CN113312651B - Interactive authentication method, device, equipment and computer readable storage medium - Google Patents

Interactive authentication method, device, equipment and computer readable storage medium Download PDF

Info

Publication number
CN113312651B
CN113312651B CN202110707092.7A CN202110707092A CN113312651B CN 113312651 B CN113312651 B CN 113312651B CN 202110707092 A CN202110707092 A CN 202110707092A CN 113312651 B CN113312651 B CN 113312651B
Authority
CN
China
Prior art keywords
tag
random number
key
reader
operation result
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110707092.7A
Other languages
Chinese (zh)
Other versions
CN113312651A (en
Inventor
申思涵
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Agricultural Bank of China
Original Assignee
Agricultural Bank of China
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Agricultural Bank of China filed Critical Agricultural Bank of China
Priority to CN202110707092.7A priority Critical patent/CN113312651B/en
Publication of CN113312651A publication Critical patent/CN113312651A/en
Application granted granted Critical
Publication of CN113312651B publication Critical patent/CN113312651B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Bioethics (AREA)
  • Databases & Information Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The application provides an interactive authentication method, an interactive authentication device, equipment and a computer readable storage medium, wherein the method comprises the following steps: receiving a query request sent by a reader-writer, obtaining a first tag ID and a key of the first tag based on a Schnorr signature algorithm, sending the first tag ID and the key to the reader-writer as information to be authenticated, receiving a second random number obtained by the reader-writer through physical unclonable function operation, combining the tag ID and the first random number, obtaining a first operation result based on the Schnorr signature algorithm, and finally sending the first operation result to the reader-writer so that the reader-writer authenticates the tag based on the first operation result and the second operation result. According to the method, the information to be authenticated is subjected to operation of the physical unclonable function and then is communicated, and the Schnorr signature algorithm is combined with the hash function, so that the information to be authenticated can be encrypted and hidden, the calculation complexity is increased, and the safety is improved.

