Nothing Special   »   [go: up one dir, main page]

CN112019336B - RFID authentication method and device - Google Patents

RFID authentication method and device Download PDF

Info

Publication number
CN112019336B
CN112019336B CN201910462152.6A CN201910462152A CN112019336B CN 112019336 B CN112019336 B CN 112019336B CN 201910462152 A CN201910462152 A CN 201910462152A CN 112019336 B CN112019336 B CN 112019336B
Authority
CN
China
Prior art keywords
reader
secret value
transaction
authentication request
identity information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910462152.6A
Other languages
Chinese (zh)
Other versions
CN112019336A (en
Inventor
胡红钢
张霄涵
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
University of Science and Technology of China USTC
Original Assignee
University of Science and Technology of China USTC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by University of Science and Technology of China USTC filed Critical University of Science and Technology of China USTC
Priority to CN201910462152.6A priority Critical patent/CN112019336B/en
Publication of CN112019336A publication Critical patent/CN112019336A/en
Application granted granted Critical
Publication of CN112019336B publication Critical patent/CN112019336B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3825Use of electronic signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/04Trading; Exchange, e.g. stocks, commodities, derivatives or currency exchange
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04BTRANSMISSION
    • H04B5/00Near-field transmission systems, e.g. inductive or capacitive transmission systems
    • H04B5/70Near-field transmission systems, e.g. inductive or capacitive transmission systems specially adapted for specific purposes
    • H04B5/77Near-field transmission systems, e.g. inductive or capacitive transmission systems specially adapted for specific purposes for interrogation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1001Protocols in which an application is distributed across nodes in the network for accessing one among a plurality of replicated servers
    • H04L67/1036Load balancing of requests to servers for services different from user content provisioning, e.g. load balancing across domain name servers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1095Replication or mirroring of data, e.g. scheduling or transport for data synchronisation between network nodes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Security & Cryptography (AREA)
  • Signal Processing (AREA)
  • Accounting & Taxation (AREA)
  • Finance (AREA)
  • Strategic Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • General Business, Economics & Management (AREA)
  • Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Development Economics (AREA)
  • Economics (AREA)
  • Marketing (AREA)
  • Technology Law (AREA)
  • Storage Device Security (AREA)

Abstract

The invention relates to a RFID authentication method and a device, wherein the method comprises the following steps: when the authentication request transaction broadcasted by the reader is monitored to exist in the block lattice, whether the format of the authentication request transaction is correct, namely whether the signature information of the authentication request transaction is correct or not is the latest transaction of the reader, if the format of the authentication request transaction is correct, the server is judged to be required to respond, and when the tag identity information and the secret value corresponding to the authentication request transaction exist in the database, whether the reader requests the same tag identity information and the same secret value is judged, if not, the authentication response information corresponding to the authentication request information is generated, the authentication response transaction is generated and broadcasted to the reader and other servers, and the secret value in the database is updated. By applying the method provided by the invention, the server only responds to the authentication request transaction with the same sequence number as the server, but does not respond to all the authentication request transactions, thereby improving the efficiency of RFID authentication.

