CN108229602A - A kind of RFID bidirectional identity authentication system and methods based on ECC - Google Patents
A kind of RFID bidirectional identity authentication system and methods based on ECC Download PDFInfo
- Publication number
- CN108229602A CN108229602A CN201611198185.7A CN201611198185A CN108229602A CN 108229602 A CN108229602 A CN 108229602A CN 201611198185 A CN201611198185 A CN 201611198185A CN 108229602 A CN108229602 A CN 108229602A
- Authority
- CN
- China
- Prior art keywords
- label
- idsnew
- server
- ids
- message
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06K—GRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
- G06K17/00—Methods or arrangements for effecting co-operative working between equipments covered by two or more of main groups G06K1/00 - G06K15/00, e.g. automatic card files incorporating conveying and reading operations
- G06K17/0022—Methods or arrangements for effecting co-operative working between equipments covered by two or more of main groups G06K1/00 - G06K15/00, e.g. automatic card files incorporating conveying and reading operations arrangements or provisious for transferring data to distant stations, e.g. from a sensing device
Landscapes
- Engineering & Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses a kind of RFID bidirectional identity authentication system and methods based on ECC, this method passes through certification initial phase, two-way authentication stage, certification more new stage, the two-way authentication of RFID label tag and reader is realized, subsequent communications are carried out using symmetrical secret key K by the label and reader of verification.
Description
Technical field
The invention belongs to radio frequency identification identity identifying technology field, more particularly to a kind of RFID based on ECC is two-way
Identity authorization system and method.
Background technology
Radio frequency identification (radio frequency identification device, RFID) technology is a kind of profit
With radiofrequency signal and Space Coupling (inductance or electromagnetic coupling) transmission characteristic, the technology of target can be identified automatically;RFID system
Mainly be made of three RFID reader, RFID label tag, back-end data base key components, have be not limited to sight, identify away from
From remote, carrying contains much information, and the ability of anti-adverse environment is stronger, can identify multiple identified objects simultaneously, and service life is long
The advantages that.
Since RFID system using wireless communication technique transmits message in open environment, easily by external attack, and
Identity identifying technology is the important means for ensureing RFID system safety, but is constrained to the cost of terminal hardware equipment, traditional
Identity identifying technology is difficult to realize on RFID system.
Existing RFID identity identifying methods are based respectively on following 3 kinds of agreements and its mutation agreement:Based on hash and random letter
Several security protocol, the security protocol based on tree, the security protocol based on symmetrically or non-symmetrically cryptographic algorithm;Due to chip technology
Development and common key cryptosystem advantage, by common key cryptosystem apply in RFID system as RFID system research heat
One of point, but there are no a kind of RFID identity identifying methods based on public key efficiently, inexpensive currently on the market.
Invention content
The purpose of the invention is to propose a kind of RFID bidirectional identity authentication system and methods based on ECC, this method
The two-way authentication of radio frequency identification system label and reader is realized, ensures the personal secrets of label, there is safety, height
The advantage of effect, low cost.
Wherein RFID system includes label, reader and background data base.The authentication method includes:Certification initializes rank
Section, two-way authentication stage, certification more new stage.
The certification initial phase:Reader and label setting manufacture parameter;Randomizer production in reader
Raw random number N r;Calculate message Pr;Then broadcast the message (Query | | Pr).Setting manufacture parameter, in particular to RFID system choosing
Suitable elliptic curve parameter is taken, the IDS values of label and the initial value of Nt are set;And typing back-end server.Message Pr is calculated
Formula is Pr=Nr*G;The basic point of elliptic curve selected by wherein G expressions.
The two-way authentication stage:After label is activated, the message of reader is received, uses the private of message Pr combination tags
There are data to calculate message Pt, S1;And send IDS | | Pt | | S1 to reader;Reader forwards new information IDS again | | Pr | | S1 | |
Pt | | Nr is to server.Message Pt calculation formula are Pt=Nt*G, S1=Nt*Pr+InFo, and wherein InFo represents label and service
The classified information of device.
After server receives message, can the IDS data that first check for storing from the background match the IDS data in message;
If Data Matching does not succeed, the failure of server authentication label is represented, agreement terminates;If successful match, server calculates
The value of S2, symmetrical secret key K.Message S2 is sent to label by reader, secret key K is as symmetrical secret after certification success
Key.