Description

Interactive authentication method, device, equipment and computer readable storage medium
Technical Field
The present application relates to the field of computer security technologies, and in particular, to an interactive authentication method, apparatus, device, and computer readable storage medium.
Background
With the development of the internet of things, the application of the radio frequency identification technology in daily life is becoming wider and wider. The radio frequency identification technology is an automatic identification technology, and can identify a specific tag and read and write related data by carrying out information transmission through a communication channel built by radio signals. In the radio frequency identification technology, information is transmitted through a communication channel, so that safety authentication is required in the communication process, and the information safety is ensured.
At present, a common security authentication method is that after a tag receives a query request sent by a reader-writer, tag information is encrypted by introducing a random number and performing hash operation, the encrypted information is sent to the reader-writer, and the reader-writer compares and authenticates the encrypted information with information obtained from a database.
However, in the authentication method, when the tag information is transmitted through the channel, the tag information may be subjected to malicious attack, so that the information received by the reader-writer is wrong, and in addition, the encryption method is easy to crack, so that the tag information is stolen, and the security is not high, so that how to realize the interaction authentication with higher security is a problem to be solved.
Disclosure of Invention
The application provides an interactive authentication method, an interactive authentication device, interactive authentication equipment and a computer readable storage medium, which are used for realizing interactive authentication with higher security.
In a first aspect, an embodiment of the present application provides an interactive authentication method, applied to a tag, including:
receiving a query request sent by a reader-writer;
Obtaining a first tag ID and a first tag key based on a Schnorr signature algorithm according to the locally stored tag ID, the first random number and the tag key; the key of the tag is obtained by carrying out hash operation on the locally stored tag ID; the first random number comprises a large prime number and a positive integer;
Sending information to be authenticated to the reader-writer, wherein the information to be authenticated comprises the first tag ID and a key of the first tag, so that the reader-writer obtains a second random number through physical unclonable function operation based on the first tag ID, the key of the first tag and the locally stored reader-writer ID after connection operation;
Receiving a second random number sent by the reader-writer, and obtaining a first operation result based on the Schnorr signature algorithm according to the second random number, the tag ID and the first random number;
And sending the first operation result to the reader-writer so that the reader-writer authenticates the tag based on the first operation result and a second operation result, wherein the second operation result is obtained by the reader-writer according to the first tag ID, the key of the first tag, the large prime number in the first random number and the second random number and based on a Schnorr signature algorithm.
Further, the method as described above, wherein the obtaining the first tag ID and the key of the first tag based on the Schnorr signature algorithm according to the locally stored tag ID and the first random number and the key of the tag includes:
Obtaining the first tag ID through Schnorr encryption operation according to the locally stored tag ID and the first random number;
and obtaining the key of the first tag through encryption operation according to the key of the tag and the first random number.
Further, the method as described above, wherein the obtaining a first operation result based on the Schnorr signature algorithm according to the second random number, the tag ID and the first random number includes:
obtaining an intermediate number through the Schnorr encryption operation according to the second random number, the tag ID, the key of the tag and the large prime number in the first random number;
And carrying out exponential operation on the positive integer in the first random number according to the intermediate number to obtain the first operation result.
Further, in the method as described above, before receiving the query request sent by the reader, the method further includes:
And generating and disclosing the first random number so that the reader-writer acquires the big prime number in the first random number.
In a second aspect, an embodiment of the present application provides an interactive authentication method, applied to a reader, including:
Sending a query request to the tag;
Receiving information to be authenticated sent by the tag, wherein the information to be authenticated comprises a first tag ID and a key of the first tag, so that the reader-writer authenticates based on the information to be authenticated; the first tag ID and the key of the first tag are obtained by the tag according to the locally stored tag ID and first random number and the key of the tag based on a Schnorr signature algorithm; the key of the tag is obtained after hash operation is carried out on the locally stored tag ID; the first random number comprises a large prime number and a positive integer;
Obtaining a second random number through physical unclonable function operation based on the first tag ID, the key of the first tag and the locally stored reader-writer ID after connection operation;
transmitting the second random number to the tag so that the tag obtains a first operation result based on the Schnorr signature algorithm according to the second random number, the tag ID, the key of the tag and the first random number;
Obtaining a second operation result based on a Schnorr signature algorithm according to the first tag ID, the key of the first tag, the large prime number in the first random number and the second random number;
And receiving the first operation result sent by the tag, and authenticating the tag according to the first operation result and the second operation result to obtain an authentication result.
Further, as described above, the method, according to the first tag ID, the key of the first tag, the large prime number in the first random number, and the second random number, obtains a second operation result based on the Schnorr signature algorithm, including:
and obtaining a second operation result through Schnorr encryption operation according to the first tag ID, the key of the first tag, the big prime number in the first random number and the second random number.
Further, the method as described above, before the sending the query request to the tag, further includes:
and acquiring a big prime number in the first random number disclosed by the tag.
Further, according to the method described above, the authenticating the tag according to the first operation result and the second operation result, to obtain an authentication result, includes:
comparing the first operation result with the second operation result;
If the first operation result is equal to the second operation result, the authentication is successful;
if the first operation result is not equal to the second operation result, authentication fails.
In a third aspect, an embodiment of the present application provides an interactive authentication device, applied to a tag, including:
The first receiving module is used for receiving a query request sent by the reader-writer;
the first calculation module is used for obtaining a first tag ID and a first tag key based on a Schnorr signature algorithm according to the locally stored tag ID, the first random number and the tag key; the key of the tag is obtained by carrying out hash operation on the locally stored tag ID; the first random number comprises a large prime number and a positive integer;
The first sending module is used for sending information to be authenticated to the reader-writer, wherein the information to be authenticated comprises the first tag ID and a key of the first tag, so that the reader-writer obtains a second random number through physical unclonable function operation based on the first tag ID, the key of the first tag and the locally stored reader-writer ID after connection operation;
The first receiving module is further configured to receive a second random number sent by the reader, and obtain a first operation result based on the Schnorr signature algorithm according to the second random number, the tag ID, and the first random number;
The first sending module is further configured to send the first operation result to the reader-writer, so that the reader-writer authenticates the tag based on the first operation result and a second operation result, where the second operation result is obtained by the reader-writer according to the first tag ID, the key of the first tag, the large prime number in the first random number, and the second random number, and based on a Schnorr signature algorithm.
In a fourth aspect, an embodiment of the present application provides an interactive authentication device, which is applied to a reader/writer, including:
the second sending module is used for sending a query request to the tag;
The second receiving module is used for receiving information to be authenticated sent by the tag, wherein the information to be authenticated comprises a first tag ID and a key of the first tag, so that the reader-writer authenticates based on the information to be authenticated; the first tag ID and the key of the first tag are obtained by the tag according to the locally stored tag ID and first random number and the key of the tag based on a Schnorr signature algorithm; the key of the tag is obtained after hash operation is carried out on the locally stored tag ID; the first random number comprises a large prime number and a positive integer;
The second calculation module is used for obtaining a second random number through physical unclonable function operation based on the first tag ID, the secret key of the first tag and the locally stored reader-writer ID after connection operation;
the second sending module is further configured to send the second random number to the tag, so that the tag obtains a first operation result based on the Schnorr signature algorithm according to the second random number, the tag ID, and the first random number;
The second calculation module is further configured to obtain a second calculation result based on a Schnorr signature algorithm according to the first tag ID, the key of the first tag, the large prime number in the first random number, and the second random number;
The second receiving module is further configured to receive the first operation result sent by the tag, and authenticate the tag according to the first operation result and the second operation result, so as to obtain an authentication result.
In a fifth aspect, an embodiment of the present application provides a tag, including: a memory, a processor, and a transceiver;
the memory is configured to store the processor-executable instructions;