Description

RFID authentication method and device
Technical Field
The invention relates to the field of Internet of things, in particular to a Radio Frequency Identification (RFID) authentication method and device.
Background
Radio Frequency Identification (RFID) technology is a technology for performing contactless communication with a tag using an electromagnetic field. The RFID technology is widely applied to the industries of logistics, retail, medical treatment and the like.
The RFID tag authentication generally comprises a tag, a reader and a central server, and the existing RFID tag authentication method comprises the following steps: the reader interacts with the tag to obtain an authentication request of the tag, the authentication request is sent to the central server, the central server completes identity authentication of the tag and sends an authentication response to the reader, and the reader forwards the authentication response to the tag to complete tag authentication.
The existing RFID tag authentication method adopts a central server to process an authentication request, and along with the wide application of RFID technology, the central server is adopted to process the authentication request, so that the burden of the central server becomes heavier and heavier, and the response of the central server to a reader becomes slow and the efficiency is low.
Disclosure of Invention
The technical problem to be solved by the invention is to provide an RFID authentication method, wherein a server and a reader communicate in a block grid, and each server in the block grid only responds to an authentication request transaction corresponding to a first server serial number which is the same as the serial number of the server, so that decentralization is realized, and the efficiency of RFID authentication is improved.
The invention also provides an RFID authentication device for ensuring the realization and application of the method in practice.
An RFID authentication method is applied to a server, and the method comprises the following steps:
when an authentication request transaction sent by a reader is monitored, verifying signature information in the authentication request transaction by using a pre-acquired reader public key corresponding to the reader;
when the verification is passed, acquiring a hash pointer pointing to the last request transaction in the authentication request transaction, and judging whether the authentication request transaction is the latest transaction of the reader or not according to the hash pointer pointing to the last request transaction;
if the authentication request transaction is the latest transaction of the reader, acquiring a first server serial number in the authentication request transaction;
judging whether the first server serial number is consistent with the self serial number of the server;
if the authentication request information and the reader random number are consistent, acquiring the authentication request information and the reader random number in the authentication request transaction, and judging whether a label identity information corresponding to the authentication request information and the reader random number, a label identity information corresponding to the label identity information and a secret value corresponding to the label identity information exist in a pre-constructed database; the secret value is a first secret value or a second secret value, and a plurality of label identity information, and a first secret value and a second secret value corresponding to each label identity information are stored in the database;
if the authentication request information, the reader random number, the corresponding tag identity information and the secret value corresponding to the tag identity information exist in the pre-constructed database, judging whether the reader requests the same tag identity information and the secret value corresponding to the tag identity information;
if the reader does not request the same tag identity information and the secret value corresponding to the tag identity information, generating authentication response information according to the tag identity information and the secret value corresponding to the tag identity information, and generating an authentication response transaction corresponding to the authentication request transaction according to the authentication response information;
and broadcasting the authentication response transaction to other servers and the reader, and updating the secret value corresponding to the tag identity information in the database according to the timestamp in the authentication request information.
Optionally, the updating the secret value corresponding to the tag identity information in the database includes:
judging whether the secret value corresponding to the tag identity information is a second secret value in the database or not according to a timestamp in the authentication request information;
if the secret value corresponding to the tag identity information is a second secret value in the database, performing hash calculation on the tag identity information and a second secret value corresponding to the tag identity information according to a preset first hash calculation formula to obtain a new second secret value, updating the second secret value into a new second secret value, and updating the first secret value in the database into the second secret value;
and if the secret value corresponding to the tag identity information is not the second secret value in the database, performing hash calculation on the tag identity information and the secret value corresponding to the tag identity information according to a preset first hash calculation formula to obtain a new second secret value, and updating the second secret value in the database to the new second secret value.
The above method, optionally, further includes:
when authentication response transactions of other servers are monitored, traversing the pre-constructed database, and judging whether label identity information corresponding to the authentication response transactions of the other servers and a secret value corresponding to the label identity information exist in the database;
and if the authentication response transaction does not exist, correspondingly updating the pre-constructed database according to the tag identity information in the authentication response transaction of the other server and the secret value corresponding to the tag identity information.
Optionally, the method further includes, before acquiring the authentication request information in the authentication request transaction, that:
judging whether a hash pointer pointing to the last request transaction in the authentication request transaction is consistent with a hash pointer pointing to the last request transaction, which is stored in advance and corresponds to the reader;
if the two-flower attacks are consistent, the reader is judged to have the double-flower attack, and the authentication request transaction responding to the reader is refused.
An RFID authentication device applied to a server, the device comprising:
the verification unit is used for verifying signature information in the authentication request transaction by using a pre-acquired reader public key corresponding to the reader when the authentication request transaction sent by the reader is monitored;
the first judgment unit is used for acquiring a hash pointer pointing to the last request transaction in the authentication request transaction when the authentication is passed, and judging whether the authentication request transaction is the latest transaction of the reader or not according to the hash pointer pointing to the last request transaction;
the first acquisition unit is used for acquiring a first server serial number in the authentication request transaction if the authentication request transaction is the latest transaction of the reader;
a second judging unit, configured to judge whether the first server serial number is consistent with a self serial number of the server;
a third judging unit, configured to, if the authentication request information and the reader random number are consistent, obtain authentication request information and a reader random number in the authentication request transaction, and judge whether a secret value corresponding to the tag identity information and tag identity information, corresponding to the authentication request information and the reader random number, exist in a pre-constructed database; the secret value comprises a first secret value or a second secret value, a plurality of label identity information, and a first secret value and a second secret value corresponding to each label identity information are stored in the database;
a fourth determining unit, configured to determine whether the reader has requested the same tag identity information and a secret value corresponding to the tag identity information if the tag identity information corresponding to the authentication request information and the secret value corresponding to the tag identity information exist in the pre-constructed database;
a first generating unit, configured to generate authentication response information according to the tag identity information and a secret value corresponding to the tag identity information if the same tag identity information and a secret value corresponding to the tag identity information are not requested by the reader, and generate an authentication response transaction corresponding to the authentication request transaction according to the authentication response information;
and the first updating unit is used for broadcasting the authentication response transaction to each server and the reader and updating the secret value corresponding to the tag identity information in the database according to the time stamp in the authentication request information.
An RFID authentication method is applied to a reader, and comprises the following steps:
sending a communication request to the tag; the communication request comprises a reader random number which is randomly generated;
when an authentication request corresponding to the communication request fed back by the tag is received, acquiring authentication request information in the authentication request;
performing hash calculation on the authentication request information according to a preset second hash calculation formula to obtain a hash value of the authentication request information, and performing modulo operation on the hash value of the authentication request information and the total number of the servers obtained in advance to obtain a first numerical value;
judging whether a server serial number corresponding to the first numerical value exists in a pre-constructed requested server list or not;
if the first numerical value does not exist, determining the first numerical value as a first server serial number, and storing the first server serial number into the requested server list;
signing the hash value of the authentication request information by using a preset reader private key to obtain signature information corresponding to the authentication request information and obtain a hash pointer pointing to the last request transaction of the reader;
generating an authentication request transaction corresponding to the authentication request according to the hash pointer pointing to the last request transaction, the authentication request information, the reader random number, the first server serial number and the signature information, and broadcasting the authentication request transaction to each server;
judging whether an authentication response transaction corresponding to the authentication request transaction is monitored within a preset time;
if the authentication response transaction corresponding to the authentication request transaction is monitored within the preset time, the authentication response information in the authentication response transaction is extracted, and the authentication response information is sent to the tag.
Optionally, the method further includes, in the determining, whether the authentication response transaction corresponding to the authentication request transaction is monitored within a preset time, that:
and if the authentication response transaction corresponding to the authentication request transaction is not received within the preset time, sending the communication request to the tag again.
An RFID authentication device applied to a reader, the device comprising:
a request unit for sending a communication request to the tag; the communication request comprises a reader random number which is randomly generated;
the second acquisition unit is used for acquiring authentication request information in the authentication request when receiving the authentication request corresponding to the communication request fed back by the label;
the computing unit is used for carrying out Hash computation on the authentication request information according to a preset second Hash computation formula to obtain a Hash value of the authentication request information, and carrying out modular operation on the Hash value of the authentication request information and the total number of the servers obtained in advance to obtain a first numerical value;
a fifth judging unit, configured to judge whether a server serial number corresponding to the first numerical value exists in a pre-constructed requested server list;
the storage unit is used for determining the first numerical value as a first server serial number if the first numerical value does not exist, and storing the first server serial number into the requested server list;
the signature unit is used for signing the hash value of the authentication request information by using a preset reader private key, obtaining signature information corresponding to the authentication request information and obtaining a hash pointer of the reader pointing to the last request transaction;
a second generating unit, configured to generate an authentication request transaction corresponding to the authentication request according to the hash pointer pointing to the previous request transaction, the authentication request information, the reader random number, the first server serial number, and the signature information, and broadcast the authentication request transaction to each server;
a sixth judging unit, configured to judge whether an authentication response transaction corresponding to the authentication request transaction is monitored within a preset time;
and the first sending unit is used for extracting authentication response information in the authentication response transaction and sending the authentication response information to the tag if the authentication response transaction corresponding to the authentication request transaction is monitored within preset time.
An RFID authentication method applied to a tag, the method comprising:
when a communication request of a reader is received, a random number of the reader in the communication request is obtained;
