An enhanced authentication scheme in mobile RFID system

The popularization of wireless networks and mobile applications has increased the importance of RFID technologies. However, since wireless networks does not guarantee transmission channel security, putting private user information at risk for unintentional disclosure. Previous research has introduced a security mechanism to provide privacy and authentication. This mechanism is based on quadratic residue, does not require a secure channel and fits EPC Class-1 Gen-2 specifications. However, this mechanism cannot resist replay attacks, and lacks an efficient means of its server is not able to find determining validating values, making it difficult to implement. This paper proposes an improvement scheme that uses virtual IDs and time parameters. It does not need a secure channel, fits EPC Class-1 Gen-2 specifications, is resistant to replay attacks, and can efficiently find validation information. The proposed scheme is applied to mobile devices as a proof of concept for use in wireless/mobile RFID systems.