Journal of Communications
Many RFID authentication protocols have been developed in recent years. However, most require the reader to search all tags in the system to identify a single tag. This problem makes the protocols impractical in large-scale RFID deployments. To address this problem, the authors propose a privacy-preserving mutual authentication protocol for RFID systems with constant-time identification, based on quadratic residue. Furthermore, the validity period of each tag is stored in the database so the reader can revoke an expired tag. Formal security proof shows the proposed protocol has no obvious design defects.