acquiring a timestamp of the tag, tag identity information and a secret value of the tag, generating authentication request information according to the timestamp, the tag identity information and the secret value of the tag and the random number of the reader, and sending an authentication request to the reader based on the authentication request information;
when authentication response information corresponding to the authentication request fed back by the reader is received, a secret value corresponding to the tag identity information in the authentication response information is obtained;
comparing a secret value corresponding to the tag identity information in the authentication response information with a secret value of the tag;
and if the comparison is consistent, performing hash calculation on the tag identity information of the tag and the secret value of the tag through authentication of the reader and establishment of communication with the reader and a preset third hash calculation formula to obtain a new secret value of the tag, and updating the secret value of the tag to the new secret value of the tag.
An RFID authentication device applied to a tag, the device comprising:
the third acquisition unit is used for acquiring the random number of the reader in the communication request when the communication request of the reader is received;
a second sending unit, configured to obtain a timestamp of the tag, tag identity information and a secret value of the tag, generate authentication request information according to the timestamp, the tag identity information and the secret value of the tag, and the reader random number, and send an authentication request to the reader based on the authentication request information;
a fourth obtaining unit, configured to obtain, when receiving authentication response information corresponding to the authentication request and fed back by the reader, a secret value corresponding to the tag identity information in the authentication response information;
the comparison unit is used for comparing a secret value corresponding to the label identity information in the authentication response information with a secret value of the label;
and the second updating unit is used for carrying out hash calculation on the tag identity information of the tag and the secret value of the tag through a preset third hash calculation formula to obtain a new secret value of the tag and updating the secret value of the tag into the new secret value of the tag if the comparison is consistent.
Compared with the prior art, the invention has the following advantages:
the invention provides an RFID authentication method, which comprises the following steps: when the server monitors that the authentication request transaction broadcasted by the reader exists in the block lattice, the server firstly judges whether the format of the authentication request transaction is correct, namely whether the signature information of the authentication request transaction is correct and whether the authentication request transaction is the latest transaction of the reader, if the format of the authentication request transaction is correct, whether the serial number of a first server of the authentication request transaction is consistent with the serial number of the server, if so, the authentication request transaction is the response of the server, and when the tag identity information corresponding to the authentication request information and the random number of the reader in the authentication request transaction and the secret value corresponding to the tag identity information exist in the database, the database is traversed to judge whether the reader has requested the tag identity information corresponding to the current authentication request information and the secret value corresponding to the tag identity information, and if not, generating authentication response information corresponding to the authentication request information, generating an authentication response transaction according to the authentication response information, broadcasting the authentication response transaction to the reader and other servers to realize synchronization of all servers in the block lattice, and updating a secret value corresponding to the tag identity information in the database according to a timestamp in the authentication request information. By applying the RFID authentication method provided by the invention, the servers and the reader communicate in the block grids, and each server in the block grids only responds to the authentication request transaction corresponding to the first server serial number which is the same as the serial number of the server, so that decentralization is realized, and the efficiency of RFID authentication is improved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
FIG. 1 is a flow chart of a method of RFID authentication according to the present invention;
FIG. 2 is an exemplary diagram of an RFID authentication method provided by the present invention;
FIG. 3 is a diagram of another example of an RFID authentication method according to the present invention;
FIG. 4 is a schematic structural diagram of an RFID authentication device according to the present invention;
FIG. 5 is a flowchart of another RFID authentication method according to the present invention;
FIG. 6 is a schematic diagram of another RFID authentication device according to the present invention;
FIG. 7 is a flowchart of another RFID authentication method according to the present invention;
fig. 8 is a schematic diagram of another structure of an RFID authentication device according to the present invention;
fig. 9 is a diagram illustrating another example of an RFID authentication method according to the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The invention is operational with numerous general purpose or special purpose computing device environments or configurations. For example: personal computers, server computers, hand-held or portable devices, tablet-type devices, multi-processor apparatus, distributed computing environments that include any of the above devices or equipment, and the like.
The server and the reader provided by the embodiment of the invention communicate through the block lattice, the block lattice is a directed acyclic graph data structure in a block chain technology, and compared with the traditional block chain technology, the block lattice structure can process transactions in parallel and has the characteristics of high throughput and high delay tolerance.
The embodiment of the invention provides an RFID authentication method, which can be applied to various system platforms, wherein an execution main body of the method can be a server, and a flow chart of the RFID authentication method is shown in figure 1 and specifically comprises the following steps:
s101: judging whether the signature information in the authentication request transaction is correct or not;
in the method provided by the embodiment of the invention, when the authentication request transaction sent by the reader is monitored, the signature information in the authentication request transaction is verified to be correct by using the pre-acquired reader public key corresponding to the reader, if the signature information is verified to be correct, the step S102 is executed, and if the signature information is verified to be incorrect, namely the verification is not passed, the transaction is ended.
S102: judging whether the authentication request transaction is the latest transaction of the reader;
in the method provided by the embodiment of the invention, when the server passes signature authentication of the authentication request transaction, the hash pointer pointing to the last request transaction in the authentication request transaction is obtained, whether the authentication request transaction is the latest transaction of the reader is judged according to the hash pointer pointing to the last request transaction, if the authentication request transaction is the latest transaction of the reader, the step S103 is executed, and if the authentication request transaction is not the latest transaction of the reader, the transaction is ended.
It should be noted that, the signature information of the authentication request transaction and whether the transaction is the latest transaction are verified, and whether the format of the transaction is correct is verified, when the signature information in the authentication request transaction is correct and the transaction is the latest transaction of the reader, the format of the authentication request transaction is determined to be correct and passes the verification, otherwise, the format of the authentication request transaction is determined to be incorrect and the transaction is discarded.
It should be noted that the reader stores a hash pointer for each transaction, and the current transaction must be concatenated to the latest transaction.
S103: acquiring a first server serial number in an authentication request transaction;
in the method provided by the embodiment of the invention, if the authentication request transaction is the latest transaction of the reader, the first server serial number in the authentication request transaction is acquired.
S104: judging whether the sequence number of the first server is consistent with the sequence number of the server;
in the method provided by the embodiment of the invention, whether the first server serial number is consistent with the self serial number of the server is judged according to the acquired first server serial number, namely whether the authentication request transaction requires the self-response of the server is checked, if the first server serial number is consistent with the self serial number of the server, the authentication request transaction requires the self-response of the server, and the step S105 is executed; and if the first server serial number is consistent with the self serial number of the server, the authentication transaction request does not require the self response of the server, and the transaction is ended.
S105: judging whether label identity information corresponding to the authentication request information and the random number of the reader and a secret value corresponding to the label identity information exist in a pre-constructed database;
in the method provided by the embodiment of the invention, the database of the server stores the tag identity information, and a first secret value and a second secret value corresponding to the tag identity information, wherein optionally, the first secret value is an old secret value, and the second secret value is a new secret value; if the first server serial number is consistent with the server self serial number, acquiring authentication request information in the authentication request transaction, acquiring a reader random number in the authentication request, judging whether label identity information corresponding to the authentication request information and the reader random number and a secret value corresponding to the label identity information exist in a pre-constructed database according to the authentication request information and the reader random number, if so, executing the step S106, otherwise, ending the transaction.
S106: judging whether the same label identity information and a secret value corresponding to the label identity information are requested by the reader;
in the method provided by the embodiment of the invention, the database of the server stores the requested tag identity information corresponding to the reader and the secret value corresponding to the tag identity information, if traversing the database, finding the tag identity information corresponding to the current authentication request information of the reader and the secret value corresponding to the tag identity information, then determining that the reader has requested the same tag identity information and the secret value corresponding to the tag identity, and ending the transaction, if not finding the tag identity information corresponding to the current authentication request information of the reader and the secret value corresponding to the tag identity information, then determining that the reader has not requested the same tag identity information and the secret value corresponding to the tag identity information, and storing the tag identity information corresponding to the reader and the secret value corresponding to the tag identity information into the database, and performs step S107.
S107: generating an authentication response transaction;
in the method provided by the embodiment of the invention, when the reader does not request the same tag identity information and the secret value corresponding to the tag identity information, authentication response information is generated according to the tag identity information stored in the server and the secret value corresponding to the tag identity information, and authentication response transaction is generated according to the authentication response information.
S108: and broadcasting the authentication response transaction to the reader and other servers, and updating a secret value corresponding to the tag identity information in the database.
In the method provided by the embodiment of the invention, the authentication response transaction is broadcasted to the block lattice, namely to the reader and other servers, so as to realize the synchronization of the servers; and updating a secret value corresponding to the tag identity information in the database according to the timestamp in the authentication request information.
When the server monitors that the authentication request transaction broadcasted by the reader exists in the block lattice, the server firstly judges whether the format of the authentication request transaction is correct, namely whether the signature information of the authentication request transaction is correct and whether the authentication request transaction is the latest transaction of the reader, if the format of the authentication request transaction is correct, whether the serial number of a first server of the authentication request transaction is consistent with the serial number of the server, if so, the authentication request transaction is the response of the server, and when label identity information corresponding to the authentication request information and the random number of the reader in the authentication request transaction and a secret value corresponding to the label identity information exist in the database, the database judges whether the reader requests label identity information corresponding to the current authentication request information and a secret value corresponding to the label identity information, if the request is passed, the reader is judged to have malicious packet loss, the transaction is ended, if the request is not passed, authentication response information corresponding to the authentication request information is generated, authentication response transaction is generated according to the authentication response information, the authentication response transaction is broadcasted to the reader and other servers, so that synchronization of all servers in the block lattices is realized, and the secret value corresponding to the tag identity information in the database is updated according to the timestamp in the authentication request information. By applying the RFID authentication method provided by the embodiment of the invention, the servers and the reader communicate in the block grid, and each server in the block grid only responds to the authentication request transaction corresponding to the first server serial number which is the same as the serial number of the server, so that decentralization is realized, and the efficiency of RFID authentication is improved.
