WO2011116653A1 - 一种基于射频识别技术的防伪方法 - Google Patents

一种基于射频识别技术的防伪方法 Download PDF

Info

Publication number
WO2011116653A1
WO2011116653A1 PCT/CN2011/071582 CN2011071582W WO2011116653A1 WO 2011116653 A1 WO2011116653 A1 WO 2011116653A1 CN 2011071582 W CN2011071582 W CN 2011071582W WO 2011116653 A1 WO2011116653 A1 WO 2011116653A1
Authority
WO
WIPO (PCT)
Prior art keywords
information
tag
digital signature
commodity
unique identification
Prior art date
Application number
PCT/CN2011/071582
Other languages
English (en)
French (fr)
Inventor
陈满祥
Original Assignee
广州信睿网络科技有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 广州信睿网络科技有限公司 filed Critical 广州信睿网络科技有限公司
Publication of WO2011116653A1 publication Critical patent/WO2011116653A1/zh

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless
    • H04L2209/805Lightweight hardware, e.g. radio-frequency identification [RFID] or sensor

Definitions

  • the invention designs a product anti-counterfeiting field, in particular to an anti-counterfeiting method based on radio frequency identification technology.
  • Radio Frequency Identification technology is a non-contact automatic identification technology realized by radio frequency technology. It can realize multi-target recognition and mobile target recognition. Through the combination with Internet technology, it can realize the tracking and information sharing of items on a global scale. It is the direction of the future development of enterprise information.
  • the application process of RFID technology in product anti-counterfeiting is: Each product is shipped with an electronic tag, and then a unique identification code is written by the reader, and the information of the item is entered into the database. After that, all the links such as box sales, export verification, inbound distribution, and retail shelves can be read and written repeatedly by the reader.
  • the tag is the "identity card" of the item.
  • RFID radio frequency identification
  • 200710077738.8 the counterfeiter can copy the unique identification information and the electronic signature of the commodity in the real label, and only need to write again to a blank label to obtain a forged label, so
  • the above patent application has the problem that the information in the label can be copied.
  • Application No. 200710077738.8 The solution to this problem is to add an access control module, which is relatively simple in design and vulnerable to attacks such as reverse engineering.
  • U.S. Patent No. 2009/0254981 A1 discloses a technique for generating a specific key from a specific hardware.
  • U.S. Patent No. 2009/0083833 A1 discloses an authentication method based on the technology, which requires a group of specific hardware to be stored in a database.
  • C/Rs Challenge/Response Pair
  • the hardware gives one or more responses
  • the response is compared with the response stored in the database, if the number of bits difference is less than some Threshold, it is considered that the certified hardware is the hardware registered in the database.
  • Threshold some Threshold
  • the object of the present invention is to provide an anti-counterfeiting method based on radio frequency identification technology, which solves the problem of low defense against information replication attacks in the background art and improves anti-counterfeiting efforts.
  • the radio frequency identification electronic tag includes at least a unique identification information area of the label and a commodity related information area, wherein the unique identification information area can store or generate unique identification information of the electronic label; and the commodity related information area stores the item related information.
  • the verification process includes at least the following steps:
  • Step 1 Generate and store a digital signature at initialization or production.
  • the digital signature algorithm can be any digital signature algorithm that satisfies the security of the selected message attack.
  • the private key used by the digital signature algorithm is held by a separate trusted third party or the commodity manufacturer's own informationization department; the message signed by the digital signature algorithm contains at least the unique identification information of the tag and the information of the commodity;
  • the generated digital signature value is stored in the item related information area.
  • Step 2 Verify the authenticity in the circulation. Verify that the relevant device stores the verification public key published by the trusted third party or the product manufacturer's own informatization department; verify the relevant device to obtain the unique identification information of the tag, the product information and the digital signature value; verify the relevant device usage number
  • the verification algorithm of the signature algorithm verifies the validity of the signature. If the signature verification is incorrect, the commodity is determined to be genuine, otherwise it is determined to be a counterfeit.
  • the tag unique identification information may be a read-only unique number of the chip used in the tag stored in the tag.
