Movatterモバイル変換

[0]ホーム
URL:

CN102143488B - Method for safe communication between reader and electronic tag, reader and electronic tag - Google Patents

Method for safe communication between reader and electronic tag, reader and electronic tagDownload PDF

Info

Publication number
CN102143488B
CN102143488BCN201010575476XACN201010575476ACN102143488BCN 102143488 BCN102143488 BCN 102143488BCN 201010575476X ACN201010575476X ACN 201010575476XACN 201010575476 ACN201010575476 ACN 201010575476ACN 102143488 BCN102143488 BCN 102143488B
Authority
CN
China
Prior art keywords
read write
write line
electronic tag
message
discriminating
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201010575476XA
Other languages
Chinese (zh)
Other versions
CN102143488A (en
Inventor
杜志强
曹军
铁满霞
张国强
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Iwncomm Co Ltd
Original Assignee
China Iwncomm Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Iwncomm Co LtdfiledCriticalChina Iwncomm Co Ltd
Priority to CN201010575476XApriorityCriticalpatent/CN102143488B/en
Priority to PCT/CN2011/075915prioritypatent/WO2012075797A1/en
Publication of CN102143488ApublicationCriticalpatent/CN102143488A/en
Application grantedgrantedCritical
Publication of CN102143488BpublicationCriticalpatent/CN102143488B/en
Activelegal-statusCriticalCurrent
Anticipated expirationlegal-statusCritical

Links

Images

Classifications

Landscapes

Abstract

The invention provides a method for safe communication between a reader and an electronic tag, the reader and the electronic tag. The method for the safe communication between the reader and the electronic tag comprises the following steps that: 1) the reader and the electronic tag establish physical connection; and 2) the reader and the electronic tag establish a safety link. The invention provides a method for the safe communication between the reader and the electronic tag with higher safety, and the reader and the electronic tag for implementing the method.