The above embodiment of the present invention, regarding step S108 disclosed in fig. 1, updating the secret value corresponding to the tag identity information in the database, includes the following steps:
judging whether the secret value corresponding to the tag identity information is a second secret value in the database or not according to a timestamp in the authentication request information;
if the secret value corresponding to the tag identity information is a second secret value in the database, performing hash calculation on the tag identity information and a second secret value corresponding to the tag identity information according to a preset first hash calculation formula to obtain a new second secret value, updating the second secret value into a new second secret value, and updating the first secret value in the database into the second secret value;
and if the secret value corresponding to the tag identity information is not the second secret value, performing hash calculation on the tag identity information and the secret value corresponding to the tag identity information according to a preset first hash calculation formula to obtain a new second secret value, and updating the second secret value to the new second secret value.
In the RFID authentication method provided in the embodiment of the present invention, the secret value of the tag is continuously updated, if the authentication is successful and the secret value is updated in each authentication process, if the authentication is failed, that is, the server feeds back an authentication response transaction, but the reader has a malicious packet loss and does not send the authentication response information to the tag, the secret value of the tag is not updated, but the server does not know whether the tag is successfully updated, so the server stores two secret values corresponding to the identity information of each tag, that is, the first secret value and the second secret value, and can determine whether the secret value corresponding to the authentication request information is the second secret value according to the timestamp in the authentication request information, if the secret value corresponding to the authentication request information is the second secret value, the current secret value representing the tag is updated to be the same as the second secret value, the server updates the first secret value to the second secret value, and performing hash calculation on the tag identity information and the second secret value according to a preset first hash calculation formula to obtain a new second secret value, and updating the second secret value into the new second secret value.
If the secret value corresponding to the authentication request information is the first secret value, the current secret value of the tag is represented to be the secret value same as the first secret value, the server performs hash calculation on the tag identity information and the secret value corresponding to the tag identity information through a preset first hash calculation formula to obtain a new second secret value, the second secret value is updated to be the new second secret value, and the first secret value is kept unchanged.
The above-mentioned process of updating the secret value corresponding to the tag identity information in the database is exemplified as follows:
in a database of a server, if a is a first secret value and B is a second secret value, performing hash calculation on the tag identity information and the second secret value according to a preset first hash calculation formula if the secret value corresponding to the authentication request information is the second secret value to obtain a new second secret value, updating the second secret value to the new second secret value, and updating the first secret value in the database to the second secret value, that is, after the updating, a is the second secret value and B is the new second secret value;
and if the secret value corresponding to the authentication request information is the first secret value, performing hash calculation on the tag identity information and the first secret value according to a preset first hash calculation formula to obtain a new second secret value, and updating the second secret value into the new second secret value, wherein the first secret value is kept unchanged, namely after the updating, A is the first secret value, and B is the new second secret value.
The steps disclosed in fig. 1 of the above embodiment of the present invention further include the following steps:
when authentication response transactions of other servers are monitored, traversing the pre-constructed database, and judging whether label identity information corresponding to the authentication response transactions of the other servers and a secret value corresponding to the label identity information exist in the database;
and if the authentication response transaction does not exist, correspondingly updating the pre-constructed database according to the tag identity information in the authentication response transaction of the other server and the secret value corresponding to the tag identity information.
In the RFID authentication method provided in the embodiment of the present invention, a server in a block structure may process multiple transactions in parallel, and when an authentication response transaction broadcast by another server is monitored, it is determined whether a pre-established database exists, tag identity information corresponding to the authentication response transaction broadcast by another server, and a secret value corresponding to the tag identity information, and if the pre-established database exists, the authentication response transaction is ignored, and if the pre-established database does not exist, the tag identity information in the database and the secret value corresponding to the tag identity information are updated correspondingly according to the tag identity information in the authentication response transaction and the secret value corresponding to what information the tag exists.
Before step S105 disclosed in fig. 1, the embodiment of the present invention further includes the following steps:
judging whether a hash pointer pointing to the last request transaction in the authentication request transaction is consistent with a hash pointer pointing to the last request transaction, which is stored in advance and corresponds to the reader;
if the two-flower attacks are consistent, the reader is judged to have the double-flower attack, and the authentication request transaction responding to the reader is refused.
In the RFID authentication method provided in the embodiment of the present invention, the attack of the malicious reader is a double-flower attack, otherwise the sent transaction is discarded because the format is not satisfied, and when the block lattice is not attacked, the block lattice structure is as shown in fig. 2, and when the block lattice is attacked, that is, the reader generates a block lattice that is, the block lattice is not attacked, and the block lattice structure is as shown in fig. 2When the double-flower attack is performed, as shown in fig. 3, the reader 1 generates the double-flower attack, and two or more transactions exist in the transaction corresponding to the reader 1 and are connected to the same transaction, that is, the authentication request transaction trAnd tr' connect to the same transaction tnThereafter, at this time, the reader 1 transmits an authentication request transaction trAnd trThe hash pointer pointing to the last requested transaction in' is the same hash pointer, since the server 1 has already broadcast the authentication request transaction t to the readerrMake a response so that when the server 1 listens to the authentication request transaction t of the reader 1r' time, it is determined that the reader 1 has a double-flower attack and refuses to respond to the authentication request tr' because of the existence of timing factors, the time of the double-flower attack received by each server in the block lattice is inconsistent, so that when the server 1 detects the double-flower attack, the server 2 does not detect the double-flower attack, and because the server 2 does not detect the double-flower attack of the reader 1, the server 2 does not detect the authentication request transaction t broadcast by the reader 1r' respond as usual, and will transact with the authentication request trThe corresponding authentication response transaction is broadcast to each server, after a period of time, all servers in the block lattice detect the double-flower attack, and the transaction after the reader 1 is not responded any more, so that the resources of the servers are saved.
In the method provided by the embodiment of the present invention, a reader and a server communicate on a block lattice, and with reference to fig. 3, a block lattice structure provided by the embodiment of the present invention is described:
g is a create transaction, tnFor ordinary transactions, trTo request a transaction, taTo answer a transaction, solid arrows indicate connections between transactions and dashed arrows indicate correlations between transactions.
And the creation transaction G is used for initializing the block lattices, storing public key lists of all servers, block lattice parameters such as block lattice names, version numbers and the like in the creation transaction, and carrying out the first transaction in the block lattices in the creation transaction.
Common transaction tnFor opening up reader account numbers or server accounts on block grids orAdding records, wherein the transaction for opening up the reader account or the server account is called a create account transaction, and the create account transaction must be connected to a create transaction.
Request transaction trAnd the reader is used for sending an authentication request, and the authentication request transaction can only be sent by the reader account and needs to be connected to the previous transaction of the reader account.
Answering a transaction taThe method is used for the server to respond to the authentication request transaction, and the response transaction can be only sent by the server account.
And the connection relation is used for judging the sequence of the transactions sent by the same account.
And the correlation relationship is used between the request transaction and the corresponding response transaction and represents the relationship between the logic sequence of the transaction and the time.
It should be noted that, when the server receives a tag adding transaction broadcast by another server, the server determines whether tag information corresponding to the tag adding transaction exists in the database, if so, the server indicates that the server has added corresponding tag information, and ignores the tag adding transaction, and if not, the server stores the tag information in the tag adding transaction, where the tag information includes tag identity information and a secret value corresponding to the tag identity information.
It should be noted that, when the server receives a reader adding transaction broadcast by another server, it is determined whether a reader corresponding to the reader adding transaction is approved, that is, any server signs a public key thereof, and if the reader corresponding to the reader adding transaction is approved, information corresponding to the reader adding transaction is stored.
Corresponding to the method described in fig. 1, an embodiment of the present invention further provides an RFID authentication apparatus, which is used for specifically implementing the method in fig. 1, where the RFID authentication apparatus provided in the embodiment of the present invention may be applied to a server, and a schematic structural diagram of the RFID authentication apparatus is shown in fig. 4, and specifically includes:
the verification unit 401 is configured to verify signature information in an authentication request transaction by using a pre-acquired reader public key corresponding to a reader when the authentication request transaction sent by the reader is monitored;
a first determining unit 402, configured to, when verification passes, obtain a hash pointer pointing to a previous request transaction in the authentication request transaction, and determine whether the authentication request transaction is a latest transaction of the reader according to the hash pointer pointing to the previous request transaction;
a first obtaining unit 403, configured to obtain a first server serial number in the authentication request transaction if the authentication request transaction is the latest transaction of the reader;
a second determining unit 404, configured to determine whether the first server serial number is consistent with a serial number of the server itself;
a third determining unit 405, configured to, if the authentication request information and the reader random number in the authentication request transaction are consistent, obtain authentication request information and a reader random number in the authentication request transaction, and determine whether a secret value corresponding to the authentication request information, the reader random number, corresponding tag identity information, and the tag identity information exists in a pre-constructed database; the secret value comprises a first secret value or a second secret value, a plurality of label identity information, and a first secret value and a second secret value corresponding to each label identity information are stored in the database;
a fourth determining unit 406, configured to determine whether the reader has requested the same tag identity information and the secret value corresponding to the tag identity information if the authentication request information, the reader random number, the corresponding tag identity information, and the secret value corresponding to the tag identity information exist in the pre-established database;
a first generating unit 407, configured to generate, if the same tag identity information and a secret value corresponding to the tag identity information are not requested by the reader, authentication response information according to the tag identity information and the secret value corresponding to the tag identity information, and generate an authentication response transaction corresponding to the authentication request transaction according to the authentication response information;