wherein the processor is configured to invoke the program instructions in the memory to perform the interactive authentication method according to the first aspect;
the transceiver is configured to receive and transmit information in the interactive authentication method according to the first aspect.
In a sixth aspect, an embodiment of the present application provides a reader/writer, including: a memory, a processor, and a transceiver;
the memory is configured to store the processor-executable instructions;
Wherein the processor is configured to invoke the program instructions in the memory to perform the interactive authentication method according to the second aspect;
The transceiver is configured to receive and transmit information in the interactive authentication method according to the second aspect.
In a seventh aspect, an embodiment of the present application provides a computer-readable storage medium having stored therein computer-executable instructions, which when executed by a processor, are configured to implement the interactive authentication method according to the first aspect.
In an eighth aspect, embodiments of the present application provide a computer-readable storage medium having stored therein computer-executable instructions, which when executed by a processor, are configured to implement the interactive authentication method according to the second aspect.
In a ninth aspect, an embodiment of the present application provides a computer program product comprising a computer program which, when executed by a processor, implements the interactive authentication method according to the first aspect.
In a tenth aspect, embodiments of the present application provide a computer program product comprising a computer program which, when executed by a processor, implements the interactive authentication method according to the second aspect.
The application provides an interactive authentication method, a device, equipment and a computer readable storage medium, wherein a tag obtains information to be authenticated comprising a first tag ID and a key of the first tag based on the tag ID, the first random number and the key of the tag according to a query request of a reader-writer, the reader-writer obtains a second random number through physical unclonable function operation based on the information to be authenticated and the locally stored reader-writer ID, the tag obtains a first operation result according to the second random number, the tag ID and the first random number, and the reader-writer calculates the obtained second operation result based on the first operation result and according to the first tag ID, the key of the first tag, the big prime number in the first random number and the second random number, and authenticates the tag. That is, the application introduces the information to be authenticated, and performs the information interaction after the operation of the physical unclonable function, and the security of the information to be authenticated in the channel transmission process can be ensured because the physical unclonable function has unclonability, unpredictability and tamper resistance. In addition, in the application, the Schnorr signature algorithm is combined with the hash function, so that the information to be authenticated can be encrypted and hidden, the calculation complexity is increased, the information can be effectively prevented from being stolen, and the safety is improved.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the application and together with the description, serve to explain the principles of the application.
Fig. 1 is a schematic diagram of an application scenario provided by the present application;
FIG. 2 is a flow chart of an interactive authentication method provided by the application;
FIG. 3 is a flow chart of an interactive authentication method provided by the application;
FIG. 4 is a schematic diagram of a label according to the present application;
FIG. 5 is a schematic diagram of a reader-writer according to the present application;
FIG. 6 is a schematic diagram of the structure of a label of the present application;
Fig. 7 is a schematic structural diagram of a reader/writer according to the present application.
Specific embodiments of the present application have been shown by way of the above drawings and will be described in more detail below. The drawings and the written description are not intended to limit the scope of the inventive concepts in any way, but rather to illustrate the inventive concepts to those skilled in the art by reference to the specific embodiments.
Detailed Description
Reference will now be made in detail to exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, the same numbers in different drawings refer to the same or similar elements, unless otherwise indicated. The implementations described in the following exemplary examples do not represent all implementations consistent with the application. Rather, they are merely examples of apparatus and methods consistent with aspects of the application as detailed in the accompanying claims.
With the innovation and development of technology, the development of radio frequency identification technology is more and more mature. The security issues of radio frequency identification technology have been the focus of research. In the prior art, the tag information is generally encrypted by introducing a random number and performing hash operation, and the encrypted information is sent to a reader-writer, which compares and authenticates the encrypted information with information obtained from a database.
However, when the security authentication is performed by the method, the tag information may be attacked maliciously when the tag information is transmitted through the channel, so that the tag information is tampered, and the information received by the reader-writer is wrong.
The application provides an interactive authentication method, an interactive authentication device, interactive authentication equipment and a computer readable storage medium, which aim to solve the technical problems in the prior art.
The following describes the technical scheme of the present application and how the technical scheme of the present application solves the above technical problems in detail with specific embodiments. The following embodiments may be combined with each other, and the same or similar concepts or processes may not be described in detail in some embodiments. Embodiments of the present application will be described below with reference to the accompanying drawings.
Fig. 1 is a schematic diagram of an application scenario provided by the present application, as shown in fig. 1, where the application scenario shown in fig. 1 may specifically include a tag 1 and a reader 2.
In practical application, when the reader-writer 2 wants to read information in the tag 1 within the radio frequency range, the interactive authentication method provided by the application can be adopted to authenticate the tag 1, if authentication is successful, communication is continued, the reader-writer 2 can continue to read information in the tag 1, if authentication is failed, communication is interrupted, and the reader-writer 2 cannot continue to read information in the tag 1.
In practical application, when the tag and the reader-writer carry out information interaction, the tag is used as an information owner to have secret information, and when the information is transmitted, people do not wish to leak the secret information, and the reader-writer is used as an information verifier to complete a series of information interaction with the tag on the premise of unknown secret information owned by the tag. Specifically, the tag 1 in the application locally stores own ID and has encryption operation capability, and the reader 2 locally stores own unique identification code RID and carries a physical unclonable circuit module, thereby having simple logic operation and physical unclonable operation capability.
Example 1
Fig. 2 is a flowchart of an interactive authentication method provided by the present application, as shown in fig. 2, the interactive authentication method provided by the present embodiment includes the following steps:
Step 101, receiving a query request sent by a reader-writer.
Step 102, obtaining a first tag ID and a first tag key based on a Schnorr signature algorithm according to the locally stored tag ID, the first random number and the tag key; the key of the tag is obtained by carrying out hash operation on the locally stored tag ID; the first random number includes a large prime number and a positive integer.
Step 103, sending information to be authenticated to the reader-writer, wherein the information to be authenticated comprises the first tag ID and a key of the first tag, so that the reader-writer obtains a second random number through physical unclonable function operation based on the first tag ID, the key of the first tag and the locally stored reader-writer ID after connection operation.
Step 104, receiving a second random number sent by the reader-writer, and obtaining a first operation result based on the Schnorr signature algorithm according to the second random number, the tag ID and the first random number.
And 105, sending the first operation result to the reader-writer so that the reader-writer authenticates the tag based on the first operation result and a second operation result, wherein the second operation result is obtained by the reader-writer according to the first tag ID, the key of the first tag, the large prime number in the first random number and the second random number and based on a Schnorr signature algorithm.
It should be noted that, the execution body of the interactive authentication method provided in this embodiment may be a tag. In practical applications, the tag may be implemented by a computer program, for example, application software, a computer program, or the like, or may be implemented by a medium storing a related computer program, for example, a usb disk, an optical disk, or the like; or may also be implemented by means of physical means, e.g. a chip or the like, incorporating or installing the relevant computer program.
In this embodiment, in order to ensure the security of the radio frequency identification, security authentication is required in the communication process. Specifically, the tag may first receive a query request sent by a reader within the radio frequency range. Next, in order to ensure information security, it is necessary to anonymously process identity information carried by the tag. Specifically, the tag may obtain the first tag ID and the key of the first tag, that is, the anonymous tag ID and the key of the tag, based on the Schnorr signature algorithm based on the locally stored tag ID and the first random number, and the key of the tag.
The key of the tag is obtained by carrying out hash operation on the locally stored tag ID, and the specific formula is as follows:
TID=h(ID)
Wherein T ID is the key of the tag, h () is a hash function, and ID is the tag ID stored locally.
Further, the first random number includes a large prime number and a positive integer.
Then, the tag may send the first tag ID and the key of the first tag to the reader as information to be authenticated, so that the reader obtains the second random number through physical unclonable function operation based on the first tag ID after the connection operation, the key of the first tag, and the locally stored reader ID.