Description

A kind of method of read write line and secure electronic label communication
Technical field
The invention belongs to network safety filed, relate to read write line and electronic tag that read write line and electronic tag in a kind of radio-frequency recognition system carry out the method for secure communication and realize the method.
Background technology
RFID (Radio Frequency Identificaton, RFID) technology is acknowledged as one of large important technology of 21 centurys ten as an advanced person's automatic identification and data collection technology, is also the main implementation technique of Internet of Things.At present, the RFID technology is applied in a lot of fields of society, on improve the human life quality, improve the performance of enterprises, enhancing public security is producing important impact.
Radio-frequency (RF) identification is as a kind of wireless technology, due to the wireless and broadcast characteristic in its communication process, subject to message and be ravesdropping, alter, forge, and entity the attack such as is hunted down, copies, need to introduce security mechanism and guarantee the fail safe of communicating by letter in communication process.
Summary of the invention
In order to solve the above-mentioned technical problem that exists in background technology, the invention provides the method for the higher read write line of a kind of fail safe and secure electronic label communication and realize read write line and the electronic tag of the method.
Technical solution of the present invention is: the invention provides a kind of method of read write line and secure electronic label communication, its special character is: said method comprising the steps of:
1) read write line and electronic tag are set up physical connection;
2) read write line and electronic tag are set up safety chain.
Above-mentioned steps 2) specific implementation is:
2.1.0) read write line has master key MK, label has wildcard PSK, and wildcard PSK is derived by calculating by the sign TID of master key MK and label;
2.1.1) read write line sends security parameter to label and obtain message, security parameter obtains the safety chain that message is used for starting read write line and label and sets up process;
2.1.2) after label received that the security parameter of read write line obtains message, label configurations security parameter response message sent to read write line, described security parameter response message comprises the security algorithm type that label is supported;
2.1.3) read write line is to label transmission discriminating request message, described discriminating request message comprises NrField, NrIt is the random number that read write line generates;
2.1.4) after label received the discriminating request message of read write line, if need to differentiate read write line, label generated random number Nt, and utilize wildcard PSK to Nr|| NtCalculation of integrity check code MIC1, label returns differentiates request response to read write line, described discriminating request response comprises Nr, NtAnd MIC1, N whereinrBe Optional Field;
If label do not need read write line is differentiated, label utilizes wildcard PSK to NrCalculation of integrity check code MIC1, and return and differentiate request response to read write line, described discriminating request response comprises NrAnd MIC1, N whereinrBe Optional Field;
2.1.5) after read write line receives the discriminating request response that label returns, if message comprises NrAnd this NrWith read write line at step 2.1.3) in the random number N that generatesrUnequal, read write line abandons this discriminating request response; If the discriminating request response comprises NrAnd this NrWith read write line at step 2.1.3) in the random number N that generatesrEquate or differentiate that request response does not comprise Nr, read write line utilizes the identifier TID of master key MK and label, derives PSK by MK||TID is calculated;
When read write line need to be differentiated label, read write line by PSK to Nr|| NtRecomputate completeness check code MIC1', and with MIC1' with the discriminating request response received in MIC1Relatively, if both unequal, read write line abandons this discriminating request response; If both equate, read write line thinks that label is legal, and read write line utilizes PSK to NtGenerate MIC2, and sending discriminating response confirmation message to label, described discriminating response confirmation message comprises Nt, MIC2, N whereintBe Optional Field;
When read write line does not need to differentiate label, read write line by PSK to NrRecomputate completeness check code MIC1', and with MIC1' with the discriminating request response received in MIC1Relatively, if both unequal, read write line abandons this discriminating request response; If both equate, read write line thinks that label is legal;
2.1.6) after label receives the discriminating response confirmation message of read write line, if message comprises NtAnd this NtWith label at step 2.1.4) in the random number N that generatestUnequal, label is thought that read write line is illegal and is abandoned this discriminating response confirmation message; If differentiate that response confirmation message comprises NtAnd this NtWith label at step 2.1.4) in the random number N that generatestEquate or differentiate in response confirmation message not comprise Nt, label utilizes PSK to NtRecomputate completeness check code MIC2', with MIC2' with the discriminating response confirmation message received in MIC2Relatively;
Label is with MIC2' with the discriminating response confirmation message received in MIC2In the time of relatively, if unequal, label is thought that read write line is illegal and is abandoned this discriminating response confirmation message; If equate, label thinks that read write line is legal.
Above-mentioned steps 2.1.6) afterwards, read write line needs label is differentiated and label when also needing differentiate read write line, and label sends identification result message to read write line; If label thinks that read write line is legal, described discriminating response confirmation message comprises the discriminating success message; If label thinks that read write line is illegal, described discriminating response confirmation message comprises the discriminating failed message.
If read write line needs to differentiate with label and label also needs read write line is differentiated, at step 2.1.4) in, label utilizes Nr, NtAnd PSK derives and the session key of read write line, at step 2.1.5) in, read write line utilizes Nr, NtAnd PSK derives and the session key of label;
Label does not need read write line is differentiated if the read write line need are differentiated label, at step 2.1.4) in, label utilizes NrWith the session key of PSK derivation with read write line, at step 2.1.5) in, read write line utilizes NrWith the session key of PSK derivation with label.
Above-mentioned steps 2) specific implementation can also be:
2.2.0) read write line has master key MK, label has wildcard PSK, and wildcard PSK is derived by calculating by the sign TID of master key MK and label;
2.2.1) read write line sends security parameter to label and obtain message, security parameter obtains the safety chain that message is used for starting with label and sets up process;
2.2.2) after label received that the security parameter of read write line obtains message, label configurations security parameter response message sent to read write line, described security parameter response message comprises the security algorithm class that label is supported;
2.2.3) read write line is to label transmission discriminating activation message, discriminating activates message for the discrimination process of startup label to read write line;