  • the unique identification information of the tag is generated by the non-cloning hardware in the tag, and the unique identification information is composed of the relevant information input and output by the module.
  • the input information can be ordered public information. When the same input information can correspond to different output information, it is necessary to specify one of the outputs as the specified output, and other outputs need to be corrected to the specified output by the error correcting code, and additional redundancy is required to correct the specified output. Information, redundant information is stored in the item-related information area, and the order is related to the order of input.
  • the unique identification information of the tag is one or more hash values generated by a cryptographically secure hash function that operates on the specified output.
  • the information of the product is the product code and other product-related information, such as the production lot number.
  • Verify that the associated device is a separate handset, or a card reader plus a general purpose computing device, such as a portable computer plus a conventional RFID reader.
  • the unique identification information of the tag is generated by the non-cloning hardware in the tag
  • the related device obtains the unique identification information of the tag, it inputs a certain public input information to the special hardware module, and obtains the output information returned by the module, according to the input.
  • the order of information extracts redundant information, and forms a specified output based on the redundant information and the obtained output information, and then uses a cryptographic security function to calculate a hash value that is concatenated with other hash values unrelated to the input. , as an input to the digital signature verification algorithm.
  • the invention includes the unique identification information and product information of the tag in the signature object of the digital signature, so that the attacker of the information copy further copies the digital signature value and the product information to another blank tag, because the unique identification of the new tag Different information, when verifying the digital signature value, will prompt the verification failure, thus eliminating the information replication attack.
  • the unique identification information of the tag uses hardware cloning technology, even the chip manufacturer cannot produce two chips with the same unique identification information, which is extremely high in anti-counterfeiting.
  • the unique identification information of the tag is a series of read-only serial numbers, the strength of the anti-counterfeiting can be guaranteed as long as the chip manufacturer does not manufacture the chip with the same serial number, which is usually achieved by technical barriers and commercial contracts.
  • the invention provides an anti-counterfeiting method based on radio frequency identification technology, which is suitable for an application environment of large quantities of commodities such as alcohol, tobacco, medicine, etc., requires a chip with a large storage space, and the chip has a unique read-only number or a chip can be generated.
  • a unclonable hardware that uniquely identifies information.
  • Figure 3 shows the signature process when the unique identification information of the chip is a read-only unique number
  • Figure 4 shows the verification process when the unique identification information of the chip is a read-only unique number
  • Figure 5 is the content stored when the unique identification information of the chip is generated by the non-cloning hardware
  • Figure 6 shows the signature and related process when the unique identification information of the chip is generated by the non-cloning hardware
  • the specific implementation process of the present invention is as shown in FIG. 1.
  • the tag unique identification information and product information are read from the electronic tag as the content of the digital signature, and then the content of the digital signature is signed and generated by using the selective message attacking secure digital signature algorithm.
  • the digital signature value, digital signature value is written in the electronic tag.
  • the tag unique identification information, product information, and digital signature value are read from the electronic tag, and the verification algorithm is run to give the verification result.
  • the unique identification information for the tag is a read-only unique number and the information is generated by non-cloning hardware, and the specific embodiments are respectively explained as follows.
  • the unique identification information of the electronic tag is a read-only unique number, and the content stored by the electronic tag is as shown in FIG. 2, and includes a unique identification information area and a commodity related information area.
  • the unique identification information area stores only the read-only unique number, such as the number TID of the chip in the electronic label; the commodity related information area stores the information including the commodity and the digital signature value.