It should be noted that, because the information to be authenticated which participates in the information exchange and is generated by the tag is anonymous, even if an attacker enters the communication channel, the private information actually carried by the tag cannot be obtained through the information to be authenticated.
Then, the tag can receive the second random number sent by the reader-writer, and obtain a first operation result based on the Schnorr signature algorithm according to the second random number, the tag ID and the first random number.
The first operation result is a calculation result for final authentication.
Finally, the tag may send the first operation result to the reader in order for the reader to authenticate the tag based on the first operation result and the second operation result.
It should be noted that, the second operation result is obtained by the reader-writer according to the first tag ID, the key of the first tag, the large prime number in the first random number, and the second random number, and calculated based on the Schnorr signature algorithm.
According to the interactive authentication method provided by the embodiment, a query request sent by a reader-writer is received, a first tag ID and a first random number are obtained through calculation based on a Schnorr signature algorithm according to a locally stored tag ID and a first random number, the first tag ID and the first tag key are sent to the reader-writer as information to be authenticated, a second random number obtained through physical unclonable function operation by the reader-writer based on the information to be authenticated and the locally stored reader ID is received, a first operation result is obtained through calculation by combining the tag ID and the first random number, and finally the first operation result is sent to the reader-writer so that the reader-writer can authenticate the tag based on the first operation result and the second operation result obtained through calculation according to the first tag ID, the first tag key, the large prime number in the first random number and the second random number. That is, in the embodiment of the present application, the information to be authenticated is introduced, and the information interaction is performed after the operation of the physical unclonable function is performed, and since the physical unclonable function has unclonability, unpredictability and tamper resistance, the security of the information to be authenticated in the channel transmission process can be ensured. In addition, in the embodiment of the application, the Schnorr signature algorithm is combined with the hash function, so that the information to be authenticated can be encrypted and hidden, the calculation complexity is increased, the information can be effectively prevented from being stolen, and the safety is improved.
On the basis of the first embodiment, in order to further describe the interactive authentication method of the present application, before step 101, the method further includes: and generating and disclosing the first random number so that the reader-writer acquires the big prime number in the first random number.
In practical application, in the initialization stage, in order to improve security, the tag first randomly generates and discloses a large prime number and a positive integer for participation in the operation in the authentication stage, that is, the shared secret value of the tag and the reader is the same initial value.
In this embodiment, the tag randomly generates a first random number prior to authentication in preparation for participation in the authentication process. Specifically, the tag may generate and disclose the first random number, so that the reader-writer may acquire a large prime number in the first random number and apply to a subsequent authentication process. In one example, the reader/writer in step 105 calculates and obtains the second operation result based on the Schnorr signature algorithm according to the first tag ID, the key of the first tag, the obtained large prime number, and the second random number. The subsequent reader-writer authenticates according to the first operation result and the calculated second operation result sent by the tag.
The interactive authentication method provided by the embodiment generates and discloses the first random number, prepares for the subsequent authentication process, and improves the security.
Example two
On the basis of the first embodiment, in order to further describe the interactive authentication method of the present application, in step 102, the obtaining, based on the Schnorr signature algorithm, the first tag ID and the first random number, and the key of the tag, includes: obtaining the first tag ID through Schnorr encryption operation according to the locally stored tag ID and the first random number; and obtaining the key of the first tag through Schnorr encryption operation according to the key of the tag and the first random number.
In this embodiment, to obtain the first tag ID, that is, the anonymous tag ID, the tag may obtain the first tag ID by Schnorr encryption operation according to the locally stored tag ID and the first random number, and in one example, the operation formula is:
ID'=gID(modp)
wherein, ID' is the first tag ID, g is the positive integer in the first random number, p is the big prime number in the first random number, ID is the tag ID stored locally, mod is the remainder operation.
In addition, in order to obtain the key of the first tag, that is, the key of the anonymous tag, the tag may obtain the key of the first tag through the Schnorr encryption operation according to the key of the tag and the first random number, where a specific formula is as follows:
Wherein T ID is the key of the first tag, g is the positive integer in the first random number, p is the large prime number in the first random number, T ID is the key of the tag, and mod is the remainder operation.
According to the interactive authentication method provided by the embodiment, the first tag ID and the key of the first tag are obtained through Schnorr encryption operation, so that the anonymity of the tag is realized, and the information security is improved.
On the basis of the first embodiment, the obtaining, based on the Schnorr signature algorithm, a first operation result according to the second random number, the tag ID, and the first random number includes: obtaining an intermediate number through the Schnorr encryption operation according to the second random number, the tag ID and the large prime number in the first random number; and carrying out exponential operation on the positive integer in the first random number according to the intermediate number to obtain the first operation result.
In one example, to obtain the first operation result for authentication, the tag may obtain an intermediate number according to the second random number, the tag ID, the key of the tag, and the large prime number in the first random number through Schnorr encryption operation, and then perform exponential operation on the positive integer in the first random number according to the intermediate number to obtain the first operation result, where the specific formula is as follows:
y=IDx+TID(modp-1)
z=gy
Wherein y is an intermediate number, x is a second random number, ID is a tag ID, T ID is a key of the tag, p is a large prime number in the first random number, z is a first operation result, and g is a positive integer in the first random number.
According to the interactive authentication method, the first operation result for authentication is obtained through Schnorr encryption operation, the calculation complexity is high, and the information safety is further guaranteed.
Example III
Fig. 3 is a flowchart of an interactive authentication method provided by the present application, as shown in fig. 3, the interactive authentication method provided by the present embodiment includes the following steps:
Step 201, a query request is sent to the tag.
Step 202, receiving information to be authenticated sent by the tag, wherein the information to be authenticated comprises a first tag ID and a key of the first tag, so that the reader-writer authenticates based on the information to be authenticated; the first tag ID and the key of the first tag are obtained by the tag according to the locally stored tag ID and first random number and the key of the tag based on a Schnorr signature algorithm; the key of the tag is obtained after hash operation is carried out on the locally stored tag ID; the first random number includes a large prime number and a positive integer.
Step 203, obtaining a second random number through a physical unclonable function operation based on the first tag ID, the key of the first tag and the locally stored reader-writer ID after the connection operation.
And 204, transmitting the second random number to the tag so that the tag obtains a first operation result based on the Schnorr signature algorithm according to the second random number, the tag ID and the first random number.
Step 205, obtaining a second operation result based on a Schnorr signature algorithm according to the first tag ID, the key of the first tag, the big prime number in the first random number, and the second random number.
Step 206, receiving the first operation result sent by the tag, and authenticating the tag according to the first operation result and the second operation result to obtain an authentication result.
It should be noted that, the execution body of the interactive authentication method provided in this embodiment may be a reader-writer. In practical applications, the reader/writer may be implemented by a computer program, for example, application software, a computer program, or the like, or may be implemented by a medium storing a related computer program, for example, a usb disk, an optical disk, or the like; or may also be implemented by means of physical means, e.g. a chip or the like, incorporating or installing the relevant computer program.
In this embodiment, in order to ensure the security of the radio frequency identification, security authentication is required in the communication process. Specifically, the reader may first send a query request to tags within the radio frequency range. Then, the reader-writer may receive information to be authenticated sent by the tag, so that authentication may be performed based on the information to be authenticated. Specifically, the information to be authenticated includes a first tag ID and a key of the first tag.
The first tag ID and the key of the first tag are obtained by the tag according to the locally stored tag ID and the first random number, and the key of the tag based on the Schnorr signature algorithm.
The key of the tag is obtained by carrying out hash operation on the locally stored tag ID.
Further, the first random number includes a large prime number and a positive integer.
Then, in order to ensure the security of the information to be authenticated at the time of channel transfer in the authentication process, a unique and non-reversibly reckonable second random number needs to be generated based on the information to be authenticated. Specifically, the reader-writer may obtain the second random number through a physical unclonable function operation based on the first tag ID after performing the connection operation, the key of the first tag, and the locally stored reader-writer ID, and the specific formula is as follows:
x=PUF(ID'||TID'||RID)