2.2.4) after label receives that discriminating that read write line sends activates message, generate random number Nt, and construct and differentiate that request message sends to read write line, comprise N in described discriminating request messaget
2.2.5) after read write line received the discriminating request message that label returns, at first read write line utilized the identifier TID of master key MK and label, derives PSK by MK||TID is calculated, PSK is to N for recyclingtCalculation of integrity check code MIC1, read write line sends to label and differentiates request response, and described discriminating request response comprises Nt, MIC1, N whereintBe Optional Field;
2.2.6) after label receives the discriminating request response that read write line returns, if message comprises NtAnd this NtWith label at step 2.2.4) in the random number N that generatestUnequal, label is thought that read write line is illegal and is abandoned this discriminating request response; If the discriminating request response comprises NtAnd with label at step 2.2.4) in the random number N that generatestEquate or differentiate that the request response kind does not comprise Nt, label utilizes PSK to NtCalculation of integrity check code MIC1', and with MIC1' with the discriminating request response received in MIC1Relatively, if unequal, label is thought that read write line is illegal and is abandoned this discriminating request response, if equate, label thinks that read write line is legal.
Above-mentioned steps 2.2.6) afterwards, label sends identification result message to read write line; If label thinks that read write line is legal, this message comprises the discriminating success message, if label thinks that read write line is illegal; This message comprises the discriminating failed message.
At step 2.2.5) in, read write line utilizes NtWith the session key of PSK derivation with label, at step 2.1.6) in, label utilizes NtWith the session key of PSK derivation with read write line.
The method also comprises the secure access process, and namely read write line and label can utilize the session key of derivation to be encrypted transmission to the conversation message between read write line and label.
The specific implementation of secure access process is:
3.1) read write line structure is to the operational order of label, utilizes session key and cryptographic algorithm to be encrypted the operational order of label and forms encrypt data ER, read write line is with the load of ER as secure access message, and structure secure access message sends to label;
3.2) after label receives the secure access message of read write line, at first resolve described secure access message and obtain its load, to obtain read write line to the operational order of label after the load deciphering, label is according to the operational order tectonic response data of read write line to label, and after this response data is encrypted, the load as the secure access response message sends to read write line;
3.3) after read write line receives the secure access response message that label sends, described secure access response message is resolved and its load is decrypted obtain label to the response data of read write line operational order.
The present invention also provides a kind of read write line, and its special character is: described read write line has
Set up the function of physical connection with electronic tag; And
Set up the function of safety chain with electronic tag.
A kind of form of described read write line is:
Described read write line has master key MK;
Described read write line can send security parameter to label and obtain message;
Described read write line receives can send to label after the security parameter response message of label and differentiates request message, and described discriminating request message comprises NrField, NrIt is the random number that read write line generates;
Described read write line can judge the N that whether comprises that differentiates in request response after receiving the discriminating request response of labelrAnd this NrThe N that whether generates with described read write linerEquate, if differentiate that request response comprises NrAnd this NrWith the N that generates with described read write linerUnequal, described read write line abandons this discriminating request response; If the discriminating request response comprises NrAnd this NrN with described read write line generationrEquate or differentiate that request response does not comprise Nr, described read write line utilizes the identifier TID of master key MK and label, derives PSK by MK||TID is calculated;
When described read write line need to be differentiated label, read write line can be by PSK to Nr|| NtRecomputate completeness check code MIC1', and with MIC1' with the MIC that differentiates in request response1Relatively, if both unequal, described read write line abandons this discriminating request response; If both equate, described read write line thinks that label is legal, and read write line utilizes PSK to NtGenerate MIC2, and sending discriminating response confirmation message to label, described discriminating response confirmation message comprises Nt, MIC2, N whereintBe Optional Field;
Described when writing device and not needing to differentiate label when reading, described read write line by PSK to NrRecomputate completeness check code MIC1', and with MIC1' with the MIC that differentiates in request response1Relatively, if both unequal, described read write line abandons this discriminating request response; If both equate, described read write line thinks that label is legal;
The another kind of form of described read write line is:
Described read write line has master key MK;
Described read write line can send security parameter to label and obtain message, and security parameter obtains message and sets up process for the safety chain that starts with label;
Described read write line is received after the security parameter response message of label to send to label and is differentiated and activate message, differentiates that activating message is used for starting label to the discrimination process of read write line;
After described read write line is received the discriminating request message of label, can utilize the identifier TID of master key MK and label, derive PSK by MK||TID is calculated, PSK is to N for recyclingtCalculation of integrity check code MIC1, and sending the discriminating request response to label, described discriminating request response comprises Nt, MIC1, N whereintBe Optional Field.
The present invention also provides a kind of electronic tag, and its special character is: described electronic tag has
Set up the function of physical connection with read write line; And
Set up the function of safety chain with read write line.
A kind of form of described label is:
Described label has wildcard PSK;
After described label receives that the security parameter of read write line obtains message, can construct the security parameter response message and send to read write line, described security parameter response message comprises the security algorithm type that label is supported;
After described label was received the discriminating request message of read write line, if need to differentiate read write line, described label can generate random number Nt, and utilize wildcard PSK to Nr|| NtCalculation of integrity check code MIC1, label returns differentiates request response to read write line, described discriminating request response comprises Nr, NtAnd MIC1, wherein, NrThe random number that read write line generates, NrBe Optional Field;