  • the information of the merchandise may include the merchandise code and other merchandise related information, such as the electronic product code EPC and the permitted place of sale AD.
  • the digital signature algorithm that satisfies the security of the selective message attack can be selected as the ECDSA signature algorithm.
  • the signature length is about 384 bits.
  • the parameters of the signature algorithm ⁇ ; p, q, P, 6) are as follows:
  • G ⁇ P>, a group generated for point ⁇ ;
  • the private key of the input digital signature algorithm in Figure 3 can be held by the product manufacturer's information department and can be stored in the USB KEY.
  • the hardware is inserted when the digital signature algorithm is run, and the hardware gives the digital signature value.
  • the product manufacturer's information department needs to initialize each of the tags to be used.
  • the label is attached to the item at the time of production of the batch, and the label is damaged when the product is in use.
  • the verification algorithm of the ECDSA signature algorithm is then run on the handset.
  • the verification algorithm also needs to input the public key of the product manufacturer's information department and output the result of whether the digital signature value is correct.
  • the public key can be extracted by a trusted third party for the digital certificate issued by the product manufacturer.
  • the ordinary consumer can obtain the information in the tag by verifying the inquiry terminal composed of the related device, and obtain the result of whether the digital signature value is correct by querying the terminal. If the signature value is wrong, it is judged to be a counterfeit product, otherwise it is genuine. It is also possible to prompt a re-authentication after one signature value error, if the verification result is an error multiple times. Then it is judged as a counterfeit product, otherwise it is judged to be genuine.
  • the unique identification information of the electronic tag is generated by non-cloning hardware, and the content stored by the electronic tag is as shown in FIG. 5, and includes a unique identification information area and a commodity related information area.
  • the unique identification information area refers to the non-cloning hardware, such as the non-cloning work in the electronic label.
  • the (PUF) module; the commodity-related information area stores information including the item, one or more redundant information, and a digital signature value. Assuming that the tag allows 5 different challenge values to be queried, it is necessary to store 5 redundant information.
  • the information of the merchandise still includes the merchandise code and other merchandise-related information, such as the electronic product code EPC and the permitted place of sale AD. Redundant information is generated in accordance with the method disclosed in U.S. Patent Application No.
  • the private key can be held by the product manufacturer's information department and can be stored in the USB KEY.
  • the hardware is inserted when the digital signature algorithm is run, and the hardware gives the digital signature value.
  • the product manufacturer's information department needs to initialize each label to be used.
  • run the above signature algorithm and the input digital signature content is the information of the concatenated value concatenated goods, for example / ⁇ AII AII ⁇ AII ⁇ IIEPCIIAD , output
  • the digital signature values ⁇ , ⁇ are stored in the electronic tag.
  • the label is attached to the item at the time of production of the batch to ensure that the label is damaged when the product is used.
  • the inspector can take the handheld device, as shown in Figure 7 (a), to enter the open challenge to the electronic tag. If the tag is verified for the third time, the low value is taken from the SHA-3 value.
  • the weight k bits are used as the challenge value c 3 , and the value of k may be 64 bits.
  • the unclonable hardware in the electronic tag gives the response after the challenge.
  • the handset then runs the BCH code error correction algorithm, inputs the redundant information ⁇ 3 ⁇ 4 3 and the response to obtain the specified output. Run the SHA-1 hash algorithm on 5 and get ⁇ . Then, as shown in FIG.
  • the hash value of the electronic tag is read to the redundant information 3 ⁇ 4.
  • EPC, AD, and ⁇ run the verification algorithm of the ECDSA signature algorithm on the handset.
  • the public key can be extracted from a digital certificate issued by a trusted third party for the commodity manufacturer.
  • the ordinary consumer can obtain the information in the tag by verifying the inquiry terminal composed of the related device, and obtain the result of whether the digital signature is correct by querying the terminal.
  • the signature value is wrong, it is judged to be a counterfeit product, otherwise it is genuine. It is also possible to prompt a re-authentication after one signature value error, if the verification result is an error multiple times. Then it is judged as a counterfeit product, otherwise it is judged to be genuine.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Description