Where x is a second random number, PUF () is a physical unclonable function, ID' is a first tag ID, T ID is a key of the first tag, and RID is a locally stored reader ID.
Next, the reader/writer may transmit the second random number to the tag, so that the tag obtains a first operation result for final authentication based on the Schnorr signature algorithm according to the second random number, the tag ID, the key of the tag, and the first random number. Then, the reader-writer may obtain a second operation result based on the Schnorr signature algorithm according to the first tag ID, the key of the first tag, the large prime number in the first random number, and the second random number.
Finally, in order to authenticate the tag, the reader-writer may receive the first operation result sent by the tag, and authenticate the tag according to the first operation result and the second operation result, to obtain an authentication result. The specific authentication method is not limited in this embodiment.
According to the interactive authentication method provided by the embodiment, a query request is sent to the tag, information to be authenticated sent by the tag is received, then, based on the information to be authenticated, a second random number is obtained through physical unclonable function operation, the second random number is sent to the tag, the tag ID and the first random number are combined, and a first operation result is obtained based on a Schnorr signature algorithm. Meanwhile, according to the first tag ID, the key of the first tag, the large prime number in the first random number and the second random number, a second operation result is obtained based on the Schnorr signature algorithm. And finally, receiving a first operation result sent by the tag, and authenticating the tag according to the first operation result and the second operation result. That is, in the embodiment of the present application, the information to be authenticated is introduced, and the information interaction is performed after the operation of the physical unclonable function is performed, and since the physical unclonable function has unclonability, unpredictability and tamper resistance, the security of the information to be authenticated in the channel transmission process can be ensured. In addition, in the embodiment of the application, the Schnorr signature algorithm is combined with the hash function, so that the information to be authenticated can be encrypted and hidden, the calculation complexity is increased, the information can be effectively prevented from being stolen, and the safety is improved.
On the basis of the third embodiment, in order to further describe the interactive authentication method of the present application, before step 201, the method further includes: and acquiring a big prime number in the first random number disclosed by the tag.
In this embodiment, in order to improve the security of the authentication process, the reader-writer may acquire the large prime number in the first random number disclosed by the tag before authentication, so as to participate in the operation in the authentication process.
According to the interactive authentication method provided by the embodiment, the large prime number in the first random number disclosed by the label is acquired, preparation is made for a subsequent authentication process, and safety is improved.
Example IV
On the basis of the third embodiment, in order to further describe the interactive authentication method of the present application, step 205 includes: and obtaining a second operation result through Schnorr encryption operation according to the first tag ID, the key of the first tag, the big prime number in the first random number and the second random number.
In one example, to obtain the second operation result for authentication, the reader/writer may obtain the second operation result through the Schnorr encryption operation according to the first tag ID, the key of the first tag, the large prime number in the first random number, and the second random number, with the following specific formula:
z'=TID'xID'(modp)
Wherein z 'is a second operation result, T ID is a key of the first tag, x is a second random number, ID' is a first tag ID, and p is a prime number in the first random number.
According to the interactive authentication method, the second operation result for authentication is obtained through Schnorr encryption operation, the calculation complexity is high, and the information safety is further guaranteed.
Example five
In order to further describe the interactive authentication method according to the present application, in step 206, the authenticating the tag according to the first operation result and the second operation result includes:
Comparing the first operation result with the second operation result; if the first operation result is equal to the second operation result, the authentication is successful; if the first operation result is not equal to the second operation result, authentication fails.
In this embodiment, the reader-writer may authenticate the tag according to the first operation result and the second operation result. Specifically, the reader-writer can compare the first operation result with the second operation result, if the first operation result is equal to the second operation result, the tag is indicated not to suffer from malicious attack when information is transmitted, authentication is successful, and communication is continued. If the first operation result is not equal to the second operation result, the label is indicated to be possibly attacked or possibly attacked when the information is transmitted, and the system works in an unsafe state, so that authentication fails and communication is interrupted.
According to the interactive authentication method provided by the embodiment, the first operation result and the second operation result are compared, and the label is authenticated, so that security attack can be effectively avoided, malicious attackers are prevented from stealing or tampering information carried by the label, and information security is ensured.
Example six
Fig. 4 is a schematic structural diagram of a tag provided by the present application, and as shown in fig. 4, the tag provided in this embodiment includes: a first receiving module 41, a first calculating module 42 and a first transmitting module 43. The first receiving module 41 is configured to receive a query request sent by the reader/writer. A first calculation module 42, configured to obtain a first tag ID and a key of the first tag based on a Schnorr signature algorithm according to the locally stored tag ID and the first random number, and the key of the tag; the key of the tag is obtained by carrying out hash operation on the locally stored tag ID; the first random number includes a large prime number and a positive integer. A first sending module 43, configured to send information to be authenticated to the reader, where the information to be authenticated includes the first tag ID and a key of the first tag, so that the reader obtains a second random number through a physical unclonable function operation based on the first tag ID, the key of the first tag, and a locally stored reader ID after performing a connection operation. The first receiving module 41 is further configured to receive a second random number sent by the reader, and obtain a first operation result based on the Schnorr signature algorithm according to the second random number, the tag ID, and the first random number. The first sending module 43 is further configured to send the first operation result to the reader-writer, so that the reader-writer authenticates the tag based on the first operation result and a second operation result, where the second operation result is obtained by the reader-writer according to the first tag ID, the key of the first tag, the large prime number in the first random number, and the second random number, and based on a Schnorr signature algorithm.
The tag provided in this embodiment receives a query request sent by a reader-writer, obtains a first tag ID and a first tag key based on a Schnorr signature algorithm according to a locally stored tag ID and a first random number, and sends the first tag ID and the first tag key as information to be authenticated to the reader-writer, then receives a second random number obtained by a physical unclonable function operation based on the information to be authenticated and the locally stored reader-writer ID, combines the tag ID and the first random number, obtains a first operation result based on the Schnorr signature algorithm, and finally sends the first operation result to the reader-writer to enable the reader-writer to authenticate the tag based on the first operation result and a second operation result obtained by calculation based on the Schnorr signature algorithm according to the first tag ID, the first tag key, a large prime number in the first random number, and the second random number. That is, in the embodiment of the present application, the information to be authenticated, into which the first random number is introduced, is generated as an input of the physical unclonable function, and the physical unclonable function is operated and then enters into the communication. In addition, in the embodiment of the application, the Schnorr signature algorithm is combined with the hash function, so that the information to be authenticated can be encrypted and hidden, the calculation complexity is increased, the information can be effectively prevented from being stolen, and the safety is improved.
In an alternative embodiment, the first calculating module 42 is further configured to obtain the first tag ID through encryption operation according to the locally stored tag ID and the first random number. The first calculation module 42 is further configured to obtain the key of the first tag through encryption operation according to the key of the tag and the first random number.
In an alternative embodiment, the first calculating module 42 is further configured to obtain an intermediate number through the encryption operation according to the second random number, the tag ID, the key of the tag, and the prime number in the first random number. The first calculation module 42 is further configured to perform an exponential operation on the positive integer in the first random number according to the intermediate number, so as to obtain the first operation result.
In an alternative embodiment, the tag further comprises: and the generating module 44 is configured to generate and disclose the first random number, so that the reader obtains a prime number in the first random number.
It should be noted that, the technical solution and the effect of the label execution provided in the embodiment may be referred to the related content of the foregoing method embodiment, which is not described herein again.
Example seven