If described label do not need read write line is differentiated, described label can utilize wildcard PSK to NrCalculation of integrity check code MIC1, and return and differentiate request response to read write line, described discriminating request response comprises Nr, MIC1, N whereinrBe Optional Field;
Described label can judge to differentiate in response confirmation message whether comprise N after receiving the discriminating response confirmation message of read write linetAnd this NtRandom number N with described label generationtWhether equate, if differentiate that response confirmation message comprises NtAnd this NtRandom number N with described label generationtUnequal, described label is thought that read write line is illegal and is abandoned this discriminating response confirmation message; If differentiate that response confirmation message comprises NtAnd this NtRandom number N with the label generationtEquate or differentiate that response confirmation message does not comprise Nt, described label utilizes PSK to NtRecomputate completeness check code MIC2', with MIC2' with the discriminating response confirmation message received in MIC2Relatively;
Described label can be with MIC2' with the MIC that differentiates in response confirmation message2Relatively, if unequal, described label is thought that read write line is illegal and is abandoned this discriminating response confirmation message; If equate, described label thinks that read write line is legal.
A kind of form of described label is:
Described label has wildcard PSK;
After described label receives that the security parameter of read write line obtains message, can construct the security parameter response message and send to read write line, described security parameter response message comprises the security algorithm class that label is supported;
Described label can generate random number N after receiving that the discriminating of read write line transmission activates messaget, and construct and differentiate that request message sends to read write line, comprise N in described discriminating request messaget
Described label can judge to differentiate in the request response whether comprise N after receiving the discriminating request response of read write linetAnd this NtRandom number N with described label generationtWhether equate, if the request response of discriminating comprises NtAnd this NtThe random number N that is becoming with described labeltUnequal, described label is thought that read write line is illegal and is abandoned this discriminating request response; If the discriminating request response comprises NtAnd the random number N with the label generationtEquate or differentiate that the request response kind does not comprise Nt, label utilizes PSK to NtCalculation of integrity check code MIC1', and with MIC1' with the discriminating request response received in MIC1Relatively, if unequal, described label is thought that read write line is illegal and is abandoned this discriminating request response, if equate, described label thinks that read write line is legal.
The present invention has the following advantages:
Set up by the safety chain between read write line and label the legitimacy that process is guaranteed the communication counterpart identity, and when needed for read write line and label negotiate session key, thereby set up the secure communications links between read write line and label.In addition, the present invention also has following advantage: 1) reduction system realizes cost, and safety chain method for building up provided by the invention does not need the background data base support, and system realizes that cost is lower; 2) improve the efficient set up safety chain, safety chain method for building up provided by the invention need not Query Database in setting up the process of link, and identification efficiency is higher.
In addition, this law is bright also can utilize safety chain to set up to negotiate in process session key read write line to be encrypted the form of rear load as secure access message to the operational order of label, realize the confidentiality of communication data in read write line access tag process, thereby further guaranteed the fail safe of communicating by letter between read write line and label.
Description of drawings
Fig. 1 is the schematic flow sheet of read write line provided by the present invention and secure electronic label communication method;
Fig. 2 is that the safety chain between read write line and label is set up process the first embodiment schematic diagram;
Fig. 3 is that the safety chain between read write line and label is set up process the second embodiment schematic diagram;
Fig. 4 is that read write line provided by the present invention is to the secure access process schematic diagram of label.
Embodiment
Before read write line and label communication, read write line has master key MK, and label has shared key PSK, and shared key PSK is derived by calculating by the sign TID of master key and label.
Referring to Fig. 1, specific implementation process of the present invention comprises:
1. the process of setting up of physical connection:
Read write line (label) is initiated the physical connection of handshake procedure foundation and label (read write line).
2. the process of setting up of safety chain:
Referring to Fig. 2, the process of setting up of safety chain comprises the following steps:
(1) read write line sends security parameter to label and obtains message, and security parameter obtains message and sets up process for the safety chain that starts read write line and label.
(2) after the security parameter of receiving read write line obtained message, label configurations security parameter response message sent to read write line, and this security parameter response message comprises the security algorithm type that label is supported.
(3) read write line sends to label and differentiates request message, the discrimination process of beginning read write line to label, and this message comprises NrField, NrIt is the random number that read write line generates.
(4) after label was received the discriminating request message of read write line, if need to differentiate read write line, label generated random number Nt, and utilize wildcard PSK to Nr|| NtCalculation of integrity check code MIC1, label returns differentiates request response to read write line, this discriminating request response comprises Nr, NtAnd MIC1, N whereinrBe Optional Field; If label do not need read write line is differentiated, label utilizes wildcard PSK to NrCalculation of integrity check code MIC1, and return and differentiate request response to read write line, this discriminating request response comprises Nr, MIC1, N whereinrBe Optional Field.
In this step, alternatively, if the read write line need are differentiated by label and label also needs to differentiate to read write line, label can utilize Nr, NtAnd PSK derives and the session key of read write line; If only need read write line to do unidirectional discriminating to label, when namely label did not need read write line is differentiated, label can utilize NrWith the session key of PSK derivation with read write line.
(5) after read write line is received the discriminating request response that label returns, if message comprises NrAnd this NrThe random number N that generates in step (3) with read write linerUnequal, read write line abandons this discriminating request response; If the discriminating request response comprises NrAnd this NrThe random number N that generates in step (3) with read write linerEquate or differentiate that request response does not comprise Nr, read write line utilizes the identifier TID of master key MK and label, derives PSK by MK||TID is calculated.When read write line need to be differentiated label, read write line by PSK to Nr|| NtRecomputate completeness check code MIC1', and with MIC1' with the discriminating request response received in MIC1Relatively, if both unequal, read write line abandons this discriminating request response; If both equate, read write line thinks that label is legal, and read write line utilizes PSK to NtGenerate MIC2, and sending discriminating response confirmation message to label, this message comprises Nt, MIC2, N whereintBe Optional Field.When read write line does not need to differentiate label, read write line by PSK to NrRecomputate completeness check code MIC1', and with MIC1' with the discriminating request response received in MIC1Relatively, if both unequal, read write line abandons this discriminating request response; If both equate, read write line thinks that label is legal.
In this step, alternatively, if read write line is differentiated label and label when also needing read write line is also differentiated, read write line can utilize Nr, NtAnd PSK derives and the session key of label; If only need read write line to do unidirectional discriminating to label, when namely label did not need read write line is differentiated, read write line can utilize NrWith the session key of PSK derivation with label.
(6) after label is received the discriminating response confirmation message of read write line, if message comprises NtAnd this NtThe random number N that generates in step (4) with labeltUnequal, label is thought that read write line is illegal and is abandoned this discriminating response confirmation message; If differentiate that response confirmation message comprises NtAnd this NtThe random number N that generates in step (4) with labeltEquate or differentiate that response confirmation message does not comprise Nt, label utilizes PSK to NtRecomputate completeness check code MIC2', with MIC2' with the discriminating response confirmation message received in MIC2Relatively, if unequal, label is thought that read write line is illegal and is abandoned this discriminating response confirmation message; If equate, label thinks that read write line is legal.During two-way discriminating, be that read write line needs label is differentiated and label when also needing differentiate read write line, label can send identification result message to read write line, if label thinks that read write line is legal, this message comprises the discriminating success message, if label thinks that read write line is illegal, this message comprises the discriminating failed message.Wherein, identification result message is optional.
Referring to Fig. 3, another implementation method that safety chain is set up process comprises the following steps:
(1) read write line sends security parameter to label and obtains message, and security parameter obtains message and sets up process for the safety chain that starts with label.
(2) after the security parameter of receiving read write line obtained message, label configurations security parameter response message sent to read write line, and this security parameter response message comprises the security algorithm type that label is supported.
(3) read write line sends to label and differentiates activation message, differentiates that activating message is used for starting label to the discrimination process of read write line.
(4) after the discriminating that sends of the read write line received of label activates message, generate random number Nt, and construct and differentiate that request message sends to read write line, comprise N in this messaget
(5) read write line is received be the discriminating request message that returns of label after, at first read write line utilizes the identifier TID of master key MK and label, derives PSK by MK||TID is calculated, PSK is to N for recyclingtCalculation of integrity check code MIC1, read write line sends to label and differentiates request response, and this message comprises Nt, MIC1, N whereintBe Optional Field.In this step, alternatively, read write line can utilize NtWith the session key of PSK derivation with label.
(6) label is received be the discriminating request response returned of read write line after, if message comprises NtAnd this NtThe random number N that generates in step (4) with labeltUnequal, label is thought that read write line is illegal and is abandoned this discriminating request response; If the discriminating request response comprises NtAnd the random number N that generates in step (4) with labeltEquate or differentiate that the request response kind does not comprise Nt, label utilizes PSK to NtCalculation of integrity check code MIC1', and with MIC1' with the discriminating request response received in MIC1Relatively, if unequal, label is thought that read write line is illegal and is abandoned this discriminating request response; If equate, label thinks that read write line is legal.Label can send identification result message to read write line, if label thinks that read write line is legal, this message comprises the discriminating success message, if label thinks that read write line is illegal, this message comprises the discriminating failed message.Wherein, identification result message is optional.In addition, in this step, alternatively, label can utilize NtWith the session key of PSK derivation with read write line.
The present invention has the following advantages: set up by the safety chain between read write line and label the legitimacy that process is guaranteed the communication counterpart identity, and when needed for read write line and label negotiate session key, thereby set up secure communications links between read write line and label.In addition, the present invention also has following advantage: 1) reduction system realizes cost, and safety chain method for building up provided by the invention does not need the background data base support, and system realizes that cost is lower; 2) improve the efficient set up safety chain, safety chain method for building up provided by the invention need not Query Database in setting up the process of link, and identification efficiency is higher.
Referring to Fig. 4, for the confidentiality that realizes communicating by letter between read write line and label, the present invention comprises that also following read write line is to the secure access process of label.
3. secure access process
After safety chain is successfully established, the addressable label data of read write line, when read write line and labeling requirement secure communication, if read write line and label have been derived the session key of sharing, read write line and label can utilize shared session key to be encrypted transmission to conversation message, referring to Fig. 4, detailed process is as follows:
(1) operational order of read write line structure to label, read write line can be read command, write order etc. to the operational order of label.Utilize session key and cryptographic algorithm that read write line is encrypted the operational order of label and form encrypt data ER, read write line is with the load of ER as secure access message, and structure secure access message sends to label;
(2) after label is received the secure access message of read write line, at first resolve this message and obtain its load, to obtain read write line to the operational order of label after the load deciphering, label is according to these operational order tectonic response data, and after this response data is encrypted, the load as the secure access response message sends to read write line;
(3) after read write line is received the secure access response message of label transmission, this response message is resolved and its load is decrypted the acquisition label to the response data of read write line operational order.
The session key that secure access process of the present invention is utilized safety chain to set up to negotiate in process is encrypted read write line the form of rear load as secure access message to the operational order of label, realize the confidentiality of communication data in read write line access tag process, thereby further guaranteed the fail safe of communicating by letter between read write line and label.
The present invention also provides a kind of read write line, and described read write line has the function of setting up physical connection with electronic tag; And set up the function of safety chain with electronic tag.This read write line has two kinds of forms, a kind ofly is: described read write line has master key MK; Described read write line can send security parameter to label and obtain message; Described read write line receives can send to label after the security parameter response message of label and differentiates request message, and described discriminating request message comprises NrField, NrIt is the random number that read write line generates; Described read write line can judge the N that whether comprises that differentiates in request response after receiving the discriminating request response of labelrAnd this NrThe N that whether generates with described read write linerEquate, if differentiate that request response comprises NrAnd this NrWith the N that generates with described read write linerUnequal, described read write line abandons this discriminating request response; If the discriminating request response comprises NrAnd this NrN with described read write line generationrEquate or differentiate that request response does not comprise Nr, described read write line utilizes the identifier TID of master key MK and label, derives PSK by MK||TID is calculated; When described read write line need to be differentiated label, read write line can be by PSK to Nr|| NtRecomputate completeness check code MIC1', and with MIC1' with the MIC that differentiates in request response1Relatively, if both unequal, described read write line abandons this discriminating request response; If both equate, described read write line thinks that label is legal, and read write line utilizes PSK to NtGenerate MIC2, and sending discriminating response confirmation message to label, described discriminating response confirmation message comprises Nt, MIC2, N whereintBe Optional Field; Described when writing device and not needing to differentiate label when reading, described read write line by PSK to NrRecomputate completeness check code MIC1', and with MIC1' with the MIC that differentiates in request response1Relatively, if both unequal, described read write line abandons this discriminating request response; If both equate, described read write line thinks that label is legal.Another kind is: described read write line has master key MK; Described read write line can send security parameter to label and obtain message, and security parameter obtains message and sets up process for the safety chain that starts with label; Described read write line is received after the security parameter response message of label to send to label and is differentiated and activate message, differentiates that activating message is used for starting label to the discrimination process of read write line; After described read write line is received the discriminating request message of label, can utilize the identifier TID of master key MK and label, derive PSK by MK||TID is calculated, PSK is to N for recyclingtCalculation of integrity check code MIC1, and sending the discriminating request response to label, described discriminating request response comprises Nt, MIC1, N whereintBe Optional Field.
The present invention also provides a kind of electronic tag, and described electronic tag has the function of setting up physical connection with read write line; And set up the function of safety chain with read write line.The corresponding read write line of this electronic tag also has two kinds of forms, a kind ofly is: described label has wildcard PSK; After described label receives that the security parameter of read write line obtains message, can construct the security parameter response message and send to read write line, described security parameter response message comprises the security algorithm type that label is supported; After described label was received the discriminating request message of read write line, if need to differentiate read write line, described label can generate random number Nt, and utilize wildcard PSK to Nr|| NtCalculation of integrity check code MIC1, label returns differentiates request response to read write line, described discriminating request response comprises Nr, NtAnd MIC1, wherein, NrThe random number that read write line generates, NrBe Optional Field; If described label do not need read write line is differentiated, described label can utilize wildcard PSK to NrCalculation of integrity check code MIC1, and return and differentiate request response to read write line, described discriminating request response comprises Nr, MIC1, N whereinrBe Optional Field; Described label can judge to differentiate in response confirmation message whether comprise N after receiving the discriminating response confirmation message of read write linetAnd this NtRandom number N with described label generationtWhether equate, if differentiate that response confirmation message comprises NtAnd this NtRandom number N with described label generationtUnequal, described label is thought that read write line is illegal and is abandoned this discriminating response confirmation message; If differentiate that response confirmation message comprises NtAnd this NtRandom number N with the label generationtEquate or differentiate that response confirmation message does not comprise Nt, described label utilizes PSK to NtRecomputate completeness check code MIC2', with MIC2' with the discriminating response confirmation message received in MIC2Relatively; Described label can be with MIC2' with the MIC that differentiates in response confirmation message2Relatively, if unequal, described label is thought that read write line is illegal and is abandoned this discriminating response confirmation message; If equate, described label thinks that read write line is legal.Another kind is: described label has wildcard PSK; After described label receives that the security parameter of read write line obtains message, can construct the security parameter response message and send to read write line, described security parameter response message comprises the security algorithm class that label is supported; Described label can generate random number N after receiving that the discriminating of read write line transmission activates messaget, and construct and differentiate that request message sends to read write line, comprise N in described discriminating request messagetDescribed label can judge to differentiate in the request response whether comprise N after receiving the discriminating request response of read write linetAnd this NtRandom number N with described label generationtWhether equate, if the request response of discriminating comprises NtAnd this NtThe random number N that is becoming with described labeltUnequal, described label is thought that read write line is illegal and is abandoned this discriminating request response; If the discriminating request response comprises NtAnd the random number N with the label generationtEquate or differentiate that the request response kind does not comprise Nt, label utilizes PSK to NtCalculation of integrity check code MIC1', and with MIC1' with the discriminating request response received in MIC1Relatively, if unequal, described label is thought that read write line is illegal and is abandoned this discriminating request response, if equate, described label thinks that read write line is legal.

Claims (12)

2.2.6) after electronic tag receives the discriminating request response that read write line returns, if message comprises NtAnd this NtWith electronic tag at step 2.2.4) in the random number N that generatestUnequal, electronic tag is thought that read write line is illegal and is abandoned this discriminating request response; If the discriminating request response comprises NtAnd with electronic tag at step 2.2.4) in the random number N that generatestEquate or differentiate that the request response kind does not comprise Nt, electronic tag utilizes PSK to NtCalculation of integrity check code MIC1', and with MIC1' with the discriminating request response received in MIC1Relatively, if unequal, electronic tag is thought that read write line is illegal and is abandoned this discriminating request response, if equate, electronic tag thinks that read write line is legal.
CN201010575476XA2010-12-062010-12-06Method for safe communication between reader and electronic tag, reader and electronic tagActiveCN102143488B (en)

Priority Applications (2)

Application NumberPriority DateFiling DateTitle
CN201010575476XACN102143488B (en)2010-12-062010-12-06Method for safe communication between reader and electronic tag, reader and electronic tag
PCT/CN2011/075915WO2012075797A1 (en)2010-12-062011-06-20Method for secure communications between reader and radio frequency identification, reader and radio frequency identification

Applications Claiming Priority (1)

Application NumberPriority DateFiling DateTitle
CN201010575476XACN102143488B (en)2010-12-062010-12-06Method for safe communication between reader and electronic tag, reader and electronic tag

Publications (2)

Publication NumberPublication Date
CN102143488A CN102143488A (en)2011-08-03
CN102143488Btrue CN102143488B (en)2013-06-12

Family

ID=44410653

Family Applications (1)

Application NumberTitlePriority DateFiling Date
CN201010575476XAActiveCN102143488B (en)2010-12-062010-12-06Method for safe communication between reader and electronic tag, reader and electronic tag

Country Status (2)

CountryLink
CN (1)CN102143488B (en)
WO (1)WO2012075797A1 (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication numberPriority datePublication dateAssigneeTitle
CN103379487B (en)*2012-04-112018-08-24西安西电捷通无线网络通信股份有限公司Air-interface security method and apparatus
CN104573769B (en)*2015-01-222017-11-14大唐微电子技术有限公司Data read-write method, contactless chip production method and chip card production method
CN106203221A (en)*2016-02-192016-12-07珠海晶通科技有限公司A kind of quick search RFID tag identifier (TID) method
CN110492992A (en)*2019-07-222019-11-22哈尔滨工程大学A kind of data encryption and transmission method based on radio RF recognition technology
CN110598810A (en)*2019-08-192019-12-20成都理工大学Data writing and reading method of electronic tag

Citations (8)

* Cited by examiner, † Cited by third party
Publication numberPriority datePublication dateAssigneeTitle
US20060267769A1 (en)*2005-05-302006-11-30Semiconductor Energy Laboratory Co., Ltd.Terminal device and communication system
CN101159549A (en)*2007-11-082008-04-09西安西电捷通无线网络通信有限公司Bidirectional access authentication method
US20080129447A1 (en)*2006-12-042008-06-05Electronics And Telecommunications Research InstituteElectronic tag for protecting privacy and method of protecting privacy using the same
CN101271534A (en)*2008-03-252008-09-24华南理工大学 RFID tag and its reader, reading system and security authentication method
CN101329720A (en)*2008-08-012008-12-24西安西电捷通无线网络通信有限公司Anonymous bidirectional authentication method based on pre-sharing cipher key
CN101645899A (en)*2009-05-272010-02-10西安西电捷通无线网络通信有限公司Bidirectional authentication method and system based on symmetric encipherment algorithm
CN101783732A (en)*2010-03-122010-07-21西安西电捷通无线网络通信股份有限公司Offline mutual authentication method and system based on pre-shared key
CN101853409A (en)*2010-05-242010-10-06中兴通讯股份有限公司RFID (Radio Frequency Identification) system, reader and data transmission method

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication numberPriority datePublication dateAssigneeTitle
CN101038630A (en)*2006-12-152007-09-19北京航空航天大学False proof identification module of RFID liquor products
CN101051903A (en)*2007-03-302007-10-10中山大学RFID random key two-way certifying method accord with EPC C1G2 standard

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication numberPriority datePublication dateAssigneeTitle
US20060267769A1 (en)*2005-05-302006-11-30Semiconductor Energy Laboratory Co., Ltd.Terminal device and communication system
US20080129447A1 (en)*2006-12-042008-06-05Electronics And Telecommunications Research InstituteElectronic tag for protecting privacy and method of protecting privacy using the same
CN101159549A (en)*2007-11-082008-04-09西安西电捷通无线网络通信有限公司Bidirectional access authentication method
CN101271534A (en)*2008-03-252008-09-24华南理工大学 RFID tag and its reader, reading system and security authentication method
CN101329720A (en)*2008-08-012008-12-24西安西电捷通无线网络通信有限公司Anonymous bidirectional authentication method based on pre-sharing cipher key
CN101645899A (en)*2009-05-272010-02-10西安西电捷通无线网络通信有限公司Bidirectional authentication method and system based on symmetric encipherment algorithm
CN101783732A (en)*2010-03-122010-07-21西安西电捷通无线网络通信股份有限公司Offline mutual authentication method and system based on pre-shared key
CN101853409A (en)*2010-05-242010-10-06中兴通讯股份有限公司RFID (Radio Frequency Identification) system, reader and data transmission method

Also Published As

Publication numberPublication date
CN102143488A (en)2011-08-03
WO2012075797A1 (en)2012-06-14

Similar Documents

PublicationPublication DateTitle
CN102014386B (en)Entity authentication method and system based on symmetric cryptographic algorithm
CN106712962B (en) Mobile RFID system two-way authentication method and system
CN103795543B (en)Safety bidirectional authentication method for RFID system
CN100559393C (en) RFID tag and its reader, reading system and security authentication method
CN102737260B (en)Method and apparatus for identifying and verifying RFID privacy protection
CN102916957B (en)Safe, reliable and low-cost RFID mutual authentication method
CN102143488B (en)Method for safe communication between reader and electronic tag, reader and electronic tag
CN103391199B (en)RFID (radio frequency identification device) authentication method and system based on PUFs (physical unclonable functions)
CN105721142B (en)RFID system key generation method based on tag ID and device
CN101950367B (en)RFID system introducing agent device and two-way authentification method thereof
CN105100112A (en)Cloud-storing based radio frequency identification (RFID) group tag ownership transferring method
CN104184733A (en)RFID lightweight-class bidirectional authentication method based on CRC coding
CN110190965A (en) An RFID Group Tag Authentication Protocol Based on Hash Function
CN109726578A (en) A new dynamic two-dimensional code anti-counterfeiting solution
CN103532718A (en)Authentication method and authentication system
CN108601001A (en)A kind of RFID groups authentication method that annular segmentation accelerates
CN101925060A (en)Entity identification method and system of energy-constrained network
CN104579688B (en)It is a kind of based on Hash function can synchronized update key RFID mutual authentication method
CN102594550A (en)RFID internal mutual authentication safety protocol based on secret key array
CN105281913A (en)Electronic evidence processing method and system for electronic signature and dynamic code service systems
CN106936571A (en)Synthesize computing using word to realize the method that single label key is wirelessly generated
CN103957521A (en)Community visitor authentication method and system based on NFC technology
CN102122341B (en)Power consumption processing method for encryption and authentication of ultrahigh-frequency passive electronic tag
CN101378313A (en)Method for establishing safety association, user equipment and network side equipment
KR100710759B1 (en) RFID authentication system and method

Legal Events

DateCodeTitleDescription
C06Publication
PB01Publication
C10Entry into substantive examination
SE01Entry into force of request for substantive examination
C14Grant of patent or utility model
GR01Patent grant
EE01Entry into force of recordation of patent licensing contract
EE01Entry into force of recordation of patent licensing contract

Application publication date:20110803

Assignee:Shenzhen mingwah Aohan Smart Card Co. Ltd.

Assignor:Anxi Dianjietong Wireless Network Communications Co.,Ltd.

Contract record no.:2018610000008

Denomination of invention:Method for safe communication between reader and electronic tag, reader and electronic tag

Granted publication date:20130612

License type:Common License

Record date:20180319

EE01Entry into force of recordation of patent licensing contract
EE01Entry into force of recordation of patent licensing contract

Application publication date:20110803

Assignee:Shenzhen mingwah Aohan Smart Card Co. Ltd.

Assignor:Anxi Dianjietong Wireless Network Communications Co.,Ltd.

Contract record no.:2018610000009

Denomination of invention:Method for safe communication between reader and electronic tag, reader and electronic tag

Granted publication date:20130612

License type:Common License

Record date:20180320

Application publication date:20110803

Assignee:Shenzhen mingwah Aohan Smart Card Co. Ltd.

Assignor:Anxi Dianjietong Wireless Network Communications Co.,Ltd.

Contract record no.:2018610000010

Denomination of invention:Method for safe communication between reader and electronic tag, reader and electronic tag

Granted publication date:20130612

License type:Common License

Record date:20180322
[8]ページ先頭
©2009-2025 Movatter.jp