一种基于射频识别技术的防伪方法 技术领域
本发明设计产品防伪领域, 特别是涉及一种基于射频识别技术的防伪方法。
背景技术
射频识别 (RFID) 技术是一种利用射频技术实现的非接触式自动识别技术, 它可以实现多目标识别 和移动目标识别, 通过与互联网技术的结合可以实现全球范围内物品的跟踪和信息共享, 它是未来企业 信息化发展的方向。
RFID技术在产品防伪方面的应用流程是: 每个产品出厂时都被附上电子标签, 然后通过读写器写入 唯一的识别代码, 并将物品的信息录入到数据库中。 此后装箱销售、 出口验证、 到港分发、 零售上架等 各个环节都可以通过读写器反复读写标签。 标签就是物品的"身份证"。 借助电子标签, 可以实现产品对 原料、半成品、成品、运输、仓储、配送、上架、最终销售, 甚至退货处理等环节进行实时监控。 RFID 技 术提高了物品分拣的自动化程度, 降低了差错率, 使整个供应链管理显得透明而高效。 为了打击造假行 为, 美国生产麻醉药 OxyContin 的厂家宣布将在药瓶上采用射频识别 (RFID)技术, 实现对药品从生产 到药剂厂进行全程的电子监控, 此举是打击日益增长的药品造假现象的有效手段。 药品、 食品、 危险品 等与个人的日常生活安全息息相关, 都属于国家监管的特殊物品, 其生产、 运输和销售的过程必须严格 管理, 一旦管理不利, 假冒伪劣产品散落到社会上, 必然会给人民的生命财产安全带来极大的威胁。 我 国政府和技术监督系统也已经开始在国内射频识别领域的先导厂商 (如维深电子、 东方捷码等) 的帮助 下, 尝试利用 RFID 技术实现对药品、 食品、 危险品等特殊产品的防伪和跟踪追溯。 然而, 现有基于射频识别技术的产品防伪方法中, 大多采用在电子标签中使用数字签名的方法, 然 而其数字签名的对象仅仅是包含了电子标签中的商品唯一识别信息等内容。 如申请号为 200710077738.8 的中国专利申请所阐述的那样, 造假者可以拷贝真实标签中的商品唯一识别信息和电子签名, 只需要再 次写入到一个空白标签中, 就可以得到一个伪造的标签, 所以上述申请专利存在标签中的信息可复制的 问题。 申请号 200710077738.8对此问题的解决方法是增加访问控制模块, 其设计较简单, 容易遭受逆向 工程等攻击的威胁。 美国专利 US 2009/0254981 A1公布了一种从特定硬件生成特定密钥的技术, 美国专 利 US 2009/0083833 A1基于该技术公布了一种认证方法,该方法要求在数据库中存储特定硬件的一组挑 战 /响应对 (C/Rs), 在认证时向硬件输入某个或者多个挑战, 硬件给出一个或者多个响应, 响应与数据 库中存储的响应比较,如果相差的比特数少于某个门限值,就认为认证的硬件是在数据库中注册的硬件。 尽管物理不可克隆保证了即使是芯片生产商也无法控制每个芯片的唯一识别信息, 该认证方法还是存 在一些问题, 其中的主要问题在于数据库系统的安全, 一旦数据库系统中的数据丢失, 造假可以轻易的 根据这些数据模仿上述应答行为。
综上所述, 目前很多基于射频识别技术的防伪方法使用数字签名, 然而其使用的方法并不能防止信 息复制的攻击, 从而难以达到防伪的目的。 针对信息复制攻击的解决方法之一是使用访问控制单元, 事 实上 IS014443就存在一个口令区用于访问控制, 然而该类方法通常过于简单, 容易遭受逆向工程等攻 击的威胁。 因此, 我们需要给出一种解决信息复制攻击的方法, 提高信息复制的代价, 提升防伪力度。 发明内容
本发明的目的在于提供一种基于射频识别技术的防伪方法, 解决背景技术中对信息复制攻击防范力 度低的问题, 提升防伪力度。
为实现上述目的, 本发明通过如下方案实现:
在射频识别电子标签中至少包含标签的唯一识别信息区和商品相关信息区, 其中唯一识别信息区能 存储或者生成该电子标签的唯一识别信息; 商品相关信息区则存储商品相关的信息。 验证流程至少包括 以下步骤:
步骤一: 在初始化或者生产环节生成并存储数字签名。 数字签名算法可以是任何满足选择消息攻击 安全的数字签名算法。 数字签名算法所用的私钥由单独的可信第三方或者商品制造商自己的信息化部门 持有; 数字签名算法所签署的消息至少包含该标签的唯一识别信息和商品的信息; 数字签名算法所生成 的数字签名值存储在商品相关信息区。
步骤二: 在流通环节验证真伪。 验证相关的设备存储由可信第三方或者商品制造商自己的信息化部 门公布的验证公钥; 验证相关的设备获取标签的唯一识别信息、 商品的信息和数字签名值; 验证相关的 设备使用数字签名算法的验证算法验证签名的有效性, 如果签名验证错误则判定商品为真品, 否则判定 为假冒品。