Fig. 5 is a schematic structural diagram of a reader-writer provided by the present application, as shown in fig. 5, the reader-writer provided in this embodiment includes: a second transmitting module 51, a second receiving module 52 and a second calculating module 53. The second sending module 51 is configured to send a query request to the tag. A second receiving module 52, configured to receive information to be authenticated sent by the tag, where the information to be authenticated includes a first tag ID and a key of the first tag, so that the reader-writer performs authentication based on the information to be authenticated; the first tag ID and the key of the first tag are obtained by the tag according to the locally stored tag ID and first random number and the key of the tag based on a Schnorr signature algorithm; the key of the tag is obtained after hash operation is carried out on the locally stored tag ID; the first random number includes a large prime number and a positive integer. A second calculation module 53, configured to obtain a second random number through a physical unclonable function operation based on the first tag ID, the key of the first tag, and the locally stored reader ID after performing the connection operation. The second sending module 51 is further configured to send the second random number to the tag, so that the tag obtains a first operation result based on the Schnorr signature algorithm according to the second random number, the tag ID, and the first random number. The second calculation module 53 is further configured to obtain a second calculation result based on a Schnorr signature algorithm according to the first tag ID, the key of the first tag, the prime number in the first random number, and the second random number. The second receiving module 52 is further configured to receive the first operation result sent by the tag, and authenticate the tag according to the first operation result and the second operation result, so as to obtain an authentication result.
In an alternative embodiment, the second calculating module 53 is further configured to obtain the second operation result through encryption operation according to the first tag ID, the key of the first tag, the large prime number in the first random number, and the second random number.
In an alternative embodiment, the reader/writer further includes: an obtaining module 54, configured to obtain a big prime number in the first random number disclosed by the tag.
In an alternative embodiment, the reader/writer further includes: a comparing module 55, configured to compare the first operation result with the second operation result; if the first operation result is equal to the second operation result, the authentication is successful; if the first operation result is not equal to the second operation result, authentication fails.
It should be noted that, the technical solution and the effect of the implementation of the reader-writer provided in this embodiment may refer to the related content of the foregoing method embodiment, which is not described herein again.
Example eight
Fig. 6 is a schematic structural diagram of a tag according to the present application, and as shown in fig. 6, the present application further provides a tag 600, including: a memory 601, a processor 602, and a transceiver 603.
A memory 601 for storing programs. In particular, the program may include program code comprising computer-executable instructions. The memory 601 may comprise a high-speed RAM memory or may further comprise a non-volatile memory (non-volatile memory), such as at least one disk memory.
A processor 602 for executing programs stored in the memory 601.
A transceiver 603 for receiving and transmitting information.
Wherein a computer program is stored in the memory 601 and configured to be executed by the processor 602 to implement the interactive authentication method provided in the first or second embodiment of the present application. The transceiver 603 is configured to receive and transmit information in the interactive authentication method provided in the first embodiment or the second embodiment of the present application. The related descriptions and effects corresponding to the steps in the drawings can be understood correspondingly, and are not repeated here.
In this embodiment, the memory 601, the processor 602, and the transceiver 603 are connected through a bus. The bus may be an industry standard architecture (Industry Standard Architecture, abbreviated ISA) bus, an external device interconnect (PERIPHERAL COMPONENT, abbreviated PCI) bus, or an extended industry standard architecture (Extended Industry Standard Architecture, abbreviated EISA) bus, among others. The buses may be classified as address buses, data buses, control buses, etc. For ease of illustration, only one thick line is shown in fig. 6, but not only one bus or one type of bus.
Example nine
Fig. 7 is a schematic structural diagram of a reader/writer according to the present application, and as shown in fig. 7, the present application further provides a reader/writer 700, including: memory 701, processor 702, and transceiver 703.
A memory 701 for storing a program. In particular, the program may include program code comprising computer-executable instructions. The memory 701 may include a high-speed RAM memory or may further include a non-volatile memory (non-volatile memory), such as at least one magnetic disk memory.
A processor 702 for executing the programs stored in the memory 701.
A transceiver 703 for receiving and transmitting information.
Wherein a computer program is stored in the memory 701 and configured to be executed by the processor 702 to implement the interactive authentication method provided in the third or fourth embodiment of the present application. The transceiver 703 is configured to receive and transmit information in the interactive authentication method provided in the third embodiment or the fourth embodiment of the present application. The related descriptions and effects corresponding to the steps in the drawings can be understood correspondingly, and are not repeated here.
In this embodiment, the memory 701, the processor 702 and the transceiver 703 are connected through a bus. The bus may be an industry standard architecture (Industry Standard Architecture, abbreviated ISA) bus, an external device interconnect (PERIPHERAL COMPONENT, abbreviated PCI) bus, or an extended industry standard architecture (Extended Industry Standard Architecture, abbreviated EISA) bus, among others. The buses may be classified as address buses, data buses, control buses, etc. For ease of illustration, only one thick line is shown in fig. 7, but not only one bus or one type of bus.
Examples ten
The embodiment of the application also provides a computer readable storage medium, on which a computer program is stored, the computer program being executed by a processor to implement the interactive authentication method provided in the first embodiment or the second embodiment of the application.
Example eleven
The embodiment of the application also provides a computer readable storage medium, on which a computer program is stored, the computer program being executed by a processor to implement the interactive authentication method provided in the third or fourth embodiment of the application.
Example twelve
The embodiment of the application also provides a computer program product, which comprises a computer program, wherein the computer program realizes the interactive authentication method provided by the first embodiment or the second embodiment of the application when being executed by a processor.
Example thirteen
The embodiment of the application also provides a computer program product, which comprises a computer program, wherein the computer program realizes the interactive authentication method according to the third embodiment or the fourth embodiment of the application when being executed by a processor.
In the several embodiments provided by the present application, it should be understood that the disclosed apparatus and method may be implemented in other manners. For example, the apparatus embodiments described above are merely illustrative, e.g., the division of modules is merely a logical function division, and there may be additional divisions of actual implementation, e.g., multiple modules or components may be combined or integrated into another system, or some features may be omitted, or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be an indirect coupling or communication connection via some interfaces, devices or modules, which may be in electrical, mechanical, or other forms.
The modules illustrated as separate components may or may not be physically separate, and components shown as modules may or may not be physical modules, i.e., may be located in one place, or may be distributed over a plurality of network modules. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional module in each embodiment of the present application may be integrated into one processing module, or each module may exist alone physically, or two or more modules may be integrated into one module. The integrated modules may be implemented in hardware or in hardware plus software functional modules.
Program code for carrying out methods of the present application may be written in any combination of one or more programming languages. These program code may be provided to a processor or controller of a general purpose computer, special purpose computer, or other programmable tag or reader such that the program code, when executed by the processor or controller, causes the functions/operations specified in the flowchart and/or block diagram to be implemented. The program code may execute entirely on the machine, partly on the machine, as a stand-alone software package, partly on the machine and partly on a remote machine or entirely on the remote machine or server.
In the context of the present application, a machine-readable medium may be a tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. The machine-readable medium may be a machine-readable signal medium or a machine-readable storage medium. The machine-readable medium may include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. More specific examples of a machine-readable storage medium would include an electrical connection based on one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
Moreover, although operations are depicted in a particular order, this should be understood as requiring that such operations be performed in the particular order shown or in sequential order, or that all illustrated operations be performed, to achieve desirable results. In certain circumstances, multitasking and parallel processing may be advantageous. Likewise, while several specific implementation details are included in the above discussion, these should not be construed as limiting the scope of the application. Certain features that are described in the context of separate embodiments can also be implemented in combination in a single implementation. Conversely, various features that are described in the context of a single implementation can also be implemented in multiple implementations separately or in any suitable subcombination.
Other embodiments of the application will be apparent to those skilled in the art from consideration of the specification and practice of the application disclosed herein. This application is intended to cover any variations, uses, or adaptations of the application following, in general, the principles of the application and including such departures from the present disclosure as come within known or customary practice within the art to which the application pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the application being indicated by the following claims.
It is to be understood that the application is not limited to the precise arrangements and instrumentalities shown in the drawings, which have been described above, and that various modifications and changes may be effected without departing from the scope thereof. The scope of the application is limited only by the appended claims.