Tab end receives message, according to formula certificate server, if certification success, two-way authentication terminate.Label with
Server completes follow-up communication process using the symmetrical secret key encryption consulted.Otherwise, authentication failed terminates authentication procedure.
The more new stage:After label is activated, certification message is sent, and use the secret of NLAES algorithms update label
Close Nt.After the success of server authentication label, verify IDSold==IDS, then update IDSnew=IDSnew ';Verification
IDSnew==IDS then updates IDSold=IDSnew, IDSnew=IDSnew '.Tab end receives the two-way of server end and recognizes
Message is demonstrate,proved, after the success of label Verification server end, updates IDS=IDSnew.
IDSnew in the method, symmetrical secret key K, message C2 calculation formula be:IDSnew=((IDSold&Pt) |
((~ID) &Pr))), C2=ROT (Nr*Pt, C1), S2=C2+IDSnew, K=C2;Wherein nonlinear function ROT (x, y) is fixed
Justice is:, N is parameter length, and the value of C1 is the Hamming code weight of Pt^Pr.
The method at tab end authentication server end is in the method:Tab end decrypts IDS '=S2-C2 ', C2 '=ROT
(Nt*Pr, C1), the value of C1 are the Hamming code weight of Pt^Pr, IDSnew=(IDS&Pt) | ((~ID) &Pr))), verify equation
Whether IDS '==IDSnew is true, if be proved to be successful, smart-tag authentication server passes through;Symmetrical secret key K=C2 '.
The update method of label secret is Nt=NLAES (Nt, C3) in the method, and wherein C3 represents the Hamming code weight of Pt
It weighs, the Hamming code weight of F (x, y)=ROT (x&y, C4) in NLAES algorithms, C4 expression (~x) ^y results, in NLAES algorithms
RL, RR represent the left-right parts of constant R respectively, and Tempi represents the intermediate variable that algorithm calculates, and i represents positive integer;The knot of algorithm
Fruit is Temp3 as the combined result of left-half, Temp4 as right half part.
By the operation of above-mentioned steps, realize the two-way authentication of RFID label tag and reader, by the label of verification and
Reader carries out subsequent communications using symmetrical secret key K.
The advantageous effect that technical solution of the present invention is brought:
(1) a kind of RFID bidirectional identity authentication system and methods based on ECC proposed by the present invention are used, tab end is not required to
Realize randomizer hardware device, it is thus only necessary to can be achieved with identical function using logical operation function, reduce
The quantity of gate circuit in tab end reduces the cost of label.
(2) a kind of RFID bidirectional identity authentication system and methods based on ECC proposed by the present invention are used, improve RFID
The confidentiality that system communicates in open environment, the method can resist Replay Attack, man-in-the-middle attack, Denial of Service attack etc.
The common attack pattern of RFID system;Have the characteristics that algorithm novelty is simple, required resource is few, be easily achieved, be suitble to solve low
The safety problem of cost RFID tags.
Description of the drawings
In order to illustrate more clearly about the embodiment of the present invention or technical scheme of the prior art, to embodiment or will show below
There is attached drawing needed in technology description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this
Some embodiments of invention, for those of ordinary skill in the art, without creative efforts, can be with
Other attached drawings are obtained according to these attached drawings.
Fig. 1 is NLMC (x, y) algorithm concrete operation flow diagram proposed by the present invention;
Fig. 2 is a kind of RFID bidirectional identity authentication system and method schematic diagrames based on ECC proposed by the present invention;
Specific embodiment
Below in conjunction with the attached drawing in the embodiment of the present invention, the technical solution in the embodiment of the present invention is carried out clear, complete
Site preparation describes, it is clear that described embodiment is only part of the embodiment of the present invention, instead of all the embodiments.It is based on
Embodiment in the present invention, those of ordinary skill in the art are obtained every other without creative efforts
Embodiment shall fall within the protection scope of the present invention.
With reference to the accompanying drawings and examples, the present invention is described in detail.
A kind of RFID bidirectional identity authentication system and methods based on ECC, for completing label and reading in RFID system
Two-way authentication between device.The RFID system includes label, reader and background data base, and wherein label selects passive type can
Write type label, label only need to meet bit arithmetic (XOR operation, shift operation etc.) operation, have and realize NLAES (x, y) letter
Several functions.
