540B (zh) * | 2011-07-14 | 2015-05-20 | 深圳光启高等理工研究院 | 一种基于soc的无线通讯系统 |
CN102510335A (zh) * | 2011-11-10 | 2012-06-20 | 西北工业大学 | 基于Hash的RFID双向认证方法 |
CN103049769B (zh) * | 2012-02-24 | 2015-10-07 | 深圳中科讯联科技有限公司 | 可防止射频卡冲突的通信方法 |
EP2634954B1 (en) * | 2012-02-29 | 2016-10-19 | BlackBerry Limited | Identity of a group shared secret |
US9232024B2 (en) | 2012-02-29 | 2016-01-05 | Blackberry Limited | Communicating an identity to a server |
CN105323754B (zh) * | 2014-07-29 | 2019-02-22 | 北京信威通信技术股份有限公司 | 一种基于预共享密钥的分布式鉴权方法 |
CN105577625B (zh) * | 2014-10-17 | 2019-04-23 | 西安西电捷通无线网络通信股份有限公司 | 基于预共享密钥的实体鉴别方法及装置 |
CN108475482A (zh) * | 2016-01-20 | 2018-08-31 | 瑞萨电子欧洲有限公司 | 具有防伪造能力的集成电路 |
EP3254979B1 (en) * | 2016-06-09 | 2018-12-19 | Tetra Laval Holdings & Finance S.A. | Unit and method for forming/advancing a pack or a portion of a pack |
CN106506164B (zh) * | 2016-10-25 | 2019-06-21 | 中国科学院信息工程研究所 | 一种基于单向哈希函数的匿名身份归类识别方法 |
CN109587518B (zh) | 2017-09-28 | 2022-06-07 | 三星电子株式会社 | 图像传输装置、操作图像传输装置的方法以及片上系统 |
CN108616531B (zh) * | 2018-04-26 | 2021-10-08 | 深圳市盛路物联通讯技术有限公司 | 一种射频信号安全通信方法及系统 |
CN111490967B (zh) * | 2019-01-29 | 2022-02-25 | 中国科学院软件研究所 | 一种提供用户友好的强认证和匿名认证的统一身份认证方法和系统 |
CN110598810A (zh) * | 2019-08-19 | 2019-12-20 | 成都理工大学 | 一种电子标签的数据写入及读取方法 |
CN112699696B (zh) * | 2019-10-21 | 2024-02-27 | 睿芯联科(北京)电子科技有限公司 | 一种射频识别防物理转移方法 |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1534935A (zh) * | 2003-03-31 | 2004-10-06 | 华为技术有限公司 | 一种基于预共享密钥的密钥分发方法 |
US20070043945A1 (en) * | 2005-08-19 | 2007-02-22 | Choi Jin-Hyeock | Method for performing multiple pre-shared key based authentication at once and system for executing the method |
CN101329720A (zh) * | 2008-08-01 | 2008-12-24 | 西安西电捷通无线网络通信有限公司 | 一种基于预共享密钥的匿名双向认证方法 |
Family Cites Families (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2004089017A1 (en) * | 2003-04-01 | 2004-10-14 | Mi-Kyoung Park | Mobile communication terminal having a function of reading out information from contactless type communication tag and methdo for providing information of whether an article is genuine or not |
JP2005348306A (ja) | 2004-06-07 | 2005-12-15 | Yokosuka Telecom Research Park:Kk | 電子タグシステム、電子タグ、電子タグリーダライタ、およびプログラム |
JP4768752B2 (ja) * | 2005-01-12 | 2011-09-07 | ブリティッシュ・テレコミュニケーションズ・パブリック・リミテッド・カンパニー | 無線周波数識別タグセキュリティシステム |
JP5080275B2 (ja) | 2005-01-12 | 2012-11-21 | ブリティッシュ・テレコミュニケーションズ・パブリック・リミテッド・カンパニー | 無線周波数識別タグセキュリティシステム |
KR101300844B1 (ko) * | 2005-08-19 | 2013-08-29 | 삼성전자주식회사 | 한번에 복수의 psk 기반 인증을 수행하는 방법 및 상기방법을 수행하는 시스템 |
US20080001724A1 (en) * | 2006-06-28 | 2008-01-03 | Symbol Technologies, Inc. | Using read lock capability for secure RFID authentication |
JP2008015639A (ja) * | 2006-07-04 | 2008-01-24 | Hitachi Ltd | データベースにおいてidを検索可能なプライバシ保護型認証システムおよび装置 |
US20080123852A1 (en) | 2006-11-28 | 2008-05-29 | Jianping Jiang | Method and system for managing a wireless network |
KR100842276B1 (ko) * | 2006-12-07 | 2008-06-30 | 한국전자통신연구원 | 무선 lan 보안 표준 기술을 확장한 무선 rfid의료기기 접근제어방법 |
JP4410791B2 (ja) | 2006-12-20 | 2010-02-03 | 富士通株式会社 | アドレス詐称チェック装置およびネットワークシステム |
-
2008
- 2008-08-01 CN CN2008101505258A patent/CN101329720B/zh not_active Expired - Fee Related
-
2009
- 2009-07-28 JP JP2011520309A patent/JP5429675B2/ja active Active
- 2009-07-28 KR KR1020117004377A patent/KR101229703B1/ko active IP Right Grant
- 2009-07-28 EP EP09802413.6A patent/EP2320348B1/en not_active Not-in-force
- 2009-07-28 US US13/056,856 patent/US8547205B2/en active Active
- 2009-07-28 WO PCT/CN2009/072954 patent/WO2010012220A1/zh active Application Filing
