TWI504222B - Authentication method - Google Patents

Authentication method Download PDF

Info

Publication number
TWI504222B
TWI504222B TW102129302A TW102129302A TWI504222B TW I504222 B TWI504222 B TW I504222B TW 102129302 A TW102129302 A TW 102129302A TW 102129302 A TW102129302 A TW 102129302A TW I504222 B TWI504222 B TW I504222B
Authority
TW
Taiwan
Prior art keywords
authentication
candidate
server
key
client device
Prior art date
Application number
TW102129302A
Other languages
Chinese (zh)
Other versions
TW201507429A (en
Original Assignee
Univ Nat Chi Nan
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Univ Nat Chi Nan filed Critical Univ Nat Chi Nan
Priority to TW102129302A priority Critical patent/TWI504222B/en
Publication of TW201507429A publication Critical patent/TW201507429A/en
Application granted granted Critical
Publication of TWI504222B publication Critical patent/TWI504222B/en

Links

Landscapes

  • Storage Device Security (AREA)

Description

認證方法Authentication method

本發明是有關於一種認證(authentication)技術,特別是指一種適用於多伺服器環境下輕量(lightweight)無線射頻識別(Radio Frequency Identification,簡稱RFID)認證協定,且具有不可追蹤性(un-traceability)及向前安全(forward secrecy)之匿名性認證方法。The invention relates to an authentication technology, in particular to a lightweight radio frequency identification (RFID) authentication protocol suitable for multi-server environments, and has non-traceability (un- Traceability) and forwarding security (forward secrecy).

近年來由於RFID的蓬勃發展,使得RFID的應用領域更加廣泛,主要應用領域為身分辨識、大眾運輸票據、庫存盤點、物流供應鏈管理等;隨著RFID技術的不斷進步,如何利用RFID達到創新應用來改善人們的生活,也一直是此一領域主要的研究課題。可是,一旦RFID系統應用在個人的身分辨識時,例如保全系統門禁管制、電子門票系統、醫療病歷管理、病患識別、病患接觸史追蹤等,未經授權的讀取器可能非法存取電子標籤資料,這將侵犯到使用者的隱私權;然而,針對避免攻擊者從中獲取使用者的相關資料(位置、隱私等)或者破壞電子標籤的有效性,目前已有許多相關的研究,來強化RFID電子標籤以及RFID讀取器之間之認證。In recent years, due to the booming development of RFID, RFID has become more widely used. The main application areas are identity identification, mass transit bills, inventory counting, logistics supply chain management, etc. With the continuous advancement of RFID technology, how to use RFID to achieve innovative applications. To improve people's lives has also been a major research topic in this field. However, once the RFID system is applied to personal identification, such as security system access control, electronic ticket system, medical record management, patient identification, patient contact history tracking, etc., unauthorized readers may illegally access electronic devices. Label information, which will infringe on the user's privacy rights; however, there are many related studies to prevent attackers from obtaining user-related information (location, privacy, etc.) or destroying the effectiveness of electronic tags. Authentication between RFID electronic tags and RFID readers.

一種習知的RFID認證方法,如台灣專利 I398153所揭露之一種認證方法、認證系統及電子標籤,係基於錯誤更正碼(Error Correction Code,簡稱ECC)技術。該習知方法實現於一包含至少一用戶端裝置及一伺服端裝置的認證系統,其可以在通訊時達到RFID電子標籤之匿名性(anonymity)及不可追蹤性,不過在該習知方法中,當RFID電子標籤在多個伺服器之間漫遊時無法具備向前安全性,且該習知方法所能支援的RFID電子標籤有限,並不適用於實現在需要大量的RFID電子標籤之認證系統中。A conventional RFID authentication method, such as a Taiwan patent One of the authentication methods, authentication systems, and electronic tags disclosed in I398153 is based on the Error Correction Code (ECC) technology. The conventional method is implemented in an authentication system including at least one client device and a server device, which can achieve the anonymity and non-traceability of the RFID tag during communication, but in the conventional method, When RFID tags roam between multiple servers, there is no forward security, and the RFID tags supported by the conventional methods are limited, and are not suitable for implementation in an authentication system that requires a large number of RFID tags. .

因此,本發明之目的,即在提供一種認證方法。Accordingly, it is an object of the present invention to provide an authentication method.

於是,本發明認證方法,實現於一包括至少一用戶端裝置及一伺服端群組之認證系統,其中,該伺服端群組具有至少一伺服端裝置,該方法包含下列步驟:(a)該用戶端裝置根據該伺服端群組所分配之一碼字,及由該伺服端群組所發布之一非對稱式金鑰,產生一傳送密文;(b)該用戶端裝置傳送一認證資料組給該伺服端裝置,其中,該認證資料組包括該傳送密文及一第一驗證資料;以及(c)該伺服端裝置根據已接收之該認證資料組,對該用戶端裝置進行認證,其中,該步驟(c)包括下列子步驟:(c-1)該伺服端裝置對該認證資料組的該傳送密文進行求解,以得到多個候選明文,其中,每一候選明文具有一候選認證索引;(c-2)該伺服端裝置依據該等候選認證索引,計算出每一 候選明文所對應的一候選密鑰;以及(c-3)該伺服端裝置依據已接收之該第一驗證資料,以針對每一候選明文所對應的候選密鑰進行驗證,進而判定該用戶端裝置是否認證成功。Therefore, the authentication method of the present invention is implemented in an authentication system including at least one client device and a server group, wherein the server group has at least one server device, and the method includes the following steps: (a) The client device generates a transmission ciphertext according to one of the codewords allocated by the server group and an asymmetric key issued by the server group; (b) the client device transmits an authentication data. Providing the server device to the server device, wherein the authentication data group includes the transmission ciphertext and a first verification data; and (c) the server device certifies the client device according to the received authentication data group, The step (c) includes the following sub-steps: (c-1) the server device solves the transmitted ciphertext of the authentication data set to obtain a plurality of candidate plaintexts, wherein each candidate stationery has a candidate Authentication index; (c-2) the server device calculates each of the candidate authentication indexes a candidate key corresponding to the candidate plaintext; and (c-3) the server device verifies the candidate key corresponding to each candidate plaintext according to the received first verification data, and further determines the client end Whether the device is successfully authenticated.

1‧‧‧伺服端群組1‧‧‧Server group

10‧‧‧伺服端裝置10‧‧‧Servo device

11‧‧‧伺服端收發單元11‧‧‧Servo transceiver unit

12‧‧‧伺服端處理單元12‧‧‧Server processing unit

13‧‧‧伺服端儲存單元13‧‧‧Server storage unit

20‧‧‧用戶端裝置20‧‧‧Customer device

21‧‧‧用戶端收發單元21‧‧‧Customer transceiver unit

22‧‧‧用戶端處理單元22‧‧‧Customer Processing Unit

31~36‧‧‧初始化階段之步驟31~36‧‧‧Steps in the initialization phase

401~409‧‧‧認證階段之步驟401~409‧‧‧Steps in the certification phase

410~413‧‧‧認證階段之步驟410~413‧‧‧Steps in the certification phase

本發明之其他的特徵及功效,將於參照圖式的實施方式中清楚地呈現,其中:圖1是一方塊圖,說明本發明認證系統之一較佳實施例;圖2是一流程圖,說明本發明認證方法之一較佳實施例中的一初始化階段;及圖3與圖4是一流程圖,說明該認證方法之較佳實施例中的一認證階段。Other features and advantages of the present invention will be apparent from the embodiments of the present invention. FIG. 1 is a block diagram illustrating a preferred embodiment of the authentication system of the present invention; FIG. 2 is a flow chart. An initialization phase in a preferred embodiment of the authentication method of the present invention is illustrated; and Figures 3 and 4 are flowcharts illustrating an authentication phase in the preferred embodiment of the authentication method.

有關本發明之前述及其他技術內容、特點與功效,在以下配合參考圖式之一個較佳實施例的詳細說明中,將可清楚的呈現。The above and other technical contents, features and advantages of the present invention will be apparent from the following detailed description of the preferred embodiments.

參閱圖1,本發明認證系統之一較佳實施例包含一伺服端群組1,及至少一用戶端裝置20。該伺服端群組1包括至少一伺服端裝置10,且該伺服端裝置10包括一伺服端收發單元11、連接於該伺服端收發單元11之一伺服端處理單元12,及連接於該伺服端處理單元12之一伺服端儲存單元13。該用戶端裝置20包括用以與該伺服端裝 置10進行通訊之一用戶端收發單元21,及連接於該用戶端收發單元21之一用戶端處理單元22。Referring to FIG. 1, a preferred embodiment of the authentication system of the present invention includes a server group 1 and at least one client device 20. The server group 1 includes at least one server device 10, and the server device 10 includes a server transceiver unit 11, a server processing unit 12 connected to the servo transceiver unit 11, and is connected to the server. One of the processing units 12 is a server storage unit 13. The client device 20 is configured to be loaded with the server The user terminal transceiver unit 21 is configured to communicate with one of the client transceiver units 21, and is connected to the client processing unit 22 of the client transceiver unit 21.

在本較佳實施例中,該認證系統為一具有認證機制之RFID系統;其中,該伺服端群組1構成由複數個伺服端裝置10所組成的分散式伺服器環境,且每一伺服端裝置10之伺服端收發單元11為一RFID讀寫器(Reader/Writer),該伺服端裝置10之伺服端處理單元12為一電腦之處理器,該伺服端裝置10之伺服端記憶單元13為一資料庫;該用戶端裝置20為一RFID電子標籤,該用戶端裝置20之用戶端收發單元21為一天線(Antenna),該用戶端裝置20之用戶端處理單元22為一處理晶片。值得一提的是,本發明係適用於所有認證系統中用戶端裝置20為弱計算能力者,並不限於本較佳實施例所揭露之RFID系統。In the preferred embodiment, the authentication system is an RFID system having an authentication mechanism; wherein the server group 1 constitutes a distributed server environment composed of a plurality of server devices 10, and each server terminal The servo transceiver unit 11 of the device 10 is an RFID reader/writer (Reader/Writer), and the server processing unit 12 of the server device 10 is a processor of a computer, and the server memory unit 13 of the server device 10 is A client library 20 is an RFID electronic tag. The client transceiver unit 21 of the client device 20 is an antenna. The client processing unit 22 of the client device 20 is a processing chip. It should be noted that the present invention is applicable to all the authentication systems in which the client device 20 is weakly computing, and is not limited to the RFID system disclosed in the preferred embodiment.

為了使上述認證系統之較佳實施例中各元件間之互動及各別功能更為明確,以下配合本發明認證方法之一較佳實施例進行說明。雖然,圖1中係繪出複數個用戶端裝置20,但本發明亦可應用於僅有一用戶端裝置20之認證系統,且每一用戶端裝置20與每一伺服端裝置10之間的執行動作大致相同,因此,在細部的認證過程便以身分為T l 的用戶端裝置20與身分為S i 的伺服端裝置10之間的執行動作進行說明。In order to clarify the interaction and individual functions of the components in the preferred embodiment of the above authentication system, the following description will be made in conjunction with a preferred embodiment of the authentication method of the present invention. Although a plurality of client devices 20 are depicted in FIG. 1, the present invention is also applicable to an authentication system having only one client device 20, and execution between each client device 20 and each server device 10 is performed. operation is substantially the same, and therefore, the detail of the authentication process will be to T l is the identity of the user identity and the terminal apparatus 20 to perform the operation between the end of the servo device 10 will be described S i.

本發明認證方法包含兩個階段,分別是一初始化階段(見圖2),及一認證階段(見圖3與圖4)。The authentication method of the present invention comprises two phases, an initialization phase (see Figure 2) and an authentication phase (see Figures 3 and 4).

參閱圖1與圖2,該初始化階段僅在該認證系統建立時進行一次,接下來只有在該認證系統之元件有所變更時,例如,有新增或移除用戶端裝置20之情況,才需執行。該初始化階段包括下列步驟。Referring to FIG. 1 and FIG. 2, the initialization phase is only performed once when the authentication system is established, and then only when the components of the authentication system are changed, for example, when the user device 20 is added or removed. Need to be implemented. This initialization phase includes the following steps.

在步驟31中,該伺服端群組1發布一公開(public)函式及一非對稱式金鑰,其中,該公開函式為一虛擬亂數產生函式(pseudo-random number generator),以g ( )表示;且該非對稱式金鑰所採用之技術為一非對稱式密碼系統(asymmetric cryptosystems),例如,Rabin加密系統,該非對稱式金鑰以N 表示,其為二私密質數p、q 之乘積。In step 31, the server group 1 issues a public function and an asymmetric key, wherein the public function is a pseudo-random number generator, g ( ) indicates; and the technology used by the asymmetric key is an asymmetric cryptosystems, for example, a Rabin encryption system, the asymmetric key is represented by N , which is a two-private prime number p, q. The product of.

在步驟32中,該伺服端群組1亂數地產生指派給身分為T l 的該用戶端裝置20之一密鑰,並初始化指派給身分為T l 的該用戶端裝置20之一認證索引,其中,該密鑰以K l 表示,且該認證索引以(初始值設為1)表示。In step 32, the server end group generated random number 1 is the identity assigned to the UE 20 T l one key device, and initializes the identity assigned to the UE 20 one T l authentication indexing means Where the key is represented by K l and the authentication index is (The initial value is set to 1).

在步驟33中,該伺服端群組1中的每一伺服端裝置10之該伺服端處理單元12將已指派給身分為T l 的該用戶端裝置20之密鑰、認證索引紀錄於其所連接的該伺服端儲存單元13,其中,對於該伺服端群組1中身分為S i 的該伺服端裝置10,該伺服端儲存單元13所儲存的該密鑰及該認證索引則分別以K i,l 表示。In step 33, the server processing unit 12 of each server device 10 in the server group 1 records the key and the authentication index of the client device 20 that has been assigned to the user segment T1 . said server storage unit 13 is connected, wherein, for said server in a group identity to said server apparatus 10, S i, said server storage unit 13 and stored in the authentication of the key index to K respectively i,l and Said.

在步驟34中,該伺服端群組1任選一線性錯誤更正碼(linear error correction code)作為一線性碼,該線性碼由一生成矩陣所指定,且該生成矩陣內之所有元素屬於GF (2),其中,該線性碼以C (n ,k ,d )表示,n 代表該線性碼之一碼字長度,k 代表編碼前之一原始資料長度,d 代表該線性碼之一最小距離(minimum distance);該生成矩陣以G k ×n 表示。In step 34, the server group 1 optionally selects a linear error correction code as a linear code, the linear code is specified by a generator matrix, and all elements in the generator matrix belong to GF ( 2), wherein the linear code is represented by C ( n , k , d ), n represents the codeword length of one of the linear codes, k represents the original data length before encoding, and d represents the minimum distance of one of the linear codes ( Minimum distance); the generator matrix is represented by G k × n .

在步驟35中,該伺服端群組1藉由該生成矩陣G k ×n 之一組基底的線性組合產生分配給身分為T l 的該用戶端裝置20之一碼字(codeword),其中,該碼字以c l 表示且l 滿足1 l 2 k -1;值得一提的是,分配給每一用戶端裝置20之碼字均為非零且未被使用的碼字。In step 35, the server end of the group by a generator matrix G k × n linear combinations of one group of the substrate to produce T l identity assigned to the client device one of the 20 codewords (codeword is), wherein The codeword is represented by c l and l satisfies 1 l 2 k -1; It is worth mentioning that the codewords assigned to each client device 20 are non-zero and unused codewords.

在步驟36中,每一伺服端裝置10之該伺服端處理單元12,將已分配給身分為T l 的該用戶端裝置20之碼字紀錄於其所連接的該伺服端儲存單元13。In step 36, each end of the servo device 10 of the server end processing unit 12, which has been assigned to the identity of the user terminal T l said server apparatus storage unit 20 records the code word of 13 to which it is attached.

當身分為S i 的該伺服端裝置10之伺服端收發單元11欲感應或已感應到身分為T l 的該用戶端裝置20時,則進入該認證階段,其包括下列步驟。When servo 10 of the terminal identity to said server device S i transceiver unit 11 to be sensed or already sensed identity of the user terminal device 20 T l, then enters the authentication phase, which comprises the following steps.

在步驟401中,身分為S i 的該伺服端裝置10之該伺服端處理單元12亂數地產生一挑戰值,並透過身分為S i 的該伺服端裝置10之伺服端收發單元11傳送帶有該挑戰值之一詢問訊息(query message)給該用戶端裝置20;其中,該挑戰值以N R 表示。In step 401, the identity of said server device S i of the servo end 10 of the processing unit generates a challenge value 12 nonce to, and through the identity of said server device S i servo 10 of the end of the transceiver unit 11 is a conveyor belt has one value of this challenge interrogation message (query message) to the user end device 20; wherein the challenge value is expressed in N R.

在步驟402中,身分為T l 的該用戶端裝置20之該用戶端收發單元21接收帶有該挑戰值之詢問訊息。然後,身分為T l 的該用戶端裝置20之用戶端處理單元22任意地產生一錯誤向量,其中,該錯誤向量以e l 表示,且其漢 明權重(Hamming weight)小於等於;然後,身分為T l 的用戶端裝置20之用戶端處理單元22利用以下等式(1)計算一傳送碼字: In step 402, the UE identity to T l of the apparatus 20 of the user end transceiver unit 21 receives the inquiry message with the challenge value. Then, the UE 20 the identity of the processing unit 22 randomly generates an error vector T l to the UE device, wherein the error vector is expressed in e l, and the Hamming weight (Hamming weight) or less ; And a processing unit UE, the identity of the client device 20 T l 22 transmit a codeword is calculated using the following equation (1):

其中,代表該傳送碼字,c l 代表該碼字。among them, Represents the transmitted codeword, and c l represents the codeword.

在步驟403中,身分為T l 的該用戶端裝置20之用戶端處理單元22根據該傳送碼字及該認證索引產生一明文,其中,該明文以m l 表示,且∥表示字串串連運算子(string concatenation operator)。In step 403, the UE identity to T l client device 20 of the processing unit 22 based on the transmitted codeword And the certification index Generate a plaintext Wherein, the plaintext is represented by m l , and ∥ represents a string concatenation operator.

在步驟404中,身分為T l 的該用戶端裝置20之用戶端處理單元22利用以下等式(2)計算一傳送密文: In step 404, the UE identity to T l client device 20 of the processing unit 22 (2) transmitting a ciphertext calculated using the following equation:

其中,M l 代表該傳送密文,m l 代表該明文,N 代表該非對稱式金鑰。Where M l represents the transmitted ciphertext, m l represents the plaintext, and N represents the asymmetric key.

在步驟405中,身分為T l 的該用戶端裝置20之用戶端處理單元22根據已接收的該挑戰值、步驟402中產生的該錯誤向量,及被指派的該密鑰,並利用該公開函式產生一第一驗證資料,其中,該第一驗證資料以V T 表示,其計算整理如下式(3)。該步驟404中產生的該傳送密文及該第一驗證資料組成一認證資料組,即,(M l ,V T )。In step 405, the identity of the client device 22 T l based on the received challenge value, the error vector generated in step 402, and the key is assigned to the UE 20 of the processing unit, and using the disclosed The function generates a first verification data, wherein the first verification data is represented by V T , and the calculation is organized as follows (3). The transmission ciphertext and the first verification data generated in the step 404 form an authentication data group, that is, ( M l , V T ).

V T =g (e l g (N R K l )).......................(3) V T = g ( e l g ( N R K l )). . . . . . . . . . . . . . . . . . . . . . . (3)

接著,身分為T l 的該用戶端裝置20之用戶端處理單元22透過該用戶端收發單元21傳送該認證資料組給身分為S i 的該伺服端裝置10之伺服端收發單元11。Subsequently, the identity of the user end device transmits T l UE processing unit 20 of the UE 22 through the authentication information transceiving unit 21 is set to the identity of said server S i of the servo device 10 of the transceiver unit 11 ends.

在步驟406中,身分為S i 的該伺服端裝置10依據該等私密質數,利用中國剩餘定理對該傳送密文進行求解,以得到多個候選明文,其中,該等候選明文以{m l,u |u =1,2,3,4}表示,其中,每一候選明文具有一候選傳送碼字及一候選認證索引,其關係為,且該候選傳送碼字以表示,該候選認證索引以表示,且1 u 4。In step 406, the server device 10, which is classified as S i , solves the transmitted ciphertext by using the Chinese remainder theorem according to the private masses to obtain a plurality of candidate plaintexts, wherein the candidate plaintexts are { m l , u | u =1, 2, 3, 4} indicates that each candidate stationery has a candidate transmission codeword and a candidate authentication index, and the relationship is And the candidate transmission codeword is Said that the candidate authentication index is Express, and 1 u 4.

在步驟407中,身分為S i 的該伺服端裝置10之伺服端處理單元12利用相關聯該生成矩陣之一校驗矩陣來對每一候選傳送碼字進行解碼,以得到對應每一候選明文之一候選錯誤向量及一候選碼字,其中,對應每一候選明文之候選錯誤向量以e l,u 表示,且對應每一候選明文之候選碼字以c l,u 表示,其中,1 u 4。In step 407, the server processing unit 12 of the server device 10 that is classified as S i decodes each candidate transmission code word by using one of the check matrixes associated with the generation matrix to obtain a corresponding plaintext for each candidate. a candidate error vector and a candidate codeword, wherein the candidate error vector corresponding to each candidate plaintext is represented by e l, u , and the candidate codeword corresponding to each candidate plaintext is represented by c l, u , where 1 u 4.

在步驟408中,在身分為S i 的該伺服端裝置10中,其伺服端處理單元12根據對應每一候選明文的候選碼字,比對其預先紀錄指派給不同的用戶端裝置20的碼字,以找出一與該比對結果對應的用戶端裝置20,進而依據該對應的用戶端裝置20於前一次和身分為S i 的該伺服端裝置10認證後由該伺服端儲存單元13所儲存的密鑰及認證索引(若用戶端裝置20尚未與伺服端裝置10認證,則密鑰與認證索引均為初始值),及根據不同的候選認證索引來計算每一候選明文所對應的一候選密鑰;其中,身分為S i 的該伺服端裝置10之伺服端處理單元12係依據下列等式(4),計算每一候選明文所對應的該候選密鑰: In step 408, in the server device 10 having the identity S i , the server processing unit 12 thereof pre-records the code assigned to the different client device 20 according to the candidate codeword corresponding to each candidate plaintext. a word to find a client device 20 corresponding to the comparison result, and then the server storage unit 13 is authenticated according to the corresponding client device 20 authenticated by the server device 10 of the previous time and the identity S i The stored key and the authentication index (if the client device 20 has not been authenticated by the server device 10, the key and the authentication index are both initial values), and the candidate corresponding to each candidate plaintext is calculated according to different candidate authentication indexes. a candidate key; wherein the server processing unit 12 of the server device 10 having the identity of S i calculates the candidate key corresponding to each candidate plaintext according to the following equation (4):

其中,g ( )代表該公開函式,且K l,u 代表候選明文m l,u 所對應的候選密鑰,代表候選明文m l,u 所對應的候選認證索引,且K i,l 代表身分為S i 的該伺服端裝置10所儲存的該密鑰,代表身分為S i 的該伺服端裝置10所儲存的該認證索引。Where g ( ) represents the public function, and K l, u represents the candidate key corresponding to the candidate plaintext m l,u , Representing the candidate authentication index corresponding to the candidate plaintext m l,u , and K i,l represents the key stored by the server device 10 of the identity S i , The authentication index stored by the server device 10 of the S i is represented.

因此,身分為S i 的該伺服端裝置10可藉由下列步驟409~410將等式(4)中所求出的該等候選密鑰,來進一步得到對應先前所儲存的該密鑰之密鑰更新值。Therefore, the server device 10 having the identity of S i can further obtain the secret of the previously stored key by using the candidate keys obtained in the equation (4) by the following steps 409 to 410. Key update value.

在步驟409中,身分為S i 的該伺服端裝置10之伺服端處理單元12將該挑戰值、從步驟407~408中所得到對應每一候選明文的候選密鑰與候選錯誤向量作為參數依序代入下列式(5): In step 409, the server processing unit 12 of the server device 10 that is classified as S i takes the challenge value, the candidate key corresponding to each candidate plaintext obtained in steps 407-408 and the candidate error vector as parameters. Substituting into the following formula (5):

進而,由式(5)可得到分別對應四個候選明文之四個計算結果;若其中一計算結果之數值滿足式(2)中計算得到的該第一驗證資料,則表示身分為S i 的該伺服端裝置10對身分為T l 的該用戶端裝置20之認證成功,其中,該認證成功之後選明文以表示,且其所對應的該候選密鑰、候選認證索引、候選錯誤向量,則分別以表示。Furthermore, four calculation results respectively corresponding to four candidate plaintexts can be obtained from equation (5); if the value of one of the calculation results satisfies the first verification data calculated in equation (2), it indicates that the identity is S i said server apparatus 10 to the user terminal identity T l of the apparatus 20 of the success of the authentication, wherein, after the authentication success option to plaintext Representing, and corresponding to the candidate key, the candidate authentication index, and the candidate error vector, respectively , , Said.

在步驟410中,當步驟408之認證成功後,在身分為S i 的該伺服端裝置10中,該伺服端儲存單元13根據認證成功的候選明文所對應的該候選密鑰及該候選認證索引,來更新其原先所儲存的該密鑰及該認證索引,使得K i,l In step 410, after the authentication of step 408 is successful, in the server device 10 of the identity S i , the server storage unit 13 is based on the candidate key corresponding to the successful candidate candidate text and the candidate authentication index. To update the key that was originally stored and the authentication index so that K i,l , .

在步驟411中,當步驟408之認證成功後,身分為S i 的該伺服端裝置10之伺服器處理單元12,其依據該步驟401中產生之該挑戰值、該步驟409中認證成功的候選明文所對應的候選錯誤向量與該候選密鑰,並利用該公開函式產生一第二驗證資料,其中,該第二驗證資料以V ST 表示,其計算整理如下式(6)。在身分為S i 的該伺服端裝置10中,該伺服端處理單元12透過該伺服端收發單元11傳送該第二驗證資料給身分為T l 的該用戶端裝置20。In step 411, after the authentication of the step 408 is successful, the server processing unit 12 of the server device 10 of the S i is determined according to the challenge value generated in the step 401, and the candidate for successful authentication in the step 409. The candidate error vector corresponding to the plaintext and the candidate key, and using the public function to generate a second verification data, wherein the second verification data is represented by V ST , and the calculation is organized as follows (6). Identity to the identity of the user terminal device T l 20 S i said server apparatus 10, the server end of the second processing unit 12 transmits authentication data to said server through the transceiver unit 11.

在步驟412中,在身分為T l 的該用戶端裝置20中,該用戶端收發單元21接收該第二驗證資料。然後,該用戶端處理單元22將已接收的該挑戰值、步驟402中產生之該錯誤向量、該密鑰,及已接收的該第二驗證資料作為參數,代入上述式(6)進行認證,若式(6)之等式成立,則表示身分為T l 的該用戶端裝置20對身分為S i 的該伺服端裝置10之認證成功。In step 412, the identity of the client apparatus 20 T l, the UE transceiver unit 21 receives the second authentication information. Then, the client processing unit 22 substitutes the received challenge value, the error vector generated in step 402, the key, and the received second verification data as parameters, and substitutes the above formula (6) for authentication. If the equation of formula (6) the establishment, it indicates that the identity of T l client device 20 of the identity of the S i said server apparatus 10 of the success of the authentication.

在步驟413中,當步驟412之認證成功後,身分為T l 的該用戶端裝置20之伺服端處理單元12利用該公開函式該密鑰進行更新,並將該認證索引之數值加一,使得,K l g (K l )、+1。In step 413, when the authentication is successful in step 412, the identity of the user end device T l servo 20 of the end processing unit 12 by using the disclosed key of the update function, and the authentication value of the index plus one, Let K l g ( K l ), +1.

本發明認證方法具有以下優點:The authentication method of the present invention has the following advantages:

1.身分為T l 的該用戶端裝置20可藉由執行上述步驟401~413與該伺服端群組1中任一伺服端裝置10相互 認證(mutual authentication)。1. the identity of the client device 20 may be T l 401 ~ 41,310 mutual authentication (mutual authentication) by performing the above steps with said server group according to any one end of a servo device.

2.本發明的伺服端裝置10在各個認證階段中均會隨機產生一個新的挑戰值,而對應的用戶端裝置20亦會選擇一個新的隨機錯誤向量,因此,一個基於舊的挑戰(N R ,e l )之重送資料是騙不了伺服端裝置10或用戶端裝置20,因此本發明機制可以防止重送攻擊(relay attack);而對於任何的竄改攻擊(modification attack)及其他可能的冒名頂替攻擊(impersonation attack),本發明在完成一個階段的認證過程後,用戶端裝置20均會更新其密鑰,因此,攻擊者在不知道最新密鑰的情況下無法產生正確的第一驗證資料或第二驗證資料。2. The server device 10 of the present invention randomly generates a new challenge value in each authentication phase, and the corresponding client device 20 also selects a new random error vector, thus, an old challenge based ( N The retransmission data of R , e l ) does not fool the server device 10 or the client device 20, so the mechanism of the present invention can prevent a relay attack; for any tampering attack and other possible The impersonation attack, after the completion of the authentication process of the present invention, the client device 20 updates its key, so the attacker cannot generate the correct first verification without knowing the latest key. Information or second verification data.

3.在本發明的機制中,每一伺服端裝置10針對身分為T l 的該用戶端裝置20所儲存的密鑰,其均為最後一次與身分為T l 的該用戶端裝置20成功匹配後所儲存的密鑰,因此,在本發明中,若要與身分為T l 的該用戶端裝置20當前新的密鑰同步,則須利用中國剩餘定理對該傳送密文進行解密,進而透過上述式(4)之計算來獲得與身分為T l 的該用戶端裝置20同步的密鑰;這樣的機制可確保每一真正的伺服端裝置10可和用戶端裝置20的密鑰進行同步,進而確保該伺服端裝置10與用戶端裝置20之間的身分驗證,並且達到抵抗去同步攻擊(de-synchronization attack)之效用。3. In the mechanism of the present invention, each end of the servo device 10 for the identity of the client device stored in T l keys 20, which are the last 20 successfully matched with the UE identity to the apparatus T l after the stored key, therefore, in the present invention, a new identity to the key 20 of the current T l synchronize the client device, using the Chinese remainder Theorem shall decrypt the ciphertext transmission, and further through calculating the formulas (4) to obtain the identity of the user of the terminal T l 20 synchronize the key means; such a mechanism ensures that each real server end and the client device 10 may be a key synchronization means 20, Further, the identity verification between the server device 10 and the client device 20 is ensured, and the effect of resisting a de-synchronization attack is achieved.

4.在本發明的機制中,攻擊者無法從被破解的當前密鑰推導出以前的密鑰,主要是該密鑰已透過安全 更新機制進行更新(即,K l g (K l )),加上該攻擊者在不了解秘密生成矩陣的情況下無法計算該錯誤向量;因此,在這兩雙重保護下,本發明具備向前安全性(forward secrecy)。4. In the mechanism of the present invention, an attacker cannot derive a previous key from the current key being cracked, mainly because the key has been updated through a security update mechanism (ie, K l g ( K l )) In addition, the attacker cannot calculate the error vector without knowing the secret generation matrix; therefore, under the two dual protections, the present invention has forward secrecy.

5.在本發明的機制中,由於每一個用戶端裝置20在每次的認證階段中之挑戰(N R ,e l )資料皆為亂數產生,且參數{M l V ST V T }均為進一步透過Rabin加密系統進行加密,因此攻擊者無法針對下列隨機輸出之參數{M l V ST V T }進行推論並且對用戶端裝置20進行跟蹤;因此,本發明具備匿名性及不可追蹤性。5. In the mechanism of the present invention, since each of the client devices 20 challenges ( N R , e l ) in each authentication phase, the data is generated in random numbers, and the parameters { M l V ST V T } are In order to further encrypt through the Rabin encryption system, the attacker cannot infer the following random output parameter { M l V ST V T } and track the client device 20; therefore, the present invention has anonymity and non-traceability.

6.在本發明的機制中,以線性碼C (n ,k ,d )為例,習知方法僅能支援O (k )個RFID電子標籤,而本發明能支援O (2 k )個RFID電子標籤,其所能支援的RFID電子標籤數量遠大於習知方法。6. In the mechanism of the present invention, taking the linear code C ( n , k , d ) as an example, the conventional method can only support O ( k ) RFID electronic tags, and the present invention can support O (2 k ) RFIDs. The number of RFID tags that an electronic tag can support is much larger than the conventional method.

綜上所述,在本發明之方法及系統中,僅需弱計算能力之用戶端裝置20,像是輕量(lightweight)RFID電子標籤,即可實現具有高安全等級之匿名性、不可追蹤性及向前安全性的相互認證機制;除此之外,該用戶端裝置20之用戶端處理單元22,僅需具備執行加法、互斥或(XOR),及亂數產生之運算能力,即可完成本發明之認證方法,故確實能達成本發明之目的。In summary, in the method and system of the present invention, only the weak computing power of the client device 20, such as a lightweight RFID electronic tag, can achieve anonymity and non-traceability with a high security level. And the mutual authentication mechanism of the forward security; in addition, the client processing unit 22 of the client device 20 only needs to have the computing capability of performing addition, mutual exclusion or (XOR), and random number generation. By completing the authentication method of the present invention, the object of the present invention can be achieved.

惟以上所述者,僅為本發明之較佳實施例而已,當不能以此限定本發明實施之範圍,即大凡依本發明申請專利範圍及專利說明書內容所作之簡單的等效變化與 修飾,皆仍屬本發明專利涵蓋之範圍內。However, the above is only the preferred embodiment of the present invention, and the scope of the present invention is not limited thereto, that is, the simple equivalent change of the patent application scope and the patent specification content of the present invention is Modifications are still within the scope of the invention.

1‧‧‧伺服端群組1‧‧‧Server group

10‧‧‧伺服端裝置10‧‧‧Servo device

11‧‧‧伺服端收發單元11‧‧‧Servo transceiver unit

12‧‧‧伺服端處理單元12‧‧‧Server processing unit

13‧‧‧伺服端儲存單元13‧‧‧Server storage unit

20‧‧‧用戶端裝置20‧‧‧Customer device

21‧‧‧用戶端收發單元21‧‧‧Customer transceiver unit

22‧‧‧用戶端處理單元22‧‧‧Customer Processing Unit

Claims (8)

一種認證方法,實現於一包括至少一用戶端裝置及一伺服端群組之認證系統,其中,該伺服端群組具有至少一伺服端裝置,該方法包含下列步驟:(a)進行該伺服端群組與該用戶端裝置之間的初始化過程,其中,該步驟(a)包括下列子步驟:(a-1)該伺服端群組還發布一公開函式,其中,該公開函式以g ( )表示,且該公開函式為一虛擬亂數產生函式;(a-2)該伺服端群組指派一密鑰及一認證索引給身分為T l 的該用戶端裝置,其中,該密鑰以K l 表示,且該認證索引以表示;以及(a-3)該伺服端群組紀錄已指派給身分為T l 的該用戶端裝置的該密鑰及該認證索引,其中,對於該伺服端群組中身分為S i 的該伺服端裝置,其所儲存的該密鑰及該認證索引則分別以K i,l 表示;(b)該用戶端裝置根據該伺服端群組所分配之一碼字,及由該伺服端群組所發布之一非對稱式金鑰,產生一傳送密文;(c)該用戶端裝置傳送一認證資料組給該伺服端裝置,其中,該認證資料組包括該傳送密文及一第一驗證資料;以及(d)該伺服端裝置根據已接收之該認證資料組,對該用戶端裝置進行認證,其中,該步驟(d)包括下列子 步驟:(d-1)該伺服端裝置對該認證資料組的該傳送密文進行求解,以得到多個候選明文,其中,每一候選明文具有一候選認證索引;(d-2)該伺服端裝置依據該等候選認證索引,計算出每一候選明文所對應的一候選密鑰,其中,身分為S i 的該伺服端裝置係依據下列式子計算出每一候選明文所對應的該候選密鑰:,且1 u 4;其中,g ( )代表該公開函式,且K l,u 分別代表候選明文m l,u 所對應的候選密鑰及候選認證索引,且K i,l 分別代表身分為S i 的該伺服端裝置所儲存的該認證索引及該密鑰;以及(d-3)該伺服端裝置依據已接收之該第一驗證資料,以針對每一候選明文所對應的候選密鑰進行驗證,進而判定該用戶端裝置是否認證成功。An authentication method is implemented in an authentication system including at least one client device and a server group, wherein the server group has at least one server device, and the method includes the following steps: (a) performing the server An initialization process between the group and the client device, wherein the step (a) comprises the following sub-steps: (a-1) the server group further issues a public function, wherein the public function is g () represents, as a function of this disclosure and a virtual random number generator function; (a-2) said server a group assignment and an authentication key index to the identity of the client device T l, wherein the The key is represented by K l and the authentication index is Represents; and (a-3) said server group is assigned to record the identity of the key to the user terminal device and the authentication T l index, wherein, for said server for the group identity of the S i The server device stores the key and the authentication index respectively by K i, l and Representing; (b) the client device generates a transmission ciphertext according to one of the codewords allocated by the server group and an asymmetric key issued by the server group; (c) the user The end device transmits an authentication data group to the server device, wherein the authentication data group includes the transmission ciphertext and a first verification data; and (d) the server device receives the authentication data group according to the The client device performs authentication, wherein the step (d) includes the following sub-steps: (d-1) the server device solves the transmitted ciphertext of the authentication data group to obtain a plurality of candidate plaintexts, wherein each a candidate clear stationery has a candidate authentication index; (d-2) the server device calculates a candidate key corresponding to each candidate plaintext according to the candidate authentication indexes, wherein the server device is classified into S i The candidate key corresponding to each candidate plaintext is calculated according to the following formula: And 1 u 4; where g ( ) represents the public function, and K l, u and Representing the candidate key corresponding to the candidate plaintext m l,u and the candidate authentication index, respectively, and And K i,l respectively represent the authentication index and the key stored by the server device of the identity S i ; and (d-3) the server device according to the received first verification data, for each The candidate key corresponding to the candidate plaintext is verified to determine whether the client device is successfully authenticated. 如請求項1所述的認證方法,其中,該步驟(b)包括下列子步驟:(b-1)身分為T l 的該用戶端裝置任意地產生一錯誤向量;(b-2)身分為T l 的該用戶端裝置依據該錯誤向量及該碼字,計算一傳送碼字:(b-3)身分為T l 的該用戶端裝置根據其被指派之認證索引及該傳送碼字及產生一明文; (b-4)身分為T l 的該用戶端裝置利用以下等式計算該傳送密文:M l =modN ,其中,M l 代表該傳送密文,m l 代表該明文,N 代表該非對稱式金鑰。The authentication method according to a request, wherein the step (b) comprises the substeps of: (b-1) the identity of the client device T l arbitrarily generating an error vector; (b-2) the identity of T l of the client device according to the error vector and the code words, calculating a transmission codeword: (b-3) status as T l of the client device in accordance with the authentication index which is assigned to it, and the transmission codeword and generating a plaintext; (b-4) the identity of the client computing device T l conveying the ciphertext using the following equation: M l = Mod N , where M l represents the transmitted ciphertext, m l represents the plaintext, and N represents the asymmetric key. 如請求項1所述的認證方法,其中,該步驟(a)還包括一子步驟(a-4),該伺服端群組任選一線性錯誤更正碼作為一線性碼,該線性碼由一生成矩陣所指定,且該生成矩陣內之所有元素屬於GF (2),其中,該線性碼以C (n ,k ,d )表示,n 代表該線性碼之一碼字長度,k 代表編碼前之一原始資料長度,d 代表該線性碼之一最小距離,該生成矩陣以G k ×n 表示,且在該步驟(b)中,由該伺服端群組分配給身分為T l 的該用戶端裝置之該碼字為藉由該生成矩陣G k ×n 之一組基底的線性組合所產生,其中,該碼字以c l 表示且l 滿足1 l 2 k -1。The authentication method of claim 1, wherein the step (a) further comprises a sub-step (a-4), the server group optionally selecting a linear error correction code as a linear code, the linear code being The generation matrix specifies that all elements in the generation matrix belong to GF (2), where the linear code is represented by C ( n , k , d ), n represents the codeword length of one of the linear codes, and k represents the code before One of the original data lengths, d represents a minimum distance of the linear code, the generation matrix is represented by G k × n , and in the step (b), the server is assigned by the server group to the user of the identity T l The codeword of the end device is generated by a linear combination of a set of bases of the generator matrix G k × n , wherein the codeword is represented by c l and l satisfies 1 l 2 k -1. 如請求項3所述的認證方法,還包含在該步驟(a)及(b)之間的一步驟(e),該伺服端裝置亂數產生一挑戰值,並將帶有該挑戰值之一詢問訊息傳送給該用戶端裝置。 The authentication method according to claim 3, further comprising a step (e) between the steps (a) and (b), the server device generates a challenge value in a random number, and carries the challenge value. An inquiry message is transmitted to the client device. 如請求項4所述的認證方法,其中,在該子步驟(d-1)中,每一候選明文還具有一候選傳送碼字,且該子步驟(d-1)與該子步驟(d-2)之間還具有一子步驟(d-4),該伺服端裝置利用相關聯該生成矩陣之一校驗矩陣來對每一候選傳送碼字進行解碼,以得到對應每一候選明 文之一候選錯誤向量,且在該子步驟(d-3)中,該伺服端裝置係將該挑戰值及每一候選明文所對應的候選密鑰、候選錯誤向量代入該公開函式,以得到對應每一候選明文之一計算結果,進而依據已接收的該第一驗證資料針對該些計算結果來進行驗證,若其中一計算結果之數值滿足該第一驗證資料,則該伺服端裝置判定該用戶端裝置認證成功。 The authentication method of claim 4, wherein in the sub-step (d-1), each candidate plaintext further has a candidate transmission codeword, and the sub-step (d-1) and the sub-step (d) -2) also has a sub-step (d-4), the server device decodes each candidate transmission codeword by using one of the check matrixes associated with the generation matrix to obtain a corresponding candidate a candidate error vector, and in the sub-step (d-3), the server device substitutes the challenge value and the candidate key and candidate error vector corresponding to each candidate plaintext into the public function, Obtaining a calculation result corresponding to one of the candidate plaintexts, and then performing verification according to the received first verification data for the calculation results, and if the value of one of the calculation results satisfies the first verification data, the server device determines The client device authentication is successful. 如請求項1所述的認證方法,該步驟(d)之後還包含一步驟(f),其中,步驟(f)包括下列子步驟:(f-1)若該用戶端裝置通過該伺服端裝置之認證,則該伺服端裝置傳送一第二驗證資料至該用戶端裝置;(f-2)該用戶端裝置根據該第二驗證資料及該密鑰對該伺服端裝置進行認證;以及(f-3)若該子步驟(f-2)中該用戶端裝置對該伺服端裝置的認證成功,則該用戶端裝置利用該公開函式對該密鑰進行更新,並將該認證索引之數值加一。 The authentication method of claim 1, the step (d) further comprising a step (f), wherein the step (f) comprises the following sub-steps: (f-1) if the client device passes the server device Authentication, the server device transmits a second verification data to the client device; (f-2) the client device authenticates the server device according to the second verification data and the key; and (f -3) if the authentication of the server device by the client device in the sub-step (f-2) is successful, the client device updates the key by using the public function, and the value of the authentication index is plus one. 如請求項1所述的認證方法,其中,該子步驟(d-3)之後包括一子步驟(d-5),若該子步驟(d-3)的判定結果為是,則該伺服端裝置所儲存的該密鑰及該認證索引根據認證成功後的該候選密鑰及該候選認證索引進行更新。 The authentication method of claim 1, wherein the sub-step (d-3) comprises a sub-step (d-5), and if the determination result of the sub-step (d-3) is YES, the server The key stored in the device and the authentication index are updated according to the candidate key after the authentication succeeds and the candidate authentication index. 如請求項1所述的認證方法,在該步驟(b)中,該伺服端群組所發布的該非對稱式金鑰係為二私密質數之乘 積,且在該子步驟(d-1)中,該伺服端裝置依據該等私密質數,並利用中國剩餘定理對該傳送密文進行求解,以得到該等候選明文。 In the authentication method described in claim 1, in the step (b), the asymmetric key issued by the server group is multiplied by two private prime numbers. Product, and in the sub-step (d-1), the server device solves the transmitted ciphertext according to the private masses and uses the Chinese remainder theorem to obtain the candidate plaintexts.
TW102129302A 2013-08-15 2013-08-15 Authentication method TWI504222B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW102129302A TWI504222B (en) 2013-08-15 2013-08-15 Authentication method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW102129302A TWI504222B (en) 2013-08-15 2013-08-15 Authentication method

Publications (2)

Publication Number Publication Date
TW201507429A TW201507429A (en) 2015-02-16
TWI504222B true TWI504222B (en) 2015-10-11

Family

ID=53019570

Family Applications (1)

Application Number Title Priority Date Filing Date
TW102129302A TWI504222B (en) 2013-08-15 2013-08-15 Authentication method

Country Status (1)

Country Link
TW (1) TWI504222B (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TW200518544A (en) * 2003-10-10 2005-06-01 Univ Chang Gung Partition and recovery of a verifiable digital secret
CN101667255A (en) * 2008-09-04 2010-03-10 华为技术有限公司 Security authentication method, device and system for radio frequency identification
TW201126993A (en) * 2010-01-22 2011-08-01 Univ Nat Chi Nan Authorization method, authorization system and electronic tag
TW201142732A (en) * 2010-05-31 2011-12-01 Nat Univ Chung Hsing A novel RFID-based management system using for purchase and after-sales service on shopping mall
US20120023026A1 (en) * 2007-09-10 2012-01-26 Microsoft Corporation Mobile wallet and digital payment
TW201240371A (en) * 2011-03-31 2012-10-01 Chunghwa Telecom Co Ltd Method and system for securely accessing the secure element of the NFC bluetooth dongle

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TW200518544A (en) * 2003-10-10 2005-06-01 Univ Chang Gung Partition and recovery of a verifiable digital secret
US20120023026A1 (en) * 2007-09-10 2012-01-26 Microsoft Corporation Mobile wallet and digital payment
CN101667255A (en) * 2008-09-04 2010-03-10 华为技术有限公司 Security authentication method, device and system for radio frequency identification
TW201126993A (en) * 2010-01-22 2011-08-01 Univ Nat Chi Nan Authorization method, authorization system and electronic tag
TW201142732A (en) * 2010-05-31 2011-12-01 Nat Univ Chung Hsing A novel RFID-based management system using for purchase and after-sales service on shopping mall
TW201240371A (en) * 2011-03-31 2012-10-01 Chunghwa Telecom Co Ltd Method and system for securely accessing the secure element of the NFC bluetooth dongle

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
Hung Yu Chien, "Cryptanalysis on RFID Authentications Using Minimum Disclosure Approach", Information Security (Asia JCIS), 2013 Eighth Asia Joint Conference on, Seoul, pp.33-40, 25-26 July 2013. *

Also Published As

Publication number Publication date
TW201507429A (en) 2015-02-16

Similar Documents

Publication Publication Date Title
US11038694B1 (en) Devices, methods, and systems for cryptographic authentication and provenance of physical assets
CA2652084C (en) A method and apparatus to provide authentication and privacy with low complexity devices
US8595504B2 (en) Light weight authentication and secret retrieval
Burmester et al. Lightweight RFID authentication with forward and backward security
CN110381055B (en) RFID system privacy protection authentication protocol method in medical supply chain
Eldefrawy et al. Mobile one‐time passwords: two‐factor authentication using mobile phones
Doss et al. A minimum disclosure approach to authentication and privacy in RFID systems
CN106603246A (en) SM2 digital signature segmentation generation method and system
TWI398153B (en) Certification methods, authentication systems and electronic tags
Liu et al. A Lightweight RFID Authentication Protocol based on Elliptic Curve Cryptography.
Ibrahim et al. An advanced encryption standard powered mutual authentication protocol based on elliptic curve cryptography for RFID, proven on WISP
Chen et al. A secure ownership transfer protocol using EPCglobal Gen-2 RFID
Lee et al. Mutual authentication protocol for enhanced RFID security and anti-counterfeiting
Akgün et al. Attacks and improvements to chaotic map‐based RFID authentication protocol
Hsu et al. Efficient identity authentication and encryption technique for high throughput RFID system
Fu et al. Scalable pseudo random RFID private mutual authentication
Sundaresan et al. Zero knowledge grouping proof protocol for RFID EPC C1G2 tags
Yang et al. A privacy model for RFID tag ownership transfer
Asadpour et al. Scalable, privacy preserving radio‐frequency identification protocol for the internet of things
Edelev et al. A secure minimalist RFID authentication and an ownership transfer protocol compliant to EPC C1G2
Safkhani et al. Weaknesses in another Gen2-based RFID authentication protocol
Duc et al. Enhancing security of EPCglobal Gen-2 RFID against traceability and cloning
Chen et al. A secure RFID authentication protocol adopting error correction code
TWI504222B (en) Authentication method
Li et al. Vulnerabilities of an ECC‐based RFID authentication scheme

Legal Events

Date Code Title Description
MM4A Annulment or lapse of patent due to non-payment of fees