Anonymous RFID auth

What I mean: an eavesdropper can't trace (identify) a card, unless he have access to enrollment data.

The trick is that the card uses an host-derived ID till a longer-term secret can be safely used. That longer-term secret is a block of data (a "blob", for the server), encoded under a static symmetric key that never leaves the card (unless exported), that contains a (salted) hash of the server's public key and the card's private key for this server.

Protocol draft:

1. Host asks card to auth sending a first nonce N1
2. Card generates a session keypair and answers with pubkey and another nonce N2
3. Host computes N3 as H(N1||N2), then sends its pubkey (considered its identity) and N3 signed by its seckey and encrypted by card's pubkey
4. Card verifies N3 and answers with its temporary identity TID=H(N3||H(real_identity||hostpubkey)) encrypted under hostpubkey
5. Host can now lookup the (N3-salted) TID in its DB and send the card's blob
6. Card decodes the blob, checks that the public key matches the one used at step 3 and then answers by signing N3 with the private key it got from the blob
7. Host checks signature on N3 and accepts auth

A MITM can have access to N1 and N2 (so to N3 too). But he won't be able to obtain TID (it's encrypted under hostpubkey). If he uses a different keypair, he'll get an always different TID and tracking a card will be impossible.

A drawback is that this system requires that the server keeps H(real_identity||hostpubkey) in plaintext to be able to check it.