a first updating unit 408, configured to broadcast the authentication response transaction to each server and the reader, and update the secret value corresponding to the tag identity information in the database according to the timestamp in the authentication request information.
In the RFID authentication apparatus provided in the embodiment of the present invention, when the server monitors that an authentication request transaction broadcasted by a reader exists in a block lattice, the server first determines whether a format of the authentication request transaction is correct, that is, whether signature information of the authentication request transaction is correct, and whether the authentication request transaction is a latest transaction of the reader, if the format of the authentication request transaction is correct, it determines whether a serial number of a first server of the authentication request transaction is consistent with a serial number of the server itself, and if so, the authentication request transaction is a response of the server itself, and when tag identity information corresponding to the authentication request information and a reader random number in the authentication request transaction and a secret value corresponding to the tag identity information exist in the database, the database determines whether the reader has requested traversal of tag identity information corresponding to current authentication request information and a secret value corresponding to the tag identity information, if the request is passed, the reader is judged to have malicious packet loss, the transaction is ended, if the request is not passed, authentication response information corresponding to the authentication request information is generated, authentication response transaction is generated according to the authentication response information, the authentication response transaction is broadcasted to the reader and each server, so that synchronization of each server in the block lattices is realized, and the secret value corresponding to the tag identity information in the database is updated according to the timestamp in the authentication request information. By applying the RFID authentication device provided by the embodiment of the invention, the servers and the reader communicate in the block grid, and each server in the block grid only responds to the authentication request transaction corresponding to the first server serial number which is the same as the serial number of the server, so that decentralization is realized, and the efficiency of RFID authentication is improved.
In an embodiment of the present invention, based on the foregoing scheme, the first updating unit 408 is configured to:
a first judging subunit, configured to judge, according to a timestamp in the authentication request information, whether the secret value corresponding to the tag identity information is a second secret value in the database;
a first updating subunit, configured to, if the secret value corresponding to the tag identity information is a second secret value in the database, perform hash calculation on the tag identity information and a second secret value corresponding to the tag identity information according to a preset first hash calculation formula to obtain a new second secret value, update the second secret value to the new second secret value, and update the first secret value in the database to the second secret value;
and the second updating subunit is configured to, if the secret value corresponding to the tag identity information is not the second secret value in the database, perform hash calculation on the tag identity information and the first secret value corresponding to the tag identity information according to a preset first hash calculation formula to obtain a new second secret value, and update the second secret value in the database to the new second secret value.
In an embodiment of the present invention, based on the foregoing solution, the RFID authentication apparatus may be further configured to:
the second judgment subunit is configured to traverse the pre-established database when authentication response transactions of other servers are monitored, and judge whether tag identity information corresponding to the authentication response transactions of the other servers and a secret value corresponding to the tag identity information exist in the database;
and the third updating subunit is configured to, if the third updating subunit does not exist, correspondingly update the pre-constructed database according to the tag identity information in the authentication response transaction of the other server and the secret value corresponding to the tag identity information.
In an embodiment of the present invention, based on the foregoing solution, the RFID authentication apparatus may be further configured to:
the third judging subunit is configured to judge whether a hash pointer pointing to a previous request transaction in the authentication request transaction is consistent with a hash pointer pointing to the previous request transaction, which is stored in advance and corresponds to the reader;
and the response subunit is used for judging that the reader has double-flower attack if the two-flower attack is consistent with each other and refusing to respond to the authentication request transaction of the reader.
The embodiment of the invention provides an RFID authentication method, which can be applied to various system platforms, wherein an execution main body of the method can be a reader, and a flow chart of the RFID authentication method is shown in FIG. 5, and specifically comprises the following steps:
s501: sending a communication request to the tag;
in the method provided by the embodiment of the invention, the reader randomly generates the random number of the reader and sends a communication request to the tag based on the random number of the reader.
S502: acquiring an authentication request fed back by a label, and acquiring authentication request information in the authentication request;
in the method provided by the embodiment of the invention, when an authentication request corresponding to the communication request and fed back by the tag is received, authentication request information in the authentication request is acquired.
S503: obtaining a first numerical value corresponding to the authentication request information;
in the method provided by the embodiment of the invention, the authentication request information is subjected to hash calculation according to a preset second hash calculation formula to obtain a hash value of the authentication request information, the hash value is a random number, and the hash value of the authentication request information is subjected to modular operation on the total number of the servers obtained in advance to obtain a first numerical value, the first numerical value is a random numerical value, the total number of the servers is obtained when a reader is initialized, the reader initializes and obtains the information of each server and the public and private key pair information of the reader through a created transaction, and the created transaction is used for initializing a block lattice and is the first transaction in the block lattice.
S504: judging whether a server serial number corresponding to the first numerical value exists in the requested server list or not;
in the method provided by the embodiment of the invention, whether a server serial number corresponding to a first numerical value exists in a pre-constructed requested server list is judged, when a reader receives authentication request information of the tag for the first time, the server serial number corresponding to the first numerical value does not exist in the requested server list, only when the reader sends a communication request to the tag again, and a new first numerical value generated according to the authentication request information fed back by the tag possibly exists a server serial number corresponding to the new first numerical value in the requested server list, when the server serial number corresponding to the first numerical value does not exist in the requested server list, step S505 is executed, and if the server serial number corresponding to the first numerical value exists in the requested server list, authentication fails, and authentication is finished.
S505: determining the first numerical value as a first server serial number, signing the hash value of the authentication request information, and acquiring a hash pointer pointing to the last transaction;
in the method provided by the embodiment of the invention, the first numerical value is used as the first server serial number of the requested server to designate the server corresponding to the first server serial number to respond, the first server serial number is stored in the requested server list, the hash value of the authentication request information is signed by the private key of the reader, the signature information corresponding to the authentication request information is obtained, and the hash pointer pointing to the last request transaction of the reader is obtained.
S506: generating authentication request transactions, and broadcasting the authentication request transactions to each server;
in the method provided by the embodiment of the invention, the authentication request transaction corresponding to the authentication request information is generated according to the hash pointer pointing to the last request transaction, the authentication request information, the random number of the reader, the first server serial number and the signature information, and the authentication request transaction is broadcasted to each server.
It should be noted that the generated authentication request transaction needs to be preceded by the latest transaction connected to the reader.
S507: judging whether an authentication response transaction corresponding to the authentication request transaction is monitored within a preset time;
in the method provided by the embodiment of the present invention, a time threshold is set for each authentication request transaction, whether an authentication response transaction corresponding to the authentication request transaction is monitored within the time threshold is determined, if an authentication response transaction corresponding to the authentication request transaction is monitored within the time threshold, step S508 is executed, and if an authentication response transaction corresponding to the authentication request transaction is not monitored within the time threshold, a communication request is re-sent to the tag, and step S501 is executed.
S508: extracting authentication response information in the authentication response transaction, and sending the authentication response information to the tag;
according to the method provided by the embodiment of the invention, when the authentication response transaction corresponding to the authentication request transaction is monitored within the preset time, the authentication response information in the authentication response transaction is extracted, and the authentication response information is assembled into a structure suitable for an RFID protocol and is sent to the tag.
Before the reader communicates with the tag, the reader firstly sends a communication request containing a randomly generated random number of the reader to the tag, extracts authentication request information in the authentication request when receiving an authentication request corresponding to the communication request fed back by the tag, performs hash calculation on the authentication request information to obtain a hash value corresponding to the authentication request information, performs modulo operation on the hash value on the total number of servers to obtain a first numerical value, takes the first numerical value as a first server serial number of a request server when a server serial number which is the same as the first numerical value does not exist in a requested server list, signs the hash value of the requested server with a private key of the reader to obtain signature information corresponding to the authentication request information, and obtains a hash pointer pointing to the previous request transaction in the reader, and generating an authentication request transaction based on the authentication request information, the hash pointer pointing to the last request transaction, the signature information, the first server serial number and the reader random number, broadcasting the authentication request transaction to each server, extracting authentication response information in the authentication response transaction when receiving an authentication response transaction corresponding to the authentication request transaction within preset time, packaging the authentication response information into an RFID protocol structure, and sending the RFID protocol structure to the tag. By applying the RFID authentication method provided by the embodiment of the invention, for each authentication request, the hash calculation is carried out on the authentication request information in the authentication request to obtain a random numerical value, the random numerical value is subjected to the modulo operation on the total number of the servers to obtain the random server serial number, and the servers corresponding to the random server serial number are appointed to respond, instead of uniformly responding by one server, so that the decentralization is realized and the RFID authentication efficiency is improved.
Corresponding to the method described in fig. 5, an embodiment of the present invention further provides an RFID authentication device, which is used for specifically implementing the method in fig. 5, and the RFID authentication device provided in the embodiment of the present invention may be applied to a reader, and a schematic structural diagram of the RFID authentication device is shown in fig. 6, and specifically includes:
a request unit 601, configured to send a communication request to a tag; the communication request comprises a reader random number which is randomly generated;
a second obtaining unit 602, configured to obtain, when an authentication request corresponding to the communication request and fed back by the tag is received, authentication request information in the authentication request;
a calculating unit 603, configured to perform hash calculation on the authentication request information according to a preset second hash calculation formula, to obtain a hash value of the authentication request information, and perform a modulo operation on the hash value of the authentication request information and a total number of pre-obtained servers, to obtain a first value;
a fifth judging unit 604, configured to judge whether a server serial number corresponding to the first numerical value exists in a pre-constructed requested server list;