所述的标签唯一识别信息可以是该标签中存储的、 该标签所用芯片的只读唯一的编号。
标签的唯一识别信息由标签中也不可克隆硬件生成, 此时唯一识别信息由该模块输入和输出的相关 的信息构成。 其中输入信息可以是有序的公开信息。 当同一输入信息可对应不同的输出信息时, 需要指 定其中的某一个输出为指定的输出, 其它输出需要用纠错码的方法纠正为指定的输出, 纠正为指定的输 出时需要额外的冗余信息, 冗余信息存储在商品相关信息区, 顺序与输入的顺序相关。 标签的唯一识别 信息是一个或者多个杂凑值, 该杂凑值由某个密码学安全的杂凑函数对指定的输出进行运算后生成。
商品的信息是商品编码和其它的商品相关信息, 例如生产批号。
验证相关设备是单独的手持机, 或者读卡器加通用计算设备, 例如便携式计算机加普通的 RFID读 卡器。 当标签的唯一识别信息由标签中不可克隆硬件生成时, 验证相关的设备获取标签的唯一识别信息时 向特殊的硬件模块输入某个公开的输入信息, 获取该模块返回的输出信息, 根据该输入信息的顺序提取 冗余信息, 并根据冗余信息和获取的输出信息形成指定的输出, 然后使用密码学安全函数计算杂凑值, 该杂凑值与其它与此次输入无关的杂凑值串接在一起, 作为数字签名验证算法的输入。
本发明具有以下优点:
本发明在数字签名的签名对象中包括标签的唯一识别信息和产品信息, 从而使得信息复制的攻击者 再把数字签名值和商品信息复制到另外一个空白标签上时, 因为新的标签的唯一识别信息不同, 验证数 字签名值时会提示验证失败, 从而杜绝了信息复制攻击。 如果标签的唯一识别信息使用了硬件不可克隆 技术,那么即使是芯片生产厂商也无法生产出具有相同唯一识别信息的两个芯片,具有极高的防伪力度。 如果标签的唯一识别信息是一串只读的序列号, 那么只要芯片制造商不制造相同序列号的芯片, 就可以 保障防伪的力度, 而这一点通常由技术壁垒和商业合同来实现。
本发明提供的一种基于射频识别技术的防伪方法, 适用于酒类、烟、 药品等大批量商品的应用环境, 要求芯片具有较大的存储空间,芯片具有唯一只读的编号或者可生成芯片唯一识别信息的不可克隆硬件。 附图说明
下面结合附图和具体实时方式对本发明作进一步详细的说明。
图 1概括了本方法的实施流程;
图 2为芯片唯一识别信息为只读唯一编号时所存储的内容;
图 3为芯片唯一识别信息为只读唯一编号时签名过程;
图 4为芯片唯一识别信息为只读唯一编号时验证过程;
图 5为芯片唯一识别信息由不可克隆硬件生成时所存储的内容;
图 6为芯片唯一识别信息由不可克隆硬件生成时的签名及相关过程;
图 7为芯片唯一识别信息由不可克隆硬件生成时签名验证及相关过程; 具体实施方式
本发明的具体实施流程如图 1所示, 从电子标签中读取标签唯一识别信息和产品信息作为数字签名 的内容, 之后使用选择消息攻击安全的数字签名算法对数字签名的内容进行签名, 生成数字签名值, 数 字签名值写入电子标签中。 在验证时从电子标签中读取标签唯一识别信息、 产品信息和数字签名值, 运 行验证算法, 给出验证结果。 针对标签唯一识别信息是只读唯一编号和该信息由不可克隆的硬件生成这 两种情况, 分别阐述具体实施方式如下。
实施例 1 电子标签的唯一识别信息是只读唯一编号, 电子标签所存储的内容如图 2所示, 包括唯一识别信息 区和商品相关信息区。 其中唯一识别信息区仅存储只读唯一编号, 例如电子标签中芯片的编号 TID; 商 品相关信息区则存储包括商品的信息和数字签名值。 其中商品的信息可以包括商品编码和其它商品相关 信息, 例如电子产品编码 EPC和允许的销售地 AD。
如图 3所示, 满足选择消息攻击安全的数字签名算法可以选定为 ECDSA签名算法, 签名长度 384 比特左右, 该签名算法的参数^; p, q, P, 6)建议如下:
£ = ^ + ax+ b, 其中
<s=-3
67236789897895454534230235651860890517841345604560562138
7^6277101735386680763835789423207666416083908700390324961279
^6277101735386680763835789423308534963364820143210894481897
^(x, y)
Figure imgf000006_0001
G=<P>, 为点 ^生成的群;