RFID system is initialized, it is specific as follows:
All numerical value is the binary number of 96bit in RFID system;Data (ID, IDS, Nt) are preserved in the label,
Wherein ID represents the identification identifier of label;IDS represents the assumed name of label, and calculation of initial value method is as follows:By the current time
As seed calculate random number R 1, then with IDS value of the result that the ID XOR operation of label obtains as the label.Nt is represented
The secret number of tab end, initial value are to calculate random number using the result that current time and ID exclusive or obtain as seed, are obtained
Initial value of the result as label Nt.
The triple (ID, IDSnew, IDSold) of Hold sticker in background data base.Wherein ID represents the identity of label
Identifier;IDSnew represents the assumed name of this certification of label;IDSold represents the assumed name of label in last time verification process, initial
Value IDSnew=IDSold.
RFID system sets parameters of the suitable Elliptic Curve y 2=x3+ax+b in finite field Fp, chooses Ecc ginsengs here
Number P=3851, a=324, b=1287. basic points G=(920,303).
The verification process schematic diagram of radio frequency identification system is as shown in Fig. 2, the specific implementation procedure of agreement is as follows:
The certification initial phase:
Reader and label setting manufacture parameter;Randomizer in reader generates random number N r;Calculate message
Pr;Then broadcast the message (Query | | Pr).
The two-way authentication stage:
After label is activated, the message of reader is received, message Pt is calculated using message Pr combination tags private data,
S1;And send IDS | | Pt | | S1 to reader;Reader forwards new information IDS again | | Pr | | S1 | | Pt | | Nr is to server.
After server receives message, can the IDS data that first check for storing from the background match the IDS data in message;
If Data Matching does not succeed, the failure of server authentication label is represented, agreement terminates;If successful match, server calculates
The value of S2, symmetrical secret key K.Message S2 is sent to label by reader, secret key K is as symmetrical secret after certification success
Key.
Tab end receives message, according to formula certificate server, if certification success, two-way authentication terminate.Label with
Server completes follow-up communication process using the symmetrical secret key encryption consulted.Otherwise, authentication failed terminates authentication procedure.
The more new stage:
After label is activated, certification message is sent, and use the secret Nt of NLAES algorithms update label.
After the success of server authentication label, verify IDSold==IDS, then update IDSnew=IDSnew ';Verification
IDSnew==IDS then updates IDSold=IDSnew, IDSnew=IDSnew '.
Tab end receives the two-way authentication message of server end, after the success of label Verification server end, updates IDS=
IDSnew。
By the operation of above-mentioned steps, realize the two-way authentication of RFID label tag and reader, by the label of verification and
Reader carries out subsequent communications using symmetrical secret key K.
Setting manufacture parameter, in particular to RFID system in the method choose suitable elliptic curve parameter, setting
The IDS values of label and the initial value of Nt;And typing back-end server.
Message Pr calculation formula in the method are Pr=Nr*G;The basic point of elliptic curve selected by wherein G expressions.
Message Pt calculation formula in the method are Pt=Nt*G, S1=Nt*Pr+InFo, and wherein InFo represents label
With the classified information of server, setting value is IDS^ID herein.
IDSnew in the method, symmetrical secret key K, message C2 calculation formula be:IDSnew=((IDSold&Pt) |
((~ID) &Pr))), C2=ROT (Nr*Pt, C1), S2=C2+IDSnew, K=C2;Wherein nonlinear function ROT (x, y) is fixed
Justice is:, N is parameter length, and the value of C1 is the Hamming code weight of Pt^Pr.
The method at tab end authentication server end is in the method:Tab end decrypts IDS '=S2-C2 ', C2 '=ROT
(Nt*Pr, C1), the value of C1 are the Hamming code weight of Pt^Pr, IDSnew=(IDS&Pt) | ((~ID) &Pr))), verify equation
Whether IDS '==IDSnew is true, if be proved to be successful, smart-tag authentication server passes through;Symmetrical secret key K=C2 '.
The update method of label secret is Nt=NLAES (Nt, C3) in the method, and wherein C3 represents the Hamming code weight of Pt
Weight;F (x, y)=ROT (x&y, C4) in NLAES algorithms, C4 represent the Hamming code weight of (~x) ^y results, in NLAES algorithms
RL, RR represent the left-right parts of constant R respectively, and Tempi represents the intermediate variable that algorithm calculates, and i represents positive integer;The knot of algorithm
Fruit is Temp3 as the combined result of left-half, Temp4 as right half part.
By the operation of above-mentioned steps, the two-way authentication of label and reader is realized, the label being proved to be successful and reading
Device can carry out subsequent communications.