a storage unit 605, configured to determine the first numerical value as a first server serial number if the first numerical value does not exist, and store the first server serial number in the requested server list;
a signature unit 606, configured to sign the hash value of the authentication request information with a preset reader private key, obtain signature information corresponding to the authentication request information, and obtain a hash pointer of the reader pointing to a previous request transaction;
a second generating unit 607, configured to generate an authentication request transaction corresponding to the authentication request according to the hash pointer pointing to the last request transaction, the authentication request information, the reader random number, the first server serial number, and the signature information, and broadcast the authentication request transaction to each server;
a sixth determining unit 608, configured to determine whether an authentication response transaction corresponding to the authentication request transaction is monitored within a preset time;
a first sending unit 609, configured to extract authentication response information in the authentication response transaction and send the authentication response information to the tag if the authentication response transaction corresponding to the authentication request transaction is monitored within a preset time.
In an embodiment of the present invention, based on the foregoing solution, the RFID authentication apparatus may be further configured to:
and the sending subunit is configured to send the communication request to the tag again if the authentication response transaction corresponding to the authentication request transaction is not received within the preset time.
The embodiment of the invention provides an RFID authentication method, which can be applied to various system platforms, wherein an execution main body of the method can be a label, and a flow chart of the RFID authentication method is shown in FIG. 7 and specifically comprises the following steps:
s701: when a communication request of a reader is received, a random number of the reader in the communication request is obtained;
in the method provided by the embodiment of the invention, when a communication request of the reader is received, the tag needs to authenticate the reader, and the tag firstly acquires the random number of the reader in the communication request.
S702: acquiring a timestamp of the tag, tag identity information and a secret value of the tag, generating authentication request information according to the timestamp, the tag identity information and the secret value of the tag and the random number of the reader, and sending an authentication request to the reader based on the authentication request information;
in the method provided by the embodiment of the invention, the tag identity information of the tag, the secret value of the tag and the timestamp are obtained, the authentication request information is generated according to the tag identity information of the tag, the secret value of the tag, the timestamp and the random number of the reader, and the authentication request is sent to the reader according to the authentication request information.
S703: when authentication response information corresponding to the authentication request fed back by the reader is received, a secret value corresponding to the tag identity information in the authentication response information is obtained;
in the method provided by the embodiment of the invention, whether authentication response information corresponding to an authentication request fed back by a reader is received in preset time is judged, if the authentication response information fed back by the reader is received in the preset time, a secret value corresponding to tag identity information in the authentication response information is obtained, and if the authentication response information fed back by the reader is not received in the preset time, authentication failure is judged, and communication with the reader is refused to be established.
S704: comparing the secret value corresponding to the tag identity information with the secret value of the tag;
in the method provided by the embodiment of the invention, the secret value corresponding to the tag identity information in the acquired authentication response information is compared with the secret value of the tag.
S705: and if the comparison is consistent, performing hash calculation on the tag identity information and the secret value of the tag by authenticating the reader and establishing communication with the reader and through a preset third hash calculation formula to obtain a new secret value of the tag, and updating the secret value of the tag to the new secret value of the tag.
In the method provided by the embodiment of the present invention, when the secret value corresponding to the tag identity information in the authentication response information is the same as the secret value of the tag itself, the reader is authenticated and communication with the reader is established, and hash calculation is performed on the tag identity information and the secret value of the tag itself according to a preset third hash calculation formula, where the third hash calculation formula is the same as the first hash calculation formula, and the new secret value calculated by the third hash calculation formula is the same as the new second secret value calculated by the first hash calculation formula.
The RFID authentication method provided by the embodiment of the invention comprises the steps of sending an authentication request to a reader when receiving a communication request sent by the reader, wherein the authentication request comprises a random number of the reader, label identity information and a secret value of a label, and a timestamp, obtaining the secret value corresponding to the label identity information in authentication response information when receiving authentication response information corresponding to the authentication request fed back by the reader, comparing the secret value corresponding to the label identity information with the secret value of the label, establishing communication with the reader through authentication of the reader if the comparison is consistent, updating the secret value of the label to a new secret value, and carrying out Hash calculation on the label identity information and the secret value of the label according to a preset third Hash calculation formula to obtain the new secret value. By applying the RFID authentication method provided by the embodiment of the invention, the reader is authenticated through the server, so that the reader cannot directly obtain the tag identity information and the secret value of the tag, and information leakage is avoided.
Corresponding to the method described in fig. 7, an embodiment of the present invention further provides an RFID authentication apparatus, which is used for specifically implementing the method in fig. 7, and the RFID authentication apparatus provided in the embodiment of the present invention may be applied to a tag, and a schematic structural diagram of the RFID authentication apparatus is shown in fig. 8, and specifically includes:
a third obtaining unit 801, configured to, when a communication request of a reader is received, obtain a reader random number in the communication request;
a second sending unit 802, configured to obtain a timestamp of the tag, tag identity information and a secret value of the tag, generate authentication request information according to the timestamp, the tag identity information and the secret value of the tag, and the reader random number, and send an authentication request to the reader based on the authentication request information;
a fourth obtaining unit 803, configured to obtain, when receiving authentication response information corresponding to the authentication request and fed back by the reader, a secret value corresponding to the tag identity information in the authentication response information;
a comparing unit 804, configured to compare a secret value corresponding to the tag identity information in the authentication response information with a secret value of the tag itself;
a second updating unit 805, configured to, if the comparison is consistent, perform hash calculation on the tag identity information and the secret value of the tag itself through authentication of the reader and establishment of communication with the reader and a preset third hash calculation formula, to obtain a new secret value of the tag, and update the secret value of the tag itself to the new secret value of the tag.
In the method provided by the embodiment of the present invention, the overall implementation of the RFID authentication method is described, as shown in fig. 9:
the method comprises the steps that a reader sends a communication request containing a reader random number generated at random to a tag, when the tag receives the communication request, the reader random number in the communication request is obtained, tag identity information, a secret value and a time stamp of the tag are obtained, authentication request information is generated according to the reader random number, the time stamp, the tag identity information and the secret value of the tag, and the authentication request information is sent to the reader.
When a reader receives an authentication request sent by a label, performing hash calculation on authentication request information in the authentication request to obtain a hash value of the authentication request information, performing modulo operation on the total number of servers acquired in advance by using the hash value of the authentication request information to obtain a first numerical value corresponding to the authentication request information, when a server serial number corresponding to the first numerical value exists in a requested server list, determining that authentication fails, finishing authentication, when a server serial number corresponding to the first numerical value does not exist in the requested list, using the first numerical value as a first server serial number of a request server, signing the hash value by using a reader private key to obtain signature information, obtaining a hash pointer pointing to a previous request transaction of the reader, and according to the first server serial number, the signature information, the hash pointer pointing to the previous request transaction, The authentication request information and the random number of the reader generate authentication request transaction, the authentication request transaction is connected to the latest transaction of the reader, and the authentication request transaction is broadcasted to each server;
when the server monitors the authentication request transaction of the reader, the server verifies whether the format of the authentication request transaction meets the requirements, namely, the server is firstly used for verifying the signature information in the authentication request transaction by using a reader public key corresponding to the reader, when the verification is passed, whether the authentication request transaction is the latest transaction of the reader is judged according to a pointer pointing to the last request transaction in the authentication request transaction, if so, the format of the authentication request transaction is judged to meet the requirements, and if the serial number of the first server in the authentication request transaction is judged to be consistent with the serial number of the server, whether label identity information corresponding to the authentication request information and the reader random number of the authentication request transaction and a secret value corresponding to the label identity information exist in a database are judged, if so, according to the label identity information in the database and the secret value corresponding to the label identity information, generating authentication response information, generating an authentication response transaction based on the authentication response information, broadcasting the authentication response transaction to a reader, acquiring the authentication response information in the authentication response transaction when the reader monitors the authentication response transaction corresponding to the authentication request transaction, packaging the authentication response information into an RFID protocol format and sending the RFID protocol format to a tag;
when the tag receives authentication response information sent by the reader, a secret value corresponding to the tag identity information in the authentication response information is obtained, the secret value corresponding to the tag identity information is compared with a secret value of the tag, when the comparison is consistent, the communication with the reader is established through the authentication of the reader, the hash calculation is performed on the tag identity information and the secret value of the tag through a preset third hash calculation formula, a new secret value of the tag is obtained, and the secret value of the tag is updated to be the new secret value.
It should be noted that, in the present specification, the embodiments are all described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments may be referred to each other. For the device-like embodiment, since it is basically similar to the method embodiment, the description is simple, and for the relevant points, reference may be made to the partial description of the method embodiment.
Finally, it should also be noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
For convenience of description, the above devices are described as being divided into various units by function, and are described separately. Of course, the functions of the units may be implemented in the same software and/or hardware or in a plurality of software and/or hardware when implementing the invention.
From the above description of the embodiments, it is clear to those skilled in the art that the present invention can be implemented by software plus necessary general hardware platform. Based on such understanding, the technical solutions of the present invention may be embodied in the form of a software product, which may be stored in a storage medium, such as ROM/RAM, magnetic disk, optical disk, etc., and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the method according to the embodiments or some parts of the embodiments.
The RFID authentication method and device provided by the present invention are described in detail above, and the principle and the implementation of the present invention are explained in detail herein by applying specific examples, and the description of the above examples is only used to help understanding the method and the core idea of the present invention; meanwhile, for a person skilled in the art, according to the idea of the present invention, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present invention.

