RFID Antiforge system based on the sign password
Technical field
The invention belongs to information security field, specially refer to radio RF recognition technology, sign password or based on the cryptographic technique of identity.
Background technology
Radio RF recognition technology RFID (Radio Frequency Identification) is a kind of technology of utilizing radiowave to realize the identification of automatic article sign.
A rfid system generally includes three parts: a plurality of RFID labels (Tag), a plurality of rfid interrogator (Reader) and a background processing system.RFID label inner storag information, and and rfid interrogator communicate by antenna.
The RFID technology is the new technology that substitutes conventional barcode, be different from the conventional barcode that only comprises producer's title, product type, the RFID label also comprises a unique sequence number in the whole world (UID), and near the rfid interrogator that the RFID label can be trend sends information, makes things convenient for Item Management.At present RFID has begun a plurality of fields such as, medical treatment false proof at passport, E-Payment, supply chain management, animal tracking, currency and has been applied.
But some safety problems that rfid system exists are not also solved well, influenced the widespread use of rfid system to a certain extent, especially at some to security requirement than higher field, for example application in the fields such as E-Payment, certificate false proof.The safety problem of rfid system mainly comprises two aspects: 1. the protection of pair RFID label internal information for example prevents that the sign of RFID label from being scanned by unauthorized rfid interrogator, and is followed the tracks of contact by malice; Prevent that RFID label internal information from being distorted; And prevent that the RFID label from being cloned; 2. to the protection of rfid system, for example rfid system is wanted to discern the RFID label that is forged, and can find that the RFID label is cloned.
The present invention proposes a RFID Antiforge system based on the sign password, is used for to false proof requirement than higher field for example certificate false proof such as I.D., passport, and high-end non-consumption product product false proof etc.
The sign cryptographic system claims the cryptographic system based on identity again, is the notion that famous Israel cryptologist Shamir proposed in 1984.The sign cryptographic system is a kind of special common key cryptosystem.The conventional public-key cryptographic system need generate PKI and the private key that is associated on a pair of mathematics for each user, and PKI is openly issued by certain mode, and private key is then preserved by the user is secret.PKI is used for ensureing the safe transmission of Content of Communication message, and private key is used for ensureing the integrality and the reliability of source of Content of Communication.Different with the conventional public-key cryptographic system is that user ID is exactly this user's a PKI in the sign cryptographic system, does not need extra the generation and storage.
The invention has the beneficial effects as follows and to discern the RFID label that is forged, improve the security of rfid system.
Summary of the invention
The present invention proposes a RFID Antiforge system based on the sign password, it is characterized in that RFID label wherein comprises data storage cell, computing unit;
The rfid interrogator of described RFID Antiforge system comprises data storage cell, computing unit, clock unit; The RFID background system of described RFID Antiforge system comprises a sign password management system IBCM;
Described sign password management system IBCM comprises function of initializing module, distribution RFID tag identifier private key functionality module, the public parameter function module of distribution sign password;
The manner of execution of described function of initializing module comprises following steps:
Step 1. is selected a sign cryptographic system IBC and system's common parameter thereof;
Step 2. generates IBC master key master-secret and system's PKI at random;
Step 3. generates tab end common parameter Param-T according to described system common parameter;
Step 4. generates read write line end common parameter Param-R according to described system common parameter;
The manner of execution of described distribution RFID tag identifier private key functionality module comprises following steps:
Step 1. uses described IBC master key to generate the sign private key private-key of described RFID label according to unique sequence number UID of RFID label;
Step 2. is write described sign private key private-key and described tab end common parameter Param-T the data storage cell of described RFID label.
The manner of execution of the public parameter function module of described distribution sign password is characterized in that, can obtain described read write line end common parameter Param-R by following dual mode:
Mode 1. is write described read write line end common parameter Param-R the data storage cell of described rfid interrogator;
Mode 2. described rfid interrogators are connected to background system by network, download described read write line end common parameter Param-R and are saved in data storage cell.
Described rfid interrogator authenticates the RFID label as follows:
The described rfid interrogator of step 1. sends random number R and the current time is stabbed TimeStamp to described RFID label;
The described RFID label of step 2. is handled described random number R and stamp TimeStamp of described current time, utilizes described sign private key to calculate authentication message Auth, sends to described rfid interrogator;
The described rfid interrogator of step 3. verifies that to described authentication message Auth then described if the verification passes RFID smart-tag authentication passes through, if checking fail by think that described RFID label is for forging.
Description of drawings
Fig. 1 is the composition structural drawing of RFID Antiforge system of the present invention;
Fig. 2 is the process flow diagram of authentication protocol among Fig. 1 of the present invention;
Embodiment
Describe each related detailed problem in the technical solution of the present invention in detail below in conjunction with specific embodiment.Be to be noted that described embodiment only is intended to be convenient to the understanding of the present invention, and it is not played any qualification effect.
It is example that of the sign private key generating algorithm that proposes in " ID based cryptosystems with pairing on elliptic curve " (Cryptology ePrintArchive:Report 2003/054) with Sakai-Kasahara simplifies version.
Press people such as Chen-Cheng at " Security Proof of Sakai-Kasahara ' s Identity-Based Encryption Scheme " (IMA Conference on Cryptography and Coding, pp.442-459,2005) description, system's common parameter of its IBC is (q, E (F
q), p, G
1, G
2, G
T, e, P
1, P
2, v, H
1, H), G wherein
1=<P
1, G
2=<P
2, rank are p, e is G
1* G
2To G
TBilinearity mapping, v=e (P
1, P
2); Master key master-key=s, the PKI Q=sP of system
2, H
1Be 0,1}* → F
qMapping, H is the hash function of cryptography safety.
Sign private key to UID generates by following formula:
Tab end common parameter Param-T=(P
1, p, H), read write line end common parameter Param-R=(P
2, Q, p, q, e, v, H
1, H).
The data storage cell of RFID label is preserved Param-T and private-key; The data storage cell of rfid interrogator is preserved Param-R.
Authentication protocol between RFID label and the rfid interrogator specifically comprises following steps:
Step 1.RFID read write line generates a random number R by computing unit, produces a current time stamp T by clock unit, sends to the RFID label;
Step 2.RFID label generates a random number r by computing unit, and calculates
u=rP
1,c=H(u,R,T),S=(r+c)·(private-key
UID),
U, S sends to rfid interrogator;
Step 3.RFID read write line verifies by computing unit whether following formula is set up
e(S,H
1(UID)P
2+Q)=e(u,P
2)v
H(u,R,T);
If set up then the RFID smart-tag authentication passes through, otherwise the RFID smart-tag authentication does not pass through.
The above; only be the embodiment among the present invention, but protection scope of the present invention is not limited thereto, anyly is familiar with the people of this technology in the disclosed technical scope of the present invention; conversion or the replacement expected can be understood, all of the present invention comprising within the scope should be encompassed in.Therefore, protection scope of the present invention should be as the criterion with the protection domain of claims