Symbol description:
Step-by-step or operation |
Step-by-step and operation &
Step-by-step negate operation~
Step-by-step xor operator ^
Logical multiplication operates *
Logical addition operation+
NLAES(x,y):Nonlinear function, wherein x, y are the suction parameters of function;
PER(x,y):Nonlinear function, wherein x, y are the suction parameters of function.
A kind of RFID bidirectional identity authentications system and method based on ECC provided above the embodiment of the present invention carries out
It is discussed in detail, specific case used herein is expounded the principle of the present invention and embodiment, above example
Explanation be merely used to help understand the present invention method and its core concept;Meanwhile for those of ordinary skill in the art,
Thought according to the present invention, there will be changes in specific embodiments and applications, in conclusion in this specification
Appearance should not be construed as limiting the invention.
Claims (7)
1. a kind of RFID bidirectional identity authentication system and methods based on ECC, including:Certification initial phase, two-way authentication rank
Section, certification more new stage, wherein:
a1:Certification initial phase:Reader and label setting manufacture parameter;Randomizer in reader generates random
Number Nr;Calculate message Pr;Then broadcast the message (Query | | Pr);
a2:The two-way authentication stage:After label is activated, the message of reader is received, uses message Pr combination tag private datas
Calculate message Pt, S1;And send IDS | | Pt | | S1 to reader;Reader forwards new information IDS again | | Pr | | S1 | | Pt | | Nr
To server;After server receives message, can the IDS data that first check for storing from the background match the IDS data in message;
If Data Matching does not succeed, the failure of server authentication label is represented, agreement terminates;Such as successful match, server calculates S2, right
Claim the value of secret key K.Message S2 is sent to label by reader, secret key K is as the symmetrical secret key after certification success;Label
End receives message, according to formula certificate server, if certification success, two-way authentication terminate.Label uses association with server
Follow-up communication process is completed in the good symmetrical secret key encryption of quotient;Otherwise, authentication failed terminates authentication procedure;
a3:The more new stage:After label is activated, certification message is sent, and use the secret Nt of NLAES algorithms update label;
After the success of server authentication label, verify IDSold==IDS, then update IDSnew=IDSnew ';Verify IDSnew
==IDS then updates IDSold=IDSnew, IDSnew=IDSnew ';The two-way authentication that tab end receives server end disappears
Breath after the success of label Verification server end, updates IDS=IDSnew.
2. a kind of RFID bidirectional identity authentication system and methods based on ECC according to claim 1, wherein the method
In the method in setting manufacture parameter, in particular to RFID system choose suitable elliptic curve parameter, label is set
IDS values and Nt initial value;And typing back-end server.
3. a kind of RFID bidirectional identity authentication system and methods based on ECC according to claim 1, disappear in the method
It is Pr=Nr*G to cease Pr calculation formula;The basic point of elliptic curve selected by wherein G expressions.
4. a kind of RFID bidirectional identity authentication system and methods based on ECC according to claim 1, disappear in the method
It is Pt=Nt*G, S1=Nt*Pr+InFo to cease Pt calculation formula, and wherein InFo represents the classified information of label and server.
5. a kind of RFID bidirectional identity authentication system and methods based on ECC according to claim 1, in the method
IDSnew, symmetrical secret key K, message C2 calculation formula be:IDSnew=((IDSold&Pt) | ((~ID) &Pr))), C2=
ROT (Nr*Pt, C1), S2=C2+IDSnew, K=C2;Wherein nonlinear function ROT (x, y) is defined as:, N is parameter length,
The value of C1 is the Hamming code weight of Pt^Pr.
6. a kind of RFID bidirectional identity authentication system and methods based on ECC according to claim 1, the method acceptance of the bid
Label end authentication server end method be:Tab end decrypts IDS '=S2-C2 ', and the value of C2 '=ROT (Nt*Pr, C1), C1 are Pt
The Hamming code weight of ^Pr, IDSnew=(IDS&Pt) | ((~ID) &Pr))), verification equation IDS '==IDSnew whether into
Vertical, if be proved to be successful, smart-tag authentication server passes through;Symmetrical secret key K=C2 '.