Claims (9)

1. An RFID authentication method is applied to a server, and the method comprises the following steps:
when an authentication request transaction sent by a reader is monitored, verifying signature information in the authentication request transaction by using a pre-acquired reader public key corresponding to the reader;
when the verification is passed, acquiring a hash pointer pointing to the last request transaction in the authentication request transaction, and judging whether the authentication request transaction is the latest transaction of the reader or not according to the hash pointer pointing to the last request transaction; the reader stores a hash pointer of each transaction, and the current transaction must be connected to the latest transaction;
if the authentication request transaction is the latest transaction of the reader, acquiring a first server serial number in the authentication request transaction;
judging whether the first server serial number is consistent with the self serial number of the server;
if the authentication request information and the reader random number are consistent, acquiring the authentication request information and the reader random number in the authentication request transaction, and judging whether a label identity information corresponding to the authentication request information and the reader random number, a label identity information corresponding to the label identity information and a secret value corresponding to the label identity information exist in a pre-constructed database; the secret value is a first secret value or a second secret value, and a plurality of label identity information, and a first secret value and a second secret value corresponding to each label identity information are stored in the database;
if the authentication request information, the reader random number, the corresponding tag identity information and the secret value corresponding to the tag identity information exist in the pre-constructed database, judging whether the reader requests the same tag identity information and the secret value corresponding to the tag identity information;
if the reader does not request the same tag identity information and the secret value corresponding to the tag identity information, generating authentication response information according to the tag identity information and the secret value corresponding to the tag identity information, and generating an authentication response transaction corresponding to the authentication request transaction according to the authentication response information;
broadcasting the authentication response transaction to other servers and the reader, and updating a secret value corresponding to the tag identity information in the database according to a timestamp in the authentication request information;
the server and the reader communicate through a block lattice, and the block lattice is a directed acyclic graph data structure in a block chain technology;
the determining whether the reader has requested the same tag identity information and the secret value corresponding to the tag identity information includes:
the database of the server stores the requested tag identity information corresponding to the reader and the secret value corresponding to the tag identity information, if traversing the database, finding the tag identity information corresponding to the current authentication request information of the reader and the secret value corresponding to the tag identity information, and determining that the reader has requested the same tag identity information and the secret value corresponding to the tag identity; if the tag identity information corresponding to the current authentication request information of the reader and the secret value corresponding to the tag identity information are not found, determining that the same tag identity information and the same secret value corresponding to the tag identity information are not requested by the reader, and storing the tag identity information corresponding to the reader and the secret value corresponding to the tag identity information into the database;
the updating the secret value corresponding to the tag identity information in the database according to the timestamp in the authentication request information includes:
judging whether the secret value corresponding to the tag identity information is a second secret value in the database or not according to a timestamp in the authentication request information; if the secret value corresponding to the tag identity information is a second secret value in the database, performing hash calculation on the tag identity information and a second secret value corresponding to the tag identity information according to a preset first hash calculation formula to obtain a new second secret value, updating the second secret value into a new second secret value, and updating the first secret value in the database into the second secret value; and if the secret value corresponding to the tag identity information is not the second secret value, performing hash calculation on the tag identity information and the secret value corresponding to the tag identity information according to a preset first hash calculation formula to obtain a new second secret value, and updating the second secret value to the new second secret value.
2. The method of claim 1, further comprising:
when authentication response transactions of other servers are monitored, traversing the pre-constructed database, and judging whether label identity information corresponding to the authentication response transactions of the other servers and a secret value corresponding to the label identity information exist in the database;
and if the authentication response transaction does not exist, correspondingly updating the pre-constructed database according to the tag identity information in the authentication response transaction of the other server and the secret value corresponding to the tag identity information.
3. The method of claim 1, wherein before obtaining the authentication request information in the authentication request transaction, further comprising:
judging whether a hash pointer pointing to the last request transaction in the authentication request transaction is consistent with a hash pointer pointing to the last request transaction, which is stored in advance and corresponds to the reader;
if the two-flower attacks are consistent, the reader is judged to have the double-flower attack, and the authentication request transaction responding to the reader is refused.
4. An RFID authentication device, applied to a server, the device comprising:
the verification unit is used for verifying signature information in the authentication request transaction by using a pre-acquired reader public key corresponding to the reader when the authentication request transaction sent by the reader is monitored; the server and the reader communicate through a block lattice, and the block lattice is a directed acyclic graph data structure in a block chain technology;
the first judgment unit is used for acquiring a hash pointer pointing to the last request transaction in the authentication request transaction when the authentication is passed, and judging whether the authentication request transaction is the latest transaction of the reader or not according to the hash pointer pointing to the last request transaction; the reader stores a hash pointer of each transaction, and the current transaction must be connected to the latest transaction;
the first acquisition unit is used for acquiring a first server serial number in the authentication request transaction if the authentication request transaction is the latest transaction of the reader;
a second judging unit, configured to judge whether the first server serial number is consistent with a self serial number of the server;
a third judging unit, configured to, if the authentication request information and the reader random number are consistent, obtain authentication request information and a reader random number in the authentication request transaction, and judge whether a secret value corresponding to the tag identity information and tag identity information, corresponding to the authentication request information and the reader random number, exist in a pre-constructed database; the secret value comprises a first secret value or a second secret value, a plurality of label identity information, and a first secret value and a second secret value corresponding to each label identity information are stored in the database;
a fourth judging unit, configured to judge whether the reader has requested the same tag identity information and a secret value corresponding to the tag identity information if the authentication request information, the reader random number, the corresponding tag identity information, and the secret value corresponding to the tag identity information exist in the pre-established database;
a first generating unit, configured to generate authentication response information according to the tag identity information and a secret value corresponding to the tag identity information if the same tag identity information and a secret value corresponding to the tag identity information are not requested by the reader, and generate an authentication response transaction corresponding to the authentication request transaction according to the authentication response information;
the first updating unit is used for broadcasting the authentication response transaction to each server and the reader and updating the secret value corresponding to the tag identity information in the database according to the timestamp in the authentication request information;
the fourth determining unit is specifically configured to store, in a database of the server, requested tag identity information and a secret value corresponding to the tag identity information, which correspond to the reader, and determine that the reader has requested the same tag identity information and the same secret value corresponding to the tag identity if traversing the database and finding the tag identity information corresponding to the current authentication request information of the reader and the secret value corresponding to the tag identity information; if the tag identity information corresponding to the current authentication request information of the reader and the secret value corresponding to the tag identity information are not found, determining that the same tag identity information and the same secret value corresponding to the tag identity information are not requested by the reader, and storing the tag identity information corresponding to the reader and the secret value corresponding to the tag identity information into the database;
the first updating unit is specifically configured to determine, according to a timestamp in the authentication request information, whether the secret value corresponding to the tag identity information is a second secret value in the database; if the secret value corresponding to the tag identity information is a second secret value in the database, performing hash calculation on the tag identity information and a second secret value corresponding to the tag identity information according to a preset first hash calculation formula to obtain a new second secret value, updating the second secret value into a new second secret value, and updating the first secret value in the database into the second secret value; and if the secret value corresponding to the tag identity information is not the second secret value, performing hash calculation on the tag identity information and the secret value corresponding to the tag identity information according to a preset first hash calculation formula to obtain a new second secret value, and updating the second secret value to the new second secret value.
5. An RFID authentication method is applied to a reader, and the method comprises the following steps:
sending a communication request to the tag; the communication request comprises a reader random number which is randomly generated;
when an authentication request corresponding to the communication request fed back by the tag is received, acquiring authentication request information in the authentication request;
performing hash calculation on the authentication request information according to a preset second hash calculation formula to obtain a hash value of the authentication request information, and performing modulo operation on the hash value of the authentication request information and the total number of the servers obtained in advance to obtain a first numerical value; the first numerical value is a random numerical value, the total number of the servers is obtained when the reader is initialized, the reader realizes initialization and obtains information of each server and public and private key pair information of the reader through creation transaction, and the creation transaction is used for initializing block lattices and is the first transaction in the block lattices;
judging whether a server serial number corresponding to the first numerical value exists in a pre-constructed requested server list or not;
if the first numerical value does not exist, determining the first numerical value as a first server serial number, and storing the first server serial number into the requested server list;
signing the hash value of the authentication request information by using a preset reader private key to obtain signature information corresponding to the authentication request information and obtain a hash pointer pointing to the last request transaction of the reader;
generating an authentication request transaction corresponding to the authentication request according to the hash pointer pointing to the last request transaction, the authentication request information, the reader random number, the first server serial number and the signature information, and broadcasting the authentication request transaction to each server, wherein the generated authentication request transaction is connected to the back of the latest transaction of the reader;
judging whether an authentication response transaction corresponding to the authentication request transaction is monitored within a preset time;
if the authentication response transaction corresponding to the authentication request transaction is monitored within the preset time, extracting authentication response information in the authentication response transaction, and sending the authentication response information to the tag;
the server and the reader communicate through a block lattice, and the block lattice is a directed acyclic graph data structure in a block chain technology.
6. The method of claim 5, wherein the determining whether the authentication response transaction corresponding to the authentication request transaction is heard within a preset time further comprises:
and if the authentication response transaction corresponding to the authentication request transaction is not received within the preset time, sending the communication request to the tag again.
7. An RFID authentication device, applied to a reader, the device comprising:
a request unit for sending a communication request to the tag; the communication request comprises a reader random number which is randomly generated; the server and the reader communicate through a block lattice, wherein the block lattice is a directed acyclic graph data structure in a block chain technology;
the second acquisition unit is used for acquiring authentication request information in the authentication request when receiving the authentication request corresponding to the communication request fed back by the label;
the computing unit is used for carrying out Hash computation on the authentication request information according to a preset second Hash computation formula to obtain a Hash value of the authentication request information, and carrying out modular operation on the Hash value of the authentication request information and the total number of the servers obtained in advance to obtain a first numerical value; the first numerical value is a random numerical value, the total number of the servers is obtained when the reader is initialized, the reader realizes initialization and obtains information of each server and public and private key pair information of the reader through creation transaction, and the creation transaction is used for initializing block lattices and is the first transaction in the block lattices;
a fifth judging unit, configured to judge whether a server serial number corresponding to the first numerical value exists in a pre-constructed requested server list;
the storage unit is used for determining the first numerical value as a first server serial number if the first numerical value does not exist, and storing the first server serial number in the requested server list;
the signature unit is used for signing the hash value of the authentication request information by using a preset reader private key, obtaining signature information corresponding to the authentication request information and obtaining a hash pointer of the reader pointing to the last request transaction;
a second generating unit, configured to generate an authentication request transaction corresponding to the authentication request according to the hash pointer pointing to the last request transaction, the authentication request information, the reader random number, the first server serial number, and the signature information, and broadcast the authentication request transaction to each server, where the generated authentication request transaction is connected to a part behind a latest transaction of the reader;
a sixth judging unit, configured to judge whether an authentication response transaction corresponding to the authentication request transaction is monitored within a preset time;
and the first sending unit is used for extracting authentication response information in the authentication response transaction and sending the authentication response information to the tag if the authentication response transaction corresponding to the authentication request transaction is monitored within preset time.
8. An RFID authentication method applied to a tag, the method comprising:
when a communication request of a reader is received, a random number of the reader in the communication request is obtained; the server and the reader communicate through a block lattice, and the block lattice is a directed acyclic graph data structure in a block chain technology;
acquiring a timestamp of the tag, tag identity information and a secret value of the tag, generating authentication request information according to the timestamp, the tag identity information and the secret value of the tag and the random number of the reader, and sending an authentication request to the reader based on the authentication request information;
judging whether authentication response information corresponding to the authentication request fed back by the reader is received or not within preset time, and if the authentication response information corresponding to the authentication request fed back by the reader is received within the preset time, acquiring a secret value corresponding to the tag identity information in the authentication response information;
comparing a secret value corresponding to the tag identity information in the authentication response information with a secret value of the tag;
and if the comparison is consistent, performing hash calculation on the tag identity information and the secret value of the tag by authenticating the reader and establishing communication with the reader and through a preset third hash calculation formula to obtain a new secret value of the tag, and updating the secret value of the tag to the new secret value of the tag.
9. An RFID authentication device, for application to a tag, the device comprising:
the third acquisition unit is used for acquiring the random number of the reader in the communication request when the communication request of the reader is received; the server and the reader communicate through a block lattice, and the block lattice is a directed acyclic graph data structure in a block chain technology;
a second sending unit, configured to obtain a timestamp of the tag, tag identity information and a secret value of the tag, generate authentication request information according to the timestamp, the tag identity information and the secret value of the tag, and the reader random number, and send an authentication request to the reader based on the authentication request information;
a fourth obtaining unit, configured to determine whether authentication response information corresponding to the authentication request fed back by the reader is received within a preset time, and if the authentication response information corresponding to the authentication request fed back by the reader is received within the preset time, obtain a secret value corresponding to the tag identity information in the authentication response information;
the comparison unit is used for comparing a secret value corresponding to the label identity information in the authentication response information with a secret value of the label;
and the second updating unit is used for carrying out hash calculation on the tag identity information and the secret value of the tag through the authentication of the reader and the communication with the reader and a preset third hash calculation formula if the comparison is consistent, so as to obtain a new secret value of the tag, and updating the secret value of the tag into the new secret value of the tag.
CN201910462152.6A 2019-05-30 2019-05-30 RFID authentication method and device Active CN112019336B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910462152.6A CN112019336B (en) 2019-05-30 2019-05-30 RFID authentication method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910462152.6A CN112019336B (en) 2019-05-30 2019-05-30 RFID authentication method and device