Claims (11)

1. An interactive authentication method applied to a tag, comprising the following steps:
receiving a query request sent by a reader-writer;
Obtaining a first tag ID and a first tag key based on a Schnorr signature algorithm according to the locally stored tag ID, the first random number and the tag key; the key of the tag is obtained by carrying out hash operation on the locally stored tag ID; the first random number comprises a large prime number and a positive integer;
Sending information to be authenticated to the reader-writer, wherein the information to be authenticated comprises the first tag ID and a key of the first tag, so that the reader-writer obtains a second random number through physical unclonable function operation based on the first tag ID, the key of the first tag and the locally stored reader-writer ID after connection operation;
Receiving a second random number sent by the reader-writer, and obtaining a first operation result based on the Schnorr signature algorithm according to the second random number, the tag ID and the first random number;
the first operation result is sent to the reader-writer so that the reader-writer authenticates the tag based on the first operation result and a second operation result, wherein the second operation result is obtained by the reader-writer according to the first tag ID, the key of the first tag, the large prime number in the first random number and the second random number and is calculated based on a Schnorr signature algorithm;
The obtaining the first tag ID and the key of the first tag based on the Schnorr signature algorithm according to the locally stored tag ID and the first random number and the key of the tag comprises:
Obtaining the first tag ID through Schnorr encryption operation according to the locally stored tag ID and the first random number;
Obtaining the key of the first tag through Schnorr encryption operation according to the key of the tag and the first random number;
The obtaining a first operation result based on the Schnorr signature algorithm according to the second random number, the tag ID and the first random number, includes:
obtaining an intermediate number through the Schnorr encryption operation according to the second random number, the tag ID, the key of the tag and the large prime number in the first random number;
And carrying out exponential operation on the positive integer in the first random number according to the intermediate number to obtain the first operation result.
2. The method of claim 1, further comprising, prior to receiving the query request sent by the reader/writer:
And generating and disclosing the first random number so that the reader-writer acquires the big prime number in the first random number.
3. An interactive authentication method applied to a reader-writer is characterized by comprising the following steps:
Sending a query request to the tag so that the tag obtains a first tag ID and a first tag key based on a Schnorr signature algorithm according to the locally stored tag ID and the first random number and the tag key; wherein the obtaining the first tag ID and the key of the first tag based on the Schnorr signature algorithm based on the locally stored tag ID and the first random number and the key of the tag comprises: obtaining the first tag ID through Schnorr encryption operation according to the locally stored tag ID and the first random number; obtaining the key of the first tag through Schnorr encryption operation according to the key of the tag and the first random number;
Receiving information to be authenticated sent by the tag, wherein the information to be authenticated comprises a first tag ID and a key of the first tag, so that the reader-writer authenticates based on the information to be authenticated; the first tag ID and the key of the first tag are obtained by the tag according to the locally stored tag ID and first random number and the key of the tag based on a Schnorr signature algorithm; the key of the tag is obtained after hash operation is carried out on the locally stored tag ID; the first random number comprises a large prime number and a positive integer;
Obtaining a second random number through physical unclonable function operation based on the first tag ID, the key of the first tag and the locally stored reader-writer ID after connection operation;
Transmitting the second random number to the tag so that the tag obtains a first operation result based on the Schnorr signature algorithm according to the second random number, the tag ID, the key of the tag and the first random number; wherein, the obtaining a first operation result based on the Schnorr signature algorithm according to the second random number, the tag ID and the first random number includes: obtaining an intermediate number through the Schnorr encryption operation according to the second random number, the tag ID, the key of the tag and the large prime number in the first random number; according to the intermediate number, performing exponential operation on the positive integer in the first random number to obtain the first operation result;
Obtaining a second operation result based on a Schnorr signature algorithm according to the first tag ID, the key of the first tag, the large prime number in the first random number and the second random number;
Receiving the first operation result sent by the tag, and authenticating the tag according to the first operation result and the second operation result to obtain an authentication result;
the obtaining a second operation result based on the Schnorr signature algorithm according to the first tag ID, the key of the first tag, the big prime number in the first random number, and the second random number, includes:
and obtaining a second operation result through Schnorr encryption operation according to the first tag ID, the key of the first tag, the big prime number in the first random number and the second random number.
4. The method of claim 3, wherein prior to sending the query request to the tag, further comprising:
and acquiring a big prime number in the first random number disclosed by the tag.
5. The method of any of claims 1-2 or 3-4, wherein authenticating the tag based on the first operation result and the second operation result comprises:
comparing the first operation result with the second operation result;
If the first operation result is equal to the second operation result, the authentication is successful;
if the first operation result is not equal to the second operation result, authentication fails.
6. A tag, comprising:
The first receiving module is used for receiving a query request sent by the reader-writer;
the first calculation module is used for obtaining a first tag ID and a first tag key based on a Schnorr signature algorithm according to the locally stored tag ID, the first random number and the tag key; the key of the tag is obtained by carrying out hash operation on the locally stored tag ID; the first random number comprises a large prime number and a positive integer;
The first sending module is used for sending information to be authenticated to the reader-writer, wherein the information to be authenticated comprises the first tag ID and a key of the first tag, so that the reader-writer obtains a second random number through physical unclonable function operation based on the first tag ID, the key of the first tag and the locally stored reader-writer ID after connection operation;
The first receiving module is further configured to receive a second random number sent by the reader, and obtain a first operation result based on the Schnorr signature algorithm according to the second random number, the tag ID, and the first random number;
The first sending module is further configured to send the first operation result to the reader-writer, so that the reader-writer authenticates the tag based on the first operation result and a second operation result, where the second operation result is obtained by the reader-writer according to the first tag ID, the key of the first tag, the large prime number in the first random number, and the second random number, and is calculated based on a Schnorr signature algorithm;
the first computing module is specifically configured to obtain, according to the locally stored tag ID and the first random number, the first tag ID through a Schnorr encryption operation; obtaining the key of the first tag through Schnorr encryption operation according to the key of the tag and the first random number;
the first calculation module is specifically configured to obtain an intermediate number through the Schnorr encryption operation according to the second random number, the tag ID, the key of the tag, and the large prime number in the first random number; and carrying out exponential operation on the positive integer in the first random number according to the intermediate number to obtain the first operation result.
7. A reader/writer, characterized by comprising:
The second sending module is used for sending a query request to the tag so that the tag obtains the first tag ID and the key of the first tag based on a Schnorr signature algorithm according to the locally stored tag ID and the first random number and the key of the tag; wherein the obtaining the first tag ID and the key of the first tag based on the Schnorr signature algorithm based on the locally stored tag ID and the first random number and the key of the tag comprises: obtaining the first tag ID through Schnorr encryption operation according to the locally stored tag ID and the first random number; obtaining the key of the first tag through Schnorr encryption operation according to the key of the tag and the first random number;
The second receiving module is used for receiving information to be authenticated sent by the tag, wherein the information to be authenticated comprises a first tag ID and a key of the first tag, so that the reader-writer authenticates based on the information to be authenticated; the first tag ID and the key of the first tag are obtained by the tag according to the locally stored tag ID and first random number and the key of the tag based on a Schnorr signature algorithm; the key of the tag is obtained after hash operation is carried out on the locally stored tag ID; the first random number comprises a large prime number and a positive integer;
The second calculation module is used for obtaining a second random number through physical unclonable function operation based on the first tag ID, the secret key of the first tag and the locally stored reader-writer ID after connection operation;
The second sending module is further configured to send the second random number to the tag, so that the tag obtains a first operation result based on the Schnorr signature algorithm according to the second random number, the tag ID, and the first random number; wherein, the obtaining a first operation result based on the Schnorr signature algorithm according to the second random number, the tag ID and the first random number includes: obtaining an intermediate number through the Schnorr encryption operation according to the second random number, the tag ID, the key of the tag and the large prime number in the first random number; according to the intermediate number, performing exponential operation on the positive integer in the first random number to obtain the first operation result;
The second calculation module is further configured to obtain a second calculation result based on a Schnorr signature algorithm according to the first tag ID, the key of the first tag, the large prime number in the first random number, and the second random number;
The second receiving module is further configured to receive the first operation result sent by the tag, and authenticate the tag according to the first operation result and the second operation result to obtain an authentication result;
the second calculation module is specifically configured to obtain the second calculation result through a Schnorr encryption calculation according to the first tag ID, the key of the first tag, the large prime number in the first random number, and the second random number.
8. A tag, comprising: a memory, a processor, and a transceiver;
the memory is configured to store the processor-executable instructions;
Wherein the processor is configured to invoke program instructions in the memory to perform the interactive authentication method of any of claims 1-2;
The transceiver is configured to receive and transmit information in the interactive authentication method according to any one of claims 1-2.
9. A reader/writer, characterized by comprising: a memory, a processor, and a transceiver;
the memory is configured to store the processor-executable instructions;
wherein the processor is configured to invoke program instructions in the memory to perform the interactive authentication method of any of claims 3-5;
The transceiver is configured to receive and transmit information in the interactive authentication method according to any one of claims 3 to 5.
10. A computer readable storage medium having stored therein computer executable instructions which when executed by a processor are adapted to implement the interactive authentication method according to any of claims 1-2.
11. A computer readable storage medium having stored therein computer executable instructions which when executed by a processor are adapted to implement the interactive authentication method according to any of claims 3-5.
CN202110707092.7A 2021-06-24 2021-06-24 Interactive authentication method, device, equipment and computer readable storage medium Active CN113312651B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110707092.7A CN113312651B (en) 2021-06-24 2021-06-24 Interactive authentication method, device, equipment and computer readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110707092.7A CN113312651B (en) 2021-06-24 2021-06-24 Interactive authentication method, device, equipment and computer readable storage medium