图 3中输入数字签名算法的私钥可以由产品制造商的信息部门持有, 可以存储在 USB KEY中。 在 运行数字签名算法时插入该硬件, 由该硬件给出数字签名值。 产品制造商的信息部门需要初始化每一个 将要使用的标签, 对于每个标签, 运行上述签名算法, 输入的数字签名内容为只读唯一编号串接商品的 信息, 例如/ ¾=TID||EPC||AD, 输出数字签名值 σ, σ存储在该电子标签中。
标签初始化之后, 在生产该批产品的时候把标签贴到单品上, 并保证该产品在使用时标签会损坏。 在流通环节, 稽査员可以拿手持设备, 读取商品电子标签的 TID、 EPC、 AD和 σ, 分别作为图 4中 的只读唯一编号串接商品的信息 W=TID||EPC||AD, 和数字签名值 σ。 之后在手持机上运行 ECDSA签名 算法的验证算法。验证算法还需要输入产品制造商信息部门的公钥,并输出数字签名值是否正确的结果, 其中公钥可以通过某个可信第三方为产品制造商颁发的数字证书中提取。 普通消费者可以通过验证相关 设备组成的査询终端获取标签中的信息, 并通过査询终端获知数字签名值是否正确的结果。 如果签名值 错误, 则判定为假冒产品, 否则为真品。 也可以在一次签名值错误之后提示再次验证, 如果多次验证结 果都是错误。 则判定为假冒产品, 否则判定为真品。 实施例 2
电子标签的唯一识别信息由不可克隆的硬件生成, 电子标签所存储的内容如图 5所示, 包括唯一识 别信息区和商品相关信息区。 其中唯一识别信息区专指该不可克隆的硬件, 例如电子标签中不可克隆功 能 (PUF)模块; 商品相关信息区则存储包括商品的信息, 一个或者多个冗余信息以及数字签名值。假设该 标签允许 5个不同的挑战值进行査询, 则需要存储 5个冗余信息。 商品的信息依旧包括商品编码和其它 商品相关信息, 例如电子产品编码 EPC和允许的销售地 AD。 冗余信息则按照美国专利申请 US 2009/0254981 A1公布的方法生成, 如图 6中 (a)图所示, 对需要进行初始化的标签输入一个公开的挑战 值, 例如用 SHA-1杂凑函数对数字 0进行杂凑, 之后截取低权重 k比特就可得到一个挑战值 θ), k的取 值可以是 64比特。 该挑战值输入标签后, 可以得到一个指定的输入 ¾, 对该 ·。进行 SAH-1运算, 可以 得到杂凑值 A)。 如图 6中 (b)图所示, 把该响应 ¾作为数据, 输入某个纠错码方法, 例如 BCH码, 可以 得到冗余信息 rech。 类似的过程再进行 4次, 就获得了冗余信息 reck到冗余信息 reck, 得到了杂凑值 到 。 这些信息均存储在标签中。
同样使用 ECDSA数字签名算法, 如图 6中 (c)图所示, 私钥可以由产品制造商的信息部门持有, 可 以存储在 USB KEY中。 在运行数字签名算法时插入该硬件, 由该硬件给出数字签名值。 产品制造商的 信息部门需要初始化每一个将要使用的标签, 对于每个标签, 运行上述签名算法, 输入的数字签名内容 为杂凑值串接商品的信息, 例如/ ^ AII AII ^ AII ^IIEPCIIAD , 输出数字签名值 σ, σ存储在该电子标签 中。
标签初始化之后, 在生产该批产品的时候把标签贴到单品上面, 保证产品使用时标签会损坏。 在流通环节, 稽査员可以拿手持设备, 如图 7中 (a)图所示, 向电子标签输入公开的挑战, 假设是第 3次验证该标签, 则从 SHA- 3)的生成值中截取低权重 k比特作为挑战值 c3, k的取值可以是 64比特。 电子标签中的不可克隆硬件获得该挑战后, 给出响应 。 手持机此时运行 BCH码的纠错算法, 输入冗 余信息 Ϊ¾ 3和响应 , 获得指定的输出 。 对 5运行 SHA-1杂凑算法, 获得^ 。 之后如图 7中 (b)图所 示, 读取电子标签的杂凑值 到 、 冗余信息 ¾。到 £¾ 4、 EPC、 AD和 σ, 在手持机上运行 ECDSA签 名算法的验证算法。 验证算法输入的信息包括消息 m= 4|| h h2\\ βζ II A||EPC||AD, 输入数字签名值 σ,输 入制造商信息部门的公钥, 输出数字签名是否正确的结果, 其中公钥可以通过某个可信第三方为商品制 造商颁发的数字证书中提取。 普通消费者可以通过验证相关设备组成的査询终端获取标签中的信息, 并 通过査询终端获知数字签名是否正确的结果。 如果签名值错误, 则判定为假冒产品, 否则为真品。 也可 以在一次签名值错误之后提示再次验证, 如果多次验证结果都是错误。 则判定为假冒产品, 否则判定为 真品。

Claims

权 利 要 求 书
1. 一种基于射频识别技术的防伪方法, 其特征在于射频识别电子标签至少包含 标签的唯一识别信息区和商品相关信息区; 其中唯一识别信息区能存储或者 生成该电子标签的唯一识别信息, 商品相关信息区则存储商品相关的信息; 验证流程至少包括以下步骤:
步骤一: 在初始化或者生产环节生成并存储数字签名, 数字签名算法可以是 任何满足选择消息攻击安全的数字签名算法, 数字签名算法所用的私钥由单 独的可信第三方或者商品制造商自己的信息化部门持有, 数字签名算法所签 署的消息至少包含该标签的唯一识别信息和商品的信息, 数字签名算法所生 成的数字签名值存储在商品相关信息区;
步骤二: 在流通环节验证真伪, 验证相关的设备存储由可信第三方或者商品 制造商自己的信息化部门公布的验证公钥; 验证相关的设备获取标签的唯一 识别信息、 商品的信息和数字签名值; 验证相关的设备使用数字签名算法的 验证算法验证签名的有效性, 如果签名验证错误则判定为假冒品, 否则判定 为真品。
2. 根据权利要求 1所述的一种基于射频识别技术的防伪方法, 其特征在于所述 的标签的唯一识别信息是该标签中存储的、 该标签所用芯片的只读唯一的编 号。
3. 根据权利要求 1所述的一种基于射频识别技术的防伪方法, 其特征在于所述 的标签的唯一识别信息由标签中不可克隆硬件生成, 此时唯一识别信息由该 模块输入和输出的相关的信息构成, 其中输入信息由可信第三方或者商品制 造商自己的信息化部门使用密钥杂凑函数计算计数器和额外信息的有序的杂 凑值, 其中计数器取值为自然数, 表明了杂凑值的顺序关系, 额外信息可以 是商品的信息的一部分; 当同一输入信息可对应不同的输出信息时, 需要指 定其中的某一个输出为指定的输出, 其它输出需要用纠错码的方法纠正为指 定的输出, 纠正为指定的输出时需要额外的冗余信息, 冗余信息存储在商品 相关信息区, 顺序与输入的顺序相关。 标签的唯一识别信息是一个或者多个 杂凑值, 该杂凑值由某个密码学安全的杂凑函数对指定的输出进行运算后生 成。
4. 根据权利要求 1所述的一种基于射频识别技术的防伪方法, 其特征在于所述 的商品的信息是商品编码和其它的商品相关信息。
5. 根据权利要求 1所述的一种基于射频识别技术的防伪方法, 其特征在于所述 的验证相关设备是单独的手持机, 或者读卡器加通用计算设备。
6. 根据权利要求 3所述的的一种基于射频识别技术的防伪方法, 其特征在于验 证相关的设备含有与所验证商品相关的多个但非全部输入信息, 这些设备获 取标签的唯一识别信息时向特殊的硬件模块输入某个输入信息, 获取该模块 返回的输出信息, 根据该输入信息的顺序提取冗余信息, 并根据冗余信息和 获取的输出信息形成指定的输出, 然后使用密码学安全函数计算杂凑值, 该 杂凑值与其它与此次输入无关的杂凑值串接在一起, 作为数字签名验证算法 的输入。
PCT/CN2011/071582 2010-03-26 2011-03-24 一种基于射频识别技术的防伪方法 WO2011116653A1 (zh)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN2010101354306A CN102063633A (zh) 2010-03-26 2010-03-26 一种基于射频识别技术的防伪方法
CN201010135430.6 2010-03-26

Publications (1)

Publication Number Publication Date
WO2011116653A1 true WO2011116653A1 (zh) 2011-09-29

Family

ID=43998902

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2011/071582 WO2011116653A1 (zh) 2010-03-26 2011-03-24 一种基于射频识别技术的防伪方法

Country Status (2)

Country Link
CN (1) CN102063633A (zh)
WO (1) WO2011116653A1 (zh)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102904724A (zh) * 2012-10-17 2013-01-30 南通大学 基于射频指纹的挑战-应答认证协议方法

Families Citing this family (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102890793A (zh) * 2011-07-20 2013-01-23 广东广新信息技术产业发展有限公司 一种酒类的溯源系统及方法
CN102325131B (zh) * 2011-07-20 2013-11-06 北京邮电大学 无线传感器网络节点双向身份认证方法
DE102011083828B4 (de) * 2011-09-30 2015-10-29 Siemens Aktiengesellschaft Verfahren zum Plagiatschutz und Anordnung zur Durchführung
CN103065244A (zh) * 2011-10-18 2013-04-24 杨筑平 二维条码防伪、查验和服务方法
EP2677473A1 (en) * 2012-06-21 2013-12-25 Nxp B.V. Production method, rfid transponder, authentication method, reader device and computer program product
CN103345690B (zh) * 2013-07-19 2019-12-24 中山大学 一种基于rfid和物理不可克隆函数的防伪方法
CN104809618B (zh) * 2014-01-27 2018-02-13 上海高研明鉴信息技术有限公司 基于电子标签的产品防伪方法
CN106385320B (zh) * 2016-11-01 2023-04-07 南京邮电大学 基于puf和数字签名的rfid防伪装置和验伪方法
CN108734238A (zh) * 2018-05-11 2018-11-02 上海宜链物联网有限公司 一种基于epc的快速分拣方法及系统
CN110197379B (zh) * 2019-05-10 2021-10-19 武汉天喻聚联网络有限公司 一种电子标签的防伪系统及方法
CN115285062B (zh) * 2022-07-28 2023-09-22 刘军 机动车辆安全带佩戴防作弊系统及工作方法

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1728162A (zh) * 2005-07-07 2006-02-01 复旦大学 一种基于射频识别技术的防伪验证方法及防伪系统
CN101593264A (zh) * 2008-05-28 2009-12-02 北京中食新华科技有限公司 基于射频识别的防伪方法

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2006071380A2 (en) * 2004-11-12 2006-07-06 Pufco, Inc. Securely field configurable device
CN100369042C (zh) * 2006-03-23 2008-02-13 南相浩 基于cpk电子标签的防伪方法和装置
WO2007113040A1 (en) * 2006-03-31 2007-10-11 International Business Machines Corporation Method and systems using identifier tags and authenticity certificates for detecting counterfeited or stolen brand objects
CN100481120C (zh) * 2007-04-23 2009-04-22 中国振华(集团)科技股份有限公司 带逻辑控制单元的产品rfid防伪方法

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1728162A (zh) * 2005-07-07 2006-02-01 复旦大学 一种基于射频识别技术的防伪验证方法及防伪系统
CN101593264A (zh) * 2008-05-28 2009-12-02 北京中食新华科技有限公司 基于射频识别的防伪方法

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102904724A (zh) * 2012-10-17 2013-01-30 南通大学 基于射频指纹的挑战-应答认证协议方法

Also Published As

Publication number Publication date
CN102063633A (zh) 2011-05-18

Similar Documents

Publication Publication Date Title
WO2011116653A1 (zh) 一种基于射频识别技术的防伪方法
TWI813677B (zh) 用於自動物件辨識及鑑認之方法及系統
US10554405B1 (en) Methods and systems for preparing and performing an object authentication
Islam et al. On IC traceability via blockchain
JP5149909B2 (ja) Rfid装置とのデータ・アクセス制御
CN103281386B (zh) 一种为物品标识及其解析服务提供安全保护的方法
WO2019192072A1 (zh) 一种基于区块链的商品防伪系统及查验商品真伪的方法
JP7408895B2 (ja) 物品の材料-デジタル二重偽造防止保護のための方法及びシステム
EP3329635B1 (en) Counterfeit prevention
US20190236427A1 (en) Counterfeit prevention
Karamachoski et al. Blockchain-based application for certification management
US10607234B2 (en) Counterfeit prevention
CN104751341A (zh) 基于二维码动态口令的商品防伪方法
WO2021133150A1 (en) Method for ensuring the authenticity and validity of item ownership transfer
CN112488261B (zh) 一种基于区块链的信息存储识别物品真伪的方法及系统
RU2814089C2 (ru) Способы и системы для автоматического распознавания объектов и проверки подлинности
Das An article on Food Supply Chain: find risk of system disruptions through Blockchain Technology
CN113888192B (zh) 中草药产品溯源平台中基于区块链的rfid轻量级认证方法
Kumar et al. Use of Blockchain for Fake Product Detection
Balinsky et al. Anti-counterfeiting using memory spots
Sriman et al. Fake Product Detection Using Blockchain Technology
CN114565393A (zh) 一种基于区块链技术的全产业链产品溯源认证方法及系统
CN117203688A (zh) 保护加密密钥

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 11758763

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 11758763

Country of ref document: EP

Kind code of ref document: A1