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1534935A (zh) * | 2003-03-31 | 2004-10-06 | 华为技术有限公司 | 一种基于预共享密钥的密钥分发方法 |
US20070043945A1 (en) * | 2005-08-19 | 2007-02-22 | Choi Jin-Hyeock | Method for performing multiple pre-shared key based authentication at once and system for executing the method |
CN101329720A (zh) * | 2008-08-01 | 2008-12-24 | 西安西电捷通无线网络通信有限公司 | 一种基于预共享密钥的匿名双向认证方法 |
Non-Patent Citations (2)
Title |
---|
See also references of EP2320348A4 * |
ZHUSHENGLIN ET AL.: "RFID Protocols and Their Security", THE ARTICLES COLLECTION OF THE 10TH SEMINAR OF SECRECY COMMUNICATIONS AND INFORMATION SECURITY SITUATION, 31 December 2007 (2007-12-31), pages 168 - 170, XP008142777 * |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2012117253A1 (en) * | 2011-03-02 | 2012-09-07 | Digitalle Limited | An authentication system |
CN103779651A (zh) * | 2012-10-26 | 2014-05-07 | 深圳富泰宏精密工业有限公司 | 天线结构 |
Also Published As
Publication number | Publication date |
---|---|
KR101229703B1 (ko) | 2013-02-05 |
US20110133883A1 (en) | 2011-06-09 |
US8547205B2 (en) | 2013-10-01 |
JP5429675B2 (ja) | 2014-02-26 |
KR20110050470A (ko) | 2011-05-13 |
EP2320348B1 (en) | 2016-03-30 |
CN101329720B (zh) | 2011-06-01 |
CN101329720A (zh) | 2008-12-24 |
JP2011530201A (ja) | 2011-12-15 |
EP2320348A1 (en) | 2011-05-11 |
EP2320348A4 (en) | 2012-06-20 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2010012220A1 (zh) | 基于预共享密钥匿名认证方法、读写器、电子标签及系统 | |
US7325133B2 (en) | Mass subscriber management | |
WO2010012210A1 (zh) | 一种电子标签的认证方法及系统 | |
EP1913728B1 (en) | Total exchange session security | |
US20030196084A1 (en) | System and method for secure wireless communications using PKI | |
US11722887B2 (en) | Privacy protection authentication method based on wireless body area network | |
WO2010135890A1 (zh) | 基于对称加密算法的双向认证方法及系统 | |
WO2011022915A1 (zh) | 一种基于预共享密钥的网络安全访问控制方法及其系统 | |
CN110020524A (zh) | 一种基于智能卡的双向认证方法 | |
US9047449B2 (en) | Method and system for entity authentication in resource-limited network | |
JP4550759B2 (ja) | 通信システム及び通信装置 | |
JP2003143128A (ja) | 通信システム及び通信方法 | |
Prakash et al. | Authentication protocols and techniques: a survey | |
Ma et al. | How to use EAP-TLS authentication in PWLAN environment | |
KR100759813B1 (ko) | 생체정보를 이용한 사용자 인증 방법 | |
Alharbi et al. | User Authentication Scheme for Internet of Things Using Near-Field Communication | |
KR101221595B1 (ko) | 스푸핑 방지를 위한 인증 방법, 인증 서버 및 인증 시스템 | |
Hong et al. | Supporting secure authentication and privacy in wireless computing | |
KR100924315B1 (ko) | 보안성이 강화된 무선랜 인증 시스템 및 그 방법 | |
Shahnawaz et al. | A REVIEW ON VARIOUS AUTHENTICATION TECHNIQUES AND PROTOCOLS | |
Allen | Bluetooth Security; Man-In-The-Middle (MITM) Attacks | |
Mardenov | ANALYSIS AND CREATION OF A THREEFACTOR AUTHENTICATION MODEL AND A KEY MATCHING SCHEME IN WIRELESS SENSOR NETWORKS | |
Lee | Secure authentication and accounting mechanism on WLAN with interaction of mobile message service |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 09802413 Country of ref document: EP Kind code of ref document: A1 |
|
ENP | Entry into the national phase |
Ref document number: 2011520309 Country of ref document: JP Kind code of ref document: A |
|
WWE | Wipo information: entry into national phase |
Ref document number: 13056856 Country of ref document: US |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2009802413 Country of ref document: EP |
|
ENP | Entry into the national phase |
Ref document number: 20117004377 Country of ref document: KR Kind code of ref document: A |