Publications (2)

Publication Number Publication Date
CN113312651A CN113312651A (en) 2021-08-27
CN113312651B true CN113312651B (en) 2024-04-30

Family

ID=77380112

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110707092.7A Active CN113312651B (en) 2021-06-24 2021-06-24 Interactive authentication method, device, equipment and computer readable storage medium

Country Status (1)

Country Link
CN (1) CN113312651B (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6507656B1 (en) * 1999-01-27 2003-01-14 Lucent Technologies Inc. Non malleable encryption apparatus and method
KR20120010604A (en) * 2010-07-20 2012-02-06 충남대학교산학협력단 A random ID-based RFID Mutual authentication method for detecting impersonation attack against a back-end server and a reader
WO2015008910A1 (en) * 2013-07-19 2015-01-22 숭실대학교산학협력단 System for authenticating rfid tag
CN104363096A (en) * 2014-11-14 2015-02-18 电子科技大学 Anonymous untraceable RFID mutual authentication method
CN108632028A (en) * 2017-03-17 2018-10-09 夏桂根 Certification network

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
MXPA06010776A (en) * 2004-03-22 2006-12-15 Samsung Electronics Co Ltd Authentication between device and portable storage.

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6507656B1 (en) * 1999-01-27 2003-01-14 Lucent Technologies Inc. Non malleable encryption apparatus and method
KR20120010604A (en) * 2010-07-20 2012-02-06 충남대학교산학협력단 A random ID-based RFID Mutual authentication method for detecting impersonation attack against a back-end server and a reader
WO2015008910A1 (en) * 2013-07-19 2015-01-22 숭실대학교산학협력단 System for authenticating rfid tag
CN104363096A (en) * 2014-11-14 2015-02-18 电子科技大学 Anonymous untraceable RFID mutual authentication method
CN108632028A (en) * 2017-03-17 2018-10-09 夏桂根 Certification network

Also Published As

Publication number Publication date
CN113312651A (en) 2021-08-27

Similar Documents

Publication Publication Date Title
US10681025B2 (en) Systems and methods for securely managing biometric data
US10565357B2 (en) Method for securely transmitting a secret data to a user of a terminal
CN110692214B (en) Method and system for ownership verification using blockchain
US20160180072A1 (en) System and methods for authentication using multiple devices
CN111435396A (en) Intelligent safety master control
CN111161056A (en) Method, system and equipment for improving transaction security of digital assets
WO2023029384A1 (en) Card binding method, user terminal, server, system and storage medium
US20190258829A1 (en) Securely performing a sensitive operation using a non-secure terminal
CN115150072A (en) Cloud network issuing authentication method, equipment, device and storage medium
US8904508B2 (en) System and method for real time secure image based key generation using partial polygons assembled into a master composite image
CN113312651B (en) Interactive authentication method, device, equipment and computer readable storage medium
CN114697113B (en) Multiparty privacy calculation method, device and system based on hardware accelerator card
CN115550002A (en) TEE-based intelligent home remote control method and related device
CN115396087A (en) Identity authentication method, device, equipment and medium based on temporary identity certificate
KR20180048423A (en) Method for securing a transaction performed from a non-secure terminal
CN114282254A (en) Encryption and decryption method and device, and electronic equipment
KR20180048424A (en) Method for authenticating a user by means of a non-secure terminal
EP3319068A1 (en) Method for securely transmitting a secret data to a user of a terminal
EP3319001A1 (en) Method for securely transmitting a secret data to a user of a terminal
CN114567425B (en) Internet of things communication method and system, soC Sim and Internet of things terminal
EP3319269A1 (en) Method for securely performing a sensitive operation using a non-secure terminal
CN114844646A (en) Authentication method and device between devices and electronic device
CN115396086A (en) Identity authentication method, device, equipment and storage medium
CN115396085A (en) Negotiation authentication method and device based on biological characteristics and third secret key

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant