[go: up one dir, main page]

CN101470794A - Authentication method, equipment and system for wireless radio frequency recognition system - Google Patents

Authentication method, equipment and system for wireless radio frequency recognition system Download PDF

Info

Publication number
CN101470794A
CN101470794A CNA2008100014136A CN200810001413A CN101470794A CN 101470794 A CN101470794 A CN 101470794A CN A2008100014136 A CNA2008100014136 A CN A2008100014136A CN 200810001413 A CN200810001413 A CN 200810001413A CN 101470794 A CN101470794 A CN 101470794A
Authority
CN
China
Prior art keywords
authentication information
authentication
label
reader
parameter
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CNA2008100014136A
Other languages
Chinese (zh)
Inventor
张向东
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Priority to CNA2008100014136A priority Critical patent/CN101470794A/en
Publication of CN101470794A publication Critical patent/CN101470794A/en
Pending legal-status Critical Current

Links

Images

Landscapes

  • Mobile Radio Communication Systems (AREA)

Abstract

本发明的实施例公开了一种无线射频识别RFID系统中的认证方法,包括以下步骤:接收第一认证信息和第二认证信息,在本地查找具有所述第一认证信息的标签;根据具有所述第一认证信息的标签的参数,生成第三认证信息;判断所述第二认证消息与所述第三认证消息是否相同,若相同,则对所述具有所述第一认证信息的标签认证成功。本发明的实施例还公开了用于RFID系统认证的设备和系统。通过使用本发明的实施例,减少了标签认证过程中对标签的计算和比较次数,提高了读取效率。

The embodiment of the present invention discloses an authentication method in a radio frequency identification RFID system, comprising the following steps: receiving first authentication information and second authentication information, and searching locally for a label with the first authentication information; The parameters of the label of the first authentication information are generated to generate third authentication information; it is judged whether the second authentication message is the same as the third authentication message, and if they are the same, the label with the first authentication information is authenticated success. The embodiment of the invention also discloses a device and a system for RFID system authentication. By using the embodiment of the present invention, the times of calculating and comparing tags in the tag authentication process are reduced, and the reading efficiency is improved.

Description

无线射频识别系统中的认证方法、设备和系统 Authentication method, device and system in radio frequency identification system

技术领域 technical field

本发明涉及通信技术领域,尤其涉及一种无线射频识别系统中的认证方法、设备和系统。The invention relates to the field of communication technology, in particular to an authentication method, device and system in a radio frequency identification system.

背景技术 Background technique

RFID(Radio Frequency Identification,无线射频识别)技术是从上世纪80年代开始走向成熟的一种非接触式的自动识别技术,它通过射频信号自动识别目标对象并获取相关数据,无需人工干预。由于RFID技术具有多目标识别和非接触识别等特点,目前已广泛应用于制造业、商业、军事、日常生活等领域,并显示出巨大的发展潜力与应用空间,被认为是21世纪最有发展前途的技术之一。RFID (Radio Frequency Identification) technology is a non-contact automatic identification technology that has matured since the 1980s. It uses radio frequency signals to automatically identify target objects and obtain relevant data without manual intervention. Since RFID technology has the characteristics of multi-target identification and non-contact identification, it has been widely used in manufacturing, commerce, military, daily life and other fields, and has shown huge development potential and application space. It is considered to be the most developed in the 21st century. One of the promising technologies.

RFID系统一般由三大部分构成:标签、阅读器以及后台数据库,其结构如图1所示。其中,后台数据库可以是运行于任意硬件平台的数据库系统,用户可以根据实际需要自行选择,通常情况下后台数据库具有强大的计算和存储能力,它存储着所有标签的信息。阅读器实际是一个带有天线的无线发射与接收设备,其处理能力、存储空间都比较大。标签是带有天线的微型电路,标签通常没有微处理器,仅由数千个逻辑门电路组成。RFID system generally consists of three parts: tags, readers and background database, its structure is shown in Figure 1. Among them, the background database can be a database system running on any hardware platform, and the user can choose according to actual needs. Usually, the background database has powerful computing and storage capabilities, and it stores all the label information. The reader is actually a wireless transmitting and receiving device with an antenna, and its processing capacity and storage space are relatively large. Tags are tiny circuits with an antenna, and tags usually don't have a microprocessor and consist of thousands of logic gates.

虽然RFID技术有着广泛的应用前景,但是RFID通信系统缺乏有效的安全机制,已经成为制约其大规模部署和运用的重要因素。Although RFID technology has broad application prospects, the lack of effective security mechanisms in RFID communication systems has become an important factor restricting its large-scale deployment and application.

一个比较完善的RFID系统解决方案应当具备如下特性:机密性,信息只被授权用户访问;完整性,通信过程中信息的篡改或替换抵制;真实性,阅读器及标签身份认证和不可否认;重放攻击抵制,抵抗通信消息的重放;隐私性,保护消费者的隐私信息或相关经济实体的商业利益。A relatively complete RFID system solution should have the following characteristics: confidentiality, information is only accessed by authorized users; integrity, resistance to tampering or replacement of information during communication; authenticity, reader and tag identity authentication and non-repudiation; Release attack resistance, resistance to replay of communication messages; privacy, protection of consumers' private information or commercial interests of related economic entities.

作为一种无线通信技术,RFID的安全解决方案,除具有上述一般无线通信技术的安全要求之外,还具有自身的特点。包括:As a wireless communication technology, the security solution of RFID has its own characteristics in addition to the security requirements of the above-mentioned general wireless communication technology. include:

实用性:因为阅读器和后台数据库通常都有比较强的计算能力,它们之间的通信安全问题可以利用相对成熟的计算机网络安全机制来解决。但标签要求低成本,计算能力及存储空间都比较有限,限制了现有成熟安全机制的使用。因此,RFID安全解决方案还有一个特殊的要求,即方案的实用性,即,解决方案必须适合RFID计算开销、存储能力和通信能力受限的特点。为了便于设计和管理RFID系统,通常假设标签与阅读器之间的通信信道是不安全的,而阅读器与后端数据库之间的通信信道则是安全的。Practicality: Because the reader and the background database usually have relatively strong computing power, the communication security problem between them can be solved by using a relatively mature computer network security mechanism. However, the tag requires low cost, and the computing power and storage space are relatively limited, which limits the use of existing mature security mechanisms. Therefore, the RFID security solution also has a special requirement, that is, the practicability of the solution, that is, the solution must be suitable for the characteristics of RFID's limited computing overhead, storage capacity and communication capacity. In order to facilitate the design and management of RFID systems, it is usually assumed that the communication channel between the tag and the reader is insecure, while the communication channel between the reader and the back-end database is secure.

隐私性:因为RFID标签是非接触自动识别技术,所以标签可能在用户不知情的情况下被阅读器读取,存在用户隐私被非法读取的隐患。因此,RFID系统的隐私性保护,即:保护消费者隐私性或者相关经济实体的商业利益,可能比别的通信系统有更强的重要性。Privacy: Because the RFID tag is a non-contact automatic identification technology, the tag may be read by the reader without the user's knowledge, and there is a hidden danger of the user's privacy being illegally read. Therefore, the privacy protection of RFID systems, namely: protecting the privacy of consumers or the commercial interests of related economic entities, may have stronger importance than other communication systems.

如何根据RFID系统的自身特点,在标签计算速度、通信能力和存储空间非常有限的情况下,设计较好的安全机制,提供安全性和隐私性保护,防止各种恶意攻击,为RFID系统创造一个相对安全的工作环境,关系到RFID系统能否真正走向实用。According to the characteristics of the RFID system, how to design a better security mechanism, provide security and privacy protection, prevent various malicious attacks, and create an A relatively safe working environment is related to whether the RFID system can be truly practical.

目前,国内外针对RFID安全技术进行了一系列的研究。图2是现有技术中的一种随机化Hash-Lock协议方案,其中IDk为标签标识;Get all IDS为阅读器向数据库提出获得所有标签标识的请求。At present, a series of researches on RFID security technology have been carried out at home and abroad. Fig. 2 is a randomized Hash-Lock protocol scheme in the prior art, where ID k is the tag ID; Get all ID S is the reader's request to the database to obtain all tag IDs.

随机化Hash-Lock协议的执行过程如下:The execution process of the randomized Hash-Lock protocol is as follows:

步骤s201、阅读器向标签发送Command命令;Step s201, the reader sends a Command command to the tag;

步骤s202、标签生成一个随机数R,计算H(IDk‖R)。标签将(R,H(IDk‖R))发送给阅读器;Step s202, the tag generates a random number R, and calculates H(ID k ∥R). The tag sends (R, H(ID k ∥R)) to the reader;

步骤s203、阅读器向数据库提出获得所有标签标识的请求;Step s203, the reader submits a request to the database to obtain all tag identifications;

步骤s204、数据库将自己数据库中的所有标签标识(ID1,ID2,...,IDs)发送给阅读器;Step s204, the database sends all tag identifications (ID 1 , ID 2 , ..., ID s ) in its own database to the reader;

步骤s205、阅读器检查是否有某个IDj,使得H(IDj‖R)=(IDk‖R)成立;如果有,则认证通过,并将IDj发送给标签;标签验证IDj与IDk是否相同,如相同,则认证通过。否则,将被禁止。Step s205, the reader checks whether there is a certain ID j , so that H(ID j ∥R)=(ID k ∥R) is established; if yes, the authentication is passed, and ID j is sent to the tag; the tag verifies that ID j and Whether the ID k is the same, if they are the same, the authentication is passed. Otherwise, it will be banned.

发明人在实现本发明的过程中,发现现有技术至少存在以下缺点:In the process of realizing the present invention, the inventor finds that the prior art has at least the following disadvantages:

阅读器在对每个标签的认证过程中,都需要对数据库中所有的标签进行计算和比较,导致读取效率较低。During the authentication process of each tag, the reader needs to calculate and compare all the tags in the database, resulting in low reading efficiency.

发明内容 Contents of the invention

本发明的实施例提供一种无线射频识别RFID系统中的认证方法、设备和系统,以提高现有RFID系统认证过程中的读取效率。Embodiments of the present invention provide an authentication method, device and system in a radio frequency identification (RFID) system, so as to improve the reading efficiency in the authentication process of the existing RFID system.

为达到上述目的,本发明的实施例提供一种无线射频识别RFID系统中的认证方法,包括以下步骤:In order to achieve the above object, an embodiment of the present invention provides an authentication method in a radio frequency identification (RFID) system, comprising the following steps:

接收第一认证信息和第二认证信息,在本地查找具有所述第一认证信息的标签;receiving the first authentication information and the second authentication information, and searching locally for a label with the first authentication information;

根据具有所述第一认证信息的标签的参数,生成第三认证信息;generating third authentication information according to the parameters of the tag with the first authentication information;

判断所述第二认证消息与所述第三认证消息是否相同,若相同,则对所述具有所述第一认证信息的标签认证成功。Judging whether the second authentication message is the same as the third authentication message, and if they are the same, the authentication of the tag with the first authentication information is successful.

本发明的实施例还提供一种无线射频识别RFID系统中的认证方法,包括以下步骤:Embodiments of the present invention also provide an authentication method in a radio frequency identification RFID system, comprising the following steps:

根据标签的参数,分别生成第一认证信息和第二认证信息;Generating first authentication information and second authentication information respectively according to the parameters of the tag;

将所述第一认证信息和第二认证信息向阅读器发送;sending the first authentication information and the second authentication information to the reader;

所述阅读器用于根据所述第一认证信息查找具有所述第一认证信息的标签,根据具有所述第一认证信息的标签的相关参数,生成第三认证信息,根据所述第二认证消息与所述第三认证消息是否相同对所述具有所述第一认证信息的标签进行合法性认证。The reader is configured to search for a tag with the first authentication information according to the first authentication information, generate third authentication information according to relevant parameters of the tag with the first authentication information, and generate third authentication information according to the second authentication message Perform legality authentication on the label with the first authentication information whether it is the same as the third authentication message.

本发明的实施例还提供一种阅读器,用于RFID系统中的认证,包括:Embodiments of the present invention also provide a reader for authentication in an RFID system, including:

接收单元,用于接收第一认证信息和第二认证信息;a receiving unit, configured to receive first authentication information and second authentication information;

查找单元,用于在本地查找具有所述接收单元接收的第一认证信息的标签;a search unit, configured to locally search for a tag with the first authentication information received by the receiving unit;

生成单元,用于根据所述查找单元查找到的具有所述第一认证信息的标签的参数,生成第三认证信息;a generating unit, configured to generate third authentication information according to the parameters of the tag with the first authentication information found by the search unit;

认证单元,用于当所述生成单元生成的第三认证信息与从所述第二认证信息相同时,判断对所述具有所述第一认证信息的标签认证成功。An authentication unit, configured to determine that the authentication of the tag with the first authentication information is successful when the third authentication information generated by the generation unit is the same as the second authentication information.

本发明的实施例还提供一种标签,包括:Embodiments of the present invention also provide a label, comprising:

认证信息生成单元,用于根据相关参数分别生成第一认证信息和第二认证信息;An authentication information generating unit, configured to generate first authentication information and second authentication information respectively according to relevant parameters;

认证信息发送单元,用于将所述认证信息生成单元生成的第一认证信息和第二认证信息向阅读器发送;所述阅读器用于根据所述第一认证信息查找具有所述第一认证信息的标签,根据具有所述第一认证信息的标签的相关参数,生成第三认证信息,根据所述第二认证消息与所述第三认证消息是否相同对所述具有所述第一认证信息的标签进行合法性认证。An authentication information sending unit, configured to send the first authentication information and the second authentication information generated by the authentication information generating unit to a reader; tag, generate third authentication information according to the relevant parameters of the tag with the first authentication information, and generate third authentication information for the tag with the first authentication information according to whether the second authentication message is the same as the third authentication message Labels are legally certified.

本发明的实施例还提供一种认证系统,用于RFID系统中的认证,包括:Embodiments of the present invention also provide an authentication system for authentication in an RFID system, including:

标签,用于生成第一认证信息和第二认证信息,并向所述阅读器发送所述第一认证信息和所述第二认证信息;a tag, configured to generate first authentication information and second authentication information, and send the first authentication information and the second authentication information to the reader;

阅读器,用于接收第一认证信息和第二认证信息,在本地查找具有所述第一认证信息的标签;根据具有所述第一认证信息的标签的参数,生成第三认证信息;判断所述第二认证消息与所述第三认证消息是否相同,若相同,则对所述具有所述第一认证信息的标签认证成功。The reader is configured to receive the first authentication information and the second authentication information, and search locally for a label with the first authentication information; generate third authentication information according to the parameters of the label with the first authentication information; determine the Whether the second authentication message is the same as the third authentication message, and if they are the same, the authentication of the tag with the first authentication information is successful.

与现有技术相比,本发明的实施例具有以下优点:Compared with the prior art, the embodiments of the present invention have the following advantages:

在阅读器方预先存储标签的一认证信息,认证过程中,标签反馈该认证信息和其他认证信息;在计算之前,阅读器通过对于该认证信息的比较缩小标签范围,然后再进行其他认证信息的计算和比较,最后完成认证过程。使用该方法将减少标签认证过程中对标签的计算和比较次数,提高读取效率。The reader pre-stores an authentication information of the tag, and during the authentication process, the tag feeds back the authentication information and other authentication information; before calculation, the reader narrows down the scope of the tag by comparing the authentication information, and then performs other authentication information Calculate and compare, and finally complete the certification process. Using this method will reduce the number of calculations and comparisons of tags in the process of tag authentication, and improve reading efficiency.

附图说明 Description of drawings

图1是现有技术中RFID系统的组成结构示意图;FIG. 1 is a schematic diagram of the composition and structure of an RFID system in the prior art;

图2是现有技术中随机化Hash-Lock协议过程示意图;Fig. 2 is a schematic diagram of the randomized Hash-Lock protocol process in the prior art;

图3是本发明实施例中RFID系统中认证方法的流程图;Fig. 3 is the flowchart of authentication method in the RFID system in the embodiment of the present invention;

图4是本发明实施例中RFID系统中认证方法的信令流程图;Fig. 4 is the signaling flowchart of the authentication method in the RFID system in the embodiment of the present invention;

图5是本发明实施例中RFID系统中认证系统的结构示意图;Fig. 5 is a schematic structural diagram of an authentication system in an RFID system in an embodiment of the present invention;

图6是本发明实施例中阅读器的结构示意图;Fig. 6 is a schematic structural diagram of a reader in an embodiment of the present invention;

图7是本发明实施例中标签的结构示意图。Fig. 7 is a schematic structural diagram of a tag in an embodiment of the present invention.

具体实施方式 Detailed ways

下面结合附图和实施例,对本发明的具体实施方式作进一步详细描述:Below in conjunction with accompanying drawing and embodiment, the specific embodiment of the present invention is described in further detail:

本发明的实施例提供一种RFID系统中的认证方法,如图3所示,包括以下步骤:Embodiments of the present invention provide an authentication method in an RFID system, as shown in Figure 3, comprising the following steps:

步骤s301、将标签和阅读器间需要认证的认证信息分为多组,至少包括第一认证信息和第二认证信息;并在阅读器侧存储各标签的第一认证信息和相关参数。该第一认证信息和第二认证信息的用途在于:阅读器根据第一认证信息缩小需要认证的标签的范围,根据第二认证信息对所述标签的合法性进行认证。Step s301: Divide the authentication information that needs to be authenticated between the tag and the reader into multiple groups, including at least the first authentication information and the second authentication information; and store the first authentication information and related parameters of each tag on the reader side. The purpose of the first authentication information and the second authentication information is that the reader narrows down the range of tags that need to be authenticated according to the first authentication information, and authenticates the legitimacy of the tags according to the second authentication information.

步骤s302、在认证过程中,标签生成第一认证信息和第二认证信息并向阅读器发送。Step s302. During the authentication process, the tag generates first authentication information and second authentication information and sends them to the reader.

步骤s303、阅读器接收到标签发送的认证信息,对标签发送的第一认证信息进行查找。Step s303, the reader receives the authentication information sent by the tag, and searches for the first authentication information sent by the tag.

步骤s304、判断是否存在具有该第一认证信息的标签,存在时则继续步骤s305,不存在则认为认证失败并结束。Step s304 , judging whether there is a tag with the first authentication information, if yes, proceed to step s305 , if not, consider the authentication failed and end.

步骤s305、使用具有该第一认证信息的标签的相关参数生成第三认证信息。阅读器在生成第三认证信息时,使用与标签生成第二认证信息时相同的算法、和/或参数。Step s305, generating third authentication information by using the relevant parameters of the tag with the first authentication information. When the reader generates the third authentication information, it uses the same algorithm and/or parameters as when the tag generates the second authentication information.

步骤s306、将生成的各标签的第三认证信息与接收的第二认证信息进行比较,存在相同的认证信息时则继续步骤s307,否则认为认证失败并结束。Step s306 , compare the generated third authentication information of each tag with the received second authentication information, if there is the same authentication information, continue to step s307 , otherwise consider the authentication failed and end.

步骤s307、判断从标签接收到的所有认证信息都通过认证,认证成功。Step s307, judging that all the authentication information received from the tag has passed the authentication, and the authentication is successful.

以下结合一具体的应用场景,描述本发明实施例的具体实施方式。其中,以标签和阅读器使用多组认证信息进行认证为例,该多组认证信息至少包括第一认证信息和其他认证信息。其中第一认证信息相比其他认证信息为简单认证信息,在阅读器方存储标签的简单认证信息;认证过程中,标签反馈简单认证信息以及其他认证信息。在计算之前,阅读器通过对简单认证信息的比较,缩小标签范围,然后再进行其他认证信息的计算和比较,最后完成认证过程。该应用场景的信令流程图如图3所示。The specific implementation manner of the embodiment of the present invention is described below in conjunction with a specific application scenario. Wherein, an example is taken in which the tag and the reader use multiple sets of authentication information for authentication, and the multiple sets of authentication information include at least first authentication information and other authentication information. The first authentication information is simple authentication information compared with other authentication information, and the simple authentication information of the tag is stored on the reader side; during the authentication process, the tag feeds back the simple authentication information and other authentication information. Before calculation, the reader narrows down the range of tags by comparing simple authentication information, and then calculates and compares other authentication information, and finally completes the authentication process. The signaling flowchart of this application scenario is shown in FIG. 3 .

其中,Info-1,Info-2为标签信息;Key为阅读器和标签之间共享的密钥;OtherElement为认证过程中的其它信息;f1和f2为数据处理函数。标签和阅读器方要预先共享密钥Key,在阅读器方存放标签信息,及认证信息f1(Info-1,Key)。认证流程如图4所示,包括以下步骤:Among them, Info-1 and Info-2 are tag information; Key is the key shared between the reader and the tag; OtherElement is other information in the authentication process; f1 and f2 are data processing functions. The tag and the reader need to share the key in advance, and store the tag information and authentication information f1 (Info-1, Key) in the reader. The authentication process is shown in Figure 4, including the following steps:

步骤s401、阅读器发起Command命令;Step s401, the reader initiates a Command command;

步骤s402、标签计算第一认证信息A和第二认证信息B,例如,另:A=f1(Info-1,Key),B=f2(Info-1,Info-2,Key,OtherElement),并向阅读器反馈A和B;当然也可以采用其他方法的计算第一认证信息A和第二认证信息B。Step s402, the tag calculates the first authentication information A and the second authentication information B, for example, in addition: A=f1(Info-1, Key), B=f2(Info-1, Info-2, Key, OtherElement), and Feedback A and B to the reader; of course, other methods can also be used to calculate the first authentication information A and the second authentication information B.

步骤s403、阅读器根据(A,B)对标签进行认证。Step s403, the reader authenticates the tag according to (A, B).

阅读器从数据库中得到所有标签的信息,并找出所有存储的f1(Info-1,Key)信息与第一认证信息A相同的标签;然后,针对这些标签,使用与标签计算和第二认证信息B相同的方法,计算第三认证信息B‘=f2(Info-1,Info-2,Key,OtherElement),比较是否存在标签的B’与传递过来的B相同,如果有,则标签通过认证。The reader obtains the information of all tags from the database, and finds out all tags whose stored f1 (Info-1, Key) information is the same as the first authentication information A; then, for these tags, use the AND tag calculation and the second authentication In the same way as information B, calculate the third authentication information B'=f2(Info-1, Info-2, Key, OtherElement), and compare whether the B' of the label is the same as the passed B, if there is, the label passes the authentication .

通过使用本发明实施例提供的上述方法,在阅读器方预先存储标签的一认证信息,认证过程中,标签反馈该认证信息和其他认证信息;在计算之前,阅读器通过对于该认证信息的比较缩小标签范围,然后再进行其他认证信息的计算和比较,最后完成认证过程。使用该方法将减少标签认证过程中对标签的计算和比较次数,提高读取效率。By using the above method provided by the embodiment of the present invention, the reader pre-stores an authentication information of the tag, and during the authentication process, the tag feeds back the authentication information and other authentication information; before the calculation, the reader compares the authentication information Narrow the scope of the label, and then calculate and compare other certification information, and finally complete the certification process. Using this method will reduce the number of calculations and comparisons of tags in the process of tag authentication, and improve reading efficiency.

本发明的实施例还提供一种RFID系统中的认证系统和设备,其结构如图5所示,包括:阅读器10和至少一个标签20。其中,阅读器10用于预先存储标签20的第一认证信息,认证过程中,标签20反馈第一认证信息和第二认证信息;在计算之前,阅读器10通过对于该第一认证信息的比较缩小标签范围,然后再进行第二认证信息的计算和比较,最后完成认证过程。The embodiment of the present invention also provides an authentication system and equipment in an RFID system, the structure of which is shown in FIG. 5 , including: a reader 10 and at least one tag 20 . Among them, the reader 10 is used to pre-store the first authentication information of the tag 20, and during the authentication process, the tag 20 feeds back the first authentication information and the second authentication information; before calculation, the reader 10 compares the first authentication information Narrow down the scope of the label, and then calculate and compare the second authentication information, and finally complete the authentication process.

具体的,阅读器10的结构如图6所示,进一步包括:Specifically, the structure of the reader 10 is shown in Figure 6, further comprising:

接收单元11,用于接收标签发送的第一认证信息和第二认证信息。The receiving unit 11 is configured to receive the first authentication information and the second authentication information sent by the tag.

查找单元12,用于在本地查找具有所述接收单元11接收的第一认证信息的标签。The search unit 12 is configured to search locally for a label with the first authentication information received by the receiving unit 11 .

生成单元13,用于根据所述查找单元12查找到的具有所述接收的第一认证信息的标签的相关参数,生成第三认证信息;生成单元13可以具体为第一生成子单元,用于使用与标签生成第二认证信息时相同的算法、和/或参数,生成第三认证信息。The generation unit 13 is configured to generate third authentication information according to the relevant parameters of the label with the received first authentication information found by the search unit 12; the generation unit 13 may be specifically a first generation subunit for The third authentication information is generated by using the same algorithm and/or parameters as when the tag generates the second authentication information.

认证单元14,用于当所述生成单元13生成的第三认证信息与接收的第二认证信息相同时,判断具有所述第一认证信息的标签认证成功。The authentication unit 14 is configured to judge that the authentication of the label with the first authentication information is successful when the third authentication information generated by the generating unit 13 is the same as the received second authentication information.

存储单元15,用于存储各标签的第一认证信息、以及相关参数并提供给查找单元12和生成单元13。The storage unit 15 is configured to store the first authentication information of each tag and related parameters and provide them to the search unit 12 and the generation unit 13 .

标签20的结构如图7所示,进一步包括:The structure of label 20 is shown in Figure 7, further includes:

认证信息生成单元21,用于根据相关参数分别生成第一认证信息和第二认证信息;生成不同认证信息时使用了不同的算法、和/或参数。The authentication information generating unit 21 is configured to respectively generate first authentication information and second authentication information according to related parameters; different algorithms and/or parameters are used when generating different authentication information.

认证信息发送单元22,用于将所述认证信息生成单元21生成的第一认证信息和第二认证信息向阅读器发送。所述阅读器用于根据所述第一认证信息查找具有所述第一认证信息的标签,根据具有所述第一认证信息的标签的相关参数,生成第三认证信息,根据所述第二认证消息与所述第三认证消息是否相同对所述具有所述第一认证信息的标签进行合法性认证。The authentication information sending unit 22 is configured to send the first authentication information and the second authentication information generated by the authentication information generating unit 21 to the reader. The reader is configured to search for a tag with the first authentication information according to the first authentication information, generate third authentication information according to relevant parameters of the tag with the first authentication information, and generate third authentication information according to the second authentication message Perform legality authentication on the label with the first authentication information whether it is the same as the third authentication message.

通过使用本发明实施例提供的上述系统和设备,在阅读器方预先存储标签的一认证信息,认证过程中,标签反馈该认证信息和其他认证信息;在计算之前,阅读器通过对于该认证信息的比较缩小标签范围,然后再进行其他认证信息的计算和比较,最后完成认证过程。使用该方法将减少标签认证过程中对标签的计算和比较次数,提高读取效率。By using the above-mentioned system and equipment provided by the embodiment of the present invention, a piece of authentication information of the tag is pre-stored on the reader side. During the authentication process, the tag feeds back the authentication information and other authentication information; The comparison narrows down the label range, and then calculates and compares other certification information, and finally completes the certification process. Using this method will reduce the number of calculations and comparisons of tags in the process of tag authentication, and improve reading efficiency.

通过以上的实施方式的描述,本领域的技术人员可以清楚地了解到本发明可借助软件加必需的通用硬件平台的方式来实现,当然也可以通过硬件,但很多情况下前者是更佳的实施方式。基于这样的理解,本发明的技术方案本质上或者说对现有技术做出贡献的部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质中,包括若干指令用以使得一台设备执行本发明各个实施例所述的方法。Through the description of the above embodiments, those skilled in the art can clearly understand that the present invention can be implemented by means of software plus a necessary general-purpose hardware platform, and of course also by hardware, but in many cases the former is a better implementation Way. Based on this understanding, the essence of the technical solution of the present invention or the part that contributes to the prior art can be embodied in the form of a software product. The computer software product is stored in a storage medium and includes several instructions to make a The station device executes the methods described in various embodiments of the present invention.

以上公开的仅为本发明的几个具体实施例,但是,本发明并非局限于此,任何本领域的技术人员能思之的变化都应落入本发明的保护范围。The above disclosures are only a few specific embodiments of the present invention, however, the present invention is not limited thereto, and any changes conceivable by those skilled in the art shall fall within the protection scope of the present invention.

Claims (13)

1, the authentication method in a kind of wireless radio frequency discrimination RFID system is characterized in that, may further comprise the steps:
Receive first authentication information and second authentication information, search label in this locality with described first authentication information;
According to the parameter of label, generate the 3rd authentication information with described first authentication information;
Judge whether described second authentication message is identical with described the 3rd authentication message, if identical, then to described smart-tag authentication success with described first authentication information.
2, the authentication method in the rfid system according to claim 1 is characterized in that, also comprises before described reception first authentication information and second authentication information:
Many groups be will be divided into the authentication information that label authenticates, and first authentication information and the correlation parameter of each label stored.
3, the authentication method in the rfid system according to claim 1 is characterized in that, described basis has the parameter of label of first authentication information of described reception, generates the 3rd authentication information and is specially:
Described second authentication message uses identical algorithm and parameter to generate with described the 3rd authentication information.
4, as the authentication method in the rfid system as described in each in the claim 1 to 3, it is characterized in that described parameter comprises: cipher key shared and other authenticate employed parameter between the information of described label, described label and described reader.
5, the authentication method in a kind of wireless radio frequency discrimination RFID system is characterized in that, may further comprise the steps:
According to the parameter of label, generate first authentication information and second authentication information respectively;
Described first authentication information and second authentication information are sent to reader;
Described reader is used for searching the label with described first authentication information according to described first authentication information, correlation parameter according to label with described first authentication information, generate the 3rd authentication information, described label with described first authentication information is carried out the legitimacy authentication according to described second authentication message and described the 3rd authentication message be whether identical.
As the authentication method in the rfid system as described in the claim 5, it is characterized in that 6, described label has used different algorithms and/or parameter when generating different authentication informations.
7, a kind of reader is used for the authentication of rfid system, it is characterized in that, comprising:
Receiving element is used to receive first authentication information and second authentication information;
Search the unit, be used for searching the label of first authentication information with described receiving element reception in this locality;
Generation unit is used for the parameter of searching the label with described first authentication information that the unit finds according to described, generates the 3rd authentication information;
Authentication ' unit, be used for the 3rd authentication information that generates when described generation unit with from described second authentication information when identical, judge successfully described smart-tag authentication with described first authentication information.
8, as reader as described in the claim 7, it is characterized in that, also comprise:
Storage unit is used to store first authentication information of each label and the parameter of each label, and offers described unit and the generation unit searched.
As reader as described in the claim 7, it is characterized in that 9, described generation unit is specially first and generates subelement, be used to use algorithm and parameter identical when generating second authentication information, generate the 3rd authentication information.
10, a kind of label is characterized in that, comprising:
The authentication information generation unit is used for generating first authentication information and second authentication information respectively according to correlation parameter;
The authentication information transmitting element is used for first authentication information and second authentication information that described authentication information generation unit generates are sent to reader; Described reader is used for searching the label with described first authentication information according to described first authentication information, correlation parameter according to label with described first authentication information, generate the 3rd authentication information, described label with described first authentication information is carried out the legitimacy authentication according to described second authentication message and described the 3rd authentication message be whether identical.
11, a kind of Verification System is used for the authentication of rfid system, it is characterized in that, comprising:
Label is used to generate first authentication information and second authentication information, and sends described first authentication information and described second authentication information to described reader;
Reader is used to receive first authentication information and second authentication information, searches the label with described first authentication information in this locality; According to the parameter of label, generate the 3rd authentication information with described first authentication information; Judge whether described second authentication message is identical with described the 3rd authentication message, if identical, then to described smart-tag authentication success with described first authentication information.
12, as Verification System as described in the claim 11, it is characterized in that described label further comprises:
The authentication information generation unit is used for generating first authentication information and second authentication information respectively according to correlation parameter;
The authentication information transmitting element is used for first authentication information and second authentication information that described authentication information generation unit generates are sent to reader.
13, as Verification System as described in the claim 11, it is characterized in that described reader further comprises:
Receiving element is used to receive first authentication information and second authentication information that label sends;
Search the unit, be used for searching the label of first authentication information with described receiving element reception in this locality;
Generation unit is used for the correlation parameter of searching the label with described first authentication information that the unit finds according to described, generates the 3rd authentication information;
Authentication ' unit is used for the 3rd authentication information that generates when described generation unit and, judges to described smart-tag authentication successfully when identical from described second authentication information.
CNA2008100014136A 2007-12-27 2008-01-18 Authentication method, equipment and system for wireless radio frequency recognition system Pending CN101470794A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CNA2008100014136A CN101470794A (en) 2007-12-27 2008-01-18 Authentication method, equipment and system for wireless radio frequency recognition system

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
CN200710198651 2007-12-27
CN200710198651.6 2007-12-27
CNA2008100014136A CN101470794A (en) 2007-12-27 2008-01-18 Authentication method, equipment and system for wireless radio frequency recognition system

Publications (1)

Publication Number Publication Date
CN101470794A true CN101470794A (en) 2009-07-01

Family

ID=40828258

Family Applications (1)

Application Number Title Priority Date Filing Date
CNA2008100014136A Pending CN101470794A (en) 2007-12-27 2008-01-18 Authentication method, equipment and system for wireless radio frequency recognition system

Country Status (1)

Country Link
CN (1) CN101470794A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101814991A (en) * 2010-03-12 2010-08-25 西安西电捷通无线网络通信股份有限公司 Mutual authentication method and system based on identity
CN102546552A (en) * 2010-12-24 2012-07-04 中国联合网络通信集团有限公司 Authentication method, equipment and system
US9088616B2 (en) 2009-09-21 2015-07-21 Huawei Technologies Co., Ltd. Method and apparatus for authentication

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9088616B2 (en) 2009-09-21 2015-07-21 Huawei Technologies Co., Ltd. Method and apparatus for authentication
CN101814991A (en) * 2010-03-12 2010-08-25 西安西电捷通无线网络通信股份有限公司 Mutual authentication method and system based on identity
CN101814991B (en) * 2010-03-12 2012-05-09 西安西电捷通无线网络通信股份有限公司 Identity-based bidirectional authentication method and system
CN102546552A (en) * 2010-12-24 2012-07-04 中国联合网络通信集团有限公司 Authentication method, equipment and system

Similar Documents

Publication Publication Date Title
Sidorov et al. Ultralightweight mutual authentication RFID protocol for blockchain enabled supply chains
CN105354604B (en) A kind of method for anti-counterfeit effectively based on physics unclonable function
EP2667326B1 (en) Method for dynamic authentication between reader and tag, and device therefor
CN101488854B (en) Wireless RFID system authentication method and apparatus
CN101950367B (en) RFID system introducing agent device and two-way authentification method thereof
CN101882197B (en) RFID (Radio Frequency Identification Device) inquiring-response safety certificate method based on grading key
CN105144670A (en) Wireless networking-enabled personal identification system
Dimitriou rfidDOT: RFID delegation and ownership transfer made simple
CN101645138B (en) A radio frequency identification privacy authentication method
CN102693438B (en) Privacy protection radio frequency identification password protocol method and system
CN110190965A (en) An RFID Group Tag Authentication Protocol Based on Hash Function
CN102497264A (en) RFID security authentication method based on EPC C-1G-2 standard
CN103532718A (en) Authentication method and authentication system
CN101470795B (en) Communication method and device in a radio frequency identification system
Vahedi et al. Security analysis and complexity comparison of some recent lightweight RFID protocols
CN108566385B (en) Cloud-based two-way authentication method for efficient privacy protection
Peng et al. Privacy protection based on key-changed mutual authentication protocol in internet of things
CN104579688B (en) It is a kind of based on Hash function can synchronized update key RFID mutual authentication method
CN107040363B (en) Method and system for lightweight RFID ownership transfer based on chaotic encryption
CN101667255A (en) Security authentication method, device and system for radio frequency identification
CN110650019A (en) RFID authentication method and system based on PUF and security sketch
CN107276742B (en) A kind of authentication method of RFID system
Won et al. Strong authentication protocol for secure RFID tag search without help of central database
CN101470794A (en) Authentication method, equipment and system for wireless radio frequency recognition system
Li et al. Privacy protection for low-cost RFID tags in IoT systems

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C12 Rejection of a patent application after its publication
RJ01 Rejection of invention patent application after publication

Open date: 20090701