7. a kind of RFID bidirectional identity authentication system and methods based on ECC according to claim 1, label is secret more
New method is Nt=NLAES (Nt, C3), and wherein C3 represents the Hamming code weight of Pt, F (x, y)=ROT (x& in NLAES algorithms
Y, C4), C4 represents the Hamming code weight of (~x) ^y results.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201611198185.7A CN108229602A (en) | 2016-12-22 | 2016-12-22 | A kind of RFID bidirectional identity authentication system and methods based on ECC |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201611198185.7A CN108229602A (en) | 2016-12-22 | 2016-12-22 | A kind of RFID bidirectional identity authentication system and methods based on ECC |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN108229602A true CN108229602A (en) | 2018-06-29 |
Family
ID=62656128
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201611198185.7A Pending CN108229602A (en) | 2016-12-22 | 2016-12-22 | A kind of RFID bidirectional identity authentication system and methods based on ECC |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108229602A (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20100316220A1 (en) * | 2009-06-10 | 2010-12-16 | Samsung Electronics Co., Ltd. | Radio frequency identification system and authentication method thereof |
| CN103699920A (en) * | 2014-01-14 | 2014-04-02 | 西安电子科技大学昆山创新研究院 | Radio frequency identification two-way authentication method based on ellipse curve |
| CN103905202A (en) * | 2014-03-28 | 2014-07-02 | 广东工业大学 | RFID lightweight class bidirectional authentication method based on PUF |
| CN106209768A (en) * | 2016-06-20 | 2016-12-07 | 广东工业大学 | A kind of extendible RFID mutual authentication method |
-
2016
- 2016-12-22 CN CN201611198185.7A patent/CN108229602A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20100316220A1 (en) * | 2009-06-10 | 2010-12-16 | Samsung Electronics Co., Ltd. | Radio frequency identification system and authentication method thereof |
| CN103699920A (en) * | 2014-01-14 | 2014-04-02 | 西安电子科技大学昆山创新研究院 | Radio frequency identification two-way authentication method based on ellipse curve |
| CN103905202A (en) * | 2014-03-28 | 2014-07-02 | 广东工业大学 | RFID lightweight class bidirectional authentication method based on PUF |
| CN106209768A (en) * | 2016-06-20 | 2016-12-07 | 广东工业大学 | A kind of extendible RFID mutual authentication method |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11171785B2 (en) | Authentication method and system | |
| CN104579694B (en) | A kind of identity identifying method and system | |
| JP4550736B2 (en) | Secure communication | |
| CN104754581B (en) | A kind of safety certifying method of the LTE wireless networks based on public-key cryptosystem | |
| CN103699920B (en) | RF identification mutual authentication method based on elliptic curve | |
| JP6417036B2 (en) | Entity authentication method and apparatus based on pre-shared key | |
| CN105528695B (en) | Mobile payment method and mobile payment system based on marks | |
| US20080095360A1 (en) | Signature System and Signature Method | |
| CN104112106B (en) | A kind of RFID light-weight authentication method unclonable based on physics | |
| CN105391554B (en) | A kind of method and system for realizing fingerprint matching using ciphertext | |
| CN108304902B (en) | Ultra-lightweight mobile RFID system bidirectional authentication method | |
| CN110381055B (en) | RFID system privacy protection authentication protocol method in medical supply chain | |
| CN111630810B (en) | Key exchange device, key exchange system, key exchange method, and recording medium | |
| Doss et al. | A minimum disclosure approach to authentication and privacy in RFID systems | |
| CN107809311A (en) | The method and system that a kind of unsymmetrical key based on mark is signed and issued | |
| CN106845304A (en) | A kind of method and system for realizing reader and smart-tag authentication in rfid system | |
| US10389702B2 (en) | Entity authentication method and device with Elliptic Curve Diffie Hellman (ECDH) key exchange capability | |
| CN102970676A (en) | Method for processing original data, internet of thing system and terminal | |
| CN109688131A (en) | A kind of data transmission method, device and system | |
| Picazo-Sanchez et al. | Two RFID Standard-based Security protocols for healthcare environments | |
| Niu et al. | A novel user authentication scheme with anonymity for wireless communications | |
| TWI786039B (en) | Offline payment method, terminal equipment, backstage payment device and offline payment system | |
| CN105847009A (en) | RFID bidirectional authentication method meeting requirement on backward security | |
| CN114666040B (en) | Radio frequency identification authentication system and method based on quantum cryptography network | |
| CN103313244A (en) | Authentication method and device based on generic bootstrapping architecture (GBA) |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20180629 |
|
| WD01 | Invention patent application deemed withdrawn after publication |