Publications (2)

Publication Number Publication Date
CN112019336A CN112019336A (en) 2020-12-01
CN112019336B true CN112019336B (en) 2021-12-10

Family

ID=73501591

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910462152.6A Active CN112019336B (en) 2019-05-30 2019-05-30 RFID authentication method and device

Country Status (1)

Country Link
CN (1) CN112019336B (en)

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106656509A (en) * 2016-12-29 2017-05-10 深圳市检验检疫科学研究院 RFID alliance chain collaborative authentication method for monitoring harbor transport food
CN108376336A (en) * 2018-02-11 2018-08-07 思力科(深圳)电子科技有限公司 It is suitble to the RFID label chip and its control method of block chain application
CN108471351A (en) * 2018-06-27 2018-08-31 西南交通大学 Car networking certifiede-mail protocol method based on no certificate aggregate signature
WO2018213804A2 (en) * 2017-05-19 2018-11-22 Zest Labs, Inc. Process and condition recording and validation using a blockchain
CN109146024A (en) * 2018-07-26 2019-01-04 宁波大红鹰学院 Art work Anti-fake electronic label System and method for based on block chain
CN109190725A (en) * 2018-07-18 2019-01-11 中国科学院信息工程研究所 A kind of RFID mutual authentication method
CN109359836A (en) * 2018-09-29 2019-02-19 厦门艾欧特科技有限公司 A kind of wisdom building system based on block chain and RFID technique

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10984081B2 (en) * 2016-09-30 2021-04-20 Cable Television Laboratories, Inc. Systems and methods for secure person to device association

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106656509A (en) * 2016-12-29 2017-05-10 深圳市检验检疫科学研究院 RFID alliance chain collaborative authentication method for monitoring harbor transport food
WO2018213804A2 (en) * 2017-05-19 2018-11-22 Zest Labs, Inc. Process and condition recording and validation using a blockchain
CN108376336A (en) * 2018-02-11 2018-08-07 思力科(深圳)电子科技有限公司 It is suitble to the RFID label chip and its control method of block chain application
CN108471351A (en) * 2018-06-27 2018-08-31 西南交通大学 Car networking certifiede-mail protocol method based on no certificate aggregate signature
CN109190725A (en) * 2018-07-18 2019-01-11 中国科学院信息工程研究所 A kind of RFID mutual authentication method
CN109146024A (en) * 2018-07-26 2019-01-04 宁波大红鹰学院 Art work Anti-fake electronic label System and method for based on block chain
CN109359836A (en) * 2018-09-29 2019-02-19 厦门艾欧特科技有限公司 A kind of wisdom building system based on block chain and RFID technique

Non-Patent Citations (4)

* Cited by examiner, † Cited by third party
Title
"Implementation of IoT system using block chain with authentication and data protection";Chan Hyeok Lee; Ki-Hyung Kim;《2018 International Conference on Information Networking (ICOIN)》;20180423;全文 *
"基于云的RFID相互认证协议";陈萌萌; 董庆宽; 李璐璐;《密码学报》;20180615;全文 *
"基于区块链的物联网密钥协商协议";张佳妮; 何德彪; 李莉;《中兴通讯技术》;20181120;全文 *
Lin 1 C, Hsu H H, Cheng C Y."A cloud-based authentication protocol for RFID supply chain systems.Journal of Network and Systems Management".《Journal of Network and Systems Management》.2015, *

Also Published As

Publication number Publication date
CN112019336A (en) 2020-12-01

Similar Documents

Publication Publication Date Title
CN107993149B (en) Account information management method, system and readable storage medium
CN108900507B (en) Block chain real-name authentication method and system
CN107396360B (en) Block verification method and device
CN108197913B (en) Payment method, system and computer readable storage medium based on block chain
CN105897782B (en) A kind of processing method and processing device of the call request for interface
EP2465279B1 (en) Methods and devices for deriving, communicating and verifying ownership of expressions
US8910252B2 (en) Peer enrollment method, route updating method, communication system, and relevant devices
TWI659300B (en) Method and device for providing equipment identification
CN107547573B (en) authentication method applied to eSIM, RSP terminal and management platform
CN105791246B (en) Verification method, the apparatus and system of verification information
CN101867929A (en) Authentication method, system, authentication server and terminal equipment
CN111461720B (en) Identity verification method and device based on blockchain, storage medium and electronic equipment
CN108023881B (en) Application login method, device, medium and electronic equipment
WO2015055031A1 (en) Service data update method, system and server
CN110943840B (en) Signature verification method
US20190052632A1 (en) Authentication system, method and non-transitory computer-readable storage medium
CN111597537A (en) Block chain network-based certificate issuing method, related equipment and medium
CN111698204B (en) Bidirectional identity authentication method and device
CN114710362B (en) Identity authentication method and device based on block chain and electronic equipment
CN110213230B (en) network security verification method and device for distributed communication
CN112019336B (en) RFID authentication method and device
CN112651044B (en) Business transaction method, system and storage medium based on block chain technology
CN106912049B (en) Method for improving user authentication experience
CN111932326B (en) Data processing method based on block chain network and related equipment
CN115174122B (en) Verification code generation method, verification code verification method, device